Slashdot Mirror

← Back to Stories (view on slashdot.org)

SA Government's Crypto Registration Up And Running

Posted by Hemos on from the bad-bad-policies dept.

orange writes "Anyone who supplies crypto products to South Africans (and the government defines crypto as almost anything) has to register with the appropriate agency and pay a ZAR2000 fee (US$200). Failure to supply South Africans without being registered means potential jail time (How they're gonna get you unless you come to South Africa is another story). A copy of the legislation can be found can be found online."

6 of 249 comments (clear)

  1. Hey by VultureMN · · Score: 5, Funny

    Let's get a collection to send Theo to South Africa on vacation!

  2. WTF by tomhudson · · Score: 5, Insightful

    Of course, if you don't supply them with the key, how are they going to proove it's YOUR product that did the encryption in the first place?

  3. love that slashdot grammar by StuffYourReligion · · Score: 5, Funny

    Failure to supply South Africans without being registered means potential jail time

    OK, I fully expect to fail to supply South Africans with any kind of crypto technology. I also don't expect to be registered. And you're saying I'll go to jail for this? That's crazy!

    --
    Will I be Boered?

    --
    I have no special gift, I am only passionately curious. --Albert Einstein
  4. Why language skills matter by itp · · Score: 5, Funny

    Failure to supply South Africans without being registered means potential jail time

    I don't think that sentence means what the poster intended it to mean.

    Ian Peters
    itp at ximian dot com

  5. What about credit card numbers? by jc42 · · Score: 5, Insightful

    The obvious intent of all this is to make people pay the registration fee for every browser they may have on any machine. Otherwise, if you even accidentally download an encrypted page, i.e., you make a credit-card purchase over the web, you are risking a jail term.

    Of course, the obvious thing is for vendors to supply Windows machines that don't have any encryption installed, so that the vendors don't have to pay the registration fee for every sale. This is likely to lead to a situation where credit-card orders are sent unencrypted. The SA spammers will love this.

    People keep talking like encryption is some military or law-enforcement topic. But the main use of encryption these days is to prevent the interception of commercial information. The fact that restrictions on encryption will make financial data easily available is not necessarily accidental. The goal could very easily be a desire on the part of the government to have easy access to everyone's financial transactions. Such information has a lot of political uses.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  6. Even more terrifying... by Chastitina · · Score: 5, Informative

    ... is the additional requirement to register all "critical databases":

    "The protection of sensitive data is essential for a functioning of a modern society. As stated in the Electronic Communications and Transaction Act, the information that is of importance to the protection of the national security of the country or the economic and social well-being will be declared as critical. All critical databases will be identified and registered with the Department of Communications which includes the details of the database administrator, the location of the database and the general description of the categories or types of information stored in the critical database.The registered information will be treated as confidential. The protection, management and control of critical databases must comply with the minimum standards that might be prescribed by the Minister. The audit will be performed, from time to time either by Cyber Inspectors or an independent auditor to evaluate the compliance."

    Given such vague standards for "critical" almost *any* commercial database could be deemed "of importance to the protection of the national security of the country or the economic and social well-being." Amazon.com's database contains names and addresses of persons purchasing "how-to" books on terrorism and building bombs? It's critical! A Pr0n site has kept track of all visitors? Some of them *might* be criminals and dangerous to "social well-being."

    Yes, there's also issues with persons living in SA downloading crypto software from foreign companies that haven't registered (are they liable or not?), but most of that is easily bypassed. Just have a visitor bring the "protected" code in on a floppy and distribute it internally.

    The database restrictions have much more serious implications...