[252] in cryptography@c2.net mail archive
UK Encryption Policy
daemon@ATHENA.MIT.EDU (Mike Cobb)
Thu Feb 20 15:34:31 1997
From: "Mike Cobb" <mikec@cobweb.co.uk>
To: "Cryptography Mailing List" <cryptography@c2.net>
Date: Thu, 20 Feb 1997 12:26:33 -0000
Over two months ago I posted a message to this list regarding UK export
policy for encryption software. Since then I've had a frustrating but
eventually rewarding dialog with the Department of Trade and Industry
regarding exporting my file encryption and password tracker program which
uses up to a 248bit key.
Apparently my request was the first of its kind which is one reason why I
have only just had a final reply back from the DTI.
In a nutshell there are no laws currently, UK or EC that cover the export
of intangible technology. As long as I only make this program available
over the Internet, it is not illegal and it does not require an export
license.
GCHQ and the "Policy Unit" are very annoyed by this and have apparantly
discussed my request at length. There are several points of note attached
with their reply. For example:
9. Hard to see what pratical advantage there is to exporters in exporting
technology by intangible means because they could get licences anyway if no
concerns about the export itself.
10. And if concerns are sufficient for a licene to be refused, what
reputable exporter would wish to export it by any means?
The more useful paragraphs cover many different laws and acts (none of
which cover intangible technology) and a reminder that I must also comply
with United Nations resolutions eg I cannot export to Iraq.
To try and meet the spirit of their letter my website points out to anyone
downloading my program that it will be them who exports the program from
the UK and imports to their country. As I don't think it is reasonable for
anyone to be expected to know every country's import laws, I feel the onus
should be on the person downloading. I also point out that I will not
accept registrations from anyone from a list of countries that are subject
to an arms embargo.
It was very difficult to get information from the DTI and I definately got
the impression that they wished I would just go away. After playing a
series of "20 questions" I did come across one enlightened soul who kept me
in touch with my request's progress and helped "decipher" all the
government speak.
One glimmer of light was that I got the feeling that all though they would
like to close this loophole, they are aware that it is pretty impratical.
One factor that definitely went in my favour was that the algorithm I've
used (blowfish) is in the public domain.
I hope this is of some interest. I'm sorry it's a bit long winded but as it
is supposedly the first case of its kind in the UK, it should be useful to
someone.
Regards
Mike Cobb
CobWeb Applications
http://www.cobweb.co.uk
