We just started on this exercise as well and have gotten guidance from several large US corporations, the ones with very short stock market symbols. Here's what we've been told:
You cannot export strong crypto products into China for use by Chinese citizens without both US export approval and Chinese import approval. Your own US citizen employees can take their laptops with encryption into China for a maximum of one year as long as they maintain control of the laptop, unless they're a salesperson. If they're in sales, the one year rule applies with the additional stipulation that they cannot stay in one place for more than three months. I have no idea why. If the Chinese citizens can legally buy the hardware and software in China, they can legally use it for encrypted communications outside of China. To a company, everyone tried encrypted VPNs back to the US over the Internet and eventually gave up due to performance and stability issues. Each one of them now run leased lines back to Hong Kong and then on to the US and they are not running encryption over the leased lines into Hong Kong. Some of them are reliably using encrypted site-to-site VPNs between PRC sites. It's only the cross-border stuff that has problems. For remote access they VPN to one of their branch offices and on via the leased lines. Kind of discouraging, but not unexpected, Ray
From: "Matthew S. Cramer" <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[email protected]> To: [email protected] Subject: Re: [FW-1] Encryption in China (PRC) Date: Wed, 25 May 2005 14:12:44 -0400 On Wed, May 25, 2005 at 11:06:29AM +0200, Michael Schwartzkopff wrote: > Hi, > > does anybody know how the laws about encryption in China are? Is it allowed to > establish a encrypted VPN tunnel form the Beijing office to the headquarters > outside of China? We have encrypted connections from all over the PRC connecting back to our headquarters in the States. IANAL, but the US export laws changed in the last few years; our Chinese locations are part of a wholly owned subsidy, meaning we could send strong crypto products there. I am not sure about German law. Nothing under Chinese law prohibited us from deploying the strong crypto there for our business needs. To deploy the crypto I first checked our domestic export regulations and then deferred compliance with Chinese law to our Chinese business's IT management. They came back and said "this is not a problem". At one time we used to backhaul *all* Internet traffic across frame from China, allowing the sites to browse the web and bypass the alledged "Great Firewall of China". The Chinese were not concerned to my knowledge. Now they use local ISPs but they are more concerned with performance than potential filtering. Matt -- Matthew S. Cramer <[EMAIL PROTECTED]> Office: 717-396-5032 Infrastructure Security Analyst Fax: 717-396-5590 Armstrong World Industries, Inc. Cell: 717-917-7099 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
