2-14-97. National Business Review, NZ (http://www.nbr.co.nz/): USA: Industry Groups Blast U.S. Encryption Policy. Washington, Feb 13 (Reuter) - An array of private-sector trade groups charged Thursday the Clinton administration's new export policy on computer encoding technology was a failure. Encryption products, which scramble information and render it unreadable without a password or software "key," are subject to strict export limits, although the administration recently relaxed the rules a bit. The new policy "does not adequately address the needs of either the American business community or the general public," the 13 groups said in a letter to Clinton dated Wednesday and released Thursday. Among the groups signing the letter were the U.S. Chamber of Commerce, the National Association of Manufacturers and the National Retail Federation, along with a host of high-tech industry groups such as the Business Software Alliance and the Information Technology Association of America. The Centre for Democracy and Technology, an advocacy group for civil liberties in cyberspace, and the Association of Research Libraries also signed the letter. An administration spokeswoman said that, despite the complaints, the current policy would be maintained. "The administration is moving ahead with our encryption export liberalisation policy," spokeswoman Heidi Kukis said. The policy balances diverse interests by "allowing us to develop exports while protecting our national security," she said. The administration has repeatedly said it opposes allowing unfettered powerful encryption programmes out of the country where they could be used by international criminals and terrorists. Under current policy, U.S. companies cannot export products containing so-called strong encryption, used to protect everything from a business' electronic mail to a consumer's credit card number sent over the Internet, unless the products also allow the government to crack the code by recovering the software keys. Companies can get a license to export medium-strength encryption lacking so-called key recovery features if the companies agree to incorporate key recovery in future products within two years. The Commerce Department has issued three licenses so far under the two-year provision. Digital Equipment Corp., Trusted Information Systems Inc., and Cylink Corp. won approval by promising to offer key recovery products by 1999. International Business Machines Corp. and Hewlett Packard Co. have said they are also seeking licenses. But companies and privacy advocates rejected the administration's key recovery-based approach. "It fails to accommodate the competitiveness concerns of sellers of encryption products, the security concerns of the buyers of such products, or important privacy rights," the groups said in their letter. "We believe a fundamental rethinking of this policy is necessary," they added. "We remain interested in working with you to achieve a constructive solution to this very difficult problem." Congress is already considering proposals to dramatically relax the export restrictions without requiring key recovery. -----