Join Us!

Travel with encrypt...
 
Notifications
Clear all

Travel with encrypted drives/computers  

  RSS
4n6art
(@4n6art)
Active Member

Hi All

Not sure if this belongs here or in the legal section but….

Have a client that has a few employees that travel a lot. They want to employ Truecrypt or another Full Disk Encryption for their laptops. The problem is that they also travel to China and from what I have read, bringing in encrypted devices into China even for personal use is a violation of their law. There is a way to get authorization from the Chinese Government to allow for personal use devices to be brought into the country.

- Can anyone give any insight into traveling to China with a FDE laptop?
- Has anyone requested permission from the Chinese authorities to do this? What does the process entail?
- Do you know anyone (your friend's friend *wink*) who has done this and how have they done so?

One option is to take a sanitized laptop when they travel there - they are exploring that option but would like to know what others have done or are doing currently with encrypted devices and travel to China.

Thanks in advance for any help.
-=Art=-

Quote
Posted : 13/10/2014 10:03 pm
jaclaz
(@jaclaz)
Community Legend

Just for the record, the University of Rhode Island 😯 is putting it down rather bluntly (though in a different way)
http//security.uri.edu/travel/travel-to-china-or-russia/

About the only precaution not recommended is a tin-foil hat (preferably a foldable one) wink .

I would say that the best course of action is to make an inquiry to a Chinese Embassy, I believe that even if China is not a member of the Wassenaar agreement, there is a de facto exception for items a traveler would normally carry (phone/laptop).

I actually have a friend that goes to China every two or three months for work (inspection of production in factories) and he never had issues with his laptop (where he actually has a Truecrypt container) or phone at the customs.

jaclaz

ReplyQuote
Posted : 14/10/2014 12:49 am
4n6art
(@4n6art)
Active Member

Thanks Jaclaz…

I did see that article and that the Wassenaar Agreement does have a personal computer exemption but it looks like China specifically (officially) allow it. According to the China section at CryptoLaw Survey website I found (cryptolaw_dot_org_slash_cl2_dot_htm)

According to a "clarification letter" sent to US businesses in China in early March 2000, this involves only hardware and software for which encryption and decoding operations are core functions. As a result, products in which cryptography is only built-in (such as mobile phones and browser software) are exempted. Moreover, the letter clarified that the regulations do not entail key escrow. However, the clarification letter only seems to apply to pre-2000 products. All products since 2000 seem to require a license.

We will let their attorneys figure out what to do and let them make the decision based on everything we have shown them. Appreciate your input. If anyone else wants to chime in, feel free )

Thanx!
-=Art=-

ReplyQuote
Posted : 15/10/2014 10:58 am
Cults14
(@cults14)
Active Member

I ran this past our Export Controls & Trade Compliance people, one of them came back saying that it's notoriously hard to this this kind of information out of the Chinese authorities.

However he did provide a link to a Bloomberg article http//www.mmlcgroup.com/sitebuildercontent/sitebuilderfiles/encryptionbloombergmmlc_murphy_xia_article.pdf

The exceptions list the following
Mobile phones
Windows software
Browser software

Further, the article goes on to say
“Interestingly, the SEAB has a policy which is essentially another exception based on intellectual property issues. This is potentially a very useful exemption for many high-tech organizations. Currently, the SEAB claims that it will allow the import and use of a product with encryption technology if its main purpose is for protecting the intellectual property in a product.. This policy does not have legislative support in China, however we have seen it applied to various software and telecommunications products that are brought into China”

SEAB = Chinese Encryption Administration Bureau

So – always remembering the principles of IANAL (I am not a lawyer – so this is not legal advice) – it seems that day-to-day business use of encrypted mobile phones and Windows computers is fine. In addition, it also seems that dongles protecting the use of software would be fine.

Macintosh computers now – they might be different as they’re not Windows-based……………………

Note though that the Bloomberg article is dated 2011 and I guess a lot could have happened in that time.

HTH

Cheers

ReplyQuote
Posted : 17/10/2014 9:23 pm
Astro
(@astro)
Junior Member

Just for the record, the University of Rhode Island 😯 is putting it down rather bluntly (though in a different way)
http//security.uri.edu/travel/travel-to-china-or-russia/

About the only precaution not recommended is a tin-foil hat (preferably a foldable one) wink …

It sure doesn't seem like much different from around here (or at least the direction in which we're headed). ?

ReplyQuote
Posted : 02/11/2014 9:25 pm
4n6art
(@4n6art)
Active Member

CULTS

Thanks for the response. I will pass it on. (Apologies for the late reply… I was out for a while).

Regards….
-=Art=-

ReplyQuote
Posted : 03/11/2014 7:21 am
Share: