IP: Commerce Department Encryption Regulations

[Dave Farber <farber () cis upenn edu>]

Date: Tue, 10 Dec 96 09:34:03 EST
From: "Stewart Baker" <sbaker () mail steptoe com>
To: farber () cis upenn edu




     I've put a copy of the new Commerce Department 
     regulations and a short summary up on our web page at 
     <www.steptoe.com/commerce.htm>.  
     
     The regulations contain few surprises for students of 
     the State Department's regime and readers of the 
     newspapers.  Apart from the key recovery plans for 
     those who wish to export unescrowed DES or equivalent 
     for two years, the regulations mostly translate State 
     controls into Commerce language.
     
     One possible exception to this rule is the treatment of 
     books containing source code.  The State Department 
     allowed some books containing encryption source code to 
     be exported while forbidding the export of the same 
     source code on disk.  Phil Karn and his supporters 
     filed a suit claiming that this was a particularly 
     stupid distinction that could not be supported under 
     the Constitution.  
     
     In what surely ranks as a the cipherpunks' most Pyhrric 
     victory to date, the Administration seems to have 
     abandoned that distinction, not by easing controls on 
     disks but by deciding that books containing source code 
     must also get export licenses: "such encryption 
     software in both source code and object code remains 
     subject to the EAR even if published in a book or any 
     other writing or media." 
     
     Bruce Schneier, please call your office ... 
     
     Stewart Baker