In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption
from the the-war-on-encryption dept
For those who lived through the late 90's cryptowars, it's beginning to feel like history is repeating itself. We've seen the series of recent stories about the US government's misguided, FUD-based freakout over some recent moves to enhance privacy through more widely usable encryption, but now we're reaching the stage of the game where the government also starts attacking the "export" of cryptography. If you don't remember, a key part of the original cryptowars was over whether or not strong cryptography could be classified as a weapon, and subject to significant export controls. Thankfully, that idea was mostly scrapped, and encryption flourished, helping to make the internet and other technologies much safer.However, it appears the government is back to going after the export of encryption, as the Department of Commerce recently fined Intel subsidiary Wind River Systems $750,000 for exporting products that included encryption to China, Hong Kong, Russia, Israel, South Africa, and South Korea. While most had recognized that sending encryption (or, well, just about anything) to places like Iran, Cuba and North Korea might be problematic, most people had assumed that other countries, like those on the list above were no big deal.
As the linked article (from law firm Goodwin Procter) points out:
We believe this to be the first penalty BIS has ever issued for the unlicensed export of encryption software that did not also involve comprehensively sanctioned countries (e.g., Cuba, Iran, North Korea, Sudan or Syria). This suggests a fundamental change in BIS’s treatment of violations of the encryption regulations.Furthermore, the report understates the simple fact that "encryption is ubiquitous in software products" these days. And that's something that's only growing (a trend that should continue as encryption is increasingly important). But if the Commerce Department has suddenly decided to pick a fight over this issue, it could create a real competitive disadvantage for American tech companies trying to offer products around the globe. So, not only has the US government undermined the US tech industry through surveillance and backdoors, now it's looking to make it more difficult to build in encryption that better protects against such intrusions. It's almost as if the government wants to cede technology leadership to other countries.
Historically, BIS has resolved voluntarily disclosed violations of the encryption regulations with a warning letter but no material consequence, and has shown itself unlikely to pursue such violations that were not disclosed. This fine dramatically increases the compliance stakes for software companies — a message that BIS seemed intent upon making in its announcement.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: commerce department, cryptowars, encryption, fines
Companies: intel, wind river systems
Reader Comments
Subscribe: RSS
View by: Time | Thread
Silver lining of sorts
I do find it rather 'funny' that they flipped out over sending encryption software to Israel, as if memory serves the NSA has funneled non-minimized data collected on americans to them in the past. So they're apparently 'trustworthy' enough to handle raw data on american citizens, but not trustworthy enough to be sold encryption software. Nice standards there.
[ link to this | view in chronology ]
Re: Silver lining of sorts
[ link to this | view in chronology ]
Re: Re: Silver lining of sorts
[ link to this | view in chronology ]
Re: Re: Silver lining of sorts
[ link to this | view in chronology ]
Re: Re: Silver lining of sorts
[ link to this | view in chronology ]
Re: Silver lining of sorts
[ link to this | view in chronology ]
Re: Silver lining of sorts
[ link to this | view in chronology ]
Memories from the cryptowars
(Is source code to a computer program a munition? Really? Does smoking marijuana one time really turn you into a deranged insane monster?)
A point of discussion was: could you travel out of the country with a book? What about a book about cryptography which contained printed source code in its pages? Does our democracy believe in open borders and freedom of travel? Is the government censoring books? Or restricting the reading of books to citizens of the US but others should not be permitted to read certain books or study certain technical subjects?
Here is one other thing from memory. The author of Applied Cryptography wrote something prophetic. Remember he's writing this in the 1990's. It's on about page 99 or 100. (Sorry, this is purely from memory!) The author is discussing the restrictions on cryptography and expands on how the government could remove a lot of our freedoms. He speculates on how this could happen, for example, if there were a major attack, say, on New York. It's not that it was so difficult to see that a terrorist attack could happen in New York. But to recognize how our freedoms could start being removed for false security was insightful, IMO. And actually just a bit unbelievable at the time.
[ link to this | view in chronology ]
Re: Memories from the cryptowars
If you don't remember: http://www.zazzle.com/rsa_in_3_lines_of_perl_shirts-235546750490089316
Maybe I should pick another one up, considering how ridiculous this was and still is... TechDirt version maybe?
[ link to this | view in chronology ]
Re: Memories from the cryptowars
[ link to this | view in chronology ]
Re: Memories from the cryptowars
The answer is (or was): "yes". This is exactly how the source code for PGP was exported out of the US to enable its international distribution. IIRC, the book which was printed even had periodic checksums to enable easily checking the output of the OCR processing.
[ link to this | view in chronology ]
This is a shot across the bow of Apple & Google
[ link to this | view in chronology ]
Re: This is a shot across the bow of Apple & Google
It's interesting; I remember all the hoops Phil Zimmerman had to go through back in the day with PGP and PGPi, and Debian STILL has its international repos for encryption.
At one point I actually had to get a CIA background check and become certified as a munitions importer/exporter... to ship SIM chips out of the country to place in phones and modems that were to be imported to the US, as assembly was done in Canada.
I was really hoping those idiotic days were behind us. Oh well.
[ link to this | view in chronology ]
Re: This is a shot across the bow of Apple & Google
[ link to this | view in chronology ]
Makes me happy for not being a USA citizen
I'm free to write and export software with encryption as I please (and nowadays, writing network software without encryption is a sign of incompetence).
I don't have to pay taxes to a country other than my country of residence.
I'm free, because I'm not a USA citizen.
[ link to this | view in chronology ]
Re: Makes me happy for not being a USA citizen
[ link to this | view in chronology ]
Re: Makes me happy for not being a USA citizen
[ link to this | view in chronology ]
Re: Makes me happy for not being a USA citizen
double irish with a dutch sammich .. nom nom nom *buuuuurp*
[ link to this | view in chronology ]
Re: Re: Makes me happy for not being a USA citizen
One of them is Eritrea, a tiny country in the northeast of Africa.
The other one is the United States of America.
[ link to this | view in chronology ]
Re: Re: Re: Makes me happy for not being a USA citizen
... and BTW, it's not just citizens. Non-citizen permanent residents ("green" card holders) pay taxes on their income in the USA as well as abroad.
[ link to this | view in chronology ]
A taste of ITAR
Not only can you be arrested for exporting a chip containing strong encryption, you can be a criminal exporter for telling your neighbor about encryption, because he might tell two friends, who might tell two friends ... who might tell a foreign person. And a foreign person is not necessarily a person in a foreign country, he might be your other neighbor, who lives and works in the United States!
I work in the space business, and while I primarily work on perfectly non-military science missions, I can't tell anyone anything significant lest I run afoul of ITAR. It's pretty much impossible not to, so it has become very much like in Atlas Shrugged (whether you like Ayn Rand or not is not important here) where everyone is a criminal, so the government gets to decide who to arrest.
I wonder what Wind River actually did to raise the ire of the Commerce Department. (Since it's the Commerce Department involved it's actually EAR that they're going after here.)
[ link to this | view in chronology ]
Re: A taste of ITAR
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So it's the 90's again
[ link to this | view in chronology ]
Re: So it's the 90's again
[ link to this | view in chronology ]
Re: 128 bit encryption was pretty strong in the 90's
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Crypto export controlled by the US but not their stupidity
I have put quotation marks around weapons for those who may consider that a weapon consists of hand grenades or nuclear bombs and that encryption is just a bizarre abberation. Hell no. ITAR can affect just about anything that touches any military product. I personally designed an installation that used a radio that had crypto in it. Because the radio used an RS232 cable, the RS232 cable was classified ITAR. Even more bizzare, a battery charger that could charge batteries used by this ITAR radio, the charger was declared ITAR. Think about it for a minute, an RS232 cable and a battery charger have been declared to be 'weapons' by the US government.
The ITAR tentacles go even further than this. Has anyone ever wondered why some Japanese or German companies require you to declare that their products will never be used in any military application. Its not because they are pacifist, but because they do not want their products to be declared ITAR.
ITAR is just a joke the Americans have played on the rest of the world.
[ link to this | view in chronology ]
Re: Crypto export controlled by the US but not their stupidity
And of course, if you touch anything related to the US Military, you get hit with ITAR.
[ link to this | view in chronology ]
Its a FREE NATION...
Do you want to illegally invade America? Okay you are good to come, come right on over.
Want to ship some security protcols to another country? AH HELL NO!
[ link to this | view in chronology ]
If America doesn't watch it, nobody worthwhile will want to pick a fight - not because the US is a big badass but because it has become just another debt-ridden, mentally impoverished backwater.
[ link to this | view in chronology ]
Cynic
[ link to this | view in chronology ]
Total Power
The government is willing to pay any price to gain totalitarian power.
[ link to this | view in chronology ]
Re: Total Power
America is special because we have both issues... an ignorant electorate that is not even bothering to check the government.
It's a my party guy versus your party guy and any negativity towards liberalism or the democrats is seen as one being a fundie conservative and vice versa.
If you hold to a party or dogma to a point that your own are allowed to be corupt but not the other is what is destroying us.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
- controlled items include but are not limited to hardware, software, services, or instructions pertaining to "arms".
- services rendered: a US citizen cannot assist a foreigner with any controlled item; this also includes open-source, publicly available software or hardware that originated outside the USA and that the foreigner obtained without "going through" the USA.
- re-exportation is also illegal; even if the controlled item originated from outside the USA, if you have it you cannot "export" it. This facet is (from what I remember) unique to the USA's version (ITAR and EAR) of these laws. It makes sense that if (for example) a German national downloads a "munition" from Sweden that is (legally by Sweden's laws) available to anyone else in the world, that the German national would be able to host a mirror site. But if a US national mirrors the same "munition", it is illegal.
there is an exception for clearly dual-use items (must have significant applicability to citizen's lawful commerce), which is how openssl (and other publicly known cryptographic primitives and implementations) is allowed.
which makes me wonder what exactly whisper systems got hit with?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Maybe obamacare wasn't a good idea.
[ link to this | view in chronology ]
well i guess you cant read the below then
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Used against the NSA?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Question
[ link to this | view in chronology ]
Re: Question
[ link to this | view in chronology ]
Request for a conference call
Thanks for taking the time to go through our communications. We would like to know if there are any technological pain areas which we can solve by employing well thought upon mobile / web applications. As an IT consulting firm, Antier has helped Acuity Brands, world's leading lighting control company, save over $5 million by developing for them a CRM solution for controlling their sales operations world over. In addition to it, we have also helped a leading automobile company to increase their turnover by four times through internet marketing.
We would highly appreciate if we you can have a look at our portfolio in the following link to give you an insight of our abilities:
www.antiersolutions.com/portfolio/index.html
We look forward to a short conference call with you to discuss more about how we can help you find sustainable and innovative solutions with our strengths and areas of specialization. Please advise a good time and number to call you at.
I look forward to hearing from you.
Thanks in advance.
[ link to this | view in chronology ]
Have a look at the Boundless Informant map for more information(its a heat map right? looks like the NSA really loves spying "Country A"(you win an Internet if you get the reference)).
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]