Interesting People mailing list archives
IP: Crypto Jurisdiction
From: Dave Farber <farber () central cis upenn edu>
Date: Mon, 30 Sep 1996 14:26:02 -0400
Date: Mon, 30 Sep 96 11:39:42 EST From: "Stewart Baker" <sbaker () mail steptoe com> To: farber () central cis upenn edu This is a somewhat longer version of a Journal of Commerce op-ed that I wrote with Peter Lichtenbaum, commenting in advance on the jurisdiction switch that the administration is likely to announce this week. Stewart Baker Op-Ed on Crypto Jurisdiction The hot export control issue of this month is the transfer of jurisdiction over encryption exports from the State Department to the Commerce Department, which the Administration is expected to announce shortly. A jurisdiction transfer may not sound like much, but companies exporting encryption products should take note. Transferring jurisdiction to the Commerce Department could have significant benefits for encryption exporters, but also presents some important issues that exporters need to watch. First, what are the benefits for exporters? Is this a major change in Administration policy on encryption exports? Probably not. The move isn't intended to decontrol encryption or modify the basic export-control scheme. Instead, the benefits are more subtle but nonetheless significant. One major plus is that encryption exports will no longer be stymied by U.S. arms embargoes. Right now, the government classifies encryption as a "defense article" just like bombs and fighter jets. This is why the State Department controls encryption: it regulates all exports of defense articles. Treating encryption as a military technology means that encryption exports often get caught up in the arms embargo of the moment. For instance, U.S. exporters have often been unable to get permission to export encryption to China, because of State Department policy to deny or delay arms export licenses. By giving the Commerce Department jurisdiction over encryption, the Administration has quite properly recognized that encryption isn't primarily a military item and shouldn't be subject to embargoes aimed at bombs and fighter jets. Another important benefit is speed and efficiency in handling licenses. Even the possibility of delay is enough to spook many foreign customers. Too often, an encryption license delayed is an encryption license denied. The Commerce Department knows how to run an export control system smoothly and quickly. In contrast, even after national security issues regarding encryption exports have been resolved, the State Department has delayed exports by weeks and even months by its internal paperwork and foreign policy reviews. To be fair, the State Department has too much to do and too few people to do it with. The Commerce Department has the procedures -- and the staff -- in place to ensure that U.S. exporters don't face unnecessary delays. So there are important reasons to welcome the transfer of encryption authority to the Commerce Department. But there are some key implementation issues that exporters need to watch as the transfer takes place. One such issue is the status of existing encryption export licenses granted by the State Department. Under existing Commerce Department regulations, preserving these bulk licenses could require exporters to establish an Internal Compliance Program and then apply for a Special Comprehensive License -- which could be denied even though the State Department had previously issued a license. It would be ironic indeed if routine exports were delayed or halted as a result of a move intended to cut red tape. To avoid this result, the Administration should consider adapting Commerce Department bulk license procedures to allow for the continuation of existing State Department licenses. As of now, the Administration hasn't said what its plans are. Another difficult issue is what the role of the FBI and the Justice Department will be in reviewing encryption license applications. Perhaps fearing that the transfer of encryption to the Commerce Department would result in more lenient treatment, the Justice Department has sought a major role in reviewing license applications. As a result, the Justice Department is likely to be involved in reviewing future encryption licenses. As the Justice Department and the FBI are newcomers to export licensing, there is a risk that they will make mistakes that other export control agencies have learned to avoid. In particular, they may overestimate the ability of unilateral U.S. export controls to affect markets outside the United States. Exporters will have to watch this closely and work hard to educate the Justice Department and the FBI about what can and can't be accomplished with export controls. Another problem may occur as a result of the transfer of encryption controls to the Commerce Department. The Administration had planned to transfer the controls more or less intact. But the Commerce Department, unlike the State Department, has established procedures for "foreign availability" reviews. These procedures determine whether the product is so widely available abroad that controls are ineffective and should be lifted. Foreign availability reviews are likely to become an issue in the jurisdiction transfer, because the Justice Department, in particular, fears that exporters could take Commerce Department foreign availability decisions to the courts. Industry, on the other hand, is eager to make its case that encryption products are available abroad. Both sides feel strongly about this issue and it is likely to be a continuing point of contention. By transferring encryption controls to the Commerce Department, the Administration can do a good deed for U.S. exporters without sacrificing any important national security or law enforcement interests. Exporters should welcome this proposal, while remaining vigilant over its implementation in the months to come.
Current thread:
- IP: Crypto Jurisdiction Dave Farber (Sep 30)