----- Forwarded message from John Gilmore
... the Wassenaar Arrangement clearly says that material, software and technology need an authorization to be exported / published.
What is actually the status of the law about cryptography and publishing new algorithms ? Is the cryptographer that publish a paper without governmental authorization an outlaw
There is a tension between fundamental freedoms and crypto controls. Often fundamental freedoms win (as they should). The Wassenaar Arrangement is a private agreement among a bunch of governments -- it is not a treaty -- and has no legal force at all. What matters are the statutes in your own country, and how they are interpreted. I don't know of any cryptographers who have been punished under crypto export controls, anywhere in the world, for publishing papers about encryption. So invent your own cryptosystem if you want, write about it, and publish! Human-written software was considered to be different from human-written papers for a while; in the US it took three court cases (Bernstein v. US being the first winner) to sort this out. In the 1990s, Europe did not control freely published ("mass-market and public-domain") software, and by 2000 that was true in the US also. Unless you want to find and pay a lawyer with relevant expertise, the best way to get a more-or-less definitive answer for your particular country is to look in Bert-Jaap Koops' "Crypto Law Survey". He has been maintaining it for decades, and actually did his PhD thesis on global regulations about encryption. See: http://cryptolaw.org/
The department of the ministry of defense that handle this regulation can't answer if publishing a cryptographic algorithm needs an authorization.
Can't answer, or won't? In the United States, both the NSA and the agencies responsible for the export controls (State Department and Commerce Department) have been known to lie to the public, unofficially, about what is actually allowed. Their tendency is to talk you into assuming that you have no rights, even if the law is clear that you do. Or they will tie you up in knots over how you might be able to comply with finicky regulations, without ever telling you that you are exempt from those regulations. We even caught them lying officially once or twice (e.g. refusing export of Kerberos authentication software on the bogus theory that someone, someday, might adapt it to do encryption). John _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5