Recommendation 1: No law should bar the manufacture, sale, or use of any form of encryption within the United States. Recommendation 2: National cryptography policy should be developed by the executive and legislative branches on the basis of open public discussion and governed by the rule of law. Recommendation 3: National cryptography policy affecting the development and use of commercial cryptography should be more closely aligned with market forces. Recommendation 4: Export controls on cryptography should be progressively relaxed but not eliminated. 4.1 -- Products providing confidentiality at a level that meets most general commercial requirements should be easily exportable. Today, products with encryption capabilities that incorporate 56-bit DES provide this level of confidentiality and should be easily exportable. 4.2 -- Products providing stronger confidentiality should be exportable on an expedited basis to a list of approved companies if the proposed product user is willing to provide access to decrypted information upon legally authorized request. 4.3 -- The U.S. government should streamline and increase the transparency of the export licensing process for cryptography. Recommendation 5: The U.S. government should take steps to assist law enforcement and national security to adjust to new technical realities of the information age. 5.1 -- The U.S. government should actively encourage the use of cryptography in nonconfidentiality applications such as user authentication and integrity checks. 5.2 -- The U.S. government should promote the security of the telecommunications networks more actively. At a minimum, the U.S. government should promote the link encryption of cellular communications and the improvement of security at telephone switches. 5.3 -- To better understand how escrowed encryption might operate, the U.S. government should explore escrowed encryption for its own uses. To address the critical international dimensions of escrowed communications, the U.S. government should work with other nations on this topic. 5.4 -- Congress should seriously consider legislation that would impose criminal penalties on the use of encrypted communications in interstate commerce with the intent to commit a federal crime. [Page 28 of the "Overview and Recommendations". There's a lot more discussion of each of these in the whole overview, which should be up on the web late today at www2.nas.edu/cstbweb/.]