Wednesday, 14 January 2015

Australia tries to ban crypto research – by ACCIDENT


While the world is laughing at UK PM David Cameron for his pledge to ban encryption, Australia is on the way to implementing legislation that could feasibly have a similar effect.
Moreover, the little-debated Defence Trade Control Act (DCTA) is already law – it's just that the criminal sanctions it imposes for sending knowledge offshore without a license are being phased in, and don't come into force until May 2015.
As noted in Defence Report, the lack of an academic exclusion in the law, which passed parliament under the previous Labor government in 2012, could mean “an email to a fellow academic could land you a 10 year prison sentence”.
The control of defence research isn't new or surprising, and in fact this law was put into place to align Australia's regime with that of the USA (the International Traffic in Arms Regulations), but the haste with which it was implemented means someone forgot that academic researchers routinely discuss sensitive technologies.
While consumer-grade encryption is excluded from control by the Defence and Strategic Goods List (the 350 page-plus regulation that describes what's prohibited by the DCTA), researchers are warned off 512-bits-plus key lengths, systems “designed or modified to perform cryptanalytic functions, or “designed or modified to use 'quantum cryptography'” (the latter, in an explanatory note, also covering quantum key distribution).
Hence after May, the various quantum labs in Australian universities will have to think twice before collaborating with overseas partners.
At least systems protecting personal data are allowable, so long as the users have no control over the cryptographic capability (section 5A002 of the strategic goods list).
As Defence Report notes:
"Without the exclusion for academics, as enjoyed by the US and UK, university researchers would need prior permission from a Minister at the Department of Defence (DoD) to communicate new research to foreign nationals or to publish in any research journals."
Was the government warned that it was making a mistake? Apparently so: Vulture South has had its attention drawn to several submissions made to the Senate committee overseeing the bill's implementation.
Air Power Australia's Peter Moon and retired Air Commodore Edward Bushell describe the bill as “clearly defective”. Even the ITAR regime has been problematic for researchers, they note, since academics have to partition conferences according to whether or not they're ITAR-compliant.
Even though “public domain” technologies are exempted, the Moon/Bushell submission notes, a defendant is required to prove that the technology they're discussing is in the public domain, rather than the regulator having to do the research for themselves.
The law, they write, represents “censorship controls on all publishing on all topics covered by the DTCA, embracing:
  • All open-sourced research on any topic related to DSGL technologies.
  • All open-sourced research on any topic impinging upon military operations.
  • All open-sourced research impinging upon military technological strategy, as this cannot be conducted in the absence of capability analysis.
  • All applied research in areas of DSGL and related technologies.
  • All submissions to parliamentary inquiries covering any matters involving defence operations, strategy or technologies.
Universities Australia was no less critical in its submission, saying the bill as it now stands would impact everything from what universities are allowed to teach (and who may teach them) through to whom researchers can contact and what they're allowed to publish

No comments:

Post a Comment