I earlier posted a message which quoted a well-informed Netizen who
claimed that the new US Federal ERA regs (which transfer control of many
encryption exports from the U.S. Dept. of State to the U.S. Commerce Dept)
now explicitly forbid the unlicensed export of software "designed or
modified to protect against malicious computer damage, e.g., viruses"
(c.3., below)
Tell the truth, I couldn't quite believe they had done it! (A
whole new _class_ of export controls? Over very basic computer security
tech, so vaguely described? Tucked into into the fine print of a
regulatory rewrite which the Administration has widely touted as a
"compromise" with market-hungry US Industry and concerned compsec
professionals!?! And with the DC rumor mill full of claims that the
heavy-handed ERA language reflected the FBI's ambitions for a domestic GAK
bill, not the NSA/DoD's spooky Infowar concerns.)
Also, the fact that I had posted a citation of such import without
having dug up the original doc myself bothered me. So, in the wee hours, I
arose from my snug bed, kicked the sleeping PC awake, and burrowed into the
Federal Register... hunting (as it turned out) for Supplement No. 2 to Part
774 of the ERA: "General Technology and Software Notes."
(Please note that American citizens and U.S. firms and
organizations have but _ten_ days left, see below, to submit their comments
on this "Interim Final Rule" -- which already has the force of Law -- to
Commerce and their Congressfolk. E-mail, phone, and fax numbers for US
Senators and Congressmen are at: <http://www.visi.com/juan/congress> You
might prefer to write a brief note for the US Mail; less than half the
members of the US Congress have e-mail addresses. Which perhaps explains a
little about how this silliness could happen;-)
Here's the source code, so to speak:
<<begin quote>>
List of Items Controlled
Unit: $ value
Related Controls: NA
Related Definitions: N/A
Items:
a. ``software'' specially designed or modified for the
``development'', ``production'' or ``use'' of equipment or ``software''
controlled by 5A002, 5B002 or 5D002.
b. ``Software'' specially designed or modified to support
``technology'' controlled by 5E002.
c. Specific ``software'' as follows:
c.1. ``Software'' having the characteristics, or performing or
simulating the functions of the equipment controlled by 5A002 or 5B002;
Note: 5D002.c.1 includes controls key escrow encryption software
transferred from the U.S. Munitions List following a case-by-case
determination by the Department of State through the commodity
jurisdiction procedure. See Sec. 742.15 of the EAR.
c.2. ``Software'' to certify ``software'' controlled by 5D002.c.1;
c.3. ``Software'' designed or modified to protect against malicious
computer damage, e.g., viruses;
Note: 5D002 does not control:
a. ``Software'' required'' for the ``use'' of equipment excluded
from control under the Note to 5A002.
b. ``Software'' providing any of the functions of equipment
excluded from control under the Note to 5A002.
<<end list; end quote>>
__Below: Info Header of the Document as Published__
[Federal Register: December 13, 1996 (Volume 61, Number 241)]
[Rules and Regulations]
[Page 65642-65467]
>From the Federal Register Online via GPO Access [wais.access.gpo.gov]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
Bureau of Export Administration
15 CFR Parts 734, 740, 742, 762 and 774
[Docket No. 960918265-6296-02]
RIN 0694-AB09
Licensing of Key Escrow Encryption Equipment and Software
AGENCY: Bureau of Export Administration, Commerce.
ACTION: Interim final rule.
-----------------------------------------------------------------------
This interim final rule amends the Export Administration
Regulations (EAR) by imposing national security controls on Key escrow
information security (encryption) equipment and software transferred
from the U.S. Munitions List to the Commerce Control List following a
commodity jurisdiction determination by the Department of State.
This interim final rule also amends the EAR to exclude key escrow
items from the de minimis provisions for items exported from abroad and
to exclude key escrow encryption software from mass market eligibility.
Further, key escrow encryption software is subject to the EAR even when
made publicly available.
DATES: Effective date. This rule is effective December 13, 1996.
Comment date: Comments, should be submitted on or before January 13,
1997.
ADDRESSES: Written comments should be sent to Nancy Crowe, Regulatory
Policy Division, Office of Exporter Services, Bureau of Export
Administration, Room 2705, 14th Street and Pennsylvania Avenue, N.W.,
Washington, D.C. 20230.
--------------------------------------------------------------------------
<<Please forgive the imposition of such a lengthy post on the List. It seemed
important enough to warrant the burden on your bandwidth... and, trust me,
you don't want to go dig it out of the FedReg yourself, if you can avoid it.>>
Suerte,
_Vin
Vin McLellan + The Privacy Guild + <vin @
shore .
net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
Follow-Ups:
|
|
