VoIP products could face export crackdown

In flashback to the 1990s, federal panel says high-speed networking gear used with Internet phone calls may be subject to regulations.

WASHINGTON--After spending the last decade denouncing Cold War-era laws against overseas shipments of data-scrambling encryption products, technology firms thought they were off the hook when President Clinton finally eased the rules in 1999.

Well, not quite. The White House's decision seven years ago merely relaxed encryption rules in a few areas--and thousands of pages of export regulations remain on the law books today.

Now some of these obscure export regulations are troubling companies that manufacture or support voice over Internet Protocol (VoIP) products capable of draping a theoretically impenetrable cloak of encryption around every conversation.

During a meeting convened by the U.S. Commerce Department on Wednesday, industry members of a federal technical committee expressed concern that export regulations never intended to cover VoIP may complicate selling enterprise-grade network gear abroad.

At issue is an awkwardly worded definition buried deep in section 740 of the export control regulations. It restricts the export of products that can support "concurrent encrypted data tunnels or channels exceeding 250" connections at once.

Michael Angelo, a committee member who works for network management firm NetIQ, said 250 conversations is an unreasonably low threshold given the capacity of modern networking gear. It's "a very small number," he said.

As large corporations switch to VoIP to trim costs, manufacturers have begun to offer products that can handle thousands of simultaneous users. Cisco Systems' Unified CallManager, for instance, is software that works with the company's hardware products to handle up to 30,000 individual users per server cluster.

One open question is whether the federal government's definition of "concurrent encrypted data tunnels" would apply to software products like Cisco's CallManager as well as hardware. Erik Oliver, a Commerce committee member from chipmaker Rambus, said he thought the regulations were meant to apply to routers and switches, not to CallManager.

Any changes to the rules would be up to Commerce Secretary Carlos Gutierrez. Neither the Commerce Department nor Cisco responded to requests for comment on Wednesday.

Unintended targets
"This appears to be a situation where the technology is overtaking the regulatory structure in ways that were not anticipated by the people who wrote the regulations," said Cindy Cohn, legal director of the Electronic Frontier Foundation in San Francisco.

Cohn, who litigated an encryption export case against the federal government before joining EFF, said this has been a problem with such regulations for a long time. "They attempt to create specific upper limits on how much encryption you can have, in this case how many channels you can have," she said.

Featured Video