[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Industry Blasts U.S. Encryption Policy
2-14-97. National Business Review, NZ (http://www.nbr.co.nz/):
USA: Industry Groups Blast U.S. Encryption Policy.
Washington, Feb 13 (Reuter) - An array of private-sector trade groups
charged Thursday the Clinton administration's new export policy on
computer encoding technology was a failure.
Encryption products, which scramble information and render it unreadable
without a password or software "key," are subject to strict export
limits, although the administration recently relaxed the rules a bit.
The new policy "does not adequately address the needs of either the
American business community or the general public," the 13 groups said
in a letter to Clinton dated Wednesday and released Thursday.
Among the groups signing the letter were the U.S. Chamber of Commerce,
the National Association of Manufacturers and the National Retail
Federation, along with a host of high-tech industry groups such as the
Business Software Alliance and the Information Technology Association of
America.
The Centre for Democracy and Technology, an advocacy group for civil
liberties in cyberspace, and the Association of Research Libraries also
signed the letter.
An administration spokeswoman said that, despite the complaints, the
current policy would be maintained.
"The administration is moving ahead with our encryption export
liberalisation policy," spokeswoman Heidi Kukis said. The policy balances
diverse interests by "allowing us to develop exports while protecting our
national security," she said.
The administration has repeatedly said it opposes allowing unfettered
powerful encryption programmes out of the country where they could be
used by international criminals and terrorists.
Under current policy, U.S. companies cannot export products containing
so-called strong encryption, used to protect everything from a business'
electronic mail to a consumer's credit card number sent over the Internet,
unless the products also allow the government to crack the code by
recovering the software keys.
Companies can get a license to export medium-strength encryption lacking
so-called key recovery features if the companies agree to incorporate
key recovery in future products within two years.
The Commerce Department has issued three licenses so far under the
two-year provision. Digital Equipment Corp., Trusted Information Systems
Inc., and Cylink Corp. won approval by promising to offer key recovery
products by 1999.
International Business Machines Corp. and Hewlett Packard Co. have said
they are also seeking licenses.
But companies and privacy advocates rejected the administration's key
recovery-based approach.
"It fails to accommodate the competitiveness concerns of sellers of
encryption products, the security concerns of the buyers of such products,
or important privacy rights," the groups said in their letter.
"We believe a fundamental rethinking of this policy is necessary," they
added. "We remain interested in working with you to achieve a constructive
solution to this very difficult problem."
Congress is already considering proposals to dramatically relax the export
restrictions without requiring key recovery.
-----