White House to revise crypto rules

The Clinton administration says it got its new encryption regulations wrong and is going to change them, at least a little bit.

CNET News staff
2 min read
The Clinton administration today admitted to some degree of error on its recently finalized encryption regulations and promised to revamp the rules--a little bit--and probably make the cryptography industry happier.

"We messed some things up," said William Reinsch, undersecretary in charge of the Bureau of Export Administration at today's semiannual Update conference on federal export rules. "We're feeling our way and learning about the technology. But we're not going to make macrochanges."

Reinsch's bureau is part of the Commerce Department, which is in now in charge of the government's policy on encryption export licenses, a policy that the Clinton administration has liberalized but not enough to satisfy many companies in the cryptography industry.

The revision of the regulations is due in early summer. The new version will continue to require that all exporters of strong encryption technology build in key recovery. But the updated regulations will address other problems that Reinsch blamed on a hasty transition from the State Department, which used to regulate encryption, to the Commerce Department.

Most of these problems are fairly minor, according to Jim Lewis, director of the Office of Strategic Trade and Foreign Policy Controls, part of the Bureau of Export Administration.

For example, he pointed to an existing rule that prevents foreign nationals from learning about cryptography technology in American universities. Lewis also said the new rules will overturn a ban on hardware devices that decrypt copyrighted intellectual property such as video or music. If the rules were to stick as they are now, upcoming DVD multimedia players might be illegal to export because they use encryption to prevent illegal copying of movies.

In rewriting the rules left over from previous administrations, the Clinton White House has faced conflicting challenges of allowing U.S. companies to export strong encryption technology while providing access to encrypted communications to law enforcement agencies.

Like Clinton's newly appointed cryptography envoy David Aaron, Reinsch argued today that foreign governments are pressuring the United States to tighten its encryption policies because of security and trade concerns.

Reinsch also said that his bureau today granted the fourth license to export 56-bit encryption since the new regulations went into effect January 1. Reinsch would not name the company, citing confidentiality rules. Last week, Trusted Information Systems, Digital Equipment, and Cylink received the first three licenses.

Cylink chief scientist Chuck Williams said the government's regulations can succeed in the open market only if companies are allowed to store their own keys. The current regulations allow for such self-storage, but the guidelines are vague. The BXA's Lewis doubted whether the guidelines would be changed in time for the upcoming revision.