Reinsch On Crypto/Wassenaar
Excerpt from a speech by BXA's William Reinsch on December 7, 1998, at the Practising Law Institute conference "Coping with U.S. Export Controls." Note final paragraph about detailed crypto session today -- no report on that yet. Full speech: http://jya.com/war120798-2.htm Also by him yesterday on crypto: http://jya.com/war120798.htm [Begin excerpt] Encryption continues to be a hotly debated issue. As I stated last year, the U.S. continues to support a balanced approach to encryption policy which considers privacy and commercial interests as well as protecting law enforcement and national security interests. Furthermore, we also remain committed to promoting the growth of global electronic commerce through secure financial and business communications. Our position has always been to seek industry-led, market-driven solutions to achieve a balanced approach. What has changed is the direction where technology and the market place are taking us. Key recovery technology remains a very important part of our policy; however, over the past two years, we have recognized that key recovery is not a solution for all problems. That recognition, brought about in part as a result of our ongoing dialogue with industry, has helped us also focus on recoverable technologies that can enable law enforcement to continue its authorized activities. As a result, on September 16, Vice President Gore unveiled a policy update, which will not end the debate, but which does include steps to further streamline exports of key recovery products and other recoverable products which allow law enforcement, under proper legal authority, recovery of plain text. The update also provides for 1) the export of 56 bit DES worldwide to any end user under a license exception; 2) exports of strong encryption to U.S. companies and their subsidiaries under a license exception; 3) exports of strong encryption to the insurance and medical sectors in 45 countries under a license exception; and 4) exports of strong encryption to secure on-line transactions between on-line merchants and their customers in 45 countries under a license exception. This is consistent with our earlier announcement relating to financial institutions. This is an evolutionary process and we intend to continue our dialogue. We must continue to adapt to changes, and we will review our policies again within the year to determine whether further change is necessary. We intend to publish regulations implementing the Vice President's announcement this month. With respect to developing a common international approach to encryption policy, Ambassador David Aaron, our special envoy on cryptography, is working with other countries to ensure that our policies are compatible. He has found that most major producing countries have public safety and national security concerns similar to ours and are interested in developing a harmonized international approach regarding compatible infrastructures for electronic commerce and for a key management infrastructure. At last week's Wassenaar Arrangement plenary session, the participating states approved a number of changes to modernize and improve multilateral encryption export controls. These changes removed controls on products below 56 bits and on certain consumer entertainment systems, such as DVD products, and on cordless phone systems designed for home or office use. Most important, participating states agreed to extend controls to mass-market encryption exports above 64 bits, thus closing a significant loophole. This will enable governments to review the dissemination of the strongest encryption products that otherwise might fall into the hands of rogue end users. For those of you deeply interested in the details of our encryption policy, we have a specific session devoted to it tomorrow. [End excerpt]
Note I have an article up at wired.com about Reinsch's speech yesterday on crypto at a defense/critical inf event. -Declan At 08:16 PM 12-8-98 -0500, John Young wrote:
Excerpt from a speech by BXA's William Reinsch on December 7, 1998, at the Practising Law Institute conference "Coping with U.S. Export Controls." Note final paragraph about detailed crypto session today -- no report on that yet.
Full speech: http://jya.com/war120798-2.htm
Also by him yesterday on crypto: http://jya.com/war120798.htm
[Begin excerpt]
Encryption continues to be a hotly debated issue. As I stated last year, the U.S. continues to support a balanced approach to encryption policy which considers privacy and commercial interests as well as protecting law enforcement and national security interests. Furthermore, we also remain committed to promoting the growth of global electronic commerce through secure financial and business communications.
Our position has always been to seek industry-led, market-driven solutions to achieve a balanced approach. What has changed is the direction where technology and the market place are taking us. Key recovery technology remains a very important part of our policy; however, over the past two years, we have recognized that key recovery is not a solution for all problems.
That recognition, brought about in part as a result of our ongoing dialogue with industry, has helped us also focus on recoverable technologies that can enable law enforcement to continue its authorized activities.
As a result, on September 16, Vice President Gore unveiled a policy update, which will not end the debate, but which does include steps to further streamline exports of key recovery products and other recoverable products which allow law enforcement, under proper legal authority, recovery of plain text.
The update also provides for 1) the export of 56 bit DES worldwide to any end user under a license exception; 2) exports of strong encryption to U.S. companies and their subsidiaries under a license exception; 3) exports of strong encryption to the insurance and medical sectors in 45 countries under a license exception; and 4) exports of strong encryption to secure on-line transactions between on-line merchants and their customers in 45 countries under a license exception. This is consistent with our earlier announcement relating to financial institutions.
This is an evolutionary process and we intend to continue our dialogue. We must continue to adapt to changes, and we will review our policies again within the year to determine whether further change is necessary. We intend to publish regulations implementing the Vice President's announcement this month.
With respect to developing a common international approach to encryption policy, Ambassador David Aaron, our special envoy on cryptography, is working with other countries to ensure that our policies are compatible. He has found that most major producing countries have public safety and national security concerns similar to ours and are interested in developing a harmonized international approach regarding compatible infrastructures for electronic commerce and for a key management infrastructure. At last week's Wassenaar Arrangement plenary session, the participating states approved a number of changes to modernize and improve multilateral encryption export controls. These changes removed controls on products below 56 bits and on certain consumer entertainment systems, such as DVD products, and on cordless phone systems designed for home or office use.
Most important, participating states agreed to extend controls to mass-market encryption exports above 64 bits, thus closing a significant loophole. This will enable governments to review the dissemination of the strongest encryption products that otherwise might fall into the hands of rogue end users.
For those of you deeply interested in the details of our encryption policy, we have a specific session devoted to it tomorrow.
[End excerpt]
participants (2)
-
Declan McCullagh -
John Young