Prototyping with weapons

Commercial product development forces me occasionally to dig into information about topic I'd rather not touch, for a reason or another. Some years ago I had jolly good time (/s) learning about various aspects of EMI (immunity in this case) that are not commonly encountered on automotive field (read: there was essentially no direct information to be found so I had to read and adapt information from unrelated fields), and there is of course always fun ISO 9001 stuff (with new edition coming up, oh the joy...) and now I had to dig into world of weapons exports.

Okay, slight exaggeration there, neither exporting nor weapons were involved.

I  had finished design for a new board I wanted to test so I ordered components for it. Nothing special really; some connectors, a new model of MCU, some passives, few transistors and so on. Typically the place I use (I won't name it but I've read that they have history with this behavior) sends order confirmations immediately. This time though it took a week, and they told me they couldn't deliver the MCU I ordered - a pretty typical STM32F-series microcontroller. After some inquiries they finally admitted that they could not export them from UK due to export regulations.

This was very curious, as last I checked UK hasn't exited EU yet, which means that this trade would be completely within EU customs area and thus there is no exporting involved - and thus no export controls should be involved here. Let's just say that I wasn't very happy about this, since without this MCU my new shiny board design would be completely useless.

After some more reading I found out that there are actually are some export regulations involved when ordering stuff from UK, specifically concerning what some government page I can't find anymore (d'oh!) called sensitive technologies, specifically ones that are listed in EU's dual use listing, annex IV.

You can read the complete EU's dual use list here. Be warned though, it is 228 pages long, but like just about any EU directive it's relatively easy to read once you are familiar with their structure (unlike some FCC regulations -- I tried once and I think I broke my brain trying to decipher that horribly written legalese... But that's topic for another time). Dual Use list's annex IV is relatively short but doesn't make much sense unless you have some understanding of rest of the categories document.

I don't blame you if you don't want to read it, but to make it short, dual use contains anything (be it materials directly, raw materials or tools for development or processing materials) that could be used to construct nuclear weapons, missiles, advanced guidance systems, stealth technologies (air and underwater, and curiously enough underwater detection seems to be a very hot potato too - guess some countries don't want their shiny -- umm, no, wait -- matte-black rubbery (I'm tempted to add 'vibrating' here) toys to be found) and so on. So in general not things that you could just pick up from a corner shop.

I read the annex IV through, several times actually, and I really can't understand why this common MCU suddenly appears to be so dangerous. My best guess is that they expect me to use them like shown in this clip here, but since I only needed just few of them this time it wouldn't be very effective even then.

There is mention of cryptography in annex IV, but the specific MCU I ordered doesn't include any crypto parts in it (those come with different part number). Having cryptography regulated is kinda funny these days as anyone can download sources for AES, RSA or whatever from just about anywhere in the world so that part of export control is pretty much ineffective anyway (but not completely ineffective or silly, mind you. I let you to do the thinking of the logic here yourself.)

So I just ordered the chip from another shop which had no problem delivering it (directly from US actually, based on cargo manifest information, which pretty much clears this chip anyway - export controls from US are certainly more strict than from UK)

So, my best guess is that they (first shop) screwed up. The part I ordered is not actually under export control, but some idiot there only eyed through the product family datasheet, saw crypto being mentioned and flagged entire family of products as controlled although only one part in series has crypto parts in it. And they would not budge nor even explain their reasoning concerning this part.

So screw them. And like I already mentioned, based on some reading I've done this wasn't the first time they fucked up like this. Mostly I'm pissed off because they flatly refuse to admit being wrong here...