RSA-China Crypto

John Young jya at pipeline.com
Thu Feb 8 07:32:12 PST 1996 

   Wall Street Journal, February 8, 1996, p. A10.


   China, U.S. Firm Challenge U.S. On Encryption-Software
   Exports

   By Don Clark


   RSA Data Security Inc., the dominant supplier of
   data-privacy software, announced an unusual partnership
   with the Chinese government that exploits loopholes in U.S.
   export restrictions on codemaking technology.

   As part of the deal, RSA, which is based in Redwood City,
   Calif., plans to fund an effort by Chinese government
   scientists to develop new encryption software. The
   Chinese-developed software, based on RSA's general
   mathematical formula, may be more powerful than versions
   now permitted for export under U.S. Iaws, said James
   Bidzos, RSA's president.

   Two Chinese agencies also will use and distribute RSA data
   encryption products that may be legally exported from the
   U.S. The Chinese encryption-development arrangement, which
   isn't based on those products, appears to be legal as long
   as RSA doesn't supply the scientists with any other
   controlled technology, lawyers familiar with export laws
   said.

   RSA's move comes at a sensitive time in U.S.-China
   relations, and opens a new front in the company's
   long-running campaign against encryption export
   regulations. The closely held company, and other U.S.
   software concerns, have attacked the Clinton administration
   and the National Security Agency for trying to limit the
   strength of exported U.S. technology, while stronger
   products increasingly can be purchased from competing
   foreign companies.

   "The government has opened export doors a crack, and we
   sort of drove a Mack truck through them," Mr. Bidzos said
   of the Chinese deal. "The genie is truly out of the
   bottle."

   Stewart Baker, a Washington lawyer and former general
   counsel of the NSA, said the government "obviously would
   not be thrilled" by RSA's China venture. China hasn't in
   the past been party to international agreements governing
   encryption exports, he noted, and RSA's move could force
   other countries to consider China as an important player.
   "It's going to create an interesting strain in the
   international discussion," he said.

   Japan, an even more potent force in technology, appears to
   be leaning toward loosening export controls on encryption,
   Mr. Baker and other industry executives say. RSA plans to
   announce the formation of a new company in Japan today, but
   the venture will be subject to U.S. export controls, Mr.
   Bidzos said.

   Encryption uses special mathematical formulas, called
   algorithms, to scramble voice conversations or data to make
   them unintelligible to eavesdroppers. RSA's founders
   developed a popular variant of the technology that helps
   determine the authenticity of senders and recipients of
   messages. Both privacy and authentication are widely
   regarded as crucial to advances in electronic commerce.

   RSA struck its deal with departments of China's Ministry of
   Foreign Trade and Economic Cooperation, and the Academy of
   Sciences. They will use two RSA software products -- one
   for authentication and one for protecting the contents of
   PC hard drives -- internally and help distribute them. The
   Academy scientists who will develop new encryption software
   also will be paid to try to break RSA's products to test
   their strength, Mr. Bidzos said.

   A spokesman at the Commerce Department's bureau of export
   administration said he was unaware of RSA's China venture,
   but said the agency would be monitoring developments.

   Mr. Baker, the former NSA attorney, questioned whether
   customers in other countries would warm to the idea of
   Chinese-developed encryption software. Products approved by
   the U.S. government for export have the stigma that NSA can
   decode, and Chinese products might be subject to even more
   suspicion, Mr. Baker said.

   Still, the RSA deal is likely to be seen as further
   evidence of slipping U.S. control over encryption. "It is
   another example of what happens when you try to impose
   unilateral controls on what is in reality uncontrollable
   technology," said Bruce Heiman, an outside attorney for the
   Business Software Alliance.

   [End]

More information about the cypherpunks-legacy mailing list