By using this website you allow us to place cookies on your computer. Please read our Privacy Policy for more details.

Encryption Export Controls

View Publication


 

Publication Date: January 2001

Publisher: Library of Congress. Congressional Research Service

Author(s):

Research Area: Trade

Type:

Abstract:

Encryption exports are controlled under the Arms Export Control Act (AECA) and the Export Administration Act (EAA), the latter statute to expire August 20, 2001. The more stringent AECA controls, administered by the State Department, apply to encryption items classified as defense articles or services. Items not so classified are subject to regulation by the Department of Commerce (DOC) under the extended EAA authorities. DOC requires licenses for certain commodities and software, but allows other encryption items to be exported under license exceptions.

The U.S. Government has traditionally maintained that controls over strong encryption are necessary for national security, foreign policy, and law enforcement reasons. Industry has argued that federal regulatory policies insufficiently address rapid technological developments, prevent manufacturers from marketing products available abroad, and harm U.S. national interests by making strong U.S. encryption unobtainable by legitimate users worldwide. While most encryption was originally controlled under the AECA, in late 1996 the President transferred jurisdiction over nonmilitary items to DOC, which at the same time eased controls over commercial encryption that used a key recovery feature or was destined for financial institutions. In 1998 the Administration further relaxed controls over 56-bit technology generally and stronger encryption destined for U.S. subsidiaries, insurance companies, and other end-users, retreating from earlier key recovery requirements. Further modifications were announced in September 1999, allowing license exceptions for the export of encryption of any key length after a technical review to most end-users in all but terrorist countries; draft regulations were issued in late 1999. Following criticism by companies, privacy groups and Internet proponents, DOC expanded aspects of its original proposal and issued new regulations in January 2000. Regulations issued in October 2000 further streamlined controls over encryption exports to 23 countries including European Member states. Restrictive export licensing regulations have raised constitutional concerns, some arguing that they impose a prior restraint on speech in violation of the First Amendment. Federal courts have both upheld and dismissed First Amendment challenges to export controls, the outcome generally turning on whether the court viewed the encryption item and its export as essentially expressive or functional. Courts in California and Ohio have allowed challenges to proceed, holding that encryption source code is protected speech for First Amendment purposes.

Legislation introduced in the 106th Congress would have required increased liberalization of encryption export controls. H.R. 850, the Security and Freedom Through Encryption (SAFE) Act, was reported from the House Judiciary Committee, House Commerce Committee (as amended), and House International Relations Committee (as amended); significantly more restrictive versions of the bill had been reported by the House Armed Services Committee and House Permanent Select Committee on Intelligence (H.Rept. 106-117, Pts 1-5). S. 798, the Promote Reliable On-Line Transactions to Encourage Commerce and Trade (PROTECT) Act of 1999, was reported favorably and without amendment by the Senate Commerce Committee (S.Rept. 106-142). No further action was taken on these bills. This report will be updated periodically.