On 14 January 2004 the Dutch scientist Bert Jaap Koops, working for the information law department of the University of Tilburg, released an update of his extensive Crypto Law Survey, a unique collection of worldwide resources about cryptography and the law. The new version contains updates about the legal situation of cryptography in 6 European countries:

 - Belgium (current state of Program Act)
 - Italy (radio-amateur law)
 - Lithuania (export and import controls, no domestic law)
 - Netherlands (no TTP law)
 - Spain (new Telecommunications Act)
 - Switzerland (radio-traffic law)

Crypto Law Survey, version 22.0 (14.01.2004)
http://rechten.uvt.nl/koops/cryptolaw/

Koops' thesis on 'The Crypto Controversy' is now also available online full-text in PDF. The Crypto Controversy gives an overview of the crypto problems for law-enforcement and their 'solutions'.

The presentation of a crypto mobile telephone has stirred some controversy in the Netherlands. The Cryptophone has been developed in the Netherlands and is sold through a German company. The device is a combined GSM and organiser running Windows Pocket PC. The software encrypts the call when connecting to another Cryptophone. The Cryptophone should make it impossible for any third-party, including the phone company and police, to listen to the call.

The Dutch christian-democrat Member of Parliament Haersma-Buma has asked the Dutch government if there is a possibility of forbidding the phones, since they can make it impossible for police to use the information from a wiretapped mobile phone call. Dutch police relies heavily on phone interception with an estimated 12.000 phone taps per year. This number is

A proposal to modify the Spanish telecommunication law threatens the free use of cryptography.

The current General Law of Telecommunications (Ley General de Telecomunicaciones (LGT) already puts some restrictions on the use of cryptography. The second part of article 52 ('Cifrado en las redes y servicios de telecomunicaciones', that is, network encryption and telecommunication services) says:

"Encryption is a security instrument for information. Among its conditions of use, when it is used to protect the confidentiality of information, an obligation may be imposed to notify either a General Administration State authority or a public one of the algorithms or any other encryption procedure used, in order to control it according to the law. This obligation will affect developers that include encryption in their equipment or software, the operators that include it in networks or in specific services and users that make use of it."

France has started the process of implementing the European Directive on Electronic Commerce. The draft text of the Digital Economy Law ("Loi relative à l'économie numérique" or LEN in French) deals with ISP liability, electronic contracts and unsolicited commercial emails, cryptography, cybercrime, and satellite systems. Among them, the most controversial provisions are those concerning cryptography, cybercrime and ISP liability.

Cryptography

Providers of cryptography services should provide upon request decryption keys to authorised agents named by the Prime Minister. The penalty for not complying with this obligation is a 2 years jail sentence and a fine of EUR 30,000. When a crime or offence is suspected, the public prosecutor or a judge may ask any expert to decrypt data. If the incurred penalty exceeds a 2 years prison sentence, military staff may be asked for help. In that case, the decryption method and process would be kept secret, making it very difficult for defence lawyers to question the outcome. The last provision states that anyone having access to decryption keys should provide them. The keys should be provided upon judicial request when cryptography is used for commission, preparation, or facilitation of a suspected crime or offence. The penalty is very high again: a jail sentence of 3 years and a fine of EUR 45,000.