Xref: utzoo comp.sys.ibm.pc:47305 misc.legal:16417 Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!uakari.primate.wisc.edu!ames!dftsrv!mimsy!mojo!dank From: dank@eng.umd.edu (Daniel R. Kuespert) Newsgroups: comp.sys.ibm.pc,misc.legal Subject: Re: PKZIP version 1.10 and data encryption Message-ID: <1990Mar28.035417.6496@eng.umd.edu> Date: 28 Mar 90 03:54:17 GMT References: Sender: news@eng.umd.edu (The News System) Organization: Maryversity of Uniland, College Park Lines: 28 In article w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: >Bill, it is true that PKWare's PKPAK, SEA's ARC, and NoGate's PAK all >contain encryption technology. It may become necessary for SIMTEL20 >and other Internet hosts in USA and Canada to delete these programs >from public download areas. Taken to the extreme, all BBS operators >in USA and Canada may be inviting legal trouble by offering ANY >program which encrypts or decrypts data if there is any chance that >someone from another country might call and download the file. > >This is a real can of worms which I intend to let others resolve. >It may take some federal legislation to resolve this. Does the Gov't (Federal Trade Commission?) bar transfer of _all_ data encryption programs across the US border? I knew of the proscription against exporting software which implements the Data Encryption Standard algorithm, but a ban on all data encryption software could easily reach ludicrous heights. After all, ROT13 encoding is a simple Caesar cipher, so by one interpretation of such a ban, rn, tr, awk, sed, and lots of other standard programs implement data encryption. The Snefru one-way hash function recently released by Xerox (?) is another, more significant development; since it's been incorporated into the comp.sources.unix program validator, that code could easily have left the US already. Daniel R. Kuespert, Grand Curmudgeon of the Poo-Bah Lodge Chemical Process Systems Laboratory University of Maryland, College Park, MD dank@eng.umd.edu