Sweden Strengthens Encryption Export Restrictions

4 April 1998
Date: Sat, 4 Apr 1998 09:40:56 -0800
To: cypherpunks@cyberpass.net
From: Martin Minow <minow@apple.com>
Subject: Sweden strengthens encryption export restrictions
Cc: jon@worldbenders.com, markoff@nytimes.com

An article in the Swedish newspaper, Svenska Dagbladet, states that 
Sweden plans to restrict encryption software export.  While there is 
no current requirement to obtain export-permission for encryption 
products, Staffan Sohlman, head of the Inspectorate for Strategic 
Products, recommends that the government implement the Wassenaar-agreement 
limitations. 

This has led to the government refusing permission for the "Roxen" 
encryption program manufactured by the Idonex corporation. 

According to what Staffan Sohlman said to the Swedish magazine 
Ny Teknik ("New Technology"), Sweden has unwritten and secret 
political obligations that date back to cold war days. 

Currently, Swedish export regulations exempt computer programs 
that are "generally available" and, for example, are sold by mail 
order or telephone and can be installed "without significant 
assistance" from the seller. 

----- 

Idonex is at 

   http://www.idonex.se/ (Swedish) or
 
   http://www.idonex.com/ (English). 

Roxen Challengar is a web server supporting 128-bit SSL encryption 
and cannot be exported from Sweden. There is more information on 
the denial of their export application at 

   http://www.roxen.com/crypto/ 

including the linkage to the Wassenaar agreement. Idorex was, however, 
granted permission for 40-bit encrypted products. 

You may also find this "non-paper" interesting: 

   http://www.roxen.com/crypto/docs/commission_non-paper_en.html 

In particular, export regulations are currently restricted to 
"tangible goods:" "The export-control system dopted by the Community 
limits its scope to the export of goods and technology in tangible forms. 
It therefore does  not provide for controls on the transfer of know-how if 
the latter is  not in tangible form of a blue-print or a written or recorded 
document  for instance." ... "The existence of this loophole is not satisfactory. On the other hand, it must be rememberd that the control 
of technology transfer by intangible forms is technically difficult 
(inforcement problems) an  politically sensitive (questions of restrictions 
to the freedom of providing services or even the free movement of persons). " 

Staffan Sohlman, "War material inspector" also recommends that Idonex 
not be given permission to "Pike," an encryption package written in the 
Pike programming language where a number of strong encryption algorithms 
are made available. [my translation of Sohlman's report to the government] 
at 

   http://www.roxen.com/crypto/docs/statement_isp_19971219_se.html

------ 

Martin Minow 
minow@apple.com