US Mass Market Crypto Exportable

[Ross Anderson]

> The point, which you have changed into something entirely different, is
> whether or not there are any UK export controls on cryptographic source
> code.

There is genuine legal uncertainty here. In 2000, the DTI brought in the
dual-use regulation, which controls intangible export from the EU of
items on the dual-use list. The view taken at the time by UUK, in a
meeting with the DTI which I attended, was that this regulation had no
effect, in the absence of primary legislation to make a criminal offence
out of intangible export. We (Nick Bohm and I) repeatedly pressed the
DTI officials to state on what grounds they held that intangible export
was now illegal. All we could get out of them was that it was illegal,
so there.

Since then, they have tried to play it both ways. On the one hand, they
say that the impact of the export control bill on industry will be zero,
because the controls already exist. On the other hand, they say that the
bill is needed to support the dual-use regulations. I have written to
Sainsbury asking him a number of questions straight out, like whether 
the Serpent code on my web site will be controlled (he says no, as the
regulations won't control material in the public domain) and whether the
500-odd emails I exchanged with Lars Knudsen and Eli Biham while we
designed Serpent would be licensable (as Nigel Hickson had said earlier);
this was basically dodged with hand-waving about how academia's needs
would be seen to by the exemptions for pure science and for information
being placed in the public domain. However, the DTI remains conspicuously
silent when we try to draw them out on the matter of pre-publication
communications that are never intended to be published; and meanwhile, to
get an EPSRC grant, you have to make a case for `relevance to 
beneficiaries', i.e. that the research is not pure but somehow applicable

Ross