USA urges ban on encryption products over the Internet
Janet Reno pressures Herta Däubler-Gmelin
July 29, 1999
The Federal Cabinet of Germany ended lingering uncertainties over its encryption policy at the beginning of June with the publication of five key points. That, however, does not mean that the encryption debate is at an end: in the next year, a further Wassenaar round of negotiations will be on the table. The US, furthermore, finds Europe's liberal export policies something of a thorn in its side, and is already lobbying for changes in the current position.
At the end of May, US Attorney General Janet Reno requested in a letter (below) that the Federal Secretary of Justice, Herta Däubler-Gmelin, provide for control of encryption software which is being distributed 'over the Internet' - including Public Domain products. Reno's view is that "the use of the Internet to distribute encryption products will render Wassenaar's controls immaterial." At the end of year 2000, the Wassenaar agreement is to be negotiated: it regulates, amongst other things, the export of encryption products. Until then, the USA wants to develop a broad consent with the 33 Wassenaar member states.
It is strange that the letter was addressed to the Federal Department of Justice and not to the Federal Ministry for Economic Affairs, which, together with the Federal Ministry of the Interior, is in fact responsible for German encryption policy. The Americans, it's safe to assume, are perfectly aware of how responsibilities are divided within the German Federal Government. They probably just figure a discussion with the Ministry of Justice has a better chance of success.
The Federal Department of Justice did not want to confirm to Telepolis the existence of the Reno letter. According to persons close to the Federal Minister, however, several letters making the same request have been received, and a reply is now being drafted. What is not known is how Reno's demand will be answered.
Arne Brand, of the "virtual local association" of the SPD, is annoyed about the "concealment policy" of the Federal Government:
"I would only try to cover up a thing like that, if I did not have an own point of view, but intended to align myself with the wishes of other people."
Encryption export policy as politico-economic instrument
Hubertus Soquat, an adviser in the Federal Ministry for Economic Affairs, was equally unwilling to confirm the existence of the letter. His reply to Telepolis, nevertheless, clearly set the encryption policy currently adopted by the cabinet against what was "possibly demanded" by the American side. The notion of regulating, in the future, encryption products which reside in the public domain, he said, stands in stark contrast to German encryption policy, which is based on the free availability of encryption products, from development through to deployment by the end-user. On this count, the Federal Government cannot meet 'possible' American demands. Soquat is convinced of the fact that "encryption export policy is being handled as a politico-economic instrument of the USA, at least."
Thomas Roessler, spokesperson of the Foerdervereins Information Technology and Society (FITUG), sees the Reno letter as an attempt to keep the "electronic interception capabilities of American and allied authorities in force for as long as possible." He says that such export control would have absurd consequences:
"A computer journal, which contains a supplement CD-ROM of free cryptographic software, might not be able to be sold at the kiosk anymore, or only by license to certain foreign customers. Also, the publication of free cryptographic software for general access over the Internet would no longer be easily possible."
Besides, says Roessler, the results of negotiation in 1998, which put cryptographic mass market software under export control, contradict the actual purpose of the Wassenaar agreement. This consists of contributing "to regional and international security and stability by improving transparency and responsibility concerning the transfer of conventional weapons and dual-use goods and technologies promoted, and by preventing destabilising accumulations of such goods and weapons." "Bona fide" civilian transactions are not to be obstructed. Says Roessler, "today, the use of strong cryptography is the best course of action: it interacts with the controlled transactions obviously in bona fide civil transactions. The notion that an internationally destabilising imbalance of military strength can be caused by free or mass market available encryption software is absurd." Reno's letter has to do nothing with the avowed goals of the Wassennaar agreement, and much to do with "the attempt to keep in force the electronic surveillance capabilities of American and allied authorities," Roessler concludes.
The Electronics Frontiers Australia (EFA) group reports that the export of Public Domain crypto software is already banned in Australia, the USA, New Zealand, France and Russia, since these states do not use "the general software note" of the Wassenaar agreement. Reasons for this are not known to the EFA. Ingo Ruhmann of the Forum of Computer Scientists for Peace and Social Responsibility (FifF) regards the attempt of Reno to subject encryption systems to stronger control as a "thoughtless treatment of essential fundamental rights of democratic states."
It is now foreseen that the "general software note" will play a central role in the Wassenaar preliminaries. An avowed goal of the USA is to prevent the download of encryption programs over the Internet. The treatment of public domain encryption software will also be an important topic. Still there are arguments about the definition of the term 'Public Domain'. The Wassenaar agreement describes it as software which was made available "without restrictions on its further distribution." From a legal point of view it designates, however, goods which are free from copyrights. Critically, this wording might exclude a further spread of copies on CD, or without documentation, so that software is no longer classified as "in the public domain." The task is now to look for a definition for a product which is accessible and freely available to everyone.
Letter sent last May by Ms Reno to German Federal Secretary of Justice Herta Daeubler-Gmelin.
Dear Minister Däubler-Gmelin:
I wish to thank you and your Government for you efforts to achieve a fair resolution regarding multilateral export controls on encryption products at the recent Wassenaar plenary session on December 2-3, 1998. While no Nation, including the United States, was completely satisfied, I think we made significant progress toward a regime that can support the interests of national security and public safety in the face of the challenges posed by the increasing use of encryption internationally. Given the divergent cryptography policies that the Wassenaar Nations have supported in the past, and the continuing controversy that cryptography policy continues to generate, that 33 Nations managed to find common ground augurs well for our future ability to find solutions that satisfy the divergent needs of privacy, electronic commerce, national security, and public safety.
Much work remains to be done. In particular, I believe we must soon address the risks posed by electronic distribution of encryption software. Although the Wassenaar Nations have now reached agreement to control the distribution of mass market encryption software of certain cryptographic strength, some Wassenaar Nations continue not to control encryption software that is distributed over the Internet, either because the software is in the "public domain" or because those Nations do not control distribution of intangible items. While I recognize that this issue is controversial, unless we address this situation, use of the Internet to distribute encryption products will render Wassenaar's controls immaterial.
I look forward to our continuing discussions on these and other issues. And again, thank you for your past and future considerations of these issues.
Sincerely, Janet Reno
(Source is known to the editors)