U.S. revises encryption regulations

U.S. revises encryption regulations
By George Leopold, EE Times
July 19, 2000 (3:30 p.m. EST)
URL: http://www.eetimes.com/story/OEG20000719S0033

WASHINGTON — The Clinton administration updated its policies on encryption exports on Monday (July 17) to allow U.S. companies to export any encryption product to the 15 members of the European Union and other European and Pacific Rim allies without a license.

It also announced steps aimed at updating telecommunications laws to permit broader use of wiretapping and security features on the Internet and other digital networks.

The export announcement, which was expected, removes previous distinctions made between government and private-sector users in the 15-nation EU, the Czech Republic, Hungary, Norway, Poland and Switzerland as well as Australia, Japan and New Zealand. Under the revised rules, U.S. exporters will no longer have to undergo a 30-day technical review for shipments to these countries.

U.S. software companies have complained for years that U.S. export restrictions and licensing requirements made their products less competi tive in global markets. The White House said the streamlined export rules would assure the "continued competitiveness of U.S. industry in international markets."

The update coincided with recent regulations adopted by the European Union that ease encryption exports to the same countries.

U.S. software groups hailed the decision to relax export restrictions. "The reducing of these regulations will certainly allow U.S. software makers to compete in the global marketplace," said Robert Holleyman, president of the Washington-based Business Software Alliance.

Easier eavesdropping

As part of an ongoing effort by the administration to balance privacy and national security concerns, the administration also proposed a plan to harmonize rules covering the use of wiretaps for telephone conversations and electronic mail. Current laws provide relatively strong requirements for wiretapping phone conversations, including court orders and senior-level Justice Department approval of a wiretap requ est.

But these rules don't apply in cyberspace, prompting the administration to propose legislation giving law enforcement agencies greater powers to eavesdrop on digital communications. In a speech this week, John Podesta, the White House chief of staff, argued that the legislative proposal would balance law enforcement requirements with privacy rights on the Internet.

"It's time to update and harmonize our existing laws to give all forms of technology the same legislative protections as our telephone conversations," Podesta said in a speech announcing the legislative proposals.

He said the proposed rules would expand the coverage of current wiretapping laws to include "electronic communication" and would apply equally to hardware and software. He also said the legislation would harmonize wiretapping standards to cover electronic, wire and cable communications. Current law does not cover e-mail and other communications over high-speed cable modems.

"Current law has widely varying rules for w hen law enforcement can intercept a communication, depending on whether an individual uses e-mail, a phone call or a cable modem," the White House said. "The proposal would raise the legal standard for intercepting e-mails to the longstanding and strict rules that apply to intercepting telephone calls. For the first time, court orders authorizing interceptions of e-mails could be applied for only after high-level approval and only for serious crimes."

The proposal would also strengthen the existing computer hacker law, the Computer Fraud and Abuse Act, to take into account a broad range of damage caused by computer attacks. The measure was prompted in part by a series of well-publicized attacks on large Web sites earlier this year.

The administration's proposal would close a loophole in current law by treating a series of small attacks as one large attack. Penalties would also be changed with the elimination of mandatory jail time for less serious attacks. Instead, penalties would include civil or cr iminal forfeitures, the White House said.

Podesta said the administration proposed spending $90 million to help detect computer attacks, conduct security technology research and train more computer security experts. He said Congress has yet to appropriate the funds.

Podesta predicted that the White House and Congress could complete legislation this year updating U.S. wiretap laws. Sen. Orrin Hatch, R-Utah, chairman of the Senate Judiciary Committee, said he would work with the White House on the legislation, which is expected to be introduced as early as next week.