GAO Finds US Military's Critical Technologies List Outdated, Useless

chicksdaddy writes "The U.S. Department of Defense has stopped updating its main reference list of vital defense technologies that are banned from export, according to a new report from the Government Accountability Office (GAO), The Security Ledger reports. The Militarily Critical Technologies List (MCTL) is used to identify technologies that are critical to national defense and that require extra protection — including bans on exports and the application of anti-tamper technology. GAO warned six years ago that the Departments of State and Commerce, which are supposed to use the list, found it too broad and outdated to be of much use. The latest report (GAO 13-157) finds that the situation has worsened: budget cuts forced the DOD to largely stop updating and grooming the list in 2011. Sections on emerging technologies are outdated, while other sections haven't been updated since 1999. Without the list to rely on, the DOD has turned to a hodgepodge of other lists, while officials in the Departments of State and Commerce who are responsible for making decisions about whether to allow a particular technology to be exported have turned to ad-hoc networks of subject experts. Other agencies are looking into developing their own MCTL equivalents, potentially wasting government resources duplicating work that has already been done, GAO found."

Critical Technologies?

[Alwin+Henseler]

(..) technologies that are critical to national defense and that require extra protection — including bans on exports and the application of anti-tamper technology.

They mean Blu-Ray movies?

Re:Critical Technologies?

[bmo]

> They mean Blu-Ray movies?

No, they mean the "do not remove under penalty of law" tags on the mattresses.

--
BMO

Re:Critical Technologies?

[ShanghaiBill]

Or ban the export of jobs...

That is better than requiring the export of jobs, which is what the current policy does in practice. If you want to be able to sell a technology world-wide, then you need to do your R&D outside of America. If you do it inside, you will subject to export restrictions while your non-American competitors cleanup.

In the 1990s, I worked for a company that included cryptography in our products. Since it was illegal to export anything developed in the USA, we decided to do all our cryptography development in Shanghai, China. But it turned out it was difficult to manage a split team, and consolidating in the USA was impossible. So we laid of all our American engineers that were unwilling to move to Shanghai. I moved there, and it was a fantastic experience. I learned to speak Mandarin, and even ended up starting a family there. But from a policy perspective, it was completely insane. What was more frustrating was that it seemed to be universally recognized as stupid policy, but still persisted for years.

Re:Critical Technologies?

[AK+Marc]

hihao meiguoren. I'd move to china to take a job if the wife would let me.

And yes, most policies are silly, ones like this achieving the opposite of their stated goal.

We all know why...

Because if there was a definitive list, the applications of those technologies would become obvious as well as what level of sophistication is deemed dangerous. For example, if we banned certain wide-band radio transmitters, on the grounds that they can be used for neural interfaces to manipulate humans, then we are telling people what they need to buy.

So, its really sort of a potential shopping list for the enemy.

Maybe because those kinds of lists are useless

[NoNonAlphaCharsHere]

I remember, in the 80's, Xenix was "export restricted", especially libc.a if it had "crypt.o" in it - like the algorithm hadn't been published many years prior to that. Anybody remember the big Toshiba machine-tool controller foorah that supposedly allowed the Soviets make quieter submarine propellers?

Does anybody think that our enemies-du-jour (and our friends, too) aren't reading all our science journals and buying samples of all manner of products for reverse engineering? Or for that matter, does anybody really think that we aren't doing the exact same thing, all over the world?

Lists like these are like "the seven words you can't say on television" - just a dare for somebody to do it.

Re:Maybe because those kinds of lists are useless

[bmo]

>I remember, in the 80's, Xenix was "export restricted", especially libc.a if it had "crypt.o" in it

That's because until the Clinton administration, encryption under US law was classified under "munitions."

Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Technology.[1]

From wikipedia.

It was one of the reasons why Phil Zimmerman almost went to jail for making PGP.

>Anybody remember the big Toshiba machine-tool controller foorah that supposedly allowed the Soviets make quieter submarine propellers?

It wasn't just a controller, it was an entire milling machine or two. Very large ones worth a lot of money.

We made some faces at Japan and quickly forgot about it. Because it wasn't like we were getting those machines back.

--
BMO

Re:Maybe because those kinds of lists are useless

[Genda]

I sentence you to death by cipher at dawn!

Re:Maybe because those kinds of lists are useless

[Daniel+Dvorkin]

Does anybody think that our enemies-du-jour (and our friends, too) aren't reading all our science journals and buying samples of all manner of products for reverse engineering?

Large, powerful nations have a habit of denigrating their enemies. Said enemies can't just be on the other side; they have to be stupid and cowardly and barbaric and, in general, barely human. What's never explained, of course, is how people who are this all-around worthless can simultaneously pose a deadly threat which must be guarded against every minute of every day.

To be fair, to some degree this is human nature and everybody does it, but superpowers seem to be particularly prone to this kind of thinking. Sooner or later it always bites them in the ass.

Re:Maybe because those kinds of lists are useless

[cold+fjord]

When it comes to sophisticated products or technologies, marketing announcements, journal articles, even refereed papers are fine things. However, if you are actually trying to build the thing yourself, you need an actual recipe to do it, and sometimes the real secret, the art of it, is in the recipe, the actual implementation. Think of something so simple as rubber, which had been known for hundreds of years or more, but had defeated previous attempts to improve its utility. That is until Charles Goodyear invented the vulcanization process.

In terms of software, even when an algorithm is published, that is only part of the story. The implementation is a key element. Is it implemented correctly? Is the software written in a robust, reliable manner? Is it easy to use correctly to perform its key function? There have been many encryption utilities written, not all of them useful, not all of them correct, not all of them secure. Even if you get an encryption algorithm correct, your operational practices may render it vulnerable.

More than a few countries do themselves a disservice in terms of military infrastructure by trying to use sophisticated equipment without the necessary infrastructure, training, and spare parts needed to use it effectively. They are fooling themselves. Just because you have it doesn't mean that you can use it effectively.

Stealing IP doesn't always work out for you either. You may not have the necessary technology to build the item. You may steal "doctored" plans for a real item that is designed to fail in subtle ways, as did the Soviets.

Sometimes a shoddy copy is good enough for what you need. Other times it is useless.

Sometimes, even if you had the magic, you lose it, and may no longer be able to summon a dragon when needed.

Of course, in other cases, reverse engineering is relatively straight forward, and a new, dangerous competitor can come out of nowhere.

Another List

[the+eric+conspiracy]

There should be a list of products that are encouraged for sale to our enemies.

Ideas:

Boeing batteries
Ford Pinto
Fen-Phen
Bon Vivant Vichyssoise
Pop Tarts
Twinkies
Intel Pentium (original version)
UML
Microsoft Windows ME

They will regret messing with us!

Do Not Export This Post!

[Sooner+Boomer]

RSA in perl (and dc)

#!/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) ...and of course /. is munging the format...

Re:Maybe list = secret?

[icebike]

If you manufacturer something on this list there is a pretty good chance the military is your biggest customer already, and you already know your kit is sensitive.

Do what the Chinese do...

[Genda]

Sell everything to everyone, make certain there are abundant back doors to allow American defense systems to disarm weapons using American Technology so they can't be used against us and let the good times roll.

China released a statement about this

[futhermocker]

Please ban export of future Windowsâ versions

Technology is not just computers/software

[Likes+Microsoft]

I've looked over the comments on this thread with frustration, seeing that the conversation swiftly derailed into being *just* about Crypto. The MCTL covers all areas of technology that may be deemed militarily critical. It is not really possible to find a publicly hosted .gov or .mil site that gives much info any more, but this university page stills shows the 20 areas covered: http://www.wright.edu/rsp/Security/T1threat/Mctl.htm , including things like space systems and nuclear technologies.