December 31, 1998 11:00 AM PST
U.S. eases export limits on encryption
The revised regulations implement policy changes announced last September by Vice President Al Gore, and put into the place the latest in a string of concessions to U.S. industries that have been fighting the policy for more than six years.
The new export rules end the need for licenses to export powerful U.S. encryption products for several key industry sectors--such as banking and e-commerce--after a one-time review by the Commerce Department.
"Through the hard work of industry and government officials to finalize this regulation, U.S. encryption firms will be better able to compete effectively with encryption manufacturers around the world," said William A. Reinsch, Commerce undersecretary for export administration.
The new rules eliminate many restrictions on selling powerful computer data scrambling products to subsidiaries of U.S. corporations. In addition, they relax controls for encryption products to health and medical organizations in 46 countries for almost all foreign subsidiaries of U.S. companies.
When the White House announced the revised rules, it also pledged its support for the FBI's proposal to build a one-stop shop to study the cracking of sophisticated encryption algorithms. The facility was dubbed the National Electronic Technology Center by federal legislation introduced last year.
The so-called NET Center would bring together encryption makers and nationwide investigators who could assist each other with decrypting messages from suspected criminals. The FBI long has fought to uphold the export regulations, and had lobbied for domestic controls such as requiring crypto makers to create "spare keys" to unlock encrypted messages. Known as key recovery systems, such a requirement is aimed at making law enforcement investigations easier.
With the FBI in mind, the new policy also states that if companies build "recoverable" products, they can export encryption of unlimited strength.
Despite efforts to achieve balance between corporate and FBI concerns in the updated export rules effective today, privacy advocates are unsatisfied.
According to the Center for Democracy and Technology's analysis of the regulations, the plan helps big companies while ignoring the concerns of ordinary Internet users.
"The administration policy does not address the needs of individuals online, human rights groups, or other noncommercial users," the analysis stated. "It continues to use export controls as a club to force the adoption of risky 'key recovery' systems without addressing the privacy concerns raised by backdoor government access to our most sensitive data."
The Americans for Computer Privacy (ACP) also criticized the new rules for not going far enough.
"At first glance, ACP considers today's action a crucial step toward a well-balanced policy," said Ed Gillespie, director of ACP. "However, the administration has yet to allow U.S. encryption manufacturers a level playing field in the global marketplace."
American computer executives, on the other hand, welcomed the new rules.
Added Lewis Platt, chairman and chief executive of Hewlett-Packard and also chairman of the computer executive group: "As the world becomes increasingly interconnected, the challenge for government is to keep pace with the rapid changes in technology."
Reuters contributed to this report.