DTI to ban electronic export of crypto from the UK!

Simpson, Sam s.simpson at mia.co.uk
Fri, 3 Jul 1998 08:24:05 +0100 

Ross,

http://www.techweb.com/wire/story/TWB19980702S0015

Looks like you made the news!

Keep up the good work,

Sam Simpson,
Comms Analyst,
MIA Ltd

Opinions expressed certainly do not belong to my employer!

On 02 July 1998 14:05, Ross Anderson [SMTP:Ross.Anderson@cl.cam.ac.uk]
wrote:
> 
> In a white paper at <http://www.dti.gov.uk/export.control/stratex/>,
> President Beckett proposes to extend the export control regime from
> physical goods to the `transfer of technology by intangible means'.
> 
> `The Government therefore proposes that new legislation should provide
>  it with the power to control the transfer of technology, whatever the
>  means of transfer. This power would be used to introduce secondary
>  legislation, which it is proposed should do the following:
> 
> `* Given the ever increasing ease with which information can be
>    transferred across national boundaries by electronic means, i.e.
>    by fax or e-mail, the Government proposes to provide that
>    documents transferred abroad containing controlled technology
>    should be subject to export licensing requirements, whether
>    exported physically or in electronic form.
> 
> `* Information can also be passed on in non-documentary form
>    (e.g. orally or through personal demonstration)...'
> 
> Beckett says she will limit this latter control initially to the
> `areas of greatest concern' - weapons of mass destruction and
> long-range missiles.. because `there are sensitivities in relation to
> free speech and academic freedom.'
> 
> Jolly sweet of her. But she just doesn't get it, does she?
> 
> It's all very well to grant me the favour that I won't have to get an
> export permit to give my talk on Serpent at the Advanced Encryption
> Standard conference in Ventura this August (at least, until she
> decides to tighten up the regulations). I will just have to remove the
> source code of Serpent from my home page, or go to jail.
> 
> The real killer is that, if these regulations had already existed, it
> wouldn't have been possible to develop Serpent in the first place.
> 
> As Serpent evolved, many hundreds of emails were exchanged between
> Cambridge, Bergen and Haifa, many of them containing fragments of
> code. All of the emails leaving the UK would have had to be
> licenced. I wonder what favours GCHQ would have demanded in return for
> granting a licence?
> 
> It's not just Serpent that would have been impossible. All the other
> stuff I've done with Eli, such as Lion, Bear and Tiger, would also
> have been caught, and the bitslice work on DES he did here in
> September 95 (and which led to the code that did the DES keysearch)
> would at least have had to be redone when he went back to Israel.
> 
> In the future, we may have a much harder time getting research grants
> from companies like Intel, which are currently funding us to develop
> copyright marking and steganographic tools which they want to see
> eventually on their US developers' web site.
> 
> The impact on major industrial players in the UK computer science
> community, such as Microsoft Research and the Olivetti-Oracle Research
> Labs, could also be severe. At present all these guys can develop
> security code and ship it home by email. If shipping becomes licence
> dependent, and licences depend on the goodwill of GCHQ, and everyone
> knows that this depends on products being Trojanned, then no-one will
> want to buy any UK security code ever again.
> 
> Ross
> 
> 
> *Get Serpent now from <http://www.cl.cam.ac.uk/~rja14/#Cryptanalysis>*