EU Crypto Free Trade Area

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat, 21 Mar 1998 09:46:23 (NZST) 

Nicholas Bohm <nbohm@ernest.net> wrote:
>At 14:30 12/03/1998, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
>>Nicholas Bohm <nbohm@ernest.net> writes:
>>>[Standard COCOM/Wassenaar software note]
>>>
>>>This seems to open a fairly wide road, given the amount of public domain
>>>crypto software to be found nowadays.
>>Are you sure the regulations don't include a little footnote somewhere which
>>creates another exception specifically for encryption software?  The pre-1996
>>European versions and Candian version don't have this, but most 1996 and
>>later versions do seem to have it.
>
>If so I certainly missed it; and the text I quoted expressly overrode the
>content of all the categories, so an exception to it could not have been
>tucked away inside the categories.
>
>Can you quote me the text of the note you have in mind from previous versions?
>That would make a further check rather easier.
 
  General Software Note (GSN)
 
  (This note overrides any control within section D of Categories 0 to 9)
 
  With the exception of Category 5, Part 2 (Information Security), Categories 0
  to 9 of this list do not control `software' which is either:
 
   a. Generally available to the public by being:
      1. Sold from stock at retail selling points, without restriction, by
         means of:
         a. Over-the-counter transactions;
         b. Mail order transactions; or
         c. Telephone order transactions; and
      2. Designed for installation by the user without further substantial
         support by the supplier; or
   b. `In the public domain'.
 
`In the public domain' is defined as:
 
"`Technology' or `software' which has been made available without restrictions
 upon its further dissemination (copyright restrictions do no remove
 `technology' or `software' from being `in the public domain'".
 
(`technology' and `software' are further defined).
 
The exception for infosec products only appeared in about 1997-1997, just after
it was used to get a Canadian government ruling that various crypto programs
(including my own) were exportable.  Could someone try this in the UK?  All you
need to do is write to the DTI and ask for permission to export various bits of
software (say, SSLeay, PGP, and it'd be nice to have a ruling on cryptlib as
well because I've already got one from the Canadian govt saying that export to
the UK is allowed, this would make a good precedent to use).  You have to fill
in lots of paperwork and wait for up to a year for them to figure out that
there really isn't any way they can stop the export, and for their lawyers to
advise them that taking it to court would be suicidal.
 
Peter.