IP: BXA, UK Ban, McCain-Kerrey

[Dave Farber <farber@cis.upenn.edu>]

From: John Young <jya@pipeline.com>


In response to Greg Broiles' and Ulf  M=F6ller's posts and the=20
prospect of a UK ban on non-escrowed encryption next Tuesday:




                       Opening Address
             Under Secretary William A. Reinsch  =20
               Bureau of Export Administration  =20
                 U.S. Department of Commerce
                       Update West 98  =20
                  Los Angeles, California   =20
                      February 10, 1998


[Excerpt]


Encryption


One of the reasons why our licensing load is inching back up=20
is the transfer of encryption licensing to Commerce earlier=20
this year. No speech from me would be complete without a=20
paragraph on encryption, so here it is.=20


Our policy is intended to balance the competing interests of=20
privacy, electronic commerce, law enforcement, and national=20
security. We believe that use of key recovery technologies is=20
the best way to achieve that balance. We do not focus narrowly=20
on a single technology or approach. We expect the market to=20
make those judgments, but we are taking steps to facilitate the=20
development and dissemination of these products.


Our regulations allow recoverable encryption products of any=20
strength and key length to be exported freely after a single=20
review by the government. To encourage movement toward recoverable=20
products, we have also created a special, two-year liberalization=20
period during which companies may export 56 bit DES or equivalent=20
products provided they submit plans to develop key recovery=20
products. This provides an incentive for manufacturers to develop=20
these products, which in turn will facilitate the development of=20
key management infrastructures. So far, we have approved 47 plans,=20
from companies large and small, and have five more pending.


In terms of licenses, in calendar year 1997, we received 2076=20
applications, and approved 1801 licenses with a dollar value of=20
$4.7 billion. (The reason for the high dollar value is because we=20
approve encryption licensing arrangements for extended periods of=20
time, from 4 to 10 years.)


The interagency working group on cryptography policy, which=20
includes representatives from BXA, NSA, and the FBI, continue to=20
meet to discuss ways to streamline the licensing process on=20
encryption export licenses. Several items have been identified and=20
progress is being made in these areas. We have established a=20
pre-Operating Committee group to discuss contentious cases. In=20
part as a result, no encryption cases have been escalated to the=20
OC since mid-December. We have created an Autolist to eliminate=20
agency referrals. So far, we have agreed to list specific products=20
amounting to 20% of the products we see. This means, once=20
implemented, that a subset of licenses can be processed by=20


Commerce without prior referral to other agencies. Finally, we=20
have posted on our web page "helpful hints" to make the=20
encryption licensing process more transparent:=20


  http://www.bxa.doc.gov/encguide.htm


We continue to work on other initiatives to streamline the process.


We are also discussing with our trading partners a common approach=20
to encryption policy. We have found that most major producing=20
countries have public safety and national security concerns similar=20
to ours. We are working together with these governments to ensure=20
that our policies are compatible, and that they facilitate the=20
emergence of a key management infrastructure.


With respect to legislation, we believe the McCain-Kerrey Bill,=20
S. 909, the Secure Public Networks Act, provides a sound basis for=20
legislation acceptable to both Congress and the Administration. In=20
particular, we appreciate the bill's explicit recognition of the=20
need to balance competing objectives and of the potential for key=20
recovery to become a market-driven mechanism to facilitate=20
maintaining that balance.=20


...


[Other excerpts of speeches by BXA officials at the seminar:]


Encryption Controls


Export Enforcement has new responsibilities in the encryption area.=20
Over the past year, Export Enforcement has opened many new=20
investigations involving alleged violations of the encryption=20
regulations. These cases are being watched very closely. The=20
national security of the United States depends in part on the=20
government's ability to obtain timely information about the=20
activities and plans of potentially hostile foreign parties,=20
such as terrorists and drug dealers.=20


... the Department of Justice and National Security Agency=20
participate in processing licenses for encryption. ... The=20
increase in licenses we are experiencing is attributable not only=20
to increased exports, but to transfer of items from the Munitions=20
List to Commerce jurisdiction. Encryption licenses account for a=20
significant portion of the increase. We created a special division=20
to handle those. As of today, there is only one encryption case=20
that has been pending over 40 days.


-----


For full speeches: http://jya.com/bxa-west98.htm