In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption

from the the-war-on-encryption dept

For those who lived through the late 90’s cryptowars, it’s beginning to feel like history is repeating itself. We’ve seen the series of recent stories about the US government’s misguided, FUD-based freakout over some recent moves to enhance privacy through more widely usable encryption, but now we’re reaching the stage of the game where the government also starts attacking the “export” of cryptography. If you don’t remember, a key part of the original cryptowars was over whether or not strong cryptography could be classified as a weapon, and subject to significant export controls. Thankfully, that idea was mostly scrapped, and encryption flourished, helping to make the internet and other technologies much safer.

However, it appears the government is back to going after the export of encryption, as the Department of Commerce recently fined Intel subsidiary Wind River Systems $750,000 for exporting products that included encryption to China, Hong Kong, Russia, Israel, South Africa, and South Korea. While most had recognized that sending encryption (or, well, just about anything) to places like Iran, Cuba and North Korea might be problematic, most people had assumed that other countries, like those on the list above were no big deal.

As the linked article (from law firm Goodwin Procter) points out:

We believe this to be the first penalty BIS has ever issued for the unlicensed export of encryption software that did not also involve comprehensively sanctioned countries (e.g., Cuba, Iran, North Korea, Sudan or Syria). This suggests a fundamental change in BIS?s treatment of violations of the encryption regulations.

Historically, BIS has resolved voluntarily disclosed violations of the encryption regulations with a warning letter but no material consequence, and has shown itself unlikely to pursue such violations that were not disclosed. This fine dramatically increases the compliance stakes for software companies ? a message that BIS seemed intent upon making in its announcement.

Furthermore, the report understates the simple fact that “encryption is ubiquitous in software products” these days. And that’s something that’s only growing (a trend that should continue as encryption is increasingly important). But if the Commerce Department has suddenly decided to pick a fight over this issue, it could create a real competitive disadvantage for American tech companies trying to offer products around the globe. So, not only has the US government undermined the US tech industry through surveillance and backdoors, now it’s looking to make it more difficult to build in encryption that better protects against such intrusions. It’s almost as if the government wants to cede technology leadership to other countries.

Filed Under: , , ,
Companies: intel, wind river systems

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption”

Subscribe: RSS Leave a comment
50 Comments
That One Guy (profile) says:

Silver lining of sorts

On the one hand, sucks for US based companies. On the other hand, non-US companies are probably better off not using encryption developed by US companies, for obvious reasons, so it will probably work out better for them to look elsewhere anyway.

I do find it rather ‘funny’ that they flipped out over sending encryption software to Israel, as if memory serves the NSA has funneled non-minimized data collected on americans to them in the past. So they’re apparently ‘trustworthy’ enough to handle raw data on american citizens, but not trustworthy enough to be sold encryption software. Nice standards there.

John Fenderson (profile) says:

Re: Silver lining of sorts

One of the results of the old, crypto-wars era prohibitions on cryptography exports from the US is that the US stopped being the nation where the real cutting-edge cryptography takes place. That’s still the case to this day — the best cryptography comes from elsewhere (often Israel). I guess the US wants it to stay that way.

DannyB (profile) says:

Memories from the cryptowars

You could not export research or know how about cryptography. New algorithms. Etc. But especially source code.

(Is source code to a computer program a munition? Really? Does smoking marijuana one time really turn you into a deranged insane monster?)

A point of discussion was: could you travel out of the country with a book? What about a book about cryptography which contained printed source code in its pages? Does our democracy believe in open borders and freedom of travel? Is the government censoring books? Or restricting the reading of books to citizens of the US but others should not be permitted to read certain books or study certain technical subjects?

Here is one other thing from memory. The author of Applied Cryptography wrote something prophetic. Remember he’s writing this in the 1990’s. It’s on about page 99 or 100. (Sorry, this is purely from memory!) The author is discussing the restrictions on cryptography and expands on how the government could remove a lot of our freedoms. He speculates on how this could happen, for example, if there were a major attack, say, on New York. It’s not that it was so difficult to see that a terrorist attack could happen in New York. But to recognize how our freedoms could start being removed for false security was insightful, IMO. And actually just a bit unbelievable at the time.

RonKaminsky (profile) says:

Re: Memories from the cryptowars

could you travel out of the country with a book?

The answer is (or was): “yes”. This is exactly how the source code for PGP was exported out of the US to enable its international distribution. IIRC, the book which was printed even had periodic checksums to enable easily checking the output of the OCR processing.

Anonymous Coward says:

Re: This is a shot across the bow of Apple & Google

It won’t really affect Google and Apple though — they’ll just develop and inject the cryptography offshore, prior to importing the hardware to the US.

It’s interesting; I remember all the hoops Phil Zimmerman had to go through back in the day with PGP and PGPi, and Debian STILL has its international repos for encryption.

At one point I actually had to get a CIA background check and become certified as a munitions importer/exporter… to ship SIM chips out of the country to place in phones and modems that were to be imported to the US, as assembly was done in Canada.

I was really hoping those idiotic days were behind us. Oh well.

Anonymous Coward says:

Makes me happy for not being a USA citizen

It’s stories like these that make me happy for not having been born in the USA or to USA-citizen parents.

I’m free to write and export software with encryption as I please (and nowadays, writing network software without encryption is a sign of incompetence).

I don’t have to pay taxes to a country other than my country of residence.

I’m free, because I’m not a USA citizen.

Anonymous Coward says:

A taste of ITAR

Maybe this will bring a little light on the insane monstrosity that is ITAR, the International Traffic in Arms Regulations, and it’s slightly less deranged sister the Export Administration Regulations.

Not only can you be arrested for exporting a chip containing strong encryption, you can be a criminal exporter for telling your neighbor about encryption, because he might tell two friends, who might tell two friends … who might tell a foreign person. And a foreign person is not necessarily a person in a foreign country, he might be your other neighbor, who lives and works in the United States!

I work in the space business, and while I primarily work on perfectly non-military science missions, I can’t tell anyone anything significant lest I run afoul of ITAR. It’s pretty much impossible not to, so it has become very much like in Atlas Shrugged (whether you like Ayn Rand or not is not important here) where everyone is a criminal, so the government gets to decide who to arrest.

I wonder what Wind River actually did to raise the ire of the Commerce Department. (Since it’s the Commerce Department involved it’s actually EAR that they’re going after here.)

peter says:

Crypto export controlled by the US but not their stupidity

The control of ‘weapon’exports is controlled through a process called ITAR (international Traffic in Arms Regulations).

I have put quotation marks around weapons for those who may consider that a weapon consists of hand grenades or nuclear bombs and that encryption is just a bizarre abberation. Hell no. ITAR can affect just about anything that touches any military product. I personally designed an installation that used a radio that had crypto in it. Because the radio used an RS232 cable, the RS232 cable was classified ITAR. Even more bizzare, a battery charger that could charge batteries used by this ITAR radio, the charger was declared ITAR. Think about it for a minute, an RS232 cable and a battery charger have been declared to be ‘weapons’ by the US government.
The ITAR tentacles go even further than this. Has anyone ever wondered why some Japanese or German companies require you to declare that their products will never be used in any military application. Its not because they are pacifist, but because they do not want their products to be declared ITAR.
ITAR is just a joke the Americans have played on the rest of the world.

Anonymous Coward says:

Re: Crypto export controlled by the US but not their stupidity

You think ITAR’s bad… EAR applies to SIM chips for cell phones and the chips inside all non-US credit cards. That’s right — every person who enters the US with an international credit card or cell phone and then leaves again becomes a criminal in the US. There are some personal use exemptions, but I’m sure if you used either “for business” the commerce department could find grounds to fine you.

And of course, if you touch anything related to the US Military, you get hit with ITAR.

Anonymous Coward says:

Re: Total Power

This is the end result of any government that is left unchecked, or being checked by an ignorant electorate.

America is special because we have both issues… an ignorant electorate that is not even bothering to check the government.

It’s a my party guy versus your party guy and any negativity towards liberalism or the democrats is seen as one being a fundie conservative and vice versa.

If you hold to a party or dogma to a point that your own are allowed to be corupt but not the other is what is destroying us.

beltorak (profile) says:

Re: Re:

still no good. i had to take a corporate training thing about ITAR and EAR; it’s truly crazy. Some of the things I remember:

– controlled items include but are not limited to hardware, software, services, or instructions pertaining to “arms”.

– services rendered: a US citizen cannot assist a foreigner with any controlled item; this also includes open-source, publicly available software or hardware that originated outside the USA and that the foreigner obtained without “going through” the USA.

– re-exportation is also illegal; even if the controlled item originated from outside the USA, if you have it you cannot “export” it. This facet is (from what I remember) unique to the USA’s version (ITAR and EAR) of these laws. It makes sense that if (for example) a German national downloads a “munition” from Sweden that is (legally by Sweden’s laws) available to anyone else in the world, that the German national would be able to host a mirror site. But if a US national mirrors the same “munition”, it is illegal.

there is an exception for clearly dual-use items (must have significant applicability to citizen’s lawful commerce), which is how openssl (and other publicly known cryptographic primitives and implementations) is allowed.

which makes me wonder what exactly whisper systems got hit with?

Vikram R Singh (user link) says:

Request for a conference call

Dear Sir / Madam

Thanks for taking the time to go through our communications. We would like to know if there are any technological pain areas which we can solve by employing well thought upon mobile / web applications. As an IT consulting firm, Antier has helped Acuity Brands, world’s leading lighting control company, save over $5 million by developing for them a CRM solution for controlling their sales operations world over. In addition to it, we have also helped a leading automobile company to increase their turnover by four times through internet marketing.

We would highly appreciate if we you can have a look at our portfolio in the following link to give you an insight of our abilities:
http://www.antiersolutions.com/portfolio/index.html

We look forward to a short conference call with you to discuss more about how we can help you find sustainable and innovative solutions with our strengths and areas of specialization. Please advise a good time and number to call you at.

I look forward to hearing from you.

Thanks in advance.

jams (profile) says:

Cryptocurrency exchange software

Cryptocurrency exchange software is solution for trading of assets such as cryptocurrencies, tokens ,fiats other assets. Software has market making or liquidity options are provided.Codono supports All fiat currencies.so you can create market Between Fiat-Crypto, Fiat-Fiat, Crypto-Crypto.Moreover it supports almost any Coin/Token, ie Bitcoin[BTC,LTC,Doge] , Tron [Trc10+TRC20]*, Ethereum Based[ ETH -ERC20, BNB-BEP20, FTM, SOL, Private Networks], XRP, XMR, Waves ,Coinpayments, and many more.
Codono.com supports Auto detection of deposits , Each user is assigned with Unique deposit per coin. Deposits are detected instantly and credited to users. Withdrawals are automatic and manual approval too.Cryptocurrency exchange clone script is used to develop cryptocurrency exchanges so like binance, huobi, coinbase. Turnkey crypto trading script provides similar crypto trading features so you can start crypto exchange within a week.
Codono is developing crypto exchange software from 6 years suitable for small to enterprise scale firms.You can get cryptocurrency exchange development services like Web version or mobile app deploymentto allow users to trade easily.
Exchange is connected with various blockchain networks to provide wallet ,deposit and withdrawal like services.Software provides support and capable for Fiat gateway integration for Creditcard and Bank deposits.Fully Loaded API Endpoints and Documentation for quick integrations.
User to User orders matching using Orderbook and Trading Engine allows instant trading of assets.Dex module Allow users to Buy your Tokens using their metamask/trust wallet. They send/receive on same automatically. Users can Buy – sell crypto from customers using OTC module .
You can Earn your customers Loyalty and make to return to your exchange using Faucet module. With airdrop module on cryptocurrency exchange software allow users to hold and earn Incentives by airdropping. With Invest module involve users to invest in Great projects and allow them to earn interest over it.
Codono is different , we provide you complete software to host on your own server. No strings attached. It comes with Framework Documentation , Backend Tutorial, API Documentation, Sample Controller builder and many more development tools.
It is selfhosted solution ,where you control exchange and its hosted on your Own servers.If you plan to start bitcoin exchange platform , get in touch with our blockchain experts using support@codono.com or using live chat on https://codono.com to get guidance to build live crypto exchange , even receive crypto exchange services as you desire.
It’s integrated with nodes like
1. Btc type [BTC , BCH , LTC, DOGE , DASH , ZCASH, PivX, etc]
2. Eth erc20 [Ethereum and All erc20 tokens]
3. Waves and tokens
4. Xmr and cryptonote
5. BnB and bep20 tokens
6. XRP
7. Coinpayments[ 2000 + coins and tokens]
8. Tron+ TRC10+ TRC20 Support
Fiat Gateways
1.Bank deposit
2.Authorize.net
3.YocoPayments
4.Uganda Mobile payments
5.PaymentWall

jams (profile) says:

Cryptocurrency exchange software

[https://codono.com Cryptocurrency exchange software] is solution for trading of assets such as cryptocurrencies, tokens ,fiats other assets. Software has market making or liquidity options are provided.Codono supports All fiat currencies.so you can create market Between Fiat-Crypto, Fiat-Fiat, Crypto-Crypto.Moreover it supports almost any Coin/Token, ie Bitcoin[BTC,LTC,Doge] , Tron [Trc10+TRC20]*, Ethereum Based[ ETH -ERC20, BNB-BEP20, FTM, SOL, Private Networks], XRP, XMR, Waves ,Coinpayments, and many more.
Codono.com supports Auto detection of deposits , Each user is assigned with Unique deposit per coin. Deposits are detected instantly and credited to users. Withdrawals are automatic and manual approval too.Cryptocurrency exchange clone script is used to develop cryptocurrency exchanges so like binance, huobi, coinbase. Turnkey crypto trading script provides similar crypto trading features so you can start crypto exchange within a week.
Codono is developing crypto exchange software from 6 years suitable for small to enterprise scale firms.You can get cryptocurrency exchange development services like Web version or mobile app deploymentto allow users to trade easily.
Exchange is connected with various blockchain networks to provide wallet ,deposit and withdrawal like services.Software provides support and capable for Fiat gateway integration for Creditcard and Bank deposits.Fully Loaded API Endpoints and Documentation for quick integrations.
User to User orders matching using Orderbook and Trading Engine allows instant trading of assets.Dex module Allow users to Buy your Tokens using their metamask/trust wallet. They send/receive on same automatically. Users can Buy – sell crypto from customers using OTC module .
You can Earn your customers Loyalty and make to return to your exchange using Faucet module. With airdrop module on cryptocurrency exchange software allow users to hold and earn Incentives by airdropping. With Invest module involve users to invest in Great projects and allow them to earn interest over it.
Codono is different , we provide you complete software to host on your own server. No strings attached. It comes with Framework Documentation , Backend Tutorial, API Documentation, Sample Controller builder and many more development tools.
It is selfhosted solution ,where you control exchange and its hosted on your Own servers.If you plan to start bitcoin exchange platform , get in touch with our blockchain experts using support@codono.com or using live chat on https://codono.com to get guidance to build live crypto exchange , even receive crypto exchange services as you desire.
It’s integrated with nodes like
1. Btc type [BTC , BCH , LTC, DOGE , DASH , ZCASH, PivX, etc]
2. Eth erc20 [Ethereum and All erc20 tokens]
3. Waves and tokens
4. Xmr and cryptonote
5. BnB and bep20 tokens
6. XRP
7. Coinpayments[ 2000 + coins and tokens]
8. Tron+ TRC10+ TRC20 Support
Fiat Gateways
1.Bank deposit
2.Authorize.net
3.YocoPayments
4.Uganda Mobile payments
5.PaymentWall

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...