tiero - stock.adobe.com

Defence industry urges government to relax controls on crypto exports

Trade body representing defence, aerospace and security companies calls on government to make it easier to export “non-contentious” cryptography to secure organisations against cyber crime

The UK’s largest defence and aerospace trade body has called on the government to streamline controls on the export of cryptographic equipment.

Paul Everitt, chief executive of ADS, which represents 1,000 aerospace, defence and security companies, told a cross-party group of MPs that the existing export licence process was bureaucratic.

Giving evidence to the Arms Export Controls Committee, Everitt said the current approval system for open individual export licences – which allows exporters to make multiple shipments of specific goods to specific destinations – was “fraught with perceived problems and delays”.

He told MPs that companies needed easier access to what he called “non-contentious cryptography” to secure their businesses against hacking and cyber crime.

“The sort of areas we are thinking of are satellite communications or satellite service delivery and how you go about securing financial transactions that might be done online or through mobile phone telecommunications,” he said.

Under current export rules, companies must apply for export licences through SPIRE, the Export Control Organisation’s online database for processing licence applications within the Department for Business, Energy and Industrial Strategy (BEIS). The department’s export unit assesses each application and is responsible for approving or refusing licences.

But Everitt said companies often had to wait an unnecessarily long time to renew export licences for cryptographic equipment.

“I think the area that causes us concern is that if that company has used that licence efficiently, effectively and then wishes to reapply, it effectively has to go through exactly the same process again and an open licence is up to 60 days’ worth of potential processing time,” he said.

Everitt urged the unit to be less prescriptive about the export of cryptographic equipment for non-contentious applications.

“Rather than spending its time on things that are, by and large, non-controversial, it would then have more opportunity to focus on those areas where clearly there are more serious concerns,” he said.

He told the MPs that ADS had worked closely with TechUK, a trade group representing more than 950 UK technology companies, to try to define clearly the open general licence for cryptographic equipment, but had so far been unsuccessful.

Everitt also said the licensing unit must ensure sophisticated cryptographic equipment does not end up in the wrong hands.

“We are aware of concerns, like those around what we would see as higher grade or more sophisticated cryptography tools, which we would clearly recognise need a higher degree of scrutiny and decision-making,” he said.

The European Parliament voted at the start of this year to remove encryption technologies from the list of technologies covered by EU export controls – a move that aims to make it easier for people living in oppressive regimes to gain access to secure communications that can circumvent state surveillance.

“Dictators spy on their citizens using EU cyber surveillance,” said MEP Klaus Buchner, European Parliament rapporteur. “This must stop. The EU cannot contribute to the suffering of courageous activists, who often risk their lives for freedom and democracy. We are determined to close dangerous gaps in the export of dual-use goods and call on member states to follow suit.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management