January 2010 Update from the EDA Consortium Export Committee
Larry Disenhof, Chair
Along the lines of protecting our current status: The US and other signatory nations of the Wassenaar Arrangement agreed to a change in encryption controls at their Plenary session in December, 2009. The well-intentioned change is to remove restrictions on encryption that is ancillary in nature and not user-controllable. No longer will your mobile-phone be classified as an encryption device!
This does affect EDA. The regulatory language was changed substantially, and the written exemption language that we gained in 2005 was dropped. (Classification 5A002, Note C4). However due to our work with Commerce, a note was inserted into the new language that states that the new exemption does explicitly cover previous exempted items, thus the exemption for our use of encryption technology in EDA tools remains in place.
The following contains the original and new language.
Editorial note: Be advised that the authorities didn't take our recommendation to translate the new "Note 4" exemption language into English. It's best read with a strong drink in hand.
The original control language (still current in the U.S. regs, until such time that the Administration ratifies the Wassenaar changes), contains our special exemption to the encryption controls:
- 5A002 [encryption classification] does not control the following:
- Note (C) equipment where the cryptographic capability is not user-accessible and which is specially designed and limited to
- 4) Encryption and/or decryption for protection of libraries, design attributes, or associated data for the design of semiconductor devices or integrated circuits.
Here is the new Note 4, and after that, the Category 5 part 2 explanatory note, with our carve-out in bold.
Note 4 Category 5–Part 2 does not apply to items incorporating or using "cryptography" and meeting all of the following:
- The primary function or set of functions is not any of the following:
- "Information Security";
- A computer, including operating systems, parts and components therefor;
- Sending, receiving or storing information (except in support of entertainment, mass commercial broadcasts, digital rights management or medical records management); or
- Networking (includes operation, administration, management and provisioning);
- The cryptographic functionality is limited to supporting their primary function or set of functions; and
- When necessary, details of the items are accessible and will be provided, upon request, to the appropriate authority in the exporter’s country in order to ascertain compliance with conditions described in paragraphs a. and b. above.
- Note 5.A.2. does not apply to any of the following:
- Smart cards and smart card 'readers/writers' as follows:
- A smart card or an electronically readable personal document (e.g., token coin, e-passport) that meets any of the following:
- The cryptographic capability is restricted for use in equipment or systems excluded from 5.A.2. by Note 4 in Category 5–Part 2 or entries b. to i. of this Note, and cannot be reprogrammed for any other use; or
- Having all of the following:
- It is specially designed and limited to allow protection of 'personal data' stored within;
- Has been, or can only be, personalized for public or commercial transactions or individual identification; and
- Where the cryptographic capability is not user-accessible;
- Technical Note 'Personal data' includes any data specific to a particular person or entity, such as the amount of money stored and data necessary for authentication.
- 'Readers/writers' specially designed or modified, and limited, for items specified by a.1. of this Note.
Technical Note 'Readers/writers' include equipment that communicates with smart cards or electronically readable documents through a network.
- Not used since 2009
N.B. See Note 4 in Category 5-Part 2 for items previously specified in 5.A.2. Note b.
- Not used since 2009
N.B. See Note 4 in Category 5-Part 2 for items previously specified in 5.A.2. Note c.