USIS Washington 

16 September 1998


(Unlimited strength exports allowed in certain cases)  (510)

Washington -- Under a revised policy, the Clinton administration is
allowing certain U.S. exports of unlimited strength encryption
software to certain sectors in 45 countries.

Already applied to banks and financial institutions, the revised
policy now extends to foreign subsidiaries of all U.S. companies,
insurance companies, health and medical organizations except
biochemical and pharmaceutical manufacturers, and on-line merchants
for client-server applications.

The 45 countries are Anguilla, Antigua, Argentina, Aruba, Australia,
Austria, Bahamas, Belgium, Barbados, Brazil, Canada, Croatia, Denmark,
Dominica, Ecuador, Finland, France, Germany, Greece, Hong Kong,
Hungary, Iceland, Ireland, Italy, Japan, Kenya, Luxembourg, Monaco,
Netherlands, New Zealand, Norway, Poland, Portugal, St.
Vincent/Grenadines, St. Kitts and Nevis, Seychelles, Singapore, Spain,
Sweden, Switzerland, Trinidad and Tobago, Turkey, United Kingdom,
United States and Uruguay.

Exports of 56-bit strength encryption software are allowed without
license to all but seven countries where the governments support
terrorism. Until now U.S. manufacturers have had to demonstrate they
were developing key recovery products in order to get licenses to
export 56-bit encryption.

Exports of recoverable products like e-mail are to get approval under
Commerce Department licensing arrangements to most companies in
Western Europe, Japan and Australia.

All exports outside of the categories mentioned above will remain
subject to government review case by case.

Following is the White House text:

(begin text)


Office of the Press Secretary

September 16, 1998


Administration Updates Encryption Policy

Exports of 56-bit DES and equivalent products (hardware and software)
will be streamlined (under license exception). Requirements for key
recovery plans are eliminated.

Exports of unlimited strength encryption products (with or without key
recovery) will be streamlined (under license exception) to certain
industries. The sectors are:

Subsidiaries of U.S. firms, worldwide (except seven terrorist
nations). Insurance companies to the same 45 countries recently
approved for exports to banks and financial institution exports.

Health and medical organizations (including civilian government health
agencies) in the same 45 countries. Does not include
biochemical/pharmaceutical manufacturers.

On-line merchants for client-server applications, in the same 45
countries, with the purpose of securing electronic transactions
between merchants and their customers. Does not include manufacturers
and distributors of items controlled on the U.S. munitions list.

Key recovery products will continue to be exportable under license
exception worldwide (except seven terrorist nations). Review of
foreign key recovery agents is eliminated. Exports of "recoverable"
products will be approved to most commercial firms, and their wholly
owned subsidiaries, in a broad range of countries under encryption
licensing arrangements. This group of countries covers most major
commercial markets including Western Europe, Japan, and Australia. The
policy does not include service providers and manufacturers and
distributors of items controlled on the U.S. munitions list.

Exports to end users or destinations outside this policy are possible
on a case-by-case basis.

Prior to export, products are subject to a one-time product technical

(end text)