The Far East group

Members

Helen Lloyd-Williams

Yariv Sadan

Kim Shah

What to prepare for
Please present a position paper (at most 3 pages long) for a meeting of an international organization (say, the International Telecommunications Union or an international trade organization) on the policies regarding use, import, and export of cryptographic machinery and software. You can select from any (or all!) of your area, which certainly represents a very important part of the world, by many measurements (population, resources, industry, general economic strength, military power). You may wish to concentrate on one or two countries, perhaps China or Japan. Either of them would be more than enough for one report. The bare information I have found (on the web page http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm for example) is sketchy but interesting. See what you can develop, please.

I suspect that the laws and the practices of these governments might not be totally the same: that is, what the governments declare is legal and what they are willing to tolerate may be different. But I may be wrong. I would like you to concentrate on presenting policies and laws which might seem strange or restrictive to U.S. people but which your "country" insists on. You might consider the following supporting positions:

Our traditions are not the same as those of Western Europe and North America, and we will not abandon our own culture and history.

We have special (perhaps temporary!) needs for controlling security in communications, since we have been threatened historically by our neighbors, country X and country Y and ...

Our resources have been exploited miserably by international corporations and we must be able to monitor communications to prevent possible future exploitation.

Residents of our country must be willing to sacrifice some privacy so that our future will be better.

In your oral rebuttal
Of course be prepared to defend ``your'' country's positions. Assert that you are correct, distort history and economics judiciously if necessary to support your wishes, claim sovereign immunity, etc. Have a few facts ready if you absolutely need them!

The Latin American group presented policy recommendations in a role-playing way, as members of a MERCOSUR working group. MERCOSUR is a South American analog of the European Common Market.

PURPOSE To present to the International Business Board the various policies regarding cryptosystem machinery and software that we, the Far East sector implement. We will stress those policies which differ from most countries represented in the International Business Board.

First we will begin with Japan. Because of many complications Japan entered the internet revolution relatively late. This and other reasons have caused Japan to start thinking about security issues later than some countries as well. Japan believes they have less security issues than other Western countries. Japan has a very low crime rate, but a rather high natural disaster rate. In the past they were only concerned with the physical safety of their computers. The Japanese are working to increase their security levels in order to acknowledge that they can't be isolated from global systems. They are creating systems that are compatible with those of the West.

Export: Japan follows the Wassenaar Agreement to regulate its exports. It has tightened laws recently requiring businesses to get approval for exports greater than 50,000 yen. This is down from the previous minimum of more than one million yen. Japan regulates exports with the Foreign Exchange and Foreign Trade Law, the Foreign Exchange Order, the Export Trade Control Order, and the International Trade Administration Bureau Notification. Less sensitive products, such as DVD devices, were granted export relief in early 1998. MITI has initiated slightly stronger inspection in protection of national security against terrorism.
Import: There are no import regulations in Japan.
Use: In the past, Japan was not very concerned with security. Now there are increasing levels of effort to provide the country with a system that protects national security while also protecting privacy rights. According to D.K. Kahaner, all encryption is by software on the grounds of expense. Japan uses an algorithm similar to RSA but without a directory of public keys.

Now we proceed with China. It is important to note that just recently China eased its restrictions on the use of encryption technology, so that now a large variety of consumer software and equipment containing encryption devises can be used by businesses and individuals without seeking permission from officials. For example, cellular phones and consumer computer software can be used in China. Any uncommon encryption devices, however, can only be used after obtaining a permit from officials. The import and export of cryptographic devices requires licencing by the State Encryption Management Commission. Thus, encryption devised that are not permitted for domestic use, cannot be imported into the country.

In Malaysia and Singapore, the use, import, and export of encryption devices and software is legal, however permits must be obtained for domestic use of items containing encryption devices. In addition, the government has the authority to imprison and/or fine individuals who do not provide officials with encryption keys when requested to do so. Both countries have no restrictions on the import and export of cryptographic devises. Just this January, Singapore lifted its import controls on cryptographic equipment in order to improve e-commerce. Singapore hopes that this action will also encourage businesses to implement key recovery.

Though South Korea has not yet published their policy on the use of encryption software and devices, they do have restrictions on importing, exporting, and using encryption. Although there is no regulations governing the use of encryption, the Draft Electronic Commerce Basic Law requires people to provide the government with their cryptographic keys. In addition, encryption services in public switch telephone services are restricted. Export of cryptographic devices is regulated according to the Wassenaar Agreement. Import of devises is heavily prohibited and requires the approval of the Ministry of Trade, Industry, and Energy, which is very difficult to obtain. Even banks cannot obtain permission to use cryptographic equipment.

Well we hope this informative session gave the International Business Board a better idea how business can be practiced in the various countries of the Far East sector.