SA Government's Crypto Registration Up And Running 249
orange writes "Anyone who supplies crypto products to South Africans (and the government defines crypto as almost anything) has to register with the appropriate agency and pay a ZAR2000 fee (US$200). Failure to supply South Africans without being registered means potential jail time (How they're gonna get you unless you come to South Africa is another story). A copy of the legislation can be found can be found online."
How are they going to get you? (Score:4, Insightful)
Re:How are they going to get you? (Score:1)
Re:How are they going to get you? (Score:2)
(personally, I'd like to see the Koreans, Taiwanese, Chinese, Germans, and Canadians put a trade embargo on the US to get... Oh, really anyone... extradited:)
Re:How are they going to get you? (Score:2)
bzzzt... US military personnel overseas accused of a crime are frequently tried in the host nations courts. Depending on the particular Status of Forces Agreement, the host nation often gets first crack at them.
Re:How are they going to get you? (Score:2)
Re:How are they going to get you? (Score:2)
Re:How are they going to get you? (Score:4, Informative)
Tor
Re:How are they going to get you? (Score:1)
Re:How are they going to get you? (Score:1)
Re:How are they going to get you? (Score:1)
Re:How are they going to get you? (Score:2, Informative)
Re:How are they going to get you? (Score:1)
Not always. Canada is _very_ picky about deporting anyone to a country if their crime could carry the death pentaly as a "sentence", such as many US states.
Re:How are they going to get you? (Score:1)
For some countries, the people can only be extradited if it is a crime in both countries. For example, if South Africa had an extradition treaty with Britain, they could probably extradite a murderer, but not somebody who has supplied crypto as the latter case isn't (yet) a crime in the UK.
Re:How are they going to get you? (Score:2)
Suppose a serial killer got to South Africa? It's very common to bend treaties and ideas and have a mutual extradition.
Re:How are they going to get you? (Score:3, Informative)
For example, if you, an American citizen, kill someone in south afric, you can be extradited to south africa because killing someone is a crime in both countries (some conditions apply: see CIA, etc... for exceptions).
However, if you, an American, are accused of the "crime" of "thinking bad thoughts about despot ruler tyrant so-and-so", this is not a crime in America, so any extradition request will be ignored. Or laughed at. Or both.
Re:How are they going to get you? (Score:3, Interesting)
(No offence intended to Greeks, just using this to highlight the dangers of the European arrest warrant).
Re:How are they going to get you? (Score:1, Offtopic)
Get your facts straight.
They were convicted of SPYING, not planespotting.
They were deliberately photogtraphing Greek millitary bases, having been repeatedly asked many times by the authorities NOT to do so because it woudl be considered spying.
The stupid idiots refused to stop, so in teh end the Greek authorities had no option but to arrest them.
So please, get your facts straight before citing examples!
Re:How are they going to get you? (Score:2)
I was actually taking the piss, but looking back I didn't make it clear enough
Anyway, my point is that they would have received a knock on the door from BRITISH police for this charge of 'spying', within BRITISH territory, with no need for the greek government to prevent evidence. Not to mention the fact that looking at aircraft does not constitute spying in Britain anyway...
Re:How are they going to get you? (Score:2)
Mind you, we've got some stupidity here (Canada) too. One woman was threatened with jail time for an overdue library book. I received a similar note from the library for a book that had already been returned, but their system was fscked up, and was looking for it under its' sub-title.
Maybe the Greeks got it backwards (insert obligatory ethnic greek "backwards" joke here), and thought that planespotting had something to do with grafitti - painting large circles on planes. :-)
Best regards
Re:How are they going to get you? (Score:3, Insightful)
Yup. It's actually even worse than this, because the treaty explicitly prohibits any court review of the extradition. Whereas before the treaty, someone being extradited from Britain to Greece for something illegal in both nations would be entitled to a court hearing to determine (in Britain) if the request was valid, now not only could he be extradited for something not illegal in Britain, this extradition would have to be done immediately and without court review of any sort.
Live in Italy and violate thew (very strict) British libel laws? Go straight to a British courtroom, with no review of this by Italian officials. Put up a web site in England violating the (again quite strict) Italian blasphemy laws? Go straight to an Italian court, even if you've never set foot in Italy in your life.
Re:How are they going to get you? (Score:3, Interesting)
This, of course, in stark contrast to our country, whose leader [georgebush.com] believes that Africans should, under no circumstances, be educated about how AIDS is spread. [observer.co.uk]
This is the same man that believes, down to the letter, in a book [bible.com] that says women and unborn children are property [urantiabook.org], among other ridiculous assertions [infidels.org]
Re:How are they going to get you? (Score:2)
Ok, so for the sake of argument, lets say first trimester fetuses have "a life".
Now, is it right to sacrifice the lives of grown humans by denying them education and medical support on a life or death issue, so that these fetuses can be born (who, when born, will be affected by this aforementioned life or death issue, and have a fair chance of dying from it then)
People will die either way. Less people would have died had he approved the bill.
And you call this "Pro-life"?
Re:How are they going to get you? (Score:2)
Try USS Clueless [denbeste.nu]. Yeah, it's a weblog, but the guy has many well-thought out arguments against the ICC.
Hey (Score:5, Funny)
uh-oh. (Score:4, Funny)
Re:uh-oh. (Score:1)
Re:Here are some alternative vacation locations (Score:2)
use it against the MPAA and RIAA! (Score:1, Interesting)
Re:use it against the MPAA and RIAA! (Score:2)
Even if it were $200 per title, they would still make it up by selling 20 or so discs. I strongly doubt it's going to be interpretted as $200 per individual copy of a disc.
Re:use it against the MPAA and RIAA! (Score:2)
Yes, but, the idea of laws is that they carry enough force to dissuade people from routinely violating them. A party who willfully breaks a law, considering the fines to be merely a cost of doing business, should be punished harshly on the basis of their contempt for the law, regardless of the fine.
If there's a $100.00 fine for dumping, you cannot dump your trash there once a week and drop off a check for $100.00 at the courthouse clerk's office. The willful, repetitive nature of your violation will take on a legal signifigance beyond the scope of the original violation.
In practice, of course, many *do* get away with such practices, but not indefinitely, and not without risk.
Re:use it against the MPAA and RIAA! (Score:2)
Re:use it against the MPAA and RIAA! (Score:2, Funny)
South America? (Score:1)
* What's this about South America?
* You really think a one-time $200 reg. fee (per product, $900 for changes/updates) will hurt the MPAA or RIAA?
Re:use it against the MPAA and RIAA! (Score:1, Informative)
Erm, Buenos aires? (Score:1)
Maybe Johannesburg would work better as that is a city that is actually inside the South African borders?
Then again, speaking as an ex-South African, the current government does have such boundless abilities to mess everything up that it would not surprise me in the least if they sent people off to prisons in Buenos Aires.
Re:use it against the MPAA and RIAA! (Score:2)
WTF (Score:5, Insightful)
Re:WTF (Score:1)
Stupid user has *.yap files on it, encrypted...
your app makes
Don't think that could happen?
I've noticed this trend on slashdot as part of the geek influence no doubt. Repeat after me... things don't have to be mathematically proven to count as proof in a court of law.
---Lane
Re:WTF (Score:2)
"my app" assigns random file extensions;
They find files that end in .txt, .gif, .mpg, etc.
They look elsewhere...
Seriously, on systems that rely on the filename/extension, this MIGHT be a workable scenario ...
But in reply to your statement that things don't have to be mathematically proven to count as proof in a court of law, they do have to be proven. the standard of proof is:
- in civil courts, the preponderance of the evidence;
- in criminal courts, beyond a reasonable doubt.
A simple way to show that not all .yap files are encrypted files would be to rename a .gif file to .yap. It's not encrypted, and shows that "my app" is not the only way to create such files. They would then have to look for, say, signature bytes in the file header (a la MAGIC filetypes). If there is no header, they're shit out of luck.
This "trend" for geek influence is actually a good thing, certainly better than the tyranny of political correctness that the "Moral Majority" had previously attempted to impose on the "Real Majority", who saw them as a bunch of self-important pig-fucking hypocrites.
Best regards, and thanks for taking the time to point out a potential problem for all those designing new crypto packages :-)
Re:again.. geek influence... (Score:2)
1: reasonable doubt. Did you know that NOWHERE in the criminal code is the term "reasonable doubt", or what constitutes a reasonable doubt, actually defined? Reasonable doubt is one of those legal niceties off which lawyers grow rich, and which, given the ever-changing social environment, any attempt to define it would be doomed to failure.
2: Existing software already can make encrypted files that don't depend on file extensions. Why would I, or any other developer who wants to screw over The Man, do something as dumb as using a default file extension? Why not have it generate random extensions?
3: Renaming a whole bunch of *.txt files to *.yap still leaves them in plain text, readable in any text viewer. It would tend to show that the user did NOT use the software, and was depending on the "security through obscurity" model.
4: If I can show that there are other ways of creating *.yap files, then I am definitely off the hook, because the courts would have to consider that, maybe, someone else's application created those files. Especially if the code for creating those files is open-source. Wow - another good argument for open source
5: Is it reasonable? One protester back in the '60s took a piece of paper and wrote FUCK THE FBI on it in big, bold letters a bunch of times, then ran it through a paper shredder, then tore up the strands, and left them in his hotel room, knowing it was going to be searched. Can you picture some poor crime tech reassembling that document? Was it reasonable? No. Did it happen? Yes.
Courts have to consider evidence. If there is no evidence, then motives become irrelevant. Show me the body! If there is no evidence that only my app can create and read *.yap files, there is no direct connection to me. It's like trying to prove murder without a corpse. Especially if, after being charged, I produce an alternative, for example, evidence that the deceased is still alive, or died of natural causes.
Thanks for replying - it's been interesting so far...
Re:again.. geek influence... (Score:2)
Chuckle.
-
Failure? (Score:1)
love that slashdot grammar (Score:5, Funny)
OK, I fully expect to fail to supply South Africans with any kind of crypto technology. I also don't expect to be registered. And you're saying I'll go to jail for this? That's crazy!
--
Will I be Boered?
Re:love that slashdot grammar (Score:1)
supplying South Africans without being registered means potential jail time
- but I know what you mean. I was going to comment on this too, but then I saw your post.
Regards...
Re:love that slashdot grammar (Score:1)
LOFL (Score:2)
Slashdot (Score:2, Funny)
If you begin to get hammered, point your cname to someone elses machine.
And do it FAST!
Re:Slashdot (Score:1)
0a. Last Update: Mon Sep 30 21:15:37 SAST 2002
0b. Sender: dns-admin@uunet.co.za
0c. Posted: Sun, 29 Sep 2002 21:08:35 +0200 (SAST)
0d. Subject: UPDATE DOMAIN aspa.co.za
0g. Hist Cnt: 2
0h. Inv Number: 0
0i. Contract: NEW
1a. Domain: aspa.co.za
1b. Action: U
2a. Domain Owner: Eskom Information Technology Services
2b. Owner Postal: P O Box 1096, Johannesburg, 2000
2c. Owner StAddr: P O Box 1096, Johannesburg
2j. Owner Phone: +27 11 203 6075
2k. Owner Fax: +27 11 203 6075
2l. Owner E-Mail: heinz.kollner@arivia.co.za
3a. Opp Date: 2002/09/30 21:15:23
4a. Adm Contact: Kollner, Heinz
4b. Adm Title: UUNET South Africa DNS Administration
4c. Adm Company: Eskom Information Technology Services
4d. Adm Postal: P O Box 1096, Johannesburg, 2000
4e. Adm Phone: +27 11 203 6075
4f. Adm Fax: +27 11 203 6075
4g. Adm E-Mail: heinz.kollner@arivia.co.za
4h. Adm Nic:
5a. Tec Contact: UUNET (SA) Operations
5b. Tec Title: UUNET South Africa DNS Administration
5c. Tec Company: UUNET South Africa
5d. Tec Postal: PO Box 44633, Claremont
5e. Tec Phone: +27 21 658 8700
5f. Tec Fax: +27 21 683 0160
Re:Slashdot (Score:1)
And I'd use this for what? Oh. I forgot. I'm supposed to call them with my VISA, right?
"Hi, yes, I checked through my logs and it turns out I had one of your citizens download some ssh source from me. I'm just calling to give you my credit card number so you can bill me the the registration fee."
Thawte Consulting... (Score:1)
South Africa...
Why language skills matter (Score:5, Funny)
I don't think that sentence means what the poster intended it to mean.
Ian Peters
itp at ximian dot com
Re:Why language skills matter (Score:2, Funny)
Obviously, it means that if you supply South Africans to the market [1] all is fine, whereas if you fail to supply them to the market without registering as a non-supplier, you in a heap o' trouble, boy!
[1] I thought slavery was illegal there; they must have relegalized it there once they kicked the whites out. Or maybe that really meant something else entirely? No ...
Re:Why language skills matter (Score:1)
Inigo Montoya: You keep using that word. I do not think it means what you think it means.
Re:Why language skills matter (Score:3, Funny)
INCONCEIVABLE!!!
Re:Why language skills matter (Score:2, Funny)
I don't think that sentence means what the poster intended it to mean.
But... what if it does?!?! Ive failed to supply them crypto, AND im not registered...!
In fact, quite a few of us have too, id bet. What are we going to do...? Aggghhhh!
I suppose I could just read the article... what am I thinking, this is Slashdot, must be true... must be true...
Re:Why language skills matter (Score:2)
In the US, it hasn't been legal to supply South Africans to anyone since the Emincipation Proclaimation was signed.
What about credit card numbers? (Score:5, Insightful)
Of course, the obvious thing is for vendors to supply Windows machines that don't have any encryption installed, so that the vendors don't have to pay the registration fee for every sale. This is likely to lead to a situation where credit-card orders are sent unencrypted. The SA spammers will love this.
People keep talking like encryption is some military or law-enforcement topic. But the main use of encryption these days is to prevent the interception of commercial information. The fact that restrictions on encryption will make financial data easily available is not necessarily accidental. The goal could very easily be a desire on the part of the government to have easy access to everyone's financial transactions. Such information has a lot of political uses.
Re:What about credit card numbers? (Score:1)
Re:What about credit card numbers? (Score:2)
Thats because some of us dont have to read the articles not to make wild crazy silly illogical assumptions.
I didn't read the article (seems
Re:What about credit card numbers? (HUH?!) (Score:2)
WHAT?!
Anyone who supplies SA's with an encryption product
Can you prove to me that this is a per-seat tarrif, or just an attempt at monitoring what crypto technologies have been imported into the country, let me know.
Until then, to suggest that they want to eliminate crypto via this registeration fee makes me ask: Why don't they just ban crypto altogether then?
Re:What about credit card numbers? (HUH?!) (Score:2)
Why must everything be framed in terms of commerce and profit? Where does this leave a free OpenSSL mirror (not selling anything)?
Re:What about credit card numbers? (HUH?!) (Score:2)
Well, I'd bet that they would consider this a "sale" that requires registration.
If not, then the law is pointless. As a vendor, I could just say "I'm only selling the hardware; the encryption is free." Sellers love to give things away "for free", if you only get the free things by paying for something else.
Whether they could actually impose a registration fee on openssh.org isn't obvious. Who would they extradite and toss in jail?
There's still the prospect that a clueless SA computer user will use encryption without realizing the fact. How many people realize that when you order a CD or a shirt from a web site, you are using encryption? But you can be sure that the software installed at the ISP will notice your encrypted messages.
Unless you can present a receipt for the registration fee for your encryption library, what defense do you have when they come knocking on your door?
Re:What about credit card numbers? (HUH?!) (Score:2, Informative)
This type of law doesn't normally limit itself to commercial transactions: remember that the Californian courts will consider that you "do business in" california if someone from that state can access your website. In fact, you would also be "publishing" in california. Doesn't bother them that a user would have to post a request to your server in the UK, and retrieve a document created in the UK; as far as they're concerned, it's as good as living there and running a press.
It may be illogical, uninformed, and just plain wrong, but don't be surprised if courts take a weird interpretation of things. Is pgpi.org visible from South Africa?
unlikely (Score:2)
besides, if there were, we'd just extradite all lawbreakers instead of waiting for them to come to the US (like Dimitry) -
dumbasses...taking a page from the early 90's again.
RB
Is this an attempt at an embargo? (Score:1, Insightful)
Re:Is this an attempt at an embargo? (Score:2)
The SA gov't believes that if they know who is distributing and receiving crypto, it will make things easier for them to track and quash any political uprising that may come as a result of a particular group having the ability to communicate securely. Also unlikely, they could use very rudimentary, but nonetheless worthwhile, crypto that came with their computers (i.e. ssh/sftp, ssl, etc.) This would be innocuous, because lots of people use ssl and the like.
It seems more likely that the government is just paranoid and technologically illiterate. You would expect more of them, but the US government did (and is still doing, see my sig) similarly silly stuff, and SA does not exactly have a track record for having an enlightened government.
The registration form is here.. (Score:2, Funny)
I think I'll register my Wheaties Secret Code ring..
New Debian section (Score:1)
how I hate to keep changing my sources.list...
In other news... (Score:4, Funny)
Darn! Darn, darn DARN! (Score:1)
Oh, wait... BrainRAM (TM) fried again. You may now return to your regularly scheduled thread...
Great... (Score:2)
Anyone who supplies crypto products.. (Score:2, Insightful)
For example, would hosting a program on a website accessible to someone in South Africa count as supplying? What if someone in South Africa hacks into an ftp and downloads the program?
Re:Anyone who supplies crypto products.. (Score:1)
Excellent News (NOT) (Score:2)
I personally feel that countries extending their jurisdiction over the Internet should be violating some kind of international treaty. After all, SA is restricting the freedom of all people here, not just their own. Perhaps we could convince G.W.O[fficeholder] to fight netwide oppression instead of perceived terrorism?
Where do I send my money? (Score:3, Funny)
I've added some nifty features to ROT13 and don't want to end up in a South African jail...
Hrmmm.... (Score:2)
Re:Hrmmm.... (Score:1)
Goat se ?
I have a similar law (Score:2)
Even more terrifying... (Score:5, Informative)
"The protection of sensitive data is essential for a functioning of a modern society. As stated in the Electronic Communications and Transaction Act, the information that is of importance to the protection of the national security of the country or the economic and social well-being will be declared as critical. All critical databases will be identified and registered with the Department of Communications which includes the details of the database administrator, the location of the database and the general description of the categories or types of information stored in the critical database.The registered information will be treated as confidential. The protection, management and control of critical databases must comply with the minimum standards that might be prescribed by the Minister. The audit will be performed, from time to time either by Cyber Inspectors or an independent auditor to evaluate the compliance."
Given such vague standards for "critical" almost *any* commercial database could be deemed "of importance to the protection of the national security of the country or the economic and social well-being." Amazon.com's database contains names and addresses of persons purchasing "how-to" books on terrorism and building bombs? It's critical! A Pr0n site has kept track of all visitors? Some of them *might* be criminals and dangerous to "social well-being."
Yes, there's also issues with persons living in SA downloading crypto software from foreign companies that haven't registered (are they liable or not?), but most of that is easily bypassed. Just have a visitor bring the "protected" code in on a floppy and distribute it internally.
The database restrictions have much more serious implications...
Re:Even more terrifying... (Score:3, Insightful)
Does anyone else realize what a whopping huge security hole this is? Go to one place to learn where all the secrets are! Even if you don't get the db contents (yet), you can infer all sorts of interesting things about organizations and people that show up on the lists. Using as a baseline the sad history of moles in US government security agencies, it shouldn't take much $$ relatively speaking to acquire the lists of secret dbs.
Re:Even more terrifying... (Score:2)
(a) the general management of critical databases;
(b) access to, transfer and control of critical databases;
(c) infrastructural or procedural rules and requirements for securing the integrity and authenticity of critical data;
(d) procedures and technological methods to be used in the storage or archiving of critical databases;
(e) disaster recovery plans in the event of loss of critical databases or parts thereof; and
(f) any other matter required for the adequate protection, management and control of critical databases.
Re:Even more terrifying... (Score:2)
Otherwise known Random J. Hacker.
-
Interesting (Score:1)
Meanwhile, nearby... (Score:1, Troll)
Meanwhile, he's accompanied by -- Chris Tucker! Geez, it's embarassing enough when Bono gets treated like a head of state, but Chris Tucker? Was Carrot Top unavailable?
Heh (Score:2)
People fear that which they don't understand.
Never Assume (Score:3, Interesting)
I'd advise everyone to do a little reading on a man called Gerhard Lauck.
He was/is an avowed neo-nazi who published material relating to his distasteful belief system in the United States (where it is of course perfectly legal, if considered bad form). He exported some of this material to Germany, where it is considered a serious crime.
Obviously the U.S. wouldn't extradite him, because freedom of the press is so important, but unfortunately for him while travelling in another country he was picked up by German authorities and pretty much smuggled acrossed the border to Germany, where he spent several years in prison.
Re:Never Assume (Score:3, Informative)
It's all about taxes (Score:3, Insightful)
One of the signs an economy is in free-fall.
The Raven
Re:It's all about taxes (Score:2)
The Raven
This is significant (Score:2, Insightful)
One of the main reasons the entire world should be involved in strong, government free crypto is for nations that systematically deprive their citizens of basic human rights. And I am not talking about your right to fly without being frisked.
South Africa has long been known for its obscene treatment of people, and it hasn't gotten any better since Mandella took over. If anything it has gotten worse.
People need to be able to send out cries for help without those cries bringing down even more heat. Human rights workers are probably the most legitimate users of crypto, but until everyone uses crypto to send love notes, grocery lists, and the like, these messages and the people that send them, will stick out like sore thumbs.
Re:This is significant (Score:2)
Don't forget War on Drugs, War on Terrorism, corporate fraud, and the 1970s. (possibly the worst of them all)
I had no idea South Africa had improved so much. Just goes to show how little our media tells us about what's happening in countries that we don't want to destroy.
Crypto is made illegal (Score:2)
yeah really (Score:2)
That's *in* SAf, not *to* SAf (Score:4, Insightful)
When I saw it, I nearly had a heart attack, I write freely available Java crypto BouncyCastle.org [bouncycastle.org] and thought of the horrible problems that we're going to have keeping SAf off the site.
I spent the 2 seconds actually reading the paragraph at the SAf Gov Site [aspa.co.za] and it says:
All Cryptography Providers providing services or products in South Africa are required to register their services or products with the register maintained by the Department of Communications.
Note, the wording is in.
Re:That's *in* SAf, not *to* SAf (Score:2)
I would not dismiss that so easily. The intent of the law is the basis for the ruling of a judge (in SA). Unless a lawyer can convincingly argue that only local providers of crypto were intended to be registered, it will be read as "any provider with a presence in the SA market providing crypto". This may limit the applicability to providers with some sort of physical presence / outlet / support in SA, and not extend to pure virtual trade. But I wouldn't count on it.
Re:That's *in* SAf, not *to* SAf (Score:3, Informative)
(a) from premises in the Republic;
(b) to a person who is present in the Republic when that person makes use of the service or product; or
(c) to a person who uses the service or product for the purposes of a business carried on in the Republic or from premises in the Republic.
Ok... (Score:2)
We won't mention the massive tariffs that the US places on imports like Australian lamb or Canadian timber or anything steel to subsidise poorly performing local industries...
or those wonderful pieces of *US* legislation like the DCMA and CDBTPA, which, regardless of their intended jurisdiction, have ramifications on software developers and technology providers worldwide.
The US doles out more shit like this SA crypto legislation than any other country in the world.
Re:classic 1) 2) ??? 3) PROFIT!!!!! (Score:1)
2) register with the appropriate agency and pay a ZAR2000 fee (US$200).
3)Or, Fail to supply South Africans without being registered and get potential jail time
4) ???
5) PROFIT!!!!
More like:
1) Monopolize the diamond industry, and lie about the scarcity of diamonds to artificially inflate thier value.
2) Strongarm the SA government into enforcing strict crypto law(so DeBeers' secret will never get out)
3) PROFIT!!!(for many many more years to come)
Re:thwart or Thwarte(R)? (Score:2)
Re:Let's get this over with. (Score:2)