US Export Cryptography Restrictions

    While sourceforge is hysterical , let's read US laws on export restrictions. For example, ECCN 5D002 , about which everyone heard, but no one read.

    The United States allows export of software without restrictions and review if all of the following points are met:
    • Code subject to export restrictions ECCN 5D002
    • The code is publicly available
    • Notification sent to US Government's Bureau of Industry and Security (BIS)

    Open source programs automatically fall under the second paragraph. But what is point number one? Now let's try to figure it out.
    Its action includes:
    • Software intended for the development, modification or any other use of the software from this list ; or
    • Software with a symmetric cipher longer than 56 bits; or
    • Software with an asymmetric cipher, using decomposition of an integer into prime factors with a key length of more than 512 bits (for example, RSA); or software using discrete logarithm calculations over a finite field or other operations on discrete algorithms with a key length of more than 112 bits (for example, elliptic curves).
    • Cryptanalysis software.

    It is expressly agreed that packaging and coding are not subject to this act.
    3. “Cryptography” does not include “fixed” data compression or coding techniques.

    Hash functions are not cryptographic algorithms with symmetric / asymmetric keys in general, therefore they are not even considered.

    Of the publicly available software, after such filtering, American browsers remain, in which these restrictions have always been special software like TrueCrypt.
    More can be read on apache.org .

    Also popular now: