Electronic Frontiers Australia Inc.
Media Release 30th June 1998 CALL TO ABOLISH AUSTRALIAN CRYPTO CONTROLS Electronic Frontiers Australia (EFA) today called for the abolition of all controls on cryptography in Australia. EFA spokesperson Greg Taylor said, "The current export controls are a failure because strong cryptography software is already widely available throughout the world. Furthermore the regulations are stifling Australian initiatives in developing secure communications protocols." "Far from achieving their purpose of preventing criminal activity, the restrictions on deployment of strong cryptography increase the risk of criminal attack on vital infrastructure such as banking and the electricity supply system.", Mr. Taylor said. "EFA welcomes the Australian government's recent initiatives in respect to Electronic Commerce. However, these initiatives will come to nothing if secure communications cannot be guaranteed. Business, privacy and technology interests around the world are unanimous that unless there is a relaxation of the cold-war era mentality in relation to encryption policy, electronic commerce will never achieve its full potential. This is also a privacy issue, a fraud prevention issue, a jobs issue, and an international competitiveness issue." "The Defence Department, which is responsible for administering export controls under the terms of the Wassenaar Arrangement, has extended Australia's compliance with the agreement by encouraging key recovery "backdoors" in systems proposed for export licensing. This is despite extensive international evidence that key recovery systems of the type proposed by law enforcement agencies are fundamentally unworkable and a risk to data security." said Mr. Taylor. "How would Australian citizens react if they were required to lodge copies of their home and office door keys with a government agency, so as to enable law enforcement authorities to search their personal files without their knowledge? Yet that is a close analogy to current Australian policy on encryption software." The Department of Defence has recently come under fire for threatening to prosecute a Brisbane-based cryptography development group, who developed a world-renowned crypto-library and made it available online to commercial software developers. This software has been incorporated into the leading web-server product used for secure electronic commerce. It is generally acknowledged that the current export regulations, administered through the Customs Act, do not apply to software made available for downloading on the Internet, and EFA will lobby Labor and the Democrats to oppose any moves to amend the Act to ban electronic export. One of the Brisbane development team, Tim Hudson, said, "The crypto export restrictions are based on the premise that not only are there no competent programmers or mathematicians elsewhere in the world, but also that the Internet does not exist and that no one can read or type. The source code behind the majority of modern encryption algorithms is available in almost every major library in the world." Mr Taylor continued, "Australia can show the lead by proposing that cryptography goods be dropped from the terms of the Wassenaar Arrangement, an international regime to control trade in high-grade munitions. Federal Coalition policy opposes heavy-handed attempts to ban strong encryption techniques, and the other major Federal parties have also supported relaxation of current controls. Furthermore, the Prime Minister announced in March that Australia would adopt the OECD Cryptography guidelines, which are regarded as far more acceptable than existing controls. Despite these promising statements, Australia persists with a cold-war mentality when it comes to actually implementing policy." "EFA intends to contact every Senator and Member of Parliament to bring them up-to-date with this issue. Despite the importance of cryptography to Australia's future in the Information Age, the matter has received scant attention by the Parliament. We think it's time that our legislators were informed about this critical issue," Mr. Taylor concluded. Electronic Frontiers Australia is an online privacy advocacy group concerned about the growing intrusion of government into people's personal lives. [ENDS] ------------------------------------------------------------------------- For further information: Greg Taylor - Brisbane 07 3370 6362 E-mail: email@example.com Kim Heitman - Perth 08 9458 2790 E-mail: firstname.lastname@example.org Danny Yee - Sydney 02 9351 5159 E-mail: email@example.com Electronic Frontiers Australia Inc http://www.efa.org.au ------------------------------------------------------------------------- BACKGROUND What is encryption? Encryption is technology that scrambles computer files and communications to protect privacy. It protects everything from medical records to ATM transactions. What is Australian government policy on encryption? Australia is a party to the Wassenaar Arrangement, which treats strong encryption software like high-grade munitions products. Export of all encryption products is banned unless a license is granted by the Minister for Defence. What is the Wassenaar Arrangement? This is a 1995 international regime to control trade in conventional arms and dual-use goods and technology. It replaced the previous COCOM regime. 33 countries are signatories, including most European countries, Canada, Japan, New Zealand, the USA and Australia. How are licenses determined? Export licenses are determined on a case by case basis. There is no published policy information to assist potential licensees. However, it is known that Australia closely follows US government policy and will issue licenses to strong encryption products if key recovery is implemented. Australian companies have already lost export orders because of this policy. What is key recovery? This is a method which allows an authorised agency to obtain the encryption key of a particular person or entity in order to decrypt messages or files without the cooperation or knowledge of the owner. How does this affect domestic use of encryption? At present there are no restrictions on domestic use in Australia. However, Australia is one of the few nations that has yet to announce its future plans for encryption policy. In the USA there are legislative moves to impose restrictions on American citizens. If these moves succeed, the US government is likely to place heavy pressure on other nations to follow suit. Why does EFA believe current policy is a failure? Products employing strong encryption are freely and widely available throughout the world, particularly on the Internet. The algorithms used are public knowledge and are available from any major library. Export controls only inhibit legitimate business activity. They have little effect on any potential criminal usage. EFA's views on this matter reflect those of academics, cryptographers and policy analysts around the world. Why is this issue important? Australia is currently placing great importance on the future of Electronic Commerce. Business, privacy and technology interests around the world are unanimous that unless there is a relaxation of the cold-war era mentality in relation to encryption policy, electronic commerce will never achieve its full potential. This is also a privacy issue. It's a consumer issue. It's a medical records issue. It's a fraud prevention issue. It's a jobs issue. It's an international competitiveness issue. References: Cryptography: Brute Force Attack Is the Security of Australian business under attack from hackers and legislators alike? LAN Magazine, Australia. June 1998. http://www.lanlive.com Review of policy relating to encryption technologies (Walsh Review). Commonwealth Attorney-General's Department 1996. http://www.efa.org.au/Issues/Crypto/Walsh/ Crypto Politics. Electronic Frontiers Australia. http://www.efa.org.au/Issues/Crypto/crypto2.html Distributing encryption software by the Internet: Loopholes in Australian export controls. Patrick Gunning, Mallesons Stephen Jacques, 1998. http://www2.austlii.edu.au/itlaw/articles/Gunning_Encryption.html The Federal Coalition's "Australia Online" pre-election policy on privacy and commercial security. http://www.liberal.org.au/ARCHIVES/ONLINE/online.htm The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists, 1998. http://www.crypto.com/key_study Cryptography's Role in Securing the Information Society. National Research Council, USA, 1996. http://www.replay.com/mirror/nrc/
Return to EFA Media Release Page
Copyright © 1998 Electronic Frontiers Australia Inc.