The recent easing of US restrictions on exporting encryption products has left some vendors complaining that this only helped certain horizontal markets and not mass merchandising.
The Business Software Alliance, a group of software vendors including Microsoft, Adobe and Corel, held a press conference at the RSA Data Security Conference in San Jose this week to express its frustration with US encryption export regulations.
The current regulations let US vendors sell encryption products with up to 56-bit keys ? up from 40-bit before the US Commerce Department eased the restrictions in December. Stronger encryption products can now be sold into specific foreign markets, including banking, healthcare and ecommerce. The vendor must report who the products are sold to.
?I think it is generally a good first step,? said Ira Rubinstein from Microsoft, ?Especially for certain target markets. But where the policy falls short is, this is not the way most mass markets work.?
The regulations do not allow individuals or small businesses abroad to go to a reseller and buy strong encryption products off the shelf ? at least not US made strong encryption products.
?We still can?t ship encryption in the standard distribution channels,? complained Rubinstein.
Rubinstein said he hoped the US would align with recent changes to the Wassenaar Arrangement, an international agreement that regulates the sale of defence products.
In December the 33 countries that are party to the Wassenaar Arrangement agreed that products offering up to 64-bit encryption can be freely exported. Also, the Wassenaar Arrangement did away with the requirement for vendors to report on encryption sales.
The Business Software Alliance asked that the US Government would, at the very least, bring its own regulations in line with these latest amendments to the Wassenaar Arrangement by eliminating reporting requirements and expanding the sectors to which US companies can export strong encryption products.
Vendors are also unhappy with having to offer US intelligence services a ?back door?, or key recovery system, into strong encryption products that are exported. These allow US security services to recover the encryption keys and decrypt information.
?Customers want strong encryption without key recovery,? said Kelly Huebner Blough, director of export policy at Network Associates, adding that her company had lost business because of US key recovery requirements.
While US businesses have generally managed to develop key recovery technologies that allow them to export their products, ?too much [development] work goes into complying with export regulations, and not enough in things like ease of use,? said Huebner Blough.
One way US vendors are attempting to circumvent US export regulations, is by having a foreign partner reverse engineer their products. RSA Data Security, for instance, has just launched an international version of its SSL (Secure Sockets Layer) product that was developed independently by an Australian company it has acquired.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France