16 September 1998
(Unlimited strength exports allowed in certain cases) (510) Washington -- Under a revised policy, the Clinton administration is allowing certain U.S. exports of unlimited strength encryption software to certain sectors in 45 countries. Already applied to banks and financial institutions, the revised policy now extends to foreign subsidiaries of all U.S. companies, insurance companies, health and medical organizations except biochemical and pharmaceutical manufacturers, and on-line merchants for client-server applications. The 45 countries are Anguilla, Antigua, Argentina, Aruba, Australia, Austria, Bahamas, Belgium, Barbados, Brazil, Canada, Croatia, Denmark, Dominica, Ecuador, Finland, France, Germany, Greece, Hong Kong, Hungary, Iceland, Ireland, Italy, Japan, Kenya, Luxembourg, Monaco, Netherlands, New Zealand, Norway, Poland, Portugal, St. Vincent/Grenadines, St. Kitts and Nevis, Seychelles, Singapore, Spain, Sweden, Switzerland, Trinidad and Tobago, Turkey, United Kingdom, United States and Uruguay. Exports of 56-bit strength encryption software are allowed without license to all but seven countries where the governments support terrorism. Until now U.S. manufacturers have had to demonstrate they were developing key recovery products in order to get licenses to export 56-bit encryption. Exports of recoverable products like e-mail are to get approval under Commerce Department licensing arrangements to most companies in Western Europe, Japan and Australia. All exports outside of the categories mentioned above will remain subject to government review case by case. Following is the White House text: (begin text) THE WHITE HOUSE Office of the Press Secretary September 16, 1998 FACT SHEET Administration Updates Encryption Policy Exports of 56-bit DES and equivalent products (hardware and software) will be streamlined (under license exception). Requirements for key recovery plans are eliminated. Exports of unlimited strength encryption products (with or without key recovery) will be streamlined (under license exception) to certain industries. The sectors are: Subsidiaries of U.S. firms, worldwide (except seven terrorist nations). Insurance companies to the same 45 countries recently approved for exports to banks and financial institution exports. Health and medical organizations (including civilian government health agencies) in the same 45 countries. Does not include biochemical/pharmaceutical manufacturers. On-line merchants for client-server applications, in the same 45 countries, with the purpose of securing electronic transactions between merchants and their customers. Does not include manufacturers and distributors of items controlled on the U.S. munitions list. Key recovery products will continue to be exportable under license exception worldwide (except seven terrorist nations). Review of foreign key recovery agents is eliminated. Exports of "recoverable" products will be approved to most commercial firms, and their wholly owned subsidiaries, in a broad range of countries under encryption licensing arrangements. This group of countries covers most major commercial markets including Western Europe, Japan, and Australia. The policy does not include service providers and manufacturers and distributors of items controlled on the U.S. munitions list. Exports to end users or destinations outside this policy are possible on a case-by-case basis. Prior to export, products are subject to a one-time product technical review. (end text)