[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] U.S.: BXA Unrestricted Encryption Source Code ?


------------------------------- CUT ---------------------------------

5 January 2000
Source: http://www.steptoe.com/webdoc.nsf/Files/regs/$file/regs.pdf 

"Revised Draft of the BXA's Proposed Encryption Regulations," 17 
pages. Stewart Baker, with Steptoe and Johnson (document source), is 
a member of the President's Export Council Subcommittee on Encryption 
(PECSENC). This is a note on the document from a newletter by Steptoe 
dated January 5, 2000:  

The Bureau of Export Administration (BXA) has released a revised 
draft of its proposed new encryption regulations to selected industry 
groups for comment.  The new draft incorporates several significant 
further liberalizations, including changes to the definitions of the 
terms "retail," "government," and "open cryptographic application 
programming interfaces (CAPIs)," a relaxation of restrictions on the 
export of source code, and other revisions to the export reporting 
requirements and review process. BXA has said that its goal is to 
release new regulations by January 14, 2000, after incorporating 
public comments on the attached draft.  

[Note: the first page is headed "DRAFT - 12/10/99;" all other pages 
are headed "DISCUSSION DRAFT II - 12/17/99." No other identification 
on the document. Type style as in the original.]  

This is the revised version of the November 19 discussion draft. The 
November 19 draft laid out elements of the encryption export 
regulation which will implement the new policy announced on September 
16, 1999. This draft reflects the various comments received on the 
first draft. There are substantial changes in the sections dealing 
with source code, retail products, reporting requirements, and the 
definition of governments and open cryptographic interfaces. There is 
a new section clarifying the requirements for exports to 
telecommunications and internet service providers and on screening 
internet ales to government end-users. Our new goal is publication of 
the actual regulation by January 14, 2000. Comments are welcome and, 
as before, should be sent to jlewis@bxa.doc.gov.  


(e) Unrestricted Encryption Source Code 

(1) Encryption source code controlled under 5D002 which would be 
considered publicly available under Section 734.3(b)(3) and which is 
not subject to an express agreement for the payment of a licensing 
fee or royalty for further commercial production or sale of any 
product developed with the source code is released from EI controls 
and may be exported or re-exported without review under License 
Exception TSU, provided you have submitted written notification to 
BXA of the Internet address (e.g. URL) or a copy of the source code 
by the time of export. Submit the notification to BXA and send a copy 
to ENC Encryption Request Coordinator (see Section 740.17(g)(5) for 
mailing addresses).  

(2) You may not knowingly export or re-export source code or products 
developed with this source code to Cuba, Iran, Iraq, Libya, North 
Korea, Sudan or Syria.  

(3) Posting of the source code on the Internet (e.g., FTP or World 
Wide Web site) where the source code may be downloaded by anyone 
would not establish "knowledge" as described in subparagraph (2) of 
this section. In addition, such posting would not trigger "red flags" 
necessitating the affirmative duty to inquire under the "Know Your 
Customer" guidance provided in Supplement No. 3 to Part 732.  


------------------------------- CUT ---------------------------------