Feeds

US releases 64-bit crypto products for export

Obviously because the NSA can crack it in real time now…

  • alert
  • submit to reddit

High performance access to file storage

The Clinton Administration has kept its promise and lifted export restrictions on cryprographic technology, over the stubborn objections of US Attorney General Janet Reno. This marks one of the rare occasions when the Gigolo-in-Chief has dared exercise his authority over Reno, whose Draconian appeals for the protection of women and children at the expense of civil liberties normally win the day at the White House. We can only surmise that the National Security Agency's stable of spooks have given the Clintonites a quiet 'green light' based on their confidence that they can now crack the code with a minimum of fuss. Thus the US Commerce Department's Bureau of Export Adminisration (BXA) today dutifully published an interim final rule lifting export controls on all mass-marketed encryption software up to and including 64-bits. The rule also covers asymmetric key exchange algorithms not exceeding 512 bits. Such items will no longer require a license or a license exception, and may be exported and re-exported with the designation "NLR", or No License Required, much to the relief of software companies across the USA. Under previous regulations, companies were required to obtain a license for each sale. The new rules allow sales after a single review by the BXA to ensure that they qualify for the exception. Shipments made directly to foreign governments will still require individual licenses, however. Products covered by the rule will qualify for export to all destinations, albeit with the usual exceptions for very naughty countries like Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria, which will have to buy them second-hand from somewhat naughty countries like China, Russia, South Korea and Mexico, or develop their own. Neither end-run strategem strikes us as particularly challenging. The new regulations are being touted as a breakthrough compromise on an issue which has placed President Clinton in the maddening position of being unable to satisfy two of his truest loves, High-Tech Commerce and the Reno DoJ, simultaneously. In some aspects there is breakthrough matter here. It gets tricky, however, with the "Internet download screening requirements," which have changed little in the revised document. "Posting source code on the Internet, where it may be downloaded by anyone, would not establish 'knowledge' of a prohibited export or re-export. Such posting would not trigger 'red flags'" requiring screening of the people downloading it. Fair enough, but in order to post such code, an author would first have to submit it to the BXA for review to ensure that it qualifies for NLR status. This raises a sticky First Amendment issue, which has already been challenged and is currently winding its way through the federal appeals process. The interim final rule took effect upon publication, but a truly final rule is still pending. The BXA will entertain comments on the interim rule until 15 May 2000. The current draft has been published online by the Government Printing Office, for the amusement of those who enjoy reading very laboured legalese. ®

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.