12-03-96. Communications Daily: Clinton Administration is "headed in the absolute wrong direction" Clinton Administration is "headed in the absolute wrong direction" in formulating encryption policies, Business Software Alliance (BSA) said in letter Mon. to Vice President Gore. Administration is due this week to begin circulating proposals for comment, with goal of implementing them Jan. 1. Included in package are proposals to transfer export authority of encryption products to Commerce Dept. from State Dept., along with new rules on export of high-end encryption products. But BSA Pres. Robert Holleyman said in letter that apparently "significant backtracking has occurred" since Administration announced new policy Oct.1. As result, he said: "We seriously doubt that the regulations will work, meet computer user demands or be accepted by the private sector unless the Administration radically changes its approach immediately." Without change, BSA said, encryption export policies will fail as did Administration policy of Clipper Chip for digital telephony. Holleyman said Administration should make distinction between terms "key recovery" and "key escrow," which Administration uses interchangeably. Ability of purchaser or user of product to recover data is different from having 3rd party keep key, BSA said. It said that it's also opposed to having govt. dictate milestones for company-specific encryption plans and that interim export relief promised by Administration doesn't appear to give that much relief. ---------- 12-03-96. Reuters: Opposition grows to Clinton encryption export plan Washington: A leading software industry group is backing away from its early support of the Clinton administration's new policy to ease export rules on computer encoding technology. In a letter to Vice President Al Gore, the Business Software Alliance, which includes Microsoft Corp. and International Business Machine Corp.'s Lotus Development, said that the rules implementing the new encryption export policy appeared to be flawed. "It appears that significant backtracking has occurred since the Oct. 1 announcement," the alliance wrote in the letter dated Dec. 2. "Therefore, we seriously doubt that the regulations will work, meet consumer demands or be accepted by the private sector unless the administration radically changes its approach immediately," the alliance added. A spokeswoman for Gore said Greg Simon, the vice president's chief domestic policy adviser, and other administration officials working on the rules have met with the software group to discuss the criticism. "There is still an internal decision making process going on," spokeswoman Heidi Kukis said. Final rules are expected by Jan. 1, she said. The administration is attempting to craft a compromise on export sales of products containing encryption, computer programmes that scramble information and render it unreadable without a password or software "key." Under current laws dating from the Cold War, products for export can include only very weak coding features. However, with the growth of the Internet and online commerce, encryption is spreading as a means to ensure secure communication between businesses and to safeguard consumers' personal data, such as credit card numbers. The software companies argue they are losing substantial overseas sales to foreign companies not bound by the export laws. U.S. law enforcement and intelligence officials counter that the spread of sophisticated encryption will make their jobs far more difficult. Under the compromise policy announced in October and enacted in an executive order last month, companies would be able to export strong encryption but only if the products also contained a feature known as "key recovery" that would permit the government to decode scrambled data. The software alliance said in October that the new policy was a "step in the right direction." In its letter this week, however, the alliance said it was not happy with the rules being drafted to implement the policy. "Everything we have seen and heard to date reveals that the government is headed in the absolute wrong direction," it said. Part of the debate revolves around the definition of key recovery. The alliance believes key recovery should consist of products that would allow the government to decode stored communications, such as an E-mail message saved on a computer hard drive. But, the group feels, encryption products should not be required to allow government decoding of real-time communications. "There is little if any commercial demand for key recovery function in real-time communications," the alliance wrote. "Our members have seen nothing to suggest that any product developed to date can work on a mass market scale or that there is significant commercial demand for such products." A number of companies, including Microsoft and IBM, have announced products designed to meet the new export policy. But not all of them allow easy real-time key recovery. Although Microsoft is trying to create products to meet the export policy, "we still feel government should liberalise the policy more," John Browne, head of the company's Internet commerce group, said. ----------