larry@kitty.UUCP (Larry Lippman) (10/25/86)
In article <8455@sun.uucp>, guy@sun.UUCP writes: > ... > 3) I don't think the federal government said, with a full understanding of > what they were saying, "thou shalt not export 'crypt' nor versions of 'ed' > nor 'vi' with the encryption code built in, nor shalt thou export the UNIX > system's DES password encryption code in a fashion that permits people to > use it to encrypt files." It's more likely that there is a general > regulation about the export of encryption technology, and rather than go > through the hassle of trying to get an export license for this stuff, AT&T > just punted and said "OK, we won't bother exporting this stuff in a form > that requires a license." Does anybody have the *real* story? Here is MY understanding of the story, which seems reasonable to believe: The present export controls which _specifically_ mention the category of encryption devices did not come to pass until the 1950's. Prior to 1950, this was a moot point, since there was just no possible way for anyone other than the U.S. government to get their hands on any encryption hardware. It is my understanding that prior to 1950, all telegraphic encryption devices were either built by the U.S. Army Signal Corps, or built by them in direct conjunction with Western Electric. During the 1950's and the "Cold War", rigid export controls were established, and an encryption device was defined as a piece of _hardware_ that could perform encryption functions for telegraphic data or voice. Encryption devices were considered to be "military munitions list items" insofar as the U.S. Dept. of State and export controls were concerned. There was no general concept of "software" (as we consider it today) during the 1950's. This definition and category has never changed since the 1950's. A computer SHIPPED WITH crypt(1) constitutes an "encryption device". A computer shipped separately and with no obvious connection with encryption software does NOT constitute an encryption device, and is therefore exempt from this export prohibition (but the computer may be restricted from export for OTHER reasons - but we are not discussing "high technology" export restrictions here). Software, sold alone and with no obvious connection to a particular computer does NOT (under present definitions) constitute an "encryption device", and is therefore exempt from any export controls. HOWEVER, AT&T, DEC, and other vendors cannot clearly separate the hardware from that of crypt(1) software in a manner sufficient to avoid any possible hassle with the U.S. Department of State - so they have chosen to "avoid the hassle" and simply make crypt(1) unavailable for export. In the _particular_ case of the UNIX operating system and crypt(1), this alleged restriction seems rather silly to me - but who am I to question AT&T, DEC or the U.S. Department of State??? ==> Larry Lippman @ Recognition Research Corp., Clarence, New York ==> UUCP: {allegra|decvax|rocksanne|rocksvax|watmath}!sunybcs!kitty!larry ==> VOICE: 716/688-1231 {hplabs|ihnp4|seismo|utzoo}!/ ==> FAX: 716/741-9635 {G1,G2,G3} "Have you hugged your cat today?"
shah@argus.UUCP (Sanjeev Shah) (10/25/86)
In article <1378@kitty.UUCP>, larry@kitty.UUCP (Larry Lippman) writes: > A computer SHIPPED WITH crypt(1) constitutes an "encryption device". > A computer shipped separately and with no obvious connection with encryption > software does NOT constitute an encryption device, and is therefore exempt > from this export prohibition (but the computer may be restricted from export > for OTHER reasons - but we are not discussing "high technology" export > restrictions here). Software, sold alone and with no obvious connection > to a particular computer does NOT (under present definitions) constitute an > "encryption device", and is therefore exempt from any export controls. > HOWEVER, AT&T, DEC, and other vendors cannot clearly separate the > hardware from that of crypt(1) software in a manner sufficient to avoid any > possible hassle with the U.S. Department of State - so they have chosen to > "avoid the hassle" and simply make crypt(1) unavailable for export. > In the _particular_ case of the UNIX operating system and crypt(1), > this alleged restriction seems rather silly to me - but who am I to question > AT&T, DEC or the U.S. Department of State??? > > ==> Larry Lippman @ Recognition Research Corp., Clarence, New York > ==> UUCP: {allegra|decvax|rocksanne|rocksvax|watmath}!sunybcs!kitty!larry > ==> VOICE: 716/688-1231 {hplabs|ihnp4|seismo|utzoo}!/ > ==> FAX: 716/741-9635 {G1,G2,G3} "Have you hugged your cat today?" I used to work on Codata 3300 (68000 based) Unix machine in India, and the Unix was a port by UniSoft (Version 7). This was back in 1983-84 and we certainly did have crypt(1) on that version. I remember UniSoft's disclaimer to any files stored as crypted. -- Sanjeev Shah New Jersey Institute of Technology Electronic Information Exchange System II Newark, NJ 07102 njbell: W(201)596-3426 H(201)485-8965 arpa: argus!shah@bellcore.arpa uucp: ...ihnp4!allegra!bellcore!argus!shah ...{seismo!topaz!caip,allegra!princeton}!andromeda!argus!shah