1998-02-14 - BXA, UK Ban, McCain-Kerrey

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: 92701625fd2b49e64687a3de209900c3b461c5b88d83d7a5571a44a9c4b21b11
Message ID: <1.5.4.32.19980214004354.009d3ccc@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1998-02-14 00:41:28 UTC
Raw Date: Fri, 13 Feb 1998 16:41:28 -0800 (PST)

Raw message

From: John Young <jya@pipeline.com>
Date: Fri, 13 Feb 1998 16:41:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: BXA, UK Ban, McCain-Kerrey
Message-ID: <1.5.4.32.19980214004354.009d3ccc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


In response to Greg Broiles' and Ulf  Mller's posts and the 
prospect of a UK ban on non-escrowed encryption next Tuesday:


                       Opening Address
             Under Secretary William A. Reinsch   
               Bureau of Export Administration   
                 U.S. Department of Commerce
                       Update West 98   
                  Los Angeles, California    
                      February 10, 1998

[Excerpt]

Encryption

One of the reasons why our licensing load is inching back up 
is the transfer of encryption licensing to Commerce earlier 
this year. No speech from me would be complete without a 
paragraph on encryption, so here it is. 

Our policy is intended to balance the competing interests of 
privacy, electronic commerce, law enforcement, and national 
security. We believe that use of key recovery technologies is 
the best way to achieve that balance. We do not focus narrowly 
on a single technology or approach. We expect the market to 
make those judgments, but we are taking steps to facilitate the 
development and dissemination of these products.

Our regulations allow recoverable encryption products of any 
strength and key length to be exported freely after a single 
review by the government. To encourage movement toward recoverable 
products, we have also created a special, two-year liberalization 
period during which companies may export 56 bit DES or equivalent 
products provided they submit plans to develop key recovery 
products. This provides an incentive for manufacturers to develop 
these products, which in turn will facilitate the development of 
key management infrastructures. So far, we have approved 47 plans, 
from companies large and small, and have five more pending.

In terms of licenses, in calendar year 1997, we received 2076 
applications, and approved 1801 licenses with a dollar value of 
$4.7 billion. (The reason for the high dollar value is because we 
approve encryption licensing arrangements for extended periods of 
time, from 4 to 10 years.)

The interagency working group on cryptography policy, which 
includes representatives from BXA, NSA, and the FBI, continue to 
meet to discuss ways to streamline the licensing process on 
encryption export licenses. Several items have been identified and 
progress is being made in these areas. We have established a 
pre-Operating Committee group to discuss contentious cases. In 
part as a result, no encryption cases have been escalated to the 
OC since mid-December. We have created an Autolist to eliminate 
agency referrals. So far, we have agreed to list specific products 
amounting to 20% of the products we see. This means, once 
implemented, that a subset of licenses can be processed by 
Commerce without prior referral to other agencies. Finally, we 
have posted on our web page "helpful hints" to make the 
encryption licensing process more transparent: 

  http://www.bxa.doc.gov/encguide.htm

We continue to work on other initiatives to streamline the process.

We are also discussing with our trading partners a common approach 
to encryption policy. We have found that most major producing 
countries have public safety and national security concerns similar 
to ours. We are working together with these governments to ensure 
that our policies are compatible, and that they facilitate the 
emergence of a key management infrastructure.

With respect to legislation, we believe the McCain-Kerrey Bill, 
S. 909, the Secure Public Networks Act, provides a sound basis for 
legislation acceptable to both Congress and the Administration. In 
particular, we appreciate the bill's explicit recognition of the 
need to balance competing objectives and of the potential for key 
recovery to become a market-driven mechanism to facilitate 
maintaining that balance. 

...

[Other excerpts of speeches by BXA officials at the seminar:]

Encryption Controls

Export Enforcement has new responsibilities in the encryption area. 
Over the past year, Export Enforcement has opened many new 
investigations involving alleged violations of the encryption 
regulations. These cases are being watched very closely. The 
national security of the United States depends in part on the 
government's ability to obtain timely information about the 
activities and plans of potentially hostile foreign parties, 
such as terrorists and drug dealers. 

... the Department of Justice and National Security Agency 
participate in processing licenses for encryption. ... The 
increase in licenses we are experiencing is attributable not only 
to increased exports, but to transfer of items from the Munitions 
List to Commerce jurisdiction. Encryption licenses account for a 
significant portion of the increase. We created a special division 
to handle those. As of today, there is only one encryption case 
that has been pending over 40 days.

-----

For full speeches: http://jya.com/bxa-west98.htm






Thread