High-tech industry representatives are cheering the Clinton administration's release of revised export rules for encryption products, saying it's now easier to do business in the multibillion-dollar global market for data security hardware and software.
The staff at the US Department of Commerce's Bureau of Export Administration capped years of controversy over the issue by quietly releasing the new regulations last Wednesday before leaving town for a staff retreat at Harper's Ferry.
"This policy helps business and promotes e-commerce," said Commerce Department Secretary William Daley in a statement issued late on Wednesday. "We've also worked very hard to address privacy concerns and to ensure that our law enforcement and national security concerns are met."
American companies have watched with increasing frustration as encryption technology has zoomed past the old export rules, which tightly restricted exports of the technology used to encode and decode data transmissions. With few exceptions, the export of encryption products made up of more than 64 bits of code without a licence was forbidden, a rule made anachronistic by technological innovation leading to the prevailing 128-bit standard for encryption products.
But some administration officials, like FBI Director Louis Freeh, held the line against relaxing the rules, saying that increased encryption exports would empower terrorists and criminals abroad.
Spurred by industry concerns, Rep. Bob Goodlatte and Rep. Zoe Lofgren last year introduced the Security and Freedom Through Encryption Act, or SAFE, to mandate a relaxation of the rules. On September 16, the administration announced it would loosen the regulations. When an initial draft of the revisions circulated in November, it was fiercely criticised by industry representatives as insufficiently liberal. The Government returned to the drawing board, further relaxing the regulations.
"The administration has pretty much made good on their September 16 promise," says Dan Burton, vice president of government relations for Novell, which manufactures encryption software. "We're pleased."
The regulations still restrict exports to foreign governments and other non-retail sales. A ban on exports to seven nations -- Iraq, Libya, North Korea, Cuba, Iran, Syria and Sudan -- is still in place. But otherwise, the definition of "government" has been narrowed, while the definition of "retail" has been expanded, and the 64-bit ceiling has been removed altogether.
The relaxed rules will make it easier for US firms to compete against foreign encryption products. But it doesn't completely untie their hands to compete freely in what one spokesperson called an "inherently uncontrollable" market. Nevertheless, the new rules are widely seen by the industry as a step in the right direction.
Ed Gillespie, executive director of Americans for Computer Privacy, an industry group, says he is "extremely gratified by the new regulations".
The new rules will be published in the Federal Register and will take effect on January 14. The Department of Commerce will take public comment on them for 120 days. Industry representatives say they'll keep pushing for further relaxation of the regulations.
Gillespie says the rules remain "unnecessarily complex" and fail to address free expression and online privacy concerns.