[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encryption in Russia

On Thu, Jan 02, 2003 at 06:01:15PM +0800, Fedor Zuev wrote:
> O>> O>I'm curious, did they make it legal to use PGP and other
> O>> O>encryption methods in Russia? Last I heard, it was illegal unless
> O>> O>sanctioned by some government office.
> O>>
> O>> 	Of course, it is pretty legal to just _use_ it (for
> O>> yourself). But it may be illegal to offer a commercial services
> O>> involved encryption. In that case, you must call it somehow else
> O>> ("data protection", for example) :-)
> O>Here's what lsh-client description says, for example:
> O>"In some countries, particularly Russia, Iraq, Pakistan, and
> O>France, it may be illegal to use any encryption at all without a
> O>special permit."
> 	Yes. This is well-known, popular misunderstanding of exact
> terms of law. It based on the real facts, but is not quite correct.
> 	Restriction on encryption was first introduced in 1995 by
> "Указ Президента РФ N 334" (Edict of the president of Russian
> Federation 334). Edict has messy language, and it was not clear,
> which exactly type of activity it restricted. In 2001 edict was
> superseded by the new edition of "Закон о лицензировании отдельных
> видов деятельности" (Law about licensing of specific types of
> activity). Law declares that cryptography tech (among about a
> hundred other kinds of business) is needed government license to
> maintain and produce.
> 	According to that law you can not _sell_ cryptographic
> devices without government license. Also, you can not _offer_
> encryption as service (or part of service) to your customers without
> government license.
> 	But using cryptography for protecting your own personal
> privacy and|or securing communication to peers is clearly beyond the
> scope of this law. Communication business ("деятельность в области
> связи") has its own, separate regulation, not covered by this law.
> In most cases it far more severe, but, AFAIK, say nothing about
> encryption.
It's a bit late on the topic, however I must say that according to our
company's lawer the use of any cryptographic software and/or hardware
without a proper licence is a legal offence (and this software/hardware
must also have a proper certificate).  Depending on whether you use it
as a physical entity or as a juridical entity, you are eligible to
either administrative or criminal liability.

That's it.


Attachment: pgp7UhAMJ4HrJ.pgp
Description: PGP signature

Reply to: