Slashdot Mirror

← Back to Stories (view on slashdot.org)

SA Government's Crypto Registration Up And Running

Posted by Hemos on from the bad-bad-policies dept.

orange writes "Anyone who supplies crypto products to South Africans (and the government defines crypto as almost anything) has to register with the appropriate agency and pay a ZAR2000 fee (US$200). Failure to supply South Africans without being registered means potential jail time (How they're gonna get you unless you come to South Africa is another story). A copy of the legislation can be found can be found online."

10 of 249 comments (clear)

  1. How are they going to get you? by gmhowell · · Score: 4, Insightful

    There are these things called 'extradition treaties'. I have no idea what the nature of one (if any) between {US|CA|UK|DE|etc.} and SA is, but it might exist.

    --
    Jesus was all right but his disciples were thick and ordinary. -John Lennon
    1. Re:How are they going to get you? by neocon · · Score: 3, Insightful

      Yup. It's actually even worse than this, because the treaty explicitly prohibits any court review of the extradition. Whereas before the treaty, someone being extradited from Britain to Greece for something illegal in both nations would be entitled to a court hearing to determine (in Britain) if the request was valid, now not only could he be extradited for something not illegal in Britain, this extradition would have to be done immediately and without court review of any sort.

      Live in Italy and violate thew (very strict) British libel laws? Go straight to a British courtroom, with no review of this by Italian officials. Put up a web site in England violating the (again quite strict) Italian blasphemy laws? Go straight to an Italian court, even if you've never set foot in Italy in your life.

  2. WTF by tomhudson · · Score: 5, Insightful

    Of course, if you don't supply them with the key, how are they going to proove it's YOUR product that did the encryption in the first place?

  3. What about credit card numbers? by jc42 · · Score: 5, Insightful

    The obvious intent of all this is to make people pay the registration fee for every browser they may have on any machine. Otherwise, if you even accidentally download an encrypted page, i.e., you make a credit-card purchase over the web, you are risking a jail term.

    Of course, the obvious thing is for vendors to supply Windows machines that don't have any encryption installed, so that the vendors don't have to pay the registration fee for every sale. This is likely to lead to a situation where credit-card orders are sent unencrypted. The SA spammers will love this.

    People keep talking like encryption is some military or law-enforcement topic. But the main use of encryption these days is to prevent the interception of commercial information. The fact that restrictions on encryption will make financial data easily available is not necessarily accidental. The goal could very easily be a desire on the part of the government to have easy access to everyone's financial transactions. Such information has a lot of political uses.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  4. Is this an attempt at an embargo? by ziggy_travesty · · Score: 1, Insightful

    There are only a couple of scenarios in which this makes any sense to me: 1. The SA gov't is trying to create an embargo on the importation of crypto in order to spur domestic development of crypto. 2. The SA gov't believes that if they know who is distributing and receiving crypto, it will make things easier for them to track and quash any political uprising that may come as a result of a particular group having the ability to communicate securely. I really don't think I understand why govenments are still concerned with crypto regulation. Even the NSA is finally easing exportation laws. Even Bruce Schiner (Atlanitic Monthly, Sept. 2002) has revamped his whole philosophy on crypto since Applied Cryptograpy was released...a very interesting article.... -me

  5. Anyone who supplies crypto products.. by tezzery · · Score: 2, Insightful

    What exactly constitutes 'supplying'..

    For example, would hosting a program on a website accessible to someone in South Africa count as supplying? What if someone in South Africa hacks into an ftp and downloads the program?

  6. It's all about taxes by vlad_petric · · Score: 3, Insightful
    It's very simple, really - they simply don't get enough money from taxes, so they have to keep inventing new taxes to sustain their budget.

    One of the signs an economy is in free-fall.

    The Raven

    --

    The Raven

  7. This is significant by ACNeal · · Score: 2, Insightful

    When you think of all the people that say "What do you need to encrypt stuff for, if you aren't doing anything wrong" and the best thing you can come up with is "Do you send everyone postcards?", think of this.

    One of the main reasons the entire world should be involved in strong, government free crypto is for nations that systematically deprive their citizens of basic human rights. And I am not talking about your right to fly without being frisked.

    South Africa has long been known for its obscene treatment of people, and it hasn't gotten any better since Mandella took over. If anything it has gotten worse.

    People need to be able to send out cries for help without those cries bringing down even more heat. Human rights workers are probably the most legitimate users of crypto, but until everyone uses crypto to send love notes, grocery lists, and the like, these messages and the people that send them, will stick out like sore thumbs.

  8. Re:Even more terrifying... by 0WaitState · · Score: 3, Insightful

    All critical databases will be identified and registered with the Department of Communications which includes the details of the database administrator, the location of the database and the general description of the categories or types of information stored in the critical database.The registered information will be treated as confidential.

    Does anyone else realize what a whopping huge security hole this is? Go to one place to learn where all the secrets are! Even if you don't get the db contents (yet), you can infer all sorts of interesting things about organizations and people that show up on the lists. Using as a baseline the sad history of moles in US government security agencies, it shouldn't take much $$ relatively speaking to acquire the lists of secret dbs.

    --

    Remain calm! All is well!
  9. That's *in* SAf, not *to* SAf by jon_eaves · · Score: 4, Insightful
    When will people read the friggin articles first. Oh, I forgot, this is /. with people having a reading age of about 10, and a concentration span in the nanoseconds.

    When I saw it, I nearly had a heart attack, I write freely available Java crypto BouncyCastle.org and thought of the horrible problems that we're going to have keeping SAf off the site.

    I spent the 2 seconds actually reading the paragraph at the SAf Gov Site and it says:

    All Cryptography Providers providing services or products in South Africa are required to register their services or products with the register maintained by the Department of Communications.

    Note, the wording is in.