[107234] in Cypherpunks
Canadian Export Controls on Crypto from DFAIT
daemon@ATHENA.MIT.EDU (M Taylor)
Wed Jan 6 23:25:14 1999
Date: Wed, 6 Jan 1999 20:11:28 -0400 (AST)
From: M Taylor <mctaylor@privacy.nb.ca>
To: efc-talk@efc.ca
cc: cryptography@c2.net, cypherpunks@cyberpass.net
Reply-To: M Taylor <mctaylor@privacy.nb.ca>
<http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-e.htm>
Export Controls on Cryptographic Goods SER-113
<http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-f.htm>
Contrôles ŕ l'exportation sur les produits de cryptographie
I found this recently, published Jan 5 1999 by the Department of Foreign
Affairs and International Trade (DFAIT). Most of it was expected, most of
it is good. The only confusion, which I'd like to see cleared up, is in
regards to the changes to Mass-Market Software. At first it seems a step
backwards; 64bit symmetric, 512bit RSA, 512bit DH over Z/pZ, 112bit DH
over elliptic curve, but there is either a typo or hope for 128-bit
symmetric algorithm encryption be covered by a General Export Permit,
which might at least make 128-bit mass-market easily exported to many
(US,EU,AU,NZ, ??) countries.
With these changes I expect Entrust, Certicom, ZKS and others won't be
moving their cryptographic development outside Canada as fast as they
would under the US's December announcement. Expect 'mirroring' foreign
offices to continue. I think that if it had not been for Industry Canada's
development of a Canadian Cryptography Policy
<http://strategis.ic.gc.ca/SSG/cy00001e.html> in 1998, the changes would
of been far more instep with US's requests. Canadians are a private
people, and Industry Canada has argued that E-commerce will not
become a reality in Canada without an infrastructure of cryptographic
strong hardware and software.
I will continue to freely export software under the exemption for "in the
public domain" software.
-mctaylor
-----BEGIN QUOTE-----
EXPORT CONTROLS ON CRYPTOGRAPHIC GOODS
Notice to Exporters
Export and Import Permits Act
Serial No. 113
Date: December 23, 1998
PURPOSE
...
GENERAL
...
CANADIAN POLICY
...
WASSENAAR ARRANGEMENT
...
LIBERALIZATIONS:
10. The Wassenaar Arrangement Participating States agreed to remove
from control:
(a) goods performing the function of authentication;
(b) goods performing the function of digital signature;
(c) access control goods where there is no encryption of files
or text except as directly related to the protection of
passwords, Personal Identification Numbers (PINs) or similar
data to prevent unauthorized access;
(d) goods employing analogue principles when not implemented
with digital techniques;
(e) goods employing a symmetric algorithm with a key length of
56 bits or less;
(f) goods employing an asymmetric algorithm where the security
of the algorithm is based on any of the following:
(i) factorisation of integers not greater than 512 bits
(e.g. RSA);
(ii) computation of discrete logarithms in a multiplicative
group of a finite field of size not greater than 512 bits
(e.g.Diffie-Hellman over Z/pZ); and
(iii) discrete logarithms in a group other than mentioned
in (ii) above and not greater than 112 bits (e.g.
Diffie-Hellman over an elliptic curve).
(g) receiving equipment for radio broadcast, pay television or
similar restricted audience television of the consumer type,
without digital encryption except that exclusively used for
sending the billing or programme-related information back to the
broadcast providers;
(h) goods where the cryptographic capability is not
user-accessible and which is specially designed and limited to
allow any of the following:
(i) execution of copy-protected software;
(ii) access to any of the following:
a. copy-protected read-only media;
b. information stored in encrypted form on
media (e.g. in
connection with the protection of intellectual
property
rights) when the media is offered for sale in
identical
sets to the public; or
c. one-time copying of copyright protected
audio/video data.
(i) goods specially designed and limited to banking use or money
transactions; and
(j) cordless telephone equipment not capable of end-to-end
encryption where the maximum effective range of unboosted
cordless operation (i.e., a single, unrelayed hop between
terminal and home base station) is less than 400 metres;
11. In addition, the Wassenaar Arrangement Participating States
agreed:
(a) to remove the exporter semi-annual reporting requirements; and
(b) to maintain the existing exemption for software "in the public
domain".
PROPOSED EXPORT CONTROL LIST CHANGES:
12. The Wassenaar Arrangement Participating States agreed to replace
Entry 1 of the General Software Note for Mass Market Cryptographic
Software with a Cryptography Note applicable to both hardware and
software goods that meet all of the following:
(a) generally available to the public by being sold, without
restriction, from stock at retail selling points by means of any
of the following:
(i) over-the-counter transactions;
(ii) mail order transactions;
(iii) electronic transactions; or
(iv) telephone call transactions
(b) the cryptographic functionality cannot easily be changed
by the user;
(c) designed for installation by the user without further
substantial support by the supplier;
(d) does not contain a symmetric algorithm employing a key
length exceeding 64 bits; and
(e) when necessary, details of the items are accessible and
will be provided, upon request, to the appropriate authority in
the exporter's country in order to ascertain compliance with
conditions described in paragraphs a. to d. above.
13. In addition to the technical changes, the Wassenaar Arrangement
Participating States agreed that the controls on Mass Market goods as
defined in sub-paragraph 12 (d) above will remain in effect for two
years and that the renewal of such controls for a successive period
will require the unanimous consent of the Wassenaar Arrangement
Participating States.
ADMINISTRATION
...
16. The regulatory changes will not affect the export of
cryptographic goods and technologies to the United
States. There will continue to be no permit requirements to
export cryptographic goods or technologies to the United
States.
17. The regulatory changes to Canada's export controls
will come into effect in approximately six months.
...
18. As soon as practicable, a General Export Permit will
be issued for mass market software employing a
symmetric algorithm with a key length not exceeding 128
bits.
...
EXPORT PERMIT REQUIREMENTS
...
CONTACTS
24. Questions regarding this Notice should be directed to:
The Department of Foreign Affairs and International Trade,
Export Controls Division, (EPE)
125 Sussex Drive,
Ottawa, Ontario,
K1A 0G2
Telephone: (613) 996-2387
Facsimile: (613) 996-9933
(c) Department of Foreign Affairs and International Trade, 1998
-----END QUOTE-----
