Proposed legislation that would end export limits on encoding software would lift a substantial regulatory burden from the financial services industry.
Financial institutions would no longer have to apply for licenses to use the encryption overseas to protect electronic transactions.
The bill, introduced Tuesday by Sen. Conrad Burns, R-Mont., chairman of Senate Commerce's technology subcommittee, would make it easier for banks to provide code-making material to overseas branches, said John Byrne, a senior counsel at the American Bankers Association.
"We're favorably disposed to anything making it easier to export (encoding) software," Mr. Byrne said. The bill "would certainly eliminate regulatory hurdles."
Sen. Burns' bill would do away with a ban on exporting strong code- making systems, which are deemed a potential threat to national security. A similar bill also was introduced Tuesday in the House by Rep. Bob Goodlatte, R-Va.
Exporting encryption software - which secures computer transactions by scrambling them - has been under State Department control for years. The Data Encryption Standard, developed more than 20 years ago and used widely in America and abroad to protect banks' financial information and classified documents, has been barred from commercial export on the grounds that it would be dangerous in the wrong hands.
Financial services companies, whose digital transactions are deemed too vital to be exposed to hackers, have always been exempt from the encryption export ceiling. And the State Department has granted exemptions for some Internet companies that are set up for financial purposes.
But banks still have to apply with the State Department for licenses to use encryption overseas. This process, handled by the Office of Defense Trade Controls, involves filling out several forms, providing detailed information on the branch or person using the encryption, and submitting technical data on the encryption being used.
Encryption licensing can take 10 days or longer, because of backlogs from the recent government shutdowns, said an official with the Office of Defense Trade Controls.
Mr. Byrne said the ABA is working with the National Security Agency "to try and eliminate this process, or make it a lot easier. The (Senate) bill wouldn't affect these negotiations, but we certainly favor it" because dealing with the State Department would no longer be necessary, he said.
The bill also would make business easier for the World Wide Web's "electronic money" services, which must get approval from the State and Commerce departments to employ stronger encryption than that used on the Internet.
Cybercash Inc. of Reston, Va., for example, had to pass muster with the National Security Agency, the State Department, and the Commerce Department before being allowed to put its encrypted "e-money" software on the Web. "They found the way we use encryption for financial transactions was not (a security threat)," said Mark Zalewski, Cybercash's director of business development.
Internet users around the world can now download Cybercash's strongly encrypted software, which gives vendors a secure channel for credit card transactions on the World Wide Web. But the government did ban the export of Cybercash to people in Cuba, Iraq, Libya, Sudan, Iran, Syria, or North Korea, Mr. Zalewski said.
The government also has argued that encryption exports should be limited so that law enforcement can tap into suspicious electronic transactions with relative speed and ease.
"The ability to make and break codes has an important role in the political fortunes and misfortunes of countries," said Edward Roback, an encryption specialist at the Commerce Department's National Institute of Standards and Technology. "If terrorists use encryption to hide their activities, that could present a very real threat to the country. Clearly, there's a need for encryption, but we want a way to protect society."
Most types of heavily encrypted hardware and software - particularly business security systems - have been barred from export. Many software manufacturers want to get rid of any encryption export restrictions.
But bankers believe a compromise can be reached between business and national security concerns. The banking industry works with government and software industry representatives at the American National Standards Institute to form policies on exporting encryption.
"The banking industry has been able to work with the government to make sure that customers and banks have access to cryptographic tools without harming the government's policy goals," said Kawika Daguio, an electronic banking expert with the ABA.
But the House and Senate bills would do away with the uncertainty of dealing with government agencies, banking officials said.
"From our perspective, the government has been fair and reasonable regarding encryption, but there's never any guarantee that that will continue," Mr. Byrne said. "If the government did anything to restrict encryption, or if negotiations (at ANSI) break down, we'll need that legislation."
Mr. Duchemin writes for the Medill News Service.
