*The Australian government may have classified your calculator — and phone, and computer, and every electronic device you own — as military weapons.*

You wouldn’t think your phone, or calculator, or laptop computer, is a weapon on par with tanks, rockets, and missiles. But the Australian government may well have classified it as one, thanks to a very interesting display of scientific and mathematical ignorance.

Now, most people, I think, wouldn’t have too much of a problem with the government sensibly regulating things like munitions, artillery, and weapons of mass destruction. But if that regulation were not sensible, then there might be a problem. And if that regulation extended to include things like your iPad, then there might be a *big* problem. Unfortunately, the Australian government has quite possibly done precisely that.

The Australian government maintains a list of all the things it considers important to national defence and security. It’s called the *Defence and Strategic Goods List*. Goods on this list are tightly controlled: there are heavy penalties for proliferating them.

Now, to be fair, compiling such a list is not easy. The list needs to remain current with science and technology, which in many fields is rapidly advancing. Moreover, defining what is and isn’t a military-grade weapon may be a bit more difficult than you think. Some objects have dangerous military uses as well as safe civilian uses.

Nonetheless, there is very little to indicate that the *Defence and Strategic Goods List* has been designed with the requisite degree of diligence.

Others have raised issues about the *List*: for instance, the National Tertiary Education Union (NTEU) is running a campaign on the issue and has set up a very informative website about it. Even the Senate Foreign Affairs Defence and Trade Committee report on the topic concluded that the law “would benefit from further scrutiny”, with half the committee describing it as “a complex and flawed piece of legislation”.

That’s not to mention the specific issues have raised about its effects on various research fields. For instance, my colleague Kevin Korb at Monash has calculated that 18 out of 61 masters level courses in the Faculty of Information Technology would fall under the strict controls of the List.

As a mathematician, I want to focus on one particular part of the list: *encryption*. And this particular part of the list, properly understood, overreaches enormously into everyday life.

### Encryption: for people, not the State

But before going into the details of the *List*‘s definitions, it’s worth considering: why should encryption be regarded as a weapon in the first place?

Encryption is not a physical thing; messages and information are encrypted by *algorithms* running in *programs* on computers or other devices. An algorithm is a procedure, or recipe, that can be implemented on a computer; it’s an *abstraction*, an *idea*. Can an abstraction really be regarded as a weapon, or a “strategic good”?

Even if it can, encryption is by its nature not a uniquely military or intelligence thing. Anyone who wants to send a private communication on the internet does it by encryption. It’s a “dual use” technology, in the sense that it has both military and civilian uses. But there are dual use technologies like gas centrifuges, which have a small number of specific usages: gas centrifuges can be used for civilian nuclear reactors, and alternatively for nuclear weapons development. On the other hand, there are “dual use” technologies like *cars*, which are general purpose objects, used by almost everybody, for a wide variety of uses, but which nonetheless can also be useful to military and intelligence agencies. Encryption is much more like a car than a gas centrifuge.

Military and intelligence services may well use encryption so that their enemies can’t read their messages. But you and I also use encryption so that eavesdroppers can’t read our messages. Everyday users of the internet use encryption to safeguard their privacy. Consumers use encryption to guard against identity theft. Banks use encryption to assure customers of the integrity of financial transactions. Businesses use encryption to ensure the security of online transactions. Hospitals use encryption to ensure the privacy of patient medical records.

Basically, any time anything is done electronically with a need for privacy, encryption is used, and must be used. In a modern technologically advanced society, almost everybody uses it, whether they know it or not. It is far from the unique province of national security, military or intelligence agencies; it has become an essential and routine part of modern life.

When we don’t want our messages to be read by others, we can encrypt them; everybody needs to do this, should do this, and often does do this. So can the military; so can intelligence. What’s the difference?

Well, there is an important difference: *ordinary people face highly technologically sophisticated adversaries*.

On the one hand, recent military engagements have been fought in weak States such as Iraq, East Timor and Afghanistan. Those wars which have been fought in our name, when not killing hundreds of thousands of civilians, have been fought primarily against weak militaries and relatively unsophisticated armed groups (though, to be sure, these armed groups have sometimes possessed dangerous and lethal weapons, and effective organisation).

On the other hand, since the Snowden revelations — and much earlier for those who were paying attention — essentially all internet users have at least one known adversary snooping on their communications, which is extremely well financed, resourced, and technologically sophisticated: the NSA, along with its Five Eyes partners, which include Australia. Governments might rightly suspect that other governments are spying on them, but we *know* the NSA engages in mass surveillance of essentially the whole world; as such, citizens are arguably entitled to at least as much self-defence over their information, in the form of encryption, as States. Indeed, States have no inherent right to privacy — the whole point of Freedom of Information laws is that they should be transparent in their operations unless they have good reason — while an individual’s right to privacy is a fundamental human right.

As the comedian John Oliver pointed out in his recent interview with Edward Snowden, many people might not purport to care about surveillance, if they think they’re doing “nothing wrong”. But if it is made clear that mass surveillance means that the NSA has copies of your most private and embarrassing communications — because the nature of mass surveillance is to collect *everything* — then they might have a different view. Very few people would agree that the government should have copies of dick pics. And more people have sent dick pics than you might think.

Nonetheless, let’s assume for the purposes of argument that there is a justification for regarding at least some aspects of cryptography as “defence” or “strategic goods”. After all, there’s more to cryptography than encoding and decoding messages; encrypted messages can also be analysed, attacked, hacked; and some cryptographic algorithms are more secure than others. (Let’s also put aside the efforts of government, stretching back over decades now, to weaken cryptographic standards and harass researchers in the field.) If the *Defence and Strategic Goods List* only purported to regulate a truly ultra-secure encryption system, which was out of the reach of individual citizens, and hence was irrelevant to the everyday lives of ordinary people, it might not be quite as bad as if it covered encryption algorithms widely used and available to all.

Which it does. And much, much more — like calculators. But we might need to look at some mathematics in order to understand why.

### Encryption in the Defence and Strategic Goods List

Section 5A002.a.1.b.3 of the *List* (yes, it really has sub-sub-sub-sub-sections) declares certain things to be subject to its control:

5A002 “Information security” systems, equipment and components therefor, as follows:

a. Systems [and] equipment… for “information security”, as follows…

1. Designed or modified to use “cryptography” employing digital techniques performing any cryptographic function other than authentication or digital signature and having any of the following:

b. An “asymmetric algorithm” where the security of the algorithm is based on any of the following:

3. Discrete logarithms in a group… in excess of 112 bits

This definition appears extremely technical and advanced. But when those words are understood, your calculator — indeed any technology that can do multiplication and division — has just been described as a weapon.

Let’s see why.

### A little pure mathematics — groups

In pure mathematics — specifically, in abstract algebra — there are things called *groups*. Many of the things that scientists, engineers and students do every day involve groups. Like many concepts in pure mathematics, they are *abstract* objects: they are defined in terms of *axioms*, and anything that satisfies the axioms is a group. Many objects that engineers, scientists, and programmers work with every day are groups, and much of the arithmetic everyone knows from primary school can be understood as a special case of group theory.

Roughly speaking, a group — I’ll call it $latex G $ — is a set containing certain elements, with a certain *operation*. The operation could be anything, provided it satisfies the axioms. The operation gives you a way to take two elements $latex a,b $ of $latex G $ and get a third element $latex c $. You can denote the operation by a dot, as in

$latex \displaystyle a \cdot b = c. $

However, the operation must satisfy some requirements, such as: there must be an *identity* element that “does nothing”; and each element must have an *inverse* element that “undoes” it.

Sound confusing? Well, it’s an advanced concept and I don’t have space here to give you an abstract algebra course! But here are some examples.

For instance, the group $latex G $ could be the *integers*, or whole numbers (often written as $latex \mathbb{Z} $ ), and the operation could be *addition* $latex + $. Well then, when you put 2 and 2 together, you get 4. (See, abstract algebra is as easy as putting 2 and 2 together! Maybe.) When you put 7 and 2 together, you get 9. When you put 7 and -2 together, you get 5. When you put 0 and 11 together, you get 11. In fact, when you put 0 and *any* integer $latex n $ together, you get $latex n $, so 0 “does nothing”: 0 is the *identity*. And when you put 3 and -3 together, you get 0. When you put 7 and -7 together, you get 0. Each integer $latex n $ has an *inverse*, which is the *negative* $latex -n $ of that number. We can write these facts as

$latex \displaystyle 2 \cdot 2 = 4, \; 7 \cdot 2 = 9, \; 7 \cdot (-2) = 5, \; 0 \cdot 11 = 11, \; 0 \cdot n = n, \; 3 \cdot (-3) = 0, \; 7 \cdot (-7) = 0, \; n \cdot (-n) = 0. $

(Usually at school we reserve the dot symbol for multiplication! And, admittedly, mathematicians use the $latex + $ symbol for some types of groups too. But it’s important for our purposes to emphasise the group operation, so, despite being possibly confusing, I will always write it with a dot.)

For another example, the group $latex G $ could be the *positive numbers* (often written as $latex \mathbb{R}_+ $ ), and the operation could be *multiplication* $latex \times $. When you put 2 and 2 together, you again get 4! (Again, as easy as putting 2 and 2 together! Again, maybe.) But now when you put 7 and 2 together, you get 14. When you put 2 and $latex \frac{1}{3} $ together, you get $latex \frac{2}{3} $. When you put 3 and $latex 1.4 $ together, you get $latex 4.2 $. When you put 1 and 17 together, you get 17. In fact, when you put 1 and *any* positive number $latex x $ together, you get $latex x $, so 1 “does nothing”: now 1 is the *identity*. When you put together 3 and $latex \frac{1}{3} $, you get 1; when you put together 7 and $latex \frac{1}{7} $, you get 1; and in general the inverse of each positive number $latex x $ is its *reciprocal* $latex \frac{1}{x} $.

$latex \displaystyle 2 \cdot 2 = 4, \; 2 \cdot \frac{1}{3} = \frac{2}{3}, \; 3 \cdot 1.4 = 4.2, \; 1 \cdot 17 = 17, \; 1 \cdot x = x, \; 3 \cdot \frac{1}{3} = 1, \; 7 \cdot \frac{1}{7} = 1, \; x \cdot \frac{1}{x} = 1. $

Is this reminding you of primary school arithmetic or high school algebra? Good, because you’ll need it to understand why your calculator has just been criminalised.

One last example is one you know intuitively when you tell the time. Let’s say we tell the time on a 12 hour clock. What time is it, 4 hours after 11 o’clock? It’s 3 o’clock. This means that, in clock arithmetic, $latex 11 + 4 = 3 $. When we add 11 and 4 in this way, we perform addition as usual but then take the *remainder* upon division by 12. This kind of arithmetic is known as “modular arithmetic” and it defines for us another group, often written $latex \mathbb{Z}_{12} $. This group consists of 12 elements, namely the numbers from 1 to 12, and the operation is “clock addition”, which amounts to adding the numbers and then taking the remainder upon division by 12. You can check that 12 is the identity.

OK, enough abstract algebra for now.

Returning to the DSGL definition, you’ll see that it refers to a

group… in excess of 112 bits.

What does this mean? Nothing, it’s nonsense! Groups don’t have bits in them, they have elements in them. It goes to show that you shouldn’t get people who don’t understand what they’re talking about to write laws.

But what I *think* the authors of the DSGL meant, was a group that requires more than 112 bits to describe an element: that is, a group with more than $latex 2^{112} $ elements.

Now, $latex 2^{112} $ is a rather enormous number. But it’s not so enormous you can’t write it down:

$latex \displaystyle 2^{112} = 5,192,296,858,534,827,628,530,496,329,220,096. $

Know any groups bigger than that? I do, and I just told you two of them. OK, the clock group $latex \mathbb{Z}_{12} $ only has 12 elements, which is slightly less than $latex 2^{112} $. But how many elements are there in the group $latex \mathbb{Z} $ of integers? Or, how many elements are there in the group $latex \mathbb{R}_+ $ of positive numbers? *Infinitely many* — staggeringly more than $latex 2^{112} $. Indeed, compared to infinity, any finite number is basically nothing. So actually, when the DSGL refers to a “group… in excess of 112 bits”, it could be referring to… well, you know, just your usual number systems, and addition or multiplication.

### Discrete logarithms

Now, the next phrase to understand in the DSGL is “discrete logarithm” — something that sounds truly scary. Who even remembers what logarithms are, and what on earth are “discrete” ones?

Well, I’ll try to remind you of some high school algebra. Think back to when you learned about powers: for instance, $latex 2^5 $ usually means to multiply 2 together with itself 5 times. So, if you were asked to find $latex 2^5 $, you would do some repeated multiplication and get 32.

But suppose you were asked the reverse question: how many times do you need to multiply 2 by itself in order to get 32? What power of 2 gives you 32? From above, we know the answer is 5. And that is just another way of saying that the *logarithm* of 32 to base 2 is 5.

$latex \displaystyle 32 = 2^5 \; \text{means the same as} \; \log_2 32 = 5. $

That is, the logarithm of 32 to base 2 is the power to which you need to raise 2 in order to get 32. And more generally, the logarithm of $latex a $ to base $latex b $ is the power to which you need to raise $latex b $ in order to get $latex a $. Written in terms of equations,

$latex \displaystyle a = b^x \; \Leftrightarrow \; \log_b a = x. $

What does this have to do with groups? Well, just as we usually write an exponential like $latex 2^5 = 2 \cdot 2 \cdot 2 \cdot 2 \cdot 2 $ to mean the you multiply 5 twos together, we can do the same *in any group*. Instead of repeated multiplication, we now do the group operation repeatedly. So we write, for instance,

$latex \displaystyle g^5 = g \cdot g \cdot g \cdot g \cdot g $

to indicate that you do the group operation on 5 $latex g $’s together.

This leads to some rather strange-looking results. For instance, let’s consider what exponentials mean in the group $latex \mathbb{Z} $ of integers with addition. Remember that in this group, the operation $latex \cdot $ means *addition*. So, for instance,

$latex \displaystyle 3^6 = 18, $

because you do the group operation — addition — on 3, 6 times, and $latex 3+3+3+3+3+3 = 18 $.

On the other hand, in the group $latex \mathbb{R}_+ $ of positive numbers with multiplication, the group operation is *multiplication*. So in this group

$latex \displaystyle 3^6 = 729, $

which is a more standard notation! This is what you would normally mean by $latex 3^6 $; you multiply it together 6 times.

Finally, in the “clock arithmetic” group $latex \mathbb{Z}_{12} $,

$latex \displaystyle 3^6 = 6. $

Why? Because you add 3 to itself 6 times to get “18 o’clock”, which is 6 o’clock on a 12-hour clock.

Now, just as we can write exponentials, we can also write logarithms. Above, we wrote that, in the groups $latex \mathbb{Z} $, $latex \mathbb{R}_+ $ and $latex \mathbb{Z}_{12} $ respectively,

$latex \displaystyle 3^6 = 18, \; 3^6 = 729, \; 3^6 = 6.$

Using the logarithm just how we did above, this means that, in the groups $latex \mathbb{Z} $, $latex \mathbb{R}_+ $ and $latex \mathbb{Z}_{12} $ respectively,

$latex \displaystyle \log_3 18 = 6, \; \log_3 729 = 6 \; \text{and} \; \log_3 6 = 6. $

When you do a logarithm like this in a group, the exponent is always a whole number, and for this reason it’s called a *discrete logarithm*. (Well, there are some technicalities, but this is the gist of it.) And that is what the *List* is referring to.

Actually, the discrete logarithm in the group $latex \mathbb{Z} $ with addition is just a ridiculously fancy way of describing something you learned in primary school. What does

$latex \displaystyle

\log_3 18

$

mean in the group $latex \mathbb{Z} $? It’s asking: how many times do you have to add 3 to itself to get 18? The answer, as we wrote above, is 6. And this is all a very roundabout way of saying that 18 *divided* by 3 is 6.

So, when you’re talking about the group $latex \mathbb{Z} $ with addition, the “discrete logarithm” is just a ridiculously fancy way of talking about *division*: dividing one number by another.

And when the DSGL mentions “discrete logarithms in a group… in excess of 112 bits [sic]”, it covers the *division* of whole numbers. Therein lies the beginning of a serious problem.

Recall, the *List* (now annotated) refers to:

b. An “asymmetric algorithm” where the security of the algorithm is based on any of the following:

3.~~Discrete logarithms in a group… in excess of 112 bits~~division

You’d better hope there aren’t any asymmetric algorithms, where the security of the algorithm is based on division!

In the next section, I will show you an asymmetric algorithm where the security of the algorithm is based on division.

### Cryptographic algorithms

Now finally, we get to cryptography. The DSGL refers to an “asymmetric algorithm”. Helpfully, the DSGL has a definition section, which defines this phrase as meaning

a cryptographic algorithm using different, mathematically related keys for encryption and decryption.

Well, let’s start with what an *algorithm* is: an algorithm is just a clear, well-defined procedure that tells you how to do something. It’s like a recipe, except it’s a recipe so precise that it can be implemented on a computer.

A *cryptographic algorithm* is an algorithm that, as you might surmise, involves cryptography. When you want to send a message, and don’t want it to be read by eavesdroppers, you *encrypt* it: you apply some procedure to it, called an *encryption algorithm*. The data is then written in code, or *encrypted*, and can’t be read by anyone unless they have a secret key to *decrypt* it. When they do, they use the key on the encrypted message, applying a *decryption algorithm*, to recover the original message. Taken together, this encryption-and-decryption protocol forms a *cryptographic algorithm*.

Now, the encryption of a message usually uses a *key*, and the decryption of a message also uses a *key*. This key can be a message, a password, a number, or a chunk of data, or something else, but whatever it is, it involves some extra information that goes into the encryption or decryption, in addition to the message itself.

If the key is the same for both encryption and decryption, then the algorithm is called *symmetric*. If the encryption and decryption keys are different, then the algorithm is called *asymmetric*.

Now, there are some extraordinarily clever and elegant cryptographic algorithms out there. In one common type of asymmetric algorithm, called *public key cryptography*, the encryption key is made fully public and open to everyone to see, while the decryption key is kept secret. For instance, on my website you can get my public key, so if you want to send me a secret message you can encrypt it with that public key; but only I have the decryption key, (unless the NSA or ASIO has been snooping into my stuff), so only I can decrypt it.

But there are also some very basic cryptographic algorithms.

For instance, suppose I want to send you a message:

The arc of the moral universe is long, but it bends towards justice.

One of the simplest cryptographic algorithms is known as the *Caesar cypher*, so-called because Suetonius wrote that it was used by Julius Caesar. This algorithm just shifts every letter along the alphabet a fixed number of places. So, for instance, we might shift every letter three places, as Caesar did: so A becomes D, B becomes E, and so on, up to W becomes Z. Then the alphabet “cycles” so that X becomes A, Y becomes B and Z becomes C. The encrypted message is then

Wkh duf ri wkh prudo xqlyhuvh lv orqj, exw lw ehqgv wrzdugv mxvwlfh.

To decrypt the message, you just shift each letter back by 3!

In a certain sense, the Caesar cypher is based on *addition* and *subtraction*: in the above example, we “added 3” to each letter to encrypt, and “subtracted 3” to each letter to decrypt. We could say that the encryption key was 3, and the decryption key was -3.

What I’d like to do now is describe to you a similar idea based on *multiplication* and *division*.

The first step in this encryption algorithm — like most encryption algorithms used today — is to convert the message into a *number* using a standard encoding scheme. *Hexadecimal* numbers are usually used, because they work well with computers. When I convert my message above to numbers, using a standard scheme, and putting some spaces in, I obtain

54 68 65 20 61 72 63 20 6f 66 20 74 68 65 20 6d 6f 72 61 6c 20 75 6e 69 76 65 72 73 65 20 69 73 20 6c 6f 6e 67 2c 20 62 75 74 20 69 74 20 62 65 6e 64 73 20 74 6f 77 61 72 64 73 20 6a 75 73 74 69 63 65 2e

Importantly, although this number is s written in hexadecimal, this is *just a number*. In decimal it is (with spaces inserted)

18 987 169 229 968 478 188 669 534 957 610 737 354 921 264 295 841 525 766 864 288 444 422 566 874 896 162 027 606 162 208 969 778 556 762 033 277 602 447 021 524 083 143 238 081 863 623 539 907 326 688 954 151 036 206.

Now, I’m going to perform an encryption algorithm by choosing a secret key. My secret key will be the number 6. (Well, the key’s not so secret now…) There are many reasons to like the number 6.

My encryption algorithm will *multiply* the message by the key, because, why not. Multiplication is, after all, the name of the game. So I multiply my message by the key (6), and it becomes, in hexadecimal,

1f a7 25 ec 24 8a e5 2c 29 c6 4c 2b a7 25 ec 29 09 ca e4 88 8c 2c 09 67 8c 66 0a eb 45 ec 27 8b 2c 28 a9 c9 66 b0 8c 24 ec 0b 8c 27 8b 8c 24 e6 09 65 ab 2c 2b a9 cc c4 8a e5 ab 2c 27 ec 0b 4b a7 85 45 f1 4

If you try to convert that to text, you’ll get something completely unintelligible: it renders on my computer as

?%?$??,)?L+?%?) ??, g?f

?E?’?,(??f??$??’??$? e?,+????,’?K??E?

This is the encrypted message. Although the encryption is just based on a simple multiplication, this message is certainly encrypted, and most people would be unable to decrypt it.

Now when you receive the message, you have your own secret key, which you are going to multiply by. Your secret key is $latex \frac{1}{6} $. This number is chosen because when you multiply a number by 6 — as I have, to encrypt the message — and then you multiply by $latex \frac{1}{6} $ — as you will, to decrypt it — you get the number you started with.

So, you take the unintelligible message, convert to hexadecimal, multiply by $latex \frac{1}{6} $, back to text, and obtain the original message.

Now, I definitely *do not* recommend you use this algorithm! It is far too simple and easily broken! But it is not so different in flavour from algorithms that are actually used.

In the famous RSA scheme, for instance, rather than *multiplying* by the encryption key to encrypt the message, you raise the message to the *power* of the encryption key, and reduce like clock arithmetic. (However, rather than dealing with a 12-hour clock, the “clock” in RSA has an enormous number of “hours”. The number of hours is the product of two large prime numbers.) And rather than *multiplying* the encrypted message by the decryption key to decrypt, you raise the encrypted message to the *power* of the decryption key, and reduce. The encryption and decryption keys in RSA, however, *are* reciprocals: they are chosen to multiply together to 1 — once reduced like clock arithmetic (again, using a “clock” with an enormous number of “hours”).

So the idea I’ve described above is a bona fide cryptographic algorithm, similar in several essential ways to the widely used RSA algorithm, just *much much weaker*: it will not be decipherable by most people, but will be mincemeat in the hands of the NSA. It is an *asymmetric algorithm*, because it involves different keys for encryption and decryption (like 6 and $latex \frac{1}{6} $ respectively), in a similar way to RSA.

And, disturbingly, my cryptographic algorithm is based on using *whole numbers*, i.e. the *group* $latex \mathbb{Z} $ with addition. The encryption algorithm involves *multiplication*, which is just repeated addition. Indeed, in the (rather strange) notation we used above, just as $latex 3^6 = 18 $,

$latex \displaystyle (\text{original message})^{(\text{encryption key})} = (\text{encrypted message}). $

If you followed the discussion of logarithms above, you might remember that any time we consider powers in a group, we can alternatively consider *logarithms*. Indeed, the above equation is equivalent to

$latex \displaystyle (\text{encryption key}) = \log_{(\text{original message})} (\text{encrypted message}). $

Now I’ve told you how to break my cryptographic algorithm. If you know an original message and an encrypted message, you can work out the encryption key by doing a *discrete logarithm* — also known as division.

In other words, *the security of this algorithm is based on discrete logarithms* in the group $latex \mathbb{Z} $. And, as we’ve discussed, the group $latex \mathbb{Z} $ of integers is a group “in excess of 112 bits” [sic].

We have now come under the terms of the *List*.

### The weaponisation of division

Having described a weak-but-bona-fide asymmetric encryption algorithm, let’s recall the definition in the DSGL:

5A002 “Information security” systems, equipment and components therefor, as follows:

a. Systems [and] equipment… for “information security”, as follows…

1. Designed or modified to use “cryptography” employing digital techniques performing any cryptographic function other than authentication or digital signature and having any of the following:

b. An “asymmetric algorithm” where the security of the algorithm is based on any of the following:

3. Discrete logarithms in a group… in excess of 112 bits

Well, I’m afraid everything I’ve just told you is certainly “cryptography, employing digital techniques to perform cryptographic functions”. (It’s not authentication or digital signature; those are different things.) It uses an asymmetric algorithm. And the security is based on discrete logarithms in the discrete group $latex \mathbb{Z} $ of whole numbers, which is infinite, with far more than “112 bits [sic]”.

And the “cryptography” I’ve just told you involves only two mathematical operations: *multiplication* and *division*. The “digital techniques” used to perform cryptographic functions are the good old $latex \times $ and $latex \div $ you learned in primary school. We described it in fancy language like “discrete logarithms”, but that’s only because the *List* uses this obfuscatory language.

So, the cryptographic algorithm I just described above is certainly covered by the *List*. But unfortunately the *List* covers more than just the algorithm itself. It also covers “systems” or “equipment.

Now a calculator is certainly a “system” or “equipment”. It is “designed” to do things like multiplication and division, and hence to do the “cryptography” described above. It employs “digital techniques” performing the “cryptographic functions” of multiplication and division. You “modify” the calculator to use this “cryptography” by typing the numbers and multiplying them. It has the “asymmetric algorithm” of multiplication and division built right into its hardware.

Your computer has a calculator on it. So do your smartphone and tablet, if you’ve ever looked. Indeed, any “equipment” you have that can do multiplication and division, is likely covered by this definition.

In the most generous reading, the *List* only covers your computer when you use it to actually perform the cryptographic algorithm. But it seems to me that the most natural reading of the *List* covers any computer which “has” the asymmetric algorithm of multiplication and division built into its hardware or software. That is, every computer.

The DSGL turns division into a weapon, and your computer into a delivery system for that weapon.

Now, I think that education can be a “weapon” used in self-defence against propaganda, and that mathematical fluency can be a very powerful “weapon” in understanding, and perhaps even changing, the world. But this is ridiculous!

### The criminalisation of division

If you were accused of violating the *List*‘s controls on cryptographic technology by using your calculator, you could argue that section 5A002.a.1.b.3 should be read only to apply to you when you actually *implement* multiplication and division in an encryption algorithm. (Some also argue that “discrete logarithms” only exist in finite groups, effectively exempting the group of whole numbers $latex \mathbb{Z}$.)

But that sort of legalistic reasoning, searching for loopholes, is not exactly an argument on which you would want to hang your freedom, when faced with *criminal charges*.

And criminal charges there are.

Section 10 of the *Defence Trade Controls Act* (DTCA) makes it a criminal offence to “supply DSGL technology” — that is, things on the *List* — to anyone outside Australia, unless you get a special permit from the Minister.

Now, to be fair, the DSGL and DTCA make many exceptions. It’s just that none of them apply to multiplication and division.

For instance:

- There is an exception (Note 2) which states that the DSGL “does not control products when accompanying their user for the user’s personal use”. So if you are carrying your calculator and laptop and smartphone with you, you might have an excuse; but if you leave one of them at home, perhaps not. And if you are using it to send, say, messages about human rights activism which displeases the government, do you expect the government to regard that as your “personal use”?
- There is another exception (Note 3) stating that the DSGL does not control goods that meet 4 conditions. Unfortunately, one of these conditions is that “The cryptographic functionality cannot easily be changed by the user”. I’m afraid that your calculator has a highly adaptable interface that allows you to enter any numbers you please as encryption and decryption keys, and multiply and divide as you need. The functionality is easily changed to fit new keys.
- Under recent (April 2015) amendments to the DSGL, “basic scientific research” is not regarded as DSGL technology. Are you really going to claim that my woefully insecure “encryption algorithm” rises to the level of “basic scientific research”? I’m not.
- Under the same amendments, technology in the public domain is not regarded as DSGL technology. Is my multiplication-and-division encryption algorithm in the public domain? While multiplication and division are certainly publicly known, for the algorithm described here it is not so clear. By publishing it here, where you’re reading it, I suppose I am putting it in the public domain; though you’ll see a Creative Commons “some rights reserved” sign below. And moreover, isn’t the act of publishing this actually my “supply” of it to you? Again, I wouldn’t be relying on this defence.
- Also in April 2015, the DTCA was amended so that supplies of dual-use technology made “preparatory to publication” are exempt. Sadly, I fear my bona fide woeful encryption algorithm is not exactly publishable in a reputable scientific journal.
- At the same time, an exemption was introduced for supplies of technology made
*orally*. Alas, I’ve now written all this down… - I could rely upon the exemption for educational activity or public interest material. Oh, except there isn’t one.
- Finally, I could rely on the blanket exemption granted to munitions supplies between the Australian and US militaries. Apart from the slight problem that I’m a civilian and my algorithm is only a dual use technology, not technically a munition. It works well to exempt actual weapons from control though!

So, if you are not in Australia, then by explaining to you a very bad but nonetheless bona fide asymmetric encryption algorithm now, I have arguably breached this section of the law.

Well, perhaps because you didn’t pay me for the information, it wasn’t a “supply”? No, the Act makes clear that a “supply” need not be for payment.

The penalty? Ten years’ imprisonment, or a fine of $425,000.

And, just in case our lawmarkers were afraid they didn’t cover every possibility, they also included in the same Act a section 14A which makes it a criminal offence to “publish” or “otherwise disseminate DSGL technology to the public, or to a section of the public, by electronic or other means”. Again, a penalty of 10 years in jail or $425,000 fine applies. However, there is an exception to this one, if the technology has already been lawfully made available to the public.

Luckily, multiplication and division have already been made available to the public. Times tables are not yet illegal… I hope. (And in recent amendments in April 2015, this offence was limited to munitions; it no longer applies to dual use technologies. Phew!)

### Other concerns about cryptography

Now, the idea of turning multiplication and division into weapons and criminalising their use is so ridiculous that it’s almost impossible to imagine the *List* being interpreted that way — despite the fact that, taken at face value, this is exactly what it says.

But there are other, even greater concerns with the definition of cryptography in the List. Again, we put aside the question of whether it is legitimate to control cryptography at all.

I only quoted one sub-sub-sub-sub-section of the *List*. The section on cryptography covers much more. It essentially covers any sufficiently “strong” cryptography, including symmetric algorithms with key lengths over 56 bits, and RSA with integers over “512 bits”. Now what is a strong key and what isn’t changes rapidly as technology advances. And I don’t think many in the field would say that these prescribed key lengths are so overwhelmingly ultra-secure that they should only be left to military or intelligence agencies. In fact, keys of this length are widely regarded as very weak. For instance, software engineers debate whether they should use 2048 or 4096 bits, well over the prescribed 512.

It’s probably more accurate to say that the only cryptography not covered by the *List* is cryptography so weak that it would be foolish for anyone to use. Supplying it to someone outside Australia is again made into a crime with punishment of 10 years prison or a $425,000 fine.

### Broader concerns

Concerns over the contents of the *list* are not limited to cryptography: problems have been raised regarding its impact on various fields, including pharmaceuticals, and science generally.

The law which introduced the crimes of supplying and publishing DSGL technology is the *Defence Trade Controls Act*, passed in 2012. However, the criminal offences were not due to come into effect until 16 May 2015. With a deadline looming that could criminalise vast amounts of scientific research — including research which is entirely non-military-related — the law was amended and the changes came into effect on 2 April 2015.

These new changes do little to alleviate any of the concerns raised here. They do however provide a year of breathing room: the crimes of supplying and publishing DSGL technology now will not come into effect until 2 April 2016.

Now, while the criminal offences in the *Defence Trade Controls Act* are unique to Australia, the listing of “weapons” in the *Defence and Strategic Goods List* is not. Much of the *List* is based on the Wassenaar Arrangement, an international arms control agreement between 41 countries.

The section of the Australian *List* on cryptography is copied verbatim from the Wassenaar control list on “Information Security”.

So the criticisms of cryptography in the Australian *List* are not unique to Australia — they are common to any of the 41 States in the Wassenaar Arrangement.

Yes, that’s right — calculators, computers and phones are covered by international arms control treaties. The madness is worldwide; your calculator is part of the global arms trade.

Pingback:Defence trade controls: A threat to academic freedom at Dan's blog

Pingback:Even Learning About Encryption In Australia Will Soon Be Illegal | Lifehacker Australia

Pingback:Paranoid defence controls could criminalise teaching encryption | Em News

Pingback:Paranoid defence controls could criminalise teaching encryption - OK4me2

Both the Wassenaar List of Dual-Use Goods and Technologies and Munitions and the Australian Defence and Strategic Goods List contain explicitly an exemption for software and technology that is “in the public domain”.

(There’s another exemption in the Wassenaar List for software that is generally available to the public by being sold from stock at retail selling points without restriction through download (“by means of electronic transactions”, although over-the-counter, mail order and telephone transactions are also OK) or being designed for installation by the user without further substantial support by the supplier. However, this exemption only covers such software from all the parts of the List except the part that covers cryptography.)

I’m pretty sure whole number division is in the public domain. So are quite a few strong encryption algorithms.

So, basically, this law does not ban cryptography, but proprietary cryptography. If you dabble in cryptography, you must release your results in the public domain.

I’m not saying this law is great, but you couldn’t ask for a better loophole.

Do you really think a calculator is not going to fall into the cryptography note?

a. Items meeting all of the following:

1. Generally available to the public by being sold, without restriction, from stock at retail

selling points by means of any of the following:

a. Over-the-counter transactions;

b. Mail order transactions;

c. Electronic transactions; or

d. Telephone call transactions;

2. The cryptographic functionality cannot easily be changed by the user;

3. Designed for installation by the user without further substantial support by the supplier;

One can certainly make an argument that either of these exemptions apply: the public domain exemption, or the cryptography note exemption.

I did present some brief arguments as to why these exemptions (and others) might not apply, in the dot points in the article. But my point in this article is not to present a watertight argument against calculators — after all, a prosecution for possession of a calculator is a pretty fanciful scenario — but rather to explain a flaw in definition of encryption in the DSGL, to show how broadly the definitions can potentially be applied, and to explain some interesting mathematics.

It’s interesting, and disturbing, however that there are still plausible arguments against these exemptions, even in this most innocuous of examples. Such complexity and uncertainty in the definitions and the laws, combined with harsh regulation and censorship, is a dangerous combination.

Pingback:SSL.com’s Friday Security Roundup – May 22, 2015 – SSL Information and FAQ

I must hank you for the efforts you have put in writing this website.

I really hope too see the same high-grade blog posts by

you later onn as well. In fact, your creative writing abilities has

encouraged me to get my own blog now 😉