The government’s new encryption rules are out, but while many of the old restrictions are gone, it’s not time to break out the champagne just yet. America’s high-tech industry was hoping for freedom from entangling government regulations, and while it’s true the cage has been opened, the ball and chain still remain.

For starters, there’s the matter of the “one-time technical review” that the government will require before any “retail” encryption products—for example, an e-mail reader that scrambles information to protect consumer privacy—can leave the country.

Conducted by the Bureau of Export Administration (BXA), the review requirement is estimated to last a month, a lengthy and unacceptable delay in the fast-paced world of technological advances. Given past security lapses and general inefficiency, the U.S. government would seem decidedly unqualified to become “quality control” for the rest of the world. The Hubble Space Telescope, the Mars Explorer debacle, and the porous atmosphere at nuclear weapons facilities come readily to mind. So why the review?

A call to the BXA didn’t uncover much. The rather evasive public affairs spokesperson informed me that the purpose of the month-long review is to ensure “that the product is what it purports to be.” That makes about as much sense as examining all Chrysler minivans in order to certify that they are not coffee tables.

In September, when the new encryption rules were first floated, privacy advocates such as the ACLU suggested that the technical review requirement was actually a concession to the National Security Agency, which would have first shot at trying to break the code. If they’re right, what happens if the code can’t be broken?

Would companies, desperate to get their product to market, bend to government pressure to build back doors into their products? This could be a real possibility given that the White House has previously sought to allow law enforcement agents to enter the back door of anyone’s computer without prior consent. Whatever the case, the technical review undoubtedly places unnecessary burdens on high-tech firms, putting them at a decided disadvantage in the global marketplace.

And then there’s still the requirement that high-tech firms get permission from the government to sell their wares to any foreign government or military. This is especially problematic because many overseas firms, such as telecommunications companies, have partial government ownership. US companies are once again shouldering a burden that their competitors, notably Germany and Ireland, avoid.

And finally, as with every other big government regulation plan, the little guys always wind up carrying the heaviest burden. Small companies and “one-person-wonders” using the necessary encryption capabilities required for privacy and secure on-line commerce will face bureaucratic hurdles that only the well-greased machine of government can devise. Meanwhile, any criminal worth his or her salt is already able to access and use the strongest encryption products on the market today.

By at least permitting the export of strong encryption, the new encryption rules are a step in the right direction, but they don’t go far enough. In the interests of privacy, security, and economic growth, encryption export sales should be completely deregulated. And it should be done soon. In the world of Internet time, a month of red tape is the difference between a successful product and yesterday’s technology.

Sonia Arrison is director of the Center for Freedom and Technology at the California-based Pacific Research Institute. She can be reached via email at sarrison@pacificresearch.org.