Export Compliance
Brown Belt Hi,
During submission process we come across, Export Compliance and asks Does your application contain encryption Yes/No to select. Can any one provide more info on Encryption in a simple language.
Brown Belt Hi Praveen,
Yes you can upload your binary even if you select NO. Some developers may sometimes use some kind of encryption to encrypt their codes so that it becomes hard or almost impossible for other developers to hack into their software codes.
Regards
Rooven
Intel® Atom™ Developer Program Team
Black Belt (Community Leadership)
Red Belt Perhaps an important node. If you utilize even password encryption (Blowfish, AES, etc.), you have to check Yes. This is important so Intel knows what they are delivering to certain countries.
Black Belt (App Development) Red Belt Export compilance question about encryption means - application binaries is encrypted or application uses encryption, for example, for user data (like passwords)?
It is a compilant if the application using standart Windows CryptoAPI for user passwords?
Brown Belt Hi,
Will there any Legal bindings if I click Yes and it has encryption? Do we have to mention any statements in our portal about this? Please share more info on this.
Brown Belt Praveen,
I will check this with the concerned department and get back to you.
Regards
Rooven
Intel® Atom™ Developer Program Team
Black Belt (Community Leadership) Red Belt This link on "Export of cryptography" may be of help to clarify the general background of the topic:
Brown Belt Thanks Brian for the info... Roovan, can you pls check with the concerned team at Intel and share the details ASAP
Brown Belt Praveen,
Sure, I have already forwarded this request for more information to the concerned department.
I will get back to you when I receive a response.
Regards
Rooven
Intel® Atom™ Developer Program Team
Brown Belt Praveen,
I have not received any update yet on this one. It's been escalated.
I will let you know when I get a response from the team.
Regards
Rooven
Intel® Atom™ Developer Program Team.
Black Belt (Community Leadership) Red Belt Praveen,
From a non-legal perspective, I may be able to give you more information. I have had to declare encryption algorithms on a few applications used in overseas markets. What type of encryption are you implementing?
Brown Belt Praveen,
Below is the response I received from the Legal Department:
Developers themselves are to check what are the export compliances/regulations that are currently existing.
If you are not aware of export requirements, please review the following links to obtain more information:
U.S Export Administration Regulations (EAR)
Primary web page: www.bis.doc.gov;
Introduction to Commerce Controls: http://www.bis.doc.gov/licensing/bis_exports.pdf
How to request an ECCN: http://www.bis.doc.gov/licensing/BIS_ECCN.pdf
Frequently Asked Questions: http://www.bis.doc.gov/licensing/ExporterFAQ.html
Phone Numbers to call: (202) 482-4811 or (949) 660-0144
Regards
Rooven
Intel® Atom™ Developer Program Team
Black Belt (Community Leadership) Red Belt Important BIS Links:
Brown Belt My question is simple, not worth reading 100s of legal documents.
My application is a game, I just want to store graphics files safely and user highscores safely without using any advanced encryption.
Can I use game dump or WAD file to store all types of file in single big file?
Can I remove or change header of known format files?
Is compression treated as encryption? As any custom compression algo will output non readable data.
And a serious question. Can I use simple encryption like inverting bits or XOR with constant to store game data?
Black Belt (Community Leadership) Red Belt Simple answers (hopefully):
The file modifications you listed are not encryption by definition, they are obfuscation (http://en.wikipedia.org/wiki/Obfuscation). Those would not be governed by the export compliance topic in this thread.
The only one that is a gray area is "inverting bots or XOR with constant", as it implies a shared secret or token.
My suggestion is to go with one of the obfuscation methods you mentioned as this will deter most users from manipulating your files.
Hi,
Just to clarify, if we use obfuscation tools to scramble the code, does that count as a form of encryption? I'm using a third party tool to do it, so they may be using a form of encryption. Are there any disadvantages of selecting 'yes' if we're not sure?
Thanks
Brown Belt Hi keyboardP,
Thank you for your query.
In general, basic obfuscation may not be really considered as encryption. However just to be sure, I will check with the back-end team and let you know.
The only thing you have to consider when selecting 'YES' for app containing encryption is that in some countries there may be some export compliance laws in place. Developers themselves have to check what are the existing export compliances. Please refer the links I have provided on the above post for more information.
Regards
Rooven
Intel Technical Support
Intel® Atom™ Developer Program
Intel AppUp(SM) Center
Should I check "This application contains encryption" if our application uses third-party library, which utilize MD5 hash-summing API?
Red Belt Hello Serguei,
Please see http://appdeveloper.intel.com/en-us/article/component-and-application-su...
Ultimitely, it is up to the developers to determine existing export compliances/regulations. Please see Rooven's comment earlier in this thread.
http://appdeveloper.intel.com/en-us/node/922#comment-2107
Regards
Hal G.
Technical Support Team
Intel AppUp(SM) Developer Program
Intel AppUp(SM) Center
If I select NO, can I upload the binary?