Re: Crypto Exporting..

aaron,

Not quite enough info. If you use existing encryption features found in many
off-the-shelf products, there is no issue. For instance, Microsoft Outlook
can be configured to use 128-bit SSL, which is interoperable globally. In
this case, the exporter is Microsoft, and they have the necessary approvals.

All you really need to do is verify the interoperability of the version ofa
manufacturers software sold in the countries involved, then purchase the
encryption software in the respective country.

If you intend to export "custom" software that *actually performs* the
encryption, you must either notify Department of Commerce, or get their
approval. As for importing such software, neither the US nor the UK have any
restrictions that I am aware of.

From http://en.wikipedia.org/wiki/Export_of_cryptography

"Cryptography exports from the U.S. are now (as of 2006) controlled by the
Department of Commerce's Bureau of Industry and Security. Some restrictions
still exist, even for mass market products, particularly with regard to
export to "rogue states" and terrorist organizations. Militarized encryption
equipment, TEMPEST-approved electronics, custom cryptographic
software,[citation needed] and even cryptographic consulting services still
require an export license. Many items must still undergo a one-time review
by or notification to BIS prior to export to most countries. For instance,
the BIS must be notified before open-source cryptographic software is made
publicly available on the Internet, though no review is required.[2] Export
regulations have been relaxed from pre-1996 standards, but are still
complex, and often require expert legal and cryptographic consultation.
Other countries, notably those participating in the Wassenaar Arrangement,
have similar restrictions."

Allan

--
One asks, many answer, all learn -- Plato, on the 'Forum
---
True civility is when every one gives to every other one every right
that they claim for themselves.

<aaronweissman1@xxxxxxxxx> wrote in message
news:50ad4fd5-7612-43b9-8644-380df478ab97@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Are there any legal issues with using crypto to secure communications
for my small company based in the US and a branch in the UK? Any
export implications I need to be aware of, or any import regulations I
need to be aware of in the UK?

Thanks..


.

Relevant Pages

  • Alert: Microsoft Security Bulletin - MS03-003
    ... Administrators of Microsoft Outlook 2002 systems using V1 Exchange Server Security certificates for encryption should apply the patch immediately. ...
    (NT-Bugtraq)
  • Re: is pptp via VPN secured ?
    ... products containing strong encryption. ... encryption import countries' ... have an enterprise CA, which issued the machine certificates for the VPN, ...
    (microsoft.public.windows.server.networking)
  • Re: Newsgroup filtering with host server software
    ... up an SSL mail server on a odd port, the authorities in thouse countries ... access an SSL-encrypted mail server back at company headquarters. ... I use heavy encryption when I go to China to broadcast ...
    (comp.security.firewalls)
  • Why do encryption laws exist?
    ... I got to thinking about this subject, why encryption laws exist. ... truth is I can only find one reason for governments to maintain ... The only real purpose it may serve is some countries that want to keep ...
    (sci.crypt)
  • Re: Why do encryption laws exist?
    ... truth is I can only find one reason for governments to maintain ... not to mention a lot of laws written don't cover ... So who does an encryption law prevent from getting a strong encryption ... The only real purpose it may serve is some countries that want to keep ...
    (sci.crypt)