Security experts slam DTI plan to restrict encryption exports

White Paper proposes to extend law to e-mail and the spoken word.

British network managers will be further frustrated in their attempts to obtain secure encryption products and support by proposals in the Government's Strategic Export Controls White Paper.

The White Paper, published this month, extends current regulations on exporting information on cryptography, from printed and physical media, to encompass the spoken word and electronic media such as e-mail. If passed, British restrictions will be even more constraining than those in place in the US.

Ross Anderson, an Oxford don and security advisor to the BMA, said the proposed legislation would turn network managers into criminals.

"Networks regularly carry bits and pieces of crypto-code and people read mail using cryptographs," said Anderson.

Margaret Beckett, President of the Board of Trade, said the power to control the export of goods and technology with strategic importance was vital for any responsible government and needed to be updated for modern communications.

Anderson said the proposed changes were disastrous and would prevent British input on the next definition of encryption algorithms.

"The legislation forbids me from even talking about some smart card technologies because they are a by-product of the development of weapons of mass destruction," said Anderson.

The DTI says it will issue export licences but Anderson argued that this will scare off foreign investment.

Chris Sundt, of user group the International Commerce Exchange, said the proposals would further limit the development of products with strong encryption in Britain.

"There are people in Europe now offering add-ons that enable 128-bit key lengths in the exportable version of Netscape servers. Intel has discussed producing a version of the Intel CDSA crypto services libraries that has had the sensitive bits cut out - they can then be replaced locally," said Sundt.