Feeds

US releases 64-bit crypto products for export

Obviously because the NSA can crack it in real time now…

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

The Clinton Administration has kept its promise and lifted export restrictions on cryprographic technology, over the stubborn objections of US Attorney General Janet Reno. This marks one of the rare occasions when the Gigolo-in-Chief has dared exercise his authority over Reno, whose Draconian appeals for the protection of women and children at the expense of civil liberties normally win the day at the White House. We can only surmise that the National Security Agency's stable of spooks have given the Clintonites a quiet 'green light' based on their confidence that they can now crack the code with a minimum of fuss. Thus the US Commerce Department's Bureau of Export Adminisration (BXA) today dutifully published an interim final rule lifting export controls on all mass-marketed encryption software up to and including 64-bits. The rule also covers asymmetric key exchange algorithms not exceeding 512 bits. Such items will no longer require a license or a license exception, and may be exported and re-exported with the designation "NLR", or No License Required, much to the relief of software companies across the USA. Under previous regulations, companies were required to obtain a license for each sale. The new rules allow sales after a single review by the BXA to ensure that they qualify for the exception. Shipments made directly to foreign governments will still require individual licenses, however. Products covered by the rule will qualify for export to all destinations, albeit with the usual exceptions for very naughty countries like Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria, which will have to buy them second-hand from somewhat naughty countries like China, Russia, South Korea and Mexico, or develop their own. Neither end-run strategem strikes us as particularly challenging. The new regulations are being touted as a breakthrough compromise on an issue which has placed President Clinton in the maddening position of being unable to satisfy two of his truest loves, High-Tech Commerce and the Reno DoJ, simultaneously. In some aspects there is breakthrough matter here. It gets tricky, however, with the "Internet download screening requirements," which have changed little in the revised document. "Posting source code on the Internet, where it may be downloaded by anyone, would not establish 'knowledge' of a prohibited export or re-export. Such posting would not trigger 'red flags'" requiring screening of the people downloading it. Fair enough, but in order to post such code, an author would first have to submit it to the BXA for review to ensure that it qualifies for NLR status. This raises a sticky First Amendment issue, which has already been challenged and is currently winding its way through the federal appeals process. The interim final rule took effect upon publication, but a truly final rule is still pending. The BXA will entertain comments on the interim rule until 15 May 2000. The current draft has been published online by the Government Printing Office, for the amusement of those who enjoy reading very laboured legalese. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.