R3D4C7ED
commented
2 years ago I am no lawyer, and I cannot afford to hire one, but as far as I can understand from the Encryption and Export Administration Regulations (EAR), the program and publicly available keys are most likely legal for export, though private keys are probably not. Until I can verify this, private keys will not be available for sale.
https://www.bis.doc.gov/index.php/policy-guidance/encryption
It is important to note that there are ABSOLUTELY NO REGULATIONS on encryption that ISN'T exported. This is 100% legal in the USA. Software that is "Publicly Available" it seems to be exempt from regulation, though what that means is a bit confusing. The keys are a form of "cryptographic activation" https://www.bis.doc.gov/index.php/2-items-in-cat-5-part-2/a-5a002-a-and-5d002-c-1/iii-cryptographic-activation and arguably the PUBLICLY available keys are legal to export, however, PRIVATE keys may or may not be legal to export depending if the law considers people you privately share keys with to be "one customer, for multiple instances". If the keys are not shared with anyone, then this is ABSOLUTELY an example of "one customer for multiple instances", and most likely not legal for export. I suppose I could keep an archive of distributed keys to technically satisfy that clause, HOWEVER, I do NOT want the responsibility of keeping your private keys secure and I don't even want to be ABLE to give them to the authorities in the unlikely event they issue a court order.
If you reference wikipedia under the lawsuits section of the following link, you will read this sentence: Daniel J. Bernstein, supported by the EFF, also sued over the export restrictions, arguing that preventing publication of cryptographic source code is an unconstitutional restriction on freedom of speech. He won, effectively overturning the export law. See Bernstein v. United States for details.
I am no lawyer, and I cannot afford to hire one, but as far as I can understand from the Encryption and Export Administration Regulations (EAR), the program and publicly available keys are most likely legal for export, though private keys are probably not. Until I can verify this, private keys will not be available for sale.
https://www.bis.doc.gov/index.php/policy-guidance/encryption
https://www.bis.doc.gov/index.php/policy-guidance/encryption/1-encryption-items-not-subject-to-the-ear'
It is important to note that there are ABSOLUTELY NO REGULATIONS on encryption that ISN'T exported. This is 100% legal in the USA. Software that is "Publicly Available" it seems to be exempt from regulation, though what that means is a bit confusing. The keys are a form of "cryptographic activation" https://www.bis.doc.gov/index.php/2-items-in-cat-5-part-2/a-5a002-a-and-5d002-c-1/iii-cryptographic-activation and arguably the PUBLICLY available keys are legal to export, however, PRIVATE keys may or may not be legal to export depending if the law considers people you privately share keys with to be "one customer, for multiple instances". If the keys are not shared with anyone, then this is ABSOLUTELY an example of "one customer for multiple instances", and most likely not legal for export. I suppose I could keep an archive of distributed keys to technically satisfy that clause, HOWEVER, I do NOT want the responsibility of keeping your private keys secure and I don't even want to be ABLE to give them to the authorities in the unlikely event they issue a court order.