This message was forwarded to you from ZDNet (http://www.zdnet.com) by anon@zd.com. Comment from sender: The dance of the seven regs continues..... --------------------------------------------------------------------- This article is from ZDNN (http://www.zdnet.com/zdnn/). Visit this page on the Web at: http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,4436,2138029,00.htm... --------------------------------------------------------------------- [IMAGE] By Will Rodger, Inter@ctive Week Online September 15, 1998 5:39 PM PT The Clinton Administration is expected to relax export controls on data scrambling equipment Wednesday, preparing the ground for yet another round of debate over current encryption policy. According to Administration sources, the White House will loosen its grip on the technology in several areas central to the five-year argument over the issue. Among other things, the new policy will relax controls for sales to specific industries, including e-commerce, medicine and insurance The liberalization will fall far short of what Administration critics wanted. Even so, many crypto advocates expressed hope their position will continue to gain ground. "It's not as far along as my bill would go, but it's a significant improvement on our current policy," said Rep. Zoe Lofgren, D-Calif., a sponsor of encryption liberalization legislation in the House and one of several key Democrats briefed on the issue on the last two days. "It will still give us something to argue about next year." [TABLE NOT SHOWN] Electronic encryption, or the process of scrambling information so that only its intended recipient can read it, is widely believed to be the sine qua non of secure commerce and personal information on an insecure Internet. To date, however, Federal policy has required stringent licensing of encryption technology that uses digital codes, or "keys," longer than 40 bits in length. Law enforcement has insisted on that restriction so that the encoding technology cannot be used to thwart surveillance techniques used in investigations. Current exceptions will expand Under an exception granted in December 1996, however, the government has allowed exports of equipment whose keys are as long as 56 bits, or roughly 64,000 times more powerful than 40-bit products. That exception was granted companies that committed to develop technologies to give law enforcement "lawful access" to messages encrypted with their products through various back doors built into them. Notably free from those restrictions have been foreign financial institutions, which in most cases have been able to buy U.S.-made encryption software of unlimited strength since last year. That exception will be broadened under the new policy, sources said. Now, insurance companies, handlers of medical records and companies that use specialized transaction software to do business over the Internet will be able to buy American encryption software after a one-time review of their purchase plans by the U.S. Commerce Department. In addition, administration sources confirmed Tuesday evening, the government will no longer require prior approval of "key recovery" agents, who hold spare keys to encoded messages for law enforcement. Some 45 nations, including Russia, China, Venezuela and Mexico, will likely be ineligible for the relief control as long as the U.S. government believes they harbor money-laundering operations, however. Finally, administration sources said, any U.S. company will be able to export powerful encryption technology to its own subsidiaries as long as it does not share the technology with non-US companies. Playing catch-up As before, public interest groups said they believe the new policy does not go far enough. Since Vice President Al Gore promised relief for medical records, e-commerce and financial institutions some two years ago, critics said the policy is more a belated catch-up than anything truly new. "It's a divide and conquer strategy," said David Banisar, policy counsel with the Electronic Privacy Information Center. "This will help a few large users, but the average consumer is out in the cold." Wednesday's announcement is only the latest step in a years-long journey from complete control to liberalization. Though the FBI and others within the national security apparatus have insisted on tight controls, information technology companies and public interest groups have fought them bitterly, insisting a flood of foreign products will soon take over a world market which was once almost exclusively America's. As foreign producers have mounted - more than 500 foreign products are now stronger than what can usually be exported from the US - that pressure has increased. Technology marches on The steady march of computer technology, too, has rendered once-secure products obsolete; the Electronic Frontier Foundation, for instance, unveiled a computer last June which can crack messages encrypted with 56-bit keys in hours. Until recently, the FBI had claimed such messages could be cracked only in a matter of months, if not years. Dan Scheinman, vice president for legal and government affairs at Internet hardware producer Cisco Systems Inc., said the latest proposal wasn't his company had hoped for. Even so, "Anything that provides broader relief is a step in the right direction," he said. In the administration's defense Meanwhile, the administration has its defenders. Stewart Baker, former counsel to the super-secret, encryption-controlling National Security Agency and an attorney who negotiates export agreements for industry, called on critics to give the administration more credit. "I think this is a significant walking away from an emphasis on law-enforcement access," he said. "What this says is if there's a market for security, we ought to think about liberalizing. It's a big step and it foreshadows more." --------------------------------------------------------------------- Copyright (c) 1998 ZDNet. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of ZDNet is prohibited. ZDNet and the ZDNet logo are trademarks of Ziff-Davis Inc.