Cloud computing, encryption, and export laws
Richard Pieri
richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon May 2 20:07:54 EDT 2011
On May 2, 2011, at 7:16 PM, Scott Ehrlich wrote:
>
> In light of all this, where does responsibility lie if someone in the
> US encrypts data in a manner that prohibits export, places said data
> into the cloud, and any of the bits land on a server in a country on
> the prohibited list? How does this get handled/managed/addressed?
US export regulations do not prohibit the export of encrypted data. They prohibit the export of strong crypto. That is: live, functioning code.
It is unlikely that a company operating in the US is going to have data centers in nations on the US enemies list. At the least, those nations tend not to be conducive towards long-term stability.
Beyond that, service providers have safe harbor protections as long as they operate and provide their services in good faith. Any liability is yours alone.
--Rich P.
More information about the Discuss
mailing list