DTI to ban electronic export of crypto from the UK!

Brown, R Ken brownrk1 at texaco.com
Thu, 2 Jul 1998 08:51:46 -0500 

> Ross Anderson[SMTP:Ross.Anderson@cl.cam.ac.uk]  wrote:
> 
> In a white paper at <http://www.dti.gov.uk/export.control/stratex/>,
> President Beckett proposes to extend the export control regime from
> physical goods to the `transfer of technology by intangible means'.

As part of my job (working for a multinational company whose name you
might guess from my email address)  I had,  for many years, system
administration responsibilities on computers located outside the UK - or
outside Europe. Various Americans work on computers located in the UK.
Every day many  people from other EU countries - and a smaller number of
people located in places like Indonesia, Angola or Khazakhstan - log on
to and use computers in London and in various US sites.

Some of our computers might well use "technology" (I still cringe at
using that word to describe software - it is no more "technology" than
a poem is - but it's too late now, the marketdroids have taken over)
for which export is supposed to be controlled.  Certainly we have
documents describing that "technology" (if only because I like to read
some of the security-related web pages people post here).

Where does export take place? 

If we have strong encryption on, say, our Irish computers and UK users
were allowed to log on to them would it now be illegal for those UK
users to use that encryption? Would it be illegal for us to allow users
in Angola or Khazakstan to log on to ourt server.   Or Iraq?  Or the USA
- seeing as their CALEA makes most of our telecommunications equipment
illegal for them to use after 2000?   Are we even allowed to send each
other email talking about these issues? What *crud*.

I suspect that about 100% of the world's largest companies, give or take
a state-owned arms manufacturer or two, are in the same situation.   I,
and hundreds of thousands  of other people - possibly millions - work
across national boundaries every single day. They are mostly utterly
irrelevant, we often  exchange ideas with our colleagues or collaborate
on projects  without even noticing which country they are in  It would
be a huge economic burden to artificially impose  national boundaries on
internal transactions within companies.

Who the hell is advising the government on these issues? None of the DTI
folk who we've heard from in the last few years are anywhere near that
stupid - have they all been kicked upstairs to the department of
seat-polishing and replaced by cybermen from Cheltenham?

Ken Brown (usual disclaimer applies - except that I wouldn't be
surprised if my employers  *did* agree with me on this one, but  I
haven't asked them, and they might not  tell me if I did)