DTI response

[Ross Anderson]

Nigel says, of the new white paper:

> DTI:  We are not all brain dead. 

So it's malice then, not ignorance. Thanks for the confirmation.

> It just suggests (as EU have done) that where a product is controlled (eg
> encryption software) the intangible export of that (by fax or E mail)
> should also be. 

Come, now, Nigel, you must be well aware that this is a huge step. It
will drag crypto research in the UK down to the US level where with
one or two honourable exceptions (such as Bruce Schneier and co)
people drivel on about zero knowledge rather than doing real work.

Even although the EU will probably stop you applying export controls
to email between member states, the white paper will curtail
scientific collaboration with non-EU researchers.

It will also hinder UK participation in scientific conferences such as
`Fast Software Encryption' where papers are submitted electronically
and authors are encouraged to include source code. FSE is a hot topic
at present given the AES competition, and in fact was started in
Britain (I held the first one here in 1993).

The white paper also proposes to ban private conversations with non-EU
nationals about weapons of mass destruction and long-range missiles
(and this could be extended to crypto at ministerial discretion). Who
is this aimed at - CND?

It will even hit us. When I was doing the research for our paper on
tamper resistance, I talked to all sorts of people with links to the
nuclear business, including from Sandia and the NSA, in order to
understand the threat models associated with PALs. Markus and I then
discussed this at length by email and exchanged many drafts of the
article. All this would be illegal under your new dispensation!

Finally, the white paper will also mess up UK industry; not that I
expect DTI to care about that

Ross