Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encryption laws

From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Sat, 29 Mar 2003 11:12:17 -0700
On Fri, Mar 28, 2003 at 04:28:31PM -0500, Steven Bourque wrote:

Does anyone know of a location that lists current encryption laws worldwide?

We are looking at implementing encryption to locations world wide 
(within one organization) and want to know of any possible legality 
issues we may come across.

The main office is in Waterloo, Canada, but have remote offices 
throughout most of the world that will be encrypting data to and from 
this location.  We would like to know which locations we will have to 
reduce the encryption if any.


First, you want to consulte with a lawyer.  A team of laywers really.
And ones skilled in the laws of each contry you are dealing with as
well as international law.  Since you are working for a trans-national
corperation, the company likely already has such a team.  Use them.

Encryption laws, in many first world nations, fall under the catagory
of munitions.  Looking at each countries export and import of
munitions laws might not be a bad place to start.

In the area of export of cryptographic technologies, Canada tries to
adhere to the Wassenaar Arrangement, which deals with convential arms
and "dual-use" goods and technologies.  There is a website dealing with
the Arragement, and has links to many nations export controls:

http://www.wassenaar.org/

The United Nations Commision on International Trade Law is a good
place to start with this: http://www.uncitral.org/en-index.htm

As is the Canadian Industry Ministry (link below give summary info on
cryptographic laws and regulation in Canada):
http://e-com.ic.gc.ca/english/crypto/index.html

The rule of thumb is:

If you are dealing with member nations of the EU, or G8, you are fine
if you import, use, or export cryptographic technologies and data.
The caveot is all users of such products must be citizens of one of
the those nations, and not be on a banned list.  The exception may be
France, which had some pretty odd restrictions in the past.

As we are dealing with munitions (stop thinking of it as data),
transport of goods through some nations may be prohibited or
restricted.

Again, you should really consult your corperate legal team.
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
Previous By Date Next
Previous By Thread Next

Current thread: