Unix software and USSR

test dmr at alice.att.com
Thu Sep 27 15:56:12 AEST 1990 

Most people including me don't understand the regulations well.
Here are some facts, but please don't take them as comprehending
the rules.

1) The DES algorithm itself as used to encrypt passwords was
never subject to embargo and was regularly shipped overseas
without special license, and if the source was included,
libc/gen/crypt.c was there.

2) crypt(1) and the 'encrypt' entry point in crypt(3)--as opposed
to the 'crypt' entry point used for passwords--were removed
from overseas distribution.  The distinction was fine.  Approximately,
the one-way character of the password mechanism did not fall within
the protected area, whereas the ability of both crypt(1) and
the general DES encode-decode to produce secret messages put
them in the category of things that needed licences for export.
Note that DES was not treated specially here-- crypt(1) is not
DES, for example.  (Though doubtless any mention of 'DES'
served as a flag to the watchful.)

3) The new piece of information is that USL has announced that
these two programs are no longer subject to this restriction
and USL will no longer need to distinguish 'foreign' and
domestic distributions.

4) I know only few details of official source licensing of Unix software
outside the US, but it is worth noting that this sort of thing
is not all-or-nothing and various considerations apply.
In some cases export licenses may be needed, and the question
is how easy they are to get.  (In the 'crypt' case for example
licenses were the crucial thing, and the issue was that although they
were not impossible in principle, they were just too much of a pain).

Sometimes it is not the US government that is involved.  There are
several countries whose own laws or policies caused AT&T
to avoid source distribution not because of ideology, but they did
not recognize the notion of 'trade secret' in a way considered
acceptable to AT&T.

5) Two tidbits.  For some years now, it has been possible for
institutions in the PRC to get a Unix source license, but the
real problem for them has been the lack of hard currency to
buy them.  As a semi-independent fact, I learned that a group
in the Chinese Academy of Sciences took a binary distribution
of some version of Unix and reverse-engineered the object
files so as to make them produce messages and diagnostics
in Chinese.

I have been told that the fastest way for one of the universities
in Finland (Helsinki? Tampere?) to get the BSD 4.x (for some x) distribution
was to have their friends in Leningrad send them the tape.
I know no more.  I trust this is apochryphal, but it's cute.


	Dennis

More information about the Comp.unix.questions mailing list