[Cryptography] Laws and cryptography

Grégory Alvarez gregory at alvarez-garcia.com
Wed Sep 11 04:58:58 EDT 2013


Over the past year I was in contact with different cryptographers (I was designing a new symmetric algorithm) and they all told me in order to publish it no governmental authorization was needed. They also told me that they publish paper all the time without having an authorization.

However there is the Wassenaar Arrangement between US, Europe and other countries that regulate the export and use of cryptography (http://www.wassenaar.org/introduction/index.html).

The Article 3 of the chapter 2 of the european law says : An authorisation shall be required for the export of the dual-use items listed in Annex I (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:134:0001:0269:en:PDF).

What they consider dual-use items is A ′′symmetric algorithm′′ employing a key length in excess of 56 bits (http://www.wassenaar.org/controllists/2012/WA-LIST%20%2812%29%201/08%20-%20WA-LIST%20%2812%29%201%20-%20Cat%205P2.doc).

The department of the ministry of defense that handle this regulation can't answer if publishing a cryptographic algorithm needs an authorization. However the Wassenaar Arrangement clearly says that material, software and technology need an authorization to be exported / published.

What is actually the status of the law about cryptography and publishing new algorithms ? Is the cryptographer that publish a paper without governmental authorization an outlaw ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130911/6b567e37/attachment.html>

More information about the cryptography mailing list