outsourcing GP appointments to India: is this legal under DPA?
Peter Fairbrother
zenadsl6186 at zen.co.uk
Thu Jan 20 15:28:12 GMT 2011
Nicholas Bohm wrote:
> On 19/01/2011 18:05, David Biggins wrote:
>> A little over a decade ago, this was the position with respect to
>> strong encryption technology - at least according to CESG and the DTI at
>> the time.
>>
>> Sending a strong crypto algorithm to certain countries would be an
>> offence.
>>
>> But putting them on a server where someone could download them, was not.
>>
>> It seemed rather ridiculous even then, and has not grown less so with
>> time.
Iirc, the reason putting crypto software on a server would be legal when
directly exporting it wouldn't be legal was (and is) because doing so
made the software generally available to anyone, and therefore the
software would be excluded from export controls by the GSN (General
Software Note, part of the Wassenaar agreement).
> The question is, who does the exporting? And the answer, now - I think
> - as then, is that it is the person who does the acts which cause the
> data to be exported.
Anyone who does any acts which cause the data to be exported, perhaps -
I can't see that it is somehow limited to one person.
The foreign guy's act was sufficient in itself to cause the export,
given the existing situation, so he is guilty.
The home guy can say "my act alone was insufficient".
Whether that would fly .. well looking at things like mod chips, it
could go either way, probably based on mens rea mostly. I don't think
there is any duty to prevent export?
-- Peter Fairbrother
> That may indeed be the person who, from outside
> the UK, sends the request to the UK website which makes the data
> readable abroad.
>
> Nicholas
More information about the ukcrypto
mailing list