[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] U.S.: BXA Unrestricted Encryption Source Code ?
- To: krypto@thur.de
- Subject: [FYI] U.S.: BXA Unrestricted Encryption Source Code ?
- From: "Axel H Horns" <horns@t-online.de>
- Date: Thu, 6 Jan 2000 11:25:20 +0200
- CC: debate@fitug.de
- Comment: This message comes from the debate mailing list.
- Organization: PA Axel H Horns
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
http://cryptome.org/bxa121799.htm
------------------------------- CUT ---------------------------------
5 January 2000
Source: http://www.steptoe.com/webdoc.nsf/Files/regs/$file/regs.pdf
"Revised Draft of the BXA's Proposed Encryption Regulations," 17
pages. Stewart Baker, with Steptoe and Johnson (document source), is
a member of the President's Export Council Subcommittee on Encryption
(PECSENC). This is a note on the document from a newletter by Steptoe
dated January 5, 2000:
The Bureau of Export Administration (BXA) has released a revised
draft of its proposed new encryption regulations to selected industry
groups for comment. The new draft incorporates several significant
further liberalizations, including changes to the definitions of the
terms "retail," "government," and "open cryptographic application
programming interfaces (CAPIs)," a relaxation of restrictions on the
export of source code, and other revisions to the export reporting
requirements and review process. BXA has said that its goal is to
release new regulations by January 14, 2000, after incorporating
public comments on the attached draft.
[Note: the first page is headed "DRAFT - 12/10/99;" all other pages
are headed "DISCUSSION DRAFT II - 12/17/99." No other identification
on the document. Type style as in the original.]
This is the revised version of the November 19 discussion draft. The
November 19 draft laid out elements of the encryption export
regulation which will implement the new policy announced on September
16, 1999. This draft reflects the various comments received on the
first draft. There are substantial changes in the sections dealing
with source code, retail products, reporting requirements, and the
definition of governments and open cryptographic interfaces. There is
a new section clarifying the requirements for exports to
telecommunications and internet service providers and on screening
internet ales to government end-users. Our new goal is publication of
the actual regulation by January 14, 2000. Comments are welcome and,
as before, should be sent to jlewis@bxa.doc.gov.
[...]
(e) Unrestricted Encryption Source Code
(1) Encryption source code controlled under 5D002 which would be
considered publicly available under Section 734.3(b)(3) and which is
not subject to an express agreement for the payment of a licensing
fee or royalty for further commercial production or sale of any
product developed with the source code is released from EI controls
and may be exported or re-exported without review under License
Exception TSU, provided you have submitted written notification to
BXA of the Internet address (e.g. URL) or a copy of the source code
by the time of export. Submit the notification to BXA and send a copy
to ENC Encryption Request Coordinator (see Section 740.17(g)(5) for
mailing addresses).
(2) You may not knowingly export or re-export source code or products
developed with this source code to Cuba, Iran, Iraq, Libya, North
Korea, Sudan or Syria.
(3) Posting of the source code on the Internet (e.g., FTP or World
Wide Web site) where the source code may be downloaded by anyone
would not establish "knowledge" as described in subparagraph (2) of
this section. In addition, such posting would not trigger "red flags"
necessitating the affirmative duty to inquire under the "Know Your
Customer" guidance provided in Supplement No. 3 to Part 732.
[...]
------------------------------- CUT ---------------------------------