6 March 1998
Source: http://www.bxa.doc.gov/press/98/contents.htm


Bureau of Export Administration
1997 Annual Report

ENCRYPTION EXCERPTS


Source: Excerpts from BXA 97, I. Bureau of Export Administration Overview
http://www.bxa.doc.gov/PDF/ann97ovr.pdf

1. BXA Background

The Bureau of Export Administration (BXA) administers and enforces laws and regulations which govern exports of dual-use commodities, technology and software from the United States and its territories and reexports of such items from third countries. In addition, BXA regulates certain activities of U.S. persons related to proliferation concerns. BXA has the responsibility of implementing the Clinton Administration’s commercial encryption policy and will be responsible for compliance by the U.S. business community with the Chemical Weapons Convention. BXA investigates violations of export controls and implements the antiboycott provisions of the Export Administration Act. BXA is responsible for a variety of programs related to maintaining a strong U.S. defense industrial base. BXA also participates in the efforts of the U.S. government to assist many of the new independent states of the former Soviet Union, the Baltics and Central Europe in developing effective export control systems. ...

Export Licensing Liberalizations

Earlier this year, the Administration announced the liberalization of the encryption licensing policy for banks and financial institutions and for highly formatted financial-specific encryption items used by financial institutions and others to generate secure, private electronic

I - 1


transactions. This follows the December 1996 publication of an interim rule transferring certain encryption items from the U.S. Munitions List administered by the State Department to the Commerce Control List. This rule implemented the Administration plan to promote a worldwide key management infrastructure with the use of key escrow and key recovery encryption items. ...

Electronic Security Interests

BXA is responsible for implementing President Clinton’s commercial encryption policy to promote the growth of electronic commerce and secure communications worldwide while protecting the public safety and national security. These efforts include the development of the rationale and the new regulatory framework for the transfer of jurisdiction for licensing commercial encryption products from State’s U.S. Munitions list to Commerce’s Control List, liberalized treatment for recoverable products, and implementation of a new program involving

I - 2


review and oversight of commitments by encryption manufacturers to build and market key recovery products. ...

Harmonizing Multilateral Export Controls

BXA continues to work to harmonize multilateral lists and list interpretations to increase transparency and consistency, and to maintain a level playing field for U.S. companies. BXA supports the expansion of transparency and information exchange in the Wassenaar Arrangement, which focuses on exports of arms and sensitive dual-use equipment and technologies. BXA is participating in the standardization of the control language of the Nuclear Suppliers’ Group dual use control list to conform with the European Union, Wassenaar, and Missile Technology Control Regime control lists. A substantial majority of members of the multilateral non-proliferation regimes now have "catch-all" controls, which were first advanced by the United States to help prevent weapons of mass destruction and missile proliferation. BXA also participates in on-going international discussions of the U.S. encryption initiative.

I - 3


3. Export Administration Programs

BXA’s Export Administration is comprised of five offices under the Office of the Assistant Secretary. Three EA offices have responsibility for dealing with a wide range of export control policy and licensing activities, including dual-use nuclear and missile goods and technologies; dual-use chemical and biological goods and technologies; and commercial encryption policy, dual-use goods and technologies related to conventional arms, certain other dual-use sensitive good and technologies and foreign policy controls. EA also has an office which focuses on strategic industries and economic security issues, and an office which focuses on EA’s administrative, education and compliance responsibilities. This organizational structure allows BXA to formulate and implement timely policy changes, undertake quality analysis of licensing decisions, focus on issues of international competitiveness, and provide increased customer service.

I - 5


The Office of Strategic Trade and Foreign Policy Controls (STFPC) is responsible for implementing multilateral export controls under the Wassenaar Arrangement, which deals with conventional arms and related sensitive dual-use goods and technology. The office has the lead within BXA for the development of encryption policy, the licensing of commercial encryption products and the regulation of key recovery agents. It is also responsible for the bilateral High Performance Computer Agreement and for implementing unilateral U.S. foreign policy controls for antiterrorism, regional stability and crime control.

I - 6


6. FY 1997 Technical Advisory Committee Activities

The Information Systems Technical Advisory Committee (ISTAC) addressed issues relating to Control List Categories 3, 4, and 5. The ISTAC forwarded to BXA comments and proposals on the following topics: export regulation changes and subsequent Composite Theoretical Performance (CTP) level changes for certain license exceptions for exports of computers, key escrow and key management of encryption items, the effects on U.S. industry of unilateral controls vs. multilateral controls, the impact on U.S. industry of controls on technical data, controls for low technology level items, and the restrictions put on licenses for transfers of technology to foreign nationals who are not permanent residents of the United States (deemed exports).

I -8


The Regulations and Procedures Technical Advisory Committee (RPTAC) made recommendations on a range of issues, including the following: the "deemed export" rule, encryption policy, the Enhanced Proliferation Control Initiative, Customs' Automated Export System, the license review process, regulations implementing the Wassenaar Arrangement, text revisions for the Export Administration Regulations, changes to the Foreign Trade Statistics Regulations, and unilateral foreign policy controls.

I - 9


Source: Excerpts from BXA 97, II. Bureau of Export Administration Annual Report for Fiscal Year 1997
http://www.bxa.doc.gov/PDF/ann97.pdf

Export License Processing

For the first time in four years, BXA received an increased number of license applications. During FY 1996, 8,705 license applications were received. In contrast, BXA received 11,472 applications in FY 1997, representing a 24% increase. This increase can be attributed to the transfer of certain encryption items from the U.S. Munitions List to the Commerce Control List, the establishment of the Entity List to inform exporters of certain end-users that are ineligible to receive specified items without a license, and the heightened industry awareness of end-users which may raise proliferation concerns.

II - 13


Export License Referral Process

The Department of Commerce, both by law and practice, refers certain applications, based on the level of technology, the appropriateness of the items for the stated end-use, and the country of destination, to other agencies for review and recommendation. The principal referral agencies are the Department of Defense, the Department of Energy, the Department of State and the Arms Control and Disarmament Agency (ACDA). Since the transfer of jurisdiction of commercial encryption products to Commerce, the Department of Justice and the National Security Agency (NSA) have a role in the license review process for encryption license applications.

II - 14


2. The Office of Strategic Trade and Foreign Policy Controls

The Office of Strategic Trade & Foreign Policy Controls (STFPC) implements the multilateral export controls under the Wassenaar Arrangement to control the spread of conventional arms and related technologies. It is also responsible for the bilateral High-Performance Computer Regime with Japan.

The Office is responsible for all policy actions, export licenses, commodity classifications, and advisory opinions for commodities subject to these two regimes. STFPC also represents the Department in international negotiations on export controls and control list development for both regimes. In addition, the Office implements U.S. foreign policy controls to ensure that exports are consistent with our national goals relating to human rights, crime control, antiterrorism, and regional stability. In this fiscal year, the President transferred from the State Department to the Bureau of Export Administration the jurisdiction for commercial communications satellites, commercial jet engine hot sections and encryption hardware and software. The Bureau created a new Encryption Division within STFPC to handle encryption policy and the large volume of licenses and industry outreach it brings.

II -20


Encryption

On December 30, 1996, BXA issued a regulation implementing the Clinton Administration’s encryption policy that was announced by the Vice President on October 1, 1996. A Presidential Memorandum and Executive Order dated November 15, 1996 fully outline the Administration’s policy. The Administration is implementing its policy in several parts, including maintaining export controls, developing standards, and promoting international cooperation. The encryption policy aims to promote the growth of electronic commerce and secure communications worldwide while protecting the public safety and national security.

BXA’s regulation establishes licensing policies and procedures for companies to follow for approval to export encryption products. It also creates a new license exception for recoverable encryption products and certain non-recoverable products. Key elements of the regulation include the transfer of commercial encryption items from the U.S. Munitions List to the Commerce Control List, liberalized treatment for recoverable products and a two-year transition period during which non-key recovery 56-bit DES or equivalent strength encryption products may be approved for export based on a company’s plan to build and market key recovery products.

Beginning on January 1, 1997, nonrecoverable 56-bit DES or equivalent strength encryption products are exportable under a special license exception, which the company can

II - 22


renew every six months during a two-year transition period. The transition period began on January 1, 1997 and will end on December 31, 1998. This special license exception requires a one time review of the product and submission of a satisfactory business and marketing plan to build and market recoverable encryption products. Renewal of the license exception requires submission to Commerce of a report showing that the company has made progress on the recovery product.

In August, BXA created an Encryption Division within STFPC. In addition to licensing,members of the Encryption Division serve as Federal Liaisons on the Technical Advisory Committee (TAC) that is developing the Federal Information Processing Standard (FIPS) for the Federal Key Management Infrastructure. The purpose of this FIPS is to specify the requirements of cryptographic systems used by federal government agencies. These systems will provide for recovery of plain-text data from stored or communicated cipher-text when cryptographic keys are not otherwise available. BXA’s role is important because this standard may be adopted and used by non-federal government agencies on a voluntary basis resulting in the manufacture of a single product line which vendors hope would qualify as an “exportable” key recovery product. The TAC intends to submit a FIPS proposal to the Administration in early 1998.

Members of the Encryption Division are also part of a delegation, headed by Ambassador David Aaron, whom the President designated as Special Envoy to Encryption, to brief countries on the U.S. encryption policy and to participate in the various international working groups. The Administration is making these efforts to reach a harmonized international approach regarding compatible infrastructures for a key management infrastructure and on export controls pertaining to key recovery encryption products. This year, Ambassador Aaron’s delegation has briefed more than 12 countries on the U.S. encryption initiative. On-going discussions with other countries continue to take place on a routine basis.

On April 24, 1997, the Secretary of Commerce established the President’s Export Council Subcommittee on Encryption, which will consist of approximately 40 members, to function solely as an advisory body. The Subcommittee will advise the Secretary of Commerce, through the Assistant Secretary for Export Administration, on matters pertinent to the implementation of encryption policy that will support the growth of commerce while protecting the public safety and national security.

On May 8, 1997, BXA announced that it would allow the export of the strongest available data encryption products to support electronic commerce around the world. Strong encryption products are used by banks, financial institutions and others to generate secure, private electronic transactions, and will form the basis for an electronic commerce infrastructure managed by the private sector. Because banks and other financial institutions are subject to explicit legal requirements and have shown a consistent ability to provide appropriate access to transaction information in response to authorized law enforcement requests, key recovery will not be required for certain financial-specific products.

II - 23


The announcement was part of the overall Administration initiative to promote the development of an electronic commerce environment users can trust. The existence of a robust security infrastructure will permit users from homes and businesses to perform all types of commercial data transactions, ranging from managing investment transactions to purchasing goods and services without fear of losing valuable personal or propriatary data. That infrastructure will manage encryption and digital signature keys to provide privacy, message integrity, user authentication, and recovery services.

In the nine month period from the transfer of commercial encryption items to Commerce through the end of FY 1997, BXA has received over 1,000 encryption license applications valued at more than $500,000,000. Forty companies have submitted commitment plans which lay out how they will build and market key recovery products. These companies include some of the largest software and hardware manufacturers in the country. BXA has approved 32 of these plans; none have been rejected. Furthermore, eight companies have submitted requests for a one-time review of key recovery encryption items which will facilitate the establishment of a key management infrastructure (KMI). Four of these products have been approved for eligibility under License Exception KMI. BXA has also approved four U.S. entities to serve as their own Key Recovery agents for these products (i.e. corporate “self-escrow”).

II - 24


Export Enforcement Initiatives

Encryption Controls

Another new area of responsibility is the President’s initiative on encryption controls. On December 30, 1996, Commerce published the final regulation on encryption controls in the Federal Register, implementing the President’s policy to transfer certain encryption controls from the State Department to Commerce. OEE is currently pursuing a number of investigations concerning alleged violations of the encryption regulations.

II - 94


Significant Joint Commerce-Customs Cases

Elham Abrishami Sentenced for Illegal Exports to Iran On August 20, 1997, Elham Abrishami, of Dublin, Ohio, was sentenced to two terms of five months to run consecutively following a guilty plea on January 13, 1997, at the U.S. District Court for the Southern District of Ohio, to charges of violating provisions of the Commerce Department’s Export Administration Regulations.

Abrishami’s conviction resulted from an investigation that disclosed that Abrishami knowingly and willfully exported and caused to be exported items on the U.S. Department of Commerce’s Control List, consisting of radio communications equipment valued at $9,660, from the United States to the United Arab Emirates for transshipment to Iran without authorization from the Department, and with knowledge that the radio equipment was destined for Iran, a country to which exports are controlled for foreign policy purposes. Abrishami also plead guilty to attempting to export defense articles, 100 Sectrone ST-25 Mobilcall Encryption Modules, from the United States to the United Arab Emirates for transshipment to Iran without first having obtained the required U.S. Department of State license. This investigation was conducted jointly by OEE’s Washington Field Office and the U.S. Customs Service.

II - 108


Source: Excerpts from BXA 97 Annual Report, III. Report on Foreign Policy Export Controls
http://www.bxa.doc.gov/PDF/fp8intro.pdf

FOREIGN POLICY EXPORT CONTROLS

Encryption: On December 30, 1996, BXA issued a regulation implementing the Clinton Administration’s encryption policy that was announced by the Vice President on October 1, 1996. A Presidential Memorandum and Executive Order dated November 15, 1996, fully outlined the Administration’s policy. The Administration is implementing its policy in several parts, including maintaining export controls, developing standards, and promoting international cooperation. The encryption policy aims to promote the growth of electronic commerce and secure communications worldwide while protecting the public safety and national security.

Beginning on January 1, 1997, nonrecoverable 56-bit DES or equivalent strength encryption products are exportable under a special license exception, which a company can renew every six months during a two-year transition period. The transition period began on January 1, 1997, and will end on December 31, 1998. This special license exception requires a one-time review of the product and submission of a satisfactory business and marketing plan to build and market recoverable encryption products. Renewal of the license exception requires the exporter to submit a report to Commerce, showing that the company has made progress on the recovery product.

On April 24, 1997, the Secretary of Commerce established the President’s Export Council Subcommittee on Encryption, comprising forty members from the exporting community, manufacturers and law enforcement officials interested in encryption policy. The Subcommittee will advise the President, through the President’s Export Council, and the Secretary on matters pertinent to implementing an encryption policy that will support the growth of electronic commerce while protecting the public safety and national security.

In May 1997, the Department of Commerce announced that it would allow the export of the strongest available data encryption products to support electronic commerce around the world. These products include direct home banking software of any key length offered by banks to their customers worldwide. The Clinton Administration took this step as part of its overall initiative to promote the development of a secure and trusted environment for electronic commerce. The products and institutions that will together make up a robust security infrastructure will permit users from homes and businesses to perform all types of commercial data transactions, ranging from managing investment transactions to purchasing goods and services. That infrastructure will manage encryption to provide privacy, message integrity, user authentication, and recovery services. The policy will not require key recovery for certain financial-specific products since banks and other financial institutions are subject to explicit legal requirements and have shown a consistent ability to provide appropriate access to transaction information in response to authorized law enforcement requests.

III - 174


General Comments from Industry

The Department of Commerce published a notice in the Federal Register on October 8, 1997, requesting public comments on its foreign policy-based export controls. BXA received three responses from industry to this request. Appendix I of this report summarizes them in further detail. The responses varied in nature, yet all called for the revision or elimination of certain licensing requirements specific to their industries. Specifically, the Regulations and Procedures Technical Advisory Committee commented on what it sees as an expansion of unilateral foreign policy controls; one computer manufacturer called for further analysis of the efficacy of the “Catch-All” provisions of the Enhanced Proliferation Control Initiative, and for revisions to the controls on high-performance computers and encryption items; another manufacturer called for BXA to liberalize controls on a particular titanium alloy.

III - 177


Source: Excerpts from BXA 97 Annual Report, III. Report on Foreign Policy Export Controls, Encryption
http://www.bxa.doc.gov/PDF/fp8encry.pdf

11. Encryption (Section 742.15)

Export Control Program Description and Licensing Policy

On December 30, 1996, the Bureau of Export Administration (BXA) published in the Federal Register (61 FR 68572) an interim rule that exercises jurisdiction over, and imposes new combined national security and foreign policy controls on, certain encryption items, including recoverable encryption “software,” that were on the United States Munitions List (USML), consistent with Executive Order 13026 and pursuant to the Presidential Memorandum of that date, both issued by President Clinton on November 15, 1996. The Memorandum and E.O. 13026 directed that all encryption items controlled on the USML, with the exception of those specifically designed, developed, configured, adapted, or modified for military applications (including command, control and intelligence applications), be transferred to the Commerce Control List (CCL). The latter items remain on the USML, and continue to be controlled by the Department of State, Office of Defense Trade Controls. In the CCL the acronym “EI” (Encryption Items) designates foreign policy controls on these items.

The Administration’s encryption policy, which was first announced by the Vice President on October 1, 1996, makes it easier for Americans to use stronger encryption products to protect their privacy, intellectual property and other valuable information. The policy relies on market forces to develop a worldwide key management infrastructure with the use of key recovery encryption items to promote electronic commerce and secure communications while protecting national security and public safety. The regulations contain procedures which allow recoverable encryption products of any strength and key length to be exported under a license exception after a one-time review. In order to encourage the development of these recoverable encryption products, the policy allows a two-year liberalization period (until January 1, 1999) during which companies may export non-recoverable encryption items up to 56-bit key length Data Encryption Standard (DES) or equivalent strength, provided the exporter submits a commitment and business plan demonstrating the intent to develop recoverable encryption products and a global key management infrastructure.

The President’s Executive Order directs the Secretary of Commerce to take actions to control the export of assistance to foreign persons in the same manner and to the same extent as the export of such assistance is controlled under the Arms Export Control Act. Therefore, the interim rule on encryption prohibits U.S. persons, without a license from Commerce, from knowingly providing assistance to foreign persons, including providing training, to manufacture or to export encryption items transferred from the USML to the CCL. This provision does not apply to any activity involving such encryption items that have been licensed or otherwise authorized by Commerce.

During 1997, encryption policy has been a heavily debated issue. New topics in the debate have prompted discussion on revisions to the regulations. Pending amendments to the regulations

III - 253


will address the issue of banks and financial institutions.

In May 1997, the Department of Commerce announced that it would allow the export of the strongest available data encryption products to support electronic commerce around the world. These products include direct home banking software of any key length, offered by banks to their customers world-wide. This step was part of the overall Clinton Administration initiative to promote the development of a secure and trusted environment for electronic commerce. The products and institutions that will make up a robust security infrastructure will permit users from homes and businesses to perform all types of commercial data transactions, ranging from managing investment transactions to purchasing goods and services. That infrastructure will manage encryption and digital signature keys to provide privacy, message integrity, user authentication, and recovery services. Because banks and other financial institutions are subject to explicit legal requirements and have shown a consistent ability to provide appropriate access to transaction information in response to authorized law enforcement requests, key recovery will not be required for certain financial-specific products.

In addition, on April 24, 1997, the Secretary of Commerce established the President’s Export Council Subcommittee on Encryption, comprising forty members from the exporting community, manufacturers and law enforcement officials interested in encryption policy. The Subcommittee will advise the President, through the President’s Export Council, and the Secretary on matters pertinent to implementing an encryption policy that will support the growth of electronic commerce while protecting the public safety and national security

A. In general, the United States requires a license for all destinations, except Canada, for exports and reexports of commercial encryption items. However, certain exceptions to the licensing requirements may apply.

B. Export license applications for commercial encryption items are reviewed on a case-by-case basis, to determine whether the export or reexport is consistent with U.S. national security and foreign policy interests.

C. Exporters of 56-bit DES or equivalent encryption products are required to make commitments to develop and market products that support key recovery. The Administration believes that the worldwide use of key recovery encryption products will promote secure international networks for electronic commerce, while protecting national security and public safety.

Analysis of Control as Required by Section 6(f) of the Act

A. The Purpose of the Control

The purpose of the control is to protect U.S. national security and foreign policy interests, including the safety of U.S. citizens here and abroad. Encryption can be used to conceal the

III - 254


communications or data of terrorists, drug smugglers, or others intent on taking hostile action against U.S. facilities, personnel, or security interests. Policies concerning the export control of cryptographic products are based on the fact that the proliferation of such products will make it more difficult for the U.S. Government to have access to information vital to national security and foreign policy interests. Also, cryptographic products and software have military and intelligence applications.

B. Considerations and/or Determinations of the Secretary of Commerce:

1. Probability of Achieving the Intended Foreign Policy Purpose. Consistent with Executive Order 13026 of November 15, 1996, and a Presidential Memorandum of the same date, the Secretary has determined that the control achieves the intended purpose of denying the export of commercial encryption items, including products with key recovery features, if their export would be contrary to U.S. national security or foreign policy interests.

2. Compatibility with Foreign Policy Objectives. The Secretary has also determined tha controls are compatible with the foreign policy objectives of the United States. The control is consistent with U.S. foreign policy goals to promote peace and stability and to prevent U.S. exports that might contribute to destabilizing military capabilities and international terrorist or criminal activities against the United States. The controls also contribute to public safety by promoting the protection of U.S. citizens overseas.

3. Reaction of Other Countries. The Secretary has determined that the reaction of other countries to this control has not rendered the control ineffective in achieving its intended foreign policy purpose or counterproductive to U.S. foreign policy interests. Other allied countries recognize the need to control exports of encryption products for national security and law enforcement reasons. These countries also recognize the desirability of restricting goods that could compromise shared security and foreign policy interests.

4. Economic Impact on United States Industry. The Secretary has determined that the transfer of commercial encryption items, including products with key recovery features, from the USML to the CCL benefits industry positively and makes U.S. manufacturers more competitive in the world market. Removal of these products from the USML may actually improve their marketability to foreign, civil end-users who prefer not to trade in items the United States considers to be munitions. Moreover, since key recoverable encryption products pose less security and law enforcement risks, their export has been treated more liberally than export of encryption products with non-recoverable keys. This will allow U.S. manufacturers and exporters to capture a larger share of growing world demand for key recovery-based products.

From December 30, 1996, through September 30, 1997, BXA received 1,488 license applications containing encryption items. During this period, 1,075 of these applications were approved, valued at $3.3 billion, and 20 applications were rejected, worth $1.1 million. There were 97 applications returned without action, valued at $238 million. The remaining cases were

III - 255


still pending at the end of FY 1997.

Forty companies have submitted commitment plans which lay out how they will build and market key recovery products. These companies include some of the largest software and hardware manufacturers in the United States. BXA has approved 32 of these plans; none have been rejected. Furthermore, eight companies have submitted requests for a one-time review of key recovery encryption items which will facilitate the establishment of a key management infrastructure (KMI). Four of these products have been approved for eligibility under License Exception KMI. BXA has also approved four U.S. entities to serve as their own Key Recovery agents for these products (i.e., corporate “self-escrow”).

Some U.S. firms argue that U.S. export controls on encryption hurt their international competitiveness, asserting that encryption products are readily available overseas and foreign manufacturers are not subject to similar controls. However, these claims do not seem wholly valid for several reasons, including the dominance and superior quality of U.S. encryption products in the world market. Section F below (Foreign Availability) discusses this issue in further detail.

5. Enforcement of Control. The Secretary has determined that the United States has the ability to enforce these controls effectively. U.S. controls on this product and technology have been transferred from the State Department’s Munitions List to the Commerce Department’s Commerce Control List. Commerce Department is making manufacturers and dealers aware of the transfer of authority, and that the items covered by this transfer are under strict control. The strategic importance of these items is clear. Finally, since these items are also under multilateral control, we can expect cooperation from foreign enforcement agencies in preventing violations and punishing violators.

C. Consultation with Industry

The United States consulted with various elements within industry on the proposed change in controls and on the desirability of development of key recoverable encryption products for both Government and industry. During the first two months of 1997, the Department of Commerce received industry comments to the December 30, 1996, published rule. These comments included general concerns and objections to the policy embodied in the regulations, recommendations for specific changes or clarifications to the regulations that are consistent with the broad encryption policy implemented in the December 30 rule, claims that no market presently exists for key recoverable features, and recommendations for additional changes to encryption policy. These comments were made available to the general public on the Bureau’s web site. The Bureau continues to seek comments from industry sectors affected by encryption export controls, and takes these views into account in its internal deliberations on changes to encryption regulations and policy.

D. Consultation with Other Countries

III - 256


The United States took the lead in international efforts to stem the proliferation of sensitive items, urging other supplier nations to adopt and apply export controls comparable to those of the United States. The major industrial partners of the United States maintain export controls on this equipment and technology. Pursuant to their agreement to establish a new regime for the control of conventional arms and sensitive dual-use technologies, the 33 participants in the Wassenaar Arrangement have agreed to control these items on a global basis and to coordinate export policies for such items. Members of the Organization for Economic Cooperation and Development have agreed to a set of cryptography policy guidelines which allow for the development of a global key management infrastructure.

In addition, the President appointed Ambassador David L. Aaron as Special Envoy for Cryptography, with the responsibility to promote the growth of international electronic commerce and robust, secure global communications in a manner that protects the public safety and national security. As Special Envoy, Ambassador Aaron has led discussions with major supplier nations on common approaches to encryption policy, including export controls. He has found that most of the nations have concerns similar to those of the United States regarding encryption. The United States hopes to work together with supplier nations to develop common encryption policies that are compatible and do not hinder development of the emerging information infrastructure.

E. Alternative Means

Alternatives to export controls at this time would not be the most effective means of achieving the intended national security and foreign policy objectives. The United States has undertaken a wide range of diplomatic means, both bilateral and multilateral, to encourage the proper restrictions on these items. However, these efforts can only supplement, not replace, the effectiveness of actual export controls.

F. Foreign Availability

The issue of foreign availability is one that is repeatedly raised in the encryption debate. It is often asserted that encryption products are widely available overseas, that other countries do not control encryption exports, or that U.S. firms are suffering significant losses due to export controls on encryption. These assertions do not appear to be entirely accurate. In 1995, the Department of Commerce and the National Security Agency (NSA) studied the foreign availability of encryption and found that claims of widespread foreign availability of encryption products were inaccurate. The United States dominates the worldwide software market, including the market for encryption products. Moreover, it does not appear that this dominance is threatened, either by export restrictions or commercial factors. While a number of countries produce encryption products, the issue of foreign availability is complex, and must address the quality of the encryption and the export controls maintained by foreign countries. The members of the Wassenaar Arrangement have agreed to control encryption on a multilateral basis. As to the quality of foreign encryption, our information indicates that, on the whole, American encryption is superior.

III - 257


In regard to foreign availability as it relates to encryption items transferred from the USML to the CCL, the President’s Executive Order of November 15, 1996, stated the following:

I have determined that the export of encryption products [transferred to the Commerce Control List] could harm national security and foreign policy interests even where comparable products are or appear to be available from sources outside the United States, and that facts and questions concerning the foreign availability of such encryption products cannot be made subject to public disclosure or judicial review without revealing or implicating classified information that could harm United States national security and foreign policy interests. Accordingly, sections 4(c) and 6(h)(2)-(4) of the Export Administration Act of 1979, 50 U.S.C. App. 2403(c) and 2405(h)(2)-(4), as amended and as continued in effect by Executive Order 12924 of August 19, 1994, and by notices of August 15, 1995, and August 14, 1996, all other analogous provisions of the EAA relating to foreign availability, and the regulations in the EAR relating to such EAA provisions, shall not be applicable with respect to export controls on such encryption products. Notwithstanding this, the Secretary of Commerce may, in his discretion, consider the foreign availability of comparable encryption products in determining whether to issue a license in a particular case or to remove controls on particular products, but is not required to issue licenses in particular cases or to remove controls on particular products based on such consideration.

III - 258


Source: Excerpt from BXA 97 Annual Report, III. Report on Foreign Policy Export Controls, Appendix I
http://www.bxa.doc.gov/PDF/fp8appx1.pdf

APPENDIX I

SUMMARY OF COMMENTS ON FOREIGN POLICY CONTROLS

In the Federal Register of October 8, 1997, the Department of Commerce requested comments from the public on existing foreign policy-based controls maintained under Section 6 of the Export Administration Act. In the notice, the Department sought comments on how existing foreign policy-based controls have affected exporters and the overall public. Specifically, the notice invited public comments about such issues as the effectiveness of controls where foreign availability exists; whether the goals of the controls can be achieved through other means such as negotiations; the compatibility of the overall U.S. policy toward the country in question; the effect of controls on U.S. economic performance; and the enforceability of the controls. The Department also requested comments from the member companies of its Technical Advisory Committees (TACs) and the President’s Export Council Subcommittee on Export Administration (PECSEA).

The Department received three responses to this request, from the Regulations and Procedures Technical Advisory Committee (RPTAC), Sun Microsystems, and Allegheny Teledyne. The Bureau of Export Administration (BXA) makes the comments available for public review upon request. This Appendix summarizes the comments received and some of the various reports issued in 1997 on unilateral sanctions.

Industry Comments ...

III - 265


BXA also received a copy of the “1997 Statement of Goals of the Industry Coalition on Technology Transfer (ICOTT),” a U.S. group of high technology trade associations whose member firms export controlled goods and technology. ICOTT submitted this Statement to BXA to advise the U.S. Government of its primary concerns about export controls. These goals include, inter alia, restricting the use of unilateral export controls; harmonizing nonproliferation, national security, and foreign policy controls; limiting interagency review; moving embargo functions administered by the Department of the Treasury to the Department of Commerce; halting extraterritorial application of export controls; limiting encryption controls; and having BXA conduct an annual review of the Commerce Control List.

III- 266