RSA sidesteps crypto rules with Aussie unit

RSA Data Security frees itself of stiff U.S. trade regulations by opening an Australian subsidiary that will sell strong encryption software internationally.

Kim Girard
Kim Girard has written about business and technology for more than a decade, as an editor at CNET News.com, senior writer at Business 2.0 magazine and online writer at Red Herring. As a freelancer, she's written for publications including Fast Company, CIO and Berkeley's Haas School of Business. She also assisted Business Week's Peter Burrows with his 2003 book Backfire, which covered the travails of controversial Hewlett-Packard CEO Carly Fiorina. An avid cook, she's blogged about the joy of cheap wine and thinks about food most days in ways some find obsessive.
Kim Girard
2 min read
RSA Data Security has freed itself of stiff U.S. trade regulations by opening an Australian subsidiary that will sell strong encryption software internationally.

Analysts say the move will enable RSA to better compete with its global rivals that currently market strong encryption software within a less stringent regulatory environment.

"This essentially puts RSA on equal footing," said Chris Christiansen, analyst with International Data Corporation in Framingham, Massachusetts.

For the past several months, RSA, a division of Security Dynamics Technology in Bedford, Massachusetts, worked with the U.S. Commerce Department to make sure the company's new Australian venture did not violate U.S. trade code. The department recently gave the nod to the Australian venture--so long as no U.S. employee or technology is employed within the Australian subsidiary.

"Our regulations have always been market-driven and we have said consistently 'If you come in and work with us we will try to make things happen,'" said a spokeswoman for the Commerce Department. "RSA came in and worked with us for months to make this happen."

In essence, RSA bought an Australian company that recreated the company's algorithms based on publicly available specifications. Now, under less stringent trade regulations, RSA will be spared the expensive hassle of obtaining a special trade license for each customer demanding software that is stronger than the 56-bit encryption standard.

"The rising performance levels of the average processor out there makes 56- and even 64-bit [encryption] somewhat shaky," Christiansen said.

RSA's patented public-key, private-key cryptographic algorithms are different and much stronger than other companies', requiring one key to scramble data and another unscramble it. RSA president Jim Bidzos has been an outspoken critic of U.S. export controls on the company's products and is an advocate of international trade.

"Consumers and merchants have made it clear that privacy for e-commerce is paramount, creating strong demand," for RSA's products worldwide, Bidzos said in a statement.

Researchers Tim Hudson and Eric Young, who have developed a similar encryption technology to RSA's, will work at RSA's new research center in Brisbane, Australia.

Young has been named chief technical officer at the subsidiary and Hudson will serve as director of technical development.

The Commerce Department spokeswoman could not comment on whether other encryption companies have forged similar arrangements with the agency, only noting that RSA had agreed to let her speak publicly about their deal.

In 1997, Sun Microsystems tried to skirt government limits on exporting strong encryption by marketing software created in Russia. The company later changed its plans after lengthy negotiations with the Commerce Department failed to produce an agreement.