[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] BXA meets end of the year deadline
- To: debate@fitug.de
- Subject: [FYI] BXA meets end of the year deadline
- From: Horns@t-online.de (Axel H. Horns)
- Date: Mon, 4 Jan 1999 17:37:53 +0100
- Comment: This message comes from the debate mailing list.
- Organization: Private Site
- Priority: normal
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
Crypto-Controls Advisory Service - a MK Technology Affiliate
schreibt:
http://www.cryptocontrols.com/news/stories/010499.html
--------------------------------- CUT -------------------------------
BXA meets end of the year deadline by publishing
major crypto changes
BXA just barely met its commitment to
publishing by year-end the regulation
implementing the September 1998
announcement to
decontrol 56-bit encryption hardware and software.
The reg appeared in the New Year's Eve edition of the
Federal Register.
Generally, exporters of 56-bit crypto products will
see some relief, yet, as always, certain items are
excepted from license exception treatment, like tool
kits and chips. BXA listened closely to industry
groups with which it consulted during the drafting
process and the resulting reg, while complicated,
makes more sense then it seemed to in initial drafts.
For example, BXA yielded to industry pressure to make
non-recoverable products formerly eligible for KMI
(September 22, 1998 rule) eligible for the new
license exception ENC. In addition, BXA won a victory
for industry by permitting key exchange sizes for
56-bit products up to 1024 bits.
Products using 56-bit DES or equivalent algorithms
will now be generally exportable to all destinations
except the T-7 under the new license exception ENC.
"Strong crypto" will be allowed for U.S. subs, banks,
financial institutions and insurance companies,
health service providers and on-line merchants under
ENC. The key thing here is that there are different
reporting requirements depending on the type of
end-user.
Here are a few highlights of the new regs:
All products have to undergo a one time review
to qualify for ENC. (If an item has been
classified or licensed by BXA then it is not
necessary to go in again) The reg makes it clear
that distributors and resellers can use take
advantage of product reviews undertaken by the
manufacturers and use ENC without having to go
in themselves. Except for exports to U.S. subs,
tool kits, encryption chips/ic's and executable
or linkable modules DO NOT qualify for ENC.
Source code can be exported to U.S. subs under
ENC for "internal company proprietary use." Any
product previously reviewed, whether as part of
a 40-bit Mass Market review, a KMI review or an
ELA, can be exported under ENC to any
destination except the T-7 with increased key
lengths up to and including 56 bits. However,
the company must certify by March 31, 1999 that
the only change to the crypto is the increased
key length. Those do not make that deadline will
have to submit a classification request. There
are NO reporting requirements for exports to: -
U.S. subs (any key length) - any end-user of
"financial specific" software (any key length) -
banks and financial institutions (any key
length). However, for those countries outside
Supplement 3, and ELA is required. There ARE
reporting requirements for exports to: - 56-bit
products destined for all military and
government end-users for non-mass market
products - Health and medical end-users (any key
length) - "On-line" merchants (any key length) -
Distributors, resellers or other entities who
are not manufactures can use an ELA obtained by
the manufacturer to ship product to
destinations/end users in approved countries
Unless Congress passes legislation mandating changes
to the U.S. crypto export rules in the next
Congressional session, this is the last we should see
in the way of major changes to the regs until this
time next year, at the earliest.
Crypto-Controls Advisory Services is already helping
encryption producers and consumers take advantage of
the new international markets afforded them under the
new rules. Please contact Felice Laird or Scott
Gearity to begin moving your crypto overseas.
Click here for a copy of the new regulation in Adobe
Acrobat format.
Looser U.S. Rules Won't Cool Crypto Debate in 1999
The Industry Standard
U.S. Issues Relaxed Export Limits on Encryption
San Jose Mercury News
U.S. Relaxes Encryption Restrictions
CNN Interactive
sgearity@ibek.com | c 1998
Crypto-Controls Advisory Services
--------------------------------- CUT -------------------------------