April 27, 2006 4:00 AM PDT
VoIP products could face export crackdown
- Related Stories
Some companies helped the NSA, but which?February 6, 2006
Feds mull regulation of quantum computersNovember 9, 2005
FAQ: Demystifying VoIPAugust 11, 2005
Group wants encryption bans overturnedApril 27, 2005
Cold War encryption laws stand, but not as firmlyOctober 15, 2003
White House proposes looser crypto exportsSeptember 16, 1999
Crypto export rules lighten upJuly 7, 1998
Crypto battle rages onJune 9, 1998
PGP crypto approved for exportMay 29, 1997
Encryption export rules easedMay 8, 1997
Industry fights crypto rulesDecember 31, 1996
Well, not quite. The White House's decision seven years ago merely relaxed encryption rules in a few areas--and thousands of pages of export regulations remain on the law books today.
Now some of these obscure export regulations are troubling companies that manufacture or support voice over Internet Protocol (VoIP) products capable of draping a theoretically impenetrable cloak of encryption around every conversation.
During a meeting convened by the U.S. Commerce Department on Wednesday, industry members of a federal technical committee expressed concern that export regulations never intended to cover VoIP may complicate selling enterprise-grade network gear abroad.
At issue is an awkwardly worded definition buried deep in section 740 of the export control regulations. It restricts the export of products that can support "concurrent encrypted data tunnels or channels exceeding 250" connections at once.
Michael Angelo, a committee member who works for network management firm NetIQ, said 250 conversations is an unreasonably low threshold given the capacity of modern networking gear. It's "a very small number," he said.
As large corporations switch to VoIP to trim costs, manufacturers have begun to offer products that can handle thousands of simultaneous users. Cisco Systems' Unified CallManager, for instance, is software that works with the company's hardware products to handle up to 30,000 individual users per server cluster.
One open question is whether the federal government's definition of "concurrent encrypted data tunnels" would apply to software products like Cisco's CallManager as well as hardware. Erik Oliver, a Commerce committee member from chipmaker Rambus, said he thought the regulations were meant to apply to routers and switches, not to CallManager.
Any changes to the rules would be up to Commerce Secretary Carlos Gutierrez. Neither the Commerce Department nor Cisco responded to requests for comment on Wednesday.
"This appears to be a situation where the technology is overtaking the regulatory structure in ways that were not anticipated by the people who wrote the regulations," said Cindy Cohn, legal director of the Electronic Frontier Foundation in San Francisco.
Cohn, who litigated an encryption export case against the federal government before joining EFF, said this has been a problem with such regulations for a long time. "They attempt to create specific upper limits on how much encryption you can have, in this case how many channels you can have," she said.
2 commentsJoin the conversation! Add your comment