Version 27.0, February 2013
© Bert-Jaap Koops **Portions © Analog Devices, Inc. **
Licensed under Creative Commons Attribution Share Alike 4.0 International.
SPDX-License-Identifier: CC-BY-SA-4.0
[Spain]{#sp} [Source 1]
Export of cryptography is controlled according to the (pre-December 1998) Wassenaar and EUregulations, including the General Software Note. The international regulations are implemented in the Reglamento del Comercio Exterior de Material de Defensa y de Doble Uso, in force since 9 May 1998. The regulation does not make distinctions based on key lenghts.
The General Telecommunications Law (text, now outdated, in
Spanish) of 24
April 1998 provided in article 52 that all information transmitted
across telecommunications networks could be encrypted. Conditions on the
encryption procedures could be established in the decrees that implement
this law. The second paragraph of article 52 established that, if
encryption is used for confidentiality, an "obligation could be imposed
to notify either a General Administration body, or a public organisation
about the algorithm or whatever encryption procedure is used, with an
effect to control it following prevailing normatives. This obligation
will affect all the developers which incorporate cryptography in their
equipments or devices, the operators that include it in their networks
or in the services they offer, and, if applicable, to the users that
employ it." (translation
GILC).
People have warned that this might lead to mandatory key escrow or key
recovery, if users would be obliged to "notify" the government about
the "key procedure". See an article of July 1998 of Fronteras
Electrónicas in
English.
The same article 52 of the General Telecommunications Law required
telecoms network and service providers who use encryption to accommodate
the General Administration Body with the decoding devices they employ.
The General Telecommunications Law was replaced by a new General Telecommunications Law, 32/2003 of 3 November 2003 (text in Spanish, see Title III, Chapter III). The crypto provision was transferred to article 36. Para. 1 maintains that telecommunications may be encrypted. Para. 2, however, was changed somewhat. It now reads: "Encryption is an instrument for information security. Among its conditions of use, when it is used to protect the confidentiality of information, the obligation may be imposed to notify a General Administration State authority or a public authority, the algorithms or any other crypto procedure used, as well as the obligation to facilitate without any cost the encryption devices, in order to control it according to the law in force." The impact of the change is unclear.
See under 2.
Back to the Table of Contents