IP: PECSENC Recommendations on Crypto Export

[David Farber <farber () cis upenn edu>]

> Date: Thu, 26 Aug 1999 12:00:42 -0400
> From: denning () cs georgetown edu (Dorothy Denning)
> Subject: PECSENC Recommendations on Crypto Export
>
> The recommendations of the President's Export Council Subcommittee
> on Encryption (PECSENC) are on my Web site at
>
>  http://www.cs.georgetown.edu/~denning/crypto/lib2000.html.
>
> My understanding is that they have been sent to Commerce Secretary Daley
> and that they go to the full PEC tomorrow for approval and transmission
> to the President.
>
> There are 10 recommendations, which I have included below. The report
> gives the justification behind them.
>
> Dorothy
> --------
>
> President's Export Council Subcommittee on Encryption
>
> Liberalization 2000:
> Recommendations for Revising the Encryption Export Regulations
>
> I.  Reporting Requirements
>
> Recommendation:  Eliminate reporting requirements for exports under
> License Exception ENC, License Exception KMI, and "Recoverable"
> Encryption ELAs.
>
> II.  License Free Zones
>
> Recommendation:  Create a "license-free zone" by eliminating export
> approval requirements for encryption products sent to countries that do
> not present a significant national security concern related to U.S.
> encryption items.
>
> III.  ENC/Sector Expansion
>
> Recommendation:  Expand the scope of the current License Exception ENC
> to add critical infrastructure industries, friendly governments, and
> multi-lateral organizations as additional sectors.  (This should apply
> to trusted sectors located or based in those countries that are eligible
> for ENC treatment, but are not included in a "License Free Zone")
>
> IV.  On-Line Merchants
>
> Recommendation:  Allow export of general purpose encryption products to
> on-line merchants under License Exception ENC.
>
> V.  Mass-market Hardware and Software
>
> Recommendation:  Expand License Exceptions TSU and ENC to allow export
> of mass-market hardware and software encryption with key lengths of 128
> bits or equivalent strength including triple DES.
>
> VI.  Encryption Licensing Arrangements
>
> Recommendation:  Expand the use of flexible licenses such as Encryption
> Licensing Arrangements to other areas of the EAR.
>
> VII.  Applications that call Cryptographic Application Programming
> Interfaces (APIs)
>
> Recommendation:  Exempt applications that access cryptographic APIs from
> EI controls.
>
> VIII.  Chips, Linkable Modules, Toolkits
>
> Recommendation:  Remove exclusion of encryption chips, integrated
> circuits, toolkits, executable or linkable modules from export
> provisions of License Exception ENC/56-bit.  Include encryption chips,
> integrated circuits, toolkits, executable or linkable modules, source
> code and technology under License Exception ENC provisions to all
> sectors authorized to receive encryption commodities and software of
> unlimited key strength.
>
> IX.  Infrastructure Management and Integrity Uses of Cryptography
>
> Recommendation:  Exempt uses of cryptography for infrastructure
> management and integrity functions from EI controls.
>
> X.  Recoverable products
>
> Recommendation:  Provide "recoverable" encryption products with similar
> export privileges as those given to key recovery encryption products
> under License Exception KMI.