--- begin forwarded text Date: Thu, 26 Aug 1999 17:57:09 -0400 To: [EMAIL PROTECTED] From: David Farber <[EMAIL PROTECTED]> Subject: IP: PECSENC Recommendations on Crypto Export Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] >Date: Thu, 26 Aug 1999 12:00:42 -0400 >From: [EMAIL PROTECTED] (Dorothy Denning) >Subject: PECSENC Recommendations on Crypto Export > >The recommendations of the President's Export Council Subcommittee >on Encryption (PECSENC) are on my Web site at > > http://www.cs.georgetown.edu/~denning/crypto/lib2000.html. > >My understanding is that they have been sent to Commerce Secretary Daley >and that they go to the full PEC tomorrow for approval and transmission >to the President. > >There are 10 recommendations, which I have included below. The report >gives the justification behind them. > >Dorothy >-------- > >President's Export Council Subcommittee on Encryption > >Liberalization 2000: >Recommendations for Revising the Encryption Export Regulations > >I. Reporting Requirements > >Recommendation: Eliminate reporting requirements for exports under >License Exception ENC, License Exception KMI, and "Recoverable" >Encryption ELAs. > >II. License Free Zones > >Recommendation: Create a "license-free zone" by eliminating export >approval requirements for encryption products sent to countries that do >not present a significant national security concern related to U.S. >encryption items. > >III. ENC/Sector Expansion > >Recommendation: Expand the scope of the current License Exception ENC >to add critical infrastructure industries, friendly governments, and >multi-lateral organizations as additional sectors. (This should apply >to trusted sectors located or based in those countries that are eligible >for ENC treatment, but are not included in a "License Free Zone") > >IV. On-Line Merchants > >Recommendation: Allow export of general purpose encryption products to >on-line merchants under License Exception ENC. > >V. Mass-market Hardware and Software > >Recommendation: Expand License Exceptions TSU and ENC to allow export >of mass-market hardware and software encryption with key lengths of 128 >bits or equivalent strength including triple DES. > >VI. Encryption Licensing Arrangements > >Recommendation: Expand the use of flexible licenses such as Encryption >Licensing Arrangements to other areas of the EAR. > >VII. Applications that call Cryptographic Application Programming >Interfaces (APIs) > >Recommendation: Exempt applications that access cryptographic APIs from >EI controls. > >VIII. Chips, Linkable Modules, Toolkits > >Recommendation: Remove exclusion of encryption chips, integrated >circuits, toolkits, executable or linkable modules from export >provisions of License Exception ENC/56-bit. Include encryption chips, >integrated circuits, toolkits, executable or linkable modules, source >code and technology under License Exception ENC provisions to all >sectors authorized to receive encryption commodities and software of >unlimited key strength. > >IX. Infrastructure Management and Integrity Uses of Cryptography > >Recommendation: Exempt uses of cryptography for infrastructure >management and integrity functions from EI controls. > >X. Recoverable products > >Recommendation: Provide "recoverable" encryption products with similar >export privileges as those given to key recovery encryption products >under License Exception KMI. --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'