I. Introduction

MerlinCryption, LLC (the Company) has developed a technology and suite of software applications that allow individuals to encrypt and decrypt data files (the Software).  It is the policy of the Company to sell this Software in compliance with the laws and regulations of the U.S., as well as the highest ethical standards.  The U.S. government has enacted laws and regulations governing the export of dual-use items and technology, including encryption software.  These laws are designed to protect the U.S. from foreign threats, including the threat of terrorist activities.  The Company is fully committed to complying with these laws and regulations, and has designed a Export Management and Compliance Program (EMCP) to communicate its policies and procedures for complying with these laws. 

II. Export Controls and the Software

The Software allows users to encrypt and decrypt electronic data.  Because this functionality may be abused by individuals or entities to harm U.S. national security, foreign policy, and law enforcement interests, encryption technology is subject to the Export Administration Regulations (EAR).  Specifically, the Software has been classified by the Department of Commerce's Bureau of Industry and Security (BIS) as mass market encryption software under the export control classification number 5D992c.  The Software is therefore restricted from export for anti-terrorism reasons, and cannot be exported to Sudan or Syria.  Additionally, the Software cannot be exported to any embargoed countries or countries under special controls, which are currently Cuba, Iran, and North Korea.  It is the Company's policy not to export or re-export the Software to Cuba, Sudan, Syria, Iran, or North Korea, or to provide the Software to foreign governments.

In addition to the export controls set forth by the U.S. government, international organizations to which the U.S. belongs may also regulate the export of goods and services into countries.  For example, the United Nations Security Council has also implemented certain restrictions and regulations regarding providing goods and services to Iraq and Rwanda.  Out of an abundance of caution, it is the Company's policy not to export or re-export the Software to either of these countries.

The U.S. government prohibits the export or re-export of all items to certain identified persons (organizations or individuals) for a variety of reasons.  It is the Company's policy not to export the Software to any Specially Designated Global Terrorist, Specially Designated Terrorist, Foreign Terrorist Organization [1], or other person to which the U.S. government has denied export privileges or to which the U.S. government has denied the right to transact business.  In this respect, it is the Company's policy not to export or re-export the Software to any person listed on the Denied Persons List, the Unverified List, the Specially Designated Nationals List, the Debarred List [2], the list of entities against whom the U.S. has sanctions, or any other restrictive listing provided from time to time by the U.S. government.

III. Export of Commercial Dual-Use Goods and Technology EAR

BIS sets forth the regulations for the exportation of certain items, including technology and other intangibles, that have both military and civilian uses.  The dual-use items are classified in accordance with the BIS regulations and, if an item is listed on the Commerce Control List, it requires a license or license exception to be exported from the U.S.  The availability of a license or license exception is based on the items Export Control Classification Number (ECCN).

A. MerlinCryption Software Under the EAR

The Software is listed on the Commerce Control List because it is encryption software.  The Company requested and received from the BIS a classification of the Software as mass market encryption software under ECCN 5D992c.  The Company has requested and received from the BIS the necessary approval to export or reexport the Software in compliance with this EMCP. 

B. Authorization to Export

The Company's ability to export the Software is based on the BIS's review and approval of the Software as mass market encryption software.  If the cryptographic functionality of the Software (i.e., the algorithm) is modified, the Company will request a new review of the Software and will not export or reexport the Software unless and until the BIS classifies the modified software as mass market encryption software and such modified software is registered with the BIS in compliance with the then-existing requirements.  It is the Company's policy to track all changes to the Software algorithms and maintain an internal review process of such changes to determine if a new review by the BIS is necessary.

C. Prohibited End Uses

Regardless of the Company's ability to export the Software as mass market encryption software, it is not permissible for the Company to export the Software when the Software will be used in the development of nuclear technologies, missile systems, unmanned aircraft, or chemical or biological weapons.  It is the policy of the Company not to provide the Software to persons participating in these activities. 

If any individual in the Company is made aware of a request to sell a license to the Software to a person that develops or manufactures any defense item, that individual will notify the Compliance Officer prior to licensing the Software, and the Compliance Officer will work with the individual and potential customer to determine if the Software can be licensed to the potential customer and, if so, under what terms.