[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New Crypto Regs
Thanks to Ed Roback, NIST: BXA issued a press release today
on new crypto regulations:
http://www.bxa.doc.gov/press/98/1230encryption.html (copy below)
The regs themselves are available today only in hardcopy
in Washington DC on display at the Federal Register, but
the electronic version will be published in the Federal Register
tomorrow and will be on the BXA Web site <www.bxa.doc.gov>.
Anybody in DC who could get a copy of the hardcopy and
fax it to us, it would be appreciated:
Fax: (212) 799-4003
Vox: (212) 873-8700
Commerce Updates Export Controls on Encryption Products
(Washington, D.C.) The Commerce Department will publish
new regulations significantly streamlining government export
controls on powerful encryption -- products that scramble computer
data -- as part of the Clinton Administration initiatives to make
government more efficient and enhance the global competitiveness
of U.S. businesses. These amendments to the Export
Administration Regulations, on public notice today at the
Federal Register, end the need for licenses for powerful U.S.
encryption products to companies worldwide in several
important industry sectors after a one time review by the
Commerce Department. The regulations implement the
policy changes announced by Vice President Gore in
"Through the hard work of industry and government officials
to finalize this regulation, U.S. encryption firms will be better
able to compete effectively with encryption manufacturers
around the world," said William A. Reinsch, Commerce
Under Secretary for Export Administration.
Virtually eliminated are restrictions on selling powerful
computer data scrambling products to subsidiaries of U.S.
corporations. There will also be favorable licensing treatment
to strategic partners of U.S. companies. Strong U.S.-made
encryption products are now available, under license exception,
to insurance companies headquartered in 46 countries and
their branches worldwide. Sales of powerful encryption to
health and medical organizations in the same countries are
also eased. To facilitate secure electronic transactions,
between on-line merchants in those same countries, and
their customers, the updated regulations permit, under a
license exception, the export of client-server applications
(e.g. SSL) and applications tailored to on-line transactions
to on-line merchants. A list of eligible countries is posted
on the BXA web-site.
Further easing government restrictions are new allowances
for U.S. encryption manufacturers to share their source
code with their own foreign subsidiaries (while requiring that
any resulting new products remain subject to U.S. regulation )
and streamlining reporting requirements for U.S. firms so that
compliance is less burdensome.
The new regulations expand the policy of encouraging the
use of recoverable encryption by removing the requirement to
name and approve key recovery agents for exports of key
recovery products from regulations. It also defines a new
class of "recoverable" encryption products which can now
be exported under Export Licensing Arrangements to foreign
commercial firms for internal company proprietary use.
As part of its stated goal to balance the needs of national
security and public safety with the desire to protect personal
privacy and strong electronic commercial security, the
Administration continues to encourage the development
and sale of products which enable the recovery of the
unscrambled data, in an emergency situation.
Finally, the regulations eliminate the need to obtain licenses
for most encryption commodities and software up to 56-bits
or equivalent strength.