Cloud computing, encryption, and export laws

Richard Pieri richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon May 2 20:07:54 EDT 2011


On May 2, 2011, at 7:16 PM, Scott Ehrlich wrote:
> 
> In light of all this, where does responsibility lie if someone in the
> US encrypts data in a manner that prohibits export, places said data
> into the cloud, and any of the bits land on a server in a country on
> the prohibited list?   How does this get handled/managed/addressed?

US export regulations do not prohibit the export of encrypted data.  They prohibit the export of strong crypto.  That is: live, functioning code.

It is unlikely that a company operating in the US is going to have data centers in nations on the US enemies list.  At the least, those nations tend not to be conducive towards long-term stability.

Beyond that, service providers have safe harbor protections as long as they operate and provide their services in good faith.  Any liability is yours alone.

--Rich P.






More information about the Discuss mailing list