- Related Stories
-
Some companies helped the NSA, but which?
February 6, 2006 -
Feds mull regulation of quantum computers
November 9, 2005 -
FAQ: Demystifying VoIP
August 11, 2005 -
Group wants encryption bans overturned
April 27, 2005 -
Cold War encryption laws stand, but not as firmly
October 15, 2003 -
White House proposes looser crypto exports
September 16, 1999 -
Crypto export rules lighten up
July 7, 1998 -
Crypto battle rages on
June 9, 1998 -
PGP crypto approved for export
May 29, 1997 -
Encryption export rules eased
May 8, 1997 -
Industry fights crypto rules
December 31, 1996
Well, not quite. The White House's decision seven years ago merely relaxed encryption rules in a few areas--and thousands of pages of export regulations remain on the law books today.
Now some of these obscure export regulations are troubling companies that manufacture or support voice over Internet Protocol (VoIP) products capable of draping a theoretically impenetrable cloak of encryption around every conversation.
During a meeting convened by the U.S. Commerce Department on Wednesday, industry members of a federal technical committee expressed concern that export regulations never intended to cover VoIP may complicate selling enterprise-grade network gear abroad.
At issue is an awkwardly worded definition buried deep in section 740 of the export control regulations. It restricts the export of products that can support "concurrent encrypted data tunnels or channels exceeding 250" connections at once.
Michael Angelo, a committee member who works for network management firm NetIQ, said 250 conversations is an unreasonably low threshold given the capacity of modern networking gear. It's "a very small number," he said.
As large corporations switch to VoIP to trim costs, manufacturers have begun to offer products that can handle thousands of simultaneous users. Cisco Systems' Unified CallManager, for instance, is software that works with the company's hardware products to handle up to 30,000 individual users per server cluster.
One open question is whether the federal government's definition of "concurrent encrypted data tunnels" would apply to software products like Cisco's CallManager as well as hardware. Erik Oliver, a Commerce committee member from chipmaker Rambus, said he thought the regulations were meant to apply to routers and switches, not to CallManager.
Any changes to the rules would be up to Commerce Secretary Carlos Gutierrez. Neither the Commerce Department nor Cisco responded to requests for comment on Wednesday.
Unintended targets
"This appears to be a situation where the technology is overtaking the regulatory structure in ways that were not anticipated by the people who wrote the regulations," said Cindy Cohn, legal director of the Electronic Frontier Foundation in San Francisco.
Cohn, who litigated an encryption export case against the federal government before joining EFF, said this has been a problem with such regulations for a long time. "They attempt to create specific upper limits on how much encryption you can have, in this case how many channels you can have," she said.
See more CNET content tagged:
regulation,
Cisco CallManager,
Cisco Systems Inc.,
VoIP,
networking gear
- This has to be some low attack by the Ma Bel Companies
-
by mxrss
April 27, 2006 12:26 PM PDT
- Does goverment need that much control,
-
Reply to this comment
-
-
- 10 year old law
-
by Ipod Apple
April 28, 2007 5:30 AM PDT
- http://www.analogstereo.com/vacuum/miele_s4_compact_vacuum.htm
-
-
- Mike Damn Politicians
-
by alek_nedic
May 6, 2007 3:01 PM PDT
- http://www.analogstereo.com/mazda_mpv_owners_manual.htm
-
-
(3 Comments)Well i just need to thank the cold war and tell them to get off. This is becomming rediculous finding a 10 year old law to prevent the distribution of equipment thus putting a major tack in the road for VoIP adoption. Maybe they will outlaw SSH.
- Mike
Damn Politicians