Re: crypto export from the UK
Adam <aba@atlas.ex.ac.uk> writes:
Jon Baber <jbaber@mi.leeds.ac.uk> writes:
I believe that the laws regarding the export of crypto from the UK are very similar to the ITAR regs in the US.
I thought they were markedly different!
I always understood there were NO restrictions on crypto export, import or use to western countries. There used to be COCOM agreements which said that you should get approval to send commercially produced crypto to some blacklisted countries (Iraq, etc). I also read that the COCOM restrictions did not claim to apply to free software.
I think that it was the COCOM restrictions that I was thinking about. The blacklist was fairly large (including the USSR) and I believe that it did apply to software (although I do not know about free software).
Anyway, I read that the COCOM agreement has expired, so none of this applies anymore, even.
Now this I did not know. Do you know when it expired and why it was not renued? We must still have some export restrictions for Munitions does this no-longer cover crypo?
However our Government seems to take the view that putting crypto software on the net is not exporting it, the exporting is done whenever anyone from an export restricted country downloads the software and is done by them rather than by the person who made the software available.
I also have heard this.
I can not remember where I heard this though. I don't suppose you know whether this was an official policy statement or just a comment like 'well it may technically be illegal but we would hold the downloader liable rather than the supplier'?
I think he would be safe emailing it, putting it on the WWW, or posting it to USENET. There are no selective access restrictions on *any* crypto ftp/http sites that I know of in the UK (like various ones in the US which make a sho of enforcing the export restriction by not allowing export to non-US domain names.)
Adam
I do not know of any crypto sites in this country with access restrictions but I would still probably make any software available via the WWW or an FTP site (or maybe post it to USENET via a host in this country) rather than actively mail it abroad... but then again I am paranoid (at least it does not involve shipping larges pipes out of the country). Jon jbaber@mi.leeds.ac.uk http://www.chem.surrey:80/~ch02jb/
[Paul: cc'd you about legal question about who it is that "exports" the person downloading or the person with the server, you made a comment on this a short while ago in one of the crypto groups (below)] Jon Baber <jbaber@mi.leeds.ac.uk> writes in cypherpunks:
Adam <aba@atlas.ex.ac.uk> writes:
I thought they were markedly different!
I always understood there were NO restrictions on crypto export, import or use to western countries. There used to be COCOM agreements which said that you should get approval to send commercially produced crypto to some blacklisted countries (Iraq, etc). I also read that the COCOM restrictions did not claim to apply to free software.
I think that it was the COCOM restrictions that I was thinking about. The blacklist was fairly large (including the USSR) and I believe that it did apply to software (although I do not know about free software).
Hadn't seen the blacklist. USSR now has it's own blanket crypto ban, a translation of the Russian text of the presidential decree was posted by someone a while back.
Anyway, I read that the COCOM agreement has expired, so none of this applies anymore, even.
Now this I did not know. Do you know when it expired and why it was not renued? We must still have some export restrictions for Munitions does this no-longer cover crypo?
Sorry, that one was I think got from reading USENET, or at least I no longer recall where I read it, so I can't vouch for the accuracy of that. (I should have disclaimed that). Perhaps someone else knows enough to refute, or validate that. But I was reading about the COCOM restrictions this morning on Bert-Jaap Koops crypto law survey page: http://www.kub.nl:2080/FRW/CRI/projects/bjk/lawsurvy.htm and it says this about COCOM:
COCOM [1, 5]
1. COCOM (Coordinating Committee for Multilateral Export Controls) is an international organization for the mutual control of the export of strategic products and technical data from country members to proscribed destinations. It maintains, among others, the International Industrial List and the International Munitions List. In 1991, COCOM has decided to allow export of mass-market cryptographic software (including public domain software). Some member countries of COCOM follow its regulations, but others, such as Germany and the United States, maintain separate regulations.
Its 17 members are Australia, Belgium, Canada, Denmark, France, Germany, Greece, Italy, Japan, Luxemburg, The Netherlands, Norway, Portugal, Spain, Turkey, United Kingdom and the United States. Cooperating members include Austria, Finland, Hungary, Ireland, New Zealand, Poland, Singapore, Slovakia, South Korea, Sweden, Switzerland, and Taiwan.
This phrase, if accurate, says it all:
In 1991, COCOM has decided to allow export of mass-market cryptographic software (including public domain software).
However our Government seems to take the view that putting crypto software on the net is not exporting it, the exporting is done whenever anyone from an export restricted country downloads the software and is done by them rather than by the person who made the software available.
I also have heard this.
I can not remember where I heard this though. I don't suppose you know whether this was an official policy statement or just a comment like 'well it may technically be illegal but we would hold the downloader liable rather than the supplier'?
I'm not sure if it's unofficial policy or law. One place I remember reading this was in one of the crypto groups, Paul Leyland expressed this view in a recent post to one of the crypto groups. This was to do with potential "export" from ftp.ox.ac.uk, which he has something to do with, and which contains copies of PGP (as well as nautilus, pgpfone, various encrypting file systems, etc). Here's my list of relevant sites, with info on EU crypto laws: http://www.privacy.org/pi/ ftp://ftp.cl.cam.ac.uk/users/rja14/queensland.ps.Z http://web.cnam.fr/Network/Crypto/survey.html ftp://ftp.wimsey.com/pub/crypto/Doc/laws/laws-for.ps.gz http://www.kub.nl:2080/FRW/CRI/projects/bjk/lawsurvy.htm ftp://ftp.uni-stuttgart.de/pub/doc/security/crypto/euro-clipper.ps.gz I have been trying to maintain a list of them on: http://www.obscura.com/~shirt/ for political background for the munitions T-shirt, in the hope that some people who browse it will read it and come away more aware than they were before. The main thing which worries me at the moment is the implications of the eu-clipper: the secret service agencies of EU countries have been plotting this for a while now, and probably have a clipper like attempt on their agenda. Ross Anderson reported that there had been a secret meeting of secret service organisations earlier this year, to discuss Ross Anderson <rja14@cl.cam.ac.uk> wrote (forwarded by somebody, but originally in one or more of the crypto groups):
[...] While at the conference,
[the elided text indicated that the conference referred to was "the Cryptography Policy and Algorithms Conference, Queensland University of Technology"]
I found out that a classified meeting took place this March in Germany between the signals intelligence agencies of the developed countries, plus Australia and South Africa, at which the assembled spooks agreed to press their governments to bring in escrow and/or weak crypto.
This comment was some time before the latest EU-clipper goings on were announced. Adam
participants (2)
-
aba@dcs.exeter.ac.uk -
jbaber@mi.leeds.ac.uk