Crypto export rules lighten up

by in BusinessCustomer Service on December 12, 2021

id=”article-body” class=”row” section=”article-body” data-component=”trackCWV”>

Cutting some government red tape, Secretary William Daley said today

that the Clinton administration will lighten restrictions on strong

encryption used

by financial institutions to secure electronic transactions sent around the


The government’s revised encryption export policy is expected to go into

effect this summer and will apply to credit card companies, banks and

their branches, security firms, and brokers in 45 countries. Under the new

rules, almost 70 percent of the world’s financial institutions will have to

apply for a one-time license to use encryption of any strength.

Most significantly,

now these financial firms don’t have to use encryption

products with built-in key-recovery systems. These systems give companies

the opportunity to make a “spare key” that unlocks their encrypted digital

communication if an original key is lost or stolen, but key-recovery

centers can you make money mining cryptocurrency calculator what if be costly and extremely hard to build, according to and reports.

“This action gives our nation’s financial institutions the flexibility they

need to remain globally competitive,” Daley said today in a statement.

“Importantly, it balances those needs of law enforcement, national security,

and foreign policy concerns,” he added. “Through steps like this we can

continue to encourage the development of an electronic commerce system

users can trust.”

Banking industry representatives applauded the change, but reaction from

software firms was less enthusiastic.

“It’s a big step as far as opening up the Internet as a channel for global

financial commerce, and that’s important to the banking industry on a

global basis,” said Bill Randle, cryptography topics executive vice president of .

“But I still have some concerns that it’s not broad enough for other

organizations,” added Randle, who sits on a security committee of the

Banking Industry Technology Secretariat, an affiliate of the Bankers


“It’s great for the banks, but apparently the rest of American industry is

not important enough to protect their data,” said Lauren Hall, a lobbyist

for the .

“It is very good for banks, and we’re glad to see that the administration

has recognized that crypto can serve a very legitimate function for

protecting data on networks.”

Key recovery has been the cornerstone of a over the U.S.

crypto export policy. Privacy advocates and

industry alike oppose mandatory key-recovery features in export products

because they say the systems present the possibility that law

enforcement or unauthorized parties could gain access to scrambled data

without due process or permission.

On the flip side, law enforcement has held its ground that unfettered

export of encryption will lead to terrorists and criminals using the

technology to cover their tracks. But proponents of free encryption,

without mandated spare keys,

contend that strong encryption already is available around the world.

Under the current encryption export policy, crypto manufacturers have to

apply for an export license for most companies or private citizens to whom

they ship products. To even export products that have been , such as 56-bit length

encryption, software makers also have to promise to build in key-recovery

systems. This bureaucracy has been bad for business, according to the


Last year, the Commerce Department said it would crypto restrictions for

companies shipping to financial institutions, but the licenses were still

approved on a case-by-case basis. Now the

administration plans to phase out individual export approvals for these

firms, lifting a burden for crypto makers.

Chuck Williams, chief scientist of encryption vendor , called the announcement “a grand

step in the right direction.” Cylink already exports encryption hardware

and software to banks under the previous, more restrictive policy. , a major

supplier of computer security software, likewise applauded the move.

The export relief rules announced today don’t apply to private

citizens and all companies, however, so the fight over encryption is hardly

over. But software makers are glad they can branch out in some markets.

“There were vendors who said they love banks as a market but don’t want to

go through the paperwork of filing a [key-recovery] plan,” said Kawika Daguio, a technology policy analyst for the , cryptocurrency in india news hopes cutting

red tape will draw more vendors into the market. “Now we can go to those people and say, ‘Now you can sell to us without all that pain and suffering.’ It’s dramatically lowered the

requirements for manufacturers.”

Still, data-security technology companies see the policy shift as a

building block to ease encryption restrictions for all the world’s computer

users. Other governments have been known to look to the United States as a

basis for their encryption policies.

“Our biggest and most important clients are financial institutions, so

we are certainly encouraged by this announcement from the

administration. We think it will significantly help our ability to sell to

financial institutions in major markets,” said Kelly Huebner Blough,

director of government affairs for Network Associates.

Network Associates has used some unconventional tactics to sidestep getting a

crypto license for every company it ships to overseas. In May, the company

said it the Swiss firm

Cnlab Software to make and sell outside the United States a 128-bit version

of Network Associates’ Pretty Good Privacy encryption software.

“The more that encryption is used by banks or large companies, the more it

will become accepted as a very necessary part of the U.S. economy, world

economy, and e-commerce,” Blough added. “This will help spread the use of

encryption throughout the world.”