 12-03-96. Communications Daily:

 Clinton Administration is "headed in the absolute wrong direction" 


 Clinton Administration is "headed in the absolute wrong direction" 
 in formulating encryption policies, Business Software Alliance
 (BSA) said in letter Mon. to Vice President Gore. Administration
 is due this week to begin circulating proposals for comment, with
 goal of implementing them Jan. 1. Included in package are
 proposals to transfer export authority of encryption products to
 Commerce Dept. from State Dept., along with new rules on
 export of high-end encryption products. 

 But BSA Pres. Robert Holleyman said in letter that apparently 
 "significant backtracking has occurred" since Administration 
 announced new policy Oct.1. 

 As result, he said: "We seriously doubt that the regulations will
 work, meet computer user demands or be accepted by the
 private sector unless the Administration radically changes its
 approach immediately." Without change, BSA said, encryption
 export policies will fail as did Administration policy of Clipper
 Chip for digital telephony. 

 Holleyman said Administration should make distinction between 
 terms "key recovery" and "key escrow," which Administration uses 
 interchangeably. Ability of purchaser or user of product to recover 
 data is different from having 3rd party keep key, BSA said. It 
 said that it's also opposed to having govt. dictate milestones 
 for company-specific encryption plans and that interim export 
 relief promised by Administration doesn't appear to give that 
 much relief.

----------

 12-03-96. Reuters:

 Opposition grows to Clinton encryption export plan 


 Washington: A leading software industry group is backing
 away from its early support of the Clinton administration's new
 policy to ease export rules on computer encoding technology.

 In a letter to Vice President Al Gore, the Business Software
 Alliance, which includes Microsoft Corp. and International
 Business Machine Corp.'s Lotus Development, said that the
 rules implementing the new encryption export policy appeared to
 be flawed.

 "It appears that significant backtracking has occurred since the
 Oct. 1 announcement," the alliance wrote in the letter dated Dec.
 2.

 "Therefore, we seriously doubt that the regulations will work,
 meet consumer demands or be accepted by the private sector
 unless the administration radically changes its approach
 immediately," the alliance added.

 A spokeswoman for Gore said Greg Simon, the vice president's
 chief domestic policy adviser, and other administration officials
 working on the rules have met with the software group to discuss
 the criticism.

 "There is still an internal decision making process going on,"
 spokeswoman Heidi Kukis said. Final rules are expected by Jan.
 1, she said.

 The administration is attempting to craft a compromise on export
 sales of products containing encryption, computer programmes
 that scramble information and render it unreadable without a
 password or software "key."

 Under current laws dating from the Cold War, products for
 export can include only very weak coding features.

 However, with the growth of the Internet and online commerce,
 encryption is spreading as a means to ensure secure
 communication between businesses and to safeguard consumers'
 personal data, such as credit card numbers.

 The software companies argue they are losing substantial
 overseas sales to foreign companies not bound by the export
 laws.

 U.S. law enforcement and intelligence officials counter that the
 spread of sophisticated encryption will make their jobs far more
 difficult.

 Under the compromise policy announced in October and enacted
 in an executive order last month, companies would be able to
 export strong encryption but only if the products also contained a
 feature known as "key recovery" that would permit the
 government to decode scrambled data.

 The software alliance said in October that the new policy was a
 "step in the right direction."

 In its letter this week, however, the alliance said it was not happy
 with the rules being drafted to implement the policy.

 "Everything we have seen and heard to date reveals that the
 government is headed in the absolute wrong direction," it said.

 Part of the debate revolves around the definition of key
 recovery.

 The alliance believes key recovery should consist of products
 that would allow the government to decode stored
 communications, such as an E-mail message saved on a
 computer hard drive. But, the group feels, encryption products
 should not be required to allow government decoding of
 real-time communications.

 "There is little if any commercial demand for key recovery
 function in real-time communications," the alliance wrote.

 "Our members have seen nothing to suggest that any product
 developed to date can work on a mass market scale or that there
 is significant commercial demand for such products."

 A number of companies, including Microsoft and IBM, have
 announced products designed to meet the new export policy. But
 not all of them allow easy real-time key recovery.

 Although Microsoft is trying to create products to meet the
 export policy, "we still feel government should liberalise the
 policy more," John Browne, head of the company's Internet
 commerce group, said.

----------

