1 |
On 2021-09-26 21:20, Rich Freeman wrote: |
2 |
|
3 |
> Back in the PGP ITAR days I believe somebody went through some |
4 |
> loopholes to publish the software outside the US, |
5 |
|
6 |
Yes, PGP 2.6 source code got published as an OCR-friendly book |
7 |
(https://dl.acm.org/doi/book/10.5555/207390) which was then legally |
8 |
taken from the US abroad. |
9 |
|
10 |
> and it is probably debatable whether that was legal under US law, |
11 |
|
12 |
I am no expert on US law but from what I have read (in many different |
13 |
sources, with me having begun using PGP in either late 1996 or early |
14 |
1997 i.e. when it was still very much subject to US export restrictions) |
15 |
about this case, both the publishing of the source-code book and it |
16 |
having subsequently been taken out of the country has been legal - the |
17 |
former due to publishing the first amendment and the second due to the |
18 |
scope of ITAR as far as crypto software was concerned. |
19 |
|
20 |
> but presumably the people who did it didn't care, and enforcement was |
21 |
> unlikely at all, and especially unlikely if you didn't have plans to |
22 |
> visit the US after bragging about distributing it. |
23 |
|
24 |
I don't know if Ståle Schumacher (the person who scanned the book and |
25 |
subsequently published "international" versions of PGP 2 in Norway) ever |
26 |
visited the US afterwards. On the other hand the source-code book |
27 |
itself, the purpose of which was rather clear given it even contained |
28 |
notes on how to OCR it, was written by a US person (Phil Zimmermann |
29 |
himself) and published by a US company (MIT Press) - so I am not quite |
30 |
convinced they either thought they would be our of reach of US law |
31 |
(indeed, wasn't PRZ still being persecuted by US Customs at the time?), |
32 |
or didn't care. |
33 |
|
34 |
|
35 |
Not that any of this changes the point you have tried to make regarding |
36 |
due diligence, mind you. |
37 |
|
38 |
-- |
39 |
Marecki |