Hacker News new | ask | show | jobs
by salawat 1414 days ago
Encryption beyond a particular strength has long been an ITAR restricted export.

Now everybody gets to learn that the United States regulatory policy machine will lean very hard on anything that'll threaten it's ability to flex soft power against its opponents.

>What even is GH required to do in response to this sanction, or are they just being overly cautious since we’re in uncharted waters?

Letter of the law is don't do financial transactions with those addresses.

The quiet part is: this technology is now associated with being a channel for money laundering, and will open up any parties hosting or making it available a potential subject of accessory to wire fraud/money laundering charges. As a publically funded company, I assure you, the legal, risk, and compliance departments are now erecting 100 foot poles between the company and this project.

You see, big business and government have a bit of an incestuous relationship. The bigger the market actor, the easier it is for the government to apply sufficient pressure where the easy way out is for said large actor to just "stop associating with that thing".

This is why OFAC is aptly named. You end up on it, and you basically fall out of the economy. The last sound you hear is the subject in question going O, FAC-<signal lost>.

Oh, actually, no, slight exaggeration, the truth is far more chilling.

You see, financial institutions will still process deposits. They just stop allowing withdrawals, turning the business relationship into a one-way trap for funds.

In theory, it may be possible to get off the OFAC list if you end up on it, however, financial institutions are instructed not to inform customers that they are sanctioned if asked. You're only told that a technical error precludes them from completing the transaction. If you mistakenly show up on OFAC, (like by sharing a name with someone who is on it), there are ways to get off of it by providing proof you are not the individual in question. In fact, most times, if you reach out, the service personnel you get are trained to get as much personal info as possible to try to determine whether or not you are actually the individual targeted by OFAC.

Companies will generally dig into it, and resolve it while playing coy. In this case though, it looks like businesses are taking the message to heart and just noping out of supporting it.
1 comments
DennisP 1414 days ago
> Encryption beyond a particular strength has long been an ITAR restricted export.

I'm not sure what you mean by "restricted," but publishing open source encryption software on the internet only requires that the BIS be notified. No review or approval is required.

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

link
salawat 1414 days ago
Technically, you're supposed to have to ask, and BIS can say no. That's restricted. There is the possibility of extra friction. I've never administered or experienced the compliance process myself, mind. I just know it's a thing.
link
dcow 1414 days ago
Can you link the section where it says you’re supposed to ask? In my experience you don’t get assigned anything, you tell them what you are classified as and of course they can disagree but there’s no “tell me my export classification” part unless you fall under a restriction and can’t claim any exemption. Only then do you submit anything. And from my reading of those hellish documents, encryption software for which the source code is publicly available is exempt.
link
DennisP 1414 days ago
I linked as source saying that's not the case. Maybe you can provide a source for your claim?
link