IP: full China/RSA story. gets stranger in full

[Dave Farber <farber () central cis upenn edu>]

    Wall Street Journal, February 8, 1996, p. A10.




    China, U.S. Firm Challenge U.S. On Encryption-Software
    Exports


    By Don Clark




    RSA Data Security Inc., the dominant supplier of
    data-privacy software, announced an unusual partnership
    with the Chinese government that exploits loopholes in U.S.
    export restrictions on codemaking technology.


    As part of the deal, RSA, which is based in Redwood City,
    Calif., plans to fund an effort by Chinese government
    scientists to develop new encryption software. The
    Chinese-developed software, based on RSA's general
    mathematical formula, may be more powerful than versions
    now permitted for export under U.S. Iaws, said James
    Bidzos, RSA's president.


    Two Chinese agencies also will use and distribute RSA data
    encryption products that may be legally exported from the
    U.S. The Chinese encryption-development arrangement, which
    isn't based on those products, appears to be legal as long
    as RSA doesn't supply the scientists with any other
    controlled technology, lawyers familiar with export laws
    said.


    RSA's move comes at a sensitive time in U.S.-China
    relations, and opens a new front in the company's
    long-running campaign against encryption export
    regulations. The closely held company, and other U.S.
    software concerns, have attacked the Clinton administration
    and the National Security Agency for trying to limit the
    strength of exported U.S. technology, while stronger
    products increasingly can be purchased from competing
    foreign companies.


    "The government has opened export doors a crack, and we
    sort of drove a Mack truck through them," Mr. Bidzos said
    of the Chinese deal. "The genie is truly out of the
    bottle."


    Stewart Baker, a Washington lawyer and former general
    counsel of the NSA, said the government "obviously would
    not be thrilled" by RSA's China venture. China hasn't in
    the past been party to international agreements governing
    encryption exports, he noted, and RSA's move could force
    other countries to consider China as an important player.
    "It's going to create an interesting strain in the
    international discussion," he said.


    Japan, an even more potent force in technology, appears to
    be leaning toward loosening export controls on encryption,
    Mr. Baker and other industry executives say. RSA plans to
    announce the formation of a new company in Japan today, but
    the venture will be subject to U.S. export controls, Mr.
    Bidzos said.


    Encryption uses special mathematical formulas, called
    algorithms, to scramble voice conversations or data to make
    them unintelligible to eavesdroppers. RSA's founders
    developed a popular variant of the technology that helps
    determine the authenticity of senders and recipients of
    messages. Both privacy and authentication are widely
    regarded as crucial to advances in electronic commerce.


    RSA struck its deal with departments of China's Ministry of
    Foreign Trade and Economic Cooperation, and the Academy of
    Sciences. They will use two RSA software products -- one
    for authentication and one for protecting the contents of
    PC hard drives -- internally and help distribute them. The
    Academy scientists who will develop new encryption software
    also will be paid to try to break RSA's products to test
    their strength, Mr. Bidzos said.


    A spokesman at the Commerce Department's bureau of export
    administration said he was unaware of RSA's China venture,
    but said the agency would be monitoring developments.


    Mr. Baker, the former NSA attorney, questioned whether
    customers in other countries would warm to the idea of
    Chinese-developed encryption software. Products approved by
    the U.S. government for export have the stigma that NSA can
    decode, and Chinese products might be subject to even more
    suspicion, Mr. Baker said.


    Still, the RSA deal is likely to be seen as further
    evidence of slipping U.S. control over encryption. "It is
    another example of what happens when you try to impose
    unilateral controls on what is in reality uncontrollable
    technology," said Bruce Heiman, an outside attorney for the
    Business Software Alliance.


    [End]