-----BEGIN PGP SIGNED MESSAGE----- Something you might find interesting.... By Will Rodger Washington Bureau Cheif Inter@ctive Week The US government will announce later today that will soon lift controls on technology crucial to doing business over the Internet, White House advisor Ira Magaziner said yesterday evening. Under plans expected to be outlined at a noontime press briefing today, the federal government will require that producers of specialized, narrowly focused data scrambling products submit only to one-time government approval before they sell powerful encryption products abroad. Current policy requires case-by-case approval in most instances. "Basically it will say that for basic financial and electronic applications there will be no export restrictions and no requirement for key recovery," Magaziner said. US Undersecretary of Commerce William Reinsch is expected to give details of the plan. Reinsch could not be reached for comment. Computer industry executives and public interest groups said the new arrangement, though far short of deregulating all encryption, was a step in the right direction. "This is evidence that the administration acknowledges that manufacturers of foreign encryption products do exist," said Peter Harter, public policy counsel at Netscape Communications Corp. "Their policy has put American industry in the back seat and now were trying to catch up." David Banisar, policy analyst at the Washington-based Electronic Privacy Information Center, called the move a "small step forward." Nonetheless, "it still doesnt reach the needs for secure e-mail or other purposes," he said. Computer software and hardware eligible for decontrol under the proposed regulations must fit several criteria, said Kawika Daguio, a public affairs specialist with the American Bankers Association who helped hammer out an agreement for the new regulations. .Though products designed for use by the general public may be unlimited in the strength of the encryption techniques they employ, they must also be strictly limited in use, he said. Software written for home banking, for instance, must be usable only for bank transactions and not easily modified for general use. Most programs handed out by banks for PC banking at home fit that criteria, he said. Programs that use the industry SET standard for credit card purchases over the Internet should easily meet Commerce Department criteria, too, since the SET standard encrypts only those data essential to making online purchases; the limited uses of the standard render it all but useless for general use. Visa, MasterCard and American Express developed the standard. "Id expect programs written with SET to get very rapid approval - within weeks," Daguio said. In addition, US companies will have leeway to export any kind of encryption to any bank as long as that encryption is used only for legitimate, internal bank functions. Products designed for merchant-to-merchant transactions without a bank in between would still be subject to stricter controls, including use of weak software routines that make decoding by law enforcement easy, or deposit of decoding keys with law enforcement bodies prior to export. Commerce Department regulations will spell out details this month or next, Daguio said. Though more sweeping in nature than past government regulations, the US banking industry has long enjoyed more freedom to use powerful encryption technologies abroad than other industries. Successive administrations have granted banks that leeway since by definition they must have greater safeguards over employee behavior than all but a handful of industries. In addition, financial applications have long been easier to design for export since they typically require encryption of only a few standard data fields. If sufficiently limited in design, the reasoning goes, they pose no threat to law enforcement concerned about smugglers or terrorists who may want to evade detection by law enforcement. The government and the computer industry have for years been locked in disputes over the relative importance of encryption technologies and their potential for misuse. Since encryption encodes sensitive information like credit card numbers, voice traffic over public networks and anything else that can be converted into an electronic stream of ones and zeroes, proponents of electronic commerce have insisted the technology must be widely deployed to assure the security of computer networks worldwide. Absent US encryption exports, they claim, American companies will soon lose their leadership role in a technology crucial to the countrys competitiveness. Federal officials, on the other hand, have said export of the technology threatens global security, since terrorists and criminals in outlaw states like Libya and North Korea could easily use the technology to defeat wiretaps and data searches increasingly prized by law enforcement and national security agencies. In response, they demand that exports of powerful encryption include so-called key recovery - a method by which law enforcement can gain access to the encryption keys used to encode messages. Many public interest groups have condemned the plans, however, saying such a transfer of power to law enforcement threatens to usher in an era of ubiquitous and illegal eavesdropping. Several bills pending in Congress would do away with nearly all controls. Reinsch was expected to testify at congressional hearings on one of the bills this morning. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBM3HngkcByjT5n+LZAQHL+Af/WdDoOuORps0gkZQmI4B6mgY63HeTzKZH kW19knlqU6SMC/GSdFrZLiWZhkDec2/wLzq57wdzlPjdPd+5wCvTYWmJAX68Kf6b 9g6cm3AbhZSKmaOtUtwOmUwAtuS5DPaGiPejAc9716K0/U9+0YBNKMZ/qVYAhrLc yR4yxLqpXd68zhirYIxtjHcB1fDzRO6F91stxvvDsg2bg2pPvLidWOBoknMZmCQt ALV5Z1yuik6tNOIPx+4ty7kWMMIQ0E3DqVKPxVAbFchCTohcee55U6Pmg3pbYtVg rrhYr4W8s/juv/9JrVa99+usyt/ohe+N3HcYtJ5WVLF2ED3UT/YDBg== =Q3/z -----END PGP SIGNATURE-----