t byfield on Fri, 17 Sep 1999 17:39:58 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> US crypto policy, dox and comments |
[1] dave farber 16 sept statement by US press secretary on crypto (1) [2] hudson barton 16 sept statement by US press secretary on crypto (2) [3] robert harper d. mccullagh, wired news: crypto law: little guy loses [4] john gilmore john gilmore: re: admin updates encryption policy - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [1] Date: Thu, 16 Sep 1999 15:32:09 -0400 To: ip-sub-1@admin.listbox.com From: David Farber <farber@cis.upenn.edu> Subject: IP: Statement By The Press Secretary: Administration Announces New Approach to Encryption THE WHITE HOUSE Office of the Press Secretary ___________________________________________________________________________ ________________ For Immediate Release September 16, 1999 STATEMENT BY THE PRESS SECRETARY Administration Announces New Approach to Encryption One year ago today, Vice President Gore announced updates to the Administration's encryption policy to serve the full range of national interests: promoting electronic commerce, supporting law enforcement and national security, and protecting privacy. The announcement permitted the export of strong encryption to protect sensitive information in the financial, health, medical, and electronic commerce sectors. It also included support for the continued ability of the nation's law enforcement community to access, under strictly defined legal procedures, the plain text of criminally related communications and stored information. At that time the Administration committed to reviewing its policy in one year. Today, the Administration announces the results of that review, conducted in consultation with industry and privacy groups and the Congress. The strategy announced today continues to maintain the balance among privacy, commercial interests, public safety and national security. This approach is comprised of three elements ? information security and privacy, a new framework for export controls, and updated tools for law enforcement. First, the strategy recognizes that sensitive electronic information ? government, commercial, and privacy information -- requires strong protection from unauthorized and unlawful access if the great promise of the electronic age is to be realized. Second, it protects vital national security interests through an updated framework for encryption export controls that also recognizes growing demands in the global marketplace for strong encryption products. Finally, it is designed to assure that, as strong encryption proliferates, law enforcement remains able to protect America and Americans in the physical world and in cyberspace. With respect to encryption export controls, the strategy announced today rests on three principles: a one-time technical review of encryption products in advance of sale, a streamlined post-export reporting system, and a process that permits the government to review the exports of strong encryption to foreign government and military organizations and to nations of concern. Consistent with these principles, the government will significantly update and simplify export controls on encryption. The updated guidelines will allow U.S. companies new opportunities to sell their products to most end users in global markets. Under this policy: * Any encryption commodity or software of any key length may be exported under license exception (i.e., without a license), after a technical review, to individuals, commercial firms, and other non-government end users in any country except for the seven state supporters of terrorism. * Any retail encryption commodities and software of any key length may be exported under license exception, after a technical review, to any end user in any country, except for the seven state supporters of terrorism. * Streamlined post-export reporting will provide government with an understanding of where strong encryption is being exported, while also reflecting industry business models and distribution channels. * Sector definitions and country lists are eliminated. The Administration intends to codify this new policy in export regulations by December 15, 1999, following consultations on the details with affected stakeholders. In support of public safety, the President is today transmitting to the Congress legislation that seeks to assure that law enforcement has the legal tools, personnel, and equipment necessary to investigate crime in an encrypted world. Specifically, the Cyberspace Electronic Security Act of 1999 would: * Ensure that law enforcement maintains its ability to access decryption information stored with third parties, while protecting such information from inappropriate release. * Authorize $80 million over four years for the FBI's Technical Support Center, which will serve as a centralized technical resource for Federal, State, and local law enforcement in responding to the increasing use of encryption by criminals. * Protect sensitive investigative techniques and industry trade secrets from unnecessary disclosure in litigation or criminal trials involving encryption, consistent with fully protecting defendants? rights to a fair trial. In contrast to an early draft version of the bill, the Administration's legislation does not provide new authorities for search warrants for encryption keys without contemporaneous notice to the subject. The bill does not regulate the domestic development, use and sale of encryption. Americans will remain free to use any encryption system domestically. The Administration looks forward to continuing to work with the Congress, industry, and privacy and law enforcement communities to ensure a balanced approach to this issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [2] Date: Thu, 16 Sep 1999 14:36:39 -0400 To: mac-crypto@vmeng.com From: Hudson Barton <hhbv@highwinds.com> Subject: Administration Updates Encryption Policy Office of the Press Secretary ------------------------------------------------------------------------ For Immediate Release September 16, 1998 STATEMENT BY THE PRESS SECRETARY Administration Updates Encryption Policy The Clinton Administration today announced a series of steps to update its encryption policy in a way that meets the full range of national interests: promotes electronic commerce, supports law enforcement and national security and protects privacy. These steps are a result of several months of intensive dialogue between the government and U.S. industry, the law enforcement community and privacy groups that was called for by the Vice President and supported by members of Congress. As the Vice President stated in a letter to Senator Daschle, the Administration remains committed to assuring that the nation's law enforcement community will be able to access, under strictly defined legal procedures, the plain text of criminally related communications and stored information. The Administration intends to support FBI's establishment of a technical support center to help build the technical capacity of law enforcement - Federal, State, and local - to stay abreast of advancing communications technology. The Administration will also strengthen its support for electronic commerce by permitting the export of strong encryption when used to protect sensitive financial, health, medical, and business proprietary information in electronic form. The updated export policy will allow U.S. companies new opportunities to sell encryption products to almost 70 percent of the world's economy, including the European Union, the Caribbean and some Asian and South American countries. These changes in export policy were based on input from industry groups while being protective of national security and law enforcement interests. The new export guidelines will permit exports to other industries beyond financial institutions, and further streamline exports of key recovery products and other recoverable encryption products. Exports to those end users and destination countries not addressed by today's announcement will continue to be reviewed on a case-by-case basis. Very strong encryption with any key length (with or without key recovery) will now be permitted for export under license exception, to several industry sectors. For example, U.S. companies will be able to export very strong encryption for use between their headquarters and their foreign subsidiaries worldwide except the seven terrorist countries (Iran, Iraq, Libya, Syria, Sudan, North Korea and Cuba) to protect their sensitive company proprietary information. On-line merchants in 45 countries will be able to use robust U.S. encryption products to protect their on-line electronic commerce transactions with their customers over the Internet. Insurance companies as well as the health and medical sectors in those same 45 countries will be able to purchase and use robust U.S. encryption products to secure health and insurance data among legitimate users such as hospitals, health care professionals, patients, insurers and their customers. The new guidelines also allow encryption hardware and software products with encryption strength up to 56-bit DES or equivalent to be exported without a license, after a one time technical review, to all users outside the seven terrorist countries. Currently, streamlined exports of DES products are permitted for those companies that have filed key recovery business plans. However, with the new guidelines, key recovery business plans will no longer be required. The Administration will continue to promote the development of key recovery products by easing regulatory requirements. For the more than 60 companies which have submitted plans to develop and market key recovery encryption products, the six month progress reviews will no longer be required. Once the products are ready for market they can be exported, with any bit length -- without a license -- world-wide (except to terrorist nations) after a one-time review. Furthermore, exporters will no longer need to name or submit additional information on a key recovery agent prior to export. These requirements will be removed from the regulations. Finally, industry has identified other so-called "recoverable" products and techniques that allow for the recovery of plaintext by a system or network administrator and that can also assist law enforcement access,subject to strict procedures. The administration will permit their export for use within most foreign commercial firms, and their wholly-owned subsidiaries, in large markets, including Western Europe, Japan and Australia, to protect their internal business proprietary communications. The Administration welcomes a continued dialogue with U.S. industry and intends to review its policy in one year to determine if additional updates may be necessary to continue a balanced approach that protects the public safety and national security, ensures privacy, enables continued technology leadership by U.S. industry and promotes electronic commerce. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [3] Date: 16 Sep 99 15:25:17 EDT From: ROBERT HARPER <robert-harper@usa.net> To: Ignition Point <ignition-point@precision-d.com> Subject: IP: Crypto Law: Little Guy Loses W I R E D N E W S - - - - - - - - - - Crypto Law: Little Guy Loses by Declan McCullagh Thursday's White House announcement loosening encryption import standards may make it easier for big businesses, but it won't help anyone who wants to distribute software freely on the Web. The new rules, which still require government review and approval, would mean a programmer or company has to wade through Washington's bureaucratic swamp and most likely hire a not-inexpensive lawyer as a guide. See also: Clinton Relaxes Crypto Exports Complete details aren't available, but the consensus among observers is that it will continue to be a felony to post programs like PGP or secure Web browsers like Netscape Navigator or Internet Explorer on a Web site where foreigners can download them. Experts say that means firms will still be more hesitant to wire encyption functionality into products, and online privacy will remain at risk. "It still holds back the development of products intended for the mass market where encryption is integrated into things like word processing and email," said Solveig Singleton, a telecommunications lawyer at the Cato Institute. "If you build encryption into them, suddenly it's subject to [government] review." It also means that lawyers suing the Clinton administration aren't giving up. In May, the Ninth Circuit Court of Appeals ruled that the current rules violated the First Amendment's guarantee of free speech. The suit was brought by Daniel Bernstein, a math professor. "Our experience has been there have been a number of steps over the last few years that have been described as liberalization that we were told would resolve the First Amendment and civil liberties problems," said Robert Corn-Revere, a lawyer in the Washington office of Hogan and Hartson who is co-counsel in the Bernstein case. "But these were more hype than real. "As long as the government gets prior review ... then you still have a prior restraint problem. You still have to apply for the government for permission to engage in protected speech," he said. Civil liberties groups echoed the criticism, and some said that the change in rules -- backed by business groups -- would help corporations, but not necessarily individuals. They remain especially worried about domestic restrictions on encryption use, which the FBI has demanded in the past, and which could be part of proposed legislation that the White House sends to Congress. "The average user cares more about the domestic situation than whether American companies can export crypto," says David Sobel, general counsel for the Electronic Privacy Information Center. Some lobby groups like Americans for Computer Privacy have applauded the policy change, but other experts say it continues to hurt the industry. "Industry and investors should be disappointed by the announcement," says Jim Lucier, an analyst at Prudential Securities in Arlington, Virginia. "Technology stocks and particularly the online financial services sector, where security is all-important, would have gotten a substantial long-term boost from a clear signal by the administration that it was going to adopt a free-market policy on computer security," ********************************************** To subscribe or unsubscribe, email: majordomo@precision-d.com with the message: (un)subscribe ignition-point email@address ********************************************** <www.telepath.com/believer> ********************************************** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - cc: cryptography@c2.net, cypherpunks@cyberpass.net, dcsb@ai.mit.edu, gnu@toad.com Subject: Re: Administration Updates Encryption Policy Date: Thu, 16 Sep 1999 12:39:27 -0700 From: John Gilmore <gnu@toad.com> cc: cryptography@c2.net, cypherpunks@cyberpass.net, dcsb@ai.mit.edu, gnu@toad.com > For Immediate Release > September 16, 1998 > STATEMENT BY THE PRESS SECRETARY Robert, that was *last year*'s encryption policy "liberalization". Great joke though. I read through four or five paragraphs before it became too obvious. Remember what they promised last year, and what the regulations actually delivered -- as you read this year's promises. John # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net