Interesting People mailing list archives
Russian crypto regs [ from an IPer djf]
From: David Farber <farber () central cis upenn edu>
Date: Mon, 24 Apr 1995 21:44:05 -0400
Date: Mon, 24 Apr 95 19:47:26 EDT From: sbaker02 () counsel com (Stewart Baker -- Steptoe ^ Johnson - Washington ) To: farber () central cis upenn edu As you might expect, I asked our firm's Moscow office to give me some background on the new Russian crypto directive. The memo is attached. Note that the office approving crypto for public and private use also is responsible for intelligence gathering. We may have exported democracy and capitalism to Russia, but not the Computer Security Act of 1987! (Where is Mark Rotenberg when we really need him?) Stewart MEMORANDUM April 24, 1995 TO: Stewart Baker FROM: Mikhail Solton RE: Russian Statutes Restricting Use of Encryption Technologies You have asked me to provide you with an overview of recent Russian legislation regulating development and use of encryption technology. The recent Edict of the Russian President Yeltsin "On Measures to Observe the Law in Development, Production, Sale and Use of Encryption Devices and on Provision of Services in Encrypting Information" dated April 3, 1995 (the "Edict"), and restricts use of encryption technologies by Russian government agencies, State-owned, private and foreign entities, and complements a rapidly growing body of law publicly regulating activities which previously were the exclusive domain of the KGB, other national security agencies, and of the military.*1 The Edict bans the development, import, sale and use of unlicensed encryption devices, as well as of "protected technological means of storage, processing and transmission of information", and directs the Federal Counterintelligence Service and other enforcement agencies to ensure compliance and to prosecute violators. The Edict designates the Federal Agency of Government Telecommunications and Information attached to the Office of the RF President (FAGTI)as the authority responsible for the review of applications and issuance of licenses. FAGTI has been established pursuant to the RF Law "On Federal Organs of Government Telecommunications and Information" of February 19, 19932 ("Law on Government Telecommunications"). In accordance with this statute FAGTI, headed by a Director General, reports directly to the RF President and is responsible for the security of government communications, as well as for intelligence operations in connection with encrypted and coded information.3 The intelligence branch of FAGTI, also headed by a Director General, is semi-autonomous and and operates "in accordance with the Russian Federation Law 'On External Intelligence'".4 FAGTI also has an R&D branch -- the RF Academy of Cryptography5-- and several army units: government communications corps, radio surveillance and engineering detachments.6 Within its jurisdiction, FAGTI may issue orders and instruction which are mandatory for all government and private agencies and companies.7 FAGTI conducts its activities in coordination with all RF enforcement agencies, Ministry of Defense, Ministry of Communications, Ministry of Foreign Affairs, RF General Directorate of Security, and other key government services.8 FAGTI will issue licenses for encryption activities in accordance with FAGTI's internal regulations and pursuant to the RF Government Decree "On licensing of certain types of activities" of December 24, 1994,9 which sets forth general licensing guidelines for competent government agencies. At least one article written by a prominent Russian mathematician and published in the influential Russian newspaper Izvestia on April 20, 1995 harshly criticised the Edict as overbroad, grantin unlimited discretion to the secret police and ignorant customs officers, violating civil rights, creating obstacles for international cooperation in the field of exchange and processing of information, and making meaningless the recently adopted intellectual property laws. The article expresses concern that the new statutes seek to revive and legitimize KGB methods in controlling Russian society. FOOTNOTES 1 Other relevant statutes include the RF Law "On State Secrets" dated July 7, 1993, RF Law "On Telecommunications" dated February 16, 1995, and the RF Law "On Information, Data Processing and Protection of Information" dated February 20, 1995. The last statute, among other things, regulates classification of information, licensing, and sets forth equipment certification guidelines. The above statutes are available in our Russian law library (in Russian) 2 A copy of the Law is available in our Russian law library (in Russian). 3 See Art. 6. Law on Government Telecommunications. 4 Id. Art. 6.1. 5 Id. Art.5. 6 Id. Art. 8. 7 Id. Art. 6.2., Art. 6.4. 8 Id. Art. 8. 9 This statute is available in our Russian law library (in Russian).
Current thread:
- Russian crypto regs [ from an IPer djf] David Farber (Apr 24)