From: John Young <jya@pipeline.com>
Date: Thu, 31 Dec 1998 03:05:33 +0800
To: cypherpunks@EINSTEIN.ssz.com
Subject: New Crypto Regs
Message-ID: <199812301835.NAA26972@smtp3.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain



Thanks to Ed Roback, NIST: BXA issued a press release today 
on new crypto regulations:

   http://www.bxa.doc.gov/press/98/1230encryption.html (copy below)

The regs themselves are available today only in hardcopy
in Washington DC on display at the Federal Register, but 
the electronic version will be published in the Federal Register 
tomorrow and will be on the BXA Web site <www.bxa.doc.gov>. 

Anybody in DC who could get a copy of the hardcopy and 
fax it to us, it would be appreciated:

Fax: (212) 799-4003
Vox: (212) 873-8700

----------

Commerce Updates Export Controls on Encryption Products

(Washington, D.C.)     The Commerce Department will publish 
new regulations significantly streamlining government export 
controls on powerful encryption -- products that scramble computer 
data -- as part of the Clinton Administration initiatives to make 
government more efficient and enhance the global competitiveness 
of U.S. businesses. These amendments to the Export 
Administration Regulations, on public notice today at the 
Federal Register, end the need for licenses for powerful U.S. 
encryption products to companies worldwide in several 
important industry sectors after a one time review by the 
Commerce Department. The regulations implement the 
policy changes announced by Vice President Gore in 
September.

"Through the hard work of industry and government officials 
to finalize this regulation, U.S. encryption firms will be better 
able to compete effectively with encryption manufacturers 
around the world," said William A. Reinsch, Commerce 
Under Secretary for Export Administration. 

Virtually eliminated are restrictions on selling powerful 
computer data scrambling products to subsidiaries of U.S. 
corporations. There will also be favorable licensing treatment 
to strategic partners of U.S. companies. Strong U.S.-made 
encryption products are now available, under license exception, 
to insurance companies headquartered in 46 countries and 
their branches worldwide. Sales of powerful encryption to 
health and medical organizations in the same countries are 
also eased. To facilitate secure electronic transactions, 
between on-line merchants in those same countries, and 
their customers, the updated regulations permit, under a 
license exception, the export of client-server applications 
(e.g. SSL) and applications tailored to on-line transactions 
to on-line merchants. A list of eligible countries is posted 
on the BXA web-site. 

Further easing government restrictions are new allowances 
for U.S. encryption manufacturers to share their source 
code with their own foreign subsidiaries (while requiring that 
any resulting new products remain subject to U.S. regulation ) 
and streamlining reporting requirements for U.S. firms so that 
compliance is less burdensome.

The new regulations expand the policy of encouraging the 
use of recoverable encryption by removing the requirement to 
name and approve key recovery agents for exports of key 
recovery products from regulations. It also defines a new 
class of "recoverable" encryption products which can now 
be exported under Export Licensing Arrangements to foreign 
commercial firms for internal company proprietary use. 

As part of its stated goal to balance the needs of national 
security and public safety with the desire to protect personal 
privacy and strong electronic commercial security, the 
Administration continues to encourage the development 
and sale of products which enable the recovery of the 
unscrambled data, in an emergency situation.

Finally, the regulations eliminate the need to obtain licenses 
for most encryption commodities and software up to 56-bits 
or equivalent strength.

[End]