Cryptography laws could allow government interference in research: ADFA

A senior director of one of the Australian defence force’s peak cyber security think tanks has warned that new laws criminalising exports of cryptographic technology could allow the government interfere in its research for civilian uses.

Greg Austin, associate director of Australian Defence Force Academy’s ADFA’s Australian Centre for Cyber Security opened mid-2014 said that the laws had been rushed through without a thorough investigation of their workability.

The new export prohibitions are the result of amendments to the Australia’s Defence Trade Controls Act (DTCA) passed in May to include encryption technology considered eligible for dual use for military and civilian activity. The amendments bring the DTCA’s scope into line with similar laws passed in the US.

Mr Austin said that the government was unlikely to prosecute Australian cryptographic researchers but criticised its decision to introduce the laws without introducing measures to specifically protect them.

“I think there’s room for concern in that it will leave on the table a black letter law that will allow for government interference in scientific research on an issue where the government has a very different interest to the general public and the scientific community. Encryption is going to be very important for the protection of individual human rights in the future and to the protection of individuals using the internet in the future in a way that government may not like so it really is laying out the potential for some further conflict if these things can’t be resolved or made more clear in their ambit or subject to some sot of judicial review.

“There needs to be some sort of mechanism where people who are capable of understanding the technology and the social and political implications of it… can scrutinise its implementation,” Mr Austin explained.

Around 180 distinguished international cryptography researchers from across the world have already signed a petition condemning the new restrictions, which come into effect from April 2016.

Earlier this month, Electronic Frontiers Australia chair David Cake added his voice to the chorus condemning the restrictions “while it is obviously an important technology in the national security context, cryptography is also vital for the privacy and security of individuals, and is critical to commerce in the digital age. Not only is civilian cryptographic research a necessary component of a vibrant digital economy, it is also a vital tool for protection of our privacy against illegal and unethical surveillance and criminal attacks”.

Ty Miller, founder of penetration testing specialist Threat Intelligence said he was concerned that the restrictions could prevent him generating new business. He said that the new laws could stop the company from presenting its research on the international cyber security conference circuit.

“It’s an interesting time to be talking about this because we’ve got the Blackhat conference coming up in the US in August and we’re running training programs over there where we teach people to write malicious code to break into systems.

“If I’m going over there to run these training programs, does that mean I’m performing a terrorist act or a threatening national security?” Mr Miller pondered.

Mr Austin raised similar concerns pointing out that a large number of foreign nationals were involved Australian cryptographic research and said that it was not clear whether that would contravene the restrictions.

For instance, he pointed out that advanced research laboratories in the US with high-level government security clearances no longer take Chinese nationals as doctorate candidates for fear of the bureaucratic burden attached to dealing with them.

Other he said had stopped attending international conferences based on similar fears that they could face criminal sanctions for simply speaking to foreign delegates.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags CSO AustraliacriminalisingDefence Trade Controls Act (DTCA)ADFAcryptographic technologyGreg Austin

Show Comments