Crypto Laws Slackened

By Deane Barker on October 16, 2003

Cold War encryption laws stand, but not as firmly: It looks like the government is backing away from its silly and unenforcable rules on data encryption. Encryption had always been limited to 56-bit, and anything over that is treated as a “munition” and could not be exported. Obviously, there’s zero chance anyone could really enforce this given the unbiquity and ease of Internet transmission.

The idea was that the government didn’t want the “bad guys” to get ahold of really strong crypto so snoops like the NSA could continue to monitor their communications. The struggle for the everyday user to get strong crypto has been long and drawn-out, and it was the subject of Steven Levy’s book “Crypto.”

A researcher filed a lawsuit in 1995 because he wanted to export a “simple encryption program.” (How much you want to bet he wrote it just so he could file the lawsuit?) The suit was dismissed, but not until the government essentially conceded that they won’t try to enforce the law.

“Bernstein’s case, and two other similar attempts, have been credited with forcing the federal government to drastically scale back its attempts to regulate the kind of privacy-protecting encryption technology used in every Web browser and many e-mail readers. At one point such encryption was regulated by the State Department and treated as a ‘munition’ like tanks and fighter jets, but the Clinton administration responded to the lawsuits by relaxing the rules and transferring responsibility to the Commerce Department.

At a hearing in October 2002, Justice Department attorney Tony Coppolino effectively placed even the latest rules on hold, saying the government would not use them to prosecute cryptographers engaged in legitimate research.”