Technology
toolbar
Click here
January 13, 2000

U.S. Removes More Limits on Encryption Technology

Retreat Is Prompted by Software Industry
By DAVID E. SANGER and JERI CLAUSING

WASHINGTON, Jan. 12 -- The Clinton administration today lifted more of the licensing requirements on software products that are used to keep computer data and communications secure after industry complaints last fall that its efforts to rewrite the rules still placed American companies at a disadvantage.

Under the new rules, virtually any program sold on the retail market to encrypt data can be sold overseas after what the Commerce Department said today would be a "one-time review" to give it an exemption from export license. But more important, for the first time the administration said it would allow the export, without licenses, of most types of "source code," the computer code used to create programs that encrypt data. The only exceptions would be to nations on the State Department's terrorist list, including Cuba, Iran, Iraq, Libya, Sudan, Syria and North Korea.


Related Articles
Administration Releases Draft of Encryption Export Rules
(November 23, 1999)

Congress Fears White House May Fall Short on Encryption
(November 16, 1999)

Today's action marks another retreat by the National Security Agency and the Federal Bureau of Investigation, which have long opposed the export of cutting-edge encryption products, for fear they would be unable to break coded communications sent by foreign governments and terrorist groups.

But the technology has overwhelmed the government's ability to control many of these products, including some that can be downloaded for free from Internet sites to protect individuals using online banking services or sending secure messages.

It has also been a politically sensitive issue for Vice President Al Gore, who found that the computer executives he has assiduously courted in Silicon Valley for seven years remained angry about the government's efforts to control encryption products. They flooded his office with complaints.

Commerce officials said that his domestic policy adviser, Dan Beier, participated in the discussions about how to amend the rules. Some industry executives have said that their support for Mr. Gore, including financial support, depended on how the administration handled this issue, but Commerce officials said that political concerns never came up in the interagency meetings on altering the regulations.

The new rules were cautiously applauded by industry groups, who argued that regulations issued by the administration in September were still cumbersome and put them at a disadvantage when competing with foreign companies, especially from Germany, that have no such restrictions.

"This should go a way toward satisfying them, but it is not a total end to controls," said Stewart Baker, formerly the general counsel of the National Security Agency, which monitors foreign communications from a huge network of satellites and antennas around the world. Mr. Baker, now a lawyer in Washington who represents many companies in the encryption business, said that "the Valley is only going to be satisfied when the director of the N.S.A. crawls across the Bay Bridge to apologize for controls."
Technology has overwhelmed government efforts to keep control.

But under the new rules, he said, "the reality is that they can sell practically all the products they want," even if there are some paperwork requirements and licensing restrictions on custom-made software sold to foreign governments.

Some Congressional leaders have vowed for years to pass legislation that would essentially eliminate the administration's oversight on the export of "strong-data" scrambling technology, the highest levels of protection. But that has run counter to a movement in Congress to tighten other export controls, especially to countries like China, and the result has been a stalemate.

Among those expressing modest enthusiasm for the new rules was Cisco Systems, one of the largest producers of "routers" that form the backbone of the Internet. Under the September rules, it was unclear whether companies could ship abroad, without license, programs that would encrypt data that ran from one large router to another. Under the new rules, they can. Cisco's chief of government relations, Laura Ipsen, said that "the technology industry's goal is a simple, equitable encryption policy. These regulations work toward that goal."

Other companies were more enthusiastic. "I think by and large the administration made good on its promise,' said Dan Burton, vice president for government relations at Novell Inc., a leading networking software company based in Utah.

"There is a significant liberalization that is really going to allow U.S. firms to export strong encryption software overseas. And I think if you were going to characterize this you would say this is an inside the ballpark home run. By that I mean you still are operating within the framework of the assumption that they still can control encryption exports."

The new regulations, which will not be officially published in the Federal Register until Friday, will allow United States companies to ship any retail encryption products around the world to commercial concerns, individuals and other nongovernment users after a one-time technical review by an interagency panel.

Retail products, many of which are already widely used in the United States to protect everything from networks to individual e-mail programs, would be exempt from licensing requirements and could be sold to companies, individuals and foreign governments.

And while companies said they had won significant concessions from the administration over the last few months on what should and should not be classified as a retail product, they said much was riding on the final definitions.

But Washington retains a right to license specialty products made for other governments. "We want to make sure there is a review for any sale, for example, to a ministry for state security," said William A. Reinsch, who heads the Commerce Department's bureau of export administration. He said that could include sales to companies that are partially owned by governments. That restriction has annoyed some American concerns because many governments hold stakes in telecommunications and other companies.

Alan Davidson, a lawyer with the Center for Democracy and Technology, an online civil liberties group in Washington, said the new regulations were "good news and bad news."

"The good news is that consumers all over the world are going to have access to much stronger encryption," Mr. Davidson said. "The bad news is that if you want to send encryption out of the country, you have to hire a lawyer to do it. These regulations are very complicated."

Mr. Davidson said his group was also concerned that the new regulations failed to exempt researchers from sharing their codes with foreign counterparts. "They do not clearly fix the fundamental Constitutional flaw in the U.S. policy that says researchers have to ask for permission before they exchange ideas with people outside of the United States."



Click here

Home | Site Index | Site Search | Forums | Archives | Marketplace

Quick News | Page One Plus | International | National/N.Y. | Business | Technology | Science | Sports | Weather | Editorial | Op-Ed | Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel

Help/Feedback | Classifieds | Services | New York Today

Copyright 2000 The New York Times Company

Click here.