[931] in cryptography@c2.net mail archive
PGP license - bigger deal than it seems?
daemon@ATHENA.MIT.EDU (Will Rodger)
Fri May 30 14:08:32 1997
Date: Fri, 30 May 1997 13:52:02 -0400
To: cryptography@c2.net
From: Will Rodger <rodger@worldnet.att.net>
-----BEGIN PGP SIGNED MESSAGE-----
The federal government as far as I know has often looked favorably on export
licenses for foreign subs but, as Phil Karn points out, not always.
One thing I know: virtually every company exec I ever talked to about exports
told me he had to line up the sale first, then apply for the license. Pre-
approvals I've heard of second hand have been tortuous at best. Then again, I
never hammered one of these out.
So is PGP's pre-approval a big deal? Yes, says Ken Bass. No, say Commerce
officials.
Anyone out there have first-hand experience?
W.
Inter@ctive WeekMay 30, 1997
PGP License: Sign Of Loosening
Encryption Export Controls?
By Will Rodger
1:30 PM EDT
Pretty Good Privacy Inc. has won blanket approval to
export
its data-scrambling products to foreign subsidiaries of
the
100 largest companies in the U.S.
The approval is part of an uncommon procedure under
which
the U.S. Commerce Department grants licenses to export
strong encryption prior to a sales agreement. Though
always
available, the procedure has been little known and
often kept
secret by companies who wished to maintain a
competitive
edge over their competitors.
The announcement of the streamlined procedure may mark
a
further, informal loosening of U.S. export controls
since new
regulations took effect in the closing days of 1996,
encryption
experts said.
"There's no question in my mind that the Department of
Commerce is loosening up very fast," said Ken Bass, an
attorney who has represented PGP founder Phil
Zimmermann and other encryption pioneers.
Commerce Department officials downplayed the importance
of the license, however.
"There was this general belief that this had not
happened
before," said Jim Lewis, director of the Commerce
Department's Office of Strategic Trade. "The only thing
that's
different here is a company decided to write a press
release
about it."
When pressed, however, Lewis conceded the federal
government had never made an effort to publicize
presale
licenses. "There weren't a lot of them, but there were
a few of
them," he said.
Encryption activists, however, have long denounced
federal
export licensing procedures. Though PGP got approval
beforehand, companies wishing to export usually have to
line
up sales before licenses are issued.
"This isn't any way to run policy," said Alan Davidson,
staff
counsel to the Center for Democracy and Technology.
"Licensing needs to be done in the open, not in back
rooms."
Under current U.S. law, most scrambling hardware and
software may not be exported unless the seller can
clearly
show that the products will not be used to thwart
criminal
investigations. Law enforcement and intelligence
communities have insisted on the measures since better
encryption products make encoded data and telephone
conversations nearly impossible to crack.
But increasing foreign availability of the products and
widespread use of the technology in electronic commerce
have pitted the U.S. computer industry against federal
regulators since the early days of the Clinton
administration.
U.S. producers want export controls lifted so they can
sell
their wares abroad where, they said, they are in danger
of
losing markets to foreign competition.
The government has been pushing so-called "key
recovery"
schemes to let law enforcement read encrypted messages
without users' knowledge in the course of
investigations.
Business and cyber-rights groups have called the
arrangement anti-competitive and Orwellian.
But the White House, after four years of bitter
squabbling,
has shown movement of late. In January it lifted most
export
controls on so-called 56-bit encryption technologies
with the
understanding that companies granted the licenses will
develop "key escrow" versions within two years.
Then, earlier this month, the Commerce Department
lifted
controls on encryption used for narrowly focused
applications
such as scrambling credit card numbers over the
Internet.
-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv
iQEVAwUBM48TwEcByjT5n+LZAQGBogf+KaLoDoXONtK12gAHfRJjSfXkvWeR5Jog
1C5XjKaVHEnupRkPvS3hvknneJH4/oXv/2j5EsVumAJi83oMyuSblek8Qp9Dq5Ny
BuI9wGpLZjMfLDsX4fCQEP6djd7Eo+Lwdk6+EnhFChP/QeWpJsrmiRBjeu61QIcV
Y3nM+QBJEBh73Xhgf9jSGZRblRcSmBoplhxHIY7WkHR8rk3twzNpRzRC6Fy+Gx84
xs7NjTXHhY+C01j8C3Q4HGBbYn5+iMm3OP2ZvqiVr7UrrYC/ZiUIcOwvDsx9MozM
fTJlPAMWvhJjIb5+rsCUNV1oLOSS2wdWQkK2g0KY2X0vzwrEcBztxg==
=oknk
-----END PGP SIGNATURE-----
Will Rodger
Washington Bureau Chief
Inter@ctive Week
A Ziff-Davis Publication
