The United States maintains export controls on military cryptographic products and technology under the Arms Export Control Act[1] (AECA) and the International Traffic in Arms Regulations[2] (ITAR) and on dual-use cryptographic products and technologies under the Export Administration Act[3] (EAA) and the Export Administration Regulations[4] (EAR). These export controls are coordinated with members of the Wassenaar Arrangement. The United States recently updated its export control regulations governing cryptographic products and technologies[5], in order to reflect changes made to the Wassenaar Arrangement List of Dual Use Goods and Technologies And Munitions List and to clarify other provisions of its policy with respect to cryptographic export controls.

In general, persons who export cryptographic products and technologies must submit them for a one-time technical review by the Bureau of Industry and Security (formerly the Bureau of Export Administration (BXA)) and the National Security Agency (NSA) prior to export. Some exports of cryptographic products and technologies require licenses issued by the Bureau of Industry and Security (BIS). In many cases, post-export reporting BIS and NSA also is required.

Although the recent policy update is welcomed by Industry, the cryptographic export control policy remains complex and still favors some products (particularly open source products) over others (including proprietary source products). Further reform is not a high priority of the U.S. Government, at present. Concerted effort by Industry will be required to achieve further reforms.

II. Background

When George H.W. Bush assumed the Presidency in 1988, the laws and regulations governing the export of cryptographic products and technologies were quite simple. All cryptographic products and technologies were regarded as “munitions”, subject to the jurisdiction of the State Department’s Office of Defense Trade Controls under authority of the AECA and the ITAR. The policies and procedures governing the issuance of export licenses were simple, too. All exports required licenses, and all applications for licenses were denied (unless the customer was either a subsidiary of an American company, or a financial institution).

At the time, diplomats and the military were the primary users of cryptographic products. However, the population of users was beginning to increase and diversify. A number of factors precipitated these trends. The invention of public key cryptography by Diffie and Hellman made it easier to exchange cryptographic keys. The increasing power of personal computers made it feasible for ordinary folk to utilize sophisticated cryptographic algorithms. Software publishers began to implement cryptographic features into their products. As a result, Industry and public interest groups began lobbying the government to relax the onerous export controls on cryptography.

A trend toward the progressive relaxation of export controls on cryptography has proceeded for the last decade and a half. First, products that used cryptography for limited purposes, like access control and authentication, were transferred from the “munitions” control regime to the jurisdiction of the Commerce Department’s Bureau of Export Administration (as it was known at that time), which administers export controls on “dual use” products under authority of the EAA and EAR[6]. Second, products using “weak” encryption for privacy of communications and stored data were transferred from the “munitions” to the “dual use” control regime[7].

Nevertheless, neither the government, nor Industry, nor the public interest groups were entirely satisfied with the state of encryption export controls at the end of the Presidency of George H.W. Bush. The government continued to insist that widespread use of cryptography threatened its ability to conduct electronic surveillance. Despite tacit assurances from the government that the permitted standard for export of “weak” cryptography would increase over time, Industry felt that “weak” cryptography was not likely to be competitive with stronger cryptographic products available from sources outside the United States. Public interest groups were concerned that “big brother” was using the export control laws and regulations to prevent the public at large from protecting themselves against threats to the security of their personal information.

In the early years of the Clinton Administration, the public debate over the export controls on cryptography became increasingly rancorous. The Clinton Administration attempted to reconcile the government’s interest in surveillance with the public’s interest in strong cryptography through a policy known over time as “key escrow” or “key recovery” or “key management”[8]. The basic premise was that the strong cryptographic products should be eligible for export, but only if they incorporated a feature allowing access to the keys required for the government to obtain access to plaintext. The Clinton Administration’s key escrow/recovery/management policy was an abject failure. The market resoundingly rejected products incorporating such key escrow/recovery/management features, and foreign competitors began to displace American companies in the marketplace.

Finally, in January of 2000, the Clinton Administration essentially abandoned its export control policy based on key escrow/recovery/management. It replaced the regime favoring key escrow with a policy supported by three pillars. First, the government would have the opportunity to conduct a technical review of most cryptographic products prior to export. Second, the government would retain the right to license certain types of particularly sensitive exports. Third, the government would receive reports of exports, after the fact[9].

Since January of 2000, the government has modified the export controls on cryptography, twice. In October of 2000, the Clinton Administration created a license-free zone for exports of cryptographic products between and among the fifteen members of the European Union and eight other countries[10]. In June of 2002, the George W. Bush Administration amended the export controls on cryptography to conform to the changed adopted by the Wassenaar Arrangement in December of 2000[11].

Although the export controls on cryptographic products are undoubtedly much more liberal than they have been in the past, they also have become far more complex. This unfortunate complexity, combined with a lack of transparency and still substantial pre-export review and post-export reporting requirements, remain a significant burden on Industry, retarding exports of strong cryptographic products that are essential to protecting the privacy of businesses and consumers. The purpose of this paper is to describe the most recent changes to the export controls on cryptographic products, as well as to suggest further reforms that would reduce the regulatory burden without compromising legitimate national security and foreign policy interests of the United States.

III. Overview

The primary purpose of the recent encryption export control policy update is to implement the changes to the Wassenaar List of Dual-use Products and Technologies. In December of 2000, the members of the Wassenaar Arrangement eliminated the 64 bit limitation on products meeting the requirements of the Cryptography Note. As a result of this change, none of the other members of the Wassenaar Arrangement imposed export controls on “mass market” cryptographic products, regardless of algorithm, key length, or key management features they might implement, after the spring of 2001. In order to avoid unilaterally disadvantaging American companies vis-à-vis their foreign competitors, the Administration of George W. Bush had to publish an implementing regulation in the Federal Register.

A secondary purpose of the recent encryption export control reforms is to update and clarify other provisions of the regulations governing encryption export controls. These changes certainly are welcomed, but they fall short of real simplification. Furthermore, the regulations still express a preference for certain types of software, notably so-called “open source” software, at the expense of proprietary software.

There are several reasons why the George W. Bush Administration’s first attempts to reform the encryption export controls took so long, and are so modest, especially when compared with prior changes. The export controls on cryptography have been reformed to such an extent that, quite frankly, they are no longer the politically charged issue of yore. As a result, the National Security Council under George W. Bush Administration did not take the leadership role that it had during the Clinton Administration. Political appointees at the Bureau of Export Administration focused on other priorities, including attempts to re-new the Export Administration Act, which has lapsed. Finally, the new regulations were nearing publication when the tragedy of September 11, 2001, occurred. There were suggestions that the terrorists had used cryptography to hide evidence of their crimes, and Senator Judd Gregg (R-NH) even suggested that the government should revert to its (failed) key escrow policy[12]. Under the circumstances, a decent interval had to elapse, before it would be politically acceptable to relax the export controls on cryptography.

IV. Wassenaar Cryptography Note

For over a decade, Wassenaar member countries (and their predecessors at COCOM) had recognized the fact that products available through mass market channels simply were not susceptible of effective export controls. However, until December of 2000, the Wassenaar Cryptography Note placed a limitation of 64 bits on products with symmetric algorithms that qualified for decontrol under the note.

Conforming U.S. regulations to the Wassenaar changes, mass market products today are classified under Export Control Classification Number (ECCN) 5A992 and 5D992, after a one time review by BIS and NSA, and are eligible for export to most destinations under No License Required (NLR). In addition, such products are exempt from the post-export reporting requirements and are automatically eligible for consideration under the de minimis provisions of the EAR.

Despite this important change, the basic structure of the cryptographic export controls remains essentially intact. There are some clarifications and updates to the technical review, licensing and reporting requirements, but they are modest.

V. Technical Review Requirement

BIS and NSA still conduct a technical review of most cryptographic products, prior to their initial export from the United States. However, the mechanism for administering this review, and the scope of products requiring review, have changed.

A. Technical Review Mechanism

BIS no longer conducts technical reviews under the Commodity Classification Request procedure. The information that exporters must supply to BIS and NSA has not changed, however. The reason for this change is that legislation to re-new the Export Administration Act currently pending before the Congress contains a provision that would allow other agencies, in addition to BIS and NSA, to review Commodity Classification Requests[13]. Neither the George W. Bush Administration nor the public perceive benefit in having other agencies, notably the Defense, Energy, Justice and State Departments, involved in the technical review of cryptographic products. Therefore, the technical review of cryptographic products was removed from the Commodity Classification Request procedure.

In addition, exporters should be aware of three other initiatives that will change the way that they file technical review requests. The SNAP electronic filing system will be modified to reflect the new technical review procedure. The SNAP system also will become mandatory for all filings. In addition, the SNAP system will be upgraded to allow electronic submission of supporting documents.

One might hope that these changes to the technical review mechanism would expedite the processing of new applications. In 2001, exporters filed approximately 1,900 Commodity Classification Requests, of which approximately 1,300 were for products classified under ECCN 5A002 and 5D002 (approximately 81% of which received the most favorable “retail” treatment). An additional 600 applications were filed for products classified under 5A992 and 5D992. The average processing time was 56 days in 2001[14].

B. New Eligibility for Technical Review

BIS has created a new class of products that are eligible for export after the required technical review for cryptographic test equipment classified under ECCN 5B002. Note, however, that this new eligibility does not extend to cryptanalytic equipment, which remains subject to licensing requirements to all destinations[15].

C. New Exemption from Technical Review

BIS has created a new exemption from the technical review requirement, for products implementing the WiFi wireless encryption standard (also known as IEEE 802.11b). The purpose of this change is to create a level playing field for various wireless encryption products. Prior to this change, only products implementing Bluetooth and HomeRF standards, but not 802.11b, were exempt from the technical review[16].

VI. Export Licensing Requirement

The export licensing requirements for cryptographic products have been modified in several minor respects.

In 2001, the Commerce Department received approximately 200 applications for export licenses. It approved all of these applications, except for 36 that were returned without action (either because the application was unnecessary or was deficient in some respect) and one that was denied. One quarter of these applications authorized exports of technology outside the United States. One quarter of these applications were for Encryption Licensing Arrangements. The remaining half of these applications were for licenses authorizing exports to a specific end-user[17].

BXA did not receive any applications requesting authorization for a service provider to offer cryptographic services to government end-users. This requirement has been eliminated, which should represent a reduction in regulatory burden for suppliers of network infrastructure equipment and software[18].

VII. Post-Export Reporting Requirement

Industry had recommended a number of significant reductions in the post-export reporting requirements. Unfortunately, many of these recommendations have not been implemented. However, there are two important new relaxations of reporting requirements.

A. No Reporting for Mass Market Software

One important secondary benefit of implementing the Wassenaar changes of December 2000, is that exporters no longer have to report transfers of mass market software, regardless of cryptographic strength.

B. No Reporting for Community Source Software

BIS has removed the requirement for post-export reporting of “community” source code (i.e., source code that is available to the public free of charge for non-commercial use but requires payment of fees for commercial use). Community source now is eligible for export on the same terms as “open” source[19].

VIII. Other Clarifications

There are several other clarifications to the export controls on cryptography that are worthy of note.

A. Products Qualifying as “Retail”

BIS has clarified and expanded the list of products that qualify as “retail” encryption items. Please note that network infrastructure products are still not eligible for “retail” treatment[20]. The list of examples of “retail” items now includes the following:

(i) Retail eligibility criteria. Retail encryption commodities and software are products and components:

(A) Generally available to the public by means of any of the following:

(1) Are sold in tangible form through retail outlets independent of the manufacturer;

(2) Are specially designed for individual consumer use; or

(3 ) Are sold or will be sold in large volume, without restriction, through mail order transactions, electronic transactions, or telephone call transactions; and

(B) Meeting all of the following:

(1) The cryptographic functionality cannot be easily changed by the user;

(2) Substantial support is not required for installation and use; and

(3) The cryptographic functionality has not been modified or customized to customer specification.

(ii) Additional types of retail encryption products. The following products will also be considered to be retail encryption products:

(A) Encryption commodities and software (including key management products) with key lengths not exceeding 64 bits for symmetric algorithms, 1024 bits for asymmetric key exchange algorithms, and 160 bits for elliptic curve algorithms. (You may immediately export or reexport such encryption commodities and software as retail items upon submitting a completed review request to BIS and the ENC Encryption Request Coordinator, in accordance with the requirements described in paragraph (d) of this section);

(B) Encryption products and network-based applications that provide equivalent functionality to other mass market or retail encryption commodities and software (refer to the Cryptography Note (Note 3) to part II of Category 5 of the CCL for the definition of mass market encryption commodities and software);

(C) Encryption products that are limited to allowing foreign-developed cryptographic products to operate with U.S. products (e.g. signing). No review of the foreign-developed cryptography is required;

(D) Encryption commodities and software that activate or enable cryptographic functionality in retail encryption products which would otherwise remain disabled.

(iii) Examples of eligible retail encryption products: Subject to the retail eligibility criteria in paragraph (b)(3)(i) of this section, retail encryption items include, but are not limited to, the following:

(A) General purpose operating systems that do not qualify as mass market;

(B) Non-programmable encryption chips, and chips that are constrained by design for retail products;

(C) Retail networking products, such as low-end routers, firewalls, and virtual private networking (VPN) equipment designed for small office or home use;

(D) Desktop applications (e.g. e-mail, browsers, games, word processing, database, financial applications or utilities) that do not qualify as mass market;

(E) Programmable database management systems and associated application servers;

(F) Low-end servers and application-specific servers (including client-server applications, e.g. Secure Socket Layer (SSL)-based web applications and applets, servers, and portals);

(G) Network and security management products designed for, bundled with, or pre-loaded on single CPU computers, low-end servers or retail networking products; and

(H) Short-range wireless components and software that do not qualify as mass market. Products that would be controlled under ECCN 5A002 or 5D002, only because they incorporate components or software which provide short-range wireless encryption functions, may be exported or reexported under the retail provisions of License Exception ENC, without review or reporting.

The most important changes are to the treatment of certain networking products, the use of encryption for network management, and components for wireless encryption products

1. Certain Networking Products

Although network infrastructure products are not eligible for retail treatment, BIS has issued a clarification with respect to network equipment designed for “small office or home office use” that may qualify as retail. In the past, the government had used an informal three part test, designating as retail items that had a line speed not exceeding 2.1 Mbps, encrypted throughput not exceeding 5 Mbps, or supporting no more than 100 concurrent encrypted tunnels. Now, the line speed no longer is regarded as a limiting characteristic; the encrypted throughput has doubled to 10 Mbps, and the 100 concurrent tunnel limitation remains unchanged[21].

2. Certain Network Management Products

BIS has added a new example of retail products, including those that provide network and security management for single CPU computers, low-end servers and retail networking products. This would include, for example, an implementation of the Secure Shell protocol for network management[22].

3. Short Range Wireless Products

Short range wireless products, such as encryption chips designed for retail wireless products with ranges typically not exceeding 100 meters, would qualify as retail. This category would include chips that implement the popular Bluetooth, HomeRF and Wi-Fi standards[23].

B. Products Qualifying as “Mass Market”

Note that the definition of “mass market” is essentially identical to the definition of “retail eligibility criteria” set forth above. However, BIS intends that products qualifying as “mass market” will be a sub-set of those which qualify as “retail”. Examples of mass market products include the following:

mass market encryption products include, but are not limited to, general purpose operating systems and desktop applications (e.g. e-mail, browsers, games, word processing, database, financial applications or utilities) designed for, bundled with, or pre-loaded on single CPU computers, laptops, or hand-held devices;

commodities, software, and components for client Internet appliances and client wireless LAN devices; home use networking commodities and software (e.g. personal firewalls, cable modems for personal computers, and consumer set top boxes);

portable or mobile civil telecommunications commodities and software (e.g. personal data assistants (PDAs), radios, or cellular products); and

commodities and software exported via free or anonymous downloads[24].

Note that the list of products that may qualify as mass market is a subset of those which may qualify as retail, because the “equivalent functionality” test for retail does not have an equivalent under the mass market definition.

C. Products with “Dormant” Crypto

For several years, Commodity Classifications have been issued confirming that products with “dormant” encryption are classified under ECCNs 5A992 and 5D992. In the new encryption policy update, BIS has incorporated this informal policy into the regulations. Only the software or authorization code that “activates” the “dormant” encryption is controlled under 5A002 or 5D002[25].

D. Finance Specific Products

In the past, some finance specific products have been given “retail” treatment, including products implementing highly formatted fields as specified in the Secure Electronic Transactions protocol, whereas other finance specific products, like Automated Teller Machines, have been exempt from review. The new policy specifically exempts all encryption products that are “finance specific”. Note, however, that this definition does not include products that may have end-uses related to financial operations (e.g., supply chain management) but that are not limited by design to financial transactions.

IX. Conclusion

There are a number of areas where further reform of the encryption export controls is highly desirable, from Industry’s perspective. Real simplification is one example. Leveling the playing field between open source (open crypto APIs permitted) and proprietary source (open crypto APIs restricted) is another. Clarifying the gray area between network infrastructure products (excluded from retail) and small office/home office products (eligible for retail) is a third. However, further reform currently is not at the forefront of the George W. Bush Administration’s agenda. Industry will have to develop proposals that have market justification and do not unnecessarily impair the national security and foreign policy interests of the United States, in order to achieve further reform of the encryption export controls.