Groups condemn Wassenaar crypto pact

Several privacy advocacy groups have condemned the recent revision of the Wassenaar Arrangement — a protocol designed to limit the export of strategic military weapons — which includes new controls on encryption software.

Electronic Frontiers Australia (EFA) condemned the new restrictions in a statement on its Web site, saying the changes mean “the threat of global surveillance,” by governments. And a U.S.-based group called Zero Knowledge Systems has called for Internet users to protest the Wassenaar arrangement.

The revision to the Wassenaar Arrangement — signed by 33 countries in Vienna in early December — calls for restrictions on the export of “mass market” encryption

software using keys greater than 64 bits, according to numerous sources who participated in the meeting.

However, provisions of the pact exclude restrictions on specific types of software including programs that are: considered generally available to the public; in the public domain; or designed for installation by the user without further substantial support by the supplier. Details of the agreement have been posted on the Wassenaar Web site (

But these new controls are enough to disturb privacy organizations such as EFA. In a statement posted on its Web site, EFA decried the restrictions, saying that Australia — among the signatories — had knuckled under to U.S. demands, thus depriving Australian citizens access to high-strength security products.

Encryption tools are needed to help human rights organizations such as Amnesty International to inform the world of atrocities committed by repressive governments, EFA said. The controls on exporting encryption software defy rational analysis, EFA added, “because high-quality strong crypto products are freely available in the public domain. The real reasons behind such controls can only be speculated upon,” EFA said.

Encryption software enables people to send electronic messages which are scrambled, so that they cannot be read by outside parties before its recipients see it. The U.S. has in the past restricted export of encryption technology software, fearing that criminals could get their hands on the technology.

But, until now, many countries have had no restrictions whatsoever on exporting encryption software. It is generally acknowledged that 128-bit software is more secure.

EFA plans to step up its public awareness campaign on the restrictions and Web sites are now

springing up around the world making available high-strength security products for downloading, EFA said.

“At a time when governments are preaching the benefits of electronic commerce, it is incredible that security tools should be restricted,” said EFA in its statement.

Another U.S.-based group, called Zero Knowledge Systems, has also called for Internet users to protest the new restrictions.

The group blames the U.S. Department of Commerce under secretary for “taking credit for convincing all other Wassenaar countries to imposed these added restrictions over cryptography designed for average citizens.”

It offers Internet users the chance to fill out a form on its Web site which will go straight to a government representative (

But several European sources who attended the Wassenaar meeting were at pains to stress their governments had not merely given in to U.S. demands for tighter controls.

The Wassenaar arrangement actually represents a loosening of export controls, a European diplomatic source, who declined to be identified, told IDG News Service last week, because it also lifts controls on mass market software under 64 bits.

“It is absurd to say that the group (of 33 countries) decided to increase controls,” he said.

Software deemed “publicly available” is completely free of restrictions, according to Joachim Wahren, spokesperson with Germany’s Auffuhramt, the government organization which signed the Wassenaar arrangement. Hardware regulations have also been loosened, he said. For example, companies no longer have to get approval to export hardware encryption devices, according to Wahren.

Lastly, the other signatories did not accept the U.S. proposal for instituting key recovery, Wahren said. A key recovery program gives the government the right to hold keys that unlock encrypted communications should they deem the content to be in violation of the law.

But he conceded that there is “a certain tightening” of the regulations for software not deemed public.

One IT security analyst sees the move as a definite step backwards. “On balance, this seems retrogressive,” said Ken Frasier, security analyst with Dataquest Corp. in London, England.

“The Clinton administration has been able to persuade 32 other countries to impose explicit restrictions, whereas before, it was a matter of discretion in each country.”

But it could be some countries hope that they can circumvent the restrictions, he said. “There is an indeterminate time before this can be implemented into local law. And even when countries do so, there may be loopholes or relaxations of the arrangement. This is not an instant cure,” Frasier said.

The current Wassenaar signatories are: Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, the United Kingdom and United States.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now