31 December 1998: Link to interim rule in Federal Register.
30 December 1998. Thanks to ER.
U. S. Department of
Bureau of Export Administration
FOR IMMEDIATE RELEASE:
December 30, 1998
Commerce Updates Export Controls on Encryption Products
(Washington, D.C.) The Commerce Department will publish new regulations significantly streamlining government export controls on powerful encryption -- products that scramble computer data -- as part of the Clinton Administration initiatives to make government more efficient and enhance the global competitiveness of U.S. businesses. These amendments to the Export Administration Regulations, on public notice today at the Federal Register, end the need for licenses for powerful U.S. encryption products to companies worldwide in several important industry sectors after a one time review by the Commerce Department. The regulations implement the policy changes announced by Vice President Gore in September.
"Through the hard work of industry and government officials to finalize this regulation, U.S. encryption firms will be better able to compete effectively with encryption manufacturers around the world," said William A. Reinsch, Commerce Under Secretary for Export Administration.
Virtually eliminated are restrictions on selling powerful computer data scrambling products to subsidiaries of U.S. corporations. There will also be favorable licensing treatment to strategic partners of U.S. companies. Strong U.S.-made encryption products are now available, under license exception, to insurance companies headquartered in 46 countries and their branches worldwide. Sales of powerful encryption to health and medical organizations in the same countries are also eased. To facilitate secure electronic transactions, between on-line merchants in those same countries, and their customers, the updated regulations permit, under a license exception, the export of client-server applications (e.g. SSL) and applications tailored to on-line transactions to on-line merchants. A list of eligible countries is posted on the BXA web-site.
Further easing government restrictions are new allowances for U.S. encryption manufacturers to share their source code with their own foreign subsidiaries (while requiring that any resulting new products remain subject to U.S. regulation ) and streamlining reporting requirements for U.S. firms so that compliance is less burdensome.
The new regulations expand the policy of encouraging the use of recoverable encryption by removing the requirement to name and approve key recovery agents for exports of key recovery products from regulations. It also defines a new class of "recoverable" encryption products which can now be exported under Export Licensing Arrangements to foreign commercial firms for internal company proprietary use.
As part of its stated goal to balance the needs of national security and public safety with the desire to protect personal privacy and strong electronic commercial security, the Administration continues to encourage the development and sale of products which enable the recovery of the unscrambled data, in an emergency situation.
Finally, the regulations eliminate the need to obtain licenses for most encryption commodities and software up to 56-bits or equivalent strength.
JYA Note: BXA says the regs themselves are available today only in hardcopy in Washington DC on display at the Federal Register, but the electronic version will be published in the Federal Register tomorrow and will be on the BXA Web site <www.bxa.doc.gov>.