[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Aust crypto regulations




I posted this to clarify some possible misconceptions, and ended it
with a `teaser'. Since I'm sure it'll be of interest to readers here,
here goes a forward (some headers elided):

---- begin include ----

From: M.Gream@uts.edu.au (Matthew Gream)
Newsgroups: aus.computers.ibm-pc,alt.security.pgp
Subject: Re: PGP for Oz users
Date: 2 Sep 1994 11:58:42 GMT

Vesselin Bontchev (bontchev@fbihh.informatik.uni-hamburg.de) wrote:

> Actually, it seems that the Australian laws are not much better. A
> colleague of mine there told me that he had to apply for an export
> license even for his program that does only cryptographic checksums,
> no encryption.

That sounds bogus to me, at least from the information you've given me
there. I've had the pleasure of being routed from our `Australian Trade
Commission' through a number of channels to get to the `Defence
Industry Development Branch' who furnished me with information relating
to export of `Dual Use Technologies'. 

Having been informed first hand, and given the appropriate paperwork,
I'm fairly confident in saying that there are no export restrictions on
software (specific clause stating that mass market, public domain and
"unsupported after installation" software is not covered by the
Industrial List). There do exist restrictions on hardware. All of these
restrictions are a direct result of our adherence with COCOM
regulations (enacted through amendments to our Customs Act) -- and 
even so, export licences are required only for "certain" countries.

The documentation relating to export guidelines is dated September
1992, I received it early 1994 and was informed that it was still
"current". I have heard "on the net" (how's that for credibility ?
:-), that the COCOM agreements are going to be abandoned, but as the
software project I'm involved with isn't complete, I haven't looked
into the matter since the initial investigation. I will do so when the
time comes, or suitably motivated.

I should also mention that in response to one of several questions I
put to our Cwth Attorney General's Department, I received:

    ``Your third question concerns restricting [sic] on the production,
    export and import of cryptographic software and hardware. I note
    your familiarity with the Customs (Prohibited Exports) Regulations. 
    I am not aware of any other legislation dealing particularly with 
    cryptographic software and hardware.''

      -- Steven Marshall, A/g Assistant Secretary, National Security 
      Branch. Security Divison, Attorney General's Department,
      Commonwealth of Australia. personal correspondence, 26 May 1994.

Getting back to the export guidelines, I have it with me here and I'll
quote something interesting that may apply in this circumstance (whoever
wrote this didn't seem pleased either, but it still got the Minister's
seal of approval):

    ``United States of America Re-export Controls

    Exporters should be aware that authorities of the United States
    of America claim control over many exports from other countries,
    including Australia, where the goods are of US origin, include
    components of US origin, or were produced using US-origin 
    technology. In such cases, under US export regulations, a US
    re-export licence may be required whether or not an Australian
    export licence is needed or has been granted.

    Although such US regulations are not valid in Australian law, 
    the US authorities commonly penalise foreign companies which do
    not comply, by denying them access to US goods or technology in
    the future. Where a company has a presence in the US, legal action
    may lead to the imposition of fines and other penalties.

    Enquiries regarding re-export approval should be directed to the
    US Consulate in Sydney or Melbourne. The contact numbers are
    listed in Annex C.''

      -- "Australian controls on the export of technology with civil
      and military applications" -- "a guide for exporters and importers"
      September 1992, Department of Defence, Canberra. pg 4.

The question here is whether "US-origin technology" covers algorithms
and conceptual systems (RSA for example). I'd be interested to hear
about these apparent US prosecutions.

Matthew.

--
Matthew Gream <M.Gream@uts.edu.au> -- Consent Technologies, (02) 821-2043
Disclaimer: From? \notin speaking_for(Organization?)            [cfqx103]
---- end include ----

-- 
Matthew Gream <M.Gream@uts.edu.au> -- Consent Technologies, (02) 821-2043
Disclaimer: From? \notin speaking_for(Organization?)            [cfqx103]