1996-10-02 - White House Statement on Clipper 3.11

Header Data

From: abd@cdt.org (Alan Davidson)
To: cypherpunks@toad.com
Message Hash: 42a2fa7a8eef8f7396deeaf2e6c20653a46d26fd0d4afd1e68e789da4e50962c
Message ID: <v02140b02ae77235ea526@[204.157.127.11]>
Reply To: N/A
UTC Datetime: 1996-10-02 03:47:05 UTC
Raw Date: Wed, 2 Oct 1996 11:47:05 +0800

Raw message

From: abd@cdt.org (Alan Davidson)
Date: Wed, 2 Oct 1996 11:47:05 +0800
To: cypherpunks@toad.com
Subject: White House Statement on Clipper 3.11
Message-ID: <v02140b02ae77235ea526@[204.157.127.11]>
MIME-Version: 1.0
Content-Type: text/plain



Included below for your viewing pleasure is the Administration's latest
encryption proposal, released at a White House briefing this afternoon.

This statement, and more information including CDT's forthcoming analysis
of the proposal, are available at:

        http://www.cdt.org/crypto
        http://www.crypto.com



Alan Davidson, Staff Counsel                 202.637.9800 (v)
Center for Democracy and Technology          202.637.0968 (f)
1634 Eye St. NW, Suite 1100                  <abd@cdt.org>
Washington, DC 20006                         PGP key via finger


----------------

THE WHITE HOUSE
Office of the Vice President

FOR IMMEDIATE RELEASE
CONTACT:  456-7035
TUESDAY, October 1, 1996

STATEMENT OF THE VICE PRESIDENT

President Clinton and I are committed to promoting the growth of electronic
commerce and robust, secure communications worldwide while protecting the
public safety and national security.  To that end, this Administration is
consulting with Congress, the information technology industry, state and
local law enforcement officials, and foreign governments on a major
initiative to liberalize export controls for commercial encryption
products.

The Administration's initiative will make it easier for Americans to use
stronger encryption products -- whether at home or abroad -- to protect
their privacy, intellectual property and other valuable information.  It
will support the growth of electronic commerce, increase the security of
the global information, and sustain the economic competitiveness of U.S.
encryption product manufacturers during the transition to a key management
infrastructure.

Under this initiative, the export of 56-bit key length encryption products
will be permitted under a general license after one-time review, and
contingent upon industry commitments to build and market future products
that support key recovery.  This policy will apply to hardware and software
products.  The relaxation of controls will last up to two years.

The Administration's initiative recognizes that an industry-led technology
strategy will expedite market acceptance of key recovery, and that the
ultimate solution must be market-driven.

Exporters of 56-bit DES or equivalent encryption products would make
commitments to develop and sell products that support the key recovery
system that I announced in July.  That vision presumes that a trusted party
(in some cases internal to the user's organization) would recover the
user's confidentiality key for the user or for law enforcement officials
acting under proper authority.  Access to keys would be provided in
accordance with destination country policies and bilateral understandings.
No key length limits or algorithm restrictions will apply to exported key
recovery products.

Domestic use of key recovery will be voluntary, and any American will
remain free to use any encryption system domestically.

The temporary relaxation of controls is one part of a broader encryption
policy initiative designed to promote electronic information security and
public safety.  For export control purposes, commercial encryption products
will no longer be treated as munitions.  After consultation with Congress,
jurisdiction for commercial encryption controls will be transferred from
the State Department to the Commerce Department.  The Administration also
will seek legislation to facilitate commercial key recovery, including
providing penalties for improper release of keys, and protecting key
recovery agents against liability when they properly release a key.

As I announced in July, the Administration will continue to expand the
purchase of key recovery products for U.S. government use, promote key
recovery arrangements in bilateral and multilateral discussions, develop
federal cryptographic and key recovery standards, and stimulate the
development of innovative key recovery products and services.

Under the relaxation, six-month general export licenses will be issued
after one-time review, contingent on commitments from exporters to explicit
benchmarks and milestones for developing and incorporating key recovery
features into their products and services, and for building the supporting
infrastructure internationally.  Initial approval will be contingent on
firms providing a plan for implementing key recovery.  The plan will
explain in detail the steps the applicant will take to develop, produce,
distribute, and/or market encryption products with key recovery features.
The specific commitments will depend on the applicant's line of business.

The government will renew the licenses for additional six-month periods if
milestones are met.  Two years from now, the export of 56-bit products that
do not support key recovery will no longer be permitted.  Currently
exportable 40-bit mass market software products will continue to be
exportable.  We will continue to support financial institutions in their
efforts to assure the recovery of encrypted financial information.  Longer
key lengths will continue to be approved for products dedicated to the
support of financial applications.

The Administration will use a formal mechanism to provide industry, users,
state and local law enforcement, and other private sector representatives
with the opportunity to advise on the future of key recovery.  Topics will
include:

evaluating the developing global key recovery architecture
assessing lessons-learned from key recovery implementation
advising on technical confidence issues vis-a-vis access to and release of keys
addressing interoperability and standards issues
identifying other technical, policy, and program issues for governmental action.

The Administration's initiative is broadly consistent with the recent
recommendations of the National Research Council.  It also addresses many
of the objectives of pending Congressional legislation.







Thread