From: Martin Minow <minow@apple.com>
Date: Mon, 17 Feb 1997 21:39:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: European crypto export policy
In-Reply-To: <m0vweWa-0003b9C@ulf.mali.sub.org>
Message-ID: <v03010d02af2ee4f0c1f2@[17.219.102.16]>
MIME-Version: 1.0
Content-Type: text/plain


At 02:39 +0100 1997.02.18, Ulf Möller wrote:
>Swedish Datateknik 97-02 features an article about how COCOM/ Wassenaar
>Arrangement effects Swedish crypto exports.
>
>I wonder if someone whose Swedish is better than mine could summarize
>the article? It is at http://www.et.se/datateknik/arkiv/97-02/5.html
>
This is a sloppy and probably inaccurate translation.

Martin Minow
minow@apple.com

Datateknik 97-02 97-01-30

EEC countries forbidden for Swedish crypto-export.

The export control agreement that governs Sweden's export of sensitive
high-technology even stops sale of encryption software to several
EEC countries. Security-political considerations from cold war days
are a serious barrier for integration in the EEC.

In international regulation of high-technology commerce, crytographic
equipment and crypto-software is either directly considered "war material"
or counted as dual-use products -- i.e. products with both civil and
military use. Twenty-eight industrial countries, including Sweden, stand
behind the rules ... called "Wassenaar Agreement" after the suburb
to Den Haag in the Netherlands where they were written.

... The Wassenaar Agreement is a continuation of COCOM (the West's
embargo of high-technology to the Eastern block). After COCOM was lifted
in 1993, there were discussions about what should be included in
future controls. The USA, for example, would not accept Russian
involvement while Russia exported weapons to Iran. Eventually, Russia
and the other Eastern-Bloc countries accepted Wassenaar [this is
probably a poor translation] and, today, 33 states are partners in the
agreement, including even South Korea, Bulgaria, and Turkey.

... Encryption equipment is included in the group "information security"
in the goods-list and regulations that control Swedish high-tech export.
(SFS 1994:2060, lastest revision December 1996). [SFS is the national
registry of all Swedish laws, proclamations, and similar.] This control
includes essentially all digital encryption systems. Export may not take
place without approval of the "Inspectorate for Strategic Products" (ISP)
at the Foreign Office.

Following the rules, a Swedish resident would break the law by carrying
a portable computer with a "trivial encryption program (that is not
commercially available)" on the ferry boat across Oresund to Denmark
without a specific export license! A bank ATM card with an encrypted
password can be carried, but not a "smarter" bank or ID card.

While licenses are available, they require special testing. The product
must be "strength-classified" which, in complicated cases, would be done
by the the Defense Radio Service (FRA) [the Swedish equivalent to NSA].
Also, the destination land and the importer's technical knowledge will
also be examined closely.

For Swedish exporters to Europe, this is often experienced as a
"terrorising bureaucracy." ''We who are major exporters of encryption
equipment to telephone [service] operators in, for example, Germany,
must let every delivery be individually examined by ISP despite the fact
that the same products are often repeated,'' says Haakan Persson at
Swedish AU-system. The explanation is that not every EU land fulfills
the Wassanaar requirements.

The point of the rules, explains Egon Svensson at ISP, is that we do
not spread advanced technology to countries that have not had it previously.
Thus, certain countries are excluded. For encryption equipment, only
England, France, Holland, Sweden, Germany, and perhaps a few others, are
considered to have sufficicent capacity and knowledge to be recipient
countries. They say that the restrictions within EU are temporary, but
there is no immediate sign that they will be eased.

Author: Christer Akerman, christer.akerman@datateknik.se

Original Copyright Datateknik

-----
ps: the same issue of DataTeknik has a review of a Swedish biography of Arne
Beurling, a Swedish cryptographer who broke a German World War II telegram
(teletype?) encryption machine "Geheimschreiber T52a/b." After Germany
occupied Norway, all German communication passed through neutral Swedish
telegraph cables, and the Swedes didn't pass up the chance to sample
the traffic. Breaking the code was described by David Kahn as "one of
the great feats of crytoanalysis" of the Second World War. The book is
Svenska kryptobedrifter" by Bengt Backman. Bonniers, ISBN 91-0-056229-7