[Posted and mailed]
Quote:> Let's say that SUSE offered "strong" encryption built into one of its
I'm not positive, but I believe they do -- on a German-only version of
Quote:> Is it true that if this is available on a US server it
> can't be made available anywhere else?
No. It means that the US server may not distribute that software to non-US
sites. I'm not a lawyer, though, and am unfamiliar with the minitiae of
this law; the implications may be somewhat different than this, such as it
might not be legal to put it up on a US FTP site at all, or the FTP site
might be required to only accept connections from the US. The point is,
the software can't pass from the US to other countries. It's not breaking
US law for, say, a user in Spain to download this hypothetical software
directly from Germany, nor for a user in the US to download it from
Germany, nor for a US company to press CDs and sell them in the US. The
moment that CD crosses the border, though, the US law has been violated,
despite the fact that the software originated outside the OS.
Don't get me wrong -- I am **NOT** trying to defend this law or claim it
makes sense. It's preposterous, IMHO, but it is the (US) law.
Quote:> I'd say that they would have the
> backing of their own government to go right ahead and distribute it.
> The server is just part of the distribution system.
Again, I am not a lawyer and all that, but if a US FTP site were to put up
some SuSE-created software with strong encryption, I rather doubt if any
charges would be brought against SuSE -- they'd be brought against
whoever's responsible for the US-based FTP site.
Quote:> If I download linux from a US server over here in the UK (unlikely I
> know but possible) can I possibly be breaking us law anyway and do I
> care? US law can't touch me over here. What are they going to do - fly
> over and arrest me for downloading something legally available in
> their own country?
There is such a thing as extradition. That said, I don't know if the law
is worded in such a way that anybody in the US would try to go after YOU.
They'd go after whoever made the software available to you -- the
maintainer of the US FTP site.
Quote:> Don't get me wrong I think these are very important matters but it's
> trying to go against the tide for the US to try to prohibit the
> overseas sale of software with strong encryption especially when even
> the long arm of the US law couldn't reach the perpetrators. Why does
> my server deserve less security than an identical one in the us?
> The real issue is who do we trust for our security? Our governments or
Again, no argument here from me -- IMHO, the US export regulations on
encryption are ludicrous. The "perpetrators," though, would not be the
people in Germany, the UK, or wherever who wrote the software or who
distributed it FROM their home countries; it's the people who exported the
software FROM THE US.
Author of books on Linux networking & WordPerfect for Linux