For the first time in his lifetime, the founder of the popular encryption program PGP would have been safe traveling abroad with a PGP-equipped laptop computer. Yes, last Friday, February 16, the US Dept of State amended the International Traffic and Arms Regulation (ITAR) allowing individuals to use and export strong encryption material without a special licence*. Good news for Philip R. Zimmermann, who was suspected of ITAR violation (although the investigation was dropped last January).
It turns out that Phil Z took a plane for Europe at the beginning of this week to attend a conference. But he didn't know that ITAR has been amended. He learned the news when I called him at his hotel room to organize an interview. "Ho, no, I didn't know that... This is good news. But it's a small step, because other restrictions remain", he said.
The end of the story becomes more spicy. Guess to which country Phil has choosen to trave? France -- he'll attend the Imagina conference in the Riviera (Monte Carlo), Feb. 21-23. And what's the point? Using PGP in France stays as outlawed as launching a Scud missile : strong non-escrowed encryption is illegal even for private and individual use! (Export rules are tougher; if you have any doubt, skip to the next story...)
So at the very moment Philip Zimmermann becomes free to bring PGP in his baggage, he becomes virtually hand-cuffed by another country's regulation...
"I know the situation in France is even tougher that in the US [regarding encryption rules], he said calmly. But chance for progress are easier if the situation is tough..." I just have to salute this great optimism. In fact, he's perhaps under the charm : he visits France for the very first time. Enjoy yourself, Phil!
In France, if you want to sell it (even in the domestic market) it must be approved by the SCSSI, the Prime Minister's Central Service for information systems' security.
Abstracts from the "Read Me" documentation : "Once your application is registered, it implies a police investigation. Sometimes officers from the RG or the DST [government's intelligence agencies] are knocking at your door. They are polite, and may even invite you for lunch and ask at the end if you would like, one day, to become a police informer. ..."
Concerning the software implementation : "SCSSI agents -- extremely competent and open-minded, it's worth being mentioned -- will try to reach a deal that is acceptable for both sides, and ask some software modifications, for example to weaken the algorithm. But they are sovereign to decide on their own, and they are not obliged to explain their decision."
Afterwards, speaking with a reporter, the developer acknowledged that his product has been "castreted" at the request of SCSSI agents. "It does not protect you from official eavesdropping -- but if it were the case, it would be outlawed!"
"The SCSSI seems to think encryption is worth only for military, diplomacy and sensitive-sectors industry. That's not possible anymore. They have lost the technological battle, ... and unless they impose undemocratic measures, they will not politically survive much longer."
NOTE - I prefer to stay silent about the author's and the software's name (not to protect him; officials have the power to know who is the guy). The soft may be published in CD-Rom format in the French MAC press. Useful, I think, to protect private files from undiscreet eyes at home or at the office (scramble Netscape's cache files.) But not for e-mail purposes. That's clear...