I posted this to clarify some possible misconceptions, and ended it with a `teaser'. Since I'm sure it'll be of interest to readers here, here goes a forward (some headers elided): ---- begin include ---- From: M.Gream@uts.edu.au (Matthew Gream) Newsgroups: aus.computers.ibm-pc,alt.security.pgp Subject: Re: PGP for Oz users Date: 2 Sep 1994 11:58:42 GMT Vesselin Bontchev (bontchev@fbihh.informatik.uni-hamburg.de) wrote:

Actually, it seems that the Australian laws are not much better. A colleague of mine there told me that he had to apply for an export license even for his program that does only cryptographic checksums, no encryption.

That sounds bogus to me, at least from the information you've given me there. I've had the pleasure of being routed from our `Australian Trade Commission' through a number of channels to get to the `Defence Industry Development Branch' who furnished me with information relating to export of `Dual Use Technologies'. Having been informed first hand, and given the appropriate paperwork, I'm fairly confident in saying that there are no export restrictions on software (specific clause stating that mass market, public domain and "unsupported after installation" software is not covered by the Industrial List). There do exist restrictions on hardware. All of these restrictions are a direct result of our adherence with COCOM regulations (enacted through amendments to our Customs Act) -- and even so, export licences are required only for "certain" countries. The documentation relating to export guidelines is dated September 1992, I received it early 1994 and was informed that it was still "current". I have heard "on the net" (how's that for credibility ? :-), that the COCOM agreements are going to be abandoned, but as the software project I'm involved with isn't complete, I haven't looked into the matter since the initial investigation. I will do so when the time comes, or suitably motivated. I should also mention that in response to one of several questions I put to our Cwth Attorney General's Department, I received: ``Your third question concerns restricting [sic] on the production, export and import of cryptographic software and hardware. I note your familiarity with the Customs (Prohibited Exports) Regulations. I am not aware of any other legislation dealing particularly with cryptographic software and hardware.'' -- Steven Marshall, A/g Assistant Secretary, National Security Branch. Security Divison, Attorney General's Department, Commonwealth of Australia. personal correspondence, 26 May 1994. Getting back to the export guidelines, I have it with me here and I'll quote something interesting that may apply in this circumstance (whoever wrote this didn't seem pleased either, but it still got the Minister's seal of approval): ``United States of America Re-export Controls Exporters should be aware that authorities of the United States of America claim control over many exports from other countries, including Australia, where the goods are of US origin, include components of US origin, or were produced using US-origin technology. In such cases, under US export regulations, a US re-export licence may be required whether or not an Australian export licence is needed or has been granted. Although such US regulations are not valid in Australian law, the US authorities commonly penalise foreign companies which do not comply, by denying them access to US goods or technology in the future. Where a company has a presence in the US, legal action may lead to the imposition of fines and other penalties. Enquiries regarding re-export approval should be directed to the US Consulate in Sydney or Melbourne. The contact numbers are listed in Annex C.'' -- "Australian controls on the export of technology with civil and military applications" -- "a guide for exporters and importers" September 1992, Department of Defence, Canberra. pg 4. The question here is whether "US-origin technology" covers algorithms and conceptual systems (RSA for example). I'd be interested to hear about these apparent US prosecutions. Matthew. -- Matthew Gream <M.Gream@uts.edu.au> -- Consent Technologies, (02) 821-2043 Disclaimer: From? \notin speaking_for(Organization?) [cfqx103] ---- end include ---- -- Matthew Gream <M.Gream@uts.edu.au> -- Consent Technologies, (02) 821-2043 Disclaimer: From? \notin speaking_for(Organization?) [cfqx103]