Chris Blunt wrote:
> On Sat, 10 Nov 2007 05:02:54 -0800, Tchiowa
> wrote:
>
>> On Nov 9, 4:40 pm, Alfred Molon wrote:
>>> In article <1194548477.461591.229...@t8g2000prg.googlegroups.com>,
>>> pindborg says...
>>>
>>>> I will visit China in a couple of week and I need to know if I can
>>>> take
>>>> a laptop with encrypted hard drive along? Does anyone know a link for
>>>> the rules of doing this?
>>> You might perhaps need an export licence from your own country for that.
>>> Don't know where you are based, but if it's the USA check with the BIS
>>> (Bureau of Industry and Security). But it could well be that the
>>> encryption software on your computer is considered a mass market item
>>> and as such is not controlled.
>>>
>>> Here is the link to the Commerce Control List (USA):http://www.access.gpo.gov/bis/ear/ear_data.html
>>>
>>> You might google for the Commerce Control List of your own country.
>>>
>>> In any case it's unlikely that you would need an export licence of your
>>> own country of residence, but you should check anyway.
>>> --
>>>
>>> Alfred Molonhttp://www.molon.de- Photos of Asia, Africa and Europe
>> At one time taking backup software required an export license because
>> the compression routine was considered encryption.
>>
>> The liklihood that you're going to get caught is slim. But the
>> punishment is potentially so severe that it's not worth the risk.
>>
>> I can't help but wonder what you would want to have encrypted on a PC
>> you're taking to China with you.
>>
>> The only things I can think of are likely to get you arrested if
>> you're caught. Again, not worth it.
>
> I guess it could be confidential corporate information.
>
> As far as I know, most commercially available encryption systems are
> no longer subject to US export restrictions.
>
> Chris
This is what the "expert" at GPG (Open PGP) had to say about it.
http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#prc
People's Republic of China [Sources 3, 5]
See also Hong Kong Special Administrative Region.
1. Export/ import controls
By State Council Order No. 273, "Commercial Use Password Management
Regulations", published on 15 October 1999 and in effect since 7 October
1999, import and export of encryption products requires a license by the
State Encryption Management Commission. According to a "clarification
letter" sent to US businesses in China in early March 2000, this
involves only hardware and software for which encryption and decoding
operations are core functions. As a result, products in which
cryptography is only built-in (such as mobile phones and browser
software) are exempted. Moreover, the letter clarified that the
regulations do not entail key escrow.
However, the clarification letter only seems to apply to pre-2000
products. All products since 2000 seem to require a license.
2. Domestic laws and regulations
By State Council Order No. 273, "Commercial Use Password Management
Regulations", published on 15 October 1999 and in effect since 7 October
1999, domestic crypto manufacture and use is severely restricted.
Officially designated manufacturers must obtain aproval from the State
Encryption Management Commission for the type and model (including key
length) of their crypto products. Organisations and individuals may not
distribute encryption products produced abroad. People may only use
encryption products approved by the Commission, and they may not use
commercial encryption products developed by themselves or produced
abroad. For this use, they must have approval by the Commission. Only
foreign diplomatic missions and consulates are exempted from this
approval. The deadline for registration of crypto users was 31 January 2000.
According to a "clarification letter" sent to US businesses in China in
early March 2000, this involves, however, only specialized hardware and
software for which encryption and decoding operations are core
functions. As a result, products in which cryptography is only built-in
are exempted. Moreover, the letter clarified that the regulations do not
entail key escrow.
However, the clarification letter only seems to apply to pre-2000
products. All products since 2000 seem to require a license.
For wireless crypto products, China seems to require use of a Chinese
proprietary algorithm, and AES and WEP must be disabled.
--
Šiefulen |