Feeds

US releases 64-bit crypto products for export

Obviously because the NSA can crack it in real time now…

  • alert
  • submit to reddit

Gartner critical capabilities for enterprise endpoint backup

The Clinton Administration has kept its promise and lifted export restrictions on cryprographic technology, over the stubborn objections of US Attorney General Janet Reno. This marks one of the rare occasions when the Gigolo-in-Chief has dared exercise his authority over Reno, whose Draconian appeals for the protection of women and children at the expense of civil liberties normally win the day at the White House. We can only surmise that the National Security Agency's stable of spooks have given the Clintonites a quiet 'green light' based on their confidence that they can now crack the code with a minimum of fuss. Thus the US Commerce Department's Bureau of Export Adminisration (BXA) today dutifully published an interim final rule lifting export controls on all mass-marketed encryption software up to and including 64-bits. The rule also covers asymmetric key exchange algorithms not exceeding 512 bits. Such items will no longer require a license or a license exception, and may be exported and re-exported with the designation "NLR", or No License Required, much to the relief of software companies across the USA. Under previous regulations, companies were required to obtain a license for each sale. The new rules allow sales after a single review by the BXA to ensure that they qualify for the exception. Shipments made directly to foreign governments will still require individual licenses, however. Products covered by the rule will qualify for export to all destinations, albeit with the usual exceptions for very naughty countries like Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria, which will have to buy them second-hand from somewhat naughty countries like China, Russia, South Korea and Mexico, or develop their own. Neither end-run strategem strikes us as particularly challenging. The new regulations are being touted as a breakthrough compromise on an issue which has placed President Clinton in the maddening position of being unable to satisfy two of his truest loves, High-Tech Commerce and the Reno DoJ, simultaneously. In some aspects there is breakthrough matter here. It gets tricky, however, with the "Internet download screening requirements," which have changed little in the revised document. "Posting source code on the Internet, where it may be downloaded by anyone, would not establish 'knowledge' of a prohibited export or re-export. Such posting would not trigger 'red flags'" requiring screening of the people downloading it. Fair enough, but in order to post such code, an author would first have to submit it to the BXA for review to ensure that it qualifies for NLR status. This raises a sticky First Amendment issue, which has already been challenged and is currently winding its way through the federal appeals process. The interim final rule took effect upon publication, but a truly final rule is still pending. The BXA will entertain comments on the interim rule until 15 May 2000. The current draft has been published online by the Government Printing Office, for the amusement of those who enjoy reading very laboured legalese. ®

The essential guide to IT transformation

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.