Technology Panel Rips US Export Policy 6/04/92 WASHINGTON, D.C., U.S.A., 1992 JUN 4 (NB) -- A panel of computer industry figures, speaking at the Computer Professionals for Social Responsibility (CPSR) Cryptography and Privacy Conference, severely criticized the current regulations of the Department of State that restrict the export of computer equipment and software containing cryptography. The panel, moderated by Bob Rarog of Digital Equipment and composed of: Lee Stanton, GE Information Services; John Byrne, American Bankers Association; Karen Casser, Software Publishers Association (SPA); John Gilmore, Cygnus Support; and Addison Fischer, Fischer International, contended that the policy causes American firms to compete at a disadvantage in the world economy. Rarog traced the history of government restriction, saying that, although the licensing is the responsibility of Department of State, the National Security Agency (NSA) reviews all requests. The NSA, he said, takes the position that the policy is required to protect United States security interests. Rarog also referred to a National Research Council Report that states that there is over control in this area and that the capability of developing encryption software is already present throughout the world. Rarog said that the present policy puts his firm, Digital Equipment, at a disadvantage in not being able to provide the same level of security on systems distributed internationally that they do on domestic units. He said when our competitors in Europe offer a fully featured system with security features built-in, we are at a disadvantage. What happens now, at times, is that the customer buys the system from us and then goes someplace locally to add security features -- the same ones that a domestic firm in the United States could buy in the US." Stanton agreed with Rarog's comments about a competitive disadvantage, saying: "Two major European bond trading firms have told us that they will be leaving our service because they regard our security as inadaquate. I agree with them and would certainly like to be able to meet their requirements but, under the existing rules, I cannot. Under the present circumstances, we are actually a threat to our clients because we cannot provide the proper safeguards against their data being read or altered. We must re-examine this policy." Software Publishing's Casser said: "Export controls do not work; they are counter-productive to the interests of our industry. Software publishers are losing money because they cannot compete in other countries because of the absence of security features. Additionally, many companies are now producing two versions of their product: one with security features for domestic use and one, without, for export. This is wasteful and expensive." Casser said that an amendment (H.R. 3489) offered by Representative Levine of California to the Export Administration Act would seemingly solve the problem as it seeks to move the responsibility for control of mass market software (including software with encryption capabilities) to the provisions of the Export Administration Act from the Arms Export Act. Casser said that she does not have much hope for its passage in the amended format because the President has threatened to veto the bill if the amendment is not removed. Gilmore, a member of the board of the directors of the Electronic Frontier Foundation (EFF), said: "My concern is of a civil liberties nature. The result of export controls is to deny privacy to United States citizens. It is not economically feasible for companies to build two products - 1 for domestic and 1 for abroad - so the companies do not produce software that guarantees privacy. What that means is that this technology is not available to ordinary citizens." Gilmore continued: "Are these controls effective? Not really.We at EFF are trying to develop a Unix public domain program with DES -- we have applied to the Department of State and are currently in limbo. In the meantime, however, I have signed onto systems in Finland and France and have downloaded software that does the same thing -- I can download it but, under our regulations, I couldn't upload it even to the same systems. It doesn't seem to make much sense." Gilmore later told Newsbytes that EFF is in the process of attempting to discuss these concerns directly with the NSA. (Barbara E. McMullen & John F. McMullen/Press Contact:David Banisar, Computer Professionals For Social Responsibility, 202-544-9240 (voice); banisar@washofc.cpsr.org (e-mail)/19920604)