[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Greg Taylor: preliminary Wassenaar details from three countries

[Greg graciously allowed me to repost this.   --gnu]

Date: Sat, 05 Dec 1998 15:22:53 +1000
From: Greg Taylor <[email protected]>

Hi John,

You wrote:
>I have not found a single confirmation of the Aarons statement that
>the 33 Wassenaar countries have agreed to change the exemption for
>mass market crypto software.  (The NY Times and Reuters stories both
>quote Ambassador Aarons.)

I think Aarons must have an advanced degree in spin doctoring, but
nevertheless  information about new restrictions on mass market software
has also come from 3 independent well-placed sources.

>From the UK crypto list:
Just talked to Dirk Weicke, Senior Adviser to Wassenaar Organisation.
Tel:+43 1 516360)

No written details will be issued until next week, but gist is:

*) No alteration to question of whether Wassenaar covers intangible exports.
Up to signatory states to interpret and legislate.

*) mass-market software, symmetric key length limited to 56-bits

*) software generally available, but with other restrictive tests on
end-user re-configurability, symmetric key length limited to 64-bits

*) Assymetric key lengths (not sure how relates to above) limited to:

RSA & Digital logarithm: 512 bits
Elliptic curve : 112 bits

And here's a view from David Jones (EFC), from the GILC list:

- There is "some relaxation" for restrictions on symmetric methods
  using key lengths of 56 bits or less.  Stronger crypto would require
  an export license.

- There is no restriction on mass-market software using symmetric methods
  and a key length of 64 bits or less.  Stronger mass-market crypto would
  require an export license.

- "Public Domain Software is not restricted"
  [If this is really true, this is still an important loophole.]

- There is not yet any clear information about the status of
  "intangible goods", like crypto software on a web site, or sent by email,
  as opposed to "tangible goods", like software on a floppy disk or CD-ROM.

- The restrictions on mass-market software greater than 64 bits is
  "for public safety" reasons and will last for 2 years,
  after which it will be reviewed.


Yesterday I got the Australian government interpretation from Robbie
Costmeyer in Canberra.  Costmeyer is the Defence bureaucrat responsible for
approving export licenses.  I was told that Wassenaar had now agreed that
the General Software Note  waiver no longer applied to Category 5/2 items
(i.e. crypto) on the controlled goods list.  It has always been the view of
Defence Signals Directorate here that it was an oversight that crypto
software came under the GSN.  That reason was used to justify Australia's
going one step further than required under the original Wassenaar
Arrangement and disallowing exemptions to the export licensing rules.  A
few other countries do the same (USA, New Zealand, France, Russia).
Canberra thus views the latest change as the correction of an oversight.
Clearly there is a difference of interpretation here regarding public
domain software (compare the Canadian view above).  This question needs
further investigation.

The Australian view is that the latest Wassenaar changes are a relaxation
of the previous rules.  And they're right, when compared with the previous
rules applying here.  Australia will now move to amend the Defence
Strategic Goods List (DSGL) to allow exemptions for small key lengths as
decribed above.

For other countries, the effects remain to be seen.  We'll just have to
wait for more information to filter out.