Sender: •••@••.••• (Jerome Thorel) Hello Kurt and all the crypto fans, You will surely have some news from one of your pair at the University of Hamburg, to which I forwarded your request, Ulf Moller. For several months, he has put on his web page <http://www.thur.de/ulf/krypto> essential information about crypto policy and laws. For another review of European policy, country per country, you can look at the Cambridge Computer Laboratory's Ross Anderson site <http://www.cl.cam.ac.uk/users/rja14>, and point to the postcript document named "Crypto in Europe - Markets, Law and Policy". For the particular situation of France, I am quite well informed on the subject. I've conducted for 9 month until now a broad and deep (I guess so...) decryption of the French law that de facto prohibits the use, the furniture, and export of any crypto "means" (ie, software, or hardware). This law, 90-1170, voted by the French parliament in December 1990, which took effect after the December 28, 1992, decret. If I had to resume, I'd say that encryption is officially liberated in France. At the center : a French government agency, called the SCSSI (service central pour la securite des systemes d'information, covered by a delegation, the DISSI -- see my sig) -- quite like the German BSI, ie, a former cypher service from the Defense Ministry. The law gives the SCSSI the power to control even the private use of cryptography. You will find these dispositions nowhere in the OECD's members legislations. In fact, the SCSSI gives "autorisation prealables" -- ie, permits -- for any use or furniture of crypto software. And according to a lot of witnesses I met during my inquiry, no one has succeded to have a system approved if it is "too hard to break". So, we could say that the French government -- for law inforcement purposes -- doesn't give carte blanche to a system from which it cannot have the key. So, France has invented what the US Administration is trying to enforce with the Clipper Chip -- to impose key-escrow encryption, and banning all non key-escrow system (there's a bill in the US Congress, S.974, that may ban all non key-escrow software, even if there are already available -- PGP for instance). Thus, the SCSSI has always said no to a permit request to use PGP, even in industry circles like the Groupe Bull. Useful Sources & witnesses: - http://www.cnam.fr/Network/Crypto/ to have a look at the law and other related French sites - Stephane Bortzmeyer, a syst admin (and privacy expert) who works at the Intitut Pasteur : •••@••.••• - A leading security expert and consultant, Herve Schauer, •••@••.•••. - If you want to have a look at a ludic cryptography article I wrote (in French) explaining the French law and its implications, see the number 7 of the cybermagazine Frogmag. ("Perl for ever" - "Il est interdit de tatouer"). Mirrors : http://www.cnam.fr/Frogmag http://www.princeton.edu/Frogmag - A printed article which will appear in the sept. 21 issue of the French weekly l'Evenement du Jeudi. Voila. I hope it could be useful for you. Please keep me in touch with that fate of your research and the conclusions of the Bundestag. Sincerely, Jerome Thorel -------------------------------------- Journaliste / Free-lance reporter * Avec l'aide du ID Presscard: 72052 * Conservatoire National 76 r Ph. de Girard F-75018 Paris * des Arts et Metiers tel 331-40358010, fax-40370853 * <http://web.cnam.fr> "If you won't tell me that you use PGP, I will tell you nothing. But without authorization, it's illegal. And PGP has little chance of ever being authorized for our agency." J. Vincent-Carrefour, DISSI - security & encryption agency. >Sender: •••@••.••• (Kurt Jaeger aka PI) > >Hi! > >Looks like I did the foolish thing to accept writing a paper >on crypto for a soon-to-be-established committee at the >german federal parliament on crypto issues. It will be part Jerome Thorel -------------------------------------- Journaliste / Free-lance reporter Avec l'aide du Carte de presse / ID Presscard: 72052 Conservatoire National 76 r Ph. de Girard F-75018 Paris des Arts et Metiers tel 331-40358010, fax-40370853 <http://web.cnam.fr> ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by -- Andrew Oram -- •••@••.••• -- Cambridge, Mass., USA Moderator: CYBER-RIGHTS (CPSR) World Wide Web: http://jasper.ora.com/andyo/cyber-rights/cyber-rights.html http://www.cs.virginia.edu/~hwh6k/public/cyber-rights.html FTP: ftp://jasper.ora.com/pub/andyo/cyber-rights You are encouraged to forward and cross-post messages and online materials, pursuant to any contained copyright & redistribution restrictions. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
