--- begin forwarded text
Date: Thu, 16 Sep 1999 14:36:39 -0400
To: [EMAIL PROTECTED]
From: Hudson Barton [EMAIL PROTECTED]
Subject: Administration Updates Encryption Policy
Sender: [EMAIL PROTECTED]
List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe%20mac-crypto
Office of the Press Secretary
For Immediate Release
September 16, 1998
STATEMENT BY THE PRESS SECRETARY
Administration Updates Encryption Policy
The Clinton Administration today announced a series of steps to
update its encryption policy in a way that meets the full range of
national interests: promotes electronic commerce, supports law
enforcement and national security and protects privacy. These steps
are a result of several months of intensive dialogue between the
government and U.S. industry, the law enforcement community and
privacy groups that was called for by the Vice President and
supported by members of Congress.
As the Vice President stated in a letter to Senator Daschle, the
Administration remains committed to assuring that the nation's law
enforcement community will be able to access, under strictly defined
legal procedures, the plain text of criminally related communications
and stored information. The Administration intends to support FBI's
establishment of a technical support center to help build the
technical capacity of law enforcement - Federal, State, and local -
to stay abreast of advancing communications technology.
The Administration will also strengthen its support for electronic
commerce by permitting the export of strong encryption when used to
protect sensitive financial, health, medical, and business
proprietary information in electronic form. The updated export policy
will allow U.S. companies new opportunities to sell encryption
products to almost 70 percent of the world's economy, including the
European Union, the Caribbean and some Asian and South American
countries. These changes in export policy were based on input from
industry groups while being protective of national security and law
enforcement interests.
The new export guidelines will permit exports to other industries
beyond financial institutions, and further streamline exports of key
recovery products and other recoverable encryption products. Exports
to those end users and destination countries not addressed by today's
announcement will continue to be reviewed on a case-by-case basis.
Very strong encryption with any key length (with or without key
recovery) will now be permitted for export under license exception,
to several industry sectors. For example, U.S. companies will be able
to export very strong encryption for use between their headquarters
and their foreign subsidiaries worldwide except the seven terrorist
countries (Iran, Iraq, Libya, Syria, Sudan, North Korea and Cuba) to
protect their sensitive company proprietary information.
On-line merchants in 45 countries will be able to use robust U.S.
encryption products to protect their on-line electronic commerce
transactions with their customers over the Internet.
Insurance companies as well as the health and medical sectors in
those same 45 countries will be able to purchase and use robust U.S.
encryption products to secure health and insurance data among
legitimate users such as hospitals, health care professionals,
patients, insurers and their customers.
The new guidelines also allow encryption hardware and software
products with encryption strength up to 56-bit DES or equivalent to
be exported without a license, after a one time technical review, to
all users outside the seven terrorist countries. Currently,
streamlined exports of DES products are permitted for those companies
that have filed key recovery business plans. However, with the new
guidelines, key recovery business plans will no longer be required.
The Administration will continue to promote the development of key
recovery products by easing regulatory requirements. For the more
than 60 companies which have submitted plans to develop and market
key recovery encryption products, the six month progress reviews will
no longer be required. Once the products are ready for market they
can be exported, with any bit length -- without a license --
world-wide (except to terrorist nations) after a one-time review.
Furthermore, exporters will no longer need to name or submit
additional information on a key recovery agent prior to export. These
requirements will be removed from the regulations.
Finally, industry has identified other so-called "recoverable"
products and techniques that allow for the recovery of plaintext by a
system or network administrator and that can also assist law
enforcement access,subject to strict procedures. The administration
will permit their export for use within most foreign commercial
firms, and their wholly-owned subsidiaries, in large markets,
including West