The Netly News http://www.netlynews.com/ October 29, 1996 The Japan Factor By Declan McCullagh (declan@well.com) In a move designed to stem the global availability of products that use strong encryption technology, Japan last month succumbed to U.S. pressure and dramatically tightened its export restrictions, The Netly News has learned. The restrictions amount to a stranglehold. Officials from Japan's Ministry of International Trade and Industry (MITI) characterize the shift as a very small change, but the new rules require businesses to seek prior government approval for any overseas crypto-order that totals more than 50,000 yen, or about $450. The previous limit was 10 million yen, around $91,000. "We made a very small change of the licensing exception of limited value," says Jun Takashina, the deputy director of the Security Export Control Division at MITI. Takashina denied that the U.S. pressured Japan. "It's our decision. We didn't have any pressure from the United States." Japan says its regulations are designed to codify the "Wassenaar Arrangement" on export controls for armaments and advanced technology, which was crafted over a two-year period to replace the Cold War-era COCOM treaty and was signed in July by over 30 countries. "In the Wassenaar Arrangement, we have consensus to cooperate -- not coordinate, but cooperate," Takashina said. "In this sense we influence each other. We cooperate in our regulations to achieve the same purpose." In implementing the agreement, Japan relaxed controls on many products -- and, tellingly, only tightened the regulation of encryption. However, other countries that signed the agreement have not done the same. Japan's move follows a hot summer of even hotter debate on Capitol Hill, where Justice Department officials claimed that criminals use PGP to scramble files and software company executives testified that current regs cost U.S. industry millions. Boosting the political temperature further was RSA Data Security's announcement in June that NTT and RSA's Japanese affiliate were ready to ship a triple-DES chip more secure than anything U.S. manufacturers are permitted to sell overseas. Privacy advocates quickly heralded it as exposing the fatal flaws in the Clinton administration's regulations. Phil Zimmermann, inventor of PGP, told me at the time that "the Japanese took over the American television manufacturing industry" and are poised to take over this one unless Congress approves the Pro-CODE bill. This widely-publicized announcement almost certainly prompted Japan's new crypto-muzzling decision. The company's president, Jim Bidzos, says that Tokyo has started to "look a little closer" at its encryption policies. "With all the press about NTT chips and whatnot in Japan, the U.S. government is going to try to stem the flow." (One White House scheme designed to do just that is the soon-to-be-announced creation of an ambassador-level position whose sole job will be to marshal international support for U.S. crypto policy.) Stewart Baker, former NSA general counsel, calls Japan's move a sign that the country's leaders are awakening to -- and are sensitive to -- the U.S. government's position. "This is a signal that they did not want to be at the center of the policy debate over export controls if they could avoid it," he says. "As [the policy] gets covered in the New York Times on the front page, the Japanese government focuses more attention.... This is a reflection of concern that that kind of story is not good for Japan," says Baker, who recently wrote about Japan's stance on encryption in Wired. The key question, though, is how strictly will Japan enforce the new regulations? The Wassenaar Arrangement is designed to keep arms and technology out of the hands of rogue countries, but companies in Silicon Valley already are complaining that Japanese shipments of data-scrambling hardware are being delayed. And the fine print of the new Japanese regs seems to require the end user's name and address -- which is impossible for U.S. distributors to provide. I think Marc Rotenberg, director of the Electronic Privacy Information Center and international crypto-watcher, has it right. Today he said to me that U.S. crypto isn't our biggest export in this area; instead, it's U.S. crypto policy. I agree -- and I say that's where we need more government intervention. Any government employee or erstwhile crypto-czar who wants to export a dumb crypto policy should be required to say why it should be allowed to infect other countries. I'm sure Japan won't mind. -- By Declan McCullagh (declan@well.com) with reporting by K. N. Cukier (100736.3602@compuserve.com) Wassenaar Arrangement: http://www.dfat.gov.au/dfat/dept/isd/peace_and_disarmament/pd_4_96/pd10.html RSA announces NTT chip: http://www.eff.org/pub/Publications/Declan_McCullagh/cwd.got.away.0696.artic... U.S. to create crypto-ambassador: http://www.netizen.com/netizen/96/43/index3a.html Stewart Baker on Japan's crypto-politics: http://www.hotwired.com/wired/4.09/es.crypto.html Marc Rotenberg on OECD crypto-politics: http://www2.eff.org/~declan/global/japan/rotenberg.reply.102896 ###