Two U.S.-based groups responsible for the Internet's technical management and standards today slammed new restrictions placed on the export of encryption software.
In a joint statement today, the Internet Architecture Board (IAB) and the Internet Engineering Steering Group (IESG) said they "deplore" recent changes made to the Wassenaar Arrangement -- an international export control agreement -- that further limit the availability of encryption software.
The Wassenaar Arrangement seeks to protect international security by controlling the transfer of potentially dangerous arms, as well as what are called dual-use goods and technologies, between countries. Earlier this month, 33 countries signed a revised version of the agreement, which, among other things, put encryption software longer than 64-bits under export controls.
"Strong cryptography is essential to the security of the Internet; restrictions on its use or availability will leave us with a weak, vulnerable network, endanger the privacy of users and businesses, and slow the growth of electronic commerce," the Internet groups said in the statement.
The Internet groups are happy that some limits on encryption keys have been raised from 40 bits to 64 bits, according to the statement. But they still find 64-bit keys insufficient, noting that hackers can crack 64-bit encryption codes in less than a day for only about US$2,500. Both groups consider a 90-bit key as the minimum for secure Internet communications and commerce.
The restrictions could also threaten the security needs of developing countries, according to IAB and IESB, which may lack the financial and technical strengths to develop their own cryptography.
The two Internet groups join a gradually-building chorus of other voices worldwide opposed to the new encryption restrictions. A number of privacy advocates recently criticized the arrangement. Today's statement was also endorsed by the Internet Society, a non-profit, non-governmental organization representing Internet users in more than 150 countries.