advertising information
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




PC World

Congress considers easing cryptography rules


January 21, 1999
Web posted at: 12:01 p.m. EST (1701 GMT)

by Elinor Mills

(IDG) -- A U.S. congressperson will re-introduce a bill this year to eliminate encryption export control while the Clinton administration considers easing export restrictions in areas that involve electronic commerce, officials say.

"We're looking at areas including ISPs and telecommunications," said William Reinsch, undersecretary for export administration, at a meeting of the President's Export Council Subcommittee on Encryption last week in Cupertino, California. "We are asking ourselves--are there things we can do to help e-commerce?"

The administration will begin discussions on the topic later this month, says James Lewis, director of the Office of Strategic Trade and Foreign Policy Controls at the Bureau of Export Administration. Lewis said government officials would also discuss whether to liberalize restrictions on application programming interfaces.
Cracking DES code all in a day's work for security experts

While the administration considers those issues, Representative Zoe Lofgren (D-California) says she and Representative Bob Goodlatte (R-Virginia) will re-introduce their Security and Freedom Through Encryption Act, which failed last year.

Lofgren said she does not know when she will re-introduce the bill. The House is playing catch-up after being busy with impeachment proceedings against Bill Clinton, she explained.

  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at's desktop PC page's portable PC page's Windows software page's personal news page
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for computer geniuses(& newbies)
  Search in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute

Lofgren, Reinsch, and Lewis were among the guests invited to speak at the meeting on Friday. The encryption subcommittee meets every two to three months to discuss encryption policy and advise the administration.

Security versus Commerce

Similar debates are occurring at the RSA Data Security Conference in San Jose this week. The issue is a hot topic, pitting law enforcement's argument that national security warrants strong export controls against privacy rights groups and software vendors who contend they are losing money by not being able to sell products with strong cryptography outside the United States.

Last September, the U.S. government relaxed its encryption policy, allowing companies to export products with cryptographic key lengths of 56 bits or less without obtaining an export license. It also eased the export of any cryptography for insurance companies, medical and health organizations, and U.S. firms with foreign subsidiaries. The government also dropped one sticking point: Requiring a third-party organization that holds "keys" to unscramble data, which the government could obtain by court order.

The U.S. encryption policy over the last decade "has been like sticking a finger in a dike," says Kevin McCurley, a cryptographer who works for IBM. The policies have resulted in "impeding progress, obfuscating regulations, and confusing people."

Some U.S. companies still manage to sell strong cryptography outside the country by creating joint ventures with foreign firms and developing technology at non-U.S. labs. However, U.S. export officials are troubled by gray areas in these cases, when companies may transfer development information, if not actual technology, to outside ventures. The Export Administration has investigated at least five companies for allegedly shipping technology abroad, but has found no evidence of violations, said Reinsch.

Global inconsistency

And while officials and vendors grapple with the policies inside the United States, the U.S. administration has persuaded other governments to control their export of encryption--even in countries that did not restrict cryptography. This was accomplished as part of the Wassenaar Arrangement, signed by 33 countries in December.

Under the Wassenaar pact, which is not a treaty but an unenforceable agreement, the countries agreed to restrict export of 64-bit and higher cryptography in mass-market software and hardware and 56-bit and higher cryptography in general encryption products. The pact also decontrolled the export of consumer electronics.

"One positive aspect is that it's woken up the international community," John Gilmore, co-founder of the Electronic Freedom Frontier, told the PECSE group Friday in reference to the Wassenaar pact. "They all now realize that the long arm of the U.S. government is attempting to squash freedom in their own countries."

Message Board:

Related stories:
Latest Headlines

Today on CNN

Related stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

Enter keyword(s)   go    help


Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.