Crypto Export Rules Lighten Up

id="article-body" class="row" section="article-body" data-component="trackCWV">





















Cutting some government red tape, Secretary William Daley said today
that the Clinton administration will lighten restrictions on strong
encryption used
by financial institutions to secure electronic transactions sent around the
globe.


The government's revised encryption export policy is expected to go into
effect this summer and will apply to credit card companies, banks and
their branches, security firms, and brokers in 45 countries. Under the new
rules, almost 70 percent of the world's financial institutions will have to
apply for a one-time license to use encryption of any strength.



Most significantly,

now these financial firms don't have to use encryption
products with built-in key-recovery systems. These systems give companies
the opportunity to make a "spare key" that unlocks their encrypted digital
communication if an original key is lost or ethereum coin token stolen, but key-recovery
centers can be costly and extremely hard to build, according to and reports.



"This action gives our nation's financial institutions the flexibility they
need to remain globally competitive," Daley said today in a statement.



"Importantly, it balances those needs of law enforcement, national security,
and foreign policy concerns," he added. "Through steps like this we can
continue to encourage the development of an electronic commerce system
users can trust."



Banking industry representatives applauded the change, but reaction from
software firms was less enthusiastic.



"It's a big step as far as opening up the Internet as a channel for global
financial commerce, and that's important to the banking industry on a
global basis," said Bill Randle, executive vice president of .



"But I still have some concerns that it's not broad enough for other
organizations," added Randle, who sits on a security committee of the
Banking Industry Technology Secretariat, an affiliate of the Bankers
Roundtable.



"It's great for the banks, but apparently the rest of American industry is
not important enough to protect their data," said Lauren Hall, a lobbyist
for the .
"It is very good for banks, and we're glad to see that the administration
has recognized that crypto can serve a very legitimate function for
protecting data on networks."



Key recovery has been the cornerstone of a over the U.S.
crypto export policy. Privacy advocates and
industry alike oppose mandatory key-recovery features in export products
because they say the systems present the possibility that law
enforcement or unauthorized parties could gain access to scrambled data
without due process or permission.



On the flip side, law enforcement has held its ground that unfettered
export of encryption will lead to terrorists and criminals using the
technology to cover their tracks. But proponents of free encryption,
without mandated spare keys,
contend that strong encryption already is available around the world.



Under the current encryption export policy, crypto manufacturers have to
apply for https://getpaid2influence.com/Crypto-Affiliates an export license for most companies or private citizens to whom
they ship products. To even export products that have been , such as 56-bit length
encryption, software makers also have to promise to build in key-recovery
systems. This bureaucracy has been bad for business, according to the
industry.



Last year, the Commerce Department said it would crypto restrictions for
companies shipping to financial institutions, but the licenses were still
approved on a case-by-case basis. Now the
administration plans to phase out individual export approvals for these
firms, lifting a burden for k2000.a.tel.y.n.m.c.k.ay.1.9.394cdpsecurecdp.s15342144.onlinehome-server.info crypto makers.



Chuck Williams, chief scientist of encryption vendor , called the announcement "a grand
step in the right direction." Cylink already exports encryption hardware
and software to banks under the previous, more restrictive policy. , a major
supplier of computer security software, likewise applauded the move.



The export relief rules announced today don't apply to private
citizens and all companies, however, so the fight over encryption is hardly
over. But software makers are glad they can branch out in some markets.



"There were vendors who said they love banks as a market but don't want to
go through the paperwork of filing a [key-recovery] plan," said Kawika Daguio, a technology policy analyst for the , hopes cutting
red tape will draw more vendors into the market. "Now we can go to those people and say, 'Now you can sell to us without all that pain and suffering.' It's dramatically lowered the
requirements for manufacturers."



Still, data-security technology companies see the policy shift as a
building block to ease encryption restrictions for all the world's computer
users. Other governments have been known to look to the United States as a
basis for their encryption policies.



"Our biggest and most important clients are financial institutions, so
we are certainly encouraged by this announcement from the
administration. We think it will significantly help our ability to sell to
financial institutions in major markets," said Kelly Huebner Blough,
director of government affairs for Network Associates.



Network Associates has used some unconventional tactics to sidestep getting a
crypto license for every company it ships bitcoin to wallet overseas. In May, the company
said it the Swiss firm
Cnlab Software to make and sell outside the United States a 128-bit version
of Network Associates' Pretty Good Privacy encryption software.



"The more that encryption is used by banks or large companies, the more it
will become accepted as a very necessary part of the U.S. economy, world
economy, and e-commerce," Blough added. "This will help spread the use of
encryption throughout the world."