Clinton Loosens Rules on Encryption Technology Exports

The Clinton administration significantly eased export rules on data-scrambling technology, quickly winning support from software industry groups that had criticized earlier proposals.

The administration had been working since September to relax the encryption export rules that keep data and communications private. The new rules seek to balance the needs of the U.S. military and law enforcement, which fears data-scrambling technology could be misused, and industry arguments that such controls limit U.S. companies’ ability to compete globally.

The rules allow U.S. companies such as Novell Inc. to export any encryption product to businesses, individuals and nongovernment users without having to obtain a license from the government. Also, encryption products that are widely available through retail outlets can be exported to any entity, including foreign governments.

The new regulations “are more in step with the economic realities of the information age, while protecting our nation’s vital security and law enforcement needs,” said Ed Gillespie, executive director of Americans for Computer Privacy, which represents more than 100 companies and 40 associations. “And they strike a balance between security and America’s commercial interests.”

In most cases, the Commerce Department’s Bureau of Export Administration will conduct a one-time review of encryption products before they can be exported, the government said. It will determine which products qualify as retail by reviewing their functions, sales volume and distribution methods.

Such a stipulation could allow the government to determine that some products don’t qualify as retail, significantly limiting what can be exported to governments, said Piper Cole, vice president of global public policy at Sun Microsystems Inc. Nonretail items includes Web-based services, Cole said.

Regulations on the underlying commands that make encryption technology work, or source code, will be less restrictive than announced in September. Companies can export commercial encryption source code to businesses and nongovernment users for internal use without first obtaining a license from the U.S. government.

Exports are still banned to Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.