Export Controls on Intangible Goods

Brian Gladman gladman at seven77.demon.co.uk
Tue, 2 Feb 1999 10:52:45 -0000 

Some time ago I published an open letter to the DTI concerning the possible
impact of the proposed legislation on the control of intangibles on the
publication of crypto source code and R&D results on the Web.  I used my
site at:

     http://www.seven77.demon.co.uk/aes.htm

as an example.   I now have a response from Bridget Butt at the DTI (my
thanks to Nigel and to Bridget for providing this) and a copy of this is
included below.  I have also had a conversation with Bridget about these
issues and it seems that the DTI is determined to continue with these
proposlas (for which the EC is being 'blamed').

My impression is that the DTI is somewhat blindly following the the
principle that if something is controlled in physical form then the same
control should be exerted over any intangible equivalent. There does not
seem to be any concern about the practical difficulties of implementing such
controls or about the impact that they will have on many important and
beneficial activities.  As far as I can ascertain there has been no attempt
to assess such issues proir to any legislation.

The strong impression I have is that this is seen as a 'loophole' that has
to be closed simply as an 'an act of faith' without regard for practicality
or any detrimental consequences that this might have.

So we have a situation in which this 'loophole' is to be closed without any
knowledge of the real benefits this will provide, without any knowledge of
the practicality or the costs involved, and without any understanding of the
impact that this will have on desirable activities!  All in all, a pretty
sound basis for legislation.

It hence seems that we now need to lobby our MPs and MEPs to ensure that the
they understand what is being proposed.  With this and the Electronic
Compromise (oops Commerce) Bill, it would seem that government policy in
these areas is completely at the mercy of the hawks in the Civil Service.

If ever our civil liberties and our hard won personal and academic freedoms
needed protection they most certainly need it now.  And this from a Labour
government that promised us a Freedom of Information Bill and the removal of
all controls on cryptography!

      Brian


-----------------------------------------------------------
Dr B. R. Gladman
(by email)


Dear Dr Gladman

In your open letter to the DTI which was sent to Nigel Hickson, and which he
has passed on to me for reply, you ask whether the Web Page described in
your letter would become illegal under any future government legislation on,
or related to, the control of cryptography or intangible exports.

The first point to make with regard to proposed legislation on the
introduction of export controls on the electronic transfer of technology or
software (as set out in the White Paper on Strategic Export Controls and in
the European Commission’s proposal for a revised Dual-use Goods Regulation),
is that the same general principles determining whether or not a licence is
required will apply to electronic transfers, as apply to exports in physical
form.

As your query relates to cryptography which is of course a dual-use
technology, it is the European Commission’s proposal for a revised Dual-use
Goods Regulation (COM 1998 257 final) which needs to be considered.  The
first point I must make is that the Commission’s proposal is, of course,
only draft legislation and could well be subject to changes before being
adopted.  In particular, the issue of how the legislation would apply to
technology or software placed on Internet websites is a matter currently
under discussion within the Community and so I cannot give you a categorical
answer to your question.  What I can say, however, is that under the
Commission’s proposal, the same conditions would apply  to transfers of
technology or software made by electronic means as would apply to transfers
in tangible form.  As I am sure you are aware, technology or software in the
public domain is not normally subject to export control (transfers of
public domain technology or software  may be caught by the end-use control
related to weapons of mass destruction). Under the Commission’s proposal,
“in the public domain” would continue to be defined as meaning “technology”
or “software” which had been made available without restrictions upon its
further dissemination (copyright restrictions do not remove “technology” or
“software” from being “in the public domain”)”.  To the extent that the AES
scheme fulfilled these conditions, then it would be regarded as “in the
public domain” and not therefore subject to export control.

You will also probably be aware of the proposed Wassenaar Cryptography Note.
This is likely to have been introduced into EC legislation before the
proposal on intangible transfers.  This will mean that, to the extent that
cryptographic software placed on a website was not regarded as being in the
public domain, (e.g. because of restrictions placed on its dissemination) it
could still be released from export control if it met the conditions of the
Cryptography Note.


Yours sincerely


Bridget Butt


BRIDGET BUTT
Scott Inquiry Follow-up Unit