Dear Member,

How would you react to a policy proposal that would require every Australian citizen to lodge copies of their home and office door keys with a government agency, so as to enable law enforcement authorities to search their personal files without their knowledge? Did you know such a scenario is a close analogy to current Australian policy on encryption software and hardware?

Electronic Frontiers Australia is a privacy advocacy group concerned about the growing intrusion of government into people's personal lives. We oppose current Australian cryptography policy on a number of grounds:

• the current export controls are a failure because strong cryptography software is already widely available throughout the world.

• the regulations impose unnecessary constraints and costs on business while doing little to achieve their aim of restricting availability of cryptographic software.

• the key escrow and key recovery technology currently encouraged as unofficial policy is fundamentably unworkable and a risk to data security.

• no objective case for the benefits of imposing such controls has been made public.

• current regulations are stifling Australian initiatives in developing secure communications protocols.

• the restrictions on deployment of strong cryptography increase the risk of criminal or terrorist attack on vital infrastructure such as banking, electricity supply etc.

We call for Australia to abolish all controls on the free use of strong cryptography. We further support the complete removal of cryptography controls from the Wassenaar Arrangement if it is renewed in September 1998. We seek your co-operation in bringing this issue to the attention of the Australian Parliament, particularly as currently applied policy appears to be at odds with the stated policies of all major parties.

Attached is a brief synopis of the issue. If you require more detailed information we stand prepared to provide expert reports and other material to back up our position on this important matter. Please contact one of the following if you wish to discuss this matter further:

Greg Taylor - Brisbane	07 3370 6362	E-mail: gtaylor@efa.org.au
Kim Heitman - Perth	08 9458 2790	E-mail: chair@efa.org.au
Danny Yee - Sydney	02 9351 5159	E-mail: danny.yee@efa.org.au

Yours sincerely,


Greg Taylor
Chair, Cryptography Committee
Electronic Frontiers Australia
http://www.efa.org.au

What is Australian government policy on encryption?
Australia is a party to the Wassenaar Arrangement, which treats strong encryption software like high-grade munitions. Export of all encryption products is banned unless a license is granted by the Minister for Defence.

What is the Wassenaar Arrangement?
This is a 1995 international regime to control trade in conventional arms and dual-use goods and technology. It replaced the previous COCOM regime. 33 countries are signatories, including most European countries, Canada, Japan, New Zealand, the USA and Australia.

How are licenses determined?
Export licenses are determined on a case by case basis. There is no published policy information to assist potential licensees. However, it is known that Australia closely follows US government policy and will issue licenses to strong encryption products if key recovery is implemented. Australian companies have already lost export orders because of this policy.

What is key recovery?
This is a method which allows an authorised agency to obtain the encryption key of a particular person or entity in order to decrypt messages or files without the cooperation or knowledge of the owner.

How does this affect domestic use of encryption?
At present there are no restrictions on domestic use in Australia. However, Australia is one of the few nations that has yet to announce its future plans for encryption policy. In the USA there are legislative moves to impose restrictions on American citizens. If these moves succeed, the US government is likely to place heavy pressure on other nations to follow suit.

Why does EFA believe current policy is a failure?
Products employing strong encryption are freely and widely available throughout the world, particularly on the Internet. The algorithms used are public knowledge and are available from any major library. Export controls only inhibit legitimate business activity. They have little effect on any potential criminal usage. EFA's views on this matter reflect those of academics, cryptographers and policy analysts around the world.

Why is this issue important?
Australia is currently placing great importance on the future of Electronic Commerce. Business, privacy and technology interests around the world are unanimous that unless there is a relaxation of the cold-war era mentality in relation to encryption policy, electronic commerce will never achieve its full potential. This is also a privacy issue. It's a consumer issue. It's a medical records issue. It's a fraud prevention issue. It's a jobs issue. It's an international competitiveness issue.

References:

Cryptography: Brute Force Attack
Is the Security of Australian business under attack from hackers and legislators alike?
LAN Magazine, Australia. June 1998.
     http://www.lanlive.com

Review of policy relating to encryption technologies (Walsh Review).
Commonwealth Attorney-General's Department 1996.
     http://www.efa.org.au/Issues/Crypto/Walsh/

Crypto Politics. Electronic Frontiers Australia.
     http://www.efa.org.au/Issues/Crypto/crypto2.html

Distributing encryption software by the Internet: Loopholes in Australian export controls. Patrick Gunning, Mallesons Stephen Jacques, 1998.
     http://www2.austlii.edu.au/itlaw/articles/Gunning_Encryption.html

The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption.
A Report by an Ad Hoc Group of Cryptographers and Computer Scientists, 1998.
     http://www.crypto.com/key_study

Cryptography's Role in Securing the Information Society.
National Research Council, USA, 1996.
     http://www.replay.com/mirror/nrc/