The U.S. computer industry is applauding the Clinton administration's relaxation of restrictions on the export of strong encryption products but is complaining that new rules still leave in place too much red tape.
The new rules, which will be published in the Federal Register tomorrow, allow the export of retail encryption products with strong encryption by lifting restrictions on encryption key length. They also remove the requirement to get an export license, but they do require a "one-time review" by the U.S.
Department of Commerce.
The White House backed away from a proposal made last September that would have restricted exports to foreign governments. The new proposed rules, which will be open for public comment for 120 days, still ban sales to Cuba, Iran, Iraq, Libya and Sudan.
"The American Electronics Association has reviewed the . . . regulations and believes they are a substantial improvement over the last version issued," said William T. Archey, president and CEO of the Washington-based high-tech trade association. But he said some residual restrictions, such as the one-time review, require further modification.
Others worried that the remaining review process would favor large companies over individuals without a legal presence in Washington and small companies.
The new rules are a defeat for the National Security Agency and the FBI, which led a long fight to restrict encryption exports in an attempt to keep the secrecy-enhancing tools out of the reach of spies, terrorists and criminals.
But opponents argued that those restrictions are silly and unfair to U.S. software companies because strong crypto is available from outside the U.S. And privacy advocates said it is unfair to deprive anyone of strong safeguards for confidential information.
More details on the Clinton administration's export policies are available at the Bureau of Export Administration Web site.