[2303] in cryptography@c2.net mail archive
PGP Bucks Export Laws
daemon@ATHENA.MIT.EDU (John Young)
Fri Mar 20 12:42:29 1998
Date: Fri, 20 Mar 1998 07:34:09 -0500
To: cryptography@c2.net
From: John Young <jya@pipeline.com>
Following David Crawford and Adam Back:
The New York Times, March 20, 1998, pp. D1, D5.
Export Laws Challenged by Sale Of Encryption Software
Abroad
By John Markoff
San Francisco, March 19 -- An American maker of
data-scrambling software said today that it would
circumvent United States export policies by allowing its
Dutch subsidiary to begin selling an international version
of Pretty Good Privacy, a strong encryption program that
does not provide a back door for law enforcement
surveillance.
Because the company, Network Associates, is the nation's
largest independent maker of computer security software,
its action could have a serious effect on Unites States
export policies on software.
Network Associates' decision to sell a program specifically
prohibited by the Commerce Department comes at a tine when
the Clinton Administration is already fighting
Congressional attempts to end export controls on encryption
software for fear that such restrictions will hurt the
ability of American industry to compete internationally.
"This is the biggest challenge yet to the U.S. policy," Ted
Julian, an analyst at the Forrester Group in Cambridge,
Mass., said. "It potentially has a tremendous consumer
base."
The battle over data scrambling -- software that hides
everything from love letters to passwords to credit card
numbers from prying eyes -- has become a bitter struggle in
recent years between the American software industry and
privacy advocates on one side and national security and law
enforcement officials on the other.
The Clinton Administration, in the name of fighting crime
and terrorism, has been trying to force the industry to
build back doors into encryption software to make it
possible for law enforcement officials to secretly decode
private messages.
Opponents argue that the keys to the proposed back doors
could be too easily stolen, compromising not only privacy
but also the security of credit card numbers and other
highly personal information.
The Government does not restrict powerful encryption
software domestically but, with very few exceptions, it
limits export licenses to codes that can be easily cracked.
Earlier this week, Justice Department officials testified
before Congress that they had no plans to introduce
domestic controls on strong encryption technology.
Government officials said yesterday that they had not yet
determined whether Network Associates would be violating
United States laws in selling P.G.P internationally.
"We'll be looking at this very closely," William A.
Reinsch, the Under Secretary for export administration,
said. "The question of whether or not this product is based
on legal or illegal export of U.S. technology is a question
to be investigated. If the Government determines that it
was illegal, then we'll take appropriate action."
In part, that decision will hinge on whether the entire
software package was developed independently from the
United States company, Mr. Reinsch said.
Network Associates executives said that in developing the
international version of P.G.P. they took care not to
violate United States laws. The international version was
developed by Network Associates in Europe in partnership
with a small group of cryptographers at Cnlab Software in
Switzerland.
Network Associates said that the international version
would be marketed by its European subsidiary, Networks
Associates International B.V., based in the Netherlands.
"We're not sure what the impact of this will be," Peter
Watkins, general manager of the company's Net Tools Secure
Division. said. "This is the first time that a U.S. company
has taken this approach, but there are no prohibitions
against this."
While United States laws restrict the export of strong
encryption products, there are no restrictions on exporting
the text of the original source code. This loophole allows
programmers in other countries to translate the source code
into new software programs.
P.G.P was written in the early 1990's by a privacy activist
and computer programmer, Philip Zimmermann, and was freely
distributed in the United States.
Mr. Zimmermann also made his source code available
internationally in text form. As a result, versions of the
program have long been widely available in many countries.
Network Associates' executives said they had met with
Commerce Department officials earlier this year to explain
their plan but the department had not responded.
Mr. Reinsch said that his staff had been briefed by the
company.
Richard Hornstein, vice president of legal affairs for
Network Associates, said the Justice Department was
notified because "we wanted to make sure they felt
comfortable about this, but there was no way the Commerce
Department should have a role."
Network Associates is not the first United States company
to attempt to use an international partnership to
circumvent export restrictions. Currently C2net Software
Inc., an Oakland, Calif., security software concern, sells
an international version of its Web server which has
powerful built-in cryptography.
The company said that the international version of the
product was developed overseas independently from the
United States product.
Sun Microsystems has run into Government opposition to a
similar project which was based on a cooperative
development project with Elvis+, a company formed by
scientists from the former Soviet space program.
[End]
