UK Prepares to Enforce Crypto Export Control Against Academics

Commonly, the UK is the place where US anti-crypto policies get a dry run.

So pay attention to Ross Anderson's UK Crypto Export Duplicity:

Officials promptly did an end-run around this by making regulations to pass into UK law an EU regulation controlling the export of dual-use intangibles (reg 1334/2000), thus in effect defeating the will of parliament with a classic piece of policy laundering. We argued repeatedly at the time that the introduction of such regulations would criminalise many academics – for example if I put a remark on our security mailing list about cryptanalysis and it goes to George at Microsoft via Redmond – and also criminalise many software developers, who use algorithms such as AES much like duct tape. A government peer told me, “Look, dear boy, you can never get laws to fit the boundaries exactly – just trust us and keep proper records.” Officials said that they had no plans whatsoever to use export control laws against academics.

Earlier this year I was invited to a meeting at DTI along with folks from the Royal Society and UUK. The officials gleefully announced that they'd realised that academics weren't using the export control procedures and asked our opinion about how we could help them `raise awareness' and `market' their services. I reminded them that they'd promised not to. They denied this to my face. They also claimed that it had always been illegal to export intangibles and that the Act had made no difference. I reminded them that until the Export Control Act was passed they had no sanctions available against someone who exported crypto electronically, as the Export of Goods (Control) Order on which they'd previously relied applied only to physical goods. In fact the whole Act was justified to parliament by this arguement. They denied this to my face – even though I'd sat through the debate in the Lords, in the opposition experts' box.

This entry was posted in Cryptography. Bookmark the permalink.