In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption

from the the-war-on-encryption dept

For those who lived through the late 90's cryptowars, it's beginning to feel like history is repeating itself. We've seen the series of recent stories about the US government's misguided, FUD-based freakout over some recent moves to enhance privacy through more widely usable encryption, but now we're reaching the stage of the game where the government also starts attacking the "export" of cryptography. If you don't remember, a key part of the original cryptowars was over whether or not strong cryptography could be classified as a weapon, and subject to significant export controls. Thankfully, that idea was mostly scrapped, and encryption flourished, helping to make the internet and other technologies much safer.

However, it appears the government is back to going after the export of encryption, as the Department of Commerce recently fined Intel subsidiary Wind River Systems $750,000 for exporting products that included encryption to China, Hong Kong, Russia, Israel, South Africa, and South Korea. While most had recognized that sending encryption (or, well, just about anything) to places like Iran, Cuba and North Korea might be problematic, most people had assumed that other countries, like those on the list above were no big deal.

As the linked article (from law firm Goodwin Procter) points out:
We believe this to be the first penalty BIS has ever issued for the unlicensed export of encryption software that did not also involve comprehensively sanctioned countries (e.g., Cuba, Iran, North Korea, Sudan or Syria). This suggests a fundamental change in BIS’s treatment of violations of the encryption regulations.

Historically, BIS has resolved voluntarily disclosed violations of the encryption regulations with a warning letter but no material consequence, and has shown itself unlikely to pursue such violations that were not disclosed. This fine dramatically increases the compliance stakes for software companies — a message that BIS seemed intent upon making in its announcement.
Furthermore, the report understates the simple fact that "encryption is ubiquitous in software products" these days. And that's something that's only growing (a trend that should continue as encryption is increasingly important). But if the Commerce Department has suddenly decided to pick a fight over this issue, it could create a real competitive disadvantage for American tech companies trying to offer products around the globe. So, not only has the US government undermined the US tech industry through surveillance and backdoors, now it's looking to make it more difficult to build in encryption that better protects against such intrusions. It's almost as if the government wants to cede technology leadership to other countries.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: commerce department, cryptowars, encryption, fines
Companies: intel, wind river systems


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 16 Oct 2014 @ 4:33am

    Silver lining of sorts

    On the one hand, sucks for US based companies. On the other hand, non-US companies are probably better off not using encryption developed by US companies, for obvious reasons, so it will probably work out better for them to look elsewhere anyway.

    I do find it rather 'funny' that they flipped out over sending encryption software to Israel, as if memory serves the NSA has funneled non-minimized data collected on americans to them in the past. So they're apparently 'trustworthy' enough to handle raw data on american citizens, but not trustworthy enough to be sold encryption software. Nice standards there.

    link to this | view in thread ]

  2. icon
    DannyB (profile), 16 Oct 2014 @ 6:23am

    Memories from the cryptowars

    You could not export research or know how about cryptography. New algorithms. Etc. But especially source code.

    (Is source code to a computer program a munition? Really? Does smoking marijuana one time really turn you into a deranged insane monster?)

    A point of discussion was: could you travel out of the country with a book? What about a book about cryptography which contained printed source code in its pages? Does our democracy believe in open borders and freedom of travel? Is the government censoring books? Or restricting the reading of books to citizens of the US but others should not be permitted to read certain books or study certain technical subjects?

    Here is one other thing from memory. The author of Applied Cryptography wrote something prophetic. Remember he's writing this in the 1990's. It's on about page 99 or 100. (Sorry, this is purely from memory!) The author is discussing the restrictions on cryptography and expands on how the government could remove a lot of our freedoms. He speculates on how this could happen, for example, if there were a major attack, say, on New York. It's not that it was so difficult to see that a terrorist attack could happen in New York. But to recognize how our freedoms could start being removed for false security was insightful, IMO. And actually just a bit unbelievable at the time.

    link to this | view in thread ]

  3. icon
    DannyB (profile), 16 Oct 2014 @ 6:24am

    Re: Silver lining of sorts

    It's one more way our security theater will end up putting US companies at a global competitive disadvantage.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 16 Oct 2014 @ 6:28am

    Re: Re: Silver lining of sorts

    Well. Perhaps it'll offset the competitive advantage gained from corporate spying by the three-letter agencies.

    link to this | view in thread ]

  5. icon
    OldMugwump (profile), 16 Oct 2014 @ 6:35am

    This is a shot across the bow of Apple & Google

    Just sending a little message after Google's announcement yesterday that Android Lolipop will have encryption enabled by default.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 16 Oct 2014 @ 6:44am

    Makes me happy for not being a USA citizen

    It's stories like these that make me happy for not having been born in the USA or to USA-citizen parents.

    I'm free to write and export software with encryption as I please (and nowadays, writing network software without encryption is a sign of incompetence).

    I don't have to pay taxes to a country other than my country of residence.

    I'm free, because I'm not a USA citizen.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 16 Oct 2014 @ 7:10am

    A taste of ITAR

    Maybe this will bring a little light on the insane monstrosity that is ITAR, the International Traffic in Arms Regulations, and it's slightly less deranged sister the Export Administration Regulations.

    Not only can you be arrested for exporting a chip containing strong encryption, you can be a criminal exporter for telling your neighbor about encryption, because he might tell two friends, who might tell two friends ... who might tell a foreign person. And a foreign person is not necessarily a person in a foreign country, he might be your other neighbor, who lives and works in the United States!

    I work in the space business, and while I primarily work on perfectly non-military science missions, I can't tell anyone anything significant lest I run afoul of ITAR. It's pretty much impossible not to, so it has become very much like in Atlas Shrugged (whether you like Ayn Rand or not is not important here) where everyone is a criminal, so the government gets to decide who to arrest.

    I wonder what Wind River actually did to raise the ire of the Commerce Department. (Since it's the Commerce Department involved it's actually EAR that they're going after here.)

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 16 Oct 2014 @ 7:10am

    What is this I don't even

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 16 Oct 2014 @ 7:11am

    Re: Makes me happy for not being a USA citizen

    WE ARE THE USA. YOUR COUNTRY WILL BE ASSIMILATED. RESISTANCE IS FUTILE.

    link to this | view in thread ]

  10. identicon
    Booze!, 16 Oct 2014 @ 7:11am

    So it's the 90's again

    Sure feels like it this morning, is the encryption 128 bit cause if its not why do we care if England has it?

    link to this | view in thread ]

  11. identicon
    jackn, 16 Oct 2014 @ 7:18am

    you'll know we are really lost when we can't IMPORT encryption software

    link to this | view in thread ]

  12. identicon
    peter, 16 Oct 2014 @ 7:24am

    Crypto export controlled by the US but not their stupidity

    The control of 'weapon'exports is controlled through a process called ITAR (international Traffic in Arms Regulations).

    I have put quotation marks around weapons for those who may consider that a weapon consists of hand grenades or nuclear bombs and that encryption is just a bizarre abberation. Hell no. ITAR can affect just about anything that touches any military product. I personally designed an installation that used a radio that had crypto in it. Because the radio used an RS232 cable, the RS232 cable was classified ITAR. Even more bizzare, a battery charger that could charge batteries used by this ITAR radio, the charger was declared ITAR. Think about it for a minute, an RS232 cable and a battery charger have been declared to be 'weapons' by the US government.
    The ITAR tentacles go even further than this. Has anyone ever wondered why some Japanese or German companies require you to declare that their products will never be used in any military application. Its not because they are pacifist, but because they do not want their products to be declared ITAR.
    ITAR is just a joke the Americans have played on the rest of the world.

    link to this | view in thread ]

  13. icon
    John Fenderson (profile), 16 Oct 2014 @ 7:42am

    Re: Silver lining of sorts

    One of the results of the old, crypto-wars era prohibitions on cryptography exports from the US is that the US stopped being the nation where the real cutting-edge cryptography takes place. That's still the case to this day -- the best cryptography comes from elsewhere (often Israel). I guess the US wants it to stay that way.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 16 Oct 2014 @ 7:46am

    Re: Re: Silver lining of sorts

    Good thing almost none of those companies are "based" in the United States anymore. Woo, tax inversion ftw! ..wait..

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 16 Oct 2014 @ 7:49am

    Its a FREE NATION...

    Until you do something that lets you know its damn sure is not.

    Do you want to illegally invade America? Okay you are good to come, come right on over.

    Want to ship some security protcols to another country? AH HELL NO!

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 16 Oct 2014 @ 7:52am

    Re: Makes me happy for not being a USA citizen

    As a U.S. citizen, you cannot possibly fathom how much I envy you.
    I'm free, because I'm not a USA citizen.
    Jesus, dude, that is a deep and depressing statement. Powerful..

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 16 Oct 2014 @ 7:59am

    Re: Makes me happy for not being a USA citizen

    "I don't have to pay taxes to a country other than my country of residence."

    double irish with a dutch sammich .. nom nom nom *buuuuurp*

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 16 Oct 2014 @ 8:12am

    The government spook's loss of one type of information channel is vastly overshadowed by the loss of global trust in US products.

    If America doesn't watch it, nobody worthwhile will want to pick a fight - not because the US is a big badass but because it has become just another debt-ridden, mentally impoverished backwater.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 16 Oct 2014 @ 8:27am

    Re: Memories from the cryptowars

    I wish I still had my old PERL T-shirt...
    If you don't remember: http://www.zazzle.com/rsa_in_3_lines_of_perl_shirts-235546750490089316

    Maybe I should pick another one up, considering how ridiculous this was and still is... TechDirt version maybe?

    link to this | view in thread ]

  20. icon
    Coyne Tibbets (profile), 16 Oct 2014 @ 8:36am

    Cynic

    Someone cynical might say this fine wasn't because they exported encryption, but because they neglected to include the NSA's back door.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 16 Oct 2014 @ 8:49am

    Total Power

    "It's almost as if the government wants to cede technology leadership to other countries."

    The government is willing to pay any price to gain totalitarian power.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 16 Oct 2014 @ 8:59am

    Re: Total Power

    This is the end result of any government that is left unchecked, or being checked by an ignorant electorate.

    America is special because we have both issues... an ignorant electorate that is not even bothering to check the government.

    It's a my party guy versus your party guy and any negativity towards liberalism or the democrats is seen as one being a fundie conservative and vice versa.

    If you hold to a party or dogma to a point that your own are allowed to be corupt but not the other is what is destroying us.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 16 Oct 2014 @ 9:10am

    Re: This is a shot across the bow of Apple & Google

    It won't really affect Google and Apple though -- they'll just develop and inject the cryptography offshore, prior to importing the hardware to the US.

    It's interesting; I remember all the hoops Phil Zimmerman had to go through back in the day with PGP and PGPi, and Debian STILL has its international repos for encryption.

    At one point I actually had to get a CIA background check and become certified as a munitions importer/exporter... to ship SIM chips out of the country to place in phones and modems that were to be imported to the US, as assembly was done in Canada.

    I was really hoping those idiotic days were behind us. Oh well.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 16 Oct 2014 @ 9:15am

    Re: So it's the 90's again

    128 bit encryption was pretty strong in the 90's -- I think DES (not 3DES) was the strongest thing you could export back then.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 16 Oct 2014 @ 9:20am

    Re: Crypto export controlled by the US but not their stupidity

    You think ITAR's bad... EAR applies to SIM chips for cell phones and the chips inside all non-US credit cards. That's right -- every person who enters the US with an international credit card or cell phone and then leaves again becomes a criminal in the US. There are some personal use exemptions, but I'm sure if you used either "for business" the commerce department *could* find grounds to fine you.

    And of course, if you touch anything related to the US Military, you get hit with ITAR.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 16 Oct 2014 @ 9:27am

    I guess we'll have to start exporting our encryption libraries in text books again.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 16 Oct 2014 @ 9:30am

    Seems like aipac is getting weaker and the government finally treats israel properly.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 16 Oct 2014 @ 10:17am

    The genie is way way out of the bottle on encryption. Old people really need to pass before they wreck everything.

    Maybe obamacare wasn't a good idea.

    link to this | view in thread ]

  29. identicon
    the threat to peace is the USA, 16 Oct 2014 @ 10:22am

    well i guess you cant read the below then

    3417D865B4D4D92F37C7CA7BD44591A3206115735DB53B8D3DC30099365CAAB1C37A4A7D2172C90F44AA4F5A8B041BFB

    link to this | view in thread ]

  30. icon
    toyotabedzrock (profile), 16 Oct 2014 @ 10:34am

    I feel like there is something more to this fine. Wind River is somehow involved with drones, perhaps that aspect might be involved?

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 16 Oct 2014 @ 10:55am

    Used against the NSA?

    I wonder if this can be used against the NSA? fter all, they have freely published encryption standards, curves, and source code implementations for Suite B.

    link to this | view in thread ]

  32. icon
    beltorak (profile), 16 Oct 2014 @ 11:00am

    Re:

    still no good. i had to take a corporate training thing about ITAR and EAR; it's truly crazy. Some of the things I remember:

    - controlled items include but are not limited to hardware, software, services, or instructions pertaining to "arms".

    - services rendered: a US citizen cannot assist a foreigner with any controlled item; this also includes open-source, publicly available software or hardware that originated outside the USA and that the foreigner obtained without "going through" the USA.

    - re-exportation is also illegal; even if the controlled item originated from outside the USA, if you have it you cannot "export" it. This facet is (from what I remember) unique to the USA's version (ITAR and EAR) of these laws. It makes sense that if (for example) a German national downloads a "munition" from Sweden that is (legally by Sweden's laws) available to anyone else in the world, that the German national would be able to host a mirror site. But if a US national mirrors the same "munition", it is illegal.

    there is an exception for clearly dual-use items (must have significant applicability to citizen's lawful commerce), which is how openssl (and other publicly known cryptographic primitives and implementations) is allowed.

    which makes me wonder what exactly whisper systems got hit with?

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 16 Oct 2014 @ 11:29am

    So then https is out, I guess. How the fuck do you do secure login to websites without encryption?

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 16 Oct 2014 @ 11:33am

    Re: Re: Makes me happy for not being a USA citizen

    There are only two countries in the whole world where taxation is based on citizenship instead of residence.

    One of them is Eritrea, a tiny country in the northeast of Africa.

    The other one is the United States of America.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 16 Oct 2014 @ 2:51pm

    Re: Re: Silver lining of sorts

    Until the criminals in charge just decide to nationalize everything in the name of national security

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 16 Oct 2014 @ 3:29pm

    Re: Re: Re: Makes me happy for not being a USA citizen

    Wouldn't it suck to be a dual-citizen of the USA and Eritrea?

    ... and BTW, it's not just citizens. Non-citizen permanent residents ("green" card holders) pay taxes on their income in the USA as well as abroad.

    link to this | view in thread ]

  37. identicon
    Lawrence D’Oliveiro, 16 Oct 2014 @ 5:06pm

    Re: 128 bit encryption was pretty strong in the 90's

    For secret-key encryption (e.g. AES), it’s still pretty strong. In fact, issues have been found with 256-bit AES that may make it safer to stick with 128 bits for now.

    link to this | view in thread ]

  38. icon
    Sheogorath (profile), 16 Oct 2014 @ 5:33pm

    Question

    Can we report to the Department of Commerce companies that export DVDs and Blu-Ray discs to China, Hong Kong, Russia, Israel, South Africa, and South Korea? After all, the DRM on those products is a form of encryption, amirite?

    link to this | view in thread ]

  39. identicon
    Vikram R Singh, 16 Oct 2014 @ 11:45pm

    Request for a conference call

    Dear Sir / Madam

    Thanks for taking the time to go through our communications. We would like to know if there are any technological pain areas which we can solve by employing well thought upon mobile / web applications. As an IT consulting firm, Antier has helped Acuity Brands, world's leading lighting control company, save over $5 million by developing for them a CRM solution for controlling their sales operations world over. In addition to it, we have also helped a leading automobile company to increase their turnover by four times through internet marketing.

    We would highly appreciate if we you can have a look at our portfolio in the following link to give you an insight of our abilities:
    www.antiersolutions.com/portfolio/index.html

    We look forward to a short conference call with you to discuss more about how we can help you find sustainable and innovative solutions with our strengths and areas of specialization. Please advise a good time and number to call you at.

    I look forward to hearing from you.

    Thanks in advance.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 17 Oct 2014 @ 2:03am

    Re: Memories from the cryptowars

    And furthering the kafkaesque bullshit wasn't it perfectly legal to print out the source code into a book and export it but not the floppy?

    link to this | view in thread ]

  41. icon
    Ninja (profile), 17 Oct 2014 @ 3:08am

    Re: Silver lining of sorts

    Really, even if all private crypto is stopped it's somewhat better since companies NEED it and will actively help open-sourced initiatives, no?

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 17 Oct 2014 @ 7:46am

    Not American here but I wouldn't assume sending encryption stuff to Israel is no big deal. *pushes the antisemitism alarm*

    Have a look at the Boundless Informant map for more information(its a heat map right? looks like the NSA really loves spying "Country A"(you win an Internet if you get the reference)).

    link to this | view in thread ]

  43. identicon
    Vladilyich, 17 Oct 2014 @ 8:54am

    Re: This is a shot across the bow of Apple & Google

    That was precisely my first thought. Is the U.S. going to try to stop Apple and Google from doing business outside of U.S. borders? I don't think the government will get very far!

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 17 Oct 2014 @ 1:19pm

    Re: Question

    Two words: selective enforcement.

    link to this | view in thread ]

  45. icon
    RonKaminsky (profile), 19 Oct 2014 @ 10:35am

    Re: Memories from the cryptowars

    > could you travel out of the country with a book?

    The answer is (or was): "yes". This is exactly how the source code for PGP was exported out of the US to enable its international distribution. IIRC, the book which was printed even had periodic checksums to enable easily checking the output of the OCR processing.

    link to this | view in thread ]

  46. icon
    Niall (profile), 20 Oct 2014 @ 1:25am

    Re: A taste of ITAR

    Which sounds a lot like Romania under Ceacescu and the Securitate - you may have spoken to someone who is related to someone who gave brief directions to a foreigner... so report to the local office pronto!

    link to this | view in thread ]

  47. identicon
    acND, 25 Feb 2015 @ 5:54pm

    JdHC

    link to this | view in thread ]

  48. identicon
    acND, 25 Feb 2015 @ 5:54pm

    JdHC.''))]'(")

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.