Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the current status of cryptography export restrictions? [closed]

Tags:

cryptography

encryption

Let's say I want to add some basic encryption capabilities to my application (without making it the application's primary purpose) - for example, using public-key cryptography to encrypt/sign private messages in a video game. Should I be worried about export restrictions (mainly in the US)? Is there a limit to how "strong" the encryption can be?

like image 352
Vladimir Panteleev Avatar asked Mar 17 '11 01:03

Vladimir Panteleev

2 Answers

According to this article:

On June 25, 2010, the Department of Commerce’s Bureau of Industry and Security (BIS) published a notice in the Federal Register implementing substantial and far-reaching amendments to controls of encryption software and hardware under the U.S. Export Administration Regulations (EAR). These changes were originally announced in early May, and mark the first step in the Obama Administration’s efforts toward reform of U.S. export controls intended to expand access for U.S. exporters to foreign markets.

...

Decontrolling Ancillary Cryptography Products

This amendment to the regulations incorporates changes adopted in December at meetings of the Wassenaar Arrangement. Previously, exporters were permitted to self-classify most ancillary cryptography items (i.e., items, such as video games, that use encryption but where the encryption is ancillary to the item’s main purpose) as ECCN 5D002. Such items could then be exported immediately using License Exception ENC. Certain other ancillary cryptography items were classified under ECCN 5D992, and were eligible for export to most destinations other than Cuba, Iran, North Korea, Sudan, and Syria.

The new regulations effectively decontrol ancillary cryptography products. Specifically, the regulations add a note to Category 5 of the Commerce Control List stating that such items will no longer be controlled on the basis of their cryptographic functionality. Rather, ancillary cryptography items will be controlled under whatever other ECCN is applicable to the item. In many cases, such items will likely be classified as EAR99.

(emphasis added)

So, it looks like video games are off the hook as far as US is concerned.

like image 76
Vladimir Panteleev Avatar answered Oct 21 '22 02:10

Vladimir Panteleev

The Crypto Law Survey is a good, comprehensive resource.

like image 27
caf Avatar answered Oct 21 '22 02:10

caf
Sign in to Comment

Related questions

Can't decrypt RSA data with open SSL
iOS: How to intercept and manipulate bytes in AVPlayer
Preserve API key integrity with Travis-CI build-notification hooks in a public repository
Text deciphering, letter frequency based approach (questions about cost function)
PBE AES_256 encryption incompatible between java 8 u65 and u71
EncryptedXml DecryptDocument method error after .Net framework update
InvalidKeyException: Only SecretKey is supported
How to secure Intent data while sending it across applications
Encrypt & Decrypt querystring values using AES 256
Authenticate and sign HTTP request
Symmetric integer to integer encryption
HTML5 offline authentication
JWT web token encryption - SecurityAlgoritms.HmacSha256 vs SecurityAlgoritms.HmacSha256Signature
How to encrypt each soap request in php
How can i encrypt query string parameters in ASP.NET website? [duplicate]
Android Retrofit AES encrypt/decrypt POST and Response
Android: Store SecretKey in KeyStore
Get encrypted column name with their encryption key and certificate in sql server
Using machine keys for IDataProtector - ASP.NET CORE
Safely storing passwords when access to the plaintext is still needed [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!