I've stumbled through the encryption regulations in a couple
of lives, and my experience has been:
1) If you are a US-owned multinational, you
can have encryption, limited to 56 bits, on
your machine, so long as noone outside your
company has access to the facilities of
that machine. Also, noone outside your company
can have physical access to the machine, such
as local outsourced system support personnel.
If your are performing all of your key management
from the US, that may, as well, mitigate difficulties.
Check with your beagles about specifics for your
2) Your Frankfurt office may prove particularly
thorny, however, as there exist German regulations
prohibiting any type of employee monitoring which
can be used as a performance metric. Since most
of the walls generate user/usage stats, be aware.
I have no idea on the China encryption front.
At 11:41 PM 6/30/97 -0500, Ken Hardy wrote:
>On Mon, 30 Jun 1997, Alan wrote:
>> > How can one remotely manage firewalls that are on the other side of the
>> If you have SSH or some other form of encryption/authentication between
>> machines, then you should be able to maintain the firewall without too
>> many problems. (Some sort of token-based authorization system or Public
>> Key system would be a big plus and/or requirement in such a system.)
>But it might be difficult to get SSH or other form of encryption on
>that machine on the other side of the world if your side happens to lie
>in the U.S.
>Not to start a wandering and unrelated thread (hint hint), but I've
>wondered how the law would apply if I were to log in to a machine in,
>say, our company's Frankfurt office via the corporate WAN and built and
>installed SSH on that machine while sitting in our U.S. office. Would
>my work in doing the installation be considered exporting the encryption
>in some manner, even if the software didn't get on the machine from or
>through the U.S.? Of course, it reasons (if that word can be applied
>to U.S. encryption policy) that I'd be on much shakier ground if the
>SSH code from a site in Finland or Australia got on the German machine
>via the company's Internet connection in the U.S.
>On a tenuously related note, does anyone know whether China's ban on
>the use of encryption now extends to Hong Kong?
Jack Danahy jdanahy @
Manager of Engineering Tel: (617) 873-4418
BBN Corporation Fax: (617) 873-6846