lambda 3.07

[3umoelle@informatik.uni-hamburg.de (Ulf Möller)]

Jerome Thorels Lambda Bulletin:

Sender: owner-lambda-en@freenix.fr
Precedence: bulk

lambda 3.07

contents


French crypto policy under fire

> The EC approved the draft policy, but the lack of transparency was
denounced by EU partners, French corporations and the Parliament 


Phil Zimmermann recovered

> PGP Inc. was to mary a key recovery advocate


Telco networks under fierce scrutiny in France

> Sex abuse on minors using the net could worsen the verdict


SHORT-CIRCUITS

> XS4ALL says no to police tap

> Europe's safety plan 

> EPIC vs Net Sheperd

> News from the GILC<bold>


*	*	*	*	*

FRENCH CRYPTO POLICY UNDER FIRE

</bold>

France expects to be the first undustrial nation to adopt
encryption-backed Trusted Third Party legislation by the end of this
year. The draft law has been submitted to the European Union's
consultative Commission in Brussels (EC), and the EC apparently gave
its approval for the law at the end of october. 


But lambda has learned that an "observation" letter sent by the EC to
the French government. The letter says the French draft law contains
some sections that, the letter states, "may hinder the free flow of
encryption products" in the 15-members European Union but also in
others european countries that have economic ties with the EU, like
Switzerland and Norway.


Meanwhile, the lambda obtained some confidences in EC circles,
explaining that the Dutch government said the actual French draft is
"unacceptable". Such reports have also been published in a
CommunicationsWeek International's article
(http://www.emap.com/cwi/195/195news4.html). The Dutch have protested
because they think the EC should not have approved the French draft
because it breaches open market principles. But CommunicationWeek wrote
that the EC succeeded to convince the French to drop some
discriminatory measures -- ie, earlier drafts did forbid foreign
capital to hold a majority stake in French TTPs -- but such TTPs still
have to be in French territory. 


The "observation" letter urges France "take into consideration" the
tests' results that have been done in other members' states on
encryption products -- the draft seems not clear about that. The main
point concerns a directive the EC passed in 1995, regarding "protection
of personal data", that requires all member states to allow people to
secure these data. The EC letter says the French draft "can obstruct
... the way individuals protect their personal data and the free flow
of these data [because] appropriate means to secure these personal data
wouldn't be available in France and/or couldn't "travel" with the data
they should secure if they come from other member states."


The creation of a special "authorization scheme regarding licenced
agencies" [TTPs] "could also obstruct the directive", the letter reads,
"because these schemes don't allow the use and the free circulation of
appropriate encryption means. In the public view, encryption [tools]
which are under the control of these licenced agencies, as proposed,
are often considered as non-appropriate to avoid some major risks." 


Meanwhile, French industry groups broke the diplomatic silence on
December 5th. The Association of unix and open systems users (AFUU),
along with the Business Software Alliance (BSA) and the American
Chamber of Commerce in France published a communique in which they say
the draft policy "is in contradiction with the goals of the Prime
Minister and may weaken France's position towards its commercial
partners". 


These groups have not been consulted by the government (and thus had no
access to the decrees), and they demand more transparency. The lack of
an "open debate" was also criticized by a Parliament's consultative
commission, which had access to the draft decrees. The commission
demands a "complete revamp" of the decrees. This is the first time the
French Parliament dares to criticize the government's encryption policy