Russian crypto regs [ from an IPer djf]

[David Farber <farber () central cis upenn edu>]

Date: Mon, 24 Apr 95 19:47:26 EDT
From: sbaker02 () counsel com (Stewart Baker -- Steptoe ^ Johnson - Washington )
To: farber () central cis upenn edu


As you might expect, I asked our firm's Moscow office to give me
some background on the new Russian crypto directive.  The memo
is attached.  Note that the office approving crypto for public
and private use also is responsible for intelligence gathering.


We may have exported democracy and capitalism to Russia,
but not the Computer Security Act of 1987!
(Where is Mark Rotenberg when we really need him?)




Stewart




MEMORANDUM




April 24, 1995






TO:        Stewart Baker


FROM:        Mikhail Solton


RE:        Russian Statutes Restricting Use of Encryption Technologies






        You have asked me to provide you with an overview of recent
 Russian legislation regulating development and use of encryption
 technology.
                The recent Edict of the Russian President Yeltsin
"On Measures to Observe the Law in Development, Production, Sale
and Use of Encryption Devices and on Provision of Services in
Encrypting Information" dated April 3, 1995
(the "Edict"), and restricts use of encryption technologies by
Russian government agencies, State-owned, private and foreign
entities, and complements a rapidly growing body of law publicly
regulating activities which previously were the exclusive domain
of the KGB, other national security agencies, and of the military.*1
                The Edict bans the development, import, sale
and use of unlicensed encryption devices, as well as of "protected
technological means of storage, processing and transmission of
information", and directs the Federal Counterintelligence Service
and other enforcement agencies to ensure compliance and to
prosecute violators.
                The Edict designates the Federal Agency of
Government Telecommunications and Information attached to the
Office of the RF President (FAGTI)as the authority responsible for
the review of applications and issuance of licenses.  FAGTI has
 been established pursuant to the RF Law
"On Federal Organs of Government Telecommunications and
Information" of February 19, 19932 ("Law on Government
Telecommunications").  In accordance with this statute FAGTI,
headed by a Director General, reports directly to the RF
President and is responsible for the security of government
communications, as well as for intelligence operations in
connection with encrypted and coded information.3  The
intelligence branch of FAGTI, also headed by a Director General,
is semi-autonomous and and operates "in accordance with the
Russian  Federation Law 'On External Intelligence'".4
                FAGTI also has an R&D branch -- the RF Academy of
Cryptography5--  and several army units: government communications
corps, radio surveillance and engineering detachments.6
                Within its jurisdiction, FAGTI may issue orders
and instruction which are mandatory for all government and
private agencies and companies.7  FAGTI conducts its activities in
coordination with all RF enforcement agencies, Ministry of Defense,
Ministry of Communications, Ministry of Foreign Affairs, RF
General Directorate of Security, and other key government services.8
                FAGTI will issue licenses for encryption activities
in accordance with FAGTI's internal regulations and pursuant to
the RF Government Decree "On licensing of certain types of
activities" of December 24, 1994,9 which sets forth general
licensing guidelines for competent government agencies.
                At least one article written by a prominent
Russian mathematician and published in the influential Russian
newspaper  Izvestia on April 20, 1995 harshly criticised the Edict
as overbroad, grantin unlimited discretion to the secret police
and ignorant customs officers, violating civil rights, creating
obstacles for international cooperation in the field of exchange
and processing of information, and making meaningless the
recently adopted intellectual property laws.  The article
expresses concern that the new statutes seek
to revive and legitimize KGB methods in controlling
Russian society.
FOOTNOTES


1 Other relevant statutes include the RF Law "On State Secrets"
dated July 7, 1993, RF Law "On Telecommunications" dated
February 16, 1995, and the RF Law "On Information, Data Processing
and Protection of Information" dated February 20, 1995. The
last statute, among other things, regulates classification
of information, licensing, and sets forth equipment certification
guidelines.  The above statutes are available in our Russian
law library (in Russian)


2 A copy of the Law is available in our Russian law library (in Russian).
3 See Art. 6.  Law on Government Telecommunications.
4 Id. Art. 6.1.
5 Id. Art.5.
6 Id. Art. 8.
7 Id. Art. 6.2., Art. 6.4.
8 Id. Art. 8.
9 This statute is available in our Russian law library (in Russian).