USIS Washington 

16 September 1998


(Administration eases controls on encryption exports)  (890)

Washington -- Following several months of review, the Clinton
administration has decided to relax controls on U.S. exports of strong
encryption products.

"The updated export policy will allow U.S. companies new opportunities
to sell encryption products to almost 70 percent of the world's
economy, including the European Union, the Caribbean and some Asian
and South American countries," the White House said in a statement
issued September 16.

Previously, the export of strong encryption products had been limited
to banks and financial institutions. It will now be opened up to help
protect sensitive health, medical, and business proprietary
information in electronic form, the White House said.

Following is the text of the statement:

(begin text)


Office of the Press Secretary

September 16, 1998


Administration Updates Encryption Policy

The Clinton Administration today announced a series of steps to update
its encryption policy in a way that meets the full range of national
interests: promotes electronic commerce, supports law enforcement and
national security and protects privacy. These steps are a result of
several months of intensive dialogue between the government and U.S.
industry, the law enforcement community and privacy groups that was
called for by the Vice President and supported by members of Congress.

As the Vice President stated in a letter to Senator Daschle, the
Administration remains committed to assuring that the nation's law
enforcement community will be able to access, under strictly defined
legal procedures, the plain text of criminally related communications
and stored information. The Administration intends to support FBI's
establishment of a technical support center to help build the
technical capacity of law enforcement -- Federal, State, and local --
to stay abreast of advancing communications technology.

The Administration will also strengthen its support for electronic
commerce by permitting the export of strong encryption when used to
protect sensitive financial, health, medical, and business proprietary
information in electronic form. The updated export policy will allow
U.S. companies new opportunities to sell encryption products to almost
70 percent of the world's economy, including the European Union, the
Caribbean and some Asian and South American countries. These changes
in export policy were based on input from industry groups while being
protective of national security and law enforcement interests.

The new export guidelines will permit exports to other industries
beyond financial institutions, and further streamline exports of key
recovery products and other recoverable encryption products. Exports
to those end users and destination countries not addressed by today's
announcement will continue to be reviewed on a case-by-case basis.

Very strong encryption with any key length (with or without key
recovery) will now be permitted for export, under license exception,
to several industry sectors. For example, U.S. companies will be able
to export very strong encryption for use between their headquarters
and their foreign subsidiaries worldwide except the seven terrorist
countries (Iran, Iraq, Libya, Syria, Sudan, North Korea and Cuba) to
protect their sensitive company proprietary information.

On-line merchants in 45 countries will be able to use robust U.S.
encryption products to protect their on-line electronic commerce
transactions with their customers over the Internet.

Insurance companies as well as the health and medical sectors in those
same 46 countries will be able to purchase and use robust U.S.
encryption products to secure health and insurance data among
legitimate users such as hospitals, health care professionals,
patients, insurers and their customers.

The new guidelines also allow encryption hardware and software
products with encryption strength up to 56-bit DES or equivalent to be
exported without a license, after a one time technical review, to all
users outside the seven terrorist countries. Currently, streamlined
exports of DES products are permitted for those companies that have
filed key recovery business plans. However, with the new guidelines,
key recovery business plans will no longer be required.

The Administration will continue to promote the development of key
recovery products by easing regulatory requirements. For the more than
60 companies which have submitted plans to develop and market key
recovery encryption products, the six month progress reviews will no
longer be required. Once the products are ready for market, they can
be exported, with any bit length -- without a license -- world-wide
(except to terrorist nations) after a one-time review. Furthermore,
exporters will no longer need to name or submit additional information
on a key recovery agent prior to export. These requirements will be
removed from the regulations.

Finally, industry has identified other so-called "recoverable"
products and techniques that allow for the recovery of plaintext by a
system or network administrator and that can also assist law
enforcement access, subject to strict procedures. The Administration
will permit their export for use within most foreign commercial firms,
and their wholly-owned subsidiaries, in large markets, including
Western Europe, Japan and Australia, to protect their internal
business proprietary communications.

The Administration welcomes a continued dialogue with U.S. industry
and intends to review its policy in one year to determine if
additional updates may be necessary to continue a balanced approach
that protects the public safety and national security, ensures
privacy, enables continued technology leadership by U.S. industry and
promotes electronic commerce.

(end text)