To: ukcrypto@maillist.ox.ac.uk Subject: DTI to ban electronic export of crypto from the UK! Date: Thu, 2 Jul 1998 14:04:45 +0100 From: Ross Anderson Message-Id: In a white paper at , President Beckett proposes to extend the export control regime from physical goods to the `transfer of technology by intangible means'. `The Government therefore proposes that new legislation should provide it with the power to control the transfer of technology, whatever the means of transfer. This power would be used to introduce secondary legislation, which it is proposed should do the following: `* Given the ever increasing ease with which information can be transferred across national boundaries by electronic means, i.e. by fax or e-mail, the Government proposes to provide that documents transferred abroad containing controlled technology should be subject to export licensing requirements, whether exported physically or in electronic form. `* Information can also be passed on in non-documentary form (e.g. orally or through personal demonstration)...' Beckett says she will limit this latter control initially to the `areas of greatest concern' - weapons of mass destruction and long-range missiles.. because `there are sensitivities in relation to free speech and academic freedom.' Jolly sweet of her. But she just doesn't get it, does she? It's all very well to grant me the favour that I won't have to get an export permit to give my talk on Serpent at the Advanced Encryption Standard conference in Ventura this August (at least, until she decides to tighten up the regulations). I will just have to remove the source code of Serpent from my home page, or go to jail. The real killer is that, if these regulations had already existed, it wouldn't have been possible to develop Serpent in the first place. As Serpent evolved, many hundreds of emails were exchanged between Cambridge, Bergen and Haifa, many of them containing fragments of code. All of the emails leaving the UK would have had to be licenced. I wonder what favours GCHQ would have demanded in return for granting a licence? It's not just Serpent that would have been impossible. All the other stuff I've done with Eli, such as Lion, Bear and Tiger, would also have been caught, and the bitslice work on DES he did here in September 95 (and which led to the code that did the DES keysearch) would at least have had to be redone when he went back to Israel. In the future, we may have a much harder time getting research grants from companies like Intel, which are currently funding us to develop copyright marking and steganographic tools which they want to see eventually on their US developers' web site. The impact on major industrial players in the UK computer science community, such as Microsoft Research and the Olivetti-Oracle Research Labs, could also be severe. At present all these guys can develop security code and ship it home by email. If shipping becomes licence dependent, and licences depend on the goodwill of GCHQ, and everyone knows that this depends on products being Trojanned, then no-one will want to buy any UK security code ever again. Ross *Get Serpent now from *