international encryption

Hi...wondering if anyone has any thoughts on the following scenario. A
US-based company has a UK-based facility. Is the UK-based facility
limited in the type of encryption solutions it can implement because of
US export controls? I've readd that the US treats encryption products as
military-type exports and this severely limits how these can be
exported. Would this apply in this situation, or does it only apply in
cases of US vendors selling encryption products overseas? In my
scenarion, the UK-based facility is part of the US-based company, so
it's not really selling encryption products, just implementing them at a
foreign facility owned by a US company. The company wants to implement a
tight security solution for its entire network, including the foreign
facility.

Thanks...

Fred

On Sun, 04 Dec 2005 03:28:36 GMT, Fred <> wrote:

>Hi...wondering if anyone has any thoughts on the following scenario. A
>US-based company has a UK-based facility. Is the UK-based facility
>limited in the type of encryption solutions it can implement because of
>US export controls? I've readd that the US treats encryption products as
>military-type exports and this severely limits how these can be
>exported. Would this apply in this situation, or does it only apply in
>cases of US vendors selling encryption products overseas? In my
>scenarion, the UK-based facility is part of the US-based company, so
>it's not really selling encryption products, just implementing them at a
>foreign facility owned by a US company. The company wants to implement a
>tight security solution for its entire network, including the foreign
>facility.
>
>Thanks...

1, America has no monopoly on encryption.
2. Their domestic laws have no extraterritorial validity.
--
Jim Watt
http://www.gibnet.com

Jim Watt

Fred wrote:

> Hi...wondering if anyone has any thoughts on the following scenario. A
> US-based company has a UK-based facility. Is the UK-based facility limited
> in the type of encryption solutions it can implement because of US export

No. The US laws are toothless, if they actually exist at all any more
(they've been rewritten). Even in their heyday, those draconian laws could
be easily circumvented by exporting programs in source code form and
compiling outside US borders (or simply SAYING you did). <g> they never
did put any real restriction on what sort of encryption you could use,
just exporting the compiled programs that did that encryption.

TwistyCreek

Jim Watt <_way> wrote:

> 2. Their domestic laws have no extraterritorial validity.

Except if you happen to fly somewhere and have to change planes at a US
airport. The USA don't understand the concept of "transit", and think
that as soon as you set your foot into a US airport, even without
wanting to travel to the USA, you're all theirs...

Juergen Nieveler
--
There's someone out there for everyone - even if you need a pickaxe, a
compass, and night goggles to find them. Steve Martin as Harris Telemacher
in "L.A. Story".

Juergen Nieveler

On 4 Dec 2005 16:58:36 GMT, Juergen Nieveler
<> wrote:

>Jim Watt <_way> wrote:
>
>> 2. Their domestic laws have no extraterritorial validity.
>
>Except if you happen to fly somewhere and have to change planes at a US
>airport. The USA don't understand the concept of "transit", and think
>that as soon as you set your foot into a US airport, even without
>wanting to travel to the USA, you're all theirs...

And if you have a beard, its even worse, off to Guantanamo
without trial. Bloody fascists. However this describes personal
security rather than that of computers.

--
Jim Watt
http://www.gibnet.com

Jim Watt

On Sun, 04 Dec 2005 18:36:05 +0100, Jim Watt <_way>
wrote:

>>Except if you happen to fly somewhere and have to change planes at a US
>>airport. The USA don't understand the concept of "transit", and think
>>that as soon as you set your foot into a US airport, even without
>>wanting to travel to the USA, you're all theirs...

>And if you have a beard, its even worse, off to Guantanamo
>without trial. Bloody fascists. However this describes personal
>security rather than that of computers.

On that I beg to differ. My Brother in-law is hispanic, and if you put
him in traditional middle eastern garb, he looks like he just walked
out of the desert with Lawrence of Arabia. He has not once been
checked at an airport and until recently he traveled a great deal.

Now if you are a young attracive female....

--
Ned

Ned Brickley

On Mon, 05 Dec 2005 12:26:57 +0000, Ned Brickley <>
wrote:

>On Sun, 04 Dec 2005 18:36:05 +0100, Jim Watt <_way>
>wrote:
>
>>>Except if you happen to fly somewhere and have to change planes at a US
>>>airport. The USA don't understand the concept of "transit", and think
>>>that as soon as you set your foot into a US airport, even without
>>>wanting to travel to the USA, you're all theirs...
>
>>And if you have a beard, its even worse, off to Guantanamo
>>without trial. Bloody fascists. However this describes personal
>>security rather than that of computers.
>
>On that I beg to differ. My Brother in-law is hispanic, and if you put
>him in traditional middle eastern garb, he looks like he just walked
>out of the desert with Lawrence of Arabia. He has not once been
>checked at an airport and until recently he traveled a great deal.

Does he dress like a member of the KKK ?

>Now if you are a young attracive female....

If only you were Stevie Wonder ...

--
Jim Watt
http://www.gibnet.com

Jim Watt

1. As has been stated, those laws were re-written when it was realized
they were almost impossible to enforce and it was hurting legitimate use.

2. The issue may be moat anyway because the government/NSA may have a
"back door" or can feasibly brute-force all public ciphers anyway (AES,
two-fish, blowfish, serpent, RC4...)

Fred wrote:
> Hi...wondering if anyone has any thoughts on the following scenario. A
> US-based company has a UK-based facility. Is the UK-based facility
> limited in the type of encryption solutions it can implement because of
> US export controls? I've readd that the US treats encryption products as
> military-type exports and this severely limits how these can be
> exported. Would this apply in this situation, or does it only apply in
> cases of US vendors selling encryption products overseas? In my
> scenarion, the UK-based facility is part of the US-based company, so
> it's not really selling encryption products, just implementing them at a
> foreign facility owned by a US company. The company wants to implement a
> tight security solution for its entire network, including the foreign
> facility.
>
> Thanks...

David