Export of Cryptography
by Roszel C. Thomsen II, Esquire and McKenney, Thomsen and Burke LLP, Commerce.net (1996)

This White Paper NW-3 Export of Cryptography describes the United States laws, regulations and requirements which govern the export of cryptographic products from the United States.

1. Introduction

Experience demonstrates that that individuals will not shop with their credit cards, and companies will not transfer their valuable intellectual property, via the Internet, unless and until they are assured that safeguards are in place against theft and other threats. Their fears are well founded. Notorious computer felon, Kevin Mitnick, had stolen over twenty thousand credit card numbers from just one Internet site before he was arrested last year. [FN1]

Cryptography, which is the process of transforming data to obscure its content, is essential for the full flowering of Internet commerce. The United States export controls on cryptography are one of the most important impediments to the development of Internet commerce. They effectively prevent the export of cryptographic products which are strong enough to protect valuable data from any but casual crackers. Furthermore, since strong cryptographic products cannot be exported from the United States, export controls have a secondary effect of hindering their widespread deployment within the United States.

At the same time, the United States Government believes that export controls on strong cryptographic products are essential to ensure that the intelligence and law enforcement communities remain able to eavesdrop electronically on foreign governments, terrorists, drug traffickers, pedophiles and others, inside and outside of the United States.

This paper describes the United States export controls on cryptography, including recent legislative, regulatory and other developments of interest. As anyone who has read even casually sci.crypt or any of the other newsgroups which discuss this subject, the debate between privacy advocates on the one hand and the intelligence and law enforcement communities on the other hand is polarized. In keeping with the CommerceNet mandate, both sides of the debate are presented.

1.1. What is Cryptography?

The Greek roots of the English word "cryptography" literally mean "secret writing". Cryptography involves the use of a "key" to transform so-called "plaintext" which is readable into so-called "ciphertext" which is secret. Cryptography has been used since ancient times to protect the privacy of communications. For example, using the two thousand year old "Caesar Cipher", the plaintext "make love not war" would be transformed into ciphertext "jxhb ilsb klq txo". [FN2]

Cryptography historically has been used primarily by governments to secure their military and diplomatic communications. However, in recent years, there has been a dramatic increase in the use of cryptography by ordinary citizens. This increase has been driven by several important technological advances and social trends.

In accordance with Moore's Law, computer performance is doubling approximately every 18 months. As a result, millions of people now enjoy access to computing power previously the provenance only of governments. Fast computer technology is essential to the use of sophisticated cryptography. In addition, advances in number theory have resulted in the deployment of so-called "pubic key" cryptosystems, which permit the secure exchange of data without the complicated task of managing secret keys.

Social trends also have played an important role. As more and more people spend increasing amounts of time in cyberspace, they want to shop, correspond, and engage in other activities which require some assurance of privacy. To meet this demand, hundreds of companies are developing cryptographic products for business and consumer markets.

1.2. Historical Foundation for U.S. Export Controls

The historical foundation for United States export controls on cryptography dates back to the Second World War. Allied successes in breaking the German Enigma cryptosystem and Japanese PURPLE code led to important victories in the Battle of the Atlantic and Pacific, respectively. Soviet spying in the late 1940's and early 1950's contributed to the theft of American atomic secrets at the start of the Cold War. These events led President Truman to issue Executive Order 12333 and National Security Directive 42, creating the National Security Agency ("NSA") out of the old Army Signals Corps, and entrusting the development of national cryptographic policy (including export control policy) to NSA, in 1952. [FN3]

2. Overview of Export Control Laws and Regulations

Although NSA is charged with development of export control policy with respect to cryptography, the State and Commerce Departments are responsible for implementing that policy through the issuance of export licenses. In general, strong cryptographic products are subject to the export control jurisdiction of the State Department, and weak cryptographic products are subject to the export control jurisdiction of the Commerce Department.

2.1. Munitions Export Controls

Strong cryptography is controlled under authority of the Arms Export Control Act ("AECA") [FN4] and implementing International Traffic in Arms Regulations ("ITAR") [FN5] administered by the State Department's Office of Defense Trade Controls. In fact, until the late 1980's all cryptographic products, whether strong or weak, were considered to be "defense articles" as described in Category XIII(b) on the U.S. Munitions List of the ITAR, and hence were subject to the same set of regulations which govern exports of guns and bombs. You could request that a product be transferred from the State Department's jurisdiction to the Commerce Department's jurisdiction pursuant to the Commodity Jurisdiction Procedure of the ITAR. However, such transfers were rare and required considerable disclosure to, and lengthy negotiation with, NSA.

In the late 1980's, as cryptographic features increasingly were incorporated into mainstream commercial products to meet market demand, the Commerce Department's Bureau of Export Administration "accepted jurisdiction" over categories of products which contained certain limited security features. Such products no longer were subject to the jurisdiction of the State Department under the ITAR, but rather became subject to the jurisdiction of the Commerce Department under the Export Administration Act ("EAA") [FN6] and implementing Export Administration Regulations ("EAR") [FN7] which govern exports of so-called "dual-use" products (having military and commercial application).

This new policy was formalized in changes to the EAR and ITAR which were published in the early 1990's. In August of 1991, the Commerce Department amended the Commerce Control List of the EAR to reflect the export licensing requirements for cryptographic products subject to its jurisdiction. [FN8] Shortly thereafter, in April of 1992, the State Department amended the U.S. Munitions List to expressly delineate the scope of products which are exempt from control under the ITAR. [FN9]

There are nine categories of cryptographic products which are expressly exempt from the export license jurisdiction of the State Department. These products are described in Category XIII(b)(1) of the ITAR. They include cryptographic hardware and software which are:

(i) Restricted to decryption functions specifically designed to allow the execution of copy protected software, provided the decryption functions are not user-accessible.

(ii) Specially designed, developed or modified for use in machines for banking or money transactions, and restricted to use only in such transactions. Machines for banking or money transactions include automatic teller machines, self-service statement printers, point of sale terminals or equipment for the encryption of interbanking transactions.

(iii) Employing only analog techniques to provide the cryptographic processing that ensures information security in the following applications:

(A) Fixed (defined below) band scrambling not exceeding 8 bands and in which the transpositions change not more frequently than once every second;

(B) Fixed (defined below) bank scrambling exceeding 8 bands and in which the transpositions change not more frequently than once every ten seconds;

(C) Fixed (defined below frequency inversion and in which the transpositions change not more frequently than once ever second;

(D) Facsimile equipment;

(E) Restricted audience broadcast equipment;

(F) Civil television equipment.

NOTE: Special Definition. For purposes of the subparagraph, fixed means that the coding or compression algorithm cannot accept externally supplied parameters (e.g., cryptographic or key variables) and cannot be modified by the user.

(iv) Personalized smart cards using cryptography restricted for use only in equipment or systems exempted from the controls of the USML.

(v) Limited to access control, such as automatic teller machines, self-service statement printers or point of sale terminals, which protects password or personal identification numbers (PIN) or similar data to prevent unauthorized access to facilities but does not allow for encryption of files or text, except as directly related to the password of PIN protection.

(vi) Limited to data authentication which calculates a Message Authentication Code (MAC) or similar result to ensure no alteration of text has taken place, or to authenticate users, but does not allow for encryption of data, text or other media other than the needed for the authentication.

(vii) Restricted to fixed data compression or coding techniques.

(viii) Limited to receiving for radio broadcast, pay television or similar restricted audience television of the consumer type, without digital encryption and where digital decryption is limited to the video, audio or management functions.,

(ix) Software designed or modified to protect against malicious computer damage, (e.g., viruses).

The preamble to the final rule published by the State Department in 1992 clearly indicates that exporters no longer have to obtain Commodity Jurisdiction Determinations verifying that products described in Category XIII(b)(1) are subject to the Commerce Department's jurisdiction before exporting under the EAR. However, for all other cryptographic products, you still have to request transfer on a case-by-case basis pursuant to the Commodity Jurisdiction Procedure of the ITAR.

There are a number of areas where the ITAR and EAR contain overlapping jurisdiction. A good example is so-called "mass market" software, which is discussed below. Another example is mobile telephony. Currently, mobile telephone handsets which incorporate the DECT or GSM cryptographic algorithms are eligible for transfer to the Commerce Department's jurisdiction on a case-by-case basis, but base stations required for development of DECT and GSM networks are not.

If your cryptographic hardware or software product is subject to the jurisdiction of the State Department under the ITAR, you probably have to obtain an export license or other approval from the State Department prior to export. Although the ITAR expressly exempts from its export licensing requirements cryptographic information which is in the "public domain", this exception is not available for software. Rather, all software is considered to be "hardware" for purposes of export licensing under the ITAR. Exports to Canada for use by Canadian citizens are exempt from the export license requirements. [FN10] The other exemptions for exports of ITAR-controlled hardware are very narrow, and seldom useful. [FN11]

The export licensing policy of the State Department is rather restrictive. For example, general purpose hardware and software which implement the Data Encryption Standard ("DES") for data privacy may be exported only to subsidiaries of U.S. companies for securing their internal communications and to financial institutions for inter-bank electronic funds transfer. Products which implement Triple DES are not exportable at all. Applications to export products incorporating other algorithms are reviewed on a case-by-case basis, and may be approved subject to limitations, provisos and other requirements imposed by the State Department after consultation with NSA and other agencies. Applications to export cryptographic products to the formerly communist countries or to countries which support international terrorism are subject to a policy of denial.

2.2. Dual-use Export Controls

Cryptographic products which are subject to the jurisdiction of the Commerce Department under the EAR are described on the Commerce Control List. [FN12] The export controls under the EAR are much more liberal than the corresponding controls under the ITAR. For example, the EAR recognizes that certain software may be exempt from control, because it is in the "public domain". In addition, the EAR contains a number of broad License Exceptions, which are much more useful than the corresponding exemptions under the ITAR.

By and large, hardware and software products which are subject to the jurisdiction of the Commerce Department under the EAR by virtue of the exemptions set forth in Category XIII(b)(1) of the ITAR may be exported under one or more of the License Exceptions of the EAR, like License Exceptions LST and TSU. However, as you can see, none of these categories applies to hardware or software which uses cryptography for data privacy. All exports of hardware and software subject to the Commerce Department's jurisdiction which implement cryptography for privacy require an export license issued by the Commerce Department, except for mass market software products described below.

2.3. Export Controls on Mass Market Software

In the late 1980's and early 1990's, many companies began to incorporate cryptography for data privacy into so-called "mass market" software products. This includes products which are sold over-the-counter in retail outlets or by telephone transactions, and which are designed for installation by the user without further substantial support by the developer. Popular mass market software programs incorporating cryptography for data privacy include Microsoft's Windows NT operating system, IBM/Lotus' Notes groupware and Netscape's Navigator web browser.

Developers of mass market software quickly realized that they could not succeed in the marketplace when saddled with the high administrative costs and lengthy time delays inherent in obtaining export licenses under the ITAR. They also were frustrated by the cumbersome Commodity Jurisdiction procedure which only permits case-by-case transfers to the Commerce Department's jurisdiction. So, the developers of mass market software (under the auspices of the Software Publishers Association) lobbied the Congress and Administration for relief from onerous ITAR controls.

In the early 1990's Congressman Mel Levine (D-CA) introduced a bill which would have transferred all mass market software -- regardless of the strength of cryptography implemented therein -- to the Commerce Department's jurisdiction. The Bush Administration opposed the Levine amendment, and instead negotiated a compromise with the software industry.

The fruits of the compromise were published in an amendment to the ITAR, whereby the State Department (and NSA) agreed to create an expedited Commodity Jurisdiction Procedure for mass market software. [FN13] Under this procedure, the State Department and NSA agreed to issued Commodity Jurisdiction Determinations on a case-by-case basis authorizing the transfer of non-strategic, mass market software from the State Department's jurisdiction to the Commerce Department's jurisdiction within seven days, provided that the software meets the following criteria:

- The software must use either the RC2 or the RC4 algorithm licensed from RSA Data Security Inc. for data privacy;

- The key used with RC2 or RC4 must be limited to 40 bits; and

- The key exchange mechanism must be limited to either a 64 bit symmetrical key or 512 bit public key modulus.

All mass market software programs which do not fall within these guidelines are supposed to receive an initial evaluation within fifteen days. Frequently, however, it can take quite a bit longer to process a Commodity Jurisdiction request for a product which deviates from the guidelines. Thus, there is a strong incentive to use RC2 or RC4 as indicated by the guidelines.

Once transferred to the Commerce Department's jurisdiction under the EAR, mass market software becomes eligible for export under the so-called General Software Note [FN14] and License Exception TSU [FN15] to most destinations. Thus, after modest diligence, mass market software programs may be exported without cumbersome export licensing.

Neither the government nor industry is entirely pleased with this compromise. Industry feels that the 40 bit key limitation, in particular, means that companies can only offer weak cryptography, and thereby reduces the competitiveness of American products in many markets. The government feels that widespread use of even weak cryptography is an impediment to electronic snooping. As a matter of public policy, it also seems unfair to grant such a significant market advantage to a single private company, in this case RSA Data Security. Furthermore, the compromise only applies to mass market software. Cryptographic software which is in the public domain or is not sold via mass market channels, and all hardware, remain subject to the State Department's jurisdiction under the ITAR, even if they are functionally equivalent to comparable mass market software!

3. Legislative Initiatives

3.1. Legislative Initiatives of the 103rd Congress

To rectify some of these outstanding issues, industry resumed its lobbying efforts early in the 103rd Congress. Representatives Maria Cantwell (D-WA) and Senator Patty Murray (D-WA) sponsored legislation (H.R. 3627 and S. 1846) which would not only transfer all cryptographic mass market software to the Commerce Department's jurisdiction, but also functionally equivalent software which does not qualify as mass market, and hardware.

Neither bill survived mark-up in the responsible Congressional committees. However, like the Levine amendment in the Bush Administration, they were used as levers to extract modest concessions from the Clinton Administration. The Commerce Department and NSA promised to conduct a thorough study of the export controls on cryptography, presumably as a prelude to further relaxation of export controls. These regulatory reforms are discussed in Section IV, below.

3.2. Legislative Initiatives in the 104th Congress

Preoccupied with other legislative priorities, the 104th Congress did little of note with respect to cryptography in its first session. In the second session, however, industry once again took its case for liberalization of export controls to the Capitol Hill. During the winter of 1996, Senator Leahy(D-VT) introduced S.1587 the "Encrypted Communications Privacy Act" and Representative Goodlatte(R-VA) introduced H.R.3011 the "Security and Freedom Through Encryption Act". As of this writing it appears likely that Senator Burns(R-MT) will introduce a similar bill titled "Promoting Commerce On-line in the Digital Age Act" shortly after this Easter recess.

These bills include reforms of the export controls on cryptography which are similar to those which were introduced in earlier Congresses. However, some provisions go further, guaranteeing all Americans the freedom to use the cryptographic products of their choice, and prohibiting mandatory key escrow cryptography in the United States. Thus, they respond not only to long-standing frustration over export controls, but also the Clinton Administration's Clipper Chip and Commercial Key Escrow initiatives, and the Digital Telephony Bill, which are discussed in Sections V and VII, below.

4. Regulatory Reforms

In response to industry's lobbying efforts, and in order to blunt legislative initiatives in the 103rd and 104th Congress, the Clinton Administration has implemented modest reforms of the ITAR and EAR in the past two years.

4.1. Munitions Export Control Reforms

On February 4, 1996, Deputy Assistant Secretary of State for Export Controls Martha Harris announced four initiatives designed to reduce the licensing burden on companies which export cryptographic products controlled under the ITAR.

The first initiative was the creation of a new type of export license, known as the "Distribution Arrangement", which was implemented in amendments to the ITAR published on September 2, 1994. [FN16] This new type of export license is unique, because it applies only to cryptographic products, and is not available for export of other defense articles controlled under the ITAR. In order to obtain authorization to export under a Distribution Arrangement, you must submit a proposed plan to the State Department for approval. The plan must specify the cryptographic products which will be exported, the countries to which the products will be exported, the classes of eligible customers, and other requirements set forth in the ITAR. There are two key features which distinguish the Distribution Arrangement from other export licensing options available under the ITAR: (1) you can ship directly from the United States to the customer, and (2) you do not have to identify the customers in advance, but rather report sales to the State Department after the fact. Thus, the Distribution Arrangement is an important procedural change, but does not expand the scope of cryptographic products which are eligible for export.

The second initiative was an attempt to expedite the review of export license applications for cryptographic products, with a turnaround goal of two working days. To facilitate this initiative, NSA placed an employee at the State Department's Office of Defense Trade Controls on a full-time basis to handle the burgeoning case load. The State Department has met the two working day turnaround goal in some cases, but most applications take two days or longer just to get from the State Department's mail room to the licensing officer. In addition, only the very simplest cases -- like temporary export licenses for trade shows and permanent export licenses to subsidiaries of U.S. companies and banks -- are likely to benefit from expedited processing. Moreover, the case load has increased in two years to the point where NSA now has two employees at the State Department on a full-time basis, and their workload is reported to be increasing rapidly.

The third initiative was the announcement of the so-called "Personal Use Exemption", which was not published as an amendment to the ITAR until February 16, 1996. [FN17] Utilizing this exemption, American citizens and permanent resident aliens may export cryptographic products temporarily for personal use, e.g., when communicating to their employer in the United States. This reform makes law abiding citizens of the thousands of travelers who for years have been taking copies of well known, ITAR-controlled products like Norton Utilities abroad on their laptop computers. However, industry still feels that the recordkeeping requirements established for compliance with this new exemption are excessive.

The fourth initiative was the announcement that "preferential" export licensing treatment would be accorded to applications to export key escrow encryption products. Inter-agency discussions about the scope of preferential treatment to be accorded, and a dearth of interest on the part of potential customers, has rendered this liberalization largely irrelevant, to date.

4.2. Dual-use Export Control Reforms

In addition to the reforms of the ITAR described above, the Commerce Department has implemented two important final rules which liberalize the export controls on cryptographic products subject to its jurisdiction under the EAR.

About two years after the deal which resulted in expedited processing of Commodity Jurisdiction determinations transferring mass market software programs from the State Department's jurisdiction to the Commerce Department, many major software companies began to test major new releases of their programs which incorporated cryptography. Thus, they were faced with a problem not contemplated when the rules were relaxed in 1993: beta test software does not qualify as "mass market", and therefore required case-by-case export licenses prior to export! Within a matter of months, the export licensing system risked being swamped by literally thousands of export license applications, as major software programs developed by Microsoft, Lotus, Novell and others entered beta testing. Recognizing that beta test software should not be controlled any more stringently than the incipient mass market releases, the Commerce Department issued a final rule removing the export license requirement for beta test software incorporating cryptography subject to its jurisdiction. [FN18]

The second significant reform was implemented in a final rule published on December 20, 1995, when most of the remaining export license requirements for anti-virus software were removed. [FN19] The popular anti-virus software programs developed by McAfee and Symantec, among others, already qualified for export under License Exceptions by virtue of the fact that they are sold via mass market channels, however, so the impact of this reform has been modest.

5. Key Escrow Cryptography

At the same time that the legislative and regulatory initiatives described in sections III and IV above were occurring, the Clinton Administration was embarking on an ambitious attempt to fundamentally alter the market for cryptographic products in the United States and abroad, by promoting the use of so-called "key escrow" cryptography.

The underlying principle of key escrow cryptography is that there should be a quid pro quo. The Government will permit the export of strong(er) cryptography, but only if the keys to such products are "escrowed" in a place where they will be accessible to the law enforcement and intelligence communities.

5.1. The "Clipper Chip"

The first product to incorporate key escrow was the infamous "Clipper Chip". Announced on April 16, 1993, the Clipper Chip was developed in secrecy by NSA and the Commerce Department's National Institute of Standards and Technology. It is available in a voice scrambling device marketed by AT&T. A similar chip, known as "Capstone", was developed for the Fortezza ( PCMCIA format) Card used in the Defense Messaging System.

Industry and public interest groups immediately denounced the Clipper/Capstone initiative, focusing on two perceived problems. First, the Skipjack algorithm used in the Clipper/Capstone devices is classified for reasons of national security. Thus, it has not been subjected to the same scrutiny to which other published algorithms, like DES, have been subjected. Second, the Clipper/Capstone devices utilize the Departments of Commerce and Treasury as the escrow agents. The public was skeptical that government agencies should be entrusted with escrowed keys.

In the ensuing months, a crescendo of criticism arose from industry and public interest groups. Fortune 500 companies joined arms with the American Civil Liberties Union and other public interest groups in an effort to convince the Clinton Administration to withdraw the Clipper/Capstone initiative. They argued, among other points, that (1) only law abiding citizens would use Clipper/Capstone, so that it would not prove useful to law enforcement; (2) foreign companies and persons would not purchase a product which has been compromised to Uncle Sam, so Clipper/Capstone will not prove useful to intelligence agencies; and (3) the product itself will not work. (In fact, within months after releasing the product, one of AT&T's own researchers found a means of defeating the Clipper Chip.)

The Clinton Administration also has another lever in addition to export controls with which to move the market: the promulgation of a Federal Information Processing Standard ("FIPS"), to which products must confirm in order to be eligible for procurement by U.S. Government agencies. NIST quickly announced that it would seek public comments on the use of Clipper as a FIPS. Despite receiving hundreds of public comments which overwhelmingly expressed opposition, NIST adopted Clipper as a FIPS (FIPS 185)on February 9, 1994. [FN20]

However, as a gesture to industry, in February of 1994 Vice President Gore wrote to Representative Maria Cantwell indicating that the Clinton Administration would consider alternatives to Clipper/Capstone, including escrow arrangements where someone other than agencies of the Government would hold the keys.

5.2. "Commercial" Key Escrow

On September 6, 1995, Mike Nelson, representing the White House, formally announced that "Clipper is dead" and unveiled the Clinton Administration's new proposal, which has become known as "commercial" key escrow. The ten commercial key escrow guidelines announced by NIST represented an effort to compromise with industry over several major concerns. The keys would not be held in escrow by Government agencies, but rather by private entities (albeit entities which entered into agreements with the Government and had at least one person holding a SECRET security clearance). Developers would be free to choose any algorithm, but could only implement it with a 64 bit key (as opposed to the 80 bit key used in Clipper/Capstone). NIST held subsequent public hearings, where the ten guidelines for exportable commercial key escrow products were refined and twenty new guidelines for certified key escrow agents were promulgated by the Justice Department.

The debate over key escrow continues. All sides are preparing or recently have released studies which support their positions. For example, the Commerce Department and NSA have completed a study which surveys the international market for cryptographic products and is ambivalent about whether export controls have negatively affected the market share of American companies. Industry trade associations, like the Business Software Alliance (BSA)and the Computer Systems Policy Project(CSPP), have reported that export controls are hurting the competitiveness of American companies, and that only cryptographic products with 80-90 bit keys will offer reasonable security in the coming decades. In short, there is a study which supports both sides of almost every point in the debate.

The public interest groups generally remain staunchly opposed to key escrow, referring derisively to the commercial key escrow guidelines as "Clipper Two", "Clipper Too" and "Clipper Lite". On the other hand, industry is not as unified in opposition to alternative key escrow proposals. For example, IBM/Lotus has implemented so-called "partial" key escrow in Release 4.0 of its popular Notes program, where the 24 bits in excess of the permitted 40 are escrowed with the U.S. Government prior to export. Microsoft has agreed to implement a controlled cryptographic application programming interface ("API") similar to the API developed for software programs which utilize the Fortezza Card. Netscape has gone one step further by implementing the Fortezza Card's API in its popular web browser.

Paraphrasing Mark Twain, the "death" of Clipper is greatly exaggerated. The Clinton Administration has not indicated a willingness to enter into a compromise which would permit the export of mass market software (much less hardware) with key lengths greater than 40 bits, unless there is some form of key escrow. Meanwhile, major companies publicly are declaring opposition to key escrow, but privately are assuming the Lotus position, and building the infrastructure for key escrow cryptography, bit by bit.

6. Special Issues in Export of Cryptography

6.1. Electronic Commerce

Secure electronic commerce may be the "killer app" which transforms the Internet into an integral part of everyday life. Secure payment products will have to incorporate cryptography for confidential transmission of data, authentication of the parties involved, and to ensure the integrity of the data transmitted.

Of these three requirements, the most significant for purposes of export controls is the confidential transmission of data. (Authentication features like digital signatures, and integrity features like message authentication codes, are subject to the jurisdiction of the Commerce Department.) The question is, how do you design a product which is strong enough to protect valuable commercial data, yet weak enough to be freely exportable?

Cybercash has approached this problem by using two different forms of cryptography. Basically, financial data is encrypted with DES, and non-financial data is encrypted with weaker (40 bit) cryptography. Thus, for example, if you were to order a pair of shoes from LLBean via the Internet, your credit card number and expiration date would be strongly encrypted using DES, but your name, ship-to address, shoe size and preferred shoe color would be encrypted using weak cryptography.

6.2. Crypto-with-a-Hole

So-called "crypto-with-a-hole" is one of the more frustrating issues encountered in the entire encryption export control debate. The concept originated with secure telephones, where the cryptographic functionality was embedded in a hardware chip. Someone got the bright idea that if you removed the chip, then you can export the telephone free from ITAR controls, because it would not encrypt, right? Wrong!

The State Department and NSA have a policy that products which incorporate crypto-with-a-hole are not exportable, because it would be so easy for a person outside of the United States to "fill" the hole with strong cryptography. Products which incorporate crypto-with-a-hole are relatively easy to spot when they fit the hardware paradigm of a secure telephone. Defining crypto-with-a-hole in software is much more difficult, however.

There are two competing principles which must be reconciled. First, the Government does not want to make it too easy for persons outside of the United States to incorporate strong cryptography into a software program. Thus, you cannot include a graphical user interface ("GUI") in your electronic mail program which announces "click here to encrypt", and also permits users to easily substitute the encryption library of their choice under this GUI. On the other hand, it is not desirable to have totally closed software programs, because developers need to provide API's for independent software vendors to write inter-operable applications programs. Thus, general purpose interfaces, like UNIX STREAMS, do not constitute crypto-with-a-hole.

Somewhere in between these two examples there is a line of demarcation separating general purpose interfaces from cryptographic API's, but it is not a bright line. Furthermore, the ITAR does not provide any guidance whatsoever with respect to what constitutes crypto-with-a-hole. Only through experience, and consultation with NSA, can you ensure compliance.

6.3. Pretty Good Privacy

Several years ago, a software developer named Phil Zimmermann (Zimmermann) decided to create a software program which he could use to exchange encrypted e-mail with his friends, secure from the threat of government surveillance (real or imagined). Little did he know that his software program, Pretty Good Privacy or PGP, would trigger a three year investigation and make him a cause celebre in the Internet community.

The facts are simple. Zimmermann wrote a software program implementing the IDEA algorithm which is subject to control under the ITAR. Someone -- Zimmermann swears he did not do it -- posted the software on a Usenet server, which is replicated periodically on mirror servers outside of the United States. Within hours, PGP was available from multiple locations in Europe and elsewhere. It is rapidly becoming the program of choice for encrypting e-mail sent via the Internet.

The Justice Department and the Customs Service executed search warrants on Zimmermann's home and office, carted off his computer and storage media, and commenced a grand jury investigation into the illegal export of PGP. To the law enforcement community, Zimmermann was a threat to the national security. To the cyberpunk community, he was a hero.

After three years of investigation, the United States Attorney's office in San Jose officially closed its investigation of Zimmermann in connection with the export of PGP, without explanation. Are there any lessons to be learned from this investigation?

Perhaps the most intriguing issue presented by the Zimmermann case is, what constitutes an export via the Internet? The Customs Service was formulating a theory that the software had been exported when it was placed on the Usenet, effectively beyond the Customs Service's ability to conduct detention, search and seizure. However, this begs the question, to whom was the software exported, where and for what purpose?

6.4. First Amendment Issues

There are two interesting cases which test the limits of developers to place software the "public domain". The first involves the book, Applied Cryptography, authored by Bruce Schneier. The second involves a Ph.D. thesis authored by a graduate student at the University of California at Berkeley.

The case of Applied Cryptography is an instructive lesson in the limitation of the definition of "public domain" under the ITAR. Applied Cryptography includes the source code -- in optical character recognition readable format -- for a variety of cryptographic algorithms like DES, Triple DES and IDEA, which generally are not exportable from the United States if implemented in machine executable software. The author, Bruce Schneier, also offers to provide the source code on diskettes, for a modest fee.

Although the book itself is in the public domain and is exportable worldwide, the cryptographic algorithms recorded on magnetic media are not. This distinction has been tested through the Commodity Jurisdiction process and in the United States District Court for the District of Columbia. In Karn vs. United States, Judge Richey upheld the State Department's right to control source code recorded on magnetic media as a "defense article", while recognizing that the same source code in printed form is in the public domain. This case has been appealed, but for now the rule is that source code is in the public domain when printed in a book, but is subject to control under the ITAR when in electronic form. For additional information see EFF's Karn Archive.

The case of Bernstein vs. United States raises a similar issue. [FN21] Bernstein, a graduate student at the University of California at Berkeley, prepared a Ph.D. dissertation which included a cryptographic software program. Bernstein requested State Department approval to post the program on the Internet, so that interested scholars (and others) might download and test the program.

Bernstein's request was denied, and he filed suit in the United States District Court for the Northern District of California seeking to enforce his First Amendment right to release the software via the Internet. This case is pending in the courts, as of this writing. It will be interesting to see whether courts on the East and West Coasts will reach the same conclusio n, when faced with basically the same question of whether "software" in paper and electronic form can be treated differently for purposes of United States export controls.

6.5. Foreign Export Controls on Cryptography

Although the United States imposes very stringent export controls on cryptography, it is by no means unique. Other countries also impose controls not only on cryptographic exports, but also on the importation and use of cryptography.

Perhaps, the most stringent controls on the import, export and use of cryptography today are in France. Under the French Coded Services Law, persons wishing to import, export or use cryptography must register with and obtain approval from the French government. In fact, this requirement applies even if the product at issue only uses cryptography for access control and data authentication. More stringent controls apply to products which actually implement cryptography for data privacy.

Other countries, like Russia, also have controls on cryptography which vary in scope and implementation. Perhaps, this represents a trend. At minimum, persons exporting cryptographic products from the United States should consider the restrictions on the importation and use of cryptography (if any) which may be imposed at the foreign end of the export transaction.

7. Digital Telephony and Cryptography

In the past, it was child's play to tap a telephone. All you needed was an "alligator" clip and a piece of wire. Today, however, it is not so simple.

Law enforcement officials in the United States are concerned that the deployment of advanced digital networks will impair their historical capability to execute court-ordered electronic surveillance. At the behest of the Federal Bureau of Investigation, in 1994 the Congress passed the so-called Digital Telephony Bill. [FN22] This legislation requires telecommunications carriers to assist law enforcement in implementing court-ordered wiretaps, and provides penalties in the event that they are unable to do so.

A little noticed, but important, provision of the Digital Telephony Bill also requires telecommunications carriers to decrypt any data which they have encrypted before transmission over their networks. The question arises, what will the FBI agents do if they execute a wiretap at great expense, as authorized by the Digital Telephony Bill, and they encounter privately encrypted data which frustrates their ability to eavesdrop? Is the next likely step legislation restricting Americans' right to use cryptographic products which have not received governmental approval (i.e., which the FBI can easily defeat)? Civil liberties groups are up in arms!

8. Conclusion

It does not appear likely at this time that the U.S. Government will approve the export of strong cryptography necessary for the flowering of Internet commerce, unless some form of key escrow is included in the product. Public interest groups, and some portions of industry, are adamantly opposed to key escrow. So, what are the possible outcomes?

One possible outcome is that U.S. companies simply will not be competitive with foreign suppliers of cryptographic products. Industry trade associations have identified hundreds of strong cryptographic products which are widely available outside of the United States. Perhaps, one of these products will become the de facto Internet standard, in which case both American industry and the intelligence and law enforcement communities will be losers.

Another possible outcome is that the market will remain Balkanized, so that no broadly accepted cryptographic standard emerges. In this case, most electronic commerce will remain vulnerable to sophisticated criminals but the government will remain able to conduct unfettered electronic surveillance. Industry losses, and government wins. In the short term, this seems to be the most likely outcome.

A third possibility is that the development of true, open standards will render the export controls on cryptography irrelevant. Standards will be adopted for encrypting at the IP level, at the router, and at other points required for widespread interoperability. Persons and companies wishing to utilize cryptography could simply purchase products which comply with the standards in their home market, rendering export controls irrelevant. Industry wins, and government loses.

A fourth possibility is that the U.S. and other governments will conclude that the benefits of Internet commerce outweigh the problems caused by wiretaps which are frustrated by use of cryptography. Industry and government both win. At this time, such an outcome appears unlikely.

In summary, the debate on relaxing the export controls on cryptography in the United States increasingly is polarized. On the one hand, government officials are suggesting that persons and companies must use compromised cryptographic products, so that the intelligence and law enforcement communities retain their historical capability to conduct electronic surveillance. On the other hand, many in the public interest community and some in industry oppose this (far from inevitable) loss of privacy. The debate is perhaps best encapsulated in the following (apocryphal) exchange between the recently departed Director of NSA, and one of our nation's founding fathers:

"The issue is balancing of equities -- protecting national security and effective law enforcement, as well as the privacy of individuals and businesses."

-- Admiral J.M. McConnell, (former) Director, NSA

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

-- Benjamin Franklin


1. Shimomura, Tsutomu with Markoff, John, TAKEDOWN, The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who did It, Hyperion, New York, NY, 1996, at p.145.
2. Schneier, Bruce, Applied Cryptography, Second Edition, John Wiley & Sons, Inc., New York, 1996, at p.11.
3. Bamford, James, and Madsen, W., The Puzzle Palace, Second Edition, Penguin Books, 1995.
4. 22 U.S.C. 2778.
5. 22 CFR 120 et seq.
6. 50 U.S.C. App. 2401 et seq.
7. 15 CFR 730 et seq.
8. 56 FR 42824.
9. 57 FR 15227.
10. 22 CFR 126.5.
11. 22 CFR 123.16.
12. 15 CFR 774.
13. 57 FR 32148.
14. 15 CFR Supp. 2 to 774.
15. 15 CFR 740.8.
16. 59 FR 45621.
17. 61 FR 6111.
18. 60 FR 18731.
19. 60 FR 65526.
20. 59 FR 5997.
21. Lewis, Peter H., Suit Over Restrictions on Encryption Software Clears Early Hurdle, New York Times, April 18, 1996, p.D7.
22. Pub. L. No. 103-414.


Auerbach, Stuart Pentagon Loses Round in Export Controls Fight Reagan Opposes Bid To Boost Defense Role, The Washington Post, July 21, 1994.

Bamford, James, and Madsen, W., The Puzzle Palace, Second Edition, Penguin Books, 1995.

Bulkeley, William M., Cipher Probe: Popularity Overseas of Encryption Code Has the U.S. Worried -- Grand Jury Ponders if Creator 'Exported' the Program Through the Internet -- 'Genie is Out of the Bottle', The Wall Street Journal, April 28, 1994, p.A1.

Bulkeley, William M., Cryptographer Is Told by U.S. that Case is Over, The Wall Street Journal, January 12, 1996, p.B2.

Corcoran, Elizabeth, Scrambling for a Policy on Encryption Exports; As Technology Advances, U.S. and Industry Seek Compromise That Balances Public, Private Fears, The Washington Post, February 25, 1996, p.H1.

Corcoran, Elizabeth, U.S. Closes Investigation In Computer Privacy Case; Export of Encryption Program Was at Issue, The Washington Post, January 12, 1996, p.A11.

Davis, Bob, Clipper Chip Is Your Friend, NSA Contends, The Wall Street Journal, March 22, 1994, p.B1.

Levy, Steven, Battle of the Clipper chip, New York Times Magazine, June 12, 1994, §6 at 1.

Lewis, Peter H., Software author focus of U.S. inquiry, New York Times, April 10, 1995, p.D4.

Lewis, Peter H., Technology: On the Net, New York Times, September 11, 1995, p.D4.

Lewis, Peter H., Suit Over Restrictions on Encryption Software Clears Early Hurdle, New York Times, April 18, 1996, p.D7.

Liebman, John R. and Root, William A., United States Export Controls. (3rd ed. 1993)

Lo, Wei, A Pathfinder to U.S. export control laws and regulations. William S. Hein & Co., Buffalo, N.Y., 1994

Markoff, John, Wrestling over the key to the codes, New York Times, May 9, 1993, §3, at 1.

Markoff, John, Industry to set its own data security code, New York Times, July 13, 1993, p.D3.

Markoff, John, Shift expected on computer exports, New York Times, August 27, 1993. p.D4.

McCoy, Charles, Visionary or Cyberspace Cadet: John Perry Barlow, the high priest of high tech, Has some harsh words for network-hungry corporations, The Wall Street Journal, November 14, 1994, p.R20.

Metcalfe, Bob, Free Markets for Telecom: Clipper Chip Won't Stop Internet Pirates, The Wall Street Journal, March 22, 1994, p.A14.

Pearl, Daniel, Encryption-Software Plan Presented Using 'Keys' Held by Escrow Agents, The Wall Street Journal, August 18, 1995, p.A3.

Ramirez, Anthony, Move gains to liberalize U.S. high-tech exports, New York Times, September 21, 1993, p.D1.

Rubinstein, Ira S., Export Controls On Encryption Software, Practising Law Institute, Commercial Law and Practice Course Handbook Series, 733 PLI/Comm 401, December 1995.

Sandberg, Jared, New Proposals On Encryption Get Tepid Response, The Wall Street Journal, February 26, 1996, p.B4.

Schneier, Bruce, Applied Cryptography, Second Edition, John Wiley & Sons, Inc., New York, 1996.

Schrage, Michael, Code Blues: Why the Clipper Chip Plan Is Having Unintended Effects, The Washington Post, April 15, 1994, p.B3.

Schwartz, John, Bill Would Ease Curbs on Encoding Software Exports, The Washington Post, November 23, 1993, p.C1.

Schwartz, John, Privacy Program: An On-Line Weapon?; Inventor May Face Indictment for Encryption Software Sent Abroad, The Washington Post, April 3, 1995, p.A1.

Shimomura, Tsutomu with Markoff, John, TAKEDOWN, The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who did It, Hyperion, New York, NY, 1996.