[Cryptography] Proposed US ITAR changes would require prepublication approval for most crypto research
Alfie John
alfiej at fastmail.fm
Wed Jun 10 03:53:58 PDT 2015
Thanks for the comments Adrian.
What concerns me is that from what I've seen, it only talks about
Australian academics publishing novel ideas. What is completely missing
is how these ammendments may affect Australian open source developers,
who are also non-academics, working on cryptosystems. If they publish a
novel cipher on GitHub without getting approval by DECO, is that
a GOTO Jail card?
Alfie
On Wed, Jun 10, 2015, at 04:15 PM, Adrian McCullagh wrote:
> Dear All,
>
>
> I with 4 colleagues of mine (3 at the Queensland University of
> Technology (Cryptographers all)and one from the University of
> Queensland (Legal E-commerce researcher) have been working on a paper
> dealing with the Australian Defence Trade Control Act which
> corresponds to the proposed US ITAR changes.
>
>
> Without giving everything away on our forthcoming paper, it appears to
> me that if this type of regulation had been in place in Germany in
> 1938, then it is highly likely that Einstein would never have read the
> Hahn - Strassmann paper dealing with splitting a uranium atom. That
> paper written in 1938 (December I believe) was read by Einstein in
> March 1939 and it directly lead to Einstein sending a letter to
> Roosevelt, which in turn resulted in 1942 to the establishment of the
> Manhattan project. Now if NAZI Germany had restricted that
> publication NAZI Germany could have developed the bomb itself which
> could have completely altered the outcome.
>
>
> Basically, if regimes like the ITAR rules are expanded then it works
> both ways and there could be a stifling of publication research due to
> bureaucratic mishandling. Though it could assist in the spy business
> as in the cold war.
>
>
>
>
>
>
> Dr. Adrian McCullagh Ph.D. LL.B.(Hons) B. App. Sc. (Computing) ODMOB
> Lawyers Mobile 0401 646 486 Skype. Admac57
> E: ajmccullagh57 at gmail.com
> E: amccullagh at live.com The contents of this email are confidential
> between the sender and the intended recipient. If you are not the
> intended recipient then no rights are granted to you because of
> this error and as such you are requested to promptly inform the
> sender of the error and to promptly destroy all copies of the email
> in your power, possession or control. The sender reserves all
> rights concerning this email and its contents including any
> privilege, copyright and confidentiality associated with this
> email. Even though an email signature block has been appended to
> this email, and notwithstanding the Electronic Transactions Act
> (Qld) or the Electronic Transactions Act (Cth), the signature block
> does not exhibit the senders intention to be bound by an offer
> previously sent by the intended recipient, unless the email in its
> body specifically indicated that the sender hereby accepts such an
> offer previously sent by the intended recipient.
>
>
>
>
>
> From: Alfie John Sent: Wednesday, 10 June 2015 1:54 PM To:
> Cryptography Mailing List, cypherpunks at cpunks.org
>
>
>
>
>
> Snap, from Australia:
>
> http://www.smh.com.au/it-pro/security-it/dangerous-minds-are-maths-teachers-australias-newest-threat-20150608-ghira9.html
>
> "Australian academics who teach mathematics may need to run new
> ideas by the Department of Defence before sharing them or risk
> imprisonment.
>
> Some academics are set to become much more familiar with the
> department's Defence Export Control Office (DECO), a unit that
> enforces the Defence Trade Control Act 2012, Australia's end of a
> 2007 pact with the US and UK over defence trade.
>
> Until recently, DECO only regulated physically exported weapons
> and so-called "dual use" items such as encryption, computing
> hardware and biological matter.
>
> However in March the act was updated to include "intangible
> supply", which is intended to prohibit the transfer of knowledge
> from Australia that could be used to produce weapons."
>
> Alfie
>
> On Tue, Jun 9, 2015, at 05:36 PM, pete wrote:
> > Proposed US ITAR changes. New regs, for comment, not yet in law or
> > in force.
> >
> > http://www.washingtonexaminer.com/nra-gun-blogs-videos-web-forums-threatened-by-new-obama-regulation/article/2565762
> >
> > www.gpo.gov/fdsys/pkg/FR-2015-06-03/pdf/2015-12844.pdf
> >
> >
> > Actually, it says, for the first time explicitly, that publishing
> > widely on the internet would be enough to put data into the public
> > domain
> > [000]. Sounds good?
> >
> > However, there is a great big kicker: posting ITAR technical data
> > for the first time would be an export, and you wouldn't be allowed
> > to do it without prior authorization [17].
> >
> > Reposting already-posted technical data is also making it available,
> > and you wouldn't be allowed to do that unless the initial posting
> > was authorised.
> >
> > Neither would you be allowed to sell a book or magazine or
> > periodical, even within the US, unless it had been made available
> > with an authorisation [23].
> >
> > Phil Zimmerman's trick, publishing the source to PGP in printed form
> > to put it in the public domain, would no longer work.
> >
> >
> >
> >
> >
> > There is also some trickery about redefining software as an item,
> > rather than as data; one effect of which is to put software which is
> > the result of fundamental research into the control regime.
> >
> > Of course, as "fundamental research" only means research done in the
> > US by US centers of learning, or US Government funded ..
> >
> > I get confused, but it would seem to me that eg if there is a crypto
> > conference in the US with published proceedings, the publishers
> > would need export permission for the work of foreign authors, but
> > not the work of most US authors.
> >
> >
> >
> >
> >
> > [000] "Public domain" here is not the same thing as "public domain"
> > in copyright law. The use the same words, but they are defined
> > completely differently.
> >
> > [17] To get pernickity: data which has been made publicly
> > available, including by widespread posting, would be exempt.
> >
> > However, data which hadn't been made available with proper
> > authorisation would not be exempt. This would apply to data which is
> > now in the public domain too.
> >
> > If you saw some posted data or data in a book, and you didn't
> > actually know that it hadn't been released with proper
> > authorisation, you couldn't be prosecuted for reposting it, or
> > selling the books it was in. Though you could be prevented from
> > doing it again, if someone told you its initial release has not been
> > authorised.
> >
> >
> > [23] the relevant bits:
> >
> >
> > § 120.11 Public domain.
> >
> > (a) Except as set forth in paragraph (b) of this section,
> > unclassified information and software are in the public domain,
> > and are thus not technical data or software subject to the ITAR,
> > when they have been made available to the public without
> > restrictions upon their further dissemination such as through
> > any of the following:
> >
> > (1) Subscriptions available without restriction to any individual
> > who desires to obtain or purchase the published information;
> >
> > (2) Libraries or other public collections that are open and
> > available to the public, and from which the public can obtain
> > tangible or intangible documents;
> >
> > (3) Unlimited distribution at a conference, meeting, seminar, trade
> > show, or exhibition, generally accessible to the interested
> > public;
> >
> > (4) Public dissemination (i.e., unlimited distribution) in any form
> > (e.g.,not necessarily in published form), including posting on
> > the Internet on sites available to the public; or
> >
> > (5) Submission of a written composition, manuscript or presentation
> > to domestic or foreign co-authors, editors, or reviewers of
> > journals, magazines, newspapers or trade publications, or to
> > organizers of open conferences or other open gatherings, with
> > the intention that the compositions, manuscripts, or
> > publications will be made publicly available if accepted for
> > publication or presentation.
> >
> >
> > (b) Technical data or software,whether or not developed with
> > government funding, is not in the public domain if it has been
> > made available to the public without authorization from:
> >
> > (1) The Directorate of Defense Trade Controls;
> >
> > (2) The Department of Defense’s Office of Security Review;
> >
> > (3) The relevant U.S. government contracting entity with authority
> > to allow the technical data or software to be made available to
> > the public; or
> >
> > (4) Another U.S. government official with authority to allow the
> > technical data or software to be made available to the public.
> >
> >
> >
> > § 127.1 Violations. [...]
> > (6) To export, reexport, retransfer, or otherwise make available to
> > the public technical data or software if such person has
> > knowledge that the technical data or software was made publicly
> > available without an authorization described in § 120.11(b) of
> > this subchapter.
> >
> >
> >
> >
> >
> > ps: there is yet another ITAR change on the way about exploits and
> > technical data concerning security and hacking tools. see eg;
> > http://www.theregister.co.uk/2015/06/06/whats_up_with_wassenaar/
> >
> > -- Peter Fairbrother
> >
> > _______________________________________________
> > The cryptography mailing list cryptography at metzdowd.com
> > http://www.metzdowd.com/mailman/listinfo/cryptography
>
>
> --
> Alfie John alfiej at fastmail.fm
> _______________________________________________
> The cryptography mailing list cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
--
Alfie John
alfiej at fastmail.fm
More information about the cypherpunks
mailing list