Interesting People mailing list archives
IP: Crypto Jurisdiction
From: Dave Farber <farber () central cis upenn edu>
Date: Mon, 30 Sep 1996 14:26:02 -0400
Date: Mon, 30 Sep 96 11:39:42 EST
From: "Stewart Baker" <sbaker () mail steptoe com>
To: farber () central cis upenn edu
This is a somewhat longer version of a Journal of Commerce op-ed that I
wrote with Peter Lichtenbaum, commenting in advance on the jurisdiction
switch that the administration is likely to announce this week.
Stewart Baker Op-Ed on Crypto Jurisdiction
The hot export control issue of this month is the transfer of
jurisdiction over encryption exports from the State Department to the
Commerce Department, which the Administration is expected to announce
shortly.
A jurisdiction transfer may not sound like much, but
companies
exporting encryption products should take note. Transferring
jurisdiction
to the Commerce Department could have significant benefits for
encryption
exporters, but also presents some important issues that exporters need
to
watch.
First, what are the benefits for exporters? Is this a major
change in Administration policy on encryption exports? Probably not.
The
move isn't intended to decontrol encryption or modify the basic
export-control scheme.
Instead, the benefits are more subtle but nonetheless
significant. One major plus is that encryption exports will no longer
be
stymied by U.S. arms embargoes. Right now, the government classifies
encryption as a "defense article" just like bombs and fighter jets.
This
is why the State Department controls encryption: it regulates all
exports
of defense articles.
Treating encryption as a military technology means that
encryption exports often get caught up in the arms embargo of the
moment.
For instance, U.S. exporters have often been unable to get permission
to
export encryption to China, because of State Department policy to deny
or
delay arms export licenses.
By giving the Commerce Department jurisdiction over
encryption,
the Administration has quite properly recognized that encryption isn't
primarily a military item and shouldn't be subject to embargoes aimed at
bombs and fighter jets.
Another important benefit is speed and efficiency in handling
licenses. Even the possibility of delay is enough to spook many foreign
customers. Too often, an encryption license delayed is an encryption
license denied. The Commerce Department knows how to run an export
control system smoothly and quickly. In contrast, even after national
security issues regarding encryption exports have been resolved, the
State
Department has delayed exports by weeks and even months by its internal
paperwork and foreign policy reviews. To be fair, the State Department
has too much to do and too few people to do it with. The Commerce
Department has the procedures -- and the staff -- in place to ensure
that
U.S. exporters don't face unnecessary delays.
So there are important reasons to welcome the transfer of
encryption authority to the Commerce Department. But there are some key
implementation issues that exporters need to watch as the transfer takes
place.
One such issue is the status of existing encryption export
licenses granted by the State Department. Under existing Commerce
Department regulations, preserving these bulk licenses could require
exporters to establish an Internal Compliance Program and then apply
for a
Special Comprehensive License -- which could be denied even though the
State Department had previously issued a license.
It would be ironic indeed if routine exports were delayed or
halted as a result of a move intended to cut red tape. To avoid this
result, the Administration should consider adapting Commerce Department
bulk license procedures to allow for the continuation of existing State
Department licenses. As of now, the Administration hasn't said what its
plans are.
Another difficult issue is what the role of the FBI and the
Justice Department will be in reviewing encryption license
applications.
Perhaps fearing that the transfer of encryption to the Commerce
Department
would result in more lenient treatment, the Justice Department has
sought
a major role in reviewing license applications. As a result, the
Justice
Department is likely to be involved in reviewing future encryption
licenses.
As the Justice Department and the FBI are newcomers to export
licensing, there is a risk that they will make mistakes that other
export
control agencies have learned to avoid. In particular, they may
overestimate the ability of unilateral U.S. export controls to affect
markets outside the United States. Exporters will have to watch this
closely and work hard to educate the Justice Department and the FBI
about
what can and can't be accomplished with export controls.
Another problem may occur as a result of the transfer of
encryption controls to the Commerce Department. The Administration had
planned to transfer the controls more or less intact. But the Commerce
Department, unlike the State Department, has established procedures for
"foreign availability" reviews. These procedures determine whether the
product is so widely available abroad that controls are ineffective and
should be lifted.
Foreign availability reviews are likely to become an issue in
the jurisdiction transfer, because the Justice Department, in
particular,
fears that exporters could take Commerce Department foreign availability
decisions to the courts. Industry, on the other hand, is eager to make
its case that encryption products are available abroad. Both sides feel
strongly about this issue and it is likely to be a continuing point of
contention.
By transferring encryption controls to the Commerce
Department,
the Administration can do a good deed for U.S. exporters without
sacrificing any important national security or law enforcement
interests.
Exporters should welcome this proposal, while remaining vigilant over
its
implementation in the months to come.
Current thread:
- IP: Crypto Jurisdiction Dave Farber (Sep 30)