From: John Young <jya@pipeline.com>
Date: Fri, 14 Feb 1997 11:13:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Industry Blasts U.S. Encryption Policy
Message-ID: <1.5.4.32.19970214190701.00706eb4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


2-14-97. National Business Review, NZ (http://www.nbr.co.nz/):

USA: Industry Groups Blast U.S. Encryption Policy.

Washington, Feb 13 (Reuter) - An array of private-sector trade groups 
charged Thursday the Clinton administration's new export policy on 
computer encoding technology was a failure. 

Encryption products, which scramble information and render it unreadable 
without a password or software "key," are subject to strict export 
limits, although the administration recently relaxed the rules a bit. 

The new policy "does not adequately address the needs of either the 
American business community or the general public," the 13 groups said 
in a letter to Clinton dated Wednesday and released Thursday. 

Among the groups signing the letter were the U.S. Chamber of Commerce, 
the National Association of Manufacturers and the National Retail 
Federation, along with a host of high-tech industry groups such as the
Business Software Alliance and the Information Technology Association of 
America. 

The Centre for Democracy and Technology, an advocacy group for civil 
liberties in cyberspace, and the Association of Research Libraries also 
signed the letter. 

An administration spokeswoman said that, despite the complaints, the 
current policy would be maintained. 

"The administration is moving ahead with our encryption export 
liberalisation policy," spokeswoman Heidi Kukis said. The policy balances 
diverse interests by "allowing us to develop exports while protecting our 
national security," she said. 

The administration has repeatedly said it opposes allowing unfettered 
powerful encryption programmes out of the country where they could be 
used by international criminals and terrorists. 

Under current policy, U.S. companies cannot export products containing 
so-called strong encryption, used to protect everything from a business' 
electronic mail to a consumer's credit card number sent over the Internet,
unless the products also allow the government to crack the code by 
recovering the software keys. 

Companies can get a license to export medium-strength encryption lacking 
so-called key recovery features if the companies agree to incorporate 
key recovery in future products within two years. 

The Commerce Department has issued three licenses so far under the 
two-year provision. Digital Equipment Corp., Trusted Information Systems 
Inc., and Cylink Corp. won approval by promising to offer key recovery
products by 1999. 

International Business Machines Corp. and Hewlett Packard Co. have said 
they are also seeking licenses. 

But companies and privacy advocates rejected the administration's key 
recovery-based approach. 

"It fails to accommodate the competitiveness concerns of sellers of 
encryption products, the security concerns of the buyers of such products, 
or important privacy rights," the groups said in their letter. 

"We believe a fundamental rethinking of this policy is necessary," they 
added. "We remain interested in working with you to achieve a constructive 
solution to this very difficult problem." 

Congress is already considering proposals to dramatically relax the export 
restrictions without requiring key recovery. 

-----