What to prepare for
You have a difficult task. You are to prepare a position paper (at
most 3 pages long) for a meeting of an international organization
(say, the International Telecommunications Union or an international
trade organization) on the policies regarding use, import, and export
of cryptographic machinery and software. You could try to represent
the whole (rather heterogeneous) fSU area, or choose to discuss only
one country (the obvious candidate being Russia itself). I'd like you
to present a selection of the policies that U.S. people might find
restrictive or strange. You are to be an advocate/defender of these
policies. You may defend your policies regarding cryptography with a
mixture of convenient logic, exaggeration, and history. Mention
specific policies and give some comments to support these
policies. For example, your comments could include (but not be limited
by) reasons such as the following:
In your oral rebuttal
Be prepared to defend "your" country's positions. One
classic style: throw accusations at the accusers. Remark that those
who accuse you of controlling communications already have secure
communications of their own, and are just trying to prevent others
from enjoying similar security. Have a few facts which you cite in a
very emotional manner.
Russian policy can be examined from a number [of] viewpoints, however, it can best be understood through the presentation of the basic points of the system. These points cover software protection, import/export of encryption technology, and the monitoring of e-mail and internet usage.
Russia began to include computer software among its copyright protected items only in the late 80s when a wide proliferation of personal computers began-their reason: to stop uncontrolled copying and use of programs that could be economically detrimental to the programs' owners. Two major pieces of legislation were written to address the issue of copyright protection of computer software (the first was signed on Sept. 23, 1992 and the second on July 9, 1993). Under these laws, only certain components of software are protected. A tangible form of an algorithm, such as a computer program, is protectable, but not the algorithm itself. Thus, others could write programs based on the same algorithm. A program's interface is protectable as long as it is original in nature. All products produced on the software must get separate copyrights and are to be protected like works of literature and fine arts.
The author of the program retains all proprietary rights throughout his life and until 50 years after his death-that is, unless he transfers economic power to another entity (for example, an employer). The owner of the copyright, whether it be the author or another party, is called the right owner and owns exclusive proprietary rights. Unlike, the United States, the author who gives up his proprietary rights to an employer or another party still retains certain personal, non-proprietary rights (in the U.S., the employer or other party owns these rights as well). These rights include the right to be considered the author, the right to protect the program against distortions and encroachment that might damage the author's honor or dignity, and the right of promulgation, i.e. making the program accessible to the general public conscious. Also among these personal rights is the exclusive right to modify the software. This could create problems as a company could suffer an economic hit from an imperfection in the software if that company can not get the author's permission to make changes on it.
Cases involving the protection of American programs in Russia will be examined in an American court of law but with Russian law being applied. Thus while an employed American author may not have any rights in the United States, he can demand certain personal rights when the program is distributed within the Russian territory. Russian programs are protected in the USA in accordance with the Universal Copyright Convention. However, Russian programmers hired by U.S. firms (which is often done since Russians receive salaries that are ten times less than the average American programmer) the Russian author is protected according to Russian legislation. Consequently, in this situation it is the author, not the employer, who will realize all personal non-proprietary rights guaranteed by the law. See http://www.spb.su/rulesreg/3/legal.html.
Due to the magnitude of certain technology such as the supercomputer and high-level computer security access software, an organization was established to regulate and restrict them. These, along with other cryptographic products, led to the formation of the Wassenaar Arrangement, a pact between 33 industrialized countries to restrict the export of conventional weapons and "dual use" technology to certain countries considered unfit. These renegade countries are most likely at war with another. The WA replaces COCOM, the Cold War-era Coordinating Committee on Multilateral Export Controls. This was a group of only 17 countries that denied exporting of certain technologies to countries involved in the former Warsaw Pact. Also included were other communist countries. In 1993, COCOM dissolved and became the WA in 1995. Along with the Nuclear Suppliers Group, the Australia Group, and the Missile Technology Control Regime, it is one of the four international export control arrangements. To comply with the agreement, a country must be a producer or exporter of arms or dual-use products, maintain non-proliferation and respectable national policies, and also maintain fully effective export controls. See http://www2.epic.org/reports/crypto1999.html.
The Russian Federation's policies concerning the regulation of development, production, sales, and use of cryptographic instruments and services aim for unconditional execution of the Law of the Russian Federation (RF) Federal Institutions Providing Government Communications and Information. Its goal is to fight against organized crime, and to ensure the complete security of state information and telecommunications systems, especially with regard to Russian enterprises, banking, and finances. The program employed for these purposes is officially a Presidential Program, meaning that the Administration of the President of the RF and the Federal Agency for Government Communication and Information (FAPSI) will work together to finish and implement the program. The policies state that 1) government organizations are forbidden to use their encryption systems to support electronic signatures or any other protected information devices that are not certified by FAPSI, and are forbidden to grant contracts for such activity without a license from FAPSI; 2) the Central Bank of Russia must reprimand commercial banks that evade the mandatory use of FAPSI-certified encryption systems; 3) the import of foreign-made cryptographic instruments will require a license issued by the Ministry for External Economic Relations of the RF and approved by FAPSI; 4) these policies will be enforced by the Federal Counterintelligence Service, FAPSI, the State Tax Service, and the Department of Tax Police, and the program will be under intensified supervision by the Office of the Prosecutor-General of the RF. Further, a Federal Center for the Protection of Economic Information will be established within FAPSI to develop programs for safeguarding the information of Russian banking, finance, and other economically significant structures. See http://www.average.org/freecrypto/334.html.en.
In 1998 Russia put into affect a controversial law usually referred to as SORM (System for Conduct of Investigation and Field Operations). This law requires all internet services to lay a direct line to FSB (Federal Security Services), formerly the KGB, headquarters. (Borzo, Computerworld Magazine, 10 August 1998) This law also demands that the companies lay the lines and buy the equipment themselves. Any cost to the consumer is more than justified by the potential benefits. This connection will allow the FSB to examine all emails and communications on the internet and to more easily stop illegal activity. However, in order to use this power, a search warrant will still be required just as it would be in any other situation. There is very little security on the internet and it is important that there be some regulations. At this time, this is the only available method. It should also be noted that this move is not without precedent. A close look at FBI policy and procedures will show that they are not quite as "hands-off" as they may claim to be.