Subject: Re: New encryption regulations
From: Ben_Tilly@trepp.com
Date: Thu, 13 Jan 2000 11:01:18 -0500


Frank Hecker wrote:
[...]
>Yes. To start with, 740.13(e) applies only to source code. I don't see
>anything in the regulations which gives special dispensations to
>binaries generated from such code, so if you wanted to host compiled
>binaries on your (U.S.) site  along with the source code, then I believe
>you would have to formally apply to BXA and request classification of
>your software; based on the results of that request you might be able to
>export the binaries under the ENC license exception (e.g., using
>740.17(a)(2) or 740.17(a)(3), depending on whether the products get
>"retail" status or not). However you might have to implement access
>controls on the binaries beyond what you have on the source code, for
>example to prevent download requests from "government end-users" and the
>"T7" nations (North Korea, Iran, Iraq, etc.)
[...]

Two questions.

1) What happens if the encryption code is written in an interpreted
language like Perl.  Now the source-code is the equivalent of your binary.

2) CPAN has a well-established tradition of hosting source-code with
configuration scripts to write makefiles.  If you have appropriate
compilers et al available (trivial in the Linux world) then automated
scripts exist to get what you want, download, create make file, compile,
test it, and (if all went well) install.

And a point from a co-worker that I find interesting...


"Stay the same?  No, quite worse, I would think: at least when open source
was not specifically mentioned, you have a shot at letting a court clarify
and extend the law through judicial process.  But when the legislative
branch closes the loopholes by specifically mentioning open source and
acknowledging awareness and applicability of the law to open source,
goodbye judicial route...."

Somehow I am not as happy now as I was 2 hours ago. :-(

Ben