Changes in Russian licensing of cryptraghical tools
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jan 21 19:02:54 EST 2008
Bill Stewart <bill.stewart at pobox.com> writes:
>At 12:23 AM 1/20/2008, Alexander Klimov wrote:
>>Given what is required to get a license (for example, 4.b in the
>>first document, says that one must have people trained in
>>information security), I guess the new law is not supposed to
>>limit use of cryptography by ordinary people, but to limit
>>distribution of snake-oil by self-proclaimed "professionals".
>
>I would have guessed the opposite - it's designed to prevent customized
>encryption solutions that actually work, but not to prevent mass-market
>products. Since you don't need a license for totally inadequate crypto, you
>can still sell snake-oil customized for your users.
Someone who works for a Russian bank told me that it was designed to ensure
that FAPSI got paid [0]. In other words the government recognises that trying
to regulate encryption use is pointless, but since corporates can't afford to
flout the law this measure guarantees a steady cashflow.
Never attribute to malice what can be adequately explained by baksheesh.
Peter.
[0] It's not FAPSI any more now, this was a few years ago. I assume the FSB
now get the money.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list