[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FWD: Clinton administration will ease grip on crypto exports
This message was forwarded to you from ZDNet (http://www.zdnet.com) by [email protected].
Comment from sender:
The dance of the seven regs continues.....
---------------------------------------------------------------------
This article is from ZDNN (http://www.zdnet.com/zdnn/).
Visit this page on the Web at:
http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,4436,2138029,00.html
---------------------------------------------------------------------
[IMAGE]
By Will Rodger, Inter@ctive Week Online
September 15, 1998 5:39 PM PT
The Clinton Administration is expected to relax export controls on
data scrambling equipment Wednesday, preparing the ground for yet
another round of debate over current encryption policy.
According to Administration sources, the White House will loosen its
grip on the technology in several areas central to the five-year
argument over the issue. Among other things, the new policy will relax
controls for sales to specific industries, including e-commerce,
medicine and insurance
The liberalization will fall far short of what Administration critics
wanted. Even so, many crypto advocates expressed hope their position
will continue to gain ground.
"It's not as far along as my bill would go, but it's a significant
improvement on our current policy," said Rep. Zoe Lofgren, D-Calif., a
sponsor of encryption liberalization legislation in the House and one
of several key Democrats briefed on the issue on the last two days.
"It will still give us something to argue about next year."
[TABLE NOT SHOWN] Electronic encryption, or the process of scrambling
information so that only its intended recipient can read it, is widely
believed to be the sine qua non of secure commerce and personal
information on an insecure Internet. To date, however, Federal policy
has required stringent licensing of encryption technology that uses
digital codes, or "keys," longer than 40 bits in length. Law
enforcement has insisted on that restriction so that the encoding
technology cannot be used to thwart surveillance techniques used in
investigations.
Current exceptions will expand
Under an exception granted in December 1996, however, the government
has allowed exports of equipment whose keys are as long as 56 bits, or
roughly 64,000 times more powerful than 40-bit products. That
exception was granted companies that committed to develop technologies
to give law enforcement "lawful access" to messages encrypted with
their products through various back doors built into them.
Notably free from those restrictions have been foreign financial
institutions, which in most cases have been able to buy U.S.-made
encryption software of unlimited strength since last year.
That exception will be broadened under the new policy, sources said.
Now, insurance companies, handlers of medical records and companies
that use specialized transaction software to do business over the
Internet will be able to buy American encryption software after a
one-time review of their purchase plans by the U.S. Commerce
Department. In addition, administration sources confirmed Tuesday
evening, the government will no longer require prior approval of "key
recovery" agents, who hold spare keys to encoded messages for law
enforcement.
Some 45 nations, including Russia, China, Venezuela and Mexico, will
likely be ineligible for the relief control as long as the U.S.
government believes they harbor money-laundering operations, however.
Finally, administration sources said, any U.S. company will be able to
export powerful encryption technology to its own subsidiaries as long
as it does not share the technology with non-US companies.
Playing catch-up
As before, public interest groups said they believe the new policy
does not go far enough. Since Vice President Al Gore promised relief
for medical records, e-commerce and financial institutions some two
years ago, critics said the policy is more a belated catch-up than
anything truly new.
"It's a divide and conquer strategy," said David Banisar, policy
counsel with the Electronic Privacy Information Center. "This will
help a few large users, but the average consumer is out in the cold."
Wednesday's announcement is only the latest step in a years-long
journey from complete control to liberalization. Though the FBI and
others within the national security apparatus have insisted on tight
controls, information technology companies and public interest groups
have fought them bitterly, insisting a flood of foreign products will
soon take over a world market which was once almost exclusively
America's. As foreign producers have mounted - more than 500 foreign
products are now stronger than what can usually be exported from the
US - that pressure has increased.
Technology marches on
The steady march of computer technology, too, has rendered once-secure
products obsolete; the Electronic Frontier Foundation, for instance,
unveiled a computer last June which can crack messages encrypted with
56-bit keys in hours. Until recently, the FBI had claimed such
messages could be cracked only in a matter of months, if not years.
Dan Scheinman, vice president for legal and government affairs at
Internet hardware producer Cisco Systems Inc., said the latest
proposal wasn't his company had hoped for. Even so, "Anything that
provides broader relief is a step in the right direction," he said.
In the administration's defense
Meanwhile, the administration has its defenders. Stewart Baker, former
counsel to the super-secret, encryption-controlling National Security
Agency and an attorney who negotiates export agreements for industry,
called on critics to give the administration more credit.
"I think this is a significant walking away from an emphasis on
law-enforcement access," he said. "What this says is if there's a
market for security, we ought to think about liberalizing. It's a big
step and it foreshadows more."
---------------------------------------------------------------------
Copyright (c) 1998 ZDNet. All rights reserved. Reproduction in whole
or in part in any form or medium without express written permission of
ZDNet is prohibited. ZDNet and the ZDNet logo are trademarks of
Ziff-Davis Inc.