BSA Letter to Interagency Working Group on Encryption
November 8, 1996
Mr. Bruce McConnell
Information Policy & Technology
Office of Management & Budget
New Executive Office Building - Room 10236
17th & Pennsylvania Avenue, NW
Washington, DC 20504
Mr. Ed Appel
National Security Council
Old Executive Office Building - Room 300
17th & Pennsylvania Avenue, NW
Washington, DC 20504
Dear Bruce and Ed:
On behalf of America's leading publishers of software I wanted to thank
you again for the Administration's recent decision to liberalize export
controls for commercial encryption products. As BSA said at the time, it
is clearly a step in the right direction. However, as we have also explained
on numerous occasions since the announcement, there were some notable omissions
as well as a great number of unanswered questions. Therefore, we sincerely
appreciate your willingness to work with us on an expedited basis to hopefully
resolve remaining issues and to make further progress. .
Based on our recent discussions and meetings with Administration officials,
we believe there are four major outstanding areas that need immediate clarification.
This letter is intended to provide the Administration with BSA's reactions
to what we have heard to date as well as our concrete recommendations for
moving forward in these areas.
1. Interim Export Control Relief.
BSA's members have said for some time now that the ability to immediately
export 56-bit encryption products is critical to maintaining the international
competitiveness of the software industry and to providing computer users
worldwide with acceptable information security. This also was the major
recommendation of the National Research Council Study. Such exports also
were clearly permitted under legislation pending before Congress.
Therefore, we welcome your decision to permit the export under Department
of Commerce General License beginning January 1, 1997 of products using
56-bit encryption keys. We believe that many American software companies
will be ready to ship such products on January 1st. We trust that any necessary
government action will be completed by then.
Our specific concerns and suggestions follow:
Licensing Procedures and Rewrite of Regulations: We expect
that:
- the decision covers all commercial software and hardware programs
and products employing encryption for general text (data) confidentiality
purposes;
- after the transfer of licensing jurisdiction to DOC, exports of all
commercial products will occur under the least restrictive DOC General License
(License Exception) - either GTDU (TSU) or, if a new license is created
or a new ECCN established, the terms and conditions should permit the export
to all non-embargoed countries without requirement of written assurances;
- all products already reviewed and approved for export will continue
to be exportable (under whatever DOC General License) without the need for
any further approvals, and independent of any new requirement or process
for "commitments" on key recovery, including:
1. 40-bit key length mass market products
2. 56-bit or longer key length products for the financial services sector
(which, as explained below, needs to be immediately increased to 128 bits
for Internet financial applications)
3. other 56-bit or longer key length products (e.g. to U.S. subsidiaries,
certain foreign multinationals, certain foreign governments)
- with respect to new products and programs:
1. for all mass market products already approved for export at the 40 bit
level, if the only change is to 56 bits, then a simple letter to that effect
from the company (exporter) should be sufficient for General License treatment;
2. initial reviews of new products and programs with 56-bit key lengths
will occur under the same stringent time frame (7 to 15 days) that currently
exist for mass market products;
3. any commercial products with key lengths longer than 56-bits that are
not eligible for General License treatment should still be eligible for
export under a Validated License with terms and conditions substantially
similar to existing State Department export licenses.
We appreciate the time constraints under which the Administration is laboring;
however, we also believe it is essential to get the regulations done right.
Therefore we strongly urge you to involve industry associations in the drafting
of the new rules. Industry involvement is essential if the Administration
is to make good on the promise of achieving liberalized export controls
through transfer of jurisdiction over encryption software from State to
Commerce. Otherwise the new regime may be more restrictive than the current
dual agency regime.
Periodic Upward Adjustments in Key Lengths. We were disappointed
that the Administration did not also institute automatic, periodic adjustments
in key lengths that simply would maintain the same level of information
protection in the future. Such adjustments are necessary because predictable
advances in computing power will make attacks on encrypted information cheaper
and easier. This was the rationale behind BSA's earlier recommendation of
a "cost of cracking adjustment." The NRC CRISIS Report also called
for periodic adjustments. We note again that such adjustments would not
further disadvantage the government in performing any required brute force
attacks because it is precisely these attacks that benefit from the advances
in computing power!
Financial Applications. While the announcement confirms that
longer key lengths will continue to be approved for products dedicated to
the support of financial applications, no specific decision was made to
permit the export of such products with 128-bit encryption keys (under General
License GTDU (TSU)). Immediate action in this area is critical as the worldwide
financial sector currently demands this level of information security, foreign
competitors already are providing it, and safeguards are available to ensure
that such products are not used as general confidentiality products. (Industry
is familiar and comfortable with the binding standards currently used by
NSA - essentially a "work factor" test in which it would take
more effort to reconfigure the program than to do a separate one.) It is
essential to remember that if the U.S. Government does not provide immediate
export control relief in this area that foreign software companies are now,
and will become even more aggressive in, supplying such products - but without
the safeguards - thereby defeating our government's efforts to limit such
encryption worldwide. For example, a German product explicitly advertises
on the Internet its ability to provide "highly secure 128 bit transaction
encryption despite U.S. export restrictions."
Personal Use Exemption. We also believe further progress needs
to be made in the areas of the so-called "personal use exemption"
and non-confidentiality uses of encryption. Specifically, reporting requirements
should be eliminated or significantly simplified to ease administrative
burdens. Moreover, the exemption should be extended to foreign nationals
(except those from embargoed countries) employed by U.S. or Canadian companies
or subsidiaries/affiliates of U.S. companies.
2. Definition of Key Recovery.
Importantly, the Administration's announcement conditions the export of
56-bit encryption products upon "industry commitments to build and
to market future products that support key recovery." Such products
would have no algorithm restrictions or key length limits.
To be successful, any key recovery initiative must be voluntary and market-driven.
Users must see the value of key recovery features and want to use them.
American companies cannot sell what users will not buy. In this regard,
BSA's members have said for some time that they believe there may well be
commercial demand for products that enable the recovery of stored data and
that could be saleable worldwide.
We think it also is in the government's interest to see the deployment of
such key recovery products for stored data. We believe the government should
focus on what is "doable" in the near term. See what works; get
real world experience.
What Key Recovery Means. As we have repeatedly explained,
we believe a "key recovery" encryption confidentiality product
should be exportable if it includes features making the recovery of "plain
text" stored information accessible without the assistance of the individual
who has encrypted the information.
Key Recovery Is Different Than Key Escrow. A purchaser or
user of a product being able to recover his data is different than, and
separate from, the decision whether to voluntarily empower a trusted third
party to be able to recover the data. Indeed, this distinction between a
"key recovery" product that enables third party access to stored
information. and "key escrow" which requires such advance third
party access, makes all the difference in terms of industry and user acceptance.
Quite simply, there should be no requirement that a copy of the user's key,
or the means to access or reconstruct the key, be given to anyone (let alone
required to do so with government certified agents or with a U.S entity).
Indeed, we also note that even if certain individuals wanted to give a copy
of their key to a third party, the existence of a trusted third party infrastructure
in each country does not yet exist and could take some time to develop.
Thus, while we believe that in many cases businesses and other entities
would have access to keys used by their employees and (in time) commercial
key recovery services would be able to recover keys of their subscribers,
yet other computer users might choose not to give a copy of their key to
anyone (instead perhaps printing out a copy on a floppy disk or paper or
content to have it reside in a separate file on their hard drive). The analogy
to what people do with their house keys seems apt -- some give a copy to
a neighbor or friend, businesses often hold "passkeys" to their
employees offices, others put a copy in a safe deposit box or a drawer.
Importantly, in each situation the government can obtain the plain text
of information by lawfully obtaining the key where ever it might be kept.
Key Recovery Should Be A Condition Of Export Only For Stored Data.
As we have explained on many occasions, there is little if any commercial
demand for a key recovery function in real-time communications. The reason
is simple: if the communication is unsuccessful then it is simply tried
again until the transfer of information is successfully completed. Users
only want the ability to recover in plain text form their stored encrypted
information after the fact of transmission. Moreover, software companies
have been focusing on meeting this user demand - recovery of stored data.
They understand technically how to do this. In the short run, it is an achievable
objective.
We are concerned, however, that some in government seem intent on arguing
that because a few products can technically perform key recovery for communications
it should be a widespread requirement. To the contrary, our members have
seen nothing to suggest that any
product developed to date can work on a mass market scale or that there
is significant commercial demand for such products.
Therefore, an encryption product that provides key recovery for stored data
should be exportable even if it also encrypts communications without key
recovery.
Licensing Procedures. Finally, BSA believes that key recovery
encryption products for stored data should be exportable:
- regardless of key generation technique of technology used (i.e. no
limits on how often keys may be changed or replaced);
- without additional requirements or conditions precedent such as new
bilateral agreements;
- to all destinations subject only to generally applicable limitations
on non-controlled commodities (e.g. embargoed countries); and
- pursuant to DOC General License or License Exception (GTDU (TSU) or
equivalent) after a one-time review comparable to that provided for mass
market software.
3. Industry Commitments.
Based on what we have heard to date, unfortunately we believe the Administration
may adopt an approach that is based much more on sticks than carrots. We
think there is a better way.
The Administration's Tentative Approach. We understand that
the Administration may interpret "industry commitments" to building
and marketing key recovery products so as to require each company to provide
detailed information to the government regarding its plans for developing,
producing and marketing key recovery products and services. Moreover, under
such an approach companies would have to make resource commitments and concrete
benchmarks. The government would review each company's plan every six months.
If the government decided that inadequate progress had been made then it
could end a company's interim General License to export 56-bit products.
We believe this approach is misguided and unnecessary. Undoubtedly it would
subject the Administration to charges of micromanagement and industrial
policy. Moreover, such detailed governmental involvement could well threaten
the continued success of America's highly dynamic and competitive software
and hardware industries. Finally, the burdens of such an approach would
limit the ability of companies to participate, thereby reducing the number
of companies who could afford to develop key recovery products.
A Better Way. As we explained, we believe that a much more
productive and efficient approach is to rely on the fundamental incentive
inherent in the government's decision: after two years companies wishing
to export encryption programs with long key lengths will only be allowed
to do so if those programs and products have key recovery functions for
stored data.
We understand that the Administration is nervous about industry actually
moving forward with development of key recovery products. But the government
already knows that companies will develop and offer key recovery programs
for stored data because a number of companies either have such products
now, are currently working on such products, or have announced individual
or joint efforts to develop such products. They are doing so because users
want such products. Indeed, Administration officials have already acknowledged
that a "critical mass" of companies are at work on such key recovery
products.
We believe these activities should be sufficient and that any company should
be allowed to immediately begin exporting 56-bit products. We do not think
it is appropriate or wise to condition each individual company's ability
to export 56-bit encryption products on that company's plans to develop
or offer key recovery products.
However, if the Administration nevertheless believes such a requirement
is necessary, then we strongly urge you to adopt the simplest possible process:
make such a commitment to develop or offer key recovery products a term
of the General License (or Exception). By exporting products pursuant to
the General License, companies would have "self certified" that
they are making the requisite commitment. This would obviate the need for
an entire separate regulatory scheme, with letters, meetings, reviews, etc.
We also believe it is essential that the license simply require a commitment
to develop or offer key recovery products generally, not a key recovery
version of each and every 56-bit product being exported pursuant to the
General License.
4. What Happens After Two Years
There are several issues presented by the Administration's announcement
that after two years American companies will be unable, as a general proposition,
to continue exporting 56 bit encryption products without key recovery.
Interoperability. The Administration maintains that the "domestic
use of key recovery will be voluntary, and any American will remain free
to use any encryption system domestically." As we have explained all
along, we do think that there always will be some demand for non-key recovery
encryption programs and products. Thus, we understand the Administration's
decision to mean:
- companies may continue to sell domestically, to U.S. citizens abroad,
and to U.S. subsidiaries abroad, non-key recovery encryption programs and
products without regard to key length;
- companies may continue to sell worldwide non-key recovery encryption
programs and products which are approved for export; and
- Exportable key recovery encryption programs and products will be able
to interoperate with non-key recovery programs and products at the encryption
strength of those other programs and products (for domestic users this means
no limits and for international users at whatever level is approved for
export (e.g. 56 bit keys as adjusted upwards in the future)).
The Installed Base. Any interim export control relief will
be a mirage unless it meets serious business needs. No commercial user will
purchase such products unless they know they can purchase similar products
in the future for expanding needs (e.g. a bigger site license), can get
replacement products if something is wrong, can install upgrades in the
product (even if the encryption remains the same), and can get continued
service and customer support. Yet we have heard nothing that addresses these
issues. The Administration's decision must be implemented so that whatever
is permissible at the end of two years will continue to be so (i.e. approvals
already granted must be reasonably interpreted in the future).
BSA and its member companies remain committed to working with the Administration
to specifically address these important questions and implementation details.
Sincerely,
[signature]
Becca Gould
Vice President, Public Policy
Back.
Posted on December 5, 1996