INTERNATIONAL CRYPTOGRAPHY FREEDOM |
||
Last Updated 3 February 2001: Add USUC
20. |
||
| This a growing list. Contributions welcome; send to:
<jya@pipeline.com>
Please mirror this page, or scavenge it to make your own. Let us know about additional sites or your page and we'll make a link. See also: Cryptome for news |
||
| UNITED STATES UNRESTRICTED CRYPTOGRAPHY | ||
| Program | URL | Notes |
| USUC 1 Cracking DES |
http://www.shmoo.com/~pablos/Cracking_DES/ | The Shmoo Group is proud to present... for the first time... available legally for download in the United States... from the jurisdiction of the 9th US Circuit Court of Appeals... |
| USUC 2 Secure Office | http://www.filesafety.com
Mirror: http://come.to/SecureOffice |
Charles Booher's site, formerly under attack by the USG |
| USUC 3 Secure Remote Password (SRP) distribution |
http://srp.stanford.edu/srp/ | A cryptographically secure remote-access suite, featuring Telnet and FTP with full strength 128-bit encryption. Open Source, unrestricted downloads. Available from mirror sites worldwide. |
| USUC 4 PGP 2.62 |
http://jya.com/pgp262-mil.zip | Mirror of US military web site offering of PGP 2.62 |
| USUC 5 Snuffle |
http://jya.com/snuffle.txt
Available also at USUC 1 |
Bernstein's Snuffle program, centerpiece of Bernstein v. USDOJ |
| USUC 6 GSM A5/1 |
http://jya.com/a51-pi.htm | A Pedagogical Implementation of A5/1 |
| USUC 7 PGP 5.0 |
http://web.qx.net/infocus/pgpinfo.html | In Focus offering |
| USUC 8 GSM A5/1 and A5/2 |
http://cryptome.org/gsm-a512.htm | A Pedagogical Implementation of A5/1 and A5/2 |
| USUC 9 Des.c |
http://www.ixpres.com/lauraglenn/src/crypto/ | Ariel Glenn's offering of Eric Young's des.c |
| USUC 10 Shmoo Moola |
http://www.shmoo.com/crypto/ | Shmoo's offering of "Cracking DES," the book, and Bernstein's Snuffle; Eric Cordian's PERL crypto; and more |
| USUC 11 Crypto++ |
http://www.eskimo.com/~weidai/cryptlib.html | Wei Dai's Crytpo++ Library |
| USUC 12 PGP 6.5.8 |
August 26, 2000: CAUTION -- Do not use
v6.5.2a due to ADK bug. See:
http://cryptome.org/pgp-badbug.htm
Use instead: |
PGPfreeware 6.5.8 Windows 95/98/NT/2000 and MacOS which have ADK-bug fixed. |
| USUC 13 Speak Freely |
http://www.speakfreely.org/ | Brian Wiles' Speak Freely Internet Telephone |
| USUC 14
Michael |
http://cryptography.org/source/ | Michael Paul Johnson's Encryption Algorithms
Diamond 2 Block Cipher source code in dlock2src.zip Pretty Good Privacy Source Code Version 6.0.2 Macintosh source code and signature RSA RSAEuro RSA toolkit |
| USUC 15 Kerebos |
http://cryptography.org/source/index.htm
http://cryptography.org/source/kerbnet/ http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/docs/kerbnet-docs.tgz http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/release_notes http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/MD5SUMS http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/source/kerbnet-source.tgz http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/source/tcl-source.tgz |
Kerebos by Michael Paul Johnson |
| USUC 16 Variety |
http://www.crypto.com/exports/mail.txt | Open list of crypto offerings |
| USUC 17 PKI |
http://www.mozilla.org/projects/security/pki/src/download.html | This is the source code that Netscape used in Communicator and is now used in the iPlanet servers (http://www.iplanet.com/) |
| USUC 18 CP4Break |
http://cryptome.org/cp4/cp4break.html | CP4Break by Eddy Jansson and Matthew Skala |
| USUC 19 MIT Kerberos V5 release 1.2.1 |
http://www.crypto-publish.org/ | In order to provide people outside the US with access to open source
cryptography, the Cryptography Publishing Project is making MIT Kerberos
V5 release 1.2.1 available without restriction, in compliance with the changes
in US export regulations since January, 2000.
The Project was started to make open source cryptographic software freely available in situations where it difficult to obtain the software from its original authors. |
| USUC 20 PGP 7.0.3 |
PGP Freeware v 7.0.3
Windows (7.5 MB) PGP Freeware v 7.0.3 MacOS (6.2 MB) |
PGP Freeware 7.0.3 |
| INTERNATIONAL MIRROR SITES | ||
| Country | URL | Notes |
| Australia 1 | ftp.psy.uq.oz.au:/pub/Crypto | |
| Australia 1 | ftp.psy.uq.oz.au:/pub/Crypto | |
| Australia 2 | http://vicraves.i-o.net.au/crypto.html | No access logging |
| Australia 3 | http://www.wiretapped.net/
http://the.wiretapped.net/security/cryptography/ |
A seriously vast array of other security and cryptography related material
AusMac Crypto Library |
| Austria 1 | ftp://ftp.giga.or.at/pub/hacker/crypt | Stuff related to crypto |
| Austria 2 | ftp://ftp.giga.or.at/pub/hacker/stego | Stuff related to steganography |
| Austria 3 | ftp://ftp.giga.or.at/pub/hacker/Incoming | For very welcome contributions of all sorts: binaries, texts, sources, etc. related to cryptography, cryptanalysis, steganography, information hiding, etc. |
| Brazil 1 | http://www.nw.com.br/users/pbarreto/crypto_page.html | Selected links, public domain crypto software, mostly related to elliptic curves and block ciphers |
| Brazil 2 | http://novaware.cps.softex.br/ | NOTICE: Neither Novaware nor this site are subject to restrictions from the Wassenaar Agreement on the control of Cryptography |
| Brazil 3 | http://novaware.cps.softex.br/mirrors/cryptix-java/ | Cryptix mirror |
| Canada 1 | http://www.privacy.nb.ca/cancrypt/ | CanCrypt, a directory of Canadian cryptographic resources. It is intended
to be a clearing house of Canadian related cryptographic resources.
Although the relaxing of US export regulations has reduced some of its importance, Canada still has a more liberal cryptographic policy for export and usage. Compared to both the USA (re: export) and UK (re: RIP) it is very crypto-friendly. 233MB+; Apache-SSL, SSLeay, cryptlib, freeswan, gnupg, mozilla-crypto, pgpi, ssh, more |
| Canada 2 | ftp://gwynne.cs.ualberta.ca/pub/Crypto/ | |
| Canada 3 | ftp://ftp.mindlink.net/pub/crypto/
See for access procedure: ftp://ftp.mindlink.net/pub/crypto/README.html |
|
| Canada 4 | http://www.interlog.com/~rguerra/www | 224! PGP and Privacy Links |
| Canada 5 | http://crypto.yashy.com/ | |
| Croatia 1 | pgp.rasip.fer.hr:/pub/crypt | |
| Denmark 1 | http://www.datashopper.dk/~boo/index.html | Assorted PGP Freeware |
| Finland 1 | http://www.ssh.fi/tech/crypto/sites.html | Multiple Sources |
| Finland 2 | ftp.funet.fi:/pub/crypt | PGP, symmetric and asymmetric encryption, crypto libraries, papers |
| Finland 3 | http://www.pgpi.org/ | International PGP Home Page |
| Finland 4 | ftp://garbo.uwasa.fi/pc/crypt | |
| France 1 | http://web.cnam.fr/reseau/Crypto/ | L'utilisation du chiffrement en France |
| France 2 | ftp://ftp.lip6.fr/pub2/linux/networking/net-source/mail/pgp/ | GnuPG PGP Sendmail v1.4 Auto PGP 1.04 PGP 2.6.3is PGP 5.0-b8 |
| France 3 | http://www.fortunecity.co.uk/skyscraper/techie/18/cryptofree-fr.htm | "Liberte pour la cryptographie internationale." UK Mirror, 10MB. PGP, DOS & Unix versions, sources, GNUPG, ScramDisk, the PGP 6.0 & 2.62 french manuals, etc. All are freeware and none have been exported from USA (only PGP international versions). |
| France 4 | http://www.cl.cam.ac.uk/~fapp2/software/Scramdisk_2.02H-fr.zip | A French version of ScramDisk, the famous hard disk encryption program for Windows 95/98 written by Aman & Sam Simpson. Fabien Petitcolas, a cryptographer from the Cambridge University (UK) supervised this work: http://www.cl.cam.ac.uk/~fapp2/scramdisk/ |
| Germany 1 | ftp.darmstadt.gmd.de:/pub/crypto | |
| Germany 2 | ftp.informatik.uni-hildesheim.de:/pub/security | |
| Germany 3 | ftp://ftp.pca.dfn.de/pub/tools/crypt/ | |
| Germany 4 | ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/ | Disk and file encryption, PGP, stego, voice encryption |
| Germany 5 | ftp://ftp.uni-mainz.de/pub/internet/security/SSL/ | SSL site |
| Germany 6 | http://www.d.shuttle.de/isil/gnupg/ | The GNU Privacy Guard |
|---|---|---|
| Germany 7 | http://munitions.vipul.net/
Autosyncing mirrors: http://munitions.dyn.org/dolphin.cgi?command=index -- Amsterdam Science Park, The Netherlands http://munitions.polkaroo.net -- Ottawa, Canada http://munitions.cifs.org -- Sydney, Australia http://uk1.munitions.net -- Oxford, UK http://munitions.firenze.linux.it/ -- Italy (Files-only mirror) |
munitions is a mega-archive of cryptographic software for the linux operating
system. here you'll find free software tools for building and maintaining
secure, tamperproof linux installations and achieving electronic privacy
in the highly intrusive networked environments of today.
<network> <data haven> <email> <anonymizers> <secure ip> <secure tcp> <ssh> <ssl> <www> <key mgmt> <libraries> <maths> <pgp> <gnupg> <system> <kernel> <kerberos> <unix> <password> <filesystem> <steganography> <voice> |
| Hong Kong 1 | ftp://ftp.futuredynamics.com/freecrypto/;
or, if broken
ftp://futuredynamics.com/freecrypto/; or, if also busted |
Mirrors of ftp.pgpi.com; ftp.psy.uq.oz.au/pub/Crypto (SSLeay and SSH);
Fortify; and the Speakfree distribution from
ftp.fourmilab.ch/pub/web/speakfree. About 180 Mb. More stuff will be hopefully added later. |
| Hungary 1 | ftp.kfki.hu:/pub/packages/security
Full description: |
SSH, SSL, SSL applications, libdes, OPIE, PGP, SRP and other non-cryptographical-security tools. |
| Ireland 1 | ftp://ftp.heanet.ie/pub/crypto/ | Contains SSH, SSL, SSL apps, PGPI. More to come. |
| Italy 1 | idea.sec.dsi.unimi.it:/pub/security/crypt | |
| Japan 1 | http://www2.eccosys.co.jp/~tsuruta/pgp/ | Tsuruta's MacPGP Page |
| Kyrgyzstan 1 | http://www.underground.org.kg/crypto/ | |
| Netherlands 1 | utopia.hacktic.nl:/pub/replay/pub/disk | Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files |
| Netherlands 2 | http://www.replay.com | |
| Netherlands 3 | ftp://ftp.replay.com/pub/crypto/crypto/LIBS/cryptolib/crypto30.zip | Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives. |
| Netherlands 4 | http://www.monster.org/mirror/gsm/ | GSM A5/1 and A5/2. |
| New Zealand 1 | http://www.cs.auckland.ac.nz/~pgut001/links.html | A Comprehensive List of Worldwide Sources |
| New Zealand 2 | http://www.cs.auckland.ac.nz/~pgut001/archive.html
(Not yet active; meanwhile see NZ 1 above) |
Peter Guttman: This currently contains a mostly blank page because it'll
take a few days to get things set up, but I thought I'd get the ball
rolling. Once it's ready I'll use it to make all sorts of crypto available
to anyone anywhere until ordered by a NZ court to stop doing so (this is
a long way removed from being ordered by the Ministry of Foreign Affairs
and Trade to stop doing so), or alternatively until the machine sh*ts itself
and dies, which may happen somewhat sooner :-).
The archives (when ready) will be stored on a machine for which accesses are not logged. It may also allow SSL access (with strong encryption, obviously), which will include making available dummy files of various sizes so that it's not possible to prove (based on traffic analysis) exactly what was downloaded ("Crypto? Certainly not, I was downloading this paper on the history of Ethiopian pottery in 4000BC"). |
| Norway 1 | ftp.unit.no:/pub/unix/security | |
| Norway 2 | ftp://ftp.ifi.uio.no/pub/gnu/ | Main distribution site for crypt() in glibc |
| Norway 3 | ftp://ftp.ifi.uio.no/pub/pgp/ (the same as ftp.no.pgpi.com) | Main distribution site for pgpi |
| Norway 4 | ftp://ftp.at.pgpi.com/pub/pgpi/ ftp://ftp.au.pgpi.com/pub/pgp/ ftp://ftp.ch.pgpi.com/pub/pgp/ ftp://ftp.cz.pgpi.com/pub/pgp/ ftp://ftp.de.pgpi.com/pub/pgp/ ftp://ftp.dk.pgpi.com/pub/pgp/ ftp://ftp.es.pgpi.com/pub/pgp/ ftp://ftp.fi.pgpi.com/pub/pgp/ ftp://ftp.jp.pgpi.com/pub/pgp/ ftp://ftp.kr.pgpi.com/pub/security/pgp/ ftp://ftp.nl.pgpi.com/pub/pgp/ ftp://ftp.pl.pgpi.com/pub/pgpi/ ftp://ftp.ru.pgpi.com/pub/pgp/ ftp://ftp.se.pgpi.com/pub/pgp/ |
PGP International Mirrors |
| Norway 5 | ftp://ftp.kerneli.org/pub/linux/kerneli/v2.1/ ( which is verden.pvv.org which is verden.pvv.ntnu.no ) |
Main distribution site for the international kernel patch for Linux (collection of crypto-patches for the linux kernel) |
| Russia 1 | ftp.kiae.su:/unix/crypto | |
| Spain 1 | http://www.kriptopolis.com/software/prog.html | |
| Spain 2 | http://www.argo.es/~jcea/cripto.htm | Criptología by Jesús Cea Avión |
| Sweden 1 | ftp.sunet.se:/pub/security/tools/crypt | Swedish University Network Security Archives |
| Switzerland 1 | http://www.semper.org/sirene/outsideworld/security.html | IBM Zurich Security and Cryptography Sources |
| Switzerland 2 | http://www.semper.org/sirene/people/gerrit/secprod/ secprod.html |
Gerrit Bleumer's Cryptography Enhanced Products |
| United Kingdom 1 | ftp.ox.ac.uk:/pub/crypto | DES, SSL, cryptanalysis, documentation, PGP, miscellaneous |
| United Kingdom 2 | http://www.dcs.exeter.ac.uk/~aba/ | Adam Back's Resources |
| United Kingdom 3 | ftp://ftp.cl.cam.ac.uk/users/rja14/ | Ross Anderson's FTP Sources |
| United Kingdom 4 | http://www.notatla.demon.co.uk/CRYPTO/crypto.html | pgutlinks.html 245K SSLeay-0.9.0b.tar.gz 1.3M crypto-free.htm 28K Fortify-README 2K Fortify-1.3.1-unix-x86.tar.gz 372K apache_1.3.3+ssl_1.29.tar.gz 37K crypto30.zip 394K nhs-rpt.wp 88K aba_zergo.txt 142K bnlib.tar.gz 142K cfs-1.3.3bf-1.i386.rpm.tar.gz 192K crypto.html 8K ssh 1.2.27
|
| United Kingdom 5 | ftp://opensores.thebunker.net/pub/mirrors/ | The Bunker open source FTP repository is housed in an ex-military data
centre, buried deep below the earth in a nuclear, chemical and biological
warfare proof bunker.
SSLapps, SSLeay, argus, crack5, cracklib, MD5, SHA, l6, satan, ssh, stunnel, syn, tcp_wrappers, more coming. |
| United States 1 | http://www.cryptography.org/
http://cryptography.org/cgi-bin/crypto.cgi/libraries/crypto30.zip http://cryptography.org/cgi-bin/crypto.cgi/libraries/crypto23.zip |
North American Cryptography Archives. Archive of crypto software, only available from the US and Canada. Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives. |
| United States 2 | http://cryptography.org/freecryp.htm | Crypto Sites Outside North America |
| United States 3 | http://www.austinlinks.com/Crypto/ | Quadralay Cryptography Archive |
| United States 4 | http://theory.lcs.mit.edu/~rivest/crypto-security.html | Ron Rivest's Links |
| United States 5 | http://www.genocide2600.com/~tattooman/cryptography/
Packet Storm is now owned by Kroll-O'Gara, an international security corporation, thanks to the cowardice of Harvard University and LEA-tool AntiOnline Ahole. The archive is to be activated in September 1999 (stripped of offensive stuff; too bad, RIP Infamous Original Packet Storm): http://www.securify.com/packetstorm/ Tattooman has blessed this "re-education," but beware of being snooped at the new site. Tattooman has zipped-lip since what smells like a forced confession. |
Maintainer: Ken Williams. Contents: Crypto Libraries, SecureOffice, Source Code for all AES Candidates, Applied Crypto, Cryptanalysis, GNUGP, Kerberos, PGP, Skip, Snow, Snuffle, SSH, Steganography, Voice Encryption, source code, crypto papers, much more, and more on the way. Size: 300+ MB, 2000+ files, and growing every day. |
| United States 6 | http://www.c4i.org/erehwon/crypto.html | URL revised 29 November 2000 |
| United States 7 | http://www.eskimo.com/~weidai/cryptlib.html | Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives. |
| United States 8 | http://www.lila.com/nautilus | Nautilus, with links to non-US sites. |
| United States 9 | http://www.counterpane.com/sites.html | Bruce Schneier's Sources for Software and Source Code |
| United States 10 | ftp://ftp.clark.net/pub/cme/ | Carl Ellison's FTP Sources |
| United States 11 | http://www.jjtc.com/Security/ | Neil Johnson's Cryptography and Encryption Sources |
| United States 12 | http://www.homeport.org/~adam/crypto/ | Adam Shostack's Cryptographic Libraries |
| United States 13 | http://www.io.com/~ritter/ | Terry Ritter's Codes, Links, Tutorials |
| United States 14 | http://www.enter.net/~chronos/cryptolog1.html | Crypto-Log: Codes, papers and policies |
| United States 15 | http://www.cryptography.com/resources/index.html | Paul Kocher's Cryptography Resources Online |
| United States 16 | http://www.cypher.net/tools/crypto-free.html | Mirror of this page, updated 4 times daily. |
| United States 17 | http://members.tripod.com/~the_cancer/Crypto/index.html | PGP Crypto: QDPGP, XCrypt, MAilPGP, Peics |
| United States 18 | http://www.theargon.com | The A.R.G.O.N. Security and Crypto Site |
| United States 19 | ftp://ftp.jpunix.com | John Perry's PGPdomo for secure mailing lists, and other programs |
| United States 20 | http://home.ptd.net/~kruslicc/ | CryptoCards - strong encryption with deck of cards |
| United States 21 | http://www.angelfire.com/md/keyshift/ | PR0 Death's PGP Message Shifter Applet |
| United States 22 | http://ciphersaber.gurus.com | |
| United States 23 | http://people.qualcomm.com/karn/code/index.html | Phil Karn's Software Packages and Utilities
ACE demod - Software demodulator for Advanced Composition Explorer
spacecraft telemetry |
| US 24 | http://www.salts.navy.mil/ftp/pub/software/programs/NT/Netscape/ | US Navy offers Netscape with 128-bit crypto. More programs in other directories. |
| US 25 | http://www.ccd.bnl.gov/pub/IRIX/pgp-262/bin/ | Brookhaven National Laboratory offers IRIS ELF for PGP 2.62 |
| NOTES | ||
| Note 1:
John Gilmore's proposal is to
mirror the contents of cryptography sites not just the URLs.
We've been asked what to mirror if it is not possible to mirror large archives (200 MB and up), or you can't easily decide which programs are most important. John Gilmore recommends: The top things I'd suggest for a mirror site are (see sources at sites above):PGP source code (various versions) Jim Gillogly recommends: One way to determine which programs are the best for this purpose would be to study what various governments have taken some action on. Some obvious ones (See US 5):PGP (various versions, high level of government interest) Jim Choate recommends that cryptography documentation be mirrored to encourage understanding and creation of strong encryption -- the best assurance that it will grow and spread. Mirror whatever you can until better advice for selections comes along. Prime need: many mirrors of the strongest cryptography, especially anything allowing the use of key lengths above 40-bits, that is, anything that requires a US export license for general public use (the US standard appears to be the model for latest Wassenaar restrictions). Next, mirror any program that appears to be a target for latest Wassenaar restrictions as they may be implemented in your country. For complaints about the restrictions on privacy to be implemented due to US pressure, contact your government's cryptography control ministry: http://www.wassenaar.org/docs/contacts.htm |
||
| Note 2: Please forward news and
information on the recent Wassenaar Arrangement restrictions in your country
to John Young
<jya@pipeline.com>. Anonymous
and encrypted messages welcome. PGP public
keys of John Young. Check
Cryptome for news.
Note 3: For information on cryptography export issues see: Global Internet Liberty Campaign (GILC) Note 4: More mirror sites are needed in countries which are not members of the Wassenaar Arrangment so that when the doors are slammed shut by new WA laws there will still be free sources of strong encryption. For list of WA members see: http://www.wassenaar.org/docs/contacts.htm. From: Richard Stallman <rms@gnu.org>
Subject: Encryption software volunteers needed in countries without
export control
We need to find volunteers in countries which are not signatories to
Wassenaar to take over development and distribution of encryption
software such as the GNU Privacy Guard and PSST. We are looking for
(1) an ftp site from which to distribute the software, and (2) people
to carry on the development work.
If you have contacts in any non-signatory country, please circulate
this message as widely as possible in your country, looking for people
who might want to volunteer for GNU software development.
Non-signatory countries that come to mind as possible places where
free encryption software can be developed include Mexico, India,
Croatia, China, South Africa, and perhaps Israel. However, any
country is ok if its laws do not prevent the work.
|
||
"Declan: This point is worth clarifying. The new regs remove restrictions from the posting of publicly available encryption source code for downloading. The regs say:
a) If you post encryption source code to a site on the net and anyone can access it, you do not need to have it reviewed by BXA or obtain a license.b) Simply posting this "publicly available" encryption source code does not count as an export and does not trigger all the terrorist sanctions and other requirements created by various Federal sanctions laws.
(what this means is that if you post some code and Saddam Hussein downloads it, you are not liable. If Saddam calls you up and asks you to e-mail him the code, and you send the e-mail without applying for and receiving a license, you are liable).
c) You do need to send BXA an E-mail with the internet location of the posted source code and you are prohibited from sending (as opposed to posting) the encryption source code to a terrorist country or an individual on one of our denial lists.
d) if a foreign person makes a new product with the source code you've posted, there are no review or licensing requirements for that foreign product. If they pay you a royalty or licensing fee for a product they've developed for commercial sale, however, you may have to report some information to BXA.
It appears that the only requirement for Mr. Young is to notify us of the location of the source code (http://jya.com/crypto.htm)."
-- James Lewis, BXA, BXA On "Is this man a crypto-criminal?", January 18, 2000
"The EAR is amended as follows:
1. In Sec. 734.2, Important EAR Terms and Principles, unrestricted
encryption source code under Sec. 740.13(e), commercial encryption
source code under Sec. 740.17(a)(5)(i) and retail products under
Sec. 740.17(a)(3) are exempted from Internet download screening
requirements in Sec. 734.2 (b)(9)(iii). A revised screening mechanism
for other encryption products exported to government end-users is
added. Please note that Sec. 734.2(b)(9) contains the relevant
definitions for the export of encryption source code and object code
software. In addition, cross-referencing changes are made to
Secs. 734.7, 734.8, and 734.9.
2. In Sec. 740.13, Technology and Software Unrestricted, changes
are made to reflect amendments to the Wassenaar Arrangement.
Specifically, encryption software is no longer eligible for mass market
treatment under the General Software Note. Encryption commodities and
software are now eligible for mass market treatment under the new
Cryptography Note in Category 5--Part 2 of the CCL. This Note
multilaterally decontrols mass market encryption commodities and
software up to and including 64-bits. Such products, after review and
classification by BXA, are classified under Export Commodity Control
Numbers (ECCNs) 5A992 or 5D992, thereby releasing them from ``EI''
(Encryption Items) and ``NS'' (National Security) controls, and making
them eligible for export and reexport to all destinations (see
Sec. 742.15(b)(1)(iii) of the EAR). Once mass market encryption
software and commodities are released from ``EI'' controls they may be
eligible for de minimis and publicly available treatment (see part 734
of the EAR).
3. Also in Sec. 740.13, to, in part, take into account the ``open
source'' approach to software development, unrestricted encryption
source code not subject to an express agreement for the payment of a
licensing fee or royalty for commercial production or sale of any
product developed using the source code can, without review, be
released from ``EI'' controls and exported and reexported under License
Exception TSU. Intellectual property protection (e.g., copyright,
patent, or trademark) would not, by itself, be construed as an express
agreement for the payment of a licensing fee or royalty for commercial
production or sale of any product developed using the source code. To
qualify, exporters must notify BXA of the Internet location (e.g., URL
or Internet address) or provide a copy of the source code by the time
of export. These notifications are only required for the initial
export; there are no notification requirements for end-users
subsequently using the source code. Notification can be made by e-mail
to crypt@bxa.doc.gov."
-- Bureau of Export Administration, Revisions to Encryption Items, January 14, 2000
"Q Mr. Marshall, on her point, please. The head of the DEA and the FBI have repeatedly -- and Ms. Reno -- have repeatedly warned of the dangers of not being able to break the codes of criminals. And of course encryption legislation is being debated at length. Is this an indication that maybe that's not so great a problem after all?
MR. MARSHALL (Drug Enforcement Adminstration): Well, that was not a significant impediment in this particular investigation. We've encountered that in many, many other investigations. We're encountering it ever more frequently. And we hope that we don't lose the ability to intercept encrypted communications.
ATTY. GEN. RENO: I would point out -- I would point out in that regard that in this instance, it was not an obstacle. But as more and more drug traffickers and others engaged in organized crime and other activities, including terrorism, encrypt their communication, it is going to be more and more difficult for law enforcement. And that is the reason it is so important law enforcement work with the private sector and with others to ensure the protection of our national security interests and to make sure that we balance the privacy concerns that are so important with law enforcement's legitimate concerns."
-- DoJ Press Conference, Arrest of Colombian Drug Trafficers in Operation Millennium, October 13, 1999
"Much work remains to be done. In particular, I believe we must soon address the risks posed by electronic distribution of encryption software. Although the Wassenaar Nations have now reached agreement to control the distribution of mass market encryption software of certain cryptographic strength, some Wassenaar Nations continue not to control encryption software that is distributed over the Internet, either because the software is in the 'public domain' or because those Nations do not control distribution of intangible items. While I recognize that this issue is controversial, unless we address this situation, use of the Internet to distribute encryption products will render Wassenaar's controls immaterial."
-- US Attorney General Janet Reno, Ban Encryption on the Internet, May, 1999
"Never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."
-- US Appeals Court Judge Betty Fletcher, in the Bernstein opinion, May 6, 1999.
New US section for:
Heeding Hugh Daniels' call today to let 1,000 US crypto sites flower
free of unconstitutional encryption export restrictions in the light of
the May 6 Bernstein opinion, we invite contributions of
unlimited-strengh encryption programs and/or links to such programs
for the new US unrestricted cryptography section here. See also
formerly restricted US sites below.
Dec. 3 Wassenaar Arrangement Lists in
original
DOC format and HTML
format
Encryption and
Security Tutorial
Free Crypto Logos
Free Crypto Org
Electronic Civil
Disobedience (ECD) <- look to last section