While the federal government debates the issue of lifting export controls on strong encryption products, the Department of Commerce (DOC) has recognized that an exemption should be carved out for financial institutions because of their obvious need for secure Web-based transactions.
However, the DOC initiative has yet to translate into action, much to the frustration of the Securities Industry Association, which has been lobbying to get relief for its members.
In May 1997, the DOC announced a policy change granting special privileges to "financial institutions" and promised that "new regulations will be published to allow the export of products specifically designed to support financial transactions," according to the department's announcement.
But a year later the DOC still hasn't issued the regulations nor does the DOC have any idea as to when those regs might be issued, a DOC spokesperson says.
The problem is competing interests of business and law enforcement. Federal law enforcement officials are battling to keep the current controls in place to prevent terrorists and criminals from making their electronic communications uncrackable. Business interests and their representatives in Washington, D.C., (like the DOC) are fighting to get the controls relaxed, if not lifted, so electronic commerce can go forward.
In the interim, the SIA hasn't even been able to find out whether the DOC intends to include brokerage firms in its definition of "financial institutions," says Kristin Roessner, the SIA's vice president for legislative affairs.
The exemption clearly would cover banks. When the policy change was announced, Commerce Undersecretary for Export Administration William Reinsch outlined the new initiative in a speech to the American Bankers Association and said it would include the right to create powerful home banking software that could be exported for the use of overseas customers, while also allowing the export of similarly strong encryption for interbank transactions.
It would seem obvious that the brokerage firms should be included in that exemption--especially now when so many brokerage firms have merged with or been acquired by banks. But in Washington, that's "not a foregone conclusion by any means," Roessner says.
Law enforcement interests (like the FBI) don't want the banks to get an exemption, she notes, never mind the brokerage firms. And, if the brokers are included, "then what would the insurance companies say, and the credit card companies, and it opens up a whole can of worms with the folks who oppose this," she says.
There are no controls on encryption products that are used strictly for domestic purposes, so the industry has no problem there, she notes. But the firms also want "to create customized software products that can be used by all of their offices" both here and abroad, and they can't so long as the current controls remain in place. "We're all very frustrated," Roessner says.
There are a number of bills pending in Congress on the issue, but one in particular, sponsored by Rep. Robert Goodlatte (R-Va.) called Security And Freedom through Encryption (SAFE) Act has made it through five committees and is scheduled to reach the House floor before Memorial Day. A bill on the same subject has been in committee in the Senate but hasn't been acted on since June 1997.