News:

A section of Hukuki Net - Turkish Law site in English Language (Ingilizce Hukuk, Ingilizce Kanunlar, mevzuat ve ingilizce hukuk forumu)

Main Menu

Regulation for Wireless Systems with Cryptograph

Started by admin, January 09, 2010, 04:00:18 PM

Previous topic - Next topic

admin

Regulation for Wireless Systems with Cryptograph

Published: Official Gazette of 06.03.2004 and with no: 25394
Amended: Official Gazette of 29.09.2004 and with no: 25598

CHAPTER ONE
Purpose, Scope, Legal Basis, and Definitions
Purpose
Article 1- The purpose of the present regulation is to determine the rules
and regulations and the works and procedures to be implemented in
establishment and operation of the Wireless Systems with Cryptograph by
public institutions and establishments, and to issue a cryptography
approval for the standards, production, sale, and import or export, and in
use, keep the records, supervise, control, and in repair and maintenance
of these appliances, under the Wireless Law No: 2813.
Scope
Article 2- The present Regulation shall cover determination of the rules
and regulations regarding performance of communication with crypto over
the wireless systems of public institutions and establishments under the
Wireless Law No: 2813. However, the Turkish Armed Forces, Coast
Guard Command, Undersecretariat for National Intelligence Organization,
Directorate General of Security, and the Foreign Ministry shall be the
exclusion thereof.
Legal Basis
Article 3- The present Regulation is prepared under the Wireless Law No:
2813.
Definitions
Article 4- The following terms used herein shall denote the meanings
indicated across them:
Ministry of National Defence shall be referred to as the "MND".
Telecommunication Authority shall be referred to as the
"Authority".
Department of General Staff shall be referred to as the "Dept.GS".
National Electronic and Cryptology Research Institute of the Turkish
Scientific and Technical Research Institution (Tubitak) shall be referred to
as the "NECRI-TUBITAK".
The science relating fulfilment of security services such as provision
of secrecy, preservation of integrity, being accessible, unchangeableness
without authorization, and undeniable identity of resource of information
shall be referred to as the "cryptography".
The appliances, products etc., relating cryptography shall be
referred to as the "cryptograph".
Using of Cryptography techniques shall be referred to as the
"encryption".
The stationary, mobile or portable wireless device used together
with an internal and/or external device for encryption shall be referred to
as the "wireless device with cryptograph".
The wireless system having wireless devices with cryptographs
shall be referred to as the "wireless system with cryptograph".
The certificate of approval to be issued by Dept.GS in according to
the results of test of NECRI-TUBITAK shall be referred to as the
"cryptography approval".
The certificate of approval to be issued for stationary and/or mobile
cryptograph centres following the control and supervision to be performed
by Dept.GS shall be referred to as the "cryptographic centre approval".
The communication realized by using cryptographs and
cryptographic techniques shall be referred to as the "cryptographic
communication".
The Law for Supervision Special Industrial Enterprises Producing
War Arms and Ammunitions in Turkey shall be referred to as the "Law
with No: 3763".
The materials within the scope of the Law with no: 3763 shall be
referred to as the "material to be subject to supervision".
The all mathematical functions and protocols used in encryption,
decryption, identity authentication, and similar cryptographic steps shall be
referred to as the "cryptographic algorithm".
The list of variable characters used in encryption and decryption of
information and applied to the algorithm shall be referred to as the
"cryptographic key".
The person for whom the certificate of cryptographic security is
issued to work in services relating cryptography shall be referred to as the
"personnel with cryptographic clearance".
The document with "NATIONAL" security classification issued by
the Ministry of Defence for the firms and institutions operating on the field
of defence industry shall be referred to as the "facility security
classification".
The certificate issued by the Ministry of Defence for those who meet the
conditions required from industrial establishments willing to produce within
the scope of the Industry List of War Vehicles, Tools, Arms and
Ammunition to be Subject to Supervision published in the Official Gazette
in January of each year by the Ministry of Defence under the Law No:
3763 shall be referred to as the "certificate for production license".
The certificate issued for the appliances of which their conformity to
standards are tested in the testing and measurement laboratory, and
approved shall be referred as to the "certificate of conformity to
standards"
The documents for evaluation of conformity, RF, EMC and LVD test
reports consisting technical specifications of appliance shall be referred as
to the "technical documentation".
The radio frequency shall be referred as to the "RF".
The electromagnetic compatibility shall be referred as to the "EMC".
The low voltage directive shall be referred as to the "LVD"
CHAPTER TWO
Application, License and Approval for Use of Wireless System
with Cryptograph
Particularities and Documents required in Applications
Article 5- The public institutions and establishments willing to realize
cryptographic wireless communication must apply to the Authority with the
information and document specified below:
a) Petition,
b) Ground Report explaining in detail the need of cryptographic
wireless communication
c) The wireless system scheme plotted on a map or a sketch with
scale,
d) Full addresses and geographic coordinates (as degree, minute, and
second) of the places where relay stations will be set up in the land
stations within mobile service, the handy wireless sets in case of
establishment in stationary and local areas, and the stationary
stations to be set up within stationary service,
e) The application form of Authority in duplicate filled in according to
the kind of system (air, sea, and land).
Evaluation of Applications
Article 6- Evaluation of applications submitted to the Authority:
a) A license for system establishment shall be issued following
evaluation of request for establishment of wireless system from the
standpoint of relevant legislation, and receiving of positive
consideration from Dept.G.S for cryptographic communication for
the system considered convenient, and frequency allocation shall
be made, and one copy of application form together with a letter of
license shall be forwarded to the applicant.
b) The license for establishment and operation of wireless system with
cryptograph may be issued for diplomatic representatives of foreign
countries in Turkey under the principles of reciprocity. Any and all
procedures relevant thereof shell be implemented by the Foreign
Ministry.
c) The Authority shall take into consideration whether the public
institutions or establishments applied are within the scope of
privatization. No application of those in which the share of state is
less than 51% shall be accepted. The license issued for those shall
be revoked in a manner described in Article 15 of the present
Regulation in case of the share of state is lees than 51%.
d) The chapters relating cryptograph of technical specifications and
other documentation to be used in procurement processes shall be
organized by obtaining positive consideration of Dept.G.S.
e) Public institutions and establishments may set up and operate the
wireless system with cryptograph within a duration specified in the
approval following meeting the requirements listed above.
Issuing of
Issuing of Cryptography Approval
Article 7- Following matters shall be requested in issuing of cryptography
approval to wireless systems with cryptograph:
a) Only the cryptographic device and system having an approval
following testing of cryptograph security thereof shall be used as to
make cryptographic communication over the wireless systems. The
internal and external cryptographs, the cryptographic algorithms,
and the appliances and systems for cryptographic key, distribution
and installing thereof shall be examined and tested by NECRITUBITAK.
The cryptography approval describing to what extent
security classification can be used shall be issued by Dept.G.S in
accordance with test results.
b) The provisions of relevant legislation shall be implemented for any
and all techniques, licenses, registration, frequency, production,
import, sales, repair and maintenance, and similar matters
excluding cryptographic specifications of wireless system with
cryptograph.
c) Suitable documentation in comply with the Testing Specifications to
be provided by NECRI-TUBITAK shall be obtained in case of
considered agreeable by the Dept.G.S.
CHAPTER THREE
Financial Matters Relating to Rules and Procedures of Use of
Wireless Devices with Cryptograph
Use of Wireless Devices with Cryptograph
Article 8- The institutions authorized to communicate with
cryptograph over wireless systems are listed in the Wireless Law
no: 2813. For those other than this the Dept.G.S shall give a
decision of which wireless system will be used for communication
with cryptograph. Necessary processes shall be made by the
Authority depending upon this permit. No marketing and sales of
wireless devices and systems with cryptograph shall be made to the
amateur cryptographers, natural and legal persons other than the
public institutions and establishments.
Necessity to Obtain a License
Article 9- To obtain a license from the Authority shall be
compulsory in holding and using the wireless receivers,
transmitters, and the receivers/transmitters with cryptograph used
for the aim of communication by means of electromagnetic waves,
and in receiving, transmitting or recording any and all pictures,
sound and data other than the purposes of sales, and a phrase
"Used with cryptograph" shall be affixed on the licenses of devices
with cryptograph.
Changes to Wireless System
Article 10- In case of applicable changes to the wireless systems
operated by public institutions and establishments that have
obtained licenses, and been operating wireless systems with
cryptograph, and in case of a new system is in question, or if
existing system cannot meet the requirements, then to obtain a
permit from to the Authority by filling in relevant application form in
order to purchase additional devices, and make them recorded in
the licenses thereof shall be compulsory. Formal requests for
change of location and additional device with cryptograph shall be
implemented by the Authority in coordination with Dept.G.S.
No change or modification shall be able to be made in
cryptographic algorithm and devices used in wireless devices by
users.
Following matters shall be taken into consideration in order to
change the location, technical specifications, and emulsion types in
wireless systems with cryptograph:
a) No change or modification shall be able to be made without
obtaining a permit from the Authority,
b) Changing location of a stationary station in the system shall be
subject to the Authority's permit. As to the mobile stations with
cryptograph operated in a land mobile service, they shall not be
able to be operated in other than the regions specified in the
licenses thereof,
c) The emulsion types of wireless stations with cryptograph
operated in a mobile service shall not be able to be changed,
d) No limitation shall be in question in changing of location due to
particularities of sea and air mobile services,
e) Changing of location of sea and air mobile services, and of land
stationary, and coast wireless stations operating mutually may
be made upon convenience.
However, these changes shall be recorded in the licenses thereof,
and made approved by the Authority. For this, relevant institutions
and establishments shall have to apply to the Authority.
Financial Matters Relating to Wireless Devices and Systems
with Cryptograph
Article 11- The prices relating to wireless devices and systems with
cryptograph shall be determined in accordance with the List of
Fares for Telecommunication Services of the Authority. The
financial matters other than this matter shall be implemented
according to the legislations of relevant institutions.
CHAPTER FOUR
Supervisory Measures
Security and Custodial Measures
Article 12- The institutions and establishments using wireless
systems with cryptograph shall, due to speciality of the system,
have to follow the matters set forth below:
a) The institutions and establishments using wireless systems with
cryptograph shall have to take custodial measures which
prevent the systems to be passed into the hands of, and used
by unauthorized persons. In this context, they shall have to take
necessary measures to determine the persons who will use the
wireless systems and devices with cryptograph, and then issue
a cryptographic clearance in order to prevent the system against
being used by unauthorized persons.
b) The institutions and establishments doing communications of
wireless systems with cryptograph shall be obliged for taking
necessary measures against cryptographic violation and
disabling.
Supervision of Wireless systems with Cryptograph
Article 13- Exclusion of cryptographic algorithm, supervision of use
of wireless systems under the licenses issued shall be performed
by the Authority. In case of a request from the Authority whether
any impressive change of security has been made on cryptographic
algorithm or system shall be examined by the NECRI-TUBITAK,
and the Authority shall be advised thereabout.
The Authority shall be authorized to do in situ supervision, in
accordance with relevant supervisory forms, conformity of any and
all kinds of systems and devices used in these systems set up and
operated under the licenses and the permits of use issued to the
public institutions and establishments, with the terms and conditions
in laws, regulations, and the licenses thereof. However technical
support shall be given by the NECRI-TUBITAK.
The Authority may supervise any and all wireless systems in any
time with or without a notice by means of its teams composing of
technical personnel authorized to supervise, and of the holders of
identity card.
The matter whether users follow the legislation in respect to the
measures, which are necessary to be taken by the users, for
security and prevention of cryptograph informed by the Authority
shall be supervised during issuing a license for establishment.
The institution and establishment shall have to provide necessary
easiness to the team during supervision.
Sanctions
Article 14- The provisions below shall be applied in cases of
irregularities observed during supervisions:
a) In the event of determination that the project applications and
the appliances being used are not in comply with the
specifications of devices licensed 45-day period shall be given
to the sellers and users to eliminate the irregularities and
assembly faults determined.
b) The institutions which sell, and import or produce appliances
without permit, and the appliances of those who use the
appliances thereof shall be locked up and affixed with a seal,
and necessary judiciary processes shall be applied.
c) In case of determination of the appliances purchased from the
firms having certificate of authorization issued by the Authority
prior to the license for establishment of system, or use of
appliances without a license then returning of the appliance to
its seller firm shall be ensured, and the activity of seller firm shall
temporarily be suspended for 6-month period, additionally.
d) In case of transfer of devices by way of donation, transfer and
similar processes between parties without obtaining necessary
permit from the Authority then the appliances shall be locked up
and affixed with a seal by the Authority.
e) In case of changes in location, technical specifications and
emulsion types on the systems set up by obtaining licenses then
the activities of wireless system shall be stopped, operation
license shall be revoked, all of devices shall be locked up and
affixed with a seal. And in case of determination of additional
devices included in the system without a license then the
appliances shall also be locked up and affixed with a seal, and
be subject to legal process. In case of changes in location and
technical specifications of the wireless devices then 45-day
period shall be given to the user to ensure the changes in the
system be recorded on the license.
In the event of determination that the correction or elimination of
irregularities will not be possible at the end of duration given then
the license for setting up and operate the system shall be revoked
and the appliances shall be locked up and affixed with a seal.
Necessary legal processes shall be applied to relevant person
under the Wireless Law No: 2813 and the Law No: 3763.
Revocation and Pilferage
Article 15- The procedures below shall be followed in case of
revocation and pilferage of the wireless systems with cryptograph:
a) The processes for abrogation of use, cancellation of records, and
revocation:
1) The public institutions and establishments shall apply to the
Authority for the part(s) of wireless system with cryptograph
they wish to abrogate, and the authorized personnel of
Authority shall lock it up and affixed with a seal depending on
the appropriate consideration of the Dept.G.S. The Dept.G.S
shall then be advised about the systems abrogated.
2) In case of disappear of the justification of use of wireless
system with cryptograph then the Authority shall be informed
by the Dept.G.S that the licenses for setting up and
operation of wireless system with cryptograph should be
revoked, and the Authority shall revoke the licensed, and
make necessary procedures.
3) In case of renouncement of use of wireless system with
cryptograph completely then the Authority shall be advised
the situation thereabout. The appliances shall, by a letter
from the Authority, be delivered by the users or owners of
licenses to the wireless dealers who have been given
authorization for repair and maintenance from the Authority
following revocation of the parts relating with cryptograph of
the wireless devices and systems with cryptograph by duly
destroying them, and drawing up a protocol thereabout by
the personnel with cryptographic clearance from the institute
to be considered convenient, or as a result of coordination by
the Dept.G.S. The responsibilities on the wireless devices of
the license owners who submit to the Authority this delivery
protocol drawn between the parties shall be terminated and
the licenses thereof shall be revoked.
In the event that the wireless device with cryptograph
becomes unusable then
The appliances shall, by a letter from the Authority, be
delivered by the users or owners of licenses to the General
Directorate for Scrap Works, Turkish Machinery and
Chemical Industry Authority following revocation of the parts
relating with cryptograph of the wireless devices and
systems with cryptograph by duly destroying them, and
drawing up a protocol thereabout by the personnel with
cryptographic clearance from the institute to be considered
convenient, or as a result of coordination by the Dept.G.S.
The responsibilities of the license owners who submit to the
Authority this delivery receipt shall be terminated and the
licenses thereof shall be revoked.
4) The institutions willing to use wireless devices again whose
records are cancelled shall make an application to the
Authority.
b) The processes in case of pilferage of devices:
1) The relevant institution shall, from the security of
communication viewpoint, have to take necessary measures
impeding the use of devices/systems lost. Moreover, the
security institutions shall be informed about the situation for
drawing up a report.
2) The official report drawn up by relevant security institutions
shall be forwarded to relevant Regional Directorate of the
Authority.
3) The Dept.G.S shall also be reported about the situation, and
the processes for following up and supervision oriented to
find out a device shall be started.
Keeping Records for Wireless Systems with Cryptograph
Article 16- The kinds of system and the devices used, and the
brands, models and serial numbers thereof used by the institutions
and establishments using wireless device/system with cryptograph
shall be kept under the Authority other than those authorized to
communicate with cryptograph defined in law.
CHAPTER FIVE
Production, Sales, Import, Repair and Maintenance
Certificates of Authorization for Production and Sales of
Wireless Devices/Systems with Cryptograph
Article 17- The institutions willing to produce wireless devices and
systems with cryptograph shall be subject to the provisions of the
Law No: 3763, and the legislation thereof. The matters below shall
be required in the application form from the institutions willing to
obtain certificates for production and sales of wireless devices and
systems with cryptograph. The institution shall have to make an
application with an official petition together with the documentation
below:
a) For the "Authorization Certificate for Production" of wireless
devices and systems with cryptograph:
1) The Facility Security Classification and the Certificate for
Production License;
2) The Certificate of Cryptographic Security to be issued by the
Dept.G.S for the personnel who works in the activities
relating cryptograph at the facilities where the wireless
devices/systems with cryptograph will be produced, and has
an access to cryptographic information, documentation and
materials;
3) The Cryptographic Centre Approval to be issued by the
Dept.G.S for the sections where activities relating
cryptograph take place at the facilities where the wireless
devices/systems with cryptograph will be produced; and
b) For the "Authorization Certificate for Sales" of wireless devices
and systems with cryptograph:
1) The Certificate for Production License obtained by fulfilling
the provisions listed in paragraph (a) herein above;
2) The Cryptography Approval to be issued by the Dept.G.S for
the wireless part of device;
3) The Certificate of Conformity to Standards to be issued by
the Authority for the wireless part of device.
As a result of examination of applications the Certificate for
Production and Sales shall be issued by the Authority for the period
of 2 year.
Import of Wireless Devices and Systems with Cryptograph
Article 18- If the institutions having the Certificate for Production
License shall not be able to meet the requirements from public
institutions and establishments for the wireless devices and
systems with cryptograph locally then the Certificate of
Authorization for Importer, Import License for Sample, and Batch
Import License, respectively shall be issued by the Authority for
those who will make application with the documentation below:
a) For the "Authorization Certificate for Import"
1) The Official petition of application;
2) Certificate of Authorization for Production and Sales;
3) The letter explaining that the procurement has not been met
locally; and the Import License for Samples shall be issued
b) For import of a sample:
1) The Official petition of application;
2) A letter of approval to be issued by the Dept.G.S in respect
to the origin of the wireless devices and systems with
cryptograph which import license will be issued therefor;
3) The original Proforma Invoice having the brand, model and
price; and
4) The technical documentation.
Following importation, the institution shall be oriented to the
Authority's Laboratory for testing of the device imported.
The Certificates of Cryptography Approval indicating that up to what
degree of security classification can be used by the authorized
official institution of the country from which the wireless devices
with cryptograph have been imported, shall be forwarded to the
Dept.G.S for the purpose of evaluation that up to what degree of
security classification can be used locally. Devices may be
requested to be tested by the NECRI-TUBITAK, if considered
convenient.
c) For batch import:
1) The Official petition of application;
2) The invoice issued for batch import;
3) Certificate of Conformity to Standards issued by Dept.G.S;
and
4) The Cryptography Approval to be issued by the Dept.G.S for
the wireless part of device.
The institutions having the Certificate of Importer shall, within 15
days following import, deliver the parts relating wireless of their import
inventories, and the parts with cryptograph to the Authority and the
Dept.G.S, respectively.
Sales of Wireless Devices and Systems with Cryptograph
Article 19- The institutions dealing with production and import of wireless
devices and systems with cryptograph shall have to follow the matters
listed below:
a) The seller institution shall have the "Certificate of Authorization for
Production and Sales";
b) Each wireless devices and systems with cryptograph sold shall
receive repair and maintenance services from the seller institution
in accordance with Article 20 of the present Regulation;
c) No amendment on contrary to the standards and the licenses for
system-set up approved by the Authority shall be made on the
devices sold;
d) The Instruction Manual of device in Turkish for installation and
operation, and the Warranty Certificate thereof stamped by the
seller institution shall, together with each wireless device and
systems with cryptograph sold shall be delivered to the customer;
e) The brand, model and the serial number of devices shall clearly be
indicated on the invoice thereof given to the customer;
f) Setting up in-place and adjustment of the wireless devices and
systems with cryptograph sold shall particularly be made by the
seller institution. This situation shall be determined by means of the
System Reporting Form which will be mutually forwarded to the
Authority by both the seller and user. Any and all responsibilities
relating setting up and adjustment of the wireless devices and
systems with cryptograph shall be of the Seller.
g) The institutions obtained authorization of production and sales of
the wireless devices and systems with cryptograph shall not be able
to sell these devices and systems in anywhere excluding the sale
locations thereof, and shall not be able to hold in anywhere the
wireless device without an invoice including the locations where the
sales permit is issued therefor.
Repair and Maintenance of Wireless Devices and Systems with
Cryptograph
Article 20- Repair and maintenance of the wireless devices and systems
with cryptograph shall be made by the institutions having the Certificate of
Authorization for Repair and Maintenance which shall be obtained in
accordance with the provisions of legislation of the Authority.
Export of Wireless Devices and Systems with Cryptograph
Article 21- Export of wireless devices and systems with cryptograph shall
be made by the firms granted with approval in accordance with the Law
No: 3763 and relevant legislation.
Tests for Conformity to Standards of Wireless Devices and Systems
with Cryptograph
Article 22- The parts relevant to the cryptograph and the wireless shall be
subject to testing for conformity to standards by the Dept.G.S and the
Authority, respectively.
Entry into Force
Article 23- The present Regulation shall be entry into force on the date of
its publication.
Execution
Article 24- The provisions of present Regulation shall be executed by the
Head for Telecommunication Board.