[Cryptography] Proposed US ITAR changes would require prepublication approval for most crypto research

Adrian McCullagh amccullagh at live.com
Wed Jun 10 02:15:17 EDT 2015 

Dear All,


I with 4 colleagues of mine (3 at the Queensland University of Technology (Cryptographers all)and one from the University of Queensland (Legal E-commerce researcher) have been working on a paper dealing with the Australian Defence Trade Control Act which corresponds to the proposed US ITAR changes.


Without giving everything away on our forthcoming paper, it appears to me that if this type of regulation had been in place in Germany in 1938, then it is highly likely that Einstein would never have read the Hahn - Strassmann paper dealing with splitting a uranium atom.  That paper written in 1938 (December I believe) was read by Einstein in March 1939 and it directly lead to Einstein sending a letter to Roosevelt, which in turn resulted in 1942 to the establishment of the Manhattan project.  Now if NAZI Germany had restricted that publication NAZI Germany could have developed the bomb itself which could have completely altered the outcome.


Basically, if regimes like the ITAR rules are expanded then it works both ways and there could be a stifling of publication research due to bureaucratic mishandling.  Though it could assist in the spy business as in the cold war.






Dr. Adrian McCullagh 
Ph.D. LL.B.(Hons) B. App. Sc. (Computing)
ODMOB Lawyers 
Mobile 0401 646 486
Skype.   Admac57
E: ajmccullagh57 at gmail.com
E: amccullagh at live.com 
The contents of this email are confidential between the sender and the intended recipient. If you are not the intended recipient then no rights are granted to you because of this error and as such you are requested to promptly inform the sender of the error and to promptly destroy all copies of the email in your power, possession or control. The sender reserves all rights concerning this email and its contents including any privilege, copyright and confidentiality associated with this email. Even though an email signature block has been appended to this email, and notwithstanding the Electronic Transactions Act (Qld) or the Electronic Transactions Act (Cth), the signature block does not exhibit the senders intention to be bound by an offer previously sent by the intended recipient, unless the email in its body specifically indicated that the sender hereby accepts such an offer previously sent by the intended recipient.





From: Alfie John
Sent: ‎Wednesday‎, ‎10‎ ‎June‎ ‎2015 ‎1‎:‎54‎ ‎PM
To: Cryptography Mailing List, cypherpunks at cpunks.org





Snap, from Australia:

    http://www.smh.com.au/it-pro/security-it/dangerous-minds-are-maths-teachers-australias-newest-threat-20150608-ghira9.html

    "Australian academics who teach mathematics may need to run new
    ideas by the Department of Defence before sharing them or risk
    imprisonment.

    Some academics are set to become much more familiar with the
    department's Defence Export Control Office (DECO), a unit that
    enforces the Defence Trade Control Act 2012, Australia's end of a
    2007 pact with the US and UK over defence trade.

    Until recently, DECO only regulated physically exported weapons and
    so-called "dual use" items such as encryption, computing hardware
    and biological matter.

    However in March the act was updated to include "intangible supply",
    which is intended to prohibit the transfer of knowledge from
    Australia that could be used to produce weapons."

Alfie

On Tue, Jun 9, 2015, at 05:36 PM, pete wrote:
> Proposed US ITAR changes. New regs, for comment, not yet in law or
> in force.
>
> http://www.washingtonexaminer.com/nra-gun-blogs-videos-web-forums-threatened-by-new-obama-regulation/article/2565762
>
> www.gpo.gov/fdsys/pkg/FR-2015-06-03/pdf/2015-12844.pdf
>
>
> Actually, it says, for the first time explicitly, that publishing
> widely on the internet would be enough to put data into the
> public domain
> [000]. Sounds good?
>
> However, there is a great big kicker: posting ITAR technical data for
> the first time would be an export, and you wouldn't be allowed to do
> it without prior authorization [17].
>
> Reposting already-posted technical data is also making it available,
> and you wouldn't be allowed to do that unless the initial posting was
> authorised.
>
> Neither would you be allowed to sell a book or magazine or periodical,
> even within the US, unless it had been made available with an
> authorisation [23].
>
> Phil Zimmerman's trick, publishing the source to PGP in printed form
> to put it in the public domain, would no longer work.
>
>
>
>
>
> There is also some trickery about redefining software as an item,
> rather than as data; one effect of which is to put software which is
> the result of fundamental research into the control regime.
>
> Of course, as "fundamental research" only means research done in the
> US by US centers of learning, or US Government funded ..
>
> I get confused, but it would seem to me that eg if there is a crypto
> conference in the US with published proceedings, the publishers would
> need export permission for the work of foreign authors, but not the
> work of most US authors.
>
>
>
>
>
> [000] "Public domain" here is not the same thing as "public domain" in
>       copyright law. The use the same words, but they are defined
>       completely differently.
>
>  [17] To get pernickity: data which has been made publicly available,
>       including by widespread posting, would be exempt.
>
> However, data which hadn't been made available with proper
> authorisation would not be exempt. This would apply to data which is
> now in the public domain too.
>
> If you saw some posted data or data in a book, and you didn't actually
> know that it hadn't been released with proper authorisation, you
> couldn't be prosecuted for reposting it, or selling the books it was
> in. Though you could be prevented from doing it again, if someone told
> you its initial release has not been authorised.
>
>
>  [23] the relevant bits:
>
>
> § 120.11 Public domain.
>
> (a) Except as set forth in paragraph (b) of this section, unclassified
>     information and software are in the public domain, and are thus
>     not technical data or software subject to the ITAR, when they have
>     been made available to the public without restrictions upon their
>     further dissemination such as through any of the following:
>
> (1) Subscriptions available without restriction to any individual who
>     desires to obtain or purchase the published information;
>
> (2) Libraries or other public collections that are open and available
>     to the public, and from which the public can obtain tangible or
>     intangible documents;
>
> (3) Unlimited distribution at a conference, meeting, seminar, trade
>     show, or exhibition, generally accessible to the interested
>     public;
>
> (4) Public dissemination (i.e., unlimited distribution) in any form
>     (e.g.,not necessarily in published form), including posting on the
>     Internet on sites available to the public; or
>
> (5) Submission of a written composition, manuscript or presentation to
>     domestic or foreign co-authors, editors, or reviewers of journals,
>     magazines, newspapers or trade publications, or to organizers of
>     open conferences or other open gatherings, with the intention that
>     the compositions, manuscripts, or publications will be made
>     publicly available if accepted for publication or presentation.
>
>
> (b) Technical data or software,whether or not developed with
>     government funding, is not in the public domain if it has been
>     made available to the public without authorization from:
>
> (1) The Directorate of Defense Trade Controls;
>
> (2) The Department of Defense’s Office of Security Review;
>
> (3) The relevant U.S. government contracting entity with authority to
>     allow the technical data or software to be made available to the
>     public; or
>
> (4) Another U.S. government official with authority to allow the
>     technical data or software to be made available to the public.
>
>
>
> § 127.1 Violations. [...]
> (6) To export, reexport, retransfer, or otherwise make available to
>     the public technical data or software if such person has knowledge
>     that the technical data or software was made publicly available
>     without an authorization described in § 120.11(b) of this
>     subchapter.
>
>
>
>
>
> ps: there is yet another ITAR change on the way about exploits and
>     technical data concerning security and hacking tools. see eg;
>     http://www.theregister.co.uk/2015/06/06/whats_up_with_wassenaar/
>
> -- Peter Fairbrother
>
> _______________________________________________
> The cryptography mailing list cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography


-- 
  Alfie John
  alfiej at fastmail.fm
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150610/ce83f582/attachment.html>

More information about the cryptography mailing list