 |
| CNN WEB SITES: |
|
| TIME INC. SITES: |
| MORE SERVICES: |
| video on demand |
| video archive |
| audio on demand |
| news email services |
| free email accounts |
| desktop headlines |
| pointcast |
| pagenet |
| DISCUSSION: |
| message boards |
| chat |
| feedback |
| SITE GUIDES: |
| help |
| contents |
| search |
| FASTER ACCESS: |
| europe |
| japan |
| WEB SERVICES: |
From...
Congress considers easing cryptography rules
January 21, 1999
Web posted at: 12:01 p.m. EST (1701 GMT)
by Elinor Mills
(IDG) -- A U.S. congressperson will re-introduce a bill this year to eliminate encryption export control while the Clinton administration considers easing export restrictions in areas that involve electronic commerce, officials say.
"We're looking at areas including ISPs and telecommunications," said William Reinsch, undersecretary for export administration, at a meeting of the President's Export Council Subcommittee on Encryption last week in Cupertino, California. "We are asking ourselves--are there things we can do to help e-commerce?"
The administration will begin discussions on the topic later this month, says James Lewis, director of the Office of Strategic Trade and Foreign Policy Controls at the Bureau of Export Administration. Lewis said government officials would also discuss whether to liberalize restrictions on application programming interfaces.
| ALSO: |
| Cracking DES code all in a day's work for security experts |
While the administration considers those issues, Representative Zoe Lofgren (D-California) says she and Representative Bob Goodlatte (R-Virginia) will re-introduce their Security and Freedom Through Encryption Act, which failed last year.
Lofgren said she does not know when she will re-introduce the bill. The House is playing catch-up after being busy with impeachment proceedings against Bill Clinton, she explained.
|
| ||
|---|---|---|
 |
IDG.net home page | |
| PC World home page | ||
| FileWorld find free software fast | ||
| Make your PC work harder with these tips | ||
| Reviews & in-depth info at IDG.net | ||
 |
IDG.net's desktop PC page | |
| IDG.net's portable PC page | ||
| IDG.net's Windows software page | ||
| IDG.net's personal news page | ||
| Questions about computers? Let IDG.net's editors help you | ||
| Subscribe to IDG.net's free daily newsletter for computer geniuses(& newbies) | ||
|
Search IDG.net in 12 languages | ||
| News Radio | ||
 |
Fusion audio primers | |
|
|
Computerworld Minute | |
Lofgren, Reinsch, and Lewis were among the guests invited to speak at the meeting on Friday. The encryption subcommittee meets every two to three months to discuss encryption policy and advise the administration.
Security versus Commerce
Similar debates are occurring at the RSA Data Security Conference in San Jose this week. The issue is a hot topic, pitting law enforcement's argument that national security warrants strong export controls against privacy rights groups and software vendors who contend they are losing money by not being able to sell products with strong cryptography outside the United States.
Last September, the U.S. government relaxed its encryption policy, allowing companies to export products with cryptographic key lengths of 56 bits or less without obtaining an export license. It also eased the export of any cryptography for insurance companies, medical and health organizations, and U.S. firms with foreign subsidiaries. The government also dropped one sticking point: Requiring a third-party organization that holds "keys" to unscramble data, which the government could obtain by court order.
The U.S. encryption policy over the last decade "has been like sticking a finger in a dike," says Kevin McCurley, a cryptographer who works for IBM. The policies have resulted in "impeding progress, obfuscating regulations, and confusing people."
Some U.S. companies still manage to sell strong cryptography outside the country by creating joint ventures with foreign firms and developing technology at non-U.S. labs. However, U.S. export officials are troubled by gray areas in these cases, when companies may transfer development information, if not actual technology, to outside ventures. The Export Administration has investigated at least five companies for allegedly shipping technology abroad, but has found no evidence of violations, said Reinsch.
Global inconsistency
And while officials and vendors grapple with the policies inside the United States, the U.S. administration has persuaded other governments to control their export of encryption--even in countries that did not restrict cryptography. This was accomplished as part of the Wassenaar Arrangement, signed by 33 countries in December.
Under the Wassenaar pact, which is not a treaty but an unenforceable agreement, the countries agreed to restrict export of 64-bit and higher cryptography in mass-market software and hardware and 56-bit and higher cryptography in general encryption products. The pact also decontrolled the export of consumer electronics.
"One positive aspect is that it's woken up the international community," John Gilmore, co-founder of the Electronic Freedom Frontier, told the PECSE group Friday in reference to the Wassenaar pact. "They all now realize that the long arm of the U.S. government is attempting to squash freedom in their own countries."