Defence may reintroduce less-restrictive crypto research permits

Department says it will look at reviving two-step research permits that allowed a broad range of international cooperation on cryptography research

A spokesperson for the Department of Defence says it will consider the reintroduction of a permit that loosened restrictions on international collaboration between cryptography researchers.

Under the Defence Trade Controls Act, cryptography is a controlled export. In some circumstances, international research efforts can be classified as exporting a technology.

Prominent Australian cryptography researcher Dr Vanessa Teague, an associate professor at the University of Melbourne, has revealed that Defence declined to renew her permit allowing her to freely collaborate with researchers in countries that are not the subject of sanctions.

In its place, a more restrictive permit was granted allowing her to collaborate with researchers in three specific countries: Canada, Belgium and the UK 

Defence in 2017 initially introduced on a trial basis so-called “two step” cryptography research permits. However, that trial ended in December 2018.

“The intention of the research permits... was that you didn’t have specifically ask in advance for permission to communicate with particular countries,” Teague told Computerworld in an interview earlier this week.

“This was kind of the whole point — that you would get a general permit to do cryptography research related communication and as long as you weren’t communicating with a sanctioned country, like Iran or North Korea, you were allowed to communicate first and notify [Defence] later.”

Teague said the change was a blow to international research efforts, and that she expected to feel the impact on her work almost immediately.

“The Department of Defence has not cancelled any export permits for the University of Melbourne, or any other universities,” a Defence spokesperson told Computerworld in a statement.

However, the statement acknowledged that “When a permit expires, Defence asks the applicant to specify the countries they will be collaborating with so that the risks of the collaboration can be assessed before a new permit is issued.”

Under the two-step permits, researchers could obtain what Defence Export Control described as a “broad permit to enable the early stages of collaboration and research to proceed with a minimal level of regulation”. A second permit would be required only in “limited circumstances” to “enable more sensitive projects and collaborations to proceed under a tailored permit that will be crafted to address the identified level of risk”.

“The aim of the 2-Step permits is to achieve a balance between the need for free flow of information for research purposes in the initial stages of a research project and national security interests,” a DEC notice on the trial said. The web page outlining the permits now appears to have been taken offline by the department.

The department told Computerworld that it planned to “work with stakeholders, including the university sector, to consider whether this approach can be implemented on an ongoing basis.”

The Defence Trade Controls Act 2012 is currently subject to a government-commissioned review by former Inspector-General of Intelligence and Security Dr Vivienne Thom.

Thom’s report has been submitted to the defence minister. In a submission to the review, Teague and other Australian researchers called for a change in the act to exempt “fundamental research”, or failing that for the two-step permits to be retained.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cryptographycyber securitydepartment of defence

More about Department of DefenceUniversity of Melbourne

Show Comments