back to article Oz Defence Dept 'not punitive' with crypto export controls

Australia's Department of Defence is meeting with security professionals, including Google, to nut out the finer points of that country's dual-use control laws in what is described as a move away from a punitive crack-down on information security data sharing. Nine Defence delegates and five of 15 invited industry and other …

  1. James Ashton
    WTF?

    Crypography of Mass Destruction?

    'nor will those who publish crypto software, with the exception of when the technology applies to "weapons of mass destruction" '

    How can cryptography apply specifically to weapons of mass destruction? If I publish general-purpose cryptographic software and a third party uses it to massively destroy stuff, am I on the hook? If not, what's the point of trying to control this stuff? If so, Defence's "not punitive" claims aren't very credible.

  2. david 12 Silver badge

    It's still a mess

    Does Not, "Not apply to devices"

    " Sending, receiving or storing information (except in support of entertainment, mass commercial broadcasts, digital rights management or medical records management); or"

    So, does apply to IOT hardware adapters, which use SSL. Cen't be sold overseas without a permet. Because a TCP/IP HTTPS web interface for your sensor/power/light/water building managment system is a general purpose communications encryption device not covered by one of the exemptions :DRM, medical, entertainment, broadcast.

    1. GrumpyOldBloke

      Re: It's still a mess

      Yup, still looks like a *crap what have we done* moment.

      Bouncy Castle will have to stuff around with the bureaucracy in Canberra for the temporary period for which it is closed source. Why bother, get that bit done and merged with your code off shore.

      Australian teachers educating overseas students on cryptography will not be subject to the Act because the material is in the public domain. Unless the students start doing pure research for their thesis etc in which case they may well come under the act. Again, why bother. Do that bit offshore.

      Defence is focused on building "appropriate" licences and "clear and concise guidance" for businesses and open source contributors. Which under the neo nuts ideology will be user pays. Given what it costs to recover information under FOI laws. What will the recovery costs be for a bunch of no doubt senior signals bods to review your machine. All for the privilege of giving your IP to our 5 eyes + 1 friends that have already done so much damage to our democracy.

      From a national security point of view, if your legal system creates an environment where it is impossible for anyone in the area to work in your country, people will stop. Yup. Risk 10 years jail to educate yourself and an unknown amount of money to commercialise or discuss anything so that you can ultimately end up in Canberra paying off a $1 to $2 million dollar mortgage helping the clown in chief lie about weapons of mass destruction and death cults to your children.

  3. Mark 65

    So, what I'm getting from this is that: the World has moved on; everyone has access to crypto; and the act is in essence bloody pointless.

  4. Charles Manning

    It's like banning guns

    Ban guns and only the bad guys will have them. Law abiding people will have nothing to protect themselves and their property from scum.

    Now s/guns/crypto/.

    Banning crypto is not going to stop the bad guys from using it. Only the law abiding citizens will be compromised.

    Johnny terrorist is not going to hand over his guns or his crypto.

    What we will end up though is a paranoid bunch of citizens: "OMG!!!! He's got a PGP key!!!!"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like