Wassenaar Arrangement
Encryption
Proposed Legislation
Finland entered into the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies in 1996 and has implemented its December 1998 revision. In October 1998 the Finnish government also adopted a national cryptography policy, which affirms its commitment to the Wassenaar Arrangement and the European Union (EU) recommendation on the export of dual-use goods.
The Finnish government has declared its support of free trade and the use of cryptographic products on a national level. On an international level, the Finnish government aims to influence the reform of the international export regulations so that control lists correspond to technical development and to ensure that the necessary restrictions will not unreasonably impede normal foreign trade.
National law does not restrict the use of strong encryption. Indeed, it is endorsed under, for example, Finland's Act on Privacy and Data Security in Telecommunications (565/1999), which allows the use of all technical means to protect a telecommunications message.
With regard to exports and export restrictions, however, Finland observes the international arrangements to which it is committed. Under Finland's act on the Control of Exports of Dual-Use Goods (562/96), a licence is required for the export, dispatch and transit of cryptographic products other than those that are retailed without restrictions and do not require extensive vendor support. On a general level, Finnish authorities have been known to take a liberal approach towards the export of cryptography products.
In connection with the recent EU Directive on Digital Signatures, the Finnish government intends to introduce legislation making the provision of cryptography services and safe certification services subject to a voluntary licence or other method of authorization. Key escrow or key recovery will not be made mandatory.
In order to help the investigation of crime, legislation is planned that will enable law enforcement authorities to obtain access to individual encrypted data. This will empower authorities to demand that a provider of cryptography or certification services hand over an encryption key in their possession or otherwise contribute to the investigation.
For further information on this topic please contact Craig Thompson or Tanja Liljeström at Roschier Holmberg, Attorneys Ltd by telephone (+358 8 551 33 11) or by fax (+358 8 551 46 01) or by e-mail ([email protected] or tanja.liljeströ[email protected]).
The materials contained on this web site are for general information purposes only and are subject to the disclaimer.