NRC Cryptography Report: The Text of the Recommendations

[John Gilmore]

Recommendation 1:  No law should bar the manufacture, sale, or use of
any form of encryption within the United States.

Recommendation 2:  National cryptography policy should be developed by
the executive and legislative branches on the basis of open public
discussion and governed by the rule of law.

Recommendation 3:  National cryptography policy affecting the
development and use of commercial cryptography should be more closely
aligned with market forces.

Recommendation 4:  Export controls on cryptography should be
progressively relaxed but not eliminated.

	4.1 -- Products providing confidentiality at a level that
	meets most general commercial requirements should be easily
	exportable.  Today, products with encryption capabilities that
	incorporate 56-bit DES provide this level of confidentiality
	and should be easily exportable.

	4.2 -- Products providing stronger confidentiality should be
	exportable on an expedited basis to a list of approved
	companies if the proposed product user is willing to provide
	access to decrypted information upon legally authorized request.

	4.3 -- The U.S. government should streamline and increase the
	transparency of the export licensing process for cryptography.

Recommendation 5:  The U.S. government should take steps to assist law
enforcement and national security to adjust to new technical realities
of the information age.

	5.1 -- The U.S. government should actively encourage the use of
	cryptography in nonconfidentiality applications such as user
	authentication and integrity checks.   

	5.2 -- The U.S. government should promote the security of the
	telecommunications networks more actively.  At a minimum, the
	U.S. government should promote the link encryption of cellular
	communications and the improvement of security at telephone
	switches.

	5.3 -- To better understand how escrowed encryption might
	operate, the U.S. government should explore escrowed
	encryption for its own uses.  To address the critical
	international dimensions of escrowed communications, the U.S.
	government should work with other nations on this topic.

	5.4 -- Congress should seriously consider legislation that
	would impose criminal penalties on the use of encrypted
	communications in interstate commerce with the intent to
	commit a federal crime.

[Page 28 of the "Overview and Recommendations".  There's a lot
 more discussion of each of these in the whole overview, which should
 be up on the web late today at www2.nas.edu/cstbweb/.]