Cryptography laws could allow government interference in research: ADFA

A senior director of one of the Australian defence force’s peak cyber security think tanks has warned that new laws criminalising exports of cryptographic technology could allow the government interfere in its research for civilian uses.

Greg Austin, associate director of Australian Defence Force Academy’s ADFA’s Australian Centre for Cyber Security opened mid-2014 said that the laws had been rushed through without a thorough investigation of their workability.

The new export prohibitions are the result of amendments to the Australia’s Defence Trade Controls Act (DTCA) passed in May to include encryption technology considered eligible for dual use for military and civilian activity. The amendments bring the DTCA’s scope into line with similar laws passed in the US.

Mr Austin said that the government was unlikely to prosecute Australian cryptographic researchers but criticised its decision to introduce the laws without introducing measures to specifically protect them.

“I think there’s room for concern in that it will leave on the table a black letter law that will allow for government interference in scientific research on an issue where the government has a very different interest to the general public and the scientific community. Encryption is going to be very important for the protection of individual human rights in the future and to the protection of individuals using the internet in the future in a way that government may not like so it really is laying out the potential for some further conflict if these things can’t be resolved or made more clear in their ambit or subject to some sot of judicial review.

“There needs to be some sort of mechanism where people who are capable of understanding the technology and the social and political implications of it… can scrutinise its implementation,” Mr Austin explained.

Around 180 distinguished international cryptography researchers from across the world have already signed a petition condemning the new restrictions, which come into effect from April 2016.

Earlier this month, Electronic Frontiers Australia chair David Cake added his voice to the chorus condemning the restrictions “while it is obviously an important technology in the national security context, cryptography is also vital for the privacy and security of individuals, and is critical to commerce in the digital age. Not only is civilian cryptographic research a necessary component of a vibrant digital economy, it is also a vital tool for protection of our privacy against illegal and unethical surveillance and criminal attacks”.

Ty Miller, founder of penetration testing specialist Threat Intelligence said he was concerned that the restrictions could prevent him generating new business. He said that the new laws could stop the company from presenting its research on the international cyber security conference circuit.

“It’s an interesting time to be talking about this because we’ve got the Blackhat conference coming up in the US in August and we’re running training programs over there where we teach people to write malicious code to break into systems.

“If I’m going over there to run these training programs, does that mean I’m performing a terrorist act or a threatening national security?” Mr Miller pondered.

Mr Austin raised similar concerns pointing out that a large number of foreign nationals were involved Australian cryptographic research and said that it was not clear whether that would contravene the restrictions.

For instance, he pointed out that advanced research laboratories in the US with high-level government security clearances no longer take Chinese nationals as doctorate candidates for fear of the bureaucratic burden attached to dealing with them.

Other he said had stopped attending international conferences based on similar fears that they could face criminal sanctions for simply speaking to foreign delegates.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Defence Trade Controls Act (DTCA)ADFAcriminalisingcryptographic technologyGreg AustinCSO Australiacyber security

More about Australian Defence ForceAustralian Defence Force AcademyCSOElectronic Frontiers AustraliaEnex TestLabThreat Intelligence

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andrew Colley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place