Peter Gutmann
24 Durness Pl.

The Editor

National Business Review

PO Box 1734


Dear Editor,

I would like to address a claim made by the Ministry of Foreign Affairs and Trade (MFAT) in last weeks NBR over the export of encryption software from New Zealand. MFAT claim that they are required under the Wassenaar Agreement to restrict the export of this technology. This is untrue. Most of the signatories to this agreement place no restrictions on the distribution of encryption software, and at least one country (Hungary) even has support for the use of encryption written into its constitution. Several Scandinavian countries (Finland, Norway, Sweden, and Denmark, all of them signatories to the Wassenaar agreement) recently announced an international email security service using freely exportable strong encryption. A spokesman for the Finnish Ministry of Transport and Communications has called the debate on export restrictions "funny to watch". One company which no doubt finds the situation extremely amusing is DataFellows in Finland, who are currently selling their encryption software in New Zealand while NZ companies are being blocked by MFAT from sending equivalent software overseas. Unlike the NZ government, the Finnish government is actively promoting this industry — DataFellows were last year awarded the Finnish governments "most innovative company" award.

The Canadian government, one of the few countries which does try to enforce some form of export controls due to its proximity to the US, ruled last year that cryptlib was freely exportable without any need for permits to any country except Libya, Angola, and Iraq. MFAT are aware of this ruling as I sent them copies of the Canadian government documents many months ago.

It appears that MFAT's position is based on an antiquated outlook which regards software to secure electronic commerce as some form of special military technology, a position which might have been reasonable a few decades ago but is totally out of touch with the modern use of computers and electronic communications. In their October 1996 "Business File", MFAT claim that "New Zealand… is helping to limit the spread of increasingly sophisticated military technology and weapons of mass destruction". Whether mass-market commercial software which protects financial transactions and medical records counts as "sophisticated military technology" or "weapons of mass destruction" is unclear (I suppose it's possible to beat someone to death with a floppy disk if you were very determined, but that hardly qualifies as "mass destruction").

Finally, one of the goals of the Wassenaar agreement was to "not impede bona fide civil transactions", which MFAT have certainly done, and are continuing to do. In the meantime anyone with a credit card and phone, or the ability to walk into a software store, can buy the same software overseas. Stopping New Zealand companies from exporting widely available mass-market computer software of this kind "because terrorists might use it" makes about as much sense as stopping farmers from exporting beef and lamb "because terrorists might eat it".

The issue of Management Technology Briefing included with last weeks NBR reports on page 22 that there will be "a US$186 billion market in global transactions by the year 2000", along with a comment that securing these transactions — one of the goals cryptlib was designed for — remains a problem area. Within the next few years the push towards electronic commerce will become a veritable steamroller. By needlessly blocking the export of the technology required to secure this market, MFAT is helping ensure that New Zealand becomes part of the roadkill.

Yours Faithfully,

Peter Gutmann