[8521] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Wassenaar question

daemon@ATHENA.MIT.EDU (Sandy Harris)
Wed Jan 31 14:32:28 2001

Message-ID: <3A7846FD.8E99B9C5@storm.ca>
Date: Wed, 31 Jan 2001 12:10:21 -0500
From: Sandy Harris <sandy@storm.ca>
MIME-Version: 1.0
To: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Back in mid-1999, I sent this to the list:

> The Canadian Dep't of Foreign Affairs & International Trade (DFAIT) has an export law
> page at:
> 
> http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-e.htm
> 
> It includes this text:
> 
> | PROPOSED EXPORT CONTROL LIST CHANGES:
> |
> |   12. The Wassenaar ... States agreed to ... a Cryptography Note
> |       applicable to both hardware and software goods that meet all
> |       of the following:
> |
> |     (a) generally available ... at retail ...
> |     (b) the cryptographic functionality cannot easily be changed by the user;
> |     (c) designed for installation by the user ...
> |     (d) does not contain a symmetric algorithm employing a key length exceeding 64 bits; and
> |     (e) when necessary, details ... are accessible ... to the appropriate authority ...
> |
> |   13. In addition to the technical changes, the Wassenaar ... States agreed that the
> |       controls on Mass Market goods as defined in sub-paragraph 12 (d) above will remain in
> |       effect for two years and that the renewal of such controls for a successive period will
> |       require the unanimous consent of the Wassenaar ... States.
> 
> I cannot find anything like the last paragraph on the Wassenaar secretariat site. Can anyone
> here confirm that this was actually agreed to?
> 
> If I read it right, the 64-bit limit should be dead in two years. I cannot see Germany, or
> other countries reportedley victimized by Echelon, consenting to a continuation.
> 
> What can we do in the remaining year-and-a-half or so to ensure consent is nowhere near
> unanimous?

Checking the Wassenaar site today, I find they did indeed have a meeting in December
2000, and their online version of the agreement:

http://www.wassenaar.org/list/Cat%205P2%20-%2099.pdf

does indeed have:

     (c) designed for installation by the user ...
     (d) deleted;
     (e) when necessary, details ... are accessible ... to the appropriate authority ...

Should we be celebrating? Publicising?
home help back first fref pref prev next nref lref last post