US relaxes encryption export rules

The US has relaxed its rules on exporting encryption products to the European Union (EU) and other trading partners in an attempt to promote ecommerce.

Under the Clinton administration's changed policy, US companies no longer need a licence to export encryption technology to any end user in the EU, Australia, Norway, the Czech Republic, Hungary, Poland, Japan, New Zealand or Switzerland.

The policy makes it easier for end users outside government, who were previously under separate regulations, to obtain encryption products. It also allows US companies to export products without waiting for a technical review or a 30-day delay, as was the case under previous regulations.

Policy changes in January allowed export sales of retail encryption products after a one-time review by the US government, but sales directly to government entities still needed a licence.

Brian Gladman, technical advisor to the Foundation for Information Policy Research, said: "On the face of it this looks like good news, but we have to look at the small print. There's been a policy shift. Governments are accepting that they can't continue with export controls on encryption, but they are now pushing forward with vigorous snooping charters."

The change in policy is a victory for industry groups, technology suppliers and privacy activists who have been campaigning for changes to restrictive US export rules for years. They argued that the free availability of encryption technology was necessary for the development of ecommerce. But it was US vendors' loss of revenue to overseas companies such as Baltimore Technologies and Checkpoint Software that led to the easing of rules.

"These updates track with recent regulations adopted by the European Union that ease encryption exports to the same countries," White House officials said in a statement, adding that the revised regulations allow US companies to remain competitive.

"The steps continue our policy to serve the full range of national interests: promote electronic commerce, support law enforcement and national security, protect privacy, and maintain US industry leadership in security technologies," said the officials.