WASHINGTON, January 13, 2000 ‚ The Clinton Administration is to release tomorrow a final version of new export regulations controlling encryption data security tools that represent a fundamental change in U.S. policy. The new regulations, to go into affect immediately upon publication, will make it much easier for companies and individuals in the United States to widely export strong encryption in common products regardless of their strength or the type of technology they use.

"The new regulations are a major step forward for privacy, security, and commerce online," said Jerry Berman, Executive Director of the Center for Democracy and Technology (CDT). "This new U.S. policy is likely to give consumers and businesses all over the world better access to privacy-enhancing encryption in common products like web browsers, email programs, retail computer chips, and personal computers. By doing so, it will improve the security of the online infrastructure that will be the center of social, political, and economic life in the twenty-first century."

"Our number one yardstick for measuring U.S. encryption policy has been whether consumers all around the world can get good encryption in the products they use every day," said Alan Davidson, CDT Staff Counsel. "The new regulations make this possible by lowering previous hurdles ‚ like limits on encryption strength and demands for key recovery backdoors ‚ that restricted access to encryption and compromised privacy. The regulations embrace a user-oriented approach to online security that will protect privacy and more effectively promote public safety on the Internet."

CDT cautions that not all export controls have been removed and encryption cannot be exported without consulting the regulations. "The bad news is that the regulations remain very complicated, and people still need to take care before sending strong encryption products abroad," Davidson said. The new regulations have not changed the fundamental premise of U.S. policy that those who wish to export ‚ including researchers and others who wish to exchange certain kinds of source code ‚ must still comply with a regulatory process that may prove daunting for some individuals and small businesses.

In addition, access to encryption does not alone guarantee privacy online and the rules now set the stage for a new debate about appropriate legal protections for decryption keys and other kinds of personal data online. CDT looks forward to working with the Administration to address these unresolved privacy and constitutional free speech concerns in the future.

The changes are the product of a long policy debate in Washington and the hard work of an unprecedented coalition of public interest groups and private industry devoted to improving digital security. CDT wishes to thank Representatives Robert Goodlatte (R-VA) and Zoe Lofgren (D-CA), and Senators Patrick Leahy (D-VT) and Conrad Burns (R-MT), and numerous others on both sides of the aisle, for their extraordinary commitment to promoting good encryption policies and improving privacy online. Their tireless efforts have been essential to raising public awareness of the importance of encryption and advocating policies that make privacy tools available to consumers.

CDT also commends the Administration for taking a major step in the right direction on encryption policy, and for doing it with a more open and consultative process than has been used for previous encryption announcements.

For more information about the new encryption regulations, please visit CDT's Web site at http://www.cdt.org/crypto/ or call Alan Davidson or Jim Dempsey at (202) 637-9800.

Back to Press Releases

Free Speech | Data Privacy | Government Surveillance | Cryptography | Domain Names | International | Bandwidth | Security | Internet Standards, Technology and Policy Project | Terrorism | Authentication | Right to Know | Spam

Our Mission / Get Involved / Staff / Publications / Links / Search CDT / Jobs / Action! Previous Headlines | Legislative Tracking | CDT's Privacy Policy