The Latin American group

[Back to the policy page]

  • Adriana Garriga López
  • Derek Kanarek
  • Carlos Ron

    What to prepare for
    Please present a position paper (at most 3 pages long) for a meeting of an international organization (say, the International Telecommunications Union or an international trade organization) on the policies regarding use, import, and export of cryptographic machinery and software. You could try to represent the whole (rather heterogeneous) Latin American area, or choose to discuss only one or two countries. Take a look at the references. Maybe send e-mail to embassies -- the information I have found (on the web page for example) is rather sketchy. See what you can develop, please.

    I suspect that the laws and the practices of these governments might not be totally the same: that is, what the governments declare is legal and what they are willing to tolerate may be different. But I may be wrong. It would be interesting to get some information. What could a businessperson sending e-mail or keeping files have to face? Could the police demand the "keys: to a cryptosystem?

    In your oral rebuttal
    Of course be prepared to defend ``your'' country's positions. Assert that you are correct, distort history and economics judiciously if necessary to support your wishes, claim sovereign immunity, etc. Have a few facts ready if you absolutely need them!

    The Latin American group presented policy recommendations in a role-playing way, as members of a MERCOSUR working group. MERCOSUR is a South American analog of the European Common Market.

    Latin American Policy

    Although Latin America is composed of many countries that have different laws and regulations, there exists a common thread in policies regarding the use of encryption. This trend is consistent within Latin America as a region that is seeking to increasingly integrate its economic interests. The globalization of trade in today's world requires key elements of modernization such as telecommunications and Internet transactions. To protect the privacy and security of the average user, encryption is used in almost all of Latin America for cellular telephone communications, on-line shopping, and on-line banking to name the most common examples. Although in most Latin American countries legislation regarding encryption does not exist, there are many benefits Latin American countries can derive from a coordinated policy regarding encryption.

    In our role as the MERCOSUR Work Subgroup for Industrial and Technology Policies, we present to you, the esteemed members of the Common Market Group, our recommendation that all MERCOSUR members adopt common policy on encryption that 1) allows for the domestic use of encryption for personal and business uses and 2) enact encryption export laws consistent with the Wassenaar Arrangement. We believe this policy does not represent a significant departure from the current laws of MERCOSUR's member states and will bring about greater economic prosperity for Latin America. For a formal presentation of our recommendation, please see the attached resolution.

    Of the four current members of MERCOSUR, only Argentina has any controls on cryptography. Argentina has signed the Wassenaar Agreement, which governs the export of encryption technology, but they have no import or domestic controls on cryptography. Brazil does not regulate the export, import or domestic-use of cryptography, but is considering a law that would require users to register products and systems with the government; this will not interfere with our recommendation. Paraguay and Uruguay currently have no encryption policies.

    We recommend that the common policy on encryption technology of MERCOSUR members be required of all applicants. The benefits of the common policy we suggest would be diminished by incomplete acceptance within our organization's member states. Without the compliance of all MERCOSUR countries, trade advantages granted by the United States and the European Union could not be given to MERCOSUR as an economic bloc and multi-national corporations would still be dealing with individual countries instead of the might of our unified economic organization.

    The one Latin American country that places domestic restrictions on encryption technology is Venezuela. Venezuela is the only country that prohibits the domestic use of cryptography. Their laws allow the Judicial Technical Police, the main criminal intelligence body, to monitor networks for the use of encryption. The rationale behind this legislation is to prohibit encryption from being used by criminals, while allowing cryptography to be available for government use. Perhaps as a sign of the growing force of globalization, Venezuela still allows encryption in cellular telephones (which might not be secure from government interception), in on-line shopping and on-line banking. For example, the web site is a place where one can purchase books on-line in Venezuela. The information the customer provides is encrypted using SSL. It is the same with on-line banking, as in the case of Banco Mercantil and Banesco, which uses 128-bit cryptography. It would not be surprising if, in the near future, as integration becomes more and more important in a globalized era, Venezuela readjusts its policies officially to be in accordance to the other countries in the region.

    The MERCOSUR Work Subgroup for Industrial and Technology Policies

    Recalling the governing agreements of the ALADI (1986), the Treaty for Integration, Cooperation and Development (1988), and the charter treaty of MERCOSUR signed in Asuncion, Paraguay (26 March 1991), Noting the inevitable need for a common policy amongst MERCOSUR members regarding the import, export, and domestic use of cryptographic technology, Further Noting the technological trade advantages from the United States and European Union enjoyed by members of the Wassenaar Arrangement on export controls for conventional arms and dual-use goods and technologies, Confirming that allowance of domestic cryptography will facilitate economic growth in the form of transnational companies concerned about security of communications, Recognizing the necessity of the approval of the Common Market Group of MERCOSUR for the continuation of this initiative.

    1. Calls for the coordination of a common MERCOSUR policy regarding the import, export, and domestic use of cryptographic technology structured as follows:
      1. Allow the domestic use of cryptographic technology for personal and business purposes.
      2. Adopt the Wassenaar Arrangement as the governing policy for the import/export of cryptographic technology. This adoption should occur no later than 1 January 2005.
    2. Urges MERCOSUR member states to use compliance with these guidelines as a compulsory requirement for application to MERCOSUR by other Latin American countries.