|
|||||||
| Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. | |||||||
25 January 1999. Thanks to Steve Reilly. Add PG response.
SR: Attached is a letter received by myself from the [NZ] Minister of Foreign Affairs and Trade in response to an email I sent to him from the letter produced by the free crypto web site.
January 22, 1999
Minister of Foreign Affairs and Trade
Dear MR Rielly
Thank you, for your email of 22 December concerning New Zealand’s implementation of Wassenaar Arrangement controls on electronic cryptography. I think I should set the record straight on a number of points.
New Zealand’s strategic controls are designed to prevent items exported from New Zealand contributing inadvertently to Weapons of Mass Destruction programmes or to regional destabilisation. These national controls incorporate regimes of which New Zealand is a member, including the Wassenaar Arrangement. The controls are implemented by the International Security and Arms Control Division of the Ministry of Foreign Affairs and Trade.
Strong cryptography ( in practice that with key lengths of over 56 bits ) is one of the controlled items which requires a prior export licence before it can be transferred overseas. There are no controls on the import or domestic use of cryptography in New Zealand. Exports of cryptography products are by no means prohibited – they simply may require a permit top be issued by the Ministry of Foreign Affairs and Trade. In most every case the licence is approved, normally within 48 hours of the application being received.
These controls are not onerous, and are similar to export controls on other industries affected by arms control agreements. There are a number of dual-use items which have entirely legitimate commercial applications which nevertheless require an export licence. And there is good cooperation between the Ministry of Foreign Affairs and Trade and the industries concerned to ensure that they are not diverted to improper use. Exports of strong cryptography similarly require a permit to demonstrate that they are being transferred to a legitimate end user.
All permit applications are considered on a case-by-case basis, taking into account factors including:
end user of the product;
country of destination for the export;
nature of the good;
documentary support of the bona fides of the end user.
The Wassenaar Arrangement itself is an informal export regime. Its 33 members agree on common lists of screened items which they implement through their national export controls. In New Zealand these controls are implemented through Customs Export Prohibition Order 1996 outlined in the Customs and Excise Act 1996.
The Wassenaar Arrangement recently conducted a view of its lists. As a result, controls on cryptography products were loosened. I am pleased to advise you that physical exports of cryptography products from New Zealand under 64 bits key length now do not require a permit.
Yours sincerely
Rt Hon Don McKinnon
Minister of Foreign Affairs and Trade.
From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jya@pipeline.com Subject: Re: NZ Wassenaar Letter Date: Tue, 26 Jan 1999 15:57:37 (NZDT) My comments on this: This is just their standard response to these queries, and doesn't answer any of the real questions (eg why NZ altered the GSN in 1996 to specifically exclude PD crypto software). It also doesn't mention whether they've altered the GSN for the current version as they did in 1996, or whether they plan to stick to the original this time. As usual, there's a considerable difference between their stated policy and the actual policy. A few months ago they approved an export request which basically asked for permission to redistribute the code to pretty much anyone, with no checking of end users, bona fides, etc etc etc (the group who wanted it have a large number of customers worldwide and didn't want to spend the rest of their lives filling out paperwork for each one). A lawyer who looked at the request and permit commented that since there was absolutely no justification for refusing the export, they had to approve it even though it failed to meet any of the requirements mentioned in the letter. This is truly a weird way to handle export controls.
Note: For more on NZ crypto confundities see Peter Gutmann's Web site: http://www.cs.auckland.ac.nz/~pgut001/