Re: Writing an article on crypto for german parliament committee…


Sender: •••@••.••• (Jerome Thorel)

Hello Kurt and all the crypto fans,

You will surely have some news from one of your pair at the University of
Hamburg, to which I forwarded your request, Ulf Moller.

For several months, he has put on his web page
<> essential information about crypto policy
and laws.

For another review of European policy, country per country, you can look at
the Cambridge Computer Laboratory's Ross Anderson site
<>, and point to the postcript document
named "Crypto in Europe - Markets, Law and Policy".

For the particular situation of France, I am quite well informed on the
subject. I've conducted for 9 month until now a broad and deep (I guess
so...) decryption of the French law that de facto prohibits the use, the
furniture, and export of any crypto "means" (ie, software, or hardware).
This law, 90-1170, voted by the French parliament in December 1990, which
took effect after the December 28, 1992, decret.

If I had to resume, I'd say that encryption is officially liberated in
France. At the center : a French government agency, called the SCSSI
(service central pour la securite des systemes d'information, covered by a
delegation, the DISSI -- see my sig) -- quite like the German BSI, ie, a
former cypher service from the Defense Ministry.

The law gives the SCSSI the power to control even the private use of
cryptography. You will find these dispositions nowhere in the OECD's
members legislations. In fact, the SCSSI gives "autorisation prealables" --
ie, permits -- for any use or furniture of crypto software. And according
to a lot of witnesses I met during my inquiry, no one has succeded to have
a system approved if it is "too hard to break". So, we could say that the
French government -- for law inforcement purposes -- doesn't give carte
blanche to a system from which it cannot have the key.

So, France has invented what the US Administration is trying to enforce
with the Clipper Chip -- to impose key-escrow encryption, and banning all
non key-escrow system (there's a bill in the US Congress, S.974, that may
ban all non key-escrow software, even if there are already available -- PGP
for instance).

Thus, the SCSSI has always said no to a permit request to use PGP, even in
industry circles like the Groupe Bull.

Useful Sources & witnesses:
to have a look at the law and other related French sites

- Stephane Bortzmeyer, a syst admin (and privacy expert) who works at the
Intitut Pasteur : •••@••.•••

- A leading security expert and consultant, Herve Schauer, •••@••.•••.

- If you want to have a look at a ludic cryptography article I wrote (in
French) explaining the French law and its implications, see the number 7 of
the cybermagazine Frogmag. ("Perl for ever" - "Il est interdit de
Mirrors :

- A printed article which will appear in the sept. 21 issue of the French
weekly l'Evenement du Jeudi.

Voila. I hope it could be useful for you. Please keep me in touch with that
fate of your research and the conclusions of the Bundestag.

Jerome Thorel
Journaliste / Free-lance reporter     * Avec l'aide du
ID Presscard: 72052                        * Conservatoire National
76 r Ph. de Girard F-75018 Paris      * des Arts et Metiers
tel  331-40358010, fax-40370853  * <>
"If you won't tell me that you use PGP, I will tell you nothing.  But
without authorization, it's illegal.  And PGP has little chance of ever
being authorized for our agency." J. Vincent-Carrefour, DISSI - security &
encryption agency.

>Sender: •••@••.••• (Kurt Jaeger aka PI)
>Looks like I did the foolish thing to accept writing a paper
>on crypto for a soon-to-be-established committee at the
>german federal parliament on crypto issues. It will be part

Jerome Thorel
Journaliste / Free-lance reporter               Avec l'aide du
Carte de presse / ID Presscard: 72052     Conservatoire National
76 r Ph. de Girard F-75018 Paris                des Arts et Metiers
tel  331-40358010, fax-40370853            <>

 Posted by --  Andrew Oram  --  •••@••.••• --  Cambridge, Mass., USA
                 Moderator:  CYBER-RIGHTS (CPSR)

    World Wide Web:

You are encouraged to forward and cross-post messages and online materials,
pursuant to any contained copyright & redistribution restrictions.