[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] Reinsch on U.S. Crypto Policy
- To: debate@fitug.de
- Subject: [FYI] Reinsch on U.S. Crypto Policy
- From: Horns@t-online.de (Axel H. Horns)
- Date: Thu, 20 May 1999 18:21:27 +0100
- Comment: This message comes from the debate mailing list.
- Organization: Private Site
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
http://207.96.11.93/press/99/WARMay18-99.htm
------------------------------- CUT -------------------------------
Bureau of Export Administration
U. S. Department of Commerce
Testimony of William A. Reinsch
Under Secretary for Export
Administration
Department of Commerce
Before the
House Committee on International Relations
Subcommittee on International Economic
Policy
and Trade
Encryption: Security in a High Tech Era
May 18, 1999
Thank you, Madam Chairman, for the opportunity to
testify on the direction of the Administration's
encryption policy. We have made a great deal of
progress since my last testimony before this
Committee on this subject.
Even so, encryption remains a hotly debated
issue. The Administration continues to support a
balanced approach which considers privacy and
commerce as well as protecting important law
enforcement and national security equities. We
have been consulting closely with industry and
its customers to develop a policy that provides
that balance in a way that also reflects the
evolving realities of the market place.
The Internet and other digital media are becoming
increasingly important to the conduct of
international business. There were 43.2 million
Internet hosts worldwide last January compared to
only 5.8 million in January 1995. One of the many
uses of the Internet which will have a
significant effect on our everyday lives is
electronic commerce. According to a recent study,
the value of e-commerce transactions in 1996 was
$12 million. The projected value of e-commerce in
2000 is $2.16 billion. To cite one example,
travel booked on Microsoft's Website has doubled
every year since 1997, going from 500,000 to an
estimated 2.2 million this year. Many service
industries which traditionally required
face-to-face interaction such as banks, financial
institutions and retail merchants are now
providing cyber service. Customers can now sit at
their home computers and access their banking and
investment accounts or buy a winter jacket with a
few strokes of their keyboard.
Furthermore, most businesses maintain their
records and other proprietary information
electronically. They now conduct many of their
day-to-day communications and business
transactions via the Internet and E-mail. An
inevitable byproduct of this growth of electronic
commerce is the need for strong encryption to
provide the necessary secure infrastructure for
digital communications, transactions and
networks. The disturbing increase in computer
crime and electronic espionage has made people
and businesses wary of posting their private and
company proprietary information on electronic
networks if they believe the infrastructure may
not be secure. A robust secure infrastructure can
help allay these fears, and allow electronic
commerce to continue its explosive growth.
[...]
This past year, we also made progress on
developing a common international approach to
encryption controls through the Wassenaar
Arrangement. Established in 1996 as the successor
to COCOM, it is a multilateral export control
arrangement among 33 countries whose purpose is
to prevent destabilizing accumulations of arms
and civilian items with military uses in
countries or regions of concern. Wassenaar
provides the basis for many of our export
controls.
In December, through the hard work of Ambassador
David Aaron, the President's special envoy on
encryption, the Wassenaar Arrangement members
agreed on several changes relating to encryption
controls. These changes go a long way toward
increasing international security and public
safety by providing countries with a stronger
regulatory framework for managing the spread of
robust encryption.
Specific changes to multilateral encryption
controls include removing multilateral controls
on all encryption products at or below 56 bit and
certain consumer items regardless of key length,
such as entertainment TV systems, DVD products,
and on cordless telephone systems designed for
home or office use.
Most importantly, the Wassenaar members agreed to
remove encryption software from Wassenaar's
General Software Note and replace it with a new
cryptography note. Drafted in 1991, when banks,
government and militaries were the primary users
of encryption, the General Software Note allowed
countries to permit the export of mass market
encryption software without restriction. The GSN
was created to release general purpose software
used on personal computers, but it inadvertently
encouraged some signatory countries to permit the
unrestricted export of encryption software. It
was essential to modernize the GSN and close the
loophole that permitted the uncontrolled export
of encryption with unlimited key length. Under
the new cryptography note, mass market hardware
has been added and a 64-bit key length or below
has been set as an appropriate threshold. This
will result in government review of the
dissemination of mass market software of up to 64
bits.
I want to be clear that this does not mean
encryption products of more than 64 bits cannot
be exported. Our own policy permits that, as does
the policy of most other Wassenaar members. It
does mean, however, that such exports must be
reviewed by governments consistent with their
national export control procedures.
Export control policies without a multilateral
approach have little chance of success.
Agreement, by the Wassenaar members, to close the
loophole for mass market encryption products is a
strong indication that other countries are
beginning to share our public safety and national
security concerns. Contrary to what many people
thought two years ago, we have found that most
major encryption producing countries are
interested in developing a harmonized
international approach to encryption controls.
At the same time, we recognize that this is an
evolutionary process, and we intend to continue
our dialogue with industry. Our policy should
continue to adapt to technology and market
changes. We will review our policy again this
year with a view toward making further changes.
An important component of our review is input
from industry, which we are receiving through our
continuing dialogue.
[...]
------------------------------- CUT -------------------------------