Page 1 of 1
current 56bit DES export ?
Posted: Sat Jun 03, 2006 3:11 pm
by corruptRSS
I've read the posts from the previous years and am looking for someone that has some firsthand current information or links regarding the current situation for export of DES. The /\/\ /ebay statement on ebay states that the ATF is responsible for enforcement and procedure, however after hours on numerous .gov sites I seem to be no farther that when I started. Any solid info or links would be greatly appreciated.
thanks
jack
Posted: Sat Jun 03, 2006 4:39 pm
by AEC
The ATF does not handle import/export of encryption devices, nor do they control it this is handled by U.S customs, and there are no longer any restrictions on the export of DES encryption to any 'friendly' nations, but AES IS a controlled munitions listed item and can NOT be exported, not even to 'friendly' nations....as I am aware of at least.
I may be wrong on exactly who is in control, but I am pretty certain it is NOT the ATF, it's not in their realm of 'expertise' as they are, of course, the Alcohol, Tobacco and Firearms agency..
I sure will not go into my dissertation of this despotic agency at this time.
I remember those pretty orange stickers that were adhered to all the encryption devices we got in...Listed as a 'Controlled Munitions' item and required an export license.
Not required for DES, 56-bit encryption, but for higher levels, I'm quite certain there will be restrictions well entrenched.
Posted: Sun Jun 04, 2006 4:34 am
by mr.syntrx
I'll start off by saying I am not a laywer. This is not legal advice, etc etc etc.
Cryptographic products are classified as munitions by the Wassenaar Arrangement, to which the USA is a signatory. This probably explains Motorola's false thinking that the BATF is reponsible for policing cryptographic exports
Such policies are against the interests of consumers and the business community, are largely irrelevant to issues of military security, and provide only a marginal or illusory benefit to law enforcement agencies, but that's a debate for another forum.
Export of cryptographic products from the USA is handled by the Bureau of Industry and Security:
http://www.bis.doc.gov/Encryption/Default.htm
Anyway, DES and AES are both exportable to pretty much anywhere, except the Axis of Evil nations like Iran, Libya, Cuba etc.
Posted: Sun Jun 04, 2006 4:44 am
by corruptRSS
thanks for the above.
I have seen this from a previous post:
The U.S. Department Of Commerce provides the Export Controls classifications known as ECCNs, anyway DES and DES-XL are classified as 5A992 NR for Hardware and 5D992 NR for Software for Securenet Products. Generally most if not all Crypt being exported to the off shore overseas approved country list receive the DVI-XL Encryption. I can remember that Iran, Iraq, Syria are on the no sell list but there are about 4 or 5 other countries that can not be sold this type of encryption.
Anyone know if these ECCNs are still valid ?
jack
Posted: Sun Jun 04, 2006 5:55 am
by corruptRSS
from the faq here:
http://www.bis.doc.gov/Encryption/EncFAQs6_17_02.html
states:
When may I submit a "notification" instead of a "review request"?
The following items may be exported and reexported to all destinations (except designated terrorist supporting countries, nationals of such countries, and persons designated in Part 744 of the EAR)
once proper notification is given to BIS and the ENC Encryption Request Coordinator: encryption source code that would be considered publicly available under Section 734.3(b)(3) of the EAR and the corresponding object code;
encryption items with key lengths less than or equal to 56 bits for symmetric algorithms, 512 bits for asymmetric algorithms and 112 bits for elliptic curve algorithms; mass market encryption products with symmetric key lengths not exceeding 64 bits; and beta test encryption software. Also, you may increase the key length of a previously reviewed encryption item by submitting a certification letter, provided that this is the only change in cryptographic functionality. See Sections 740.9(c)(8), 740.13(e), 740.17(d)(3) and 742.15(b)(1) for notification requirements for encryption items under the EAR.
so, is 56bit DES a symmetric algorithm ?
It appears that a notification to BIS & ENC may be required to ship a saber DES outside the US/Canada ?
Posted: Mon Jun 05, 2006 12:01 am
by AEC
From the site, I doubt this even covers voice encryption products, as even the stated 64 bit 'level' is below the radar of the BIS, and is not required to obtain a license for export to 'good' nations or the EU+8 as listed.
The topic was 'publicly available' encryption products for export/reexport, and voice encryption was not touched upon in the pages I reviewed, so I doubt DES falls under any 'controlled' classification by the BIS or EAR rules.
If I read this correctly, they are referring to software for internet use, and not voice encryption devices as sold by Circle-M and others.
Networks, routers, software more 'powerful' that PGP...that sort of thing.
If I developed high end voice encryption products, I would NOT submit the source code or object code to ANY government official as it's private property and is protected by the soon-to-be-eliminated bill of rights(privileges).
I would make certain every partner, friend and associate would have the 'devices' installed and operational long before any government got their greasy fingers on it, and if they did, it would be on the net faster than F-15 on afterburners.
Take their thunder away from them.
I know...OT, but I hate government snoops, this is 'supposed' to be the U.S...land of the free, or should I say, enslaved.
I really would not worry one iota about 64-bit DES.