Exporting cryptology techniques from the USA is a criminal offense under the arms export law. You can go to jail for quite a long time for that. A lot of software is covered by this law, including for instance the Netscape versions using 128 bit encryption.
PGP, being encryption based, is covered by the law. The existing copies of PGP 5, floating on some FTP servers are therefore completely illegal since the program has been developed in the US.
What IS legal, however, is exporting the source code on paper. This has been done for the 8000 pages of the PGP source code. A print was taken out of the country - completely legally - and is in the process of being scanned and recompiled.
This is not without problems of course.
- The first is organizational meaning you have to get 80 people to scan one hundred pages each and verify them.
- The second problem is technical: the scans are not perfect. To help detecting errors in the scans, an intelligent checksum is added to the end of each page. If this checksum gets through undamaged, comparison with the checksum after scanning gives the line numbers where errors occurred. If the error is a simple one, like a '1' mistaken for an 'l' it is easily detected this way, but there are for instance problems detecting the differences between a tab and a number of spaces.
But very soon, after two months of work by 80 people, all Europeans, certainly no Americans - it is illegal for them to work on the translation, the program is nearly ready, so probably this weekend you can download and enjoy a LEGAL version of PGP.
