Security experts are concerned that teaching and learning about encryption might soon require approval from federal authorities under Australian law.
These experts base their fears on the Defence Trade Control Act (DTCA), a 2012 piece of legislation designed to regulate the transfer of strategic and defense technologies.
The act reads:
In order to strengthen Australia’s export controls, and to stop technology that can be used in conventional and weapons of mass destruction from getting into the wrong hands, the Act includes provisions regulating:
- intangible supply of technology relating to defence and strategic goods, such as supply by electronic means; and
- brokering the supply of Defence and Strategic Goods (DSGL) goods and technology.
Regulating military weapons is an accepted practice today. However, under the Defence and Strategic Goods list, dual-use goods that are used by both the military and civilians, including electronics and telecommunications, could also fall under the DTCA.
This provision has some analysts, including Daniel Matthews, a security blogger for Lifehacker, worried that the Australian government will soon be able to regulate certain aspects of encryption.
As Matthews notes, “it [the DSGL] covers encryption above a certain ‘strength’ level, as measured by technical parameters such as ‘key length’ or ‘field size’.”
At this time, it is unclear how strong encryption must be for it to be considered dual-use.
Matthews goes on to explain that the DSGL covers more than just the strength of encryption and also applies to systems, electronics, and other equipment designed to test, produce, and implement it.
Under the DTCA, an individual must have a permit if they are to supply DSGL-approved technology outside of Australia. This means that Australian professors who have international students, online or in the classroom, will need to obtain a permit.
The same will go for security researchers who collaborate with colleagues located in other countries.
It is unclear whether cryptocurrencies such as Bitcoin, as well as open-source software such as Tor, could also be affected.
The DTCA was originally slated to come into effect this month. However, emergency amendments passed in April have delayed the act from coming into effect until next year.