| January 14 | The U.S. government issues new encryption export regulations that make it much easier for companies and individuals in the United States to widely export strong encryption in common products regardless of their strength or the type of technology they use. |
| |
| 1999 |
| September 16 | White House announces change in encryption export policy and support for CESA bill. (Regulations to be announced by December 15). |
| June 2 | Germany rejects restrictions on availability of strong encryption,
pledging to promote the development and manufacture of secure and powerful
cryptographic products. |
| May 27 | United Kingdom rejects key recovery as ineffective and inconsistent with the UK's desire to pursue a leadership role in electronic commerce. |
| February 25 | SAFE (H.R. 850) re-introduced in 106th Congress |
| January 19 | France announces plans to revise its traditionally conservative stance on encryption policy. 56-bit DES code cracked by group of computer enthusiasts in 22 hours and 15 minutes. |
| January 15 | National Institute of Standards and Technologies announces that 56-bit DES is no longer sufficient and recommends use of Triple DES. |
| January 6 | RSA Data Security, leading encryption software producer, establishes Australian subsidiary to enable worldwide distribution of encryption product without U.S. export restrictions. |
| |
| 1998 |
| December 31 | BXA issues revised encryption export policy that allows export of 56-bit products and granted sectoral relief to specialized industry groups.
|
| October 7 | Finnish government agrees to unrestricted export of strong encryption without mandatory key recovery. |
| July 18 | 56-bit DES code cracked in 56 hours by researchers in Silicon Valley. |
| June 8 | Ad-hoc group of cryptographers and computer scientists releases update to Risks of Key Recovery report, confirming that "[t]he design of secure key recovery systems remains technically challenging, and the risks and costs of deploying key recovery systems are poorly understood." |
| April 6 | NSA issues report, Threat and Vulnerability Model for Key Recovery, detailing risks of key recovery systems. |
| March 19 | PGP announces plans to sell encryption products outside the US through arrangements with a European partner. |
| February 28 | Americans for Computer Privacy, broad coalition of high-tech companies and privacy advocates, forms to oppose U.S. policy. |
| |
| 1997 |
| August 26 | Bernstein vs. Department of State: Federal district court judge rules encryption export regulations are unconstitutional violations of the First Amendment. |
| June 19 | 56-bit DES code cracked through bruce-force attack by a network of 14,000 computers. |
| June 16 | PGP 5.0 Freeware becomes widely available for non-commercial use. |
| May 27 | Ad-hoc group of cryptographers and computer scientists publish Risks of Key Recovery, outlining economic costs and security risks of mandatory key recovery systems. |
| April 23 | European Commission issues Electronic Commerce Initiative calling for "the use of strong encryption" as a "foundation stones of electronic commerce" and rejecting key escrow. |
| March 27 | OECD issues Cryptography Policy Guidelines calling for market-driven standards for encryption exports and unrestricted access to strong encryption products. |
| March 1 | SAFE bill (H.R. 695) introduced in 105th Congress. |
| |
