Version 27.0, February 2013
© Bert-Jaap Koops **Portions © Analog Devices, Inc. **
Licensed under Creative Commons Attribution Share Alike 4.0 International.
SPDX-License-Identifier: CC-BY-SA-4.0
[Denmark]{#de} [Sources 1, 4, 5, 9]
There are export controls according to the (pre-December 1998)
Wassenaar Arrangement, including the General Software
Note. The Danish representative agreed to the December 1998 Wassenaar
changes, but this has met with serious resistance in the Danish
parliament and the government's IT Security Council (see an
article in
Danish).
The Danish Encryption Policy (click on Emneord,
Kryptering), published by the four responsible ministers on 7 April
2000, is based on the principle that "Efforts should be made to ensure
the greatest possible liberalization of export control for dual-use
goods and technologies, within the EU and Wassenaar, but with due
consideration for the need to remain in control of the spreading of very
sensitive products to sensitive end-users."
Import is not controlled, and this policy will be maintained, as
confirmed the first principle of the Danish Encryption Policy.
None.
The Danish Technology Council, in an October 1995 report, discussed several options for cryptography policy, varying from doing nothing to prohibiting cryptography, without really taking a stand itself. According to the report, the issue is a Gordian knot, which should be cut soon by the Danish government.
The Danish IT Security Council adopted a policy on encryption in June 1996. The Council recommended that no limitations on encryption use should be introduced. Only in the case of telecommunications companies providing encryption as an integral part of their services, the companies should be able to decrypt a communication through a court order. The Council was of the opinion that secure and inviolable communication should be promoted and that any encryption prohibition at present is an illusion in reality, given the spread of efficient cryptography through the Internet.
A departmental Expert Committee, appointed in the summer of 1996 in preparation for a final decision on the crypto issue by the government, released its Report by the Expert Committee on Cryptography in April 1997. The Committee, under pressure of time, restricted its study to a regulation of the sale of cryptography (not its manufacture, use or import). The Committee recommended that no regulation of cryptography should be introduced presently. It further recommended that the Expert Committee should continue to follow international developments, and carry out an analysis to assess the possibilities and consequences of introducing incentive schemes to induce people to use key-recovery crypto.
The Expert Committee was allowed to continue its work, and in May 1998, it presented its final conclusions (press release in Danish) in a "Report on incentive solutions" (updated version available in Danish and partly in English). The report recommended that no restrictions should be established on citizens' and companies' encryption capabilities. No initiative should be made to incite people to use key-recovery cryptography. Still, the Danish government should not reject the possibility of a future crypto regulation. The international development should be monitored, and the crypto question should be answered anew if an international direction of crypto policies should emerge.
The government was to take a final position on the crypto question in 1998, but it was only on 7 April 2000 that four ministers published a letter to the IT-security Council with the Danish Encryption Policy (click on Emneord, Kryptering). The four principles stress that the current policy of free use of encryption will be maintained. Moreover, the Danish government will actively promote the dissemination and use of strong encryption in Denmark. Denmark will not implement key recovery regulations, but the government should "also be mindful of the continued need of the police, in accordance with the legal protection guarantees afforded by the Administration of Justice Act, to make use of existing means of investigation to prevent and clear up crime."
The Danish Teletrust Group has set up an Encryption Group to work on the technical and legal concept of public-key certifying authorities. A Centre Certifying Authority (CCA) would coordinate control and certification of key centres to provide secure keys within telecommunications. It would be necessary for such a CCA to have a legal basis. The Danish government has not (yet) implemented the initiative into law.
Back to the Table of Contents