[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FWD: Clinton administration will ease grip on crypto exports




This message was forwarded to you from ZDNet (http://www.zdnet.com) by [email protected].

Comment from sender:
The dance of the seven regs continues.....

   ---------------------------------------------------------------------

   This article is from ZDNN (http://www.zdnet.com/zdnn/).
   Visit this page on the Web at:
   http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,4436,2138029,00.html

   ---------------------------------------------------------------------


   [IMAGE]
   By Will Rodger, Inter@ctive Week Online
   September 15, 1998 5:39 PM PT

   The Clinton Administration is expected to relax export controls on
   data scrambling equipment Wednesday, preparing the ground for yet
   another round of debate over current encryption policy.

   According to Administration sources, the White House will loosen its
   grip on the technology in several areas central to the five-year
   argument over the issue. Among other things, the new policy will relax
   controls for sales to specific industries, including e-commerce,
   medicine and insurance

   The liberalization will fall far short of what Administration critics
   wanted. Even so, many crypto advocates expressed hope their position
   will continue to gain ground.

   "It's not as far along as my bill would go, but it's a significant
   improvement on our current policy," said Rep. Zoe Lofgren, D-Calif., a
   sponsor of encryption liberalization legislation in the House and one
   of several key Democrats briefed on the issue on the last two days.
   "It will still give us something to argue about next year."

   [TABLE NOT SHOWN] Electronic encryption, or the process of scrambling
   information so that only its intended recipient can read it, is widely
   believed to be the sine qua non of secure commerce and personal
   information on an insecure Internet. To date, however, Federal policy
   has required stringent licensing of encryption technology that uses
   digital codes, or "keys," longer than 40 bits in length. Law
   enforcement has insisted on that restriction so that the encoding
   technology cannot be used to thwart surveillance techniques used in
   investigations.

   Current exceptions will expand
   Under an exception granted in December 1996, however, the government
   has allowed exports of equipment whose keys are as long as 56 bits, or
   roughly 64,000 times more powerful than 40-bit products. That
   exception was granted companies that committed to develop technologies
   to give law enforcement "lawful access" to messages encrypted with
   their products through various back doors built into them.

   Notably free from those restrictions have been foreign financial
   institutions, which in most cases have been able to buy U.S.-made
   encryption software of unlimited strength since last year.

   That exception will be broadened under the new policy, sources said.
   Now, insurance companies, handlers of medical records and companies
   that use specialized transaction software to do business over the
   Internet will be able to buy American encryption software after a
   one-time review of their purchase plans by the U.S. Commerce
   Department. In addition, administration sources confirmed Tuesday
   evening, the government will no longer require prior approval of "key
   recovery" agents, who hold spare keys to encoded messages for law
   enforcement.

   Some 45 nations, including Russia, China, Venezuela and Mexico, will
   likely be ineligible for the relief control as long as the U.S.
   government believes they harbor money-laundering operations, however.

   Finally, administration sources said, any U.S. company will be able to
   export powerful encryption technology to its own subsidiaries as long
   as it does not share the technology with non-US companies.

   Playing catch-up
   As before, public interest groups said they believe the new policy
   does not go far enough. Since Vice President Al Gore promised relief
   for medical records, e-commerce and financial institutions some two
   years ago, critics said the policy is more a belated catch-up than
   anything truly new.

   "It's a divide and conquer strategy," said David Banisar, policy
   counsel with the Electronic Privacy Information Center. "This will
   help a few large users, but the average consumer is out in the cold."

   Wednesday's announcement is only the latest step in a years-long
   journey from complete control to liberalization. Though the FBI and
   others within the national security apparatus have insisted on tight
   controls, information technology companies and public interest groups
   have fought them bitterly, insisting a flood of foreign products will
   soon take over a world market which was once almost exclusively
   America's. As foreign producers have mounted - more than 500 foreign
   products are now stronger than what can usually be exported from the
   US - that pressure has increased.

   Technology marches on
   The steady march of computer technology, too, has rendered once-secure
   products obsolete; the Electronic Frontier Foundation, for instance,
   unveiled a computer last June which can crack messages encrypted with
   56-bit keys in hours. Until recently, the FBI had claimed such
   messages could be cracked only in a matter of months, if not years.

   Dan Scheinman, vice president for legal and government affairs at
   Internet hardware producer Cisco Systems Inc., said the latest
   proposal wasn't his company had hoped for. Even so, "Anything that
   provides broader relief is a step in the right direction," he said.

   In the administration's defense
   Meanwhile, the administration has its defenders. Stewart Baker, former
   counsel to the super-secret, encryption-controlling National Security
   Agency and an attorney who negotiates export agreements for industry,
   called on critics to give the administration more credit.

   "I think this is a significant walking away from an emphasis on
   law-enforcement access," he said. "What this says is if there's a
   market for security, we ought to think about liberalizing. It's a big
   step and it foreshadows more."

   ---------------------------------------------------------------------

   Copyright (c) 1998 ZDNet. All rights reserved. Reproduction in whole
   or in part in any form or medium without express written permission of
   ZDNet is prohibited. ZDNet and the ZDNet logo are trademarks of
   Ziff-Davis Inc.