outsourcing GP appointments to India: is this legal under DPA?

Peter Fairbrother zenadsl6186 at zen.co.uk
Thu Jan 20 15:28:12 GMT 2011

Nicholas Bohm wrote:
> On 19/01/2011 18:05, David Biggins wrote:

>> A little over a decade ago,  this was the position with respect to
>> strong encryption technology - at least according to CESG and the DTI at
>> the time.
>> Sending a strong crypto algorithm to certain countries would be an
>> offence.
>> But putting them on a server where someone could download them, was not.
>> It seemed rather ridiculous even then, and has not grown less so with
>> time.

Iirc, the reason putting crypto software on a server would be legal when 
directly exporting it wouldn't be legal was (and is) because doing so 
made the software generally available to anyone, and therefore the 
software would be excluded from export controls by the GSN (General 
Software Note, part of the Wassenaar agreement).

> The question is, who does the exporting?  And the answer, now - I think
> - as then, is that it is the person who does the acts which cause the
> data to be exported.  

Anyone who does any acts which cause the data to be exported, perhaps - 
I can't see that it is somehow limited to one person.

The foreign guy's act was sufficient in itself to cause the export, 
given the existing situation, so he is guilty.

The home guy can say "my act alone was insufficient".

Whether that would fly .. well looking at things like mod chips, it 
could go either way, probably based on mens rea mostly. I don't think 
there is any duty to prevent export?

-- Peter Fairbrother

> That may indeed be the person who, from outside
> the UK, sends the request to the UK website which makes the data
> readable abroad.
> Nicholas

More information about the ukcrypto mailing list