In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption
from the the-war-on-encryption dept
For those who lived through the late 90’s cryptowars, it’s beginning to feel like history is repeating itself. We’ve seen the series of recent stories about the US government’s misguided, FUD-based freakout over some recent moves to enhance privacy through more widely usable encryption, but now we’re reaching the stage of the game where the government also starts attacking the “export” of cryptography. If you don’t remember, a key part of the original cryptowars was over whether or not strong cryptography could be classified as a weapon, and subject to significant export controls. Thankfully, that idea was mostly scrapped, and encryption flourished, helping to make the internet and other technologies much safer.
However, it appears the government is back to going after the export of encryption, as the Department of Commerce recently fined Intel subsidiary Wind River Systems $750,000 for exporting products that included encryption to China, Hong Kong, Russia, Israel, South Africa, and South Korea. While most had recognized that sending encryption (or, well, just about anything) to places like Iran, Cuba and North Korea might be problematic, most people had assumed that other countries, like those on the list above were no big deal.
As the linked article (from law firm Goodwin Procter) points out:
We believe this to be the first penalty BIS has ever issued for the unlicensed export of encryption software that did not also involve comprehensively sanctioned countries (e.g., Cuba, Iran, North Korea, Sudan or Syria). This suggests a fundamental change in BIS?s treatment of violations of the encryption regulations.
Historically, BIS has resolved voluntarily disclosed violations of the encryption regulations with a warning letter but no material consequence, and has shown itself unlikely to pursue such violations that were not disclosed. This fine dramatically increases the compliance stakes for software companies ? a message that BIS seemed intent upon making in its announcement.
Furthermore, the report understates the simple fact that “encryption is ubiquitous in software products” these days. And that’s something that’s only growing (a trend that should continue as encryption is increasingly important). But if the Commerce Department has suddenly decided to pick a fight over this issue, it could create a real competitive disadvantage for American tech companies trying to offer products around the globe. So, not only has the US government undermined the US tech industry through surveillance and backdoors, now it’s looking to make it more difficult to build in encryption that better protects against such intrusions. It’s almost as if the government wants to cede technology leadership to other countries.