Wednesday, 23 March 2016

Most people in Australian tech firms at risk of 10 yrs incarceration from April 2nd, 2016

If you work in a bank; if you export a cloud service from Australia; if you are Australian and work overseas and use encryption; if you directly or indirectly use a processor >40MHz such as any smart phone... you may be headed to gaol for up to 10 years from April 2nd 2016.

Do not pass go, do not collect any investment returns, unless you have Australian Government approval for your situation, service, or product.
Most Australian and foreign businesses may have significant
additional legal risks soon. Whether you're a tech start-up or a
bank, be careful out there.

Once you stop laughing and take in the seriousness of this stupidity, if you're an Aussie or otherwise interested party, sign the petition here against this abomination.

From New defence trade controls threaten academic freedom and the economy
The Defence Trade Controls Act (DTCA) goes into effect on April 2, 2016, and it applies to all Australians, including those now living overseas.
The DTCA brings in a new regime of Department of Defence (DoD) oversight for both military “goods”, meaning new scientific ideas and means of application, and “dual-use goods”, which are innovations that may have some military use. 
The DTCA introduces a permit regime for any “intangible supply” (especially electronic communication) of new ideas in DSGL areas. Researchers and innovators who communicate any new idea overseas without permission face ten years in prison and A$400,000 fines. 
In other words, if you deal in new ideas in any of these areas, and you do not apply for a DoD permit, you are putting yourself at serious legal risk. 
The DSGL is clearly difficult to maintain. For example, it refers to integrated circuits running at 40 MHz or above, which were state of the art around 25 years ago. Recently Daniel Mathews pointed out that the DSGL controls encryption using only 512 bits, also long obsolete.
From Paranoid defence controls could criminalise teaching encryption
The bar is currently set low. For instance, software engineers debate whether they should use 2,048 or 4,096 bits for the RSA algorithm. But the DSGL classifies anything over 512 bits as dual-use. In reality, the only cryptography not covered by the DSGL is cryptography so weak that it would be imprudent to use. 
Moreover, the DSGL doesn’t just cover encryption software: it also covers systems, electronics and equipment used to implement, develop, produce or test it. 
In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare. 
Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it.
The DTCA is in essence an attempt to clamp down on research, theories, essentially ideas, that could have possible military applications. The idea itself is nothing new; Australia’s latest attempt is merely an incredibly potent example of how inept governments can be at dealing with these concerns.

With Australia’s new Prime Minister, Malcolm Turnbull’s “innovation agenda” which aims to effect a major structural change in Australia’s economy by fostering high tech industries, and attracting foreign investment into the high tech sector one must say Australia’s government seems to be at cross-purposes with itself. DTCA will kill these plans and it seems unclear if anyone has actually explained this to the new Prime Minister.

No comments:

Post a comment