Network Associates Crafts Overseas Deal to Sell Encryption
Attempting an end run around federal laws banning the export of encryption products, software giant Network Associates Inc. said Thursday that it will make its powerful data-scrambling software available overseas through a carefully constructed arrangement with a European company.
Under the terms of the deal, cnlab Software of Switzerland has developed a product based on source code published by Network Associates, one of Silicon Valley’s leading computer security firms.
In turn, Network Associates’ European subsidiary has licensed the product from the Swiss company and is scheduled to begin selling it in overseas markets today.
The complicated arrangement is designed to comply with the letter, if not the spirit, of U.S. export restrictions that forbid the shipment of actual software, but permit the publication of source code under the free speech protections of the 1st Amendment.
The Department of Commerce, which oversees the enforcement of export laws, took a dim view of the plan, and officials hinted that an investigation would be launched.
“It flies in the face of what we are trying to accomplish internationally,” said William Reinsch, undersecretary of Commerce for export administration. “I’m disappointed, and it’s fair to say that we’re looking at it very closely.”
Network Associates’ plan is just the latest in a series of challenges, both legal and commercial, to the export ban, which is enormously unpopular within the United States’ software industry.
The government has restricted the export of encryption software--which scrambles computer messages so they can be read only by designated recipients--on the grounds that it enables terrorists, drug cartels and other criminals to hide their activities and communications from authorities.
But the software industry argues that federal restrictions hinder the growth of electronic commerce and deny U.S. companies the ability to sell their security products overseas. They also point out that advanced encryption technologies developed by firms overseas are already widely available in international markets.
Network Associates executives said Thursday that they believe they are in compliance with export laws and expressed frustration that they must undertake such contortions to sell a product they pioneered.
The technology at the center of the dispute was originally developed by Pretty Good Privacy, a company acquired by Network Associates last year. PGP has long published the blueprints to its encryption products, modified versions of which are used by about 4 million people around the world, Watkins said.
Violations of the encryption ban are punishable by fines of up to $50,000 for each count, said Reinsch, who added that the government could pursue criminal and civil cases against both Network Associates and its Swiss partner in the venture.
Reinsch acknowledged that if the only information provided by Network Associates were published source code, the company would not technically be in violation of U.S. policy.
But investigators are likely to seek evidence of further involvement. Additionally, the government could ignore Network Associates and pursue a case against cnlab Software if investigators can prove that the encryption products, no matter how they were attained, are substantially derived from U.S. technology.
Reinsch said such violations would be tricky to establish and that penalties levied against an overseas company are difficult to enforce.
The government’s restrictions apply only to the most advanced encryption software, which is regarded as an important safeguard by companies that want to protect trade secrets or financial data and by individuals who simply want the messages they transmit across the Internet to be private.
Most encryption technology works by scrambling computer messages so they can be read only by those with appropriate “keys” to unlock their contents. These keys have been at the heart of the disagreement between the government and the software industry.
The government has insisted that such keys be held by escrow agents who would be required to release them to authorities when criminal activity is suspected.
The issue has become so thorny that courts in the United States have reached contradictory conclusions about whether the encryption bans are constitutional. A federal court in Northern California has ruled against the restrictions, while another in Washington, D.C., supported the ban.
Both decisions are being appealed.
