Export Compliance

Export Compliance

Hi, During submission process we come across, Export Compliance and asks Does your application contain encryption Yes/No to select. Can any one provide more info on Encryption in a simple language.
23 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi,

Just to clarify, if we use obfuscation tools to scramble the code, does that count as a form of encryption? I'm using a third party tool to do it, so they may be using a form of encryption. Are there any disadvantages of selecting 'yes' if we're not sure?

Thanks

Hi keyboardP,

Thank you for your query.
In general, basic obfuscation may not be really considered as encryption. However just to be sure, I will check with the back-end team and let you know.

The only thing you have to consider when selecting 'YES' for app containing encryption is that in some countries there may be some export compliance laws in place. Developers themselves have to check what are the existing export compliances. Please refer the links I have provided on the above post for more information.

Regards
Rooven

Intel Technical Support
Intel® Atom™ Developer Program
Intel AppUp(SM) Center

Regards,
DG Rooven

Thanks DG Rooven.

If I select NO, can I upload the binary?

Hi Praveen,

Yes you can upload your binary even if you select NO. Some developers may sometimes use some kind of encryption to encrypt their codes so that it becomes hard or almost impossible for other developers to hack into their software codes.

Regards
Rooven

Intel® Atom™ Developer Program Team

Regards,
DG Rooven

Perhaps an important node. If you utilize even password encryption (Blowfish, AES, etc.), you have to check Yes. This is important so Intel knows what they are delivering to certain countries.

Hi,

Will there any Legal bindings if I click Yes and it has encryption? Do we have to mention any statements in our portal about this? Please share more info on this.

Export compilance question about encryption means - application binaries is encrypted or application uses encryption, for example, for user data (like passwords)?

It is a compilant if the application using standart Windows CryptoAPI for user passwords?

Praveen,

I will check this with the concerned department and get back to you.

Regards
Rooven

Intel® Atom™ Developer Program Team

Regards,
DG Rooven

This link on "Export of cryptography" may be of help to clarify the general background of the topic:

http://en.wikipedia.org/wiki/Export_of_cryptography

Thanks Brian for the info... Roovan, can you pls check with the concerned team at Intel and share the details ASAP

Praveen,

Sure, I have already forwarded this request for more information to the concerned department.
I will get back to you when I receive a response.

Regards
Rooven

Intel® Atom™ Developer Program Team

Regards,
DG Rooven

@Roovan,

Any updates on the above query?

Praveen,

I have not received any update yet on this one. It's been escalated.
I will let you know when I get a response from the team.

Regards
Rooven

Intel® Atom™ Developer Program Team.

Regards,
DG Rooven

Praveen,

From a non-legal perspective, I may be able to give you more information. I have had to declare encryption algorithms on a few applications used in overseas markets. What type of encryption are you implementing?

Should I check "This application contains encryption" if our application uses third-party library, which utilize MD5 hash-summing API?

Hello Serguei,

Please see http://appdeveloper.intel.com/en-us/article/component-and-application-submission-distribution-agreement

Ultimitely, it is up to the developers to determine existing export compliances/regulations. Please see Rooven's comment earlier in this thread.

http://appdeveloper.intel.com/en-us/node/922#comment-2107

Regards
Hal G.
Technical Support Team
Intel AppUp(SM) Developer Program
Intel AppUp(SM) Center

Praveen,

Below is the response I received from the Legal Department:

Developers themselves are to check what are the export compliances/regulations that are currently existing.
If you are not aware of export requirements, please review the following links to obtain more information:

U.S Export Administration Regulations (EAR)

Primary web page: www.bis.doc.gov;
Introduction to Commerce Controls: http://www.bis.doc.gov/licensing/bis_exports.pdf
How to request an ECCN: http://www.bis.doc.gov/licensing/BIS_ECCN.pdf
Frequently Asked Questions: http://www.bis.doc.gov/licensing/ExporterFAQ.html
Phone Numbers to call: (202) 482-4811 or (949) 660-0144

Regards
Rooven

Intel® Atom™ Developer Program Team

Regards,
DG Rooven

Thanks Roovan.

My question is simple, not worth reading 100s of legal documents.
My application is a game, I just want to store graphics files safely and user highscores safely without using any advanced encryption.
Can I use game dump or WAD file to store all types of file in single big file?
Can I remove or change header of known format files?
Is compression treated as encryption? As any custom compression algo will output non readable data.

And a serious question. Can I use simple encryption like inverting bits or XOR with constant to store game data?

Simple answers (hopefully):

The file modifications you listed are not encryption by definition, they are obfuscation (http://en.wikipedia.org/wiki/Obfuscation). Those would not be governed by the export compliance topic in this thread.

The only one that is a gray area is "inverting bots or XOR with constant", as it implies a shared secret or token.

My suggestion is to go with one of the obfuscation methods you mentioned as this will deter most users from manipulating your files.

Important BIS Links:

http://www.bis.doc.gov/about/reslinks.htm

Leave a Comment

Please sign in to add a comment. Not a member? Join today