The final part of the EXPORTREGS file indicates a general lack of understanding by the DEC lawyer of the internet. A few points arise which later conversations have been attempting to enlighten them about. 1. Most BBSs in the US and elsewhere ARE subscription services. Some of these are free (just as DECUS newsletters used to be free); some cost money. Several Internet sites, usenet sites and so on are also subscription services. Essentially any usenet hookup can be viewed as subscription, but the ones for money, including most of the nets that have replaced the old ARPAnet, are essentially open to anyone willing to pay for the hookup and subscribe to some basic rules to protect the rest of the net. These are quite loose. 2. Software is specifically listed as technical data. It may also be controlled items in some contexts, but is also technical data per the regs. The regulations do NOT read this way out of the goodness of someone's heart. Rather, if the regulations restrict people from talking/writing about generally published data, they have a problem with the US Constitution, specifically the sections about freedom of speech and of the press. That is why the exemptions exist. Recall the ITAR regs state that talking about restricted items with a non- US citizen amounts to export. Hence the direct relevance of freedom of speech. Fortunately, the problem seems to emanate from lawyers in DEC and some other companies, whose expertise is in commercial software and who have to protect DEC or their other companies. These folks have (as we have found) basically no knowledge of the internet, usenet, vmsnet, or any other net (apart from DEC's INTERNAL DECnet, which is a wholly private thing). It is interesting that much of this crappola originated about concerns over export of PD versions of the Data Encryption Standard, while the US Army, DEC itself, and dozens of universities allow DES to be accessed for anonymous FTP file transfer from their sites to sites around most of the world, including some in Communist areas. The ITAR regulations basically don't apply to the versions of the DEA (Data Encryption Algorithm) written and released to PD before ITAR was implemented or to others done outside the US. There are enough of these that basically everyone uses one of them. However, someone writing his own from the freely-available FIPS PUB 27 algorithm, which the NIST sells (for a dollar or so to all who ask), and who publishes it, is protected by the freedom of speech clauses. The only time ITAR would apply to this sort of thing is where the information is NOT published, as is generally the case for places like DEC, or where the US Government has some property interest in the information and can control its' dissemination. This is the handle that has been used on some of the IC design software from Berkeley that has been restricted in the DECUS catalog. Education attempts to inform DEC's lawyers about this are continuing. They've been scared heartily by the attempts a few years back to ship some VAXen into the USSR as agricultural equipment and their near loss of export license as a result, and hence DEC legal has been very reluctant to deal with these issues. This is something of an issue for the DECUS library since it is staffed by DEC employees. It is however not necessarily an issue for anyone else. Your rights are guaranteed by the US Constitution, and they do not stop at the water's edge. Glenn Everhart (Paraphrasing a longer article that appeared on info-vax a few years back answering the DEC lawyer; I hope I've recalled the most important arguments.)