Re: PLEASE HELP - How do I include OpenSSL in my code? <OT: Cryptographic laws>
- From: roberson@xxxxxxxxxxxxxxxxxx (Walter Roberson)
- Date: Sun, 14 May 2006 00:21:00 +0000 (UTC)
In article <slrne6c9l9.5vd.apoelstra@xxxxxxxxxxxxxxxxxxxxx>,
Andrew Poelstra <apoelstra@xxxxxxxxxxxxxxxxxxxxx> wrote:
Also, if you understood basic import/export cryptography laws, those
warnings would be warnings and you'd know how to avoid legal issues.
For example, there are no laws barring export between the US and
Canada that I know of, but to transfer cryposystems overseas you must
not use an electronic form.
There *are* laws controlling the export of cryptography from the US to
Canada. Those laws happen to say something on the order of, "providing
these conditions are met, no export permit is required" to export to
Canada, and that "providing these conditions are met, there is an
automatic export permit" to a small number of other countries. The
catch is in the "these conditions are met" portion.
For example, if a citizen of one of the six or so designated "hostile
countries" manages to legally reach the USA, then that citizen may
freely use strong cryptography *within the USA*, and that foreign
citizen may buy books, attend lectures, enter a cryptography PhD
program and so on -- as long as that foreign citizen does not -export-
the cryptographic programs.
I, a Canadian citizen, can buy and utilize US-originated strong
encryption programs within Canada (or to the USA or the other select
countries). However, the way the US export laws are written, if the
strong encryption program had been exported from the USA, then I [in
Canada] could not permit that same foreign citizen from using my copy
of the program, not even just to communicate within Canada between they
and I.
Now, it happens that some of our employees are from one of those
designated countries; and I am not permitted to discriminate against
any employee based upon country of origin, so my choice was effectively
to either be careful only to use cryptography that did not originate in
the USA, or else to not make cryptographic services routinely available
to any of our employees.
I did raise this point with our corporate security people at one point;
they believed that there was an exemption covering the situation, but
they did not have any justification available for such an exemption; I
gather that they casually asked someone who works for A Four Letter
Acronym {Three Letter Acronyms are for the USA ;-) } and were casually
told it wasn't a problem. (I preferred a stronger reassurance...)
--
All is vanity. -- Ecclesiastes
.
- References:
- PLEASE HELP - How do I include OpenSSL in my code?
- From: cpptutor2000@xxxxxxxxx
- Re: PLEASE HELP - How do I include OpenSSL in my code?
- From: Martin Ambuhl
- Re: PLEASE HELP - How do I include OpenSSL in my code? <OT: Cryptographic laws>
- From: Andrew Poelstra
- PLEASE HELP - How do I include OpenSSL in my code?
- Prev by Date: Re: Pragma
- Next by Date: Re: Writting Pluggins
- Previous by thread: Re: PLEASE HELP - How do I include OpenSSL in my code? <OT: Cryptographic laws>
- Next by thread: Re: PLEASE HELP - How do I include OpenSSL in my code?
- Index(es):
Relevant Pages
|
|
