Feds throw us half a bone on crypto policy

Rohit Khare (khare@pest.w3.org)
Fri, 7 Jun 96 10:19:57 -0400


They're giving very little ground to the NRC report I commented on last week.
Moving weak encryption to Commerce only helps a little, and their stance on
escrow is unmodified. At least they realize:

> The Commerce Department's Bureau of Export Administration
> reviews technologies that have both a military and
> commercial use, and the process is faster, more
> predictable, and more user-friendly than the State
> Department process, he said.

Other than that, the debate has yet to begin in earnest. Now, if only another
Time magazine cover would have the effect last year's cyberporn one did...

:-)
Rohit

---------------------------------------------------------------------------
Feds consider faster encryption licensing, longer keys

By Sari Kalin
InfoWorld Electric

Posted at 11:00 AM PT, Jun 6, 1996
To answer industry concerns, the U.S. government is seriously considering a
move that could speed up export licensing of encryption software, a Clinton
administration official said this week.

Now, off-the-shelf software that uses 40-bit key length encryption -- the
strength allowed for export from the U.S. -- is reviewed by the State
Department, because encryption is considered to be a defense technology, the
official said. Since encryption also has commercial uses, however, the
administration is considering moving the export review to the Commerce
Department.

The software industry has long complained about the federal government's
encryption export restrictions, claiming that they have lost sales overseas
because they cannot deliver products with better security.

The Commerce Department's Bureau of Export Administration reviews
technologies that have both a military and commercial use, and the process is
faster, more predictable, and more user-friendly than the State Department
process, he said.

"The [Commerce Department] process is more open, there's more public
information about why decisions are made, and there's more opportunity for
industry to be involved in the decision making," said the official, who asked
not to be named.

In addition to improving the licensing process, the administration is also
considering proposals that would liberalize the export of cryptography, the
official said.

The administration still strongly supports the controversial key escrow
system -- a system that would allow companies to export stronger encryption,
as long as a trusted third party kept a copy of the key that could be used by
law enforcement officials, if needed.

It will take a few years to set up a key escrow system, however. In the
meantime, the official said, "there may be a need to protect valuable business
information by liberalizing the export of non-escrow technology, but that
would be on an interim basis until the key management infrastructure is in
place."

Sari Kalin is a Boston-based correspondent for the IDG News Service, an
InfoWorld affiliate.