[geekcrypt] Crypto export law in US

  • From: Bill Cox <waywardgeek@xxxxxxxxx>
  • To: geekcrypt@xxxxxxxxxxxxx
  • Date: Fri, 6 Jun 2014 08:29:27 -0400

Here's a great page on the export of cryptography in the US:


The most relevant line is:

"For instance, the BIS must be notified before open-source cryptographic
software is made publicly available on the Internet, though no review is

Developers here in the US could simply declare ourselves as a non-profit.
Here in NC, no notifications are even required to any government entity.
Once we've made that declaration, I could notify BIS whenever the main
organization hosted in another country is ready to have a release.  This
looks simple enough to me.  Apparently, no other action is required on our
part here in the US.

I think it's fair for the US to ask us to let them know when we make a
crypto tool available for global use.  That's not stopping us, it's simply
giving them an opportunity to react.  I'll make this my job if no one else
wants it... I have a feeling no one else will :-)


Other related posts: