Feeds

US releases 64-bit crypto products for export

Obviously because the NSA can crack it in real time now…

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The Clinton Administration has kept its promise and lifted export restrictions on cryprographic technology, over the stubborn objections of US Attorney General Janet Reno. This marks one of the rare occasions when the Gigolo-in-Chief has dared exercise his authority over Reno, whose Draconian appeals for the protection of women and children at the expense of civil liberties normally win the day at the White House. We can only surmise that the National Security Agency's stable of spooks have given the Clintonites a quiet 'green light' based on their confidence that they can now crack the code with a minimum of fuss. Thus the US Commerce Department's Bureau of Export Adminisration (BXA) today dutifully published an interim final rule lifting export controls on all mass-marketed encryption software up to and including 64-bits. The rule also covers asymmetric key exchange algorithms not exceeding 512 bits. Such items will no longer require a license or a license exception, and may be exported and re-exported with the designation "NLR", or No License Required, much to the relief of software companies across the USA. Under previous regulations, companies were required to obtain a license for each sale. The new rules allow sales after a single review by the BXA to ensure that they qualify for the exception. Shipments made directly to foreign governments will still require individual licenses, however. Products covered by the rule will qualify for export to all destinations, albeit with the usual exceptions for very naughty countries like Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria, which will have to buy them second-hand from somewhat naughty countries like China, Russia, South Korea and Mexico, or develop their own. Neither end-run strategem strikes us as particularly challenging. The new regulations are being touted as a breakthrough compromise on an issue which has placed President Clinton in the maddening position of being unable to satisfy two of his truest loves, High-Tech Commerce and the Reno DoJ, simultaneously. In some aspects there is breakthrough matter here. It gets tricky, however, with the "Internet download screening requirements," which have changed little in the revised document. "Posting source code on the Internet, where it may be downloaded by anyone, would not establish 'knowledge' of a prohibited export or re-export. Such posting would not trigger 'red flags'" requiring screening of the people downloading it. Fair enough, but in order to post such code, an author would first have to submit it to the BXA for review to ensure that it qualifies for NLR status. This raises a sticky First Amendment issue, which has already been challenged and is currently winding its way through the federal appeals process. The interim final rule took effect upon publication, but a truly final rule is still pending. The BXA will entertain comments on the interim rule until 15 May 2000. The current draft has been published online by the Government Printing Office, for the amusement of those who enjoy reading very laboured legalese. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.