Category Archives: legal

image_pdfimage_print
2023, Articles, CyberStealth, legal, Legal information, News, Spying

The American Intelligence: How It Works

Posted on by FMTAD
The American Intelligence How It Works : Section 702
26
Dec
Learn more about the American Intelligence written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

The American intelligence: a paradox

The American intelligence is powerful and influential, but also faces limits and challenges. Discover how it works, what are its consequences, and how to protect yourself from it.

Why the NFC hardware wallet with credit card manager is PCI DSS compliant

2020 Legal information

Freemindtronic’s NFC hardware wallets with credit card management are PCI DSS compliant
December 20, 2020
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing
November 8, 2023
Unitary Patent system European why some EU countries are not on board

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board
August 1, 2023

Andorran law

Llei 26/2014 del 30 d’octubre de patents
November 21, 2016
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
December 16, 2023

The American Intelligence: How It Works, Its Limits and Consequences

The American intelligence is one of the most powerful and influential in the world. It has a vast network of agencies, resources, and allies that enable it to collect, analyze, and act on information of strategic interest. However, the American intelligence also faces challenges and criticisms, both internally and externally. In this article, we will explore how the American intelligence works, what are its limits, and what are the consequences of its actions for the global security and privacy.

How the American Intelligence Works

The American intelligence is composed of 18 agencies that form the Intelligence Community (IC). These agencies are divided into two categories: the civilian agencies, which are under the supervision of the Director of National Intelligence (DNI), and the military agencies, which are under the supervision of the Secretary of Defense.

The main civilian agencies are:

  • The Central Intelligence Agency (CIA), which is responsible for collecting, analyzing, and disseminating foreign intelligence, as well as conducting covert operations and paramilitary activities.
  • The National Security Agency (NSA), which is responsible for collecting, processing, and disseminating signals intelligence (SIGINT), as well as conducting cyber operations and protecting the US government’s communications and information systems.
  • The Federal Bureau of Investigation (FBI), which is responsible for collecting, analyzing, and disseminating domestic intelligence, as well as conducting counterintelligence, counterterrorism, and law enforcement activities.
  • The National Geospatial-Intelligence Agency (NGA), which is responsible for collecting, analyzing, and disseminating geospatial intelligence (GEOINT), which includes imagery, maps, and other geographic information.
  • The National Reconnaissance Office (NRO), which is responsible for designing, launching, and operating reconnaissance satellites and other space-based systems that provide intelligence to the IC and the Department of Defense (DoD).
  • The Office of the Director of National Intelligence (ODNI), which is responsible for overseeing, coordinating, and integrating the activities of the IC, as well as providing strategic guidance and support to the DNI.

The main military agencies are:

  • The Defense Intelligence Agency (DIA), which is responsible for providing military intelligence to the DoD and the IC, as well as conducting human intelligence (HUMINT), counterintelligence, and defense attaché activities.
  • The National Security Agency/Central Security Service (NSA/CSS), which is responsible for providing SIGINT and cyber support to the DoD and the IC, as well as conducting information assurance and cryptologic activities.
  • The National Geospatial-Intelligence Agency (NGA), which is responsible for providing GEOINT support to the DoD and the IC, as well as conducting geospatial analysis and mapping activities.
  • The National Reconnaissance Office (NRO), which is responsible for providing space-based intelligence support to the DoD and the IC, as well as conducting satellite reconnaissance and surveillance activities.
  • The Military Intelligence Corps (MI), which is responsible for providing tactical and operational intelligence to the Army and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Office of Naval Intelligence (ONI), which is responsible for providing maritime intelligence to the Navy and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Marine Corps Intelligence Activity (MCIA), which is responsible for providing intelligence to the Marine Corps and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Air Force Intelligence, Surveillance, and Reconnaissance Agency (AFISRA), which is responsible for providing intelligence to the Air Force and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.

The American intelligence works by collecting information from various sources, such as human sources, signals, images, open sources, and others. It then analyzes this information to produce intelligence products, such as reports, assessments, briefings, and forecasts. These products are then disseminated to the relevant consumers, such as the President, the Congress, the military, the policy makers, and the allies. The American intelligence also acts on the information it collects, by conducting operations, such as covert actions, cyber attacks, drone strikes, and special operations.

The Limits of the American Intelligence

The American intelligence, despite its capabilities and resources, is not omnipotent or infallible. It faces several limits and challenges, such as:

  • Legal and ethical limits: The American intelligence is bound by the laws and regulations of the US and the international community, as well as by the values and principles of the American democracy. It must respect the rights and liberties of the American citizens and the foreign nationals, as well as the sovereignty and interests of the other countries. It must also abide by the oversight and accountability mechanisms of the executive, the legislative, and the judicial branches, as well as the public opinion and the media. The American intelligence must balance its need for secrecy and effectiveness with its duty for transparency and legitimacy.
  • Technical and operational limits: The American intelligence is limited by the availability and reliability of the information it collects, as well as by the accuracy and timeliness of the analysis it produces. It must deal with the challenges of information overload, data quality, data security, data privacy, and data sharing. It must also cope with the threats and risks of cyber attacks, counterintelligence, deception, and denial. The American intelligence must balance its need for innovation and adaptation with its need for standardization and coordination.
  • Strategic and political limits: The American intelligence is limited by the complexity and uncertainty of the global environment, as well as by the diversity and dynamism of the actors and issues it faces. It must deal with the challenges of globalization, multipolarity, regionalization, and fragmentation. It must also cope with the threats and opportunities of terrorism, proliferation, rogue states, failed states, and emerging powers. The American intelligence must balance its need for anticipation and prevention with its need for reaction and intervention.

The Consequences of the American Intelligence

The American intelligence has significant consequences for the global security and privacy, both positive and negative, such as:

  • Positive consequences: The American intelligence contributes to the protection and promotion of the national security and interests of the US and its allies, as well as to the maintenance and enhancement of the international peace and stability. It provides valuable information and insights to the decision makers and the operators, as well as to the public and the media. It also conducts effective operations and actions to deter, disrupt, or defeat the adversaries and the threats. The American intelligence plays a key role in the global intelligence cooperation and coordination, as well as in the global governance and leadership.
  • Negative consequences: The American intelligence also poses risks and challenges to the security and privacy of the US and its allies, as well as to the international order and norms. It may collect, analyze, or disseminate information that is inaccurate, incomplete, or biased, leading to errors, failures, or controversies. It may also conduct operations or actions that are illegal, unethical, or counterproductive, leading to violations, scandals, or backlashes. The American intelligence may face competition or conflict with the other intelligence services or actors, as well as with the other stakeholders or interests.

Section 702 of FISA: A Surveillance Without Control

  • On July 17, 2008, the US Congress passed section 702 of the FISA (Foreign Intelligence Surveillance Act), which authorizes the US intelligence agencies to collect the electronic communications of non-Americans located abroad, without a warrant from the FISA judge.
  • On January 19, 2018, the US Congress extended section 702 of FISA until December 31, 2023, without making any substantial changes.
  • On March 22, 2023, the US Congress extended section 702 of FISA again until April 19, 2024, without making any significant changes.
  • On December 16, 2023, the US Congress approved the National Defense Authorization Act (NDAA), which included a four-month extension of section 702 of FISA, avoiding its expiration at the end of the year.

The Violation of the Right to Privacy

  • On June 5, 2013, the whistleblower Edward Snowden revealed the existence of the PRISM program, which allowed the US intelligence agencies to access the data of the users of the main electronic service providers, such as Google, Facebook, Microsoft or Apple.
  • On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbor, an agreement that allowed the transfer of personal data between the European Union and the United States, considering that it did not offer an adequate level of protection.
  • On July 16, 2020, the CJEU invalidated the Privacy Shield, the successor of the Safe Harbor, for the same reasons, considering that the risk of interference by the US intelligence services in the transferred data was incompatible with the respect of the fundamental rights of the persons concerned.
  • On July 31, 2023, the CJEU issued a ruling that confirmed the invalidity of the Privacy Shield and imposed strict conditions for the transfer of personal data to third countries, especially the United States, under the standard contractual clauses (SCCs) or the binding corporate rules (BCRs).

The Legal and Political Consequences

  • On October 24, 2013, the European Parliament adopted a resolution that condemned the massive surveillance activities of the US intelligence services and called for the suspension of the cooperation agreements on security and counter-terrorism.
  • On October 23, 2015, the European Parliament adopted another resolution that requested the creation of an independent international tribunal to examine the complaints of the European citizens regarding the surveillance of the US intelligence services.
  • On September 14, 2018, the European Parliament adopted a third resolution that called for the suspension of the Privacy Shield, due to the non-compliance of the commitments made by the United States on the protection of personal data.
  • On August 31, 2023, the European Parliament adopted a fourth resolution that asked the European Commission to propose a new legislation on the protection of personal data in the context of cross-border data flows, which would guarantee a level of protection equivalent to that of the general data protection regulation (GDPR).

Sources:

Congress passes temporary extension of FISA Section 702 surveillance program – Axios:

The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield:

FISA Section 702: What it is and why Congress is debating it – NBC News

New technologies and products that limit the possibilities of intelligence

Facing the capabilities of collection and analysis of the American intelligence, which threaten the privacy and sovereignty of individuals and countries, there are new technologies and products that allow to limit the possibilities of intelligence. These technologies and products use techniques of encryption, cryptography, blockchain or NFC to protect personal data and electronic communications. They offer an alternative to traditional solutions, which are often vulnerable to attacks or interceptions by the American intelligence. Among these technologies and products, we can mention:

  • EviCypher NFC HSM and EviCypher HSM OpenPGP, which are patented technologies in the United States in the field of cybersecurity developed by Freemindtronic SL Andorra, used in counter-espionage products such as DataShielder Defense. They allow to encrypt and decrypt data without contact, thanks to hardware security modules that use NFC technology. They offer compatibility with OpenPGP standards, operating without server, without database, with a very high level of flexibility from different removable, fixed and online and offline storage media including NFC HSM.
  • DataShielder DefenseDataShielder Defense, which is a counter-espionage product developed by Freemindtronic SL Andorra, which uses EviCore NFC HSM and EviCore HSM OpenPGP technologies to encrypt and decrypt all types of data and communication services. This product protects sovereign communications, by preventing the American intelligence from accessing personal, professional or state secrets. It also guarantees the sovereignty of users, by making their data anonymous and inviolable.
  • Signal, which is an instant messaging application that uses the Signal protocol, which is an end-to-end encryption protocol that ensures the confidentiality and integrity of messages. This application allows to communicate anonymously and securely, by avoiding the surveillance or censorship of the American intelligence.
  • Tor, which is a decentralized network that uses volunteer relays to route Internet traffic anonymously and encrypted. This network allows to browse the web without leaving traces, by hiding the IP address and location of users. It also allows to access hidden websites, which are not indexed by search engines.

These technologies and products represent examples of innovative solutions that limit the possibilities of the American intelligence and preserve the individual and collective sovereignty. They also illustrate the issues and challenges related to the use of digital technologies in the field of intelligence.

Conclusion

The American intelligence is a complex and dynamic phenomenon that has a significant impact on the world. It has many strengths and weaknesses, as well as many opportunities and threats. It has many achievements and failures, as well as many benefits and costs. It is a source of both security and insecurity, both privacy and surveillance. It is a subject of both admiration and criticism, both cooperation and confrontation. The American intelligence is a paradox that requires a careful and balanced approach.

Articles, EviCore NFC HSM Technology, legal, News, Training

Dual-Use Encryption Products: a regulated trade for security and human rights

Posted on by FMTAD
Dual-Use encryption products a regulated trade for security and human rights by Freemindtronic-from Andorra
17
Nov
Dual-use encryption products by Jacques Gascuel: This article will be updated with any new information on the topic.

Dual-use encryption products: a challenge for security and human rights

Encryption is a technique that protects data and communications. Encryption products are dual-use goods, which can have civilian and military uses. The export of these products is controlled by the EU and the international community, to prevent their misuse or diversion. This article explains the EU regime for the export of dual-use encryption products, and how it has been updated.

A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense
April 15, 2024
EU military defense of cryptocurrency

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview
March 15, 2024

2024 Cyberculture Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers
March 2, 2024
European Commission logo symbolizing the Cyber Resilience Act and NFC HSM technology.

2024 Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products
February 24, 2024
ECHR landmark ruling in favor of encrypted messaging, featuring EviCypher NFC HSM technology by Freemindtronic.

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them
February 21, 2024
Digital image showing a confused user at a computer surrounded by complex password symbols

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation
January 22, 2024
Telegram and the information war in Ukraine

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine
January 5, 2024
The American Intelligence How It Works : Section 702

2023 Articles CyberStealth legal Legal information News Spying

The American Intelligence: How It Works
December 26, 2023

The international regulations on dual-use encryption products

The main international regulations that apply to dual-use encryption products are the Wassenaar Arrangement and the EU regime for the control of exports of dual-use goods.

The Wassenaar Arrangement

The Wassenaar Arrangement is a multilateral export control regime that aims to contribute to regional and international security and stability. It promotes transparency and responsibility in the transfers of conventional arms and dual-use goods and technologies. It was established in 1996 and currently has 42 participating states, including the United States, Canada, Japan, Australia, Russia, China and most of the EU member states.

The Wassenaar Arrangement maintains a list of dual-use goods and technologies that are subject to export control by the participating states. The list is divided into 10 categories, with subcategories and items. Category 5, part 2, covers information security, including encryption products. The list of encryption products includes, among others, the following items:

  • Cryptographic systems, equipment, components and software, using symmetric or asymmetric algorithms, with a key length exceeding 56 bits for symmetric algorithms or 512 bits for asymmetric algorithms, or specially designed for military or intelligence use.
  • Cryptanalytic systems, equipment, components and software, capable of recovering the plain text from the encrypted text, or of finding cryptographic keys or algorithms.
  • Cryptographic development systems, equipment, components and software, capable of generating, testing, modifying or evaluating cryptographic algorithms, keys or systems.
  • Non-cryptographic information security systems, equipment, components and software, using techniques such as steganography, watermarking, tamper resistance or authentication.
  • Technology for the development, production or use of the above items.

The participating states of the Wassenaar Arrangement are required to implement national export controls on the items listed in the arrangement, and to report annually their exports and denials of such items. However, the arrangement does not impose binding obligations on the participating states, and each state is free to decide whether to grant or refuse an export license, based on its own policies and national interests.

The EU regime for the control of exports of dual-use goods

The common legal framework of the EU for dual-use goods

The EU regime for the control of exports of dual-use goods is a common legal framework. It applies to all EU member states, and it has two main goals. First, it aims to ensure a consistent and effective implementation of the international obligations of export control. Second, it aims to protect the security and human rights of the EU and its partners. The regime is based on the Regulation (EU) 2021/821, which was adopted in May 2021 and entered into force in September 2021. This regulation replaces the previous Regulation (EC) No 428/2009.

The Regulation (EU) 2021/821: the principles and criteria of export control

The Regulation (EU) 2021/821 establishes a Union list of dual-use goods. These are goods that can have both civilian and military uses, such as software, equipment and technology. These goods are subject to an export authorization, which means that exporters need to obtain a permission from the competent authorities before exporting them. The Regulation also sets out a set of general principles and criteria for granting or refusing such authorization. The Union list of dual-use goods is based on the international export control regimes, including the Wassenaar Arrangement. It covers the same categories and items as the latter. However, the EU list also includes some additional items that are not covered by the international regimes. These are cyber-surveillance items that can be used for internal repression or human rights violations.

The Union list of dual-use goods: the categories and items subject to an export authorization

The Union list of dual-use goods consists of ten categories, which are:

  • Category 0: Nuclear materials, facilities and equipment
  • Category 1: Materials, chemicals, micro-organisms and toxins
  • Category 2: Materials processing
  • Category 3: Electronics
  • Category 4: Computers
  • Category 5: Telecommunications and information security
  • Category 6: Sensors and lasers
  • Category 7: Navigation and avionics
  • Category 8: Marine
  • Category 9: Aerospace and propulsion

Each category contains a number of items, which are identified by a code and a description. For example, the item 5A002 is “Information security systems, equipment and components”. The items are further divided into sub-items, which are identified by a letter and a number. For example, the sub-item 5A002.a.1 is “Cryptographic activation equipment or software designed or modified to activate cryptographic capability”.

The novelties of the Regulation (EU) 2021/821: the due diligence obligation, the catch-all clause, the human security approach and the transparency and information exchange mechanism

The Regulation (EU) 2021/821 also provides for different types of export authorizations. These are individual, global, general or ad hoc authorizations, depending on the nature, destination and end-use of the items. Moreover, the Regulation introduces some novelties, such as:

  • A due diligence obligation for exporters. This means that exporters have to verify the end-use and the end-user of the items, and to report any suspicious or irregular transaction.
  • A catch-all clause. This allows the competent authorities to impose an export authorization on items that are not listed, but that can be used for weapons of mass destruction, a military end-use, human rights violations or terrorism.
  • A human security approach. This requires the competent authorities to take into account the potential impact of the items on human rights, international humanitarian law, regional stability and sustainable development, especially for cyber-surveillance items.
  • A transparency and information exchange mechanism. This requires the competent authorities to share information on the authorizations, denials and consultations of export, and to publish annual reports on their export control activities.

The dual-use encryption products: sensitive goods for security and human rights

The dual-use encryption products are a specific type of dual-use goods that fall under the category 5 of the Union list. These are products that use cryptographic techniques to protect the confidentiality, integrity and authenticity of data and communications. These products can have both civilian and military uses, and they raise important issues for security and human rights.

The dual-use encryption products: a definition and examples

The dual-use encryption products are defined by the Regulation (EU) 2021/821 as “information security systems, equipment and components, and ‘software’ and ‘technology’ therefor, which use ‘cryptography’ or cryptanalytic functions”. The Regulation also provides a list of examples of such products, such as:

  • Cryptographic activation equipment or software
  • Cryptographic equipment for mobile cellular systems
  • Cryptographic equipment for radio communication systems
  • Cryptographic equipment for computer and network security
  • Cryptanalytic equipment and software
  • Quantum cryptography equipment and software

The dual-use encryption products: security issues

The dual-use encryption products can have a significant impact on the security of the EU and its partners. On the one hand, these products can enhance the security of the EU and its allies, by protecting their sensitive data and communications from unauthorized access, interception or manipulation. On the other hand, these products can also pose a threat to the security of the EU and its adversaries, by enabling the encryption of malicious or illegal activities, such as terrorism, espionage or cyberattacks. Therefore, the export of these products needs to be carefully controlled, to prevent their misuse or diversion to undesirable end-users or end-uses.

The dual-use encryption products: human rights issues

The dual-use encryption products can also have a significant impact on the human rights of the EU and its partners. On the one hand, these products can protect the human rights of the EU and its citizens, by safeguarding their privacy and freedom of expression on the internet. On the other hand, these products can also violate the human rights of the EU and its partners, by enabling the repression or surveillance of dissidents, activists or journalists by authoritarian regimes or non-state actors. Therefore, the export of these products needs to take into account the potential consequences of the items on human rights, international humanitarian law, regional stability and sustainable development, especially for cyber-surveillance items.

The modification of the Union list of dual-use goods by the Delegated Regulation (EU) 2022/1

The Union list of dual-use goods is not static, but dynamic. It is regularly updated to reflect the changes in the technological development and the international security environment. The latest update of the list was made by the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the Regulation (EU) 2021/821.

The changes made by the international export control regimes in 2020 and 2021

The Delegated Regulation (EU) 2022/1 reflects the changes made by the international export control regimes in 2020 and 2021. These are the Wassenaar Arrangement, the Nuclear Suppliers Group, the Australia Group and the Missile Technology Control Regime. These regimes are voluntary and informal arrangements of states that coordinate their national export control policies on dual-use goods. The EU is a member of these regimes, and it aligns its Union list of dual-use goods with their lists of controlled items. The changes made by these regimes include the addition, deletion or modification of some items, as well as the clarification or simplification of some definitions or technical parameters.

The new items added to the Union list of dual-use goods: the quantum technologies, the drones and the facial recognition systems or biometric identification systems

The Delegated Regulation (EU) 2022/1 also adds some new items to the Union list of dual-use goods. These are items that are not covered by the international export control regimes, but that are considered to be sensitive for the security and human rights of the EU and its partners. These items include:

  • Certain types of software and technology for the development, production or use of quantum computers or quantum cryptography. These are devices or techniques that use the principles of quantum physics to perform computations or communications that are faster or more secure than conventional methods.
  • Certain types of equipment, software and technology for the development, production or use of unmanned aerial vehicles (UAVs) or drones. These are aircraft or systems that can fly without a human pilot on board, and that can be used for various purposes, such as surveillance, reconnaissance, delivery or attack.
  • Certain types of equipment, software and technology for the development, production or use of facial recognition systems or biometric identification systems. These are systems or techniques that can identify or verify the identity of a person based on their facial features or other biological characteristics, such as fingerprints, iris or voice.

The entry into force and application of the Delegated Regulation (EU) 2022/1

The Delegated Regulation (EU) 2022/1 entered into force on 7 January 2022. It applies to all exports of dual-use goods from the EU from that date. The exporters of dual-use goods need to be aware of the changes and updates to the Union list of dual-use goods, and to comply with the export control rules and procedures established by the Regulation (EU) 2021/821. The competent authorities of the member states need to implement and enforce the new Union list of dual-use goods, and to cooperate and coordinate with each other and with the Commission. The Commission needs to monitor and evaluate the impact and effectiveness of the new Union list of dual-use goods, and to report to the European Parliament and the Council.

The national regulations on dual-use encryption products

How some countries have their own rules on dual-use encryption products

The case of the United States

Some countries have their own national regulations on dual-use encryption products, which may differ or complement the existing regimes. For example, the United States has a complex and strict export control system, based on the Export Administration Regulations (EAR). The EAR classify encryption products under category 5, part 2, of the Commerce Control List (CCL). The EAR require an export license for most encryption products, except for some exceptions, such as mass market products, publicly available products, or products intended for certain countries or end-users. The EAR also require that exporters submit annual self-classification reports, semi-annual sales reports, and encryption review requests for certain products.

The case of Andorra

Andorra is a small country between France and Spain. It is not an EU member, but it has a customs union with it. However, this customs union does not cover all products. It only covers those belonging to chapters 25 to 97 of the Harmonized System (HS), which are mainly industrial products. Agricultural products and products belonging to chapters 1 to 24 of the HS are free of import duties in the EU. But they are subject to the most-favored-nation (MFN) treatment in Andorra.

Andorra has adopted the EU list of dual-use goods. It requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. This regulation came into force on 9 September 2021 and replaced the previous Regulation (EC) No 428/2009. Andorra has also adopted the necessary customs provisions for the proper functioning of the customs union with the EU. These provisions are based on the Community Customs Code and its implementing provisions, by the Decision No 1/2003 of the Customs Cooperation Committee.

Andorra applies the EU regulation, as it is part of the internal market. Moreover, Andorra has adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods. This modification reflects the changes made by the international export control regimes in 2020 and 2021. It also adds some new items, such as software and technologies for quantum computing, drones or facial recognition. The Delegated Regulation (EU) 2022/1 came into force on 7 January 2022, and applies to all exports of dual-use goods from the EU from that date.

Andorra entered the security and defense sector for the first time by participating in Eurosatory 2022. This is the international reference exhibition for land and airland defense and security. Andorra became the 96th country with a security and defense industry on its territory. Among the exhibitors, an Andorran company, Freemindtronic, specialized in counter-espionage solutions, presented innovative products. For example, DataShielder Defense NFC HSM, a device to protect sensitive data against physical and logical attacks. It uses technologies such as EviCypher NFC HSM and EviCore NFC HSM, contactless hardware security modules (NFC HSM). The president of Coges events, a subsidiary of GICAT, identified these products as dual-use and military products. They need an export or transfer authorization, according to the Regulation (EU) 2021/821. Freemindtronic also showed its other security solutions, such as EviKey NFC HSM, a secure USB key, a security token. These products were displayed in the Discover Village, a space for start-ups and SMEs innovations.

Switzerland

Switzerland is not an EU member, but it has a free trade agreement with it. Switzerland has adopted the Regulation (EU) 2021/821 by the Ordinance of 5 May 2021 on the control of dual-use goods. Switzerland applies the EU list of dual-use goods and requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. Switzerland has also adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods.

Turkey

Turkey is not an EU member, but it has a customs union with it. Turkey has adopted the Regulation (EU) 2021/821 by the Presidential Decree No 3990 of 9 September 2021 on the control of exports of dual-use goods. Turkey applies the EU list of dual-use goods and requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. Turkey has also adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods.

United Kingdom

The United Kingdom left the EU on 31 January 2020. It has adopted the Regulation (EU) 2021/821 by the Dual-Use Items (Export Control) Regulations 2021, which came into force on 9 September 2021. The United Kingdom applies the EU list of dual-use goods and requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. The United Kingdom has also adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods.

The challenges and opportunities for the exporters of dual-use encryption products

The exporters of dual-use encryption products face several challenges and opportunities in the current context of export control regulations. Among the challenges, we can mention:

  • The complexity and diversity of the regulations, which may vary depending on the countries, the products, the destinations and the end-uses, and which require a deep knowledge and a constant monitoring from the exporters.
  • The costs and delays related to the administrative procedures, which can be high and unpredictable, and which can affect the competitiveness and profitability of the exporters, especially for small and medium enterprises (SMEs).
  • The legal and reputational risks, which can result from an involuntary or intentional violation of the regulations, or from a misuse or diversion of the products by the end-users, and which can lead to sanctions, prosecutions or damages to the image of the exporters.

Among the opportunities, we can mention:

  • The growing demand and innovation for encryption products, which are increasingly used in many sectors and domains, such as finance, health, education, defense, security, human rights, etc.
  • The contribution to the security and human rights of the exporters, their customers and the general public, by enabling the protection of data, privacy, freedom of expression, access to information and democratic participation, thanks to encryption products.
  • The cooperation with the competent authorities, the civil society and the international community, to ensure the compliance and accountability of the exporters, and to support the development and implementation of effective and balanced encryption policies and regulations, that respect the security and human rights of all stakeholders.

Conclusion

Dual-use encryption products can have both civil and military uses. They are subject to export control regulations at different levels: international, regional and national. These regulations aim to prevent the risks that these products can pose for security and human rights. At the same time, they allow the development and trade of these products. Therefore, the exporters of dual-use encryption products must comply with the regulations that apply to their products. They must also assess the impact of their products on security and human rights. The exporters of dual-use encryption products can benefit from the demand and innovation for these products. These products are essential for the digital economy and society. They can also enhance the security and human rights of the exporters, their customers and the public.

Freemindtronic Andorra is a company that specializes in dual-use encryption products. It offers secure and innovative solutions for data, communication and transaction protection. Freemindtronic Andorra respects the export control regulations that apply to its products. It is also committed to promoting and supporting the responsible and lawful use of its products. It follows the principles of security and human rights. Freemindtronic Andorra cooperates with the authorities, the civil society and the international community. It ensures the transparency and accountability of its activities. It also participates in the development and implementation of effective and balanced encryption policies and regulations. It respects the interests and needs of all stakeholders.