La Cryptographie en Suisse - considérations légales

Lois et réglementations

La Suisse ne possède que très peu de restrictions concernant l'usage de la cryptographie, et la position officielle du gouvernement est de promouvoir la cryptographie plus que de la restreindre. Néanmoins, certaines restrictions peuvent s'appliquer dans les domaines suivants:

Contrôles sur l'utilisation de systèmes cryptographiques
Contrôles sur l'importation de systèmes cryptographiques
Contrôles sur l'exportation de systèmes cryptographiques

Les informations ci-dessous sous tirées du rapport de l'EPIC, "Cryptography and Liberty 2000 - An International Survey of Encryption Policy"

Switzerland has traditionally been a major producer and exporter of encryption systems.

The Embassy of Switzerland in Washington responded in some detail on its cryptographic policies.This information was supplemented by further details from the Swiss government in Bern.

Controls on the use of encryption software or hardware
According to the Federal Law on Telecommunications (Loi fédérale du 21 juin 1991 sur les télécommunications, RS 784.10) and its implementing ordinances:
- The development and manufacturing of cryptographic software and hardware is not subject to any limitation.
- The use of cryptographic software is not subject to any limitation. Ordinary licensing or notification prescriptions may apply for a range of telecommunications services.
- Cryptographic products as well as other telecommunications equipment that can be connected to a public telecommunications network must follow the basic technical requirements laid down by the Federal Council. This can be done by a declaration of conformity issued by the manufacturer or by a review by the Federal Office for Communications (FOC).
Controls on the import of encryption
The ordinance concerning the Export, Import, and Transit of Dual-Use Goods and Specific Military Goods from June 25 1997 does not stipulate any licensing obligation for the import of products, including cryptographic hardware and software.
The only rules applicable in this context are those relating to the Import Certificate (IC). The IC is one of the documents that may be necessary for the supplier to obtain an export license from the authorities in the country of origin. Therefore, it is up to the authorities of the country of origin to determine whether or not an IC is required from the country of destination in order to get a license.
- For imports of cryptographic equipment, Switzerland issues an IC only if there is a formal request from the country of origin.
- As for exports of cryptographic equipment, Switzerland normally requires the presentation of an IC from all the countries of end-use whose authorities issue such a document. Member countries of all the four international export control regimes (The Australia Group (AG), the Missile Technology Control Regime (MTCR), the Nuclear Supplier's Group (NSG), and the Wassenaar Arrangement (WA)) are exempted from this requirement.
Export controls on encryption
Encryption equipment, software, and technology are controlled under the Ordinance concerning the Export, Import, and Transit of Dual-Use Goods and Specific Military Goods from June 25, 1997 and its annexes (the International Munitions Control List and the International Industrial Control List of the Wassenaar Arrangement are included in them). Those lists are reviewed annually. Switzerland adheres to the changes in the Wassenaar Dual-Use Control List announced in December 1998 but noted that “the upcoming minor changes to Switzerland's export controls on cryptographic goods as a result of the December changes to Wassenaar will not alter the liberal Swiss Cryptography Policy...Switzerland will keep its efficient export permit process for cryptographic goods in order to encourage Swiss exports to increase their sales and share worldwide while being mindful of national security interests.”

The export and re-export of cryptographic hardware, software, and technology listed in the above mentioned ordinance requires an individual validated license. However, exports to end-users in the countries which are members of all the four international export control regimes (23 countries in all) are granted under an ordinary general license (OGL). The Swiss Federal Office for Foreign Economic Affairs (FOFEA) is the licensing agency. The specific criteria considered in determining whether to grant a license are those of Wassenaar, namely “to prevent the acquisition of armaments and sensitive dual-use items for military end-uses if the situation in a region or the behavior of a State is, or becomes, a serious concern for the participating States.”

The transit is subject to a limited prohibition. If the country of origin restricts the export of the products listed in the annex (e.g., cryptographic products), their transit is forbidden if it cannot be proven (e.g., with a license) that the transfer to the country of destination is in accordance with the legislation of the country of origin. The law covers intangible exports of goods such as web-based transfers.
Control Authority
Export controls are overseen by the FOFEA. Restrictions on the domestic use of cryptography on public telecommunications networks are the responsibility of the FOC.

Ref:

Letter from Embassy of Switzerland, January 27, 1999.
Letter from Embassy of Switzerland, June 31, 1997.
A Study of the International Market for Computer Software with Encryption, U.S. Department of Commerce and the National Security Agency, July 1995.

crypto@mathgen.ch