Page 113

4 Export Controls

Export controls on cryptography and related technical data have been a pillar of national cryptography policy for many years. Increasingly, they have generated controversy because they pit the needs of national security to conduct signals intelligence against the information security needs of legitimate U.S. businesses and the markets of U.S. manufacturers whose products might meet these needs. Chapter 4 describes the current state of export controls on cryptography and issues that these controls raise, including their effectiveness in achieving their stated objectives; negative effects that the export control regime has on U.S. businesses and U.S. vendors of information technology that must be weighed against the positive effects of reducing the use of cryptography abroad; the mismatch between vendor and government perceptions of export controls; and various other aspects of the export control process as it is experienced by those subject to it.

4.1 BRIEF DESCRIPTION OF CURRENT EXPORT CONTROLS

Many advanced industrialized nations maintain controls on exports of cryptography, including the United States. The discussion below focuses on U.S. export controls; Appendix G addresses foreign export control regimes on cryptography.

4.1.1 The Rationale for Export Controls

On the basis of discussion with senior government officials and its own deliberations, the committee believes that the current U.S. export



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 113
Page 113 4 Export Controls Export controls on cryptography and related technical data have been a pillar of national cryptography policy for many years. Increasingly, they have generated controversy because they pit the needs of national security to conduct signals intelligence against the information security needs of legitimate U.S. businesses and the markets of U.S. manufacturers whose products might meet these needs. Chapter 4 describes the current state of export controls on cryptography and issues that these controls raise, including their effectiveness in achieving their stated objectives; negative effects that the export control regime has on U.S. businesses and U.S. vendors of information technology that must be weighed against the positive effects of reducing the use of cryptography abroad; the mismatch between vendor and government perceptions of export controls; and various other aspects of the export control process as it is experienced by those subject to it. 4.1 BRIEF DESCRIPTION OF CURRENT EXPORT CONTROLS Many advanced industrialized nations maintain controls on exports of cryptography, including the United States. The discussion below focuses on U.S. export controls; Appendix G addresses foreign export control regimes on cryptography. 4.1.1 The Rationale for Export Controls On the basis of discussion with senior government officials and its own deliberations, the committee believes that the current U.S. export

OCR for page 113
Page 114 control regime on products with encryption capabilities for confidentiality is intended to serve two primary purposes: • To delay the spread of strong cryptographic capabilities and the use of those capabilities throughout the world. Senior intelligence officials recognize that in the long run, the ability of intelligence agencies to engage in signals intelligence will inevitably diminish due to a variety of technological trends, including the greater use of cryptography.1 • To give the U.S. government a tool for monitoring and influencing the commercial development of cryptography.  Since any U.S. vendor that wishes to export a product with encryption capabilities for confidentiality must approach the U.S. government for permission to do so, the export license approval process is an opportunity for the U.S. government to learn in detail about the capabilities of such products. Moreover, the results of the license approval process have influenced the cryptography that is available on the international market. 4.1.2 General Description2 Authority to regulate imports and exports of products with cryptographic capabilities to and from the United States derives from two items of legislation: the Arms Export Control Act (AECA) of 1949 (intended to regulate munitions) and the Export Administration Act (EAA; intended to regulate so-called dual-use products3). The AECA is the legislative basis for the International Traffic in Arms Regulations (ITAR), in which the U.S. Munitions List (USML) is defined and specified. Items on the USML are regarded for purposes of import and export as munitions, and the ITAR are administered by the Department of State. The EAA is the legislative basis for the Export Administration Regulations (EAR), which 1 Although the committee came to this conclusion on its own, it is consistent with that of the Office of Technology Assessment, Information Security and Privacy in Network Environments, U.S. Government Printing Office, Washington, D.C., September 1994. 2 Two references that provide detailed descriptions of the U.S. export control regime for products with encryption capability are a memorandum by Fred Greguras of the law firm Fenwick & West (Palo Alto, Calif.), dated March 6, 1995, and titled ''Update on Current Status of U.S. Export Administration Regulations on Software" (available at http://www. batnet.com:80/oikoumene/SftwareEU.html), and a paper by Ira Rubinstein, "Export Controls on Encryption Software," in Coping with U.S. Export Controls 1994, Commercial Law & Practice Course Handbook Series No. A-733, Practicing Law Institute, October 18, 1995. The Greguras memorandum focuses primarily on the requirements of products controlled by the Commerce Control List, while the Rubinstein paper focuses primarily on how to move a product from the Munitions List to the Commerce Control List. 3 A dual-use item is one that has both military and civilian applications.

OCR for page 113
Page 115 define dual-use items on a list known as the Commerce Control List (CCL);4 the EAR are administered by the Department of Commerce. The EAA lapsed in 1994 but has been continued under executive order since that time. Both the AECA and the EAA specify sanctions that can be applied in the event that recipients of goods exported from the United States fail to comply with all relevant requirements, such as agreements to refrain from reexport (Box 4.1). At present, products with encryption capabilities can be imported into the United States without restriction, although the President does have statutory authority to regulate such imports if appropriate. Exports are a different matter. Any export of an item covered by the USML requires a specific affirmative decision by the State Department's Office of Defense Trade Controls, a process that can be time-consuming and cumbersome from the perspective of the vendor and prospective foreign purchaser. The ITAR regulate and control exports of all "cryptographic systems, equipment, assemblies, modules, integrated circuits, components or software with the capability of maintaining secrecy or confidentiality of information or information systems"; in addition, they regulate information about cryptography but not implemented in a product in a category known as "technical data."5 Until 1983, USML controls were maintained on all cryptography products. However, since that time, a number of relaxations in these controls have been implemented (Box 4.2), although many critics contend that such relaxation has lagged significantly behind the evolving marketplace. Today, the ITAR provide a number of certain categorical exemptions that allow for products in those categories to be regulated as dual-use items and controlled exclusively by the CCL. For products that do not fall into these categories and for which there is some question about whether it is the USML or the CCL that governs their export, the ITAR also provide for a procedure known as commodity jurisdiction,6 under which potential exporters can obtain judgments from the State Department about which list governs a specific product. A product granted commodity jurisdiction to the CCL falls under the control of the EAR and the Department of Commerce. Note that commodity jurisdiction to the CCL is generally granted for products with encryption capabilities using 40-bit keys regardless of the algorithm used, although these decisions are made on a 4 The CCL is also commonly known as the Commodity Control List. 5 However, encryption products intended for domestic Canadian use in general do not require export licenses. 6 Commodity jurisdiction is also often known by its acronym, CJ.

OCR for page 113
Page 116 BOX 4.1 Enforcing Compliance with End-Use Agreements In general, a U.S. Munitions List (USML) license is granted to a U.S. exporter for the shipping of a product, technical data, or service covered by the USML to a particular foreign recipient for a set of specified end uses and subject to a number of conditions (e.g., restrictions on reexport to another nation, nontransfer to a third party). The full range of ITAR sanctions is available against the U.S. exporter and the foreign recipient outside the United States. The ITAR specify that as a condition of receiving a USML license, the U.S. exporter must include in the contract with the foreign recipient language that binds the recipient to abide by all appropriate end-use restrictions. Furthermore, the U.S. exporter that does not take reasonable steps to enforce the contract is subject to ITAR criminal and civil sanctions. But how can end-use restrictions be enforced for a foreign recipient? A number of sanctions are available to enforce the compliance of foreign recipients of USML items exported from the United States. The primary sanctions available are the criminal and civil liabilities established by the Arms Export Contril Act (AECA); the foreign recipient can face civil and/or criminal charges in U.S. federal courts for violating the AECA. Although different U.S. courts have diferent views on extraterritoriality claims asserted for U.S. law, a criminal conviction or a successful civil lawsuit could result in the imposition of criminal penalties on individuals involved and/or seizure of any U.S. assets of the foreign recipient. (When there are no U.S. assets, recovering fines or damages can be highly problematic, although some international agreements and treaties provide for cooperation in such cases.) Whether an individual could be forced to return to the United States for incarceration would depend on the existence of an appropriate extradition treaty between the United States and the foreign nation to whose jurisdiction the individual is subject. A second avenue of enforcement is that the foreign recipient found to be in violation can be denied all further exports from the United States. In addition, the foreign violator can be denied permission to compete for contracts with the U.S. government. From time to time, proposals are made to apply sanctions against violators that would deny privileges for them to export products to the United States, though such proposals often create political controversy.  A third mechanism of enforcement may proceed through diplomatic channels. Depending on the nation to whose jurisdiction the foreign recipient is subject, the U.S. government may well approach the government of that nation to seek its assistance in persuading or forcing the recipient to abide by the relevant end-use restrictions. A fourth mechanism of enforcement is the sales contract between the U.S. exporter and the foreign recipient, which provides a mechanism for civil action against the forein recipient. A foreign buyer who violates the end-use restrictions is in breach of contract with the U.S. exporter, who may then sue for damages incurred by the U.S. company. Depending on the language of the contract, the suit may be carried out in U.S. or foreign courts; alternatively, the firms may submit to binding arbitration. The operation of these enforcement mechanisms can be cumbersome, uncertain, and slow. But they exist, and they are used. Thus, while some analysts believe that they do not provide sufficient protection for U.S. national security Interests, others defend them as a reasonable but not perfect attempt at defending those interests.

OCR for page 113
Page 117 BOX 4.2 Licensing Relaxations on Cryptography: A Short History Prior to 1983, all cryptography exports required individual licenses from the State Department. Since then, a number of changes have been proposed and mostly implemented. Year     Change 1983     Distribution licenses established allowing exports to multiple users under a single license 1987     Nonconfidentiality products moved to Department of Commerce (DOC) on a case-by-case basis 1990     International Traffic in Arms Regulations amended—all nonconfidentiality products under DOC jurisdiction 1990     Mass-market general-purpose software with encryption for confidentiality moved to DOC on case-by-case basis 1992     Software Publishers Association agreement providing for 40-bit RC2/RC4based products under DOC jurisdiction 1993     Mass-market hardware products with encryption capabilities moved to DOC on case-by-case basis 1994     Reforms to expedite license processing at Department of State 1995     Proposal to move to DOC software products with 64-bit cryptography for confidentiality with "properly escrowed" keys 1996     "Personal use" exemption finalized SOURCE: National Security Agency. product-by-product basis. In addition, when a case-by-case export licensing decision results in CCL jurisdiction for a software product, it is usually only the object code, which cannot be modified easily, that is transferred; the source code of the product (embedding the identical functionality but more easily modified) generally remains on the USML. As described in Box 4.3, key differences between the USML and the CCL have the effect that items on the CCL enjoy more liberal export consideration than items on the USML. (This report uses the term "liberal export consideration" to mean treatment under the CCL.) Most importantly, a product controlled by the CCL is reviewed only once by the U.S. government, thus drastically simplifying the marketing and sale of the product overseas. The most important of these explicit categorical exemptions to the USML for cryptography are described in Box 4.4. In addition, the current export control regime provides for an individual case-by-case review of USML licensing applications for products that do not fall under the jurisdiction of the CCL. Under current practice, USML licenses to acquire and

OCR for page 113
Page 118 BOX 4.3 Important Differences Between the U.S. Munitions List and the Commerce Control List For Items on U.S. Munitions List (USML) For Items on Commerce Control List (CCL) Department of State has broad leeway to take national security considerations into account in licensing decisions; indeed, national security and foreign policy considerations are the driving force behind the Arms Export Control Act Department of Commerce may limit exports only to the extent that they would make "a significant contribution to the military potential of any other country which would prove detrimental to the national security of the United States" or "where necessary to further significantly the foreign policy of the United States." The history of the Export Administration Act strongly suggests that its national security purpose is to deny dual-use items to countries of Communist Bloc nations, nations of concern with respect to proliferation of weapons of mass destruction, and other rogue nations. Items are included on the USML if the item is "inherently military in character"; the end use is irrelevant in such a determination. Broad categories of product are included. Performance parameters rather than broad categories define included items. Decisions about export can take as long as necessary. Decisions about export must be completed within 120 days. Export licenses can be denied on very general grounds (e.g., the export would be against the U.S. national interest). Export licenses can be denied only on very specific grounds (e.g, high likelihood of diversion to proscribed nations).

OCR for page 113
Page 119 Individually validated licenses are generally required, although distribution and bulk licenses are possible .1 General licenses are often issued, although general licenses do not convey blanket authority for export.2 Prior government approval is needed for export. Prior government approval is generally not needed for export. Licensing decisions are not subject to judicial review. Licensing decisions are subject to judicial review by a federal judge or an administrative law judge. Foreign availability may or may not be a consideration in granting a license at the discretion of the State Department. Foreign availability of items that are substantially equivalent is, by law, a consideration in a licensing decision. Items included on the USML are not subject to periodic review. Items included on the CCL must be reviewed periodically. A Shipper's Export Declaration (SED) is required in all instances. A SED may be required, unless exemption from the requirement is granted under the Export Administration Regulations. 1 Bulk licenses authorize multiple shipments without requiring individual approval. Distribution licenses authorize multiple shipments to a foreign distributor. In each case, record-keeping requirements are imposed on the vendor. In practice, a distribution license shifts the burden of export restrictions from vendor to distributor. Under a distribution license, enforcement of restrictions on end use and on destination nations and post-shipment record-keeping requirements are the responsibility of the distributor; vendors need not seek an individual license for each specific shipment. 2 Even if an item is controlled by the CCL, U.S. exporters are not allowed to ship such an item if the exporter knows that it will be used directly in the production of weapons of mass destruction or ballistic missiles by a certain group of nations. Moreover, U.S. exports from the CCL are prohibited entirely to companies and individuals on a list of "Specially Designated Nationals" designated as agents of Cuba, Libya, Iraq, North Korea, or Yugoslavia or to a list of companies and individuals on the Bureau of Export Administration's Table of Denial Orders (including some located in the United States and Europe).

OCR for page 113
Page 120 BOX 4.4 Categorical Exemptions on the USML for Products Incorporating Cryptography and Informal Practices Governing Licensing Categorical Exemptions The International Traffic in Arms Regulations (ITAR) provide for a number of categorical exemptions, including: • Mass-market software products that use 40-bit key lengths with the RC2 or RC4 algorithm for confidentiality.1 • Products with encryption capabilities for confidentiality (of any strength) that are specifically intended for use only in banking or money transactions. Products in this category may have encryption of arbitrary strength. • Products that are limited in cryptographic functionality to providing capabilities for user authentication, access control, and data integrity. Products in these categories are automatically granted commodity jurisdiction to the Commerce Control List (CCL). Informal Noncodified Exemptions The current export control regime provides for an individual case-by-case review of U.S. Munitions List (USML) licensing applications for products that do not fall under the jurisdiction of the CCL. Under current practice, certain categories of firms will generally be granted a USML license through the individual review process to acquire and export for their own use products with encryption capabilities stronger than that provided by 40-bit RC2/RC4 encryption.2 • A U.S.-controlled firm (i.e., a U.S. firm operating abroad, a U.S.-controlled foreign firm, or a foreign subsidiary of a U.S. firm); • Banks and financial institutions (including stock brokerages and insurance companies), whether U.S.-controlled or -owned or foreign-owned, if the products involved are intended for use in internal communications and communications with other banks even if these communications are not limited strictly to banking or money transactions. 1 The RC2 and RC4 algorithms are symmetric-key encryption algorithms developed by RSA Data Security Inc. (RSADSI). They are both proprietary algorithms, and manufacturers of products using these algorithms must enter into a licensing arrangement with RSADSI. RC2 and RC4 are also trademarks owned by RSADSI, although both algorithms have appeared on the Internet. A product with capabilities for confidentiality will be automatically granted commodity jurisdiction to the CCL if it meets a certain set of requirements, the most important of which are the following:  a. The software includes encryption for data confidentiality and uses the RC4 and/or RC2 algorithms with a key space of 40 bits. b. If both RC4 and RC2 are used in the same software, their functionality must be separate; that is, no data can be operated on by both routines. c. The software must not allow the alteration of the data encryption mechanism and its associated key spaces by the user or by any other program.

OCR for page 113
Page 121 d. The key exchange used in the data encryption must be based on either a public-key algorithm with a key space less than or equal to a 512-bit modulus and/or a symmetrical algorithm with a key space less than or equal to 64 bits. e. The software must not allow the alteration of the key management mechanism and its associated key space by the user or any other program. To ensure that the software has properly implemented the approved encryption algorithm(s), the State Department requires that the product pass a "vector test," in which the vendor receives test data (the vector) and a random key from the State Department, encrypts the vector with the product using the key provided, and returns the result to the State Department; if the product-computed result is identical to the known correct answer, the product automatically qualifies for jurisdiction under the CCL. Note that the specific technical requirements described in this footnote are not contained in the Federal Register; rather, they were described in a State Department document, any change in which is not subject to an official procedure for public comment. (These conditions were first published in "Defense Trade News," Volume 3(4), October 1992, pp. 11-15. "Defense Trade News" is a newsletter published by the Office of Defense Trade Controls at the Department of State.) 2 See Footnote 7 in the main text of this chapter. export for internal use products with encryption capabilities stronger than that provided by 40-bit RC2/RC4 encryption (hereafter in this chapter called "strong encryption"7) are generally granted to U.S.-controlled firms (i.e., U.S. firms operating abroad, U.S.-controlled foreign firms, or foreign subsidiaries of a U.S. firm). In addition, banks and financial institutions (including stock brokerages and insurance companies), whether U.S.-controlled or -owned or foreign-owned, are generally granted USML licenses for strong encryption for use in internal communications and communications with other banks even if these communications are not limited strictly to banking or money transactions. In September 1994, the Administration promulgated regulations that provided for U.S. vendors to distribute approved products with encryption capabilities for confidentiality directly from the United States to foreign customers without using a foreign distributor and without prior 7 How much stronger than 40-bit RC2/RC4 is unspecified. Products incorporating the 56bit DES algorithm are often approved for these informal exemptions, and at times even products using larger key sizes have been approved. But the key size is not unlimited, as may be the case under the explicit categorical exemptions specified in the ITAR.

OCR for page 113
Page 122 State Department approval for each export.8 It also announced plans to finalize a "personal use exemption" to allow license-free temporary exports of products with encryption capabilities when intended for personal use; a final rule on the personal use exemption was announced in early 1996 and is discussed below in Section 4.3.2. Lastly, it announced a number of actions intended to streamline the export control process to provide more rapid turnaround for certain "preapproved" products. In August 1995, the Administration announced a proposal to liberalize export controls on software products with encryption capabilities for confidentiality that use algorithms with a key space of 64 or fewer bits, provided that the key(s) required to decrypt messages and files are "properly escrowed"; such products would be transferred to the CCL. However, since an understanding of this proposal requires some background in escrowed encryption, discussion of it is deferred to Chapter 5. 4.1.3 Discussion of Current Licensing Practices Categorical Exemptions The categorical exemptions described in Box 4.4 raise a number of issues: • In the case of the 40-bit limitation, the committee was unable to find a specific analytical basis for this figure. Most likely, it was the result of a set of compromises that were politically driven by all of the parties involved.9 However, whatever the basis for this key size, recent success- 8 Prior to this rule, almost every encryption export required an individual license. Only those exports covered by a distribution arrangement could be shipped without an individual license. This distribution arrangement required a U.S. vendor of products with cryptographic capabilities to export to a foreign distributor that could then resell them to multiple end users. The distribution arrangement had to be approved by the State Department and included some specific language. Under the new rule, a U.S. vendor without a foreign distributor can essentially act as his own distributor, and avoid having to obtain a separate license for each sale. Exporters are required to submit a proposed arrangement identifying, among other things, specific items to be shipped, proposed end users and end use, and countries to which the items are destined. Upon approval of the arrangement, exporters are permitted to ship the specified products directly to end users in the approved countries based on a single license. See Bureau of Political-Military Affairs, Department of State, "Amendment to the International Traffic in Arms Regulations," Federal Register, September 2, 1994. 9 It is worth noting a common argument among many nongovernment observers that any level of encryption that qualifies for export (e.g., that qualifies for control by the CCL, or that is granted an export license under the USML) must be easily defeatable by NSA, or else

OCR for page 113
Page 123 ful demonstrations of the ability to undertake brute-force cryptanalysis on messages encrypted with a 40-bit key (Box 4.5) have led to a widespread perception that such key sizes are inadequate for meaningful information security. • In the case of products intended for use only in banking or money transactions, the exemption results from the recognition by national security authorities that the integrity of the world's financial system is worth protecting with high levels of cryptographic security. Given the primacy of the U.S. banking community in international financial markets, such a conclusion makes eminent sense. Furthermore, at the time this exemption was promulgated, the financial community was the primary customer for products with encryption capabilities. This rationale for protecting banking and money transactions naturally calls attention to the possibilities inherent in a world of electronic commerce, in which routine communications will be increasingly likely to include information related to financial transactions. Banks (and retail shops, manufacturers, suppliers, end customers, and so on) will engage in such communications across national borders. In a future world of electronic commerce, connections among nonfinancial institutions may become as important as the banking networks are today. At least one vendor has been granted authority to use strong encryption in software intended for export that would support international electronic commerce (though under the terms of the license, strong encryption applies only to a small portion of the transaction message).10 • In the case of products useful only for user authentication, access control, and data integrity, the exemption resulted from a judgment that the benefits of more easily available technology for these purposes outweigh whatever costs there might be to such availability. Thus, in principle, these nonconfidentiality products from U.S. vendors should be available overseas without significant restriction. In practice, however, this is not entirely the case. Export restrictions on confidentiality have some "spillover" effects that reduce somewhat NSA would not allow it to leave the country. The subtext of this argument is that such a level of encryption is per force inadequate. Of course, taken to its logical conclusion, this argument renders impossible any agreement between national security authorities and vendors and users regarding acceptable levels of encryption for export. 10 "Export Approved for Software to Aid Commerce on Internet," New York Times, May 8, 1995, p. D7.

OCR for page 113
Page 156 digital cellular voice communications.  Further, as the example of Microsoft vis-à-vis IBM in the 1980s demonstrated, industry dominance once lost is quite difficult to recover in rapidly changing fields. The development of foreign competitors in the information technology industry could have a number of disadvantageous consequences from the standpoint of U.S. national security interests: • Foreign vendors, by assumption, will be more responsive to their own national governments than to the U.S. government. To the extent that foreign governments pursue objectives involving cryptography that are different from those of the United States, U.S. interests may be adversely affected. Specifically, foreign vendors could be influenced by their governments to offer for sale to U.S. firms products with weak or poorly implemented cryptography. If these vendors were to gain significant market share, the information security of U.S. firms could be adversely affected. Furthermore, the United States is likely to have less influence and control over shipments of products with encryption capabilities between foreign nations than it has over similar U.S. products that might be shipped abroad; indeed, many foreign nations are perfectly willing to ship products (e.g., missile parts, nuclear reactor technology) to certain nations in contravention to U.S. or even their own interests. In the long run, the United States may have even less control over the products with encryption capabilities that wind up on the market than it would have if it promulgated a more moderate export control regime. • Detailed information about the workings of foreign products with encryption capabilities is much less likely to be available to the U.S. government than comparable information about similar U.S. products that are exported. Indeed, as part of the export control administration process, U.S. products with encryption capabilities intended for export are examined thoroughly by the U.S. government; as a result, large amounts of information about U.S. products with encryption capabilities are available to it.53 Export controls on cryptography are not the only factor influencing the future position of U.S. information technology vendors in the world market. Yet, the committee believes that these controls do pose a risk to their future position that cannot be ignored, and that relaxation of controls will help to ensure that U.S. vendors are able to compete with foreign vendors on a more equal footing. 53 For example, U.S. vendors are more likely than foreign vendors to reveal the source code of a program to the U.S. government (for purposes of obtaining export licenses). While it is true that the object code of a software product can be decompiled, decompiled object code is always much more difficult to understand than the original source code that corresponds to it.

OCR for page 113
Page 157 4.5 THE MISMATCH BETWEEN THE PERCEPTIONS OF GOVERNMENT/NATIONAL SECURITY AND THOSE OF VENDORS As the committee proceeded in its study, it observed what can only be called a disconnect between the perceptions of the national security authorities that administer the export control regulations on cryptography and the vendors that are affected by it. This disconnect was apparent in a number of areas: • National security authorities asserted that export controls did not injure the interests of U.S. vendors in the foreign sales of products with encryption capabilities. U.S. vendors asserted that export controls had a significant negative effect on their foreign sales. • National security authorities asserted that nearly all export license applications for a product with encryption capabilities are approved. Vendors told the committee that they refrained from submitting products for approval because they had been told on the basis of preliminary discussions that their products would not be approved for export. • National security authorities presented data showing that the turnaround time for license decisions had been dramatically shortened (to a matter of days or a few weeks at most). Vendors noted that these data took into account only the time from the date of formal submission of an application to the date of decision, and did not take into account the much greater length of time required to negotiate product changes that would be necessary to receive approval. (See Section 4.3.2 for more discussion.) • National security authorities asserted that they wished to promote good information security for U.S. companies, pointing out the current practice described in Section 4.1.2 that presumes the granting of USML licenses for stronger cryptography to U.S.-controlled companies and banking and financial institutions. Vendors pointed to actions taken by these authorities to weaken the cryptographic security available for use abroad, even in business ventures in which U.S. firms had substantial interests. Potential users often told the committee that even under presumptive approval, licenses were not forthcoming, and that for practical purposes, these noncodified categories were not useful. • National security authorities asserted that they took into account foreign competition and the supply of products with encryption capabilities when making decisions on export licenses for U.S. products with encryption capabilities. Vendors repeatedly pointed to a substantial supply of foreign products with encryption capabilities. • National security authorities asserted that they wished to maintain the worldwide strength and position of the U.S. information technology industry. Vendors argued that when they are prevented from exploiting

OCR for page 113
Page 158 their strengths—such as being the first to develop integrated products with strong encryption capabilities—their advantages are in fact being eroded. The committee believes that to some extent these differences can be explained as the result of rhetoric by parties intending to score points in a political debate. But the differences are not merely superficial; they reflect significantly different institutional perspectives. For example, when national security authorities "take into account foreign supplies of cryptography," they focus naturally on what is available at the time the decision is being made. On the other hand, vendors are naturally concerned about incorporating features that will give their products a competitive edge, even if no exactly comparable foreign products with cryptography are available at the moment. Thus, different parties focus on different areas of concern—national security authorities on the capabilities available today, and vendors on the capabilities that might well be available tomorrow. NSA perceptions of vendors and users of cryptography may well be clouded by an unwillingness to speak publicly about the full extent of vendor and user unhappiness with the current state of affairs. National security authorities asserted that their working relationships with vendors of products with encryption capabilities are relatively harmonious. Vendors contended that since they are effectively at the mercy of the export control regulators, they have considerable incentive to suppress any public expression of dissatisfaction with the current process. A lack (or small degree) of vendor outcry against the cryptography export control regime cannot be taken as vendor support for it. More specifically, the committee received input from a number of private firms on the explicit condition of confidentiality. For example: • Companies with interests in cryptography affected by export control were reluctant to express fully their dissatisfaction with the current rules governing export of products with encryption capabilities or how these rules were actually implemented in practice. They were concerned that any explicit connection between critical comments and their company might result in unfavorable treatment of a future application for an export license for one of their products. • Companies that had significant dealings with the Department of Defense (DOD) were reluctant to express fully their unhappiness with policy that strongly promoted classified encryption algorithms and government-controlled key-escrow schemes. These companies were concerned that expressing their unhappiness fully might result in unfavorable treatment in competing for future DOD business.

OCR for page 113
Page 159 Many companies have expressed dissatisfaction publicly, although a very small number of firms did express to the committee their relative comfort with the way in which the current export control regime is managed. The committee did not conduct a systematic survey of all firms affected by export regulations, and it is impossible to infer the position of a company that has not provided input on the matter.54 4.6 EXPORT OF TECHNICAL DATA The rules regarding "technical data" are particularly difficult to understand. A cryptographic algorithm (if described in a manner that is not machine-executable) is counted as technical data, whereas the same algorithm if described in machine-readable form (i.e., source or object code) counts as a product. Legally, the ITAR regulate products with encryption capabilities differently than technical data related to cryptography, although the differences are relatively small in nature. For example, technical data related to cryptography enjoys an explicit exemption when distributed to U.S.-controlled foreign companies, whereas products with encryption capabilities are in principle subject to a case-by-case review in such instances (although in practice, licenses for products with encryption capabilities under such circumstances are routinely granted). Private citizens, academic institutions, and vendors are often unclear about the legality of actions such as: • Discussing cryptography with a foreign citizen in the room; • Giving  away  software with  encryption  capabilities over the Internet (see Section 4.8); • Shipping products with encryption capabilities to a foreign company within the United States that is controlled but not owned by a U.S. company; • Selling a U.S. company that makes products with strong encryption capabilities to a foreign company; • Selling products with encryption capabilities to foreign citizens on U.S. soil; • Teaching a course on cryptography that involves foreign graduate students; 54 The Department of Commerce study is the most systematic attempt to date to solicit vendors' input on how they have been affected by export controls, and the solicitation received a much smaller response than expected. See Department of Commerce and National Security Agency, A Study of the International Market for Computer Software with Encryption, released January 11, 1996.

OCR for page 113
Page 160 • Allowing foreign citizens residing in the United States to work on the source code of a product that uses embedded cryptography.55 Box 4.10 provides excerpts from the only document known to the committee that describes the U.S. government explanation of the regulations on technical data related to cryptography. In practice, these and other similar issues regarding technical data do not generally pose problems because these laws are for the most part difficult to enforce and in fact are not generally enforced. Nevertheless, the vagueness and broad nature of the regulations may well put people in jeopardy unknowingly.56 55 For example, one vendor argues that because foreign citizens hired by U.S. companies bring noncontrolled knowledge back to their home countries anyway, the export control regulations on technical data make little sense as a technique for limiting the spread of knowledge. In addition, other vendors note that in practice the export control regulations on technical data have a much more severe impact on the employees that they may hire than on academia, which is protected at least to some extent by presumptions of academic freedom. 56 A suit filed in February 1995 seeks to bar the government from restricting publication of cryptographic documents and software through the use of the export control laws. The plaintiff in the suit is Dan Bernstein, a graduate student in mathematics at the University of California at Berkeley. Bernstein developed an encryption algorithm that he wishes to publish and to implement in a computer program intended for distribution, and he wants to discuss the algorithm and program at open, public meetings. Under the current export control laws, any individual or company that exports unlicensed encryption software may be in violation of the export control laws that forbid the unlicensed export of defense articles, and any individual who discusses the mathematics of cryptographic algorithms may be in violation of the export control laws that forbid the unlicensed export of "technical data." The lawsuit argues that the export control scheme as applied to encryption software is an "impermissible prior restraint on speech, in violation of the First Amendment" and that the current export control laws are vague and overbroad in denying people the right to speak about and publish information about cryptography freely. A decision by the Northern District Court of California on April 15, 1996, by Judge Marilyn Patel, denied the government's motion to dismiss this suit, and found that for the purposes of First Amendment analysis, source code should be treated as speech. The outcome of this suit is unknown at the time of this writing (spring 1996). The full text of this decision and other related documents can be found at http:/ /www.eff.org/pub/Legal/Cases /BernsteinDoS /Legal. The constitutionality of export controls on technical data has not been determined by the U.S. Supreme Court. A ruling by the U.S. Ninth Circuit Court of Appeals held that the ITAR, when construed as "prohibiting only the exportation of technical data significantly and directly related to specific articles on the Munitions List, do not interfere with constitutionally protected speech, are not overbroad and the licensing provisions of the Act are not an unconstitutional prior restraint on speech." (See 579 F.2d 516, U.S. vs. Edler, U.S. Court of Appeals, Ninth Circuit, July 31, 1978.) Another suit filed by Philip Karn directly challenging the constitutionality of the ITAR was dismissed by the U.S. District Court for the District of Columbia on March 22, 1996. The issue at hand was the fact that Karn had been denied CCL jurisdiction for a set of floppy diskettes containing source code for cryptographic confidentiality identical to that contained in Bruce Schneier's book Applied Cryptography (which the State Department had determined was not subject to cryptographic export controls of any kind). See http:/ / www.qualcomm.com/people/pkarn/export/index.html

OCR for page 113
Page 161 BOX 4.10 On the Export of Technical Data Related to Cryptography "Cryptologic technical data . . . refers . . . only [to] such information as is designed or intended to be used, or which reasonably could be expected to be given direct application, in the design, production, manufacture, repair, overhaul, processing, engineering, development, operation, maintenance or reconstruction of items in such categories. This interpretation includes, in addition to engineering and design data, information designed or reasonably expected to be used to make such equipment more effective, such as encoding or enciphering techniques and systems, and communications or signal security techniques and guidelines, as well as other cryptographic and cryptanalytic methods and procedures. It does not include general mathematical, engineering or statistical information, not purporting to have or reasonably expected to be given direct application to equipment in such categories. It does not include basic theoretical research data. It does, however, include algorithms and other procedures purporting to have advanced cryptologic application. "The public is reminded that professional and academic presentations and informal discussions, as well as demonstrations of equipment, constituting disclosure of cryptologic technical data to foreign nationals are prohibited without the prior approval of this office. Approval is not required for publication of data within the United States as described in Section 125.11(a)(1). Footnote 3 to section 125.11 does not establish a prepublication review requirement. "The interpretation set forth in this newsletter should exclude from the licensing provisions of the ITAR most basic scientific data and other theoretical research information, except for information intended or reasonably expected to have a direct cryptologic application. Because of concerns expressed to this office that licensing procedures for proposed disclosures of cryptologic technical data contained in professional and academic papers and oral presentations could cause burdensome delays in exchanges with foreign scientists, this office will expedite consideration as to the application of ITAR to such disclosures. If requested, we will, on an expedited basis provide an opinion as to whether any proposed disclosure, for other than commercial purposes, of information relevant to cryptology, would require licensing under the ITAR." SOURCE: Office of Munitions Control, Department of State, ''Cryptography/ Technical Data," in Munitions Control Newsletter, Number 80, February 1980. (The Office of Munitions Control is now the Office of Defense Trade Controls.) for the running story (Karn is appealing this decision); this Web page also contains the District Court's opinion on this lawsuit.) Some scholars argue to the contrary that export controls on technical data may indeed present First Amendment problems, especially if these controls are construed in such a way that they inhibit academic discussions of cryptography with foreign nationals or prevent academic conferences on cryptography held in the United States from inviting foreign nationals. See, for example, Allen M. Shinn, Jr., "First Amendment and Export Laws: Free Speech on Scientific and Technical Matters," George Washington Law Review, January 1990, pp. 368-403; and Kenneth J. Pierce, "Public Cryptography, Arms Export Controls, and the First Amendment: A Need for Legislation," Cornell International Law Journal, Volume 17(19), 1984, pp. 197-237.

OCR for page 113
Page 162 4.7 FOREIGN POLICY CONSIDERATIONS A common perception within the vendor community is that the National Security Agency is the sole "power behind the scenes" for enforcing the export control regime for cryptography. While NSA is indeed responsible for making judgments about the national security impact of exporting products with encryption capabilities, it is by no means the only player in the export license application process. The Department of State plays a role in the export control process that is quite important. For example, makers of foreign policy in the U.S. government use economic sanctions as a tool for expressing U.S. concern and displeasure with the actions of other nations; such sanctions most often involve trade embargoes of various types. Violations of human rights by a particular nation, for example, represent a common issue that can trigger a move for sanctions. Such sanctions are sometimes based on presidential determinations (e.g., that the human rights record of country X is not acceptable to the United States) undertaken in accordance with law; in other cases, sanctions against specific nations are determined directly by congressional legislation; in still other cases, sanctions are based entirely on the discretionary authority of the President. The imposition of sanctions is often the result of congressional action that drastically limits the discretionary authority of the State Department. In such a context, U.S. munitions or articles of war destined for particular offending nations (or to the companies in such nations) are the most politically sensitive, and in practice the items on the USML are the ones most likely to be denied to the offending nations. In all such cases, the State Department must determine whether a particular item on the USML should or should not qualify for a USML license. A specific example of such an action given to the committee in testimony involved the export of cryptography by a U.S. bank for use in a branch located in the People's Republic of China. Because of China's human rights record, the Department of State delayed the export, and the contract was lost to a Swiss firm. The sale of cryptographic tools that are intended to protect the interests of a U.S. company operating in a foreign nation was subject to a foreign policy stance that regarded such a sale as equivalent to supplying munitions to that nation. Thus, even when NSA has been willing to grant an export license for a given cryptography product, the State Department has sometimes denied a license because cryptography is on the USML. In such cases, NSA takes the blame for a negative decision, even when it had nothing to do with it. Critics of the present export control regime have made the argument that cryptography, as an item on the USML that is truly dual-use, should

OCR for page 113
Page 163 not necessarily be included in such sanctions. Such an argument has some intellectual merit, but under current regulations it is impossible to separate cryptography from the other items on the USML. 4.8 TECHNOLOGY-POLICY MISMATCHES Two cases are often cited in the cryptography community as examples of the mismatch between the current export control regime and the current state of cryptographic technology (Box 4.11). Moreover, they are often used as evidence that the government is harassing innocent, lawabiding citizens. Taken by themselves and viewed from the outside, both of the cases outlined in Box 4.11 suggest an approach to national security with evident weaknesses. In the first instance, accepting the premise that programs for cryptography cannot appear on the Internet because a foreigner might download them seems to challenge directly the use of the Internet as a forum for exchanging information freely even within the United States. Under such logic (claim the critics), international telephone calls would also have to be shut down because a U.S. person might discuss cryptography with a foreign national on the telephone. In the second instance, the information contained in the book (exportable) is identical to that on the disk (not exportable). Since it is the information about cryptography that is technically at issue (the export control regulations make no mention of the medium in which that information is represented), it is hard to see why one would be exportable and the other not. On the other hand, taking the basic assumptions of the national security perspective as a given, the decisions have a certain logic that is not only the logic of selective prosecution or enforcement. •· In the case of Zimmermann, the real national security issue is not the program itself, but rather the fact that a significant PGP user base may be developing. Two copies of a good encryption program distributed abroad pose no plausible threat to national security. But 20 million copies might well pose a threat. The export control regulations as written do not mention potential or actual size of the user base, and so the only remaining leverage for the U.S. government is the broad language that brings cryptography under the export control laws. •  In the case of Schneier, the real national security issue relates to the nature of any scheme intended to deny capabilities to an adversary. Typing the book's source code into the computer is an additional step that an adversary must take to implement a cryptography program and a step at which an adversary could make additional errors. No approach to denial can depend on a single "silver bullet"; instead, denial rests on the erection

OCR for page 113
Page 164 BOX 4.11 Two Export Control Cases The Zimmermann PGP Case Philip Zimmermann is the author of a software program known as PGP (for Pretty Good Privacy). PGP is a program that is used to encrypt mail messages end-to-end based on public-key cryptography. Most importantly, PGP includes a system for key management that enables two users who have never interacted to communicate securely based on a set of trusted intermediaries that certify the validity of a given public key. Across the Internet, PGP is one of the most widely used systems for secure e-mail communication. Zimmermann developed PGP as a "freeware" program to be distributed via diskette. Another party subsequently posted PGP to a USENET newsgroup."1 (A commercial version licensed from but not supplied by Zimmermann has since emerged.) In 1993, it was determined that Zimmermann was the target of a criminal investiga tion probing possible violations of the export control laws.2 Zimmermann was careful to state that PGP was not to be used or downloaded outside the United States, but of course international connections to the Internet made for easy access to copies of PGP located within the United States. In January 1996, the U.S. Department of Justice closed its investigation of Zimmermann without filing charges against him.3 The Bruce Schneier-Appied Cryptography Case Bruce Schneier wrote a book called Applied Cryptography4 that was well received in the cryptography community. It was also regarded as useful in a practical sense because it contained printed on its pages source code that could be entered into a computer and compiled into a working cryptography program. In addition, when distributed within the United States, the book contained a floppy disk that contained source code identical to the code found in the book. Howevet, when another party (Philip Karn) requested a ruling on the exportability of the book, he (Karn) received permission to export the book but not the disk. This decision has been greeted with considerable derision in the academic cryptography community, with comments such as "They think that terrorists can't type?" expressing the general dismay of the community. 1 A USENET newsgroup is in effect a mailing list to which individuals around the world may subscribe. Posting is thus an act of transmission to all list members. 2 John Schwartz, "Privacy Program: An On-Line Weapon?," Washington Post, April 3, 1995, p. A1. 3 Elizabeth Cocoran, "U.S. Closes Investigation in Computer Privacy Case,'' Washington Post, January 12, 1996, p. A11. 4 Bruce Schneier, Applied Cryptography, John Wiley & Sons, New York, 1994.

OCR for page 113
Page 165 of multiple barriers, all of which taken together are expected to result in at least a partial denial of a certain capability. Moreover, if one begins from the premise that export controls on software encryption represent appropriate national policy, it is clear that allowing the export of the source code to Schneier's book would set a precedent that would make it very difficult to deny permission for the export of other similar software products with encryption capabilities. Finally, the decision is consistent with a history of commodity jurisdiction decisions that generally maintain USML controls on the source code of a product whose object code implementation of confidentiality has been granted commodity jurisdiction to the CCL. These comments are not intended to excoriate or defend the national security analysis of these cases. But the controversy over these cases does suggest quite strongly that the traditional national security paradigm of export controls on cryptography (one that is biased toward denial rather than approval) is stretched greatly by current technology. Put differently, when the export control regime is pushed to an extreme, it appears to be manifestly ridiculous. 4.9 RECAP Current export controls on products with encryption capabilities are a compromise between (1) the needs of national security to conduct signals intelligence and (2) the needs of U.S. and foreign businesses operating abroad to protect information and the needs of U.S. information technology vendors to remain competitive in markets involving products with encryption capabilities that might meet these needs. These controls have helped to delay the spread of strong cryptographic capabilities and the use of those capabilities throughout the world, to impede the development of standards for cryptography that would facilitate such a spread, and to give the U.S. government a tool for monitoring and influencing the commercial development of cryptography. Export controls have clearly been effective in limiting the foreign availability of products with strong encryption capabilities made by U.S. manufacturers, although enforcement of export controls on certain products with encryption capabilities appears to have created many public relations difficulties for the U.S. government, and circumventions of the current regulations appear possible. The dollar cost of limiting the availability of cryptography abroad is hard to estimate with any kind of confidence, since even the definition of what counts as a cost is quite fuzzy. At the same time, a floor of a few hundred million dollars per year for the market affected by export controls on encryption seems plausible, and all indications are that this figure will only grow in the future.

OCR for page 113
Page 166 A second consideration is the possibility that export controls on products with encryption capabilities may well have a negative impact on U.S. national security interests by stimulating the growth of important foreign competitors over which the U.S. government has less influence, and possibly by damaging U.S. competitive advantages in the use and development of information technology. In addition, the export control regime is clouded by uncertainty from the vendor standpoint, and there is a profound mismatch between the perceptions of government/national security and those of vendors on the impact of the export control regime. Moreover, even when a given product with encryption capabilities may be acceptable for export on national security grounds, nonnational security considerations may play a role in licensing decisions. Partly in response to expressed concerns about export controls, the export regime has been gradually loosened since 1983. This relaxation raises the obvious question of how much farther and in what directions such loosening could go without significant damage to national security interests. This subject is addressed in Chapter 7.