[ISN] US Updates Crypto Policy

From: mea culpa (jerichoat_private)
Date: Wed Sep 16 1998 - 09:43:09 PDT

  • Next message: mea culpa: "[ISN] [3o3] US Updates Crypto Policy"

    Forwarded From: "Jay D. Dyson" <jdysonat_private>
    Hot off the presses and courtesy of the Cryptography List.
    - ---------- Forwarded message ----------
    Date: Wed, 16 Sep 1998 12:07:36 -0400
    From: John Young <jyaat_private>
    Subject: US Updates Crypto Policy
                                  THE WHITE HOUSE
                           Office of the Press Secretary
    For Immediate Release
    September 16, 1998
                         STATEMENT BY THE PRESS SECRETARY
                     Administration Updates Encryption Policy
         The Clinton Administration today announced a series of steps to
    update its encryption policy in a way that meets the full range of
    national interests:  promotes electronic commerce, supports law
    enforcement and national security and protects privacy.  These steps are a
    result of several months of intensive dialogue between the government and
    U.S.  industry, the law enforcement community and privacy groups that was
    called for by the Vice President and supported by members of Congress. 
         As the Vice President stated in a letter to Senator Daschle, the
    Administration remains committed to assuring that the nation?s law
    enforcement community will be able to access, under strictly defined legal
    procedures, the plain text of criminally related communications and stored
    information.  The Administration intends to support FBI?s establishment of
    a technical support center to help build the technical capacity of law
    enforcement - Federal, State, and local - to stay abreast of advancing
    communications technology. 
         The Administration will also strengthen its support for electronic
    commerce by permitting the export of strong encryption when used to
    protect sensitive financial, health, medical, and business proprietary
    information in electronic form.  The updated export policy will allow U.S.
    companies new opportunities to sell encryption products to almost 70
    percent of the world?s economy, including the European Union, the
    Caribbean and some Asian and South American countries.  These changes in
    export policy were based on input from industry groups while being
    protective of national security and law enforcement interests. 
         The new export guidelines will permit exports to other industries
    beyond financial institutions, and further streamline exports of key
    recovery products and other recoverable encryption products.  Exports to
    those end users and destination countries not addressed by today?s
    announcement will continue to be reviewed on a case-by-case basis. 
         Very strong encryption with any key length (with or without key
    recovery) will now be permitted for export, under license exception, to
    several industry sectors.  For example, U.S. companies will be able to
    export very strong encryption for use between their headquarters and their
    foreign subsidiaries worldwide except the seven terrorist countries (Iran,
    Iraq, Libya, Syria, Sudan, North Korea and Cuba) to protect their
    sensitive company proprietary information. 
         On-line merchants in 45 countries will be able to use robust U.S. 
    encryption products to protect their on-line electronic commerce
    transactions with their customers over the Internet. 
         Insurance companies as well as the health and medical sectors in
    those same 46 countries will be able to purchase and use robust U.S.
    products to secure health and insurance data among legitimate users such
    as hospitals, health care professionals, patients, insurers and their
         The new guidelines also allow encryption hardware and software
    products with encryption strength up to 56-bit DES or equivalent to be
    exported without a license, after a one time technical review, to all
    users outside the seven terrorist countries.  Currently, streamlined
    exports of DES products are permitted for those companies that have filed
    key recovery business plans.  However, with the new guidelines, key
    recovery business plans will no longer be required. 
         The Administration will continue to promote the development of key
    recovery products by easing regulatory requirements.  For the more than 60
    companies which have submitted plans to develop and market key recovery
    encryption products, the six month progress reviews will no longer be
    required.  Once the products are ready for market, they can be exported,
    with any bit length -- without a license -- world-wide (except to
    terrorist nations) after a one-time review.  Furthermore, exporters will
    no longer need to name or submit additional information on a key recovery
    agent prior to export.  These requirements will be removed from the
         Finally, industry has identified other so-called "recoverable" 
    products and techniques that allow for the recovery of plaintext by a
    system or network administrator and that can also assist law enforcement
    access, subject to strict procedures.  The Administration will permit
    their export for use within most foreign commercial firms, and their
    wholly-owned subsidiaries, in large markets, including Western Europe,
    Japan and Australia, to protect their internal business proprietary
         The Administration welcomes a continued dialogue with U.S. industry
    and intends to review its policy in one year to determine if additional
    updates may be necessary to continue a balanced approach that protects the
    public safety and national security, ensures privacy, enables continued
    technology leadership by U.S. industry and promotes electronic commerce. 
                                       # # #
    Version: 2.6.2
    -----END PGP SIGNATURE-----
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:04:29 PDT