EU Crypto Free Trade Area

Nicholas Bohm nbohm at ernest.net
Fri, 20 Mar 1998 22:56:33 +0000 

At 09:46 21/03/1998, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
>Nicholas Bohm <nbohm@ernest.net> wrote:
>>At 14:30 12/03/1998, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
>>>Nicholas Bohm <nbohm@ernest.net> writes:
>>>>[Standard COCOM/Wassenaar software note]
>>>>
>>>>This seems to open a fairly wide road, given the amount of public domain
>>>>crypto software to be found nowadays.
>>>Are you sure the regulations don't include a little footnote somewhere
which
>>>creates another exception specifically for encryption software?  The
pre-1996
>>>European versions and Candian version don't have this, but most 1996 and
>>>later versions do seem to have it.
>>
>>If so I certainly missed it; and the text I quoted expressly overrode the
>>content of all the categories, so an exception to it could not have been
>>tucked away inside the categories.
>>
>>Can you quote me the text of the note you have in mind from previous
versions?
>>That would make a further check rather easier.
> 
>  General Software Note (GSN)
> 
>  (This note overrides any control within section D of Categories 0 to 9)
> 
>  With the exception of Category 5, Part 2 (Information Security),
Categories 0
>  to 9 of this list do not control `software' which is either:
> 
>   a. Generally available to the public by being:
>      1. Sold from stock at retail selling points, without restriction, by
>         means of:
>         a. Over-the-counter transactions;
>         b. Mail order transactions; or
>         c. Telephone order transactions; and
>      2. Designed for installation by the user without further substantial
>         support by the supplier; or
>   b. `In the public domain'.
> 
>`In the public domain' is defined as:
> 
>"`Technology' or `software' which has been made available without
restrictions
> upon its further dissemination (copyright restrictions do no remove
> `technology' or `software' from being `in the public domain'".
> 
>(`technology' and `software' are further defined).
> 
>The exception for infosec products only appeared in about 1997-1997, just
after
>it was used to get a Canadian government ruling that various crypto programs
>(including my own) were exportable.  Could someone try this in the UK?
All you
>need to do is write to the DTI and ask for permission to export various
bits of
>software (say, SSLeay, PGP, and it'd be nice to have a ruling on cryptlib as
>well because I've already got one from the Canadian govt saying that
export to
>the UK is allowed, this would make a good precedent to use).  You have to
fill
>in lots of paperwork and wait for up to a year for them to figure out that
>there really isn't any way they can stop the export, and for their lawyers to
>advise them that taking it to court would be suicidal.
> 
>Peter.

The note you have quoted is the same as the one I found, apart from the
exception in your version "With the exception of Category 5, Part 2
(Information Security),".  I am sure there was no such exception in the
Regulations I referred to.

I think it is clear that PGP is in the public domain, but I do not know the
position on the other software you mention.

	Regards,

		Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 870285	(+44 1279 870285)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF