Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Oz Defence Dept 'not punitive' with crypto export controls

David Hook of Bouncy Castle fame, says consultations are hosing down fears

Australia's Department of Defence is meeting with security professionals, including Google, to nut out the finer points of that country's dual-use control laws in what is described as a move away from a punitive crack-down on information security data sharing.

Nine Defence delegates and five of 15 invited industry and other agency bods met in Canberra in May to discuss the amended Defence Controls Act, which received Royal Assent on April 2nd.

The amended Act includes a 12-month compliance breather such that those exporting controlled dual use technologies like security exploits and cryptography will not face prosecution under penalties ranging up to a 10-year prison term.

David Hook, founder of popular cryptography API library Bouncy Castle said Defence is keen to avoid a punitive approach.

"I've talked to quite a few Defence people now and they are trying not to be punitive about it; it is not their intention that this should be some sort of reign of terror," Hook said.

"Crypto invades almost everything now and they understand how important this is to commerce," he added. "From a national security point of view, if your legal system creates an environment where it is impossible for anyone in the area to work in your country, people will stop; the DSD (Australian Signals Directorate) still want to hire those skills themselves."

Hook has supplied Defence with a scenario of how the Act could apply to Bouncy Castle, noting that a version of the library developed for FIPS compliance would require a Defence Export Control Office permit for only the temporary period in which it is a closed-door operation.

The FIPS library would then be released open source and therefore no longer be subject to the Act.

Google is supplying its own scenario of how the Act could apply to it.

Defence Export Control Office heads Gabrielle Burrell and Claire Willette chaired the 15 May meeting, which, according to meeting documents seen by Vulture South, discussed the extension of the Strengthened Export Controls steering group until April next year, and record keeping and compliance requirements under the Act.

The committee notes that controlled technologies will not require a permit in order to be hosted offshore, nor if that technology is stored in an email account and is accessed by an Australian located overseas.

The documents state that Australian teachers educating overseas students on cryptography will not be subject to the Act because the material is "in the public domain" and neither will those who publish crypto software – with the exception of when the technology applies to "weapons of mass destruction".

Defence is focused on building "appropriate" licences and "clear and concise guidance" for businesses and open source contributors, and will hold its next meeting on 27 August. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like