[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
US Updates Crypto Policy
http://library.whitehouse.gov/PressReleases-plain.cgi?date=0&briefing=3
THE WHITE HOUSE
Office of the Press Secretary
____________________________________________________________________
For Immediate Release
September 16, 1998
STATEMENT BY THE PRESS SECRETARY
Administration Updates Encryption Policy
The Clinton Administration today announced a series of steps to update
its encryption policy in a way that meets the full range of national
interests: promotes electronic commerce, supports law enforcement and
national security and protects privacy. These steps are a result of
several months of intensive dialogue between the government and U.S.
industry, the law enforcement community and privacy groups that was called
for by the Vice President and supported by members of Congress.
As the Vice President stated in a letter to Senator Daschle, the
Administration remains committed to assuring that the nation?s law
enforcement community will be able to access, under strictly defined legal
procedures, the plain text of criminally related communications and stored
information. The Administration intends to support FBI?s establishment of
a technical support center to help build the technical capacity of law
enforcement - Federal, State, and local - to stay abreast of advancing
communications technology.
The Administration will also strengthen its support for electronic
commerce by permitting the export of strong encryption when used to protect
sensitive financial, health, medical, and business proprietary information
in electronic form. The updated export policy will allow U.S. companies
new opportunities to sell encryption products to almost 70 percent of the
world?s economy, including the European Union, the Caribbean and some Asian
and South American countries. These changes in export policy were based on
input from industry groups while being protective of national security and
law enforcement interests.
The new export guidelines will permit exports to other industries
beyond financial institutions, and further streamline exports of key
recovery products and other recoverable encryption products. Exports to
those end users and destination countries not addressed by today?s
announcement will continue to be reviewed on a case-by-case basis.
Very strong encryption with any key length (with or without key
recovery) will now be permitted for export, under license exception, to
several industry sectors. For example, U.S. companies will be able to
export very strong encryption for use between their headquarters and their
foreign subsidiaries worldwide except the seven terrorist countries (Iran,
Iraq, Libya, Syria, Sudan, North Korea and Cuba) to protect their sensitive
company proprietary information.
On-line merchants in 45 countries will be able to use robust U.S.
encryption products to protect their on-line electronic commerce
transactions with their customers over the Internet.
Insurance companies as well as the health and medical sectors in those
same 46 countries will be able to purchase and use robust U.S. encryption
products to secure health and insurance data among legitimate users such as
hospitals, health care professionals, patients, insurers and their
customers.
The new guidelines also allow encryption hardware and software
products with encryption strength up to 56-bit DES or equivalent to be
exported without a license, after a one time technical review, to all users
outside the seven terrorist countries. Currently, streamlined exports of
DES products are permitted for those companies that have filed key recovery
business plans. However, with the new guidelines, key recovery business
plans will no longer be required.
The Administration will continue to promote the development of key
recovery products by easing regulatory requirements. For the more than 60
companies which have submitted plans to develop and market key recovery
encryption products, the six month progress reviews will no longer be
required. Once the products are ready for market, they can be exported,
with any bit length -- without a license -- world-wide (except to terrorist
nations) after a one-time review. Furthermore, exporters will no longer
need to name or submit additional information on a key recovery agent prior
to export. These requirements will be removed from the regulations.
Finally, industry has identified other so-called "recoverable"
products and techniques that allow for the recovery of plaintext by a
system or network administrator and that can also assist law enforcement
access, subject to strict procedures. The Administration will permit
their export for use within most foreign commercial firms, and their
wholly-owned subsidiaries, in large markets, including Western Europe,
Japan and Australia, to protect their internal business proprietary
communications.
The Administration welcomes a continued dialogue with U.S. industry
and intends to review its policy in one year to determine if additional
updates may be necessary to continue a balanced approach that protects the
public safety and national security, ensures privacy, enables continued
technology leadership by U.S. industry and promotes electronic commerce.
# # #