DTI White Paper on Export Control

[Brown, R Ken]

I'm not a lawyer - so I have some questions about my interpretation  of
the language of  http://www.dti.gov.uk/export.control/stratex/


> 3.4.1  To assist in the enforcement of the expanded   offences
relating to weapons of mass destruction as   
>  well as on intangible transfers and trafficking and    brokering, the
Government proposes that new   legislation 
> should give HM Customs and Excise   (HMC&E) the powers to require the
production of   records in respect of
> such transfers. 

To a lawyer does "require the production of records" mean that they can
just demand them, or do they have to have some warrant from a court?
Does it mean that the person of whom the records are required has a duty
to keep records?

Does this section imply that a person who might transfer controlled
information abroad can be punished  for not keeping records?  If I have
no records of the email I have sent and HMC&E asked for my records how
can I prove that I didn't transfer controlled documents?

What would "records" mean in the context of email anyway?  Logs of who
has mailed who, and when? Or the content of all the mail? Or only the
content of mail which contains controlled documents (in which case I
carefully archive all the email I sent to the Pentagon and somehow
forget to store all the cc: copies I sent to North Korea and Pakistan)

If this section *doesn't* require that records be kept  then I guess
everyone from whom records are demanded will be found mysteriously to
have lost them. If it *does* then it is an excessive burden on the vast
majority of email users who are never likely  to export anything
controlled.

Note 3 to Section 3 says:
>E-mail includes transfers via the Internet and via organisations'
intranets

I assume that this would also include people dialling up computers?  Or
sharing disks on LANs?

The kind of disk sharing that was common in offices ten years ago now
works fine over international links. I can map a drive onto my PC even
if the server it is on is in another country - I know loads of people
who do their work (for example saving word processing documents) on
computers that may be very remote from where they are.  Can this sort of
thing constitute "export"?

Would there be an implied duty to not to store  documents describing
export controlled technology on computers that could be accessed from
abroad?   In most large companies anyone can now access any computer
from anywhere - do we have a duty to check that nothing controlled is on
the machines? 

What if someone in country (a) outside the UK stores an
export-controlled document my computer inside the UK and then someone
from country (b) reads it?  Have I exported it? Do I need a licence?
(N.B. these are *not* far-fetched examples this sort of thing goes on
all the time)

Could that apply to ISPs if a customer stored documents on their
computers? E.g. if I put plans for my latest 301 km range missile onto a
web page at Cix and Saddam Hussein reads it, have I broken the law, or
Cix, or both?

> In the case of nuclear  weapons, we propose that the legislation
should
> exempt involvement in the official nuclear weapons
> programmes of countries that are members of  NATO.

So we can all sleep sound in  our beds then.

As Israel is not a member of NATO can I assume that under these
proposals Mordecai Vanunu would have committed an offence under UK law?
What about the newspapers that published his story?

Of course the sorrow of it all is that no-one who really wants to build
bombs or cook up Sarin in their back room  will care in the least about
all this.    In the unlikely event of any of this getting to be law it
will be the Dangerous Dogs Act of the Internet (GAK is our Red Flag
Act).  Bad law makes it harder to prevent real abuse.