------------------------------ Publication: The Age Publication date: 19-1-1999 Edition: Late Page no: 1 Section: Computers Sub section: It Professional Length: 1000 ------------------------------ Green light for limited encryption exports Byline: SUELETTE DREYFUS Despite moves to limit the export of strong crypto-products produced in Australia, there's still plenty of opportunity - and demand - elsewhere, writes SUELETTE DREYFUS A new international arrangement signed by the Government will make it easier for Australian companies to export IT products containing weak encryption. However, the new Wassenaar Arrangement continues the ban on the export of strong crypto-products without a Government permit, despite the growing demand for these products from the e-commerce sector. Named for the suburb of The Hague where the first guidelines were signed in 1996, Wassenaar is an arrangement between 33 countries to control the export of weapons and dual-use goods. Cryptography programs, which scramble data to prevent interception, are included along with biological and chemical weapons in the list. Under the new Wassenaar arrangement, agreed last month in Vienna, the member countries also decided in principle to prohibit the export of mass-market software containing strong encryption (above 64 bits) without government approval. Australia's own domestic regulations, which are more restrictive than the previous international arrangement, already reflect this control. However, companies in Australia will soon no longer have to apply for an export permit when shipping mass market encryption products 64 bits or less, or all other encryption products 56 bits or less, according to the Department of Defence. Fifty-six-bit symmetric encryption is weak because it can be broken with a powerful computer. Anything over 128-bit key length is considered virtually impossible to break. Encryption is increasingly being used in computer software. If you order something over the Net via a secure Web server, your credit card number is being sent using encryption. Strong encryption prevents governments from eavesdropping on people, but it also protects people's privacy, particularly from on-line criminals. Conflict between business interests and the defence establishment is heating up in this otherwise sleepy domain of mathematicians as the on-line economy takes off. Department of Defence director-general of exports and international programs, Maurice Hermann, said the new Wassenaar Arrangement should be viewed as relaxing restrictions. Internet Industry Association executive director Peter Coroneos, said: `We need strong encryption for the wheels of e-commerce to turn.'' While it was important to strike a balance with national security objectives, people needed to have confidence in transactions on the Net, he said. Restrictions also discouraged local investment, Coroneos said. `Any impediment to export is a disincentive to invest.'' Restricting exports hurt Australian companies more than the same restrictions affected companies in larger countries, such as the US, he said. `We don't have as big a market to sell to.'' The US has some of the strongest crypto-export laws of any nation. It has pushed hard for similar controls among its fellow Wassenaar partners, perhaps to fend off pressure from its own encryption industry, which saw foreign companies gaining ground in unreachable markets. At least one American company, RSA, chose to expand off-shore, in Australia. It recently opened a subsidiary in Brisbane to export software internationally, having obtained a permit from the Australian DoD to export 128-bit encryption. The US parent company has been a long-time vocal critic of proposed US Government restrictions on cryptography. However, RSA's president, Jim Bidzos, appeared to praise the new Wassenaar arrangement by saying it was `leveling the playing field internationally''. Implementation is left up to the individual governments involved and this new policy must be uniformly implemented and enforced if it is to have any effect, he said. Yet, some Wassenaar countries, such as the Netherlands, may well decline to pass local laws reflecting the arrangement, according to EFA's Taylor. This would leave the way open for their local companies to trade overseas unfettered. Wassenaar is not a binding treaty; it is a type of agreement. Each country applies the guidelines at their own discretion. Canada and Ireland have far more relaxed export requirements than the US and have developed burgeoning industries in the area, Taylor said. Federal Opposition spokeswoman on IT, Senator Kate Lundy, said Australia needed to grow its IT export industry, not restrict it. The trade deficit with respect to IT was $6 billion last year, and is expected to blow out to $46 billion by 2006. She said the new agreement was `a cultural hang-over from the Cold War, when the Defence Department wanted to keep a grip on encryption''. It was at odds with the Government's election policies supporting strong encryption, she said. `This decision is a complete sell-out.'' The office of Senator Alston, Minister for Communications, IT and the Arts, had no comment. One unresolved issue is if - or how - Australia will change its local regulations for the electronic export of strong crypto-products and the export of public domain software, to bring them into line with Wassenaar. Wassenaar appears to only apply to the export of tangible goods such as CDs or diskettes, meaning that people can download encryption software over the Net without export permits. It only covers software fixed in any tangible medium of expression. Australian custom regulations do not currently restrict intangibles, but that may change. In the past, Australian Government regulations have been more onerous than those under Wassenaar. There are also no restrictions under Wassenaar on the export of public domain software containing encryption, such as freeware. However, Australia is at odds with this, as it requires such software to have a permit for export. It is understood the Australian delegation to Wassenaar proposed to toughen the guidelines by explicitly including non-tangibles and restricting public domain software. Other countries rejected the proposal. Hermann would not discuss the particulars of Australia's position at the international meeting. However, he said, Australia went into the December negotiations in favor of what was decided. A DoD spokesman said the Wassenaar guidelines would be introduced into Australia's regulations as soon as possible. Caption: Photo: Opposition spokesperson Kate Lundy: "The decision is a complete sell-out."