10 June 1998: Add Maksim's, Jan's and Bernhard's messages on lifting SU restriction
8 June 1998: Add Markus's message; add Adam's message; add Jan's and Maksim's messages
6 June 1998
From: "Maksim Otstavnov" <maksim@volga.net> To: tech-support-europe@nai.com Date: Sat, 6 Jun 1998 22:47:25 +0400 Subject: PGP International: Really restricting access for particular countries? CC: graham.curme@nai.com, prz@pgp.com, jy@jya.com -----BEGIN PGP SIGNED MESSAGE----- Dear Sir/Madam: When trying to get a trial version of PGP for BS from www.pgpinternational.com, I got instead the message of: > Due to export or import restrictions that exist for your country you will > not be able to download the encryption software. Despite popular rumors currently there are not legal foundations for restricting crypto export/import in/from Russia. There are certain restrictive movements, of course, but they remain private opinions by certain people and agencies. I was happy to be one of the first to hail PGP/NAI efforts to make strong crypto available worldwide (and participated in the project by translating the documentation (see www.pgpi.com), supporting Russian-language non-commercial users, and localizing the software). It would be a pity if I should be first to blame the companies for (indirectly) supporting anti-crypto movement in particular countries. I hope you will make a right decision. Thank you in advance for your adequate answer. Yours sincerely, -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0.1iRu Charset: noconv iQCVAwUBNXljnHGCEHWOiJDhAQGtYQP/VYy88ZUxbB8c9s5Tc3LcG2/WbICtF0Wg Fg5ZgJVwZe0rt6jkw3I4DkzhGJ+YCu4IF1ZlnyTp8+C7zxtY2tE+nZXbFQLjTYs7 AZMSoIil866yzGVCWS7RKR0QDknS4sd3jaURH9aFkJl+YMJNlLK7bO0NVaGG4wLl 4jTgbAEGTvk= =GU0M -----END PGP SIGNATURE----- -- Maksim Otstavnov <maksim@volga.net>, http://www.ice.ru/otstavnov/ -- editor, Compunomika monthly
JYA Note: Maksim's message reformatted to shorten line length, so the PGP sig may choke.
To: John Young <jya@pipeline.com> cc: cypherpunks@cyberpass.net Date: Mon, 08 Jun 1998 10:17:04 +0000 Subject: Re: PGP International Accused From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk> John Young wrote on 1998-06-07 16:24 UTC: > There are accusations from Russia and France that > PGP International and Network Associates are > improperly and probably illegally refusing downloads > of PGP to legitimate users. > > http://jya.com/pgpi-x-ru.htm > http://jya.com/nai-x-fr.htm > > Phil Zimmermann and the companies have been asked > by the plaintiffs to explain why public affirmations of open > access are contradicted by illegal restrictions. Independent on whether these practices are a good idea or not, a short note on the claims of illegality seems necessary here: Calling download restrictions "illegal" is a complete misconception: In Europe, everyone is free to restrict distribution of her software to any freely selectable subset of the world population. There is nothing wrong legally if you publish software that you make available only to (say) Finish students below 25 years of age, etc. Similarly, there is legally nothing wrong if you block your web-server for downloads from certain top-level domains. It would be a horrible idea if I were *forced* by European law to publish my software either to everyone or not at all. The existence of such nonsense-laws is implied in the above accusations. The various EU treaties that guarantee "the free circulation of goods and services in the internal market of the European Union" make it illegal for the governments of EU member states to introduce new laws that would legally restrict the distribution of good and services in the EU. However there are numerous special exceptions at the EU level (i.e., not introduced my individual member countries): for instance both British beef and cryptographic products are export controlled for safety & security reasons. The export controls for cryptographic software are not enforced among EU countries as long as the product is only commonly available shrink-wrap mass-market software (e.g., PGP) that comes without special support and customization, and that is not especially designed for military use. See the 1995 EU Dual Use directive. This means that unlike from the US, you *can* export PGP and GSM systems from EU countries. You *cannot* export a cryptographically secured olive-green tactical C3 radio subsystem for installation in tanks without an export licence from most EU countries, and you will face very serious prison sentences if you try to. References: H Roth: `Exportkontrollen für Verschlüsselungsprodukte'. Datenschutz und Datensicherheit (1+2/1998) pp 8--13,81--85 [Abstracts mirrored here] Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: <http://www.cl.cam.ac.uk/~mgk25/>
Date: Mon, 8 Jun 1998 17:26:23 +0100 From: Adam Back <aba@dcs.ex.ac.uk> To: jya@pipeline.com CC: cypherpunks@cyberpass.net Cc: prz@pgp.com Subject: Re: PGP International Accused Looking at "PGP International, BVs" web page it makes the following very craftily worded claim about key escrow: http://www.pgpinternational.com/ : All PGP encryption products are 128 bit strong encryption, world wide. ok so far. : The products do not contain an unknown or undocumented message or key : recovery method (usually called backdoor). The only way to recover the : encrypted messages is to know and use the applicable key. Woah! Very sneaky: "doesn't contain any unknown or undocumented message or key recovery method." TIS GAKware, IBM GAKware, GCHQ's CASM/Cloud Cover GAK proposals could make similar claims to that. PGP for business _does_ contain a key recovery message, and it is documented as containing one. The above I think is likely to mislead most readers. If people choose to implement communications key recovery for whatever stated or unstated claimed business "demand" (feh) for communications key recovery, they can at least have the integrity to stand by their decisions, and not try to conceal this fact in their advertising. We expect better use of the PGP brand. (Cc'd to PRZ so that perhaps he can correct this piece of misleading marketroidese, which I presume he is unaware of.) Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
From: tech-support-europe <tech_support_europe@NAI.com> Sender: "Blanke, Jan" <Jan_Blanke@NAI.com> To: "'maksim@volga.net'" <maksim@volga.net> Subject: RE: PGP International: Really restricting access for particular countries? Date: Mon, 8 Jun 1998 06:16:36 -0700 Dear Mr. Maksim Otstavnov , unfortunately we are not allowed to send any pgp-products to russia yet. We will inform you as soon as this restriction is not applicable anymore. Kind regards Jan Blanke Network Associates Technical Support
From: "Maksim Otstavnov" <maksim@volga.net> To: tech-support-europe <tech_support_europe@NAI.com> Date: Tue, 9 Jun 1998 00:34:00 +0400 Subject: RE: PGP International: Really restricting access for particular CC: John Young <jya@pipeline.com> -----BEGIN PGP SIGNED MESSAGE----- Dear Jan Blanke: > unfortunately we are not allowed to send any pgp-products to russia yet. > > We will inform you as soon as this restriction is not applicable > anymore. Two more questions: exactly whose allowance is needed to open a Web-access to the resources physically located in the Netherlands by clients physically located in Russia? Are you allowed to sell prepackaged software to Russian national in Netherland, too? Thank you, best regards, -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0.1iRu Charset: noconv iQCVAwUBNXwfmXGCEHWOiJDhAQGT5wP/Ti07bhCLfye1VvQz2qjWzxF+K4gloFTo PTxhjw2+SFpqcLCQsw7MkOUZdxLhSPcUVC+kZ/7NYV1BzR9tsWRQMkK/ShWeHOLd NvJoNkPcK4pPGla4jDny0Wrgv7OUElgqpwx6iDdYHUv60SONlBdmdgpKB9hsxWtZ eRwj943M5Q8= =aJHK -----END PGP SIGNATURE----- -- Maksim Otstavnov <maksim@volga.net> http://www.ice.ru/otstavnov/ -- - chief, Labs of Civil & Financial Crypto -- - editor, "CompuNomika" monthly -- - maintainer of The Russian PGP HomePage
From: "Maksim Otstavnov" <maksim@volga.net> Organization: home office To: John Young <jya@pipeline.com>, Chris Oakes <chriso@wired.com> Date: Thu, 11 Jun 1998 01:08:47 +0400 -----BEGIN PGP SIGNED MESSAGE----- Just got the msg from NAI informing that www.pgpinternational.com has lifted download restrictions for ex-USSR users. I am sure the restriction was due to misunderstanding. - ------- Forwarded Message Follows ------- From: tech-support-europe <tech_support_europe@NAI.com> To: "'maksim@volga.net'" <maksim@volga.net> Subject: PGP International: Really restricting access for particular Date: Wed, 10 Jun 1998 03:43:16 -0700 Dear Mr. Maksim Otstavnov, as I've just been informed that the Webaccess should be open now for SU countries, you should be able to download the desired version now. Kind Regards Jan Blanke Network Associates Technical Support e-mail:jan_blanke@nai.com Tel:+31-20-586- Fax: +31-20-586-6960 > -----Original Message----- > Subject: RE: PGP International: Really restricting access for > particular > > Jan, > > Web Access for former SU countries is open now. We were very carefull, > but we got explicitit confirmation now that it is no problem to allow > former SU countries access. > > Regards, > > Bernhard. [Snip original messages shown at top and Maksim's PGP sig]