Gore relaxes encryption restrictions

The US appears to be getting there by degree

The US is relaxing controls on encryption keys exports from 40-bits to 56-bits keys, vice-president Gore has announced. The pressure for such a move had come from vendors who were concerned that the US used to have essentially the whole market for encryption products, but there are now in excess of 500 non-US products with 128-bit or greater encryption. The compelling market need is to protect e-commerce payments, but human rights workers based in hostile political environments who want to protect messages are often cited as a reason for stronger encryption exports. The relaxation will not apply to countries where the US government considers there is significant money laundering (Florida? - Ed). The US IT industry is generally of the opinion that the 64,000-fold increase in security by going to 56-bit encryption from 40-bit is not enough. In June, the Electronic Frontier Foundation confounded the FBI claim that it would take months or years to crack 56-bit keys: the EFF demonstrated this being done in a few hours. Perhaps this is why the White House plans, as part of the move, to set up a technical centre for law enforcers -- to bring them up to speed. When 56-bit products were specifically allowed to be exported in the past -- to financial institutions for example -- they had to have a back door for the feds by December 1998. There have been recent moves to get this deadline extended, probably to increase pressure for a policy relaxation, rather than for a valid technical reason. The new regulations are expected to come into effect later this year. ®

Sponsored: Designing and building an open ITOA architecture