05-19-2021, 08:35 AM
(This post was last modified: 05-19-2021, 08:38 AM by decrypt.
Edit Reason: line-breaks
)
Chick3nman is absolutely right that you should get a lawyer asap. Unfortunately I have had trouble with this topic for the last 6 years (non-hashcat related) and it triggers me enough to stop lurking:
Where are you from? I hope it's not Germany. BAFA in Germany (and probably also other EU government bodies) considers cryptanalysis not only Annex I but even Annex IV (same as missiles etc., up to 5 years prison or up to 3M € iirc) and BAFA's position on bringing something into the public domain is also over the top:
Source: ec_academia.pdf page 66
So, either go directly to a lawyer or at least let us know which country you are from. There is enough people with the right background (or colleagues of theirs) visiting this forum, maybe one of your countrymen can provide further specific info.
- The Waasenaar Arrangement is an international agreement, but the only thing that really matters is what your specific country has implemented in its legislature as well as what the specific judge decides.
- You wrote that you are currently "under investigation". If it's not an official case yet, you may have better chances to cooperate extensively and possibly proactively admit guilt. Don't wait until you get cited to court, better take a lawyer and discuss your options. That may be the difference between monetary fine and prison.
- To be honest: You should have checked for the export controls on dual-use items in your country beforehand (I know, easy to say in hindsight). It usually takes a few weeks for the authorities to answer (unless in Germany where it is several months) and shouldn't cost anything. And, no, there is no "I am sure I first get one warning before anything serious happnes. I can wait that long."
- While you get a lawyer to discuss if you are really in breach of export regulations, I would recommend to check for your specific country if there are potential exemption clauses applicable. Chick3nman referenced the "exempt if in the public domain" possibility. While probably correct in some countries, this unfortunately might not be the case for your country. Other possibilities may have to do with the specific recipient (some countries have treaties among themselves) or with the content (fully functional code is controlled, non-functional "concepts" potentially not) or how long ago you screwed up (I think the official English term is "statutes of limitations"). That's all country specific.
Where are you from? I hope it's not Germany. BAFA in Germany (and probably also other EU government bodies) considers cryptanalysis not only Annex I but even Annex IV (same as missiles etc., up to 5 years prison or up to 3M € iirc) and BAFA's position on bringing something into the public domain is also over the top:
Code:
It should also be considered that information is only in the public domain once it has been published. It is BAFA’s established administrative practice to consider first time publications of research results subject to Annex I to the EC Dual-Use Regulation as exports because the research results are not yet in the public domain at the time of publication and the exception from the GTN does not apply.
Source: ec_academia.pdf page 66
So, either go directly to a lawyer or at least let us know which country you are from. There is enough people with the right background (or colleagues of theirs) visiting this forum, maybe one of your countrymen can provide further specific info.