[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cuba et al.

>> A few countries (Cuba, Lybia, Iran, Irak  and  other  dictatorships)
>> have  a  tech+commercial+political  blockade.   However,  they  have
>> Internet  access.   A guy from Cuba has come to SEG.  More may come,
>> later on.  We've got to discuss  this,  I  believe.  What do we do ?
>Quite an interesting problem...  I'm not quite sure exactly who to ask around 
>here, but I'll check into it.

the us gov has more impt things to do than prosecute us for little goofs
like this, so i think we can pretty much just do what we do without needing
to take insane precautions.

the only thing i'd be worried about in the least is crypto exportation,
so here's the briefing, so everyone knows it:

us has crypto, and officially considers it a "weapon".  thus its export from
the us is illegal.  export means sending tech that can do it (not encrypted
data), from inside the us to outside.  however, every major crypto impl i
can think of can be had via a mirror outside the us, so we should make an
effort to make sure that people outside the us obtain things like ssh from
a server outside us boundaries (e.g. ftp.replay.com).  beyond that, the only
hangup is whether the guys outside the us have their own restrictions, but
it is their burden, not ours, to make sure they don't break their own laws.

other than crypto, i don't know what the rules are on tech going to cuba, etc,
and i think:
1. expecting us to thoroughly research this ourselves is too much for the
 govt to ask.  if they were serious about _us_ doing/not doing a particular
 thing, they would be more clear about announcing it, or will warn us
 specifically if they notice we are doing something bad.
2. otherwise, the govt has other worries, and is not likely to try nailing
 us randomly for small infringements of ambiguous laws which are easy for
 anyone in the country (not just us) to infringe without even knowing it.

so we should make /some/ effort to see if there are particular things the
us gov really does care about and we should/shouldn't do, and act on that,
but beyond that we would be getting unnecessarily tied up in beaureaucracy.
the only thing i know of that we should be careful with is crypto, and the
thing we should do about that is just to make sure we do not allow ppl to
obtain crypto software inside us boundaries.  e.g.  cran's anon ftp area is
not allowed to contain a copy of ssh (although it can contain a text file
saying "get ssh from server foo outside the us").   yeah, it sounds silly,
but that's the law, and at least it doesn't require much effort to do it as
long as you remember it... and don't laugh /too/ hard. ;)

SEUL-Leaders list, seul-leaders-request@seul.mit.edu