Experts protest Aussie law banning crypto export

A controversial new military technology export control law that threatens to criminalise cryptography research could cut Australia off from the global research community, according to the International Association for Cryptologic Research (IACR).

More than 180 cryptologists and members of the IACR have signed a petition against Australia's new Defence Trade Controls Act (DTCA), raising 'deep concerns' against the law, which will come into effect next April.

The DTCA covers "dual use" technologies - those used for both military and civilian purposes - which are subject to tight supply controls due to their importance for national security.

Under the new law, comparatively weak encryption - using longer than 512 bit keys - is classified as dual-use, and cannot be supplied or exported without a permit.

Breaches of the DTCA carry harsh criminal penalties of up to ten years' imprisonment.

The IACR argued the new law would make the organisation's work illegal.

"As an international organisation of cryptographic researchers and educators, we are concerned that the DTCA criminalises the very essence of our association: to advance the theory and practice of cryptography in the service of public welfare," the IACR said.

Since encryption technology is vital to computer security for individuals, businesses and governments, the IACR argued Australia is best served by open research and education in cryptography, something it says the DTCA threatens to outlaw.

"The current legislation cuts off Australia from the international cryptographic research community and jeopardises the supply of qualified workforce in Australia's growing cybersecurity sector," the organisation said in the petition.

An earlier analysis of the DTCA by Monash University mathematician Daniel Mathews showed that under the new law, academic computer science courses could be classified as exporting military technology.

Mathews noted there was no explicit exemption for education or public interest material in the new law, potentially leaving academics vulnerable to criminal prosecution for studying cryptography.

"... an Australian professor emailing an American collaborator or postgraduate student about a new applied cryptography idea, or explaining a new variant on a cryptographic algorithm on a blackboard in a recorded lecture broadcast over the internet - despite having nothing explicitly to do with military or intelligence applications - may expose herself to criminal liability," Mathews wrote.