International Arms Control Statement Restricts Encryption

(December 4, 1998)  Thirty-three nations, including the United States, signed an statement regarding arms exports on Thursday, December 3, in Wassenaar, Austria.  At the insistence of the U.S, the "Wassenaar Arrangement" also calls for limits on export of encryption products.  Pro-encryption groups promptly criticized the statement and the Clinton-Gore administration.

The "Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies" is intended to restrain transfers of weapons such as "Man Portable Air Defense Systems."  However, at the insistence of the United States representatives, the non-binding arrangement also covers export of strong encryption products.

"The agreement caps a two year effort by the United States, to update international encryption export controls," said David Aaron, the President's Special Envoy for Cryptology, in a press release issued after the signing.   "Specific improvements to multilateral encryption controls include removing controls on all encryption products at or below 56 bit and certain consumer entertainment TV systems, such as DVD products, and on cordless telephone systems designed for home or office use. Wessenaar members also agreed to extend controls to mass-market encryption exports above 64 bits ..."

Related Documents

Wassenaar Arrangement (encryption section), 12/3/98.
Department of Commerce Press Release, 12/3/98.
Americans For Computer Privacy Statement, 12/3/98.
Statement of Sen. Conrad Burns, 12/3/98.

However, Sen. Conrad Burns (R-MT) quickly criticized the deal.  "This administration continues to live in this mythical world in which turning back the tide on technology and privacy is the policy tool of choice. If they think that getting a few countries to agree to their restrictions is going to get the job done in the digital age, they're farther down the primrose path than I thought."  Sen. Burns is Chairman of the Senate Communications Subcommittee, and sponsor of pro-encryption legislation.

Related Websites
Wassenaar Arrangement website.
U.S. Bureau of Export Administration.
U.S. Dept of commerce.
Americans for Computer Privacy.

"It is still baffling to people like me who view the Internet as an information revolution that should be allowed to grow and flourish that the Clinton-Gore administration would work to thwart the security backbone of electronic commerce and computer privacy," said Sen. Burns in a press release.   "The administration apparently views every law-abiding citizen who wishes to partake in the information worlds that are opening up to them as an enemy of the state."

Similarly, Jeff Smith, General Counsel of Americans for Computer Privacy, stated in a press release that the Wassenaar Arrangement "demonstrates flaws in our government's encryption export policies."   Smith elaborated that:

"The current U.S. policy only hurts American companies and puts them at a competitive disadvantage with foreign-owned competitors. The U.S. must adopt a domestic policy that factors in the realities of today's marketplace where thousands of strong encryption products are sold around the world.  Neither the Administration's state policy nor the Wassenaar Agreement announced today ... achieve that objective."

The statement is of limited effectiveness.  First, it is not binding on the signatory nations.  A document published in the Wassenaar Arrangement website states that:

"The decision to transfer or deny transfer of any item will be the sole responsibility of each Participating State. All measures undertaken with respect to the arrangement will be in accordance with national legislation and policies and will be implemented on the basis of national discretion. Therefore for specifics on Export Controls in Participating States, contact the National Authorities in that country."

Jeff Smith of the ACP stated that "it's only as good as how the signatories actually implement policies in accordance with the agreement.  Today's announcement only lays out a policy target for individual countries to implement.   The devil is always in the details."

Signatories to the Wassenaar Arrangement

Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, the Republic of Korea, Portugal, Romania, Russian Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and the United States.
Conspicuously Absent Nations: Israel, China.

Second, most nations are not a party to the Wassenaar Arrangement.  In particular, neither Israel nor China signed.  Both nations produce both arms and software.

A statement contained in the Wassenaar Arrangement website describes the purpose as follows: "The WA was designed to promote transparency, exchange of views and information and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilising accumulations. It complements and reinforces, without duplication, the existing regimes for non-proliferation of weapons of mass destruction and their delivery systems, by focusing on the threats to international and regional peace and security which may arise form transfers of armaments and sensitive dual-use goods and technologies where the risks are judged greatest."


U.S. Department of Commerce Press Release.
Re: Wassenaar Agreement on Encryption.

Date: December 3, 1998.
Source: U.S. Dept. Commerce.


Press Statement

U.S. Applauds Agreement on Encryption In International Export Control Regime

Vienna, Austria -- The United States welcomed the decision taken Thursday in Vienna by the 33 members of the Wessenaar Arrangement to modernize and improve multilateral encryption export controls. Ambassador David Aaron, the President's Special Envoy for Cryptology, said that "the international agreement reached here goes a long way toward leveling the playing field for exporters and promoting electronic commerce. It provides countries with a stronger regulatory framework to protect national security and public safety."

The agreement caps a two year effort by the United States, to update international encryption export controls and to balance commercial and privacy interests with national security and public safety concerns.  Thursday's agreement simplifies and streamlines controls on many encryption items and eliminates multilateral reporting requirements. Specific improvements to multilateral encryption controls include removing controls on all encryption products at or below 56 bit and certain consumer entertainment TV systems, such as DVD products, and on cordless telephone systems designed for home or office use.

Wessenaar members also agreed to extend controls to mass-market encryption exports above 64 bits, thus closing a significant loophole in multilateral encryption controls. This gives Wassenaar member governments the legal authority to license many mass market encryption software exports which were previously not covered by multilateral controls and enables governments to review the dissemination of the strongest encryption products that otherwise might fall into the hands of rogue end users. The new controls also extend liberalized treatment to mass-market hardware below 64 bits. Until today, only mass-market software products enjoyed this liberalized treatment.

"The decisions taken here in Vienna reinforce the Administration's efforts to promote a balanced encryption policy," Aaron confirmed.


Press Release of Americans for Computer Privacy.
Re: Wassenaar Agreement on Encryption.

Date: December 3, 1998.
Source: ACP.


AMERICANS FOR COMPUTER PRIVACY URGES ADMINISTRATION TO LIFT CONTROLS ON 56-BIT ENCRYPTION TECHNOLOGY

33 countries agree to lift controls in Wassenaar Arrangement

Washington, D.C. --(December 3, 1998) The following statement was issued today by Jeff Smith, General Counsel of Americans for Computer Privacy, in response to the Administration's announcement that 33 countries, which have signed the Wassenaar Arrangement, have agreed to eliminate reporting requirements for 56-bit encryption technology.

"Today's announcement by the U.S. government welcoming the decision taken Thursday in Vienna by the 33 of the Arrangement to modernize and improve multilateral encryption export controls is a welcome attempt to 'level the playing field,' but it also demonstrates flaws in our government's encryption export policies.

The Administration's recently announced 'new policy' which is intended to loosen export controls on encryption technology is inconsistent with the new Wassenaar agreement.   For example, the Wassenaar signatories have reportedly agreed to a policy to lift all export restrictions and reporting requirements on the export of 56 bit and below on mass market encryption.  However, the Administration's new policy contains onerous and burdensome reporting requirements on 56-bit exports.

ACP believes that the Wassenaar agreement should remove outdated export restrictions on all mass market encryption products.  As the next step, we encourage the Administration to at least adopt a domestic policy that falls in line with Wassenaar.

With respect to the actual Wassenaar agreement, it's only as good as how the signatories actually implement policies in accordance with the agreement.  Today's announcement only lays out a policy target for individual countries to implement.   The devil is always in the details. In addition, we must remember that countries like China and Israel are not signatories to this agreement.  If we are trying to create a level playing field in the world of encryption, it won't happen with an agreement that fails to attract key support of major world players.

The current U.S. policy only hurts American companies and puts them at a competitive disadvantage with foreign-owned competitors. The U.S. must adopt a domestic policy that factors in the realities of today's marketplace where thousands of strong encryption products are sold around the world.  Neither the Administration's state policy nor the Wassenaar Agreement announced today to achieve that objective."

Americans for Computer Privacy (ACP) is a broad-based coalition that brings together more than 100 companies and 40 associations representing financial services, manufacturing, telecommunications, high-tech and transportation, as well as law enforcement, civil liberty, pro-family and taxpayer groups.  ACP supports policies that advance the rights of American citizens to encode information without fear of government intrusion, and advocates the lifting of current export restrictions on U.s. made encryption.

For more information on Americans for Computer Privacy, please visit our Web Site at www.computerprivacy.org


Statement of Sen. Conrad Burns (R-MT).
Re: Wassenaar Agreement on Encryption.

Date: December 3, 1998.
Source: Office of Sen. Conrad Burns.


Burns Reacts To Encryption Agreement
33 Nations Knuckle Under to US. Pressure to Thwart-Internet Security

WASHINGTON, D.C. -- Montana Senator Conrad Bums today reacted to the Wassenaar Arrangement signed by 33 nations in Vienna.  The agreement, pushed strongly by the Clinton-Gore administration, includes restrictions on trade in strong encryption, even widely available "mass market" software, that allows for security and privacy for computer users.

"This administration continues to live in this mythical world in which turning back the tide on technology and privacy is the policy tool of choice. If they think that getting a few countries to agree to their restrictions is going to get the job done in the digital age, they're farther down the primrose path than I thought.

"It is still baffling to people like me who view the Internet as an information revolution that should be allowed to grow and flourish that the Clinton-Gore administration would work to thwart the security backbone of electronic commerce and computer privacy.

"The administration apparently views every law-abiding citizen who wishes to partake in the information worlds that are opening up to them as an enemy of the state.

"I will continue to put commonsense encryption and computer privacy 'legislation at the top of my agenda in the next Congress."

Burns, the chairman of the Senate Commerce Subcommittee on Communications, has been a leading proponent of pro-encryption legislation in the past two congresses.