|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. |
16 December 2007
Ross Anderson website: http://www.cl.cam.ac.uk/~rja14/
To: ukcrypto[at]chiark.greenend.org.uk Subject: Are commonly used SSL/TLS ciphers controlled by the Export Control Act? From: Ross Anderson <Ross.Anderson[at]cl.cam.ac.uk> Date: Sun, 16 Dec 2007 12:56:28 +0000 List-Archive: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/> Nick Bohm and I spent a lot of time in 2001-2 lobbying against what became the Export Conrol Act. We pointed out at the time that extending export controls from physical goods to intangibles would cause havoc with the software industry and with scientific research. Officials weren't interested although the minister, Lord Sainsbury, did pay some attention to the effects on science. We got the Tories, the Liberals and a good number of crossbenchers (led by the then president of the Royal Society, Bob May, who made his maiden speech in the Lords on the issue) and inserted what's now section 8 into the Act, which given an exemption for scientific research. Officials promptly did an end-run around this by making regulations to pass into UK law an EU regulation controlling the export of dual-use intangibles (reg 1334/2000), thus in effect defeating the will of parliament with a classic piece of policy laundering. We argued repeatedly at the time that the introduction of such regulations would criminalise many academics - for example if I put a remark on our security mailing list about cryptanalysis and it goes to George at Microsoft via Redmond - and also criminalise many software developers, who use algorithms such as AES much like duct tape. A government peer told me, "Look, dear boy, you can never get laws to fit the boundaries exactly - just trust us and keep proper records." Officials said that they had no plans whatsoever to use export control laws against academics. In 2006, the Act got its four-year post-implementation review by the Quadripartitie Committee. I made the following submission: www.cl.cam.ac.uk/~rja14/fipr-exportcontrol-2006.pdf Earlier this year I was invited to a meeting at DTI along with folks from the Royal Society and UUK. The officials gleefully announced that they'd realised that academics weren't using the export control procedures and asked our opinion about how we could help them `raise awareness' and `market' their services. I reminded them that they'd promised not to. They denied this to my face. They also claimed that it had always been illegal to export intangibles and that the Act had made no difference. I reminded them that until the Export Control Act was passed they had no sanctions available against someone who exported crypto electronically, as the Export of Goods (Control) Order on which they'd previously relied applied only to physical goods. In fact the whole Act was justified to parliament by this arguement. They denied this to my face - even though I'd sat through the debate in the Lords, in the opposition experts' box. I have refused to meet with export control officials since then; I take the view that people who will lie to my face, not just about previous discussions but about matters of record in Hansard, are not trustworthy counterparties. The reason for the push now is, I suspect, a deliberate departmental strategy to enforce the new provisions only against the usual suspects (BAe etc) during its bedding-in phase, get a positive review, and then start building a huge empire afterwards. We academics still have loopholes we can use. For example, the Serpent source code [URL by Cryptome] is still on my website, and it will stay there, and I'm not applying for a license. If it's downloaded by someone outside the EU than it's they who do the `export', not me. But this is a lot harder to use if you have developers working in a number of countries who're constantly shuffling code to and from version control system. So the UK software industry now stands to get screwed. I did my best, but enough other people weren't interested at the time. I'm afraid it's up to the likes of IBM and HP and M$ and Google to do the heavy lifting now. Or maybe they will just shift development to India ... Ross PS: BTW Julian the export control laws are carefully designed so that you can't "roll your own". There are a number of open licences and they even used to be online - but even then you had to register to use them. Now you have to go cap in hand even to find out what they are. And it appears to be policy to screw anyone who tries to be independent. Henry Beker and Chris Avery wrote a paper on this back during the crypto wars, but it seems to have vanished from the web - their story as crypto exporters was that the entire purpose of the system was to drive you to a meeting at which the man from GCH would try to persuade you to use as weak crypto as possible They idea that anyone could understand the rules well enough to chart a path through for themselves was anathema. Indeed, there were one or two occasions during the Lords debate when Nick and I tried to parse the thicket and decide whether software X could be exported to country Y - we usually found ouselves able to argue it both ways, and once we each changed our minds overnight and argued different ends in the morning. There are so many layers of regulations that cross-refer to each other in complex ways: the legal equivalent of software obscurity --- original message --- To: ukcrypto[at]chiark.greenend.org.uk Subject: Are commonly used SSL/TLS ciphers controlled by the Export Control Act? Reply-To: ukcrypto[at]chiark.greenend.org.uk Forgive me if this is a FAQ - I could find only two references to "export control act" in the archives: Cryptographic ciphers appear at 5A002.a.1 in the UK Strategic Export Control List[1]. The text, reproduced at [3], clearly covers the "strong" symmetric and asymmetric ciphers commonly used in SSL/TLS. According to BERR's website[2], this implies that all exports of >56 bit SSL technology are controlled, and appropriate export licences will be required to export code (source/object) to countries outside the EU. Is this really the case? If not, can anyone point me to an exemption/case law that establishes one? The nearest thing to an exemption I can find is section 8 of the Export Control Act 2002, which forbids the Secretary of State from making control orders that would have the affect of regulating, inter alia, "the communication of information that is generally available to the public"[4]. The SSL algorithms clearly are generally available to the public, but since the SoS has, as a matter of fact, made a control order that regulates their communication, presumably he would need to be challenged in court before a potential exporter could feel safe from prosecution if he exported outside the EU without a licence? And does it make any difference whether you distribute source code or binaries? Julian Midgley [1] Current Export Control List at: http://www.berr.gov.uk/files/file42587.pdf [2] A Beginner's Guide to Export Controls: http://www.dti.gov.uk/europeandtrade/strategic-export-control/help-advice/page33913.html [3] The relevant text cut and pasted from p. 179 of the current Export Control List: 1. Designed or modified to use "cryptography" employing digital techniques performing any cryptographic function other than authentication or digital signature having any of the following: [ Technical Notes snipped ] a. A "symmetric algorithm" employing a key length in excess of 56 bits; or b. An "asymmetric algorithm" where the security of the algorithm is based on any of the following: 1. Factorisation of integers in excess of 512 bits (e.g., RSA); 2. Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ); or 3. Discrete logarithms in a group other than mentioned in 5A002.a.1.b.2. in excess of 112 bits (e.g., Diffie-Hellman over a n elliptic curve); [4] Section 8 of the Export Control Act: http://tinyurl.com/2hsk8q