4 April 1998
Date: Sat, 4 Apr 1998 09:40:56 -0800 To: cypherpunks@cyberpass.net From: Martin Minow <minow@apple.com> Subject: Sweden strengthens encryption export restrictions Cc: jon@worldbenders.com, markoff@nytimes.com An article in the Swedish newspaper, Svenska Dagbladet, states that Sweden plans to restrict encryption software export. While there is no current requirement to obtain export-permission for encryption products, Staffan Sohlman, head of the Inspectorate for Strategic Products, recommends that the government implement the Wassenaar-agreement limitations. This has led to the government refusing permission for the "Roxen" encryption program manufactured by the Idonex corporation. According to what Staffan Sohlman said to the Swedish magazine Ny Teknik ("New Technology"), Sweden has unwritten and secret political obligations that date back to cold war days. Currently, Swedish export regulations exempt computer programs that are "generally available" and, for example, are sold by mail order or telephone and can be installed "without significant assistance" from the seller. ----- Idonex is at http://www.idonex.se/ (Swedish) or http://www.idonex.com/ (English). Roxen Challengar is a web server supporting 128-bit SSL encryption and cannot be exported from Sweden. There is more information on the denial of their export application at http://www.roxen.com/crypto/ including the linkage to the Wassenaar agreement. Idorex was, however, granted permission for 40-bit encrypted products. You may also find this "non-paper" interesting: http://www.roxen.com/crypto/docs/commission_non-paper_en.html In particular, export regulations are currently restricted to "tangible goods:" "The export-control system dopted by the Community limits its scope to the export of goods and technology in tangible forms. It therefore does not provide for controls on the transfer of know-how if the latter is not in tangible form of a blue-print or a written or recorded document for instance." ... "The existence of this loophole is not satisfactory. On the other hand, it must be rememberd that the control of technology transfer by intangible forms is technically difficult (inforcement problems) an politically sensitive (questions of restrictions to the freedom of providing services or even the free movement of persons). " Staffan Sohlman, "War material inspector" also recommends that Idonex not be given permission to "Pike," an encryption package written in the Pike programming language where a number of strong encryption algorithms are made available. [my translation of Sohlman's report to the government] at http://www.roxen.com/crypto/docs/statement_isp_19971219_se.html ------ Martin Minow minow@apple.com