April 27, 2006 4:00 AM PDT
VoIP products could face export crackdown
- Related Stories
Some companies helped the NSA, but which?February 6, 2006
Feds mull regulation of quantum computersNovember 9, 2005
FAQ: Demystifying VoIPAugust 11, 2005
Group wants encryption bans overturnedApril 27, 2005
Cold War encryption laws stand, but not as firmlyOctober 15, 2003
White House proposes looser crypto exportsSeptember 16, 1999
Crypto export rules lighten upJuly 7, 1998
Crypto battle rages onJune 9, 1998
PGP crypto approved for exportMay 29, 1997
Encryption export rules easedMay 8, 1997
Industry fights crypto rulesDecember 31, 1996
(continued from previous page)
It wasn't immediately clear what percentage of enterprise-level networking products could be affected by the export regulations, and members of the Commerce advisory committee were inaccessible for the remainder of the day because they entered a so-called closed session (click for PDF) to discuss classified material. One committee member did indicate, however, that the exact number of permitted conversations would be discussed during a closed session.
As microprocessor speeds and privacy worries have increased, manufacturers are gluing encryption into the routers used for VoIP communications. Cisco's 2800 series offers the Secure Real-time Transport Protocol, a standard that supports an encryption protocol believed to be one of the world's most secure. Patton Electronics, a Gaithersburg, Md.-based manufacturer, in February began selling a VoIP router that, like Cisco, uses the well-regarded AES algorithm.
Export controls' troubled past
This is hardly the first time that export control laws have yielded unexpected results. In 2000, Japan's government slapped export controls on the PlayStation 2, saying it could be used for military purposes.
In the past, U.S. export controls have targeted processors as slow as a 450 MHz Pentium. As recently as 2004, federal rules have required computer sellers to get a license to export a computer using a Pentium 3 processor running at 650MHz.
But encryption restrictions on software were what caused the loudest outcry. Because encryption code could be exported in printed form but not exported on a floppy disk or through the Internet, it led to bizarre twists like a band of cypherpunks legally exporting a book of PGP source code and then scanning it in from a computer in Europe. It also sparked a "munitions" T-shirt on which was printed a functional encryption algorithm written in Perl.
Eventually, after facing at least three federal lawsuits claiming First Amendment violations, strident opposition from the U.S. business community and the reality of programmers abroad churning out high-quality code, the Clinton administration relented in September 1999. Even after the Sept. 11, 2001, terrorist attacks, Sen. Judd Gregg, a New Hampshire Republican, was the only politician to talk seriously about cracking down on encryption use.
Complicating the regulatory picture today is VoIP's flexible nature: Unlike a circuit-switched network that allocates a circuit for each phone call, Internet telephony travels as a stream of bits.
Henry Brandt of IBM, co-chairman of the Commerce committee, said that as phone networks move increasingly toward packet-switching, "the control becomes meaningless... because nowhere along the chain will you ever know it's VoIP."
When data travel over the Internet, packets take multiple different routes that make talking about "channels" a bit awkward, said Don McGill, director of enterprise support systems for CNET Networks, publisher of News.com. "It's not quite the same kind of environment, so it's hard to put it in terms of channels per se," McGill said.
Angelo, the committee member from NetIQ, suggested that "where IPsec lives is where the (export) control would be applied." IPsec, which stands for Internet Protocol security, uses encryption to authenticate messages and scramble them as well. It's often used with virtual private networks, or VPNs.
2 commentsJoin the conversation! Add your comment