Bert-Jaap Koops homepage - Crypto Law Survey
Version 22.2, August 2004
© Bert-Jaap Koops
All rights reserved. Please credit if quoting.
Please do not bookmark or link to
this page, but
refer to the main page
COCOM (Coordinating Committee for Multilateral Export Controls) was an international organization for the mutual control of the export of strategic products and technical data from country members to proscribed destinations. It maintained, among others, the International Industrial List and the International Munitions List. In 1991, COCOM decided to allow export of mass-market cryptographic software (including public domain software). Most member countries of COCOM followed its regulations, but the United States maintained separate regulations.
Its 17 members were Australia, Belgium, Canada, Denmark, France, Germany, Greece, Italy, Japan, Luxemburg, The Netherlands, Norway, Portugal, Spain, Turkey, United Kingdom, and the United States. Cooperating members included Austria, Finland, Hungary, Ireland, New Zealand, Poland, Singapore, Slovakia, South Korea, Sweden, Switzerland, and Taiwan.
The main goal of the COCOM regulations was to prevent cryptography from being exported to "dangerous" countries - usually, the countries thought to maintain friendly ties with terrorist organizations, such as Libya, Iraq, Iran, and North Korea. Exporting to other countries is usually allowed, although states often require a license to be granted.
COCOM was dissolved in March 1994. Pending the signing of a new treaty, most members of COCOM agreed in principle to maintain the status quo, and cryptography remained on export control lists.
The Wassenaar Arrangement controls the export of weapons and of dual-use goods, that is, goods that can be used both for a military and for a civil purpose; cryptography is such a dual-use good.
In 1995, 28 countries decided to establish a follow-up to COCOM, the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. The negotiations on the Arrangement were finished in July 1996, and the agreement was signed by 31 countries (Argentina, Australia, Austria, Belgium, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, the Netherlands, New Zealand, Norway, Poland, Portugal, the Republic of Korea, Romania, the Russian Federation, the Slovak Republic, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States). Later, Bulgaria and Ukraine also became a participating state to the Arrangement.
The initial provisions were largely the same as old COCOM regulations. The General Software Note (applicable until the December 1998 revision) excepted mass-market and public-domain crypto software from the controls. Australia, France, New Zealand, Russia, and the US deviated from the GSN and controlled the export of mass-market and public-domain crypto software. Export via the Internet did not seem to be covered by the regulations.
There is a personal-use exemption, allowing export of products "accompanying their user for the user's personal use" (e.g., on a laptop).
In September 1998, Wassenaar negotiations in Vienna did not lead to changes in the crypto controls, although it was apparently considered to restrict the GSN (see an article in German) and possibly also to ease controls for key-recovery crypto. (Compare an article in Swedish of March 1998.)
The Wassenaar Arrangement was revised in December 1998. Negotiations were held on 2 and 3 December 1998 in Vienna, which resulted in restrictions on the General Software Note and in some relexations:
There was no change in the provisions on public-domain crypto, so that all public-domain crypto software is still free for export. Nothing was said about electronic exports (e.g., via the Internet), which consequently remain unclear.
In its meeting of 30 November-1 December 2000, the Wassenaar states lifted the 64-bit limit for export controls on mass-market crypto software and hardware (in the Cryptography Note, clause d. (the 64-bit limit) was deleted in its reference to category 5A2, as well as the related Validity Note, see the summary). The public statement of the meeting mentioned that "Participating States recognised that it is important to continue deepening Wassenaar Arrangement understanding of how and how much to control" intangible transfers.
The Wassenaar provisions are not directly applicable: each member state has to implement them in national legislation for them to have effect. (In the entries below, I have included mention of the pre-December 1998 regulations, which will stay into effect until the government enacts new legislation to implement the Wassenaar changes.)
See the Wassenaar List (crypto is in category 5 part 2). See further the Wassenaar Arrangement page (includes contact information for various national export control authorities), a Wassenaar FAQ (by US BIS), Greg Broiles' page on the Wassenaar Arrangement, which includes links to John Young's pages on the Wassenaar Arrangement and comments on the December 1998 changes, and the GILC Wassenaar page. See also Chapter 3 of Simo-Pekka Parviainen's thesis on Cryptographic Software Export Controls in the EU. Cf. an April 1996 article on the Wassenaar Arrangement.
Back to the Table of Contents
There are no import restrictions on cryptography.
The US has signed the Wassenaar Arrangement, but does not implement the (pre-December 1998) General Software Note and generally maintains stricter controls.
Export Administration Regulations (EAR)
Cryptography export used to be controlled by the International Traffic in Arms Regulation (ITAR). At the end of 1996, cryptography export was transferred to the Export Administration Regulations of the Department of Commerce, 15 C.F.R. Parts 730-774 (see in particular sections 740.13, 740.17 and 742.15). The export policy was relaxed to favor export of data-recovery cryptography. This initiative was announced in a statement by the Vice President of 1 October 1996, and further elaborated in a November 15, 1996 executive order and memorandum, and in the Commerce Department draft Export Administration Regulations of December 30, 1996. The Department of Justice is now included in crypto export decisions. (Incidentally, the Commerce Department has "borrowed" three export control and crypto specialists from the FBI and NSA to help process license applications.)
Making available cryptography on the Internet or a BBS is considered export, unless appropriate measures are taken to prevent foreigners from accessing the cryptography.
The export rules distinguish between five categories of "encryption items" (EI).
In August 1997, a 25 July interagency draft Encryption Items Rule modifying the EAR was published on the Internet, although the Department of Commerce declined to check its authenticity. It would implement the government's key recovery policy, and clarify several issues, e.g., that electronic export to Canada is not controlled, the personal-use exemption (see below), that support documentation is not required for exports of technology or software (and removing this requirement for export to most Eastern European countries), and that export of non-key recovery financial-specific cryptography is allowed if it can by design only be used for financial applications. The regulation would also require Web server operators that allow people to download encryption software to seek an advisory opinion from the Bureau of Export Affairs. See also an article by Peter Wayner on the draft.
The Bureau of Export Administration (BXA) (now: Bureau of Industry and Security, BIS) has reviewed the export controls to determine whether they should be modified, rescinded or extended. On 8 October 1997, it released a statement "seeking comments on how existing foreign policy-based export controls have affected exporters and the general public." On 15 January 1998, it published an interim rule revising the Commerce Control List, necessary to implement the (pre-December 1998) Wassenaar Arrangement. The interim rule also imposed new reporting requirements on persons that export certain items to non-Wassenaar countries.
Two major reviews of the export controls were announced in July and in September 1998 by BXA. The 7 July announcement, which was implemented in an interim rule of 22 September 1998, introduced a licensing policy for banks and financial institutions (notably, brokers, credit-card companies, and securities firms). Non-voice crypto products can be exported by banks and financial institutions after a one-time review, with no data-recovery requirement, to 45 countries (members of the Financial Action Task Force or countries that have money-laundering laws) (Anguilla, Antigua, Argentina, Aruba, Australia, Austria, the Bahamas, Belgium, Barbados, Brazil, Canada, Croatia, Denmark, Dominica, Ecuador, Finland, France, Germany, Greece, Hong Kong , Hungary, Iceland, Ireland, Italy, Japan, Kenya, Luxembourg, Monaco, the Netherlands, New Zealand, Norway, Poland, Portugal, St. Vincent and the Grenadines, St. Kitts and Nevis, Seychelles, Singapore, Spain, Sweden, Switzerland, Trinidad and Tobago, Turkey, the UK, the US, and Uruguay). To other countries, their export-license applications will be viewed with a "presumption of approval".
On 16 September 1998, a major relaxation of export controls was announced, which was implemented in a 31 December 1998 interim rule. This entailed the following.
After the President's Export Council Subcommittee on Encryption advised in "Liberalization 2000" to ease the export controls, the goverment announced further relaxation of export controls on 16 September 1999. (At the same time as this announcement, the goverment announced the Cyberspace Electronic Security Act (CESA) 1999 to meet the perceived effects of the export changes on law enforcement and national security.) The changes were to be implemented by 15 December 1999, but were subsequently postponed. The new regulations were finally published on 12 January 2000 (the press release is less specific but much more readable). The major components of the updated policy are the following.
Since 19 October 2000, a further liberalization of export controls is effective, triggered by changes in the EU export regulations (see the Federal Register Vol. 65, No. 203, pp. 62600-10, available at BIS). The liberalization was announced on 17 July 2000. A license exception is introduced for export of any crypto product to any end user (so, the distinction between government and non-government end users is dropped) in the 15 EU countries, Australia, Czech Republic, Hungary, Japan, New Zealand, Norway, Poland, and Switzerland. Also, US exporters can ship products immediately after filing a commodity classification request, without waiting for the technical-review results or the previously used 30-day delay period.
On 6 June 2002, a further liberalization
Register Vol .67, No. 109, p. 38855). Mass-market crypto with key
exceeding 64 bits can now be exported after a 30-day review by the
Bureau of Industry
and Security (BIS) (without
having to report after export, and without national-security review).
countries and the 8 other countries (Astralia, Czech
Hungary, Japan, New Zealand, Norway, Poland, Switzerland),
crypto can be exported immediately after the review request has been
Publicly available source code can be exported to most destinations after notification.
The rule also clarifies that no review or notification is required for export to US companies and subsidiaries for internal company use; for products with short-range wireless encryption; and for items with limited encryption use.
See the fact sheet of the rule at BIS.
The "terrorist countries" are: Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.
See BIS' Wassenaar and BIS' encryption page. See also the encryption excerpts of BXA's 1997 Annual Report.
In February 1996, the ITAR rules were amended as regards personal use of cryptography. Temporary export of products for personal use was exempted from the need of a license, provided the exporter take normal precautions to ensure the security of the product, including locking the product in a hotel room or safe. The product must not be intended for copying, demonstration, marketing, sale, re-export, or transfer of ownership or control. In transit, the product must remain with the exporter's accompanying baggage. The exporter must keep records of each export for five years. Export to embargoed countries (e.g., Cuba, Libya, Syria) is prohibited. Under the new EAR, the ITAR personal use exemption is replaced by license exception TMP and BAG (see the EAR at 15 CFR 740.4 and at 740.14 and the original ITAR version). The Department of Commerce announced in February 1997 it would revise the new regulations to, among others, clarify the personal use exemption for laptop computers.
Export Administration Act
The Export Administration Act expired in August 1994, but it was extended by Executive Order 12924 by the president with the authority under the International Emergency Economic Powers Act (50 USC 1701ff). The president most recently extended the state of emergency in an order of 10 August 1999. On 9 August 1999, Senators Gramm and Enzi published a draft Export Administration Act of 1999 to reauthorize the EEA, which would maintain controls, except for items easily available abroad.
Michael Froomkin (in It came from Planet Clipper) argues that the government has no authority to steer industrial crypto policy through export regulation, and that the subsequent orders to extend the EAA can hardly be justified with a reference to a state of emergency this long.
Export case law
Export Council SubcommitteeIn April 1997, the President's Export Council Subcommittee on Encryption was established to advise the Secretary for Export Administration on the implementation of crypto export policy; it consists of approximately 25 members from the exporting community and government agencies.
The International Traffic in Arms Regulation (ITAR) restricted export of "dual-use" cryptography (that is, cryptography that can serve both civilian and military purposes) by placing it on the Munitions List. For (relatively strong) products that can encipher information, an export license was usually issued only for use by foreign branches of American enterprises and for use by financial institutions. "Weak" cryptography (e.g., with a certain maximum key-length) could also be exported.
Export of cryptography that served only authentication or integrity purposes was already ruled by the Export Administration Regulations. Some types of public-domain software were decontrolled and on the Commerce Control List.
In 1995, the Administration proposed a mitigation of the export controls. Cryptography using keys up to 64 bits (as opposed to the current maximum of 40 bits) would be exportable, provided it implements key-escrow. Criteria for exportable cryptography were discussed at two meetings in September and December 1995; criteria for the escrow agents were handed out at the December meeting.
Back to the Table of Contents
Initiatives to relax export controls
Several initiatives, as yet unsuccessful, have been taken, both in Congress and by the public, to try to mitigate the cryptography export restrictions.
Karn, Bernstein, and
A federal district court in Washington, DC, on March 22, 1996 rejected the claims of Phil Karn, stating that the case presented a political question for the two elected branches to decide. It held that the export restrictions did not violate the First Amendment. The defence appealed; on 6 November 1996, the Department of Justice filed a brief on appeal. On 21 January 1997, the appeal court remanded the case to the district court in light of the transfer of the export controls to the Department of Commerce; it did not reach the constitutional issues. In August 1997, the Department of Commerce ruled that certain programs Karn sought to export were controlled by the EAR and subject to prior licensing. Karn challenged this classification in a law suit against the DoC; in March 1998, the government moved to dismiss this law suit. On 18 February 1999, the D.C. District Court granted Karn's request for discovery and an evidentiary hearing. However, following the January 2000 revisions of the export regulations, which effectively made publicly available source code freely exportable, Karn allowed his case to be dismissed as moot. See more information on this case.
Contrary to the 1996 Karn decision, a Northern California district
court, in a December
18, 1996 decision in the case of Daniel Bernstein, who
seeked the ability to export his encryption algorithm, judged the
export regulations to be too restrictive. The disctrict judge found the
licensing system an unconstitutional prior restraint on free speech -
having ruled earlier that crypto source code was protected by the First
Amendment (see the decision
of April 15, 1996, in which she denied the government's motion to
dismiss the case). The judge called the licensing system a "paradigm of
standardless discretion", given its lack of decision time limits, of
standards for denial and of appeal provisions. The ruling does not
relate to object code. On December 30, 1996, Bernstein's lawyers asked
the government to delay enforcement of the new export
rules until they are reviewed for constitutionality.
On 25 August 1997, the federal district court affirmed its earlier decision, declaring that the Export Administration Regulations and all rules promulgated thereunder insofar as they apply to cryptography are in violation of the First Amendment on the grounds of prior restraint and are, therefore, unconstitutional. The judge enjoined the government from further enforcement of the regulations, including prosecution of "anyone who uses, discusses or publishes or seeks to use, discuss or publish [Bernstein's] encryption program and related materials." The government, on 28 August 1997, requested a stay of the Court's order pending appeal, which was granted for the most part; Bernstein could, however, publish his program on the Internet after 8 September. See the de cision of August 25, 1997.
On 6 May 1999, the Court of Appeals for the Ninth Circuit held (two to one) that the EAR are an unconstitutional prior restraint on free speech in violation of the First Amendment, arguing that source code is expressive speech entitled to First Amendment protection. Judge Nelson dissented. The government filed a motion for reconsideration on 21 June 1999, which was granted on 30 September. An 11-judge "en banc" panel of the Court was to re-examine the case on 21 March 2000, but, as requested by Bernstein on 3 March, the Court of Appeals on 12 April remanded the case back to the district court for reconsideration in light of the January 2000 revisions of the export regulations. Eventually, however, due to repeated assurances by the DoJ attorney Coppolino that the government would not enforce several portions of the regulations, the case was dismissed. So, in October 2003, Bernstein announced that the case had come to an end (for now).
See the Bernstein archive.
In August 1996, law professor Peter Junger filed suit to challenge the ITAR regulations, saying they restricted his ability to teach a cryptography course, as foreign students are attending his classes; he wants to publish his class materials on the WWW server. Following the Bernstein decision (see above), Junger filed an amended complaint against the EAR regulations. On 2 July 1998, in Junger v. Daley (N.D. Ohio, 1:96-CV-1723), the US District Court for the Northern District Court of Ohio dismissed Junger's claim, arguing that encryption source code is not sufficiently expressive to merit First Amendment protection. Therefore, crypto export is not protected conduct under the First Amendment, and export regulation passes constitutional muster. On appeal, this decision was reversed. In Junger v. Daley, 2000 FED App. 0117P (6th Cir.) of 4 April 2000, the Court of Appeals for the Sixth Circuit stated that computer source code merits First Amendment protection, since it is a means of expression among cryptographers: "for individuals fluent in a computer programming language, source code is the most efficient and precise means by which to communicate ideas about cryptography". Thus, the case was remanded to the District Court to further consider the crypto export regulations (as revised in January 2000) under the Constitution.
See various documents in this case, and another page.
Back to the Table of Contents
Three bills were proposed in 1996 to ease export controls. Senator Leahy's bill, proposed on 5 March 1996, the Encrypted Communications Privacy Act (S. 1587), reintroduced 27 February 1997 (S. 376), would, among others, relax export controls, allowing generally available or public-domain crypto to be exported. At the same time, Representative Goodlatte introduced a similar bill, Security And Freedom through Encryption (SAFE) Act of 1996 (H.R. 3011), reintroduced on 12 February 1997 (H.R. 695). On 30 April 1997, the House Subcommittee on Courts and Intellectual Property unanimously approved the SAFE bill. On 14 May 1997, the House Judiciary Committee also unanimously approved the SAFE bill, after adopting three amendments (one to the criminal provision (ensuring that it only criminalizes crypto use with the intention to cover up a federal felony), one to correct a technical oversight, and one to direct the Attorney General to compile and maintain data on the instances in which cryptography hampered the investigation). On 24 June 1997, the House International Relations Subcommittee on International Economic Policy and Trade approved the SAFE act. The House International Relations Committee approved the bill on 22 July 1997, rejecting an amendment to reinstate strict controls if relaxation would turn out to harm national security. The House National Security Committee radically amended the Bill to include the Secretary of Defense in export decisions (Weldon/Dellums amendment), whereas the House Permanent Select Committee on Intelligence replaced the language of the bill with domestic controls (see below) as well as strengthening export controls (Goss/ Dicks amendment). The House Commerce Committee, on 25 September 1997, rejected an amendment by Oxley/Manton to strengthen export controls, and adopted a version by Markey and White to remove export controls. Given the many conflicting versions of the bill, the SAFE Act was not put to a vote, especially since the chair of the House Rules Committee, Solomon, stated to only move the Act to the floor if it contains (Oxley/Manton) mandatory key escrow. (See below on the re-introduced bill.)
In May 1996, Senator Burns launched a bill, Promotion of Commerce Online in the Digital Era (Pro-CODE) Act of 1996 (S. 1726), reintroduced 27 February 1997 (S. 377). The bill would relax export controls for generally available or mass-market cryptography. The 1997 bill would additionally establish an Information Security Board to give law-enforcement agencies special access to the development of new plans for privacy-enhancing technologies.
The Kerrey-McCain bill, Secure Public Networks Act (see below), introduced June 1997, would allow export of 56-bit non-key recovery cryptography under a license. Key recovery cryptography would be exportable regardless of key length, under a license. An inofficial draft amendment circulating in the government by August 1997 would somewhat relax the export provisions of the bill (export of crypto with a recovery feature, regardless whether it is activated, would be granted; an Advisory Board would recommend to the President whether larger than 56-bit crypto could be decontrolled; and the power to prohibit any exports "contrary to US security interests" would be dropped). On 4 March 1998, the senators announced a new, largely similar, version of their bill.
The Computer Security Enhancement Act of 1997 (HR 1903) would require the Commerce Department, upon request, to take into account the foreign availability of comparable crypto in deciding the export of crypto products. The Act was cleared in the House on 16 September 1997.
On 12 May 1998, senators Ashcroft and Leahy introduced the E-PRIVACY Act ("Encryption Protects the Rights of Individuals from Violation and Abuse in Cyberspace"). This would relax export controls, lifting the restrictions for exporting generally available crypto products after a one-time review by the Secretary of Commerce; this also valid for products if a like product of similar strenght is commercially available outside the US from a foreign supplier, which is to be determined by an Encryption Export Advisory Board. The same holds for "interface mechanisms for interaction with other encryption products" which do not themselves provide encryption capabilities. For other crypto, an export advisory board would make recommendations on its exportability.
On 25 February 1999, Rep. Goodlatte reintroduced the Security And Freedom through Encryption Act (SAFE) (H.R. 850). The bill would limit export license requirements for generally-available or public-domain cryptography to a one-time, 15-day technical review. Export would be allowed for more specialized products to the 45 countries on the "financial export" list (see above) or if a similar product is available abroad without export restrictions. The SAFE Act was approved by the Commerce Committee on 23 June 1999 (with amendments) and by the International Relations Committee on 13 July 1999 (with amendments tightening certain provisions). The Permanent Select Committee on Intelligence amended and approved the bill on 15 July; the amendments will be viewed as suggestions only, since the Committee has no jurisdiction over the bill. The Armed Services Committee substantially amended and approved the bill on 21 July 1999; an amendment would permit the president, unsubjected to judicial review, to block export if it is contrary to national-secyrity interests. Subsequently, the bill went to the Rules Committee to reconcile the competing versions into one that will be presented to the full House.
On 14 April 1999, Sen. McCain introduced the Promote Reliable On-Line Transactions to Encourage Commerce and Trade (PROTECT) Act of 1999 (S. 798). This bill would allow unlimited crypto export to member states of NATO, OECD, and ASEAN, and limit export to other countries to 64-bit key-length crypto. An Encryption Export Advirosy Board would periodically research foreign availability of cryptography and advise amendments accordingly. The Bill passed the Commerce, Science, and Transportation Committee on 23 June 1999.
On 9 August 1999, Senators Gramm and Enzi published a draft Export Administration Act of 1999 to reauthorize the EEA, which would maintain controls, except for items easily available abroad and mass-market items. On 27 July 1999, as an alternative to the SAFE Act, Rep. Goss introduced the Encryption for National Interests Act (H.R. 2616), which would, among others, remove key recovery as a factor in any export controls, and allow exports of up to 64-bit symmetric crypto (level to be increased every six months).
See for more information the Pro-crypto Legislation Archive.
On 5 September 1997, the California legislature passed a resolution asking for a revision of federal crypto export controls, supporting the proposed SAFE Act (the original version, see above).
Back to the Table of Contents
The Department of Commerce recommended easing export controls after a joint study with the National Security Agency found that the export restrictions harm US business.
In June 1996, the National Research Council released its long-awaited study on cryptography policy. It recommended that export controls be progressively relaxed, but not eliminated. Products providing confidentiality at a level that meets most general commercial requirements should be easily exportable; for today, this would mean allowing export of 56-bit symmetric encryption products. Export of stronger cryptography (i.e., today, using more than 56 bits) should be exportable on an expedited basis to a list of approved companies if the proposed user agrees to provide the US government access to decoded information.
According to a draft paper Enabling Privacy, Commerce, Security and Public Safety in the GII, the government is working toward a policy that will readily license export of key-escrow systems, once the needed infrastructure and government-to-government agreements are in place.
See for more information and links the Cryptography Export Control Archives and John Young's Arms Control Essays.
Back to the Table of Contents
The Digital Millennium Copyright Act (Public Law 105-304, H.R. 2281, also called WIPO Copyright Treaties Implementation Act) was approved on 12 October 1998 by the House and signed by the President on 29 October 1998. It creates penalties for circumventing copyright-protection systems. Although limited exemptions for circumventing such systems for the purposes of cryptography research were included in the Act, cryptographers were still concerned that crypto research and the development of cryptanalytic tools would be hindered. (Compare EPIC's testimony.) The Rulemaking on Exemptions from Prohibition on Circumvention of Technological Measures that Control Access to Copyrighted Works of the Copyright Office, effective from 28 October 2000 until 28 October 2003, contains two exemptions (related to filtering and malfunctioning software).
Compare EFF's archive of DMCA cases.
In the case of United States v. Scarfo, the US District Court for the District of New Jersey held on 26 December 2001 that the federal wiretapping law and the Fourth Amendment allow the use of a "key logger" that intercepts a passphrase to an encrypted file, provided that the system does not operate while the computer is communicating with other computers. Because of a plea agreement, there will be no appeal in this case. See EPIC's Scarfo page.
Escrowed Encryption Standard (Clipper)
In 1993, the Clinton Administration announced the Escrowed Encryption Initiative (EEI), usually referred to as the Clipper Initiative, after its first implementation in the Clipper chip. A classified, secret-key algorithm, SKIPJACK, has been implemented in an Escrowed Encryption Standard (EES). The reported basic idea of the EEI is to provide citizens with a safe cryptosysem for securing their communications without threatening law enforcement. The EES procures law enforcement access by means of a Law Enforcement Access Field (LEAF) that is transmitted along with each encrypted message; the field contains information identifying the chip used. Law enforcement agencies wire-tapping communications encrypted with EES can decipher tapped messages by obtaining the two parts of the chip's master key that are deposited with two escrow agencies (National Institute of Standards and Technology and the Treasury Department's Automated Systems Division), provided they have a court order for the tapping.
Following criticisms on the choice of escrow agents, the government came up with commercial key escrow ("Clipper II"), a scheme in which the escrow agents can be independent organizations chosen by cryptography users.
The EES is a voluntary standard to be used in telephone communications. Privacy advocates fear that the government may declare escrowed encryption obligatory once it has captured a sufficient portion of the market. The EES has been generally rejected, though.
In March 1997, the Department of Defense announced that the NSA, developer of the Fortezza card (implementing the key-escrow system of the EES), would no longer implement the EES; instead, it would work to adopt key recovery as promoted by the US government (see below).
Key Management Infrastructure
In its May 1996 draft paper "Enabling Privacy, Commerce, Security and Public Safety in the GII"(referred to by opponents as Clipper III), the government proposes the establishment of a key management infrastructure (KMI) that incorporates key escrow. Participation in the KMI would be voluntary, and choice of encryption algorithms would be free. A Policy Approving Authority would certify Certification Authorities (CAs); it would also be responsible for setting CA performance criteria to meet law enforcement's needs. Users should escrow keys with an Escrow Authority (either the CA or an independent EA) before they can get a public-key certificate. Self-escrow is considered an acceptable option, if the corporate CAs can meet necessary performance requirements, including independence from the rest of the organization and handing over keys to law enforcement.
On December 5-6, 1996, a Technical Advisory Committee (website no longer available) to Develop a Federal Information Processing Standard (FIPS) for the Federal KMI held its first meeting. A report of the meeting expressed doubt on the viability of the process, due to the difference of opinion between business and government on the need for a key-recovery standard. Various subsequent meetings were held in 1997 and 1998. In mid-1998, the Committee announced it could not reach an agreement on a final FIPS recommendation. The charter of the TACDFIPSFKMI was renewed in August 1998 to conintue work on the requirements for key-recovery products. It released a report on proposed key-recovery standards, for which comments could be submitted until 4 November 1999 (website no longer available).
Broad Encryption Policy
The 1 October 1996 statement by the Vice President, covering export controls, also refers to domestic crypto use. The temporary relaxation of export controls is part of a broader encryption policy, which claims to be broadly consistent with the NRC recommendations. Domestic use of key-escrow cryptography will be voluntary, and the choice of an encryption system remains free. The government will, however, promote key-escrow cryptography by expanding the purchase of key-escrow products for itself, promoting key-escrow cryptography in international discussions, and stimulating the development of innovative key-escrow products and services. The Administration will also seek legislation to facilitate commercial key-escrow, including liability issues for releasing keys.
On November 15, 1996, the government appointed ambassador Aaron as "special envoy for cryptography". He will promote international cooperation and coordinate US contacts with foreign governments on encryption matters. On 18 June 1997, the Electronic Privacy Information Center (EPIC) filed a lawsuit to seek public disclosure of the travel records of ambassador Aaron. EPIC acquired the travel records in January 1998.
Annual report on criminal crypto use
A 2 October 1996 law (HR 3723) includes an amendment requiring the US Sentencing Commission to report annually on the use of computer encryption to conceal criminal activity. Likewise, by law S. 1769 signed on 2 May 2000, section 2519(2) (b) (iv) of title 18 U.S.C. requires the Department of Justice to generally report on law-enforcement encounters with encrypted communications in the execution of wiretap orders. The President's Statement specifies that only general aggregate data on the total number of crypto encounters will be provided.
Draft Key Recovery Legislation
At the end of March 1997, a Draft Key Recovery Legislation dating from 12 March was published: the "Electronic Data Security Act of 1997". The Act would promote a Public Key Infrastructure with key recovery by registering (private or (foreign) government) Certification Authorities (CAs) and (private or government) Key Recovery Agencies (KRAs). A registered CA may only issue a public key certificate if the user provides a registered KRA with sufficient information to allow timely plaintext recovery by law-enforcement or national security. KRAs - both registered and unregistered - shall disclose recovery information to government agents with a warrant or upon receipt of a written authorization by the Attorney General. After complaints that use of a written authorization without judicial review could violate the Fourth Amendment, in May 1997, the government amended the draft law to clarify that the same legal criteria would apply for disclosing recovery information as for wiretapping. The facts of release of recovery information to government agencies may not be disclosed. Those who intentionally undermine certain provision of the Act (such as issuing public key certificates to persons while knowing they do have not provided sufficient information to a KRA) are subject to civil penalties; the penalties are limited for registered CAs and KRAs. Such activities are also criminally punishable with up to five years' imprisonment. Likewise, the use of encryption in furtherance of the commission of a criminal offense can be punished with six months' to five years' imprisonment (having used key recovery which is reasonably available to the government is an affirmative defense). People packaging encryption products must label them to inform the user whether the product uses registered KRAs. Finally, the President shall conduct negotiations with other countries on the mutual recognition of registered KRAs. The draft legislation affirms that use of any encryption shall be lawful except as provided in the Act or other law (which currently means any encryption use is lawful except in furtherance of a crime), and that use of the key recovery infrastructure is voluntary. The government is no longer seeking a sponsor for the draft bill.
The government's Framework for Global Electronic Commerce restates the (voluntary) key recovery approach. In a 4 March 1998 letter to Senatory Daschle, Vice-President Gore reiterated the government's commitment to encouraging voluntary key recovery; it reaffirmed that the administration will not pursue mandatory key recovery. Rather, the government will pursue a dialogue between industry and law enforcement.
Cyberspace Electronic Security
Act of 1999
On 16 September 1999, together with the announcement of export relaxation, the goverment proposed a draft Cyberspace Electronic Security Act of 1999. This contains provisions on law enforcement accessing crypto keys stored with third parties, but there is no requirement for users to use key-recovery crypto. The FBI's Technical Support Center will be given $80 million over four years, to help law enforcement "in responding to the increasing use of encryption by criminals". Moreover, to ensure "that sensitive investigative techniques and industry trade secrets remain useful", there will be protections "from unnecessary disclosure in litigation and criminal trials involving encryption", which indicates that the prosecution should not have to detail how they obtained decrypted information; such protection should, however, be consistent with fully protecting defendants' rights to a fair trial.
An earlier version of this bill suggested the power to alter "hardware or software that allows plaintext to be obtained even if attempts were made to protect it through encryption", effectively allowing the goverment to perform secret break-ins and alterations in computers. This was not reiterated in the final draft.
Domestic Security Enhancement Act 2003
A draft Domestic Security Enhancement Act 2003 (Patriot II) of 9 January 2003 leaked out in February 2003 (see the text, also in pdf). Section 404 would criminalize the knowing and wilful use of crypto to conceal a federal crime, with a punishment of up to 5 years for first offenses or 10 years for second or subsequent offenses. The explanatory report suggests that these "additional penalties are warranted to deter the use of encryption technology to conceal criminal activity". The bill has not been submitted to Congress.
On 16 June 1997, Senators Kerrey, McCain, and Hollings introduced a bill largely similar to the government draft key-recovery legislation, the Secure Public Networks Act (S. 909). It has similar provisions on registration of CAs and KRAs, on criminalization of encryption in furtherance of a criminal offense, on release of recovery information (under broader conditions than the June amendment to the government bill), on international negotiations, and on the voluntary nature of the infrastructure. Additionally, it would require government use and government funding of encryption products to be based on key recovery crypto, establish an Information Security Board, and provide a waiver authority for the president in cases affecting national security. The bill was approved by the Senate Commerce Committee on 19 June 1997, including several amendments. See more information on the bill by CDT.
An inofficial proposed amendment to the Secure Public Networks Act, circulating in the government by the end of August 1997, would prohibit the manufacture, distribution, sale or import of non-key recovery cryptography (not its use or possession). The draft amendment contains several other changes, e.g., dropping the requirement for CA registration that the CA ensures recovery information to have been escrowed. In a 3 September 1997 Senate subcommittee hearing, FBI Director Freeh backed this draft legislation, but saying that key recovery should be mandatory, not voluntary; Commerce Undersecretary Reinsch commented that this was not the administration's policy. According to Jim Bidzos, President Clinton at a private dinner in September 1997 also stated not to support the domestic encryption controls being considered in Congress. In February 1998, Kerrey and McCain were said to circulate a somewhat revised version of their bill, requiring a court order for law enforcement access, and dropping the link between digital-signature-key certification and key recovery. On 4 March 1998, the senators announced a new version of the bill, which retains the establishment of an advisory board to decide upon easing export restrictions; in the new version, the board would consist of eight industry and four government representatives.
Goodlatte's SAFE Act (see above), aimed at relaxing export controls, was substantially amended by the House Permanent Select Committee on Intelligence, effectively imposing mandatory key escrow (the Goss/Dicks amendment). The House Commerce Committee, on 25 September 1997, rejected a similar amendment (Oxley/Manton); instead, it adopted an amendment by Markey and White to create a National Electronic Technologies (NET) Center, a federal information clearinghouse on encryption, which is to assist law enforcement by examining techniques to facilitate the efficient access to plaintext. Also, the amendment doubled the penalty for using encryption in furtherance of a felony. Goodlatte's prohibition of mandatory key escrow was maintained by the Commerce Committee. The SAFE did not make it to a vote in the House, given the many competing versions, and given that the chair of the House Rules Committee, Solomon, had declared to only move the Act to the floor if it contained a mandatory key escrow provision. The SAFE act was reintroduced in 1999, see below.
The Leahy bill (see above) would penalize the use of encryption in furtherance to a felony, if the encryption is intended to obstruct investigation. It creates a framework for key escrow agents, including strict requirements for law enforcement access; anyone is free to use non-escrowed cryptography. On June 27, 1995, Senator Grassley introduced the Anti-Electronic Racketeering Act (S.974), which, if enacted, would virtually ban encryption. Only the use of escrow-like software would be an affirmative defense for those prosecuted for using cryptography. The bill doesn't seem to have much support at present.
The E-PRIVACY Act of Ashcroft and Leahy, introduced on 12 May 1998, would also penalize using cryptography to conceal incriminating information in the commission of a federal felony with 5-10 years' imprisonment. Like the Markey/White amendment to the SAFE act (see section above), the bill would create a NET Center to assist law enforcement. The bill would prohibit the government from mandating key escrow or key recovery.
On 25 February 1999, Rep. Goodlatte reintroduced the Security And Freedom through Encryption Act (SAFE) (H.R. 850) (see above for Congressional developments). SAFE would safeguard everyone's right to use cryptography, prohibit the government from mandating key recovery, and it would penalize crypto use to conceal criminal conduct. The Commerce Committee, on 23 June 1999, amended the act, making it a crime not to comply with a decryption order, with penalties of up to ten years. The Permanent Select Committee (which does not have jurisdiction over the bill), on 15 July 1999, added a provision to permit law enforcement to gain access to decryption information with a warrant.
On 14 April 1999, Sen. McCain introduced the Promote Reliable On-Line Transactions to Encourage Commerce and Trade (PROTECT) Act of 1999 (S. 798) (see above for Congressional developments). The bill prohibits the government from mandating key recovery. It does not contain a provision to criminalize the use of crypto to cover up a crime.
On 27 July 1999, Rep. Goss introduced the Tax Relief for Responsible Encryption Act of 1999(H.R. 2617), which would offer a 15% tax credit for the costs of developing and producing recoverable cryptography (i.e., systems which can provide the government with plaintext without the user's knowledge). Also on 27 July 1999, as an alternative to the SAFE Act, Rep. Goss introduced the Encryption for National Interests Act (H.R. 2616), which would, among others, allow domestic use of all crypto, not mandate key recovery, and require a court warrant for accessing encrypted data or communications.
See the EFF Privacy, Security, Crypto, Surveillance Archive and the EPIC Key Escrow Page.
Back to the Table of Contents
The Leahy bill (see above) affirms the right of citizens to use encryption without restrictions in the US (except in furtherance to a felony to impede law enforcement). The Burns bill (see above) also affirms the right to freely use encryption; besides, it would limit the authority of the federal government to set standards for encryption products used by businesses and individuals, particularly standards which result in products with limited key lengths and key escrow. The E-PRIVACY Act (see above) would similarly prohibit the government from mandating key escrow or key recovery.
Representative Markey introduced a bill on 19 June 1997, the Communications Privacy and Consumer Empowerment Act (H.R. 1964). The bill would prohibit restrictions on the use or sale in interstate commerce of encryption software, regardless of the medium used or length of encryption key. Further, the government would be prohibited from conditioning certificates of authority or certificates of authentication upon any key escrow system.
The June 1996 National Research Council study Cryptography's role in Securing the Information Society, which was requested by Congress, favors widespread encryption. It says the government should promote widespread commercial use of cryptography. The government can explore key escrow systems for its own use, but it should not push others to use it; even if the current many unresolved questions regarding key escrow were resolved, adoption of escrowed encryption (or of any other standard) should be voluntary.
Advanced Encryption Standard
NIST has approved an Advanced Encryption Standard (AES), FIPS 197, the successor of DES.
Minimum acceptability requirements, evaluation criteria, and submission requirements were discussed at a 15 April 1997 workshop. The object of NIST was to create a standard with significant advantages over triple-DES. The standard should use a strong algorithm, regardless of the legal climate, with a (possibly variable) large key length (at least 128 bits). On 12 September 1997, NIST put out a call for candidate algorithms. Fifteen proposals were narrowed down to five, of which on 2 October 2000 Rijndael was selected as the draft FIPS. A notice was published in the Federal Register on 28 February 2001, opening a 90-day public-comment period. After incorporating minor changes from submitted comments, Rijndael was officially approved and announced in the Federal Register, becoming effective on 26 May 2002.
Back to the Table of Contents
© Bert-Jaap Koops, 1996-2004. All rights
Updated on 11 August 2004.
research | crypto law survey | publications | personal
FAQ | new | sources | addresses