Serial No. 113
Date: December 23, 1998
1.1 The purpose of this Notice is to inform the exporting community of:
2.1 The export of cryptographic goods and technologies is controlled for the purposes set out in Section 3(d) of the Export and Import Permits Act (EIPA):
"3(d) to implement an intergovernmental arrangement or commitment."
2.2 The Export Control List (ECL) includes the publication "A Guide to Canada's Export Controls" (Guide). The ECL contains the list of items subject to export controls. The ECL is a regulation made pursuant to the EIPA as a means of controlling the export of goods from Canada. Cryptographic goods and technologies are enumerated as Item 1150 - Information Security of the Guide.
2.3 These controls are applied in a manner consistent with Canadian laws, regulations, policies and with Canada's multilateral commitments. The export of cryptographic goods and technologies is administered by the Export Controls Division (EPE) of the Department of Foreign Affairs and International Trade (DFAIT).
3.1 The proposed export control changes, which are expected to take effect in 1999, and identified in this Notice, are consistent with the Canadian Cryptography Policy announced by the Honourable John Manley, Minister of Industry Canada in October 1998. The changes do not alter the Canadian Cryptography Policy which allows Canadians to use, develop or import any strength of cryptographic product. These changes do not alter Canada's positions regarding no mandatory key recovery or licensing regimes.
3.2 Furthermore, as announced in the Canadian Cryptography Policy, procedures have been implemented which are designed to streamline the export permit process for cryptographic goods to better position Canadian exporters to increase their sales and share in global markets while being mindful of security interests.
4.1 The Wassenaar Arrangement was established in order to contribute to regional and international peace and security, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations. The thirty-three participating states of the Wassenaar Arrangement seek to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities. This arrangement is also intended to enhance cooperation to prevent the acquisition of armaments and sensitive dual-use items for military end-uses, if the situation in a region or the behaviour of a state is, or becomes, a cause for serious concern. This arrangement is not directed against any state or group of states and does not impede bona fide civil transactions.
4.2 Since the establishment of the Wassenaar Arrangement, all products designed or modified to use cryptography of any key bit length to ensure information security have been controlled unless they complied with either a specific exemption or the General Software Note.
4.3 To keep pace with developing technology and electronic commerce while being mindful of security interests, the Wassenaar Arrangement Participating States reached a consensus decision on export control revisions for cryptographic goods and technologies at a meeting in Vienna on December 3, 1998. These revisions, details of which are available on the Wassenaar Arrangement web site, provide significant relaxations that help promote the further development of electronic commerce. In general, the changes establish an equivalence for hardware and software goods, implement controls on certain mass market goods, and remove controls on a range of goods.
5.1 The Wassenaar Arrangement Participating States agreed to remove from control:
5.2 In addition, the Wassenaar Arrangement Participating States agreed:
6.1 The Wassenaar Arrangement Participating States agreed to replace Entry 1 of the General Software Note for Mass Market Cryptographic Software with a Cryptography Note applicable to both hardware and software goods that meet all of the following:
6.2 In addition to the technical changes, the Wassenaar Arrangement Participating States agreed that the controls on Mass Market goods as defined in sub-paragraph 6.1 (d) above will remain in effect for two years and that the renewal of such controls for a successive period will require the unanimous consent of the Wassenaar Arrangement Participating States.
7.1 The export of cryptographic goods and technologies is administered by the Export Controls Division (EPE) of the Department of Foreign Affairs and International Trade (DFAIT). Cryptographic goods and technologies are enumerated under Item 1150 - Information Security of the Group 1 - Dual Use List in the Guide. These controls are applied in a manner consistent with Canadian laws, regulations and policies, and with Canada's multilateral commitments.
7.2 The regulatory changes will be implemented in a manner that respects our national cryptography policy. This policy encourages the widespread use of strong encryption and growth of export markets for Canadian technologies.
7.3 The regulatory changes will not affect the export of cryptographic goods and technologies to the United States. There will continue to be no permit requirements to export cryptographic goods or technologies to the United States.
7.4 The regulatory changes to Canada's export controls will come into effect in approximately six months. During the interim period the existing export controls described in Group 1, Item 1150 of the Export Control List remain in effect. Accordingly, export permits are required to export controlled cryptographic goods and technologies to any destination except the United States, however, the exporting community will benefit from the agreed liberalizations. To the extent possible, Canada shall:
7.5 As soon as practicable, a General Export Permit will be issued for mass market software employing a symmetric algorithm with a key length not exceeding 128 bits.
7.6 Consistent with the Canadian Cryptography Policy announced by Mr. Manley in October 1998, Canada has streamlined the permit issuing process for controlled cryptographic goods by establishing the cryptographic multi-destination permit and maintaining information (cataloguing) on controlled goods.
7.7 Cryptographic multi-destination permits are issued by DFAIT to allow the export of a specific good, or goods, to an authorized target sector in specific countries. It enables the exporter to export strong controlled cryptography:
7.8 Cataloguing establishes the cryptographic capability and functionality of controlled goods at the time of export permit issuance. For subsequent permit applications, the permit consultation process may concentrate on the consignee and intended end-use of the goods provided it has not changed from when it was last catalogued.
7.9 Canada will continue to examine additional mechanisms for streamlining the export permit process such as the use of General Export Permits, multi-destination permit improvements, and the identification of additional target sectors for multi-destination permits.
8.1 The export of goods and technologies described in Group 1 of the ECL requires an export permit from DFAIT. Applications for permits are submitted to DFAIT for processing.
9.1 Questions regarding this Notice should be directed to:
The Department of Foreign Affairs and International Trade,
Export Controls Division (EPE),
125 Sussex Drive,
Ottawa, Ontario, K1A 0G2