Encryption and legal matters

[BarryStiefel]

Encryption and legal matters

Some countries are strict on what encryption technology can be imported (eg France used to be this way). Similarly, other countries are sensitive about what encryption technology can be exported (eg the US has been known to do this on occassion). How do I know what technologies can be implemented where?





Answer I spoke with a person at Check Point who is knowledgeable about these sorts of things. It's really hard to keep up with because each country has unique laws and they change from time to time. The general recommendations I got, which I will pass along here, were:



The DES and 56-bit products can be exported/imported most everywhere without restriction. Check the export/import laws to see if this level of encryption can be exported/imported from/to the countries of your choice. Talk to a local** VAR. They will have already done the necessary paperwork to get the products into the country in the first place. They are also in a better position to tell you what is legal and what is not in that country. If you don't want to talk to a local** VAR and want strong encryption, you will have to fill out Israeli and US (or country of origin) export forms. You may also have to fill out import forms depending on the country. This, of course, assumes it is legal. ** Local refers to the country that needs the encryption software.

Note that since this was originally written, encryption laws have liberalized somewhat and 3DES is exportable from the US to most non-terrorist friendly nations without issue. Anyone with serious concerns should contact their nearest Check Point sales office.

Lastly, AES came into implementation without a lot of the political fanfare that 3DES was submitted to. As such, it generally carries the same status as 3DES. But, as stated above, checking with a local VAR is the best way to go.

-- RobertGraham - 08 Jan 2004

FAQForm FAQs.Class: EncryptionFAQs FAQs.OS: FAQs.Version: