Encryption Regs to Change

RELAXED ENCRYPTION export laws are expected to be a major focus at the RSA Conference 2000 later this month, which begins just days after the anticipated Jan. 14 announcement of federal edicts to scale back restrictive U.S. encryption laws.

At the San Jose, Calif., conference, which runs Jan. 16-20, a "Washington Update Panel" is prepared to deal with a bevy of questions surrounding the legislation, originally slated to be announced on Dec. 14.

"I would think that's going to be on everybody's minds," said panel member William Reinsch, the under secretary for export administration at the Department of Commerce. "The differences between the earlier version that was widely criticized [by vendors] and this new one that has been 'cautiously praised' is different in a number of important respects."

Reinsch said the revised encryption regulations feature significant changes in an effort to clear up confusion in the telecommunications area. Also part of the plan is a firm sharpening of retail vs. nonretail distinctions and a reworking of the definition of government in the regulations that should "make people more comfortable," Reinsch said.

Previous incarnations of the regulations came under heavy fire because some vendors felt there was disparity in the retail marketplace, giving some vendors unfair advantages over others, Reinsch said.

"Our decision to postpone issuing the final document in December was really in response to a lot of complaints we received [about] the shape it was in then," Reinsch said.

Currently, the U.S. government restricts American security companies and their OEM customers from exporting encryption algorithms exceeding a 56-bit strength, which can be used to secure electronic information.

Aside from the encryption discussion, Scott Schnell, senior vice president of marketing at RSA, said he foresees three areas of interest dominating the conference: authenticating business-to-business electronic-commerce transactions and customers, the enormous impact of wireless products, and the growing role of public-key infrastructure (PKI), which protects servers used in consumer transactions.

"PKI is the technical foundation for the next millennium in terms of managing users' identities online," Schnell said.

"It will be used [for] everything [from] paying taxes and getting Social Security benefits to allowing doctors to have access to medical documents and conducting business," Schnell said.

Microsoft will introduce how it plans to use digital certificates and PKI as part of the way Windows 2000 will log in to an enterprise environment, Schnell said.

RSA Security Inc., in Bedford, Mass., can be reached at www.rsasecurity.com.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MicrosoftRSA, The Security Division of EMC

Show Comments