Deciphering Cryptography Policy
Dam, Kenneth W., Lin, Herbert S., Issues in Science and Technology
In "National Cryptography Policy for the Information Age" (Issues, Summer 1996), we argued that then-current federal efforts to control encryption technologies were damaging to information security. Based on the National Research Council (NRC) report Cryptography's Role in Securing the Information Society (NAP, 1996), we said that the U.S. government should relax - not eliminate - export controls on encryption and that it should experiment with key-recovery encryption rather than promoting it aggressively to the private sector at this time. We also emphasized the need to rely more on market forces in any new policy.
Since then, U.S. national cryptography policy has changed in a number of ways. The administration shifted export jurisdiction over cryptography from the State Department to the Commerce Department. It also temporarily relaxed controls over encryption products involving the Data Encryption Standard (DES), a 56-bit encryption algorithm, but it has clearly not abandoned its push for key-recovery encryption. Vendors can export DES products only if they submit a business plan promising to develop and market key-recovery encryption products by January 1, 1999, after which date only key-recovery products will be approved for export. …