• Recommend:
• 0 Comments

BSA Asks Al Gore to Reconsider Encryption Export Regulations

Letter addresses privacy, national security and market competition.

By Kristi Essick, PCWorld   

The Clinton administration%squots encryption export plan was announced Oct. 1. It will allow U.S. companies to export 56-bit encryption to other countries on the condition that those companies agree to use a mandatory technology called %dquotkey recovery%dquot -- essentially a system where law enforcement officials could get access to private keys in order to survey suspicious data.

Clinton administration officials say that such a system would protect national security and public safety. Critics, such as the BSA, say key recovery compromises individual privacy. Furthermore, critics claim that a 56-bit encryption export limit hampers competition for U.S. companies overseas where companies are freely allowed to market encryption products of 128 bits and up. The BSA is a member organization that promotes fair competition and prevent piracy in the software industry.

In the letter, BSA President Robert Holleyman told Gore that the BSA is %dquotdismayed at the way the Administration is implementing the October 1 encryption policy%dquot and urged the administration to %dquotradically change its approach immediately%dquot.

The BSA initially responded to the administration%squots policy in October by calling it a %dquotstep in the right direction,%dquot but also said it had several reservations. Today%squots letter redefines those reservations and asks Mr. Gore to address them before the plan takes effect on Jan. 1.

%dquotEverything that we have seen or heard reveals that the government is headed in the wrong direction,%dquot Holleyman said in the letter. %dquotWe seriously doubt that the regulations will work, meet computer user demands, or be accepted by the private sector.

The BSA is urging Gore to take five key issues into consideration.

U.S. companiies will be hobbled competitively if they are forced to export encryption with no higher key lengths than 56 bits when non-U.S. companies are currently making encryption products of up to 128-bit key lengths available for download over the Internet. Also users won%squott buy key recovery-based products if they think this technology will compromise individual or corporate privacy.

If the key recovery system is to be implemented, software companies should be able to export encryption with any key length. After all law enforcement officials will have the legal right to all encrypted information without a user%squots consent, BSA officials said.

The government should not dictate %dquotmilestones%dquot for a company%squots plans to implement key recovery into its products. Companies should be left alone to implement this technology in a competitive fashion without timelines and forced partnerships set by the U.S. government, officials said.

The government must not go back on its word to allow the export of 56-bit encryption software which doesn%squott comply with the key recovery plan during an interim period of two years. A recent Executive Order states that companies which already have export licenses will have to undergo new reviews by the FBI, according to the BSA letter.

Non-key recovery and key recovery encryption products must be interoperable so that products from key-recovery wary countries can work with U.S. products.