[geekcrypt] Re: Crypto export law in US

  • From: Niklas Lemcke - 林樂寬 <compul@xxxxxxxxxxxxxx>
  • To: geekcrypt@xxxxxxxxxxxxx
  • Date: Fri, 6 Jun 2014 20:35:07 +0800

On Fri, 6 Jun 2014 08:29:27 -0400
Bill Cox <waywardgeek@xxxxxxxxx> wrote:

> Here's a great page on the export of cryptography in the US:
>    https://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States
> The most relevant line is:
> "For instance, the BIS must be notified before open-source cryptographic
> software is made publicly available on the Internet, though no review is
> required."
> Developers here in the US could simply declare ourselves as a non-profit.
> Here in NC, no notifications are even required to any government entity.
> Once we've made that declaration, I could notify BIS whenever the main
> organization hosted in another country is ready to have a release.  This
> looks simple enough to me.  Apparently, no other action is required on our
> part here in the US.
> I think it's fair for the US to ask us to let them know when we make a
> crypto tool available for global use.  That's not stopping us, it's simply
> giving them an opportunity to react.  I'll make this my job if no one else
> wants it... I have a feeling no one else will :-)
> Bill

Your job it shall be.. :D
What I consider more of a problem though is the TC license.
In particular this
The terms of the TrueCrypt license cannot be changed in any way (including 
adding new terms). 

We should have someone contact the EFF law department ASAP.

Still, this means that we can at least fork it and distribute it. Just
need to take care of the branding.

Thus my suggestion would be: let's get crackin'. Remove all the
branding, and go for Phase1 in the Roadmap :)



At the time of writing, no warrants have ever been served to me, Niklas
Lemcke, nor am I under any personal legal compulsion concerning the
CipherShed project. I do not know of any searches or seizures of my

Attachment: signature.asc
Description: PGP signature

Other related posts: