As of this writing, U.S. cryptography policy is still evolving, and the particular laws, regulations, and other levers that government uses to influence behavior and policy are under review or are being developed.
Chapter 4 is devoted to the subject of export controls, which dominate industry concerns about national cryptography policy. Many senior executives in the information technology industry perceive these controls as a major limitation on their ability to export products with encryption capabilities. Furthermore, because exports of products with encryption capabilities are governed by the regime applied to technologies associated with munitions, reflecting the importance of cryptography to national security, they are generally subject to more stringent controls than are exports of other computer-related technologies.
Chapter 5 addresses the subject of escrowed encryption. Escrowed encryption is a form of encryption intended to provide strong protection for legitimate uses but also to permit exceptional access by government officials, by corporate employers, or by end users under specified circumstances. Since 1993, the Clinton Administration has aggressively promoted escrowed encryption as a basic pillar of national cryptography policy. Public concerns about escrowed encryption have focused on the possibilitiesforfailure in the mechanisms intended to prevent improper access to encrypted information, leading to losses of confidentiality.
Chapter 6 addresses a variety of other aspects of national cryptography policy and public concerns that these aspects have raised.