Encryption, Exporting and the Long Arm of the Law

Companies creating computer programs containing strong encryption may be losing money. The U.S. restricts the sale of products containing cryptography outside the country, pitting law enforcement's national security position against privacy-rights groups and software vendors. But things may change. Representative Zoe Lofgren (D-California) and Representative Bob Goodlatte (R-Virginia) plan to re-introduce their previously failed Security and Freedom Through Encryption Act. A date for the re-introduction of the bill has not yet been announced. Also, the Clinton administration is considering easing export restrictions effecting electronic commerce.

Clinton administration's Export Council Subcommittee on Encryption "(Is) looking at areas including ISP's (Internet Service Providers) and telecommunications," explained William Reinsch, undersecretary of export administration. He also stated, "We are asking ourselvesóare there things we can do to help E-commerce?" They will also be considering whether restrictions on application programming interfaces should be liberalized, according to James Lewis, director of the Office of Strategic Trade and Foreign Policy controls of the Bureaus of Export Administration.

During the last decade, the U.S. encryption policy "has been like sticking a finger in a dike," states Kevin McCurley, an IBM cryptographer, resulting in "impeding progress, obfuscating regulations, and confusing people."

"In the midst of all the confusion, some companies have found ways of exporting sales of their products containing strong cryptography. These companies either have created joint ventures with foreign companies or have developed technology in labs outside the U.S. At issue with export officials is when exactly are companies allowed to transfer development information to non-U.S. companies. Even though the Export Administration has investigated no fewer then five companies on suspicion of exporting technology, they haven't found any evidence that regulations have been violated.

Last December the U.S. successfully persuaded 33 countries to place controls on exporting encrypted products. It is mind-boggling to learn that even countries that don't place restriction on cryptography signed the Wassenaar Arrangement. By signing this agreement these countries have agreed to restrict the export of: 64-bit and higher cryptography in mass-market software and hardware; and 56-bit and higher cryptography in products with general encryption.

"One positive aspect is that it's woken up the international community," said John Gilmore, co-founder of the Electronic Freedom Frontier, of the Wassenaar agreement. "They all now realize that the long arm of the U.S. government is attempting to squash freedom in their own countries."