Craig A. Johnson
Note: The redacted Executive Summary mentioned below will be placed
in the Cyber Rights Library.
From: Electronic Privacy Information Center (EPIC)
Commerce Releases Crypto Availability Report
The US Department of Commerce today released a report on the
international market for encryption software. The report, which was
jointly produced by the Commerce Department's Bureau of Export
Administration and the National Security Agency reviews the foreign
availability of encryption products and other nations' import, export and
domestic use policies.
The report finds that there are foreign products available which "can have
an impact on US competativeness" and that US export controls "may have
discouraged US software producers from enhancing the softare features of
general purpose software to meet the anticipated growth demand by foreign
markets. It anticipated that there is a steadily increasing demand for
crypto to be included in general use software products becuase of well
A large portion of the report has been redacted by the NSA. EPIC filed
suit under the Freedom of Information Act in December 1995 to obtain a
full copy of the report and will continue to demand its release. EPIC
believes that the US goverment should remove export controls on public
domain and commerical software that contains encryption and end the policy
of demanding that key escrow be implimented in all encryption software.
Enclosed is the Commerce Department Press Release and Executive Summary
of the report. The full report is over 100 pages. EPIC will make every
effort to make the full report available in electronic form as soon as
More information on crypto policy is available at the EPIC Web Site at
UNITED STATES DEPARTMENT OF
OFFICE OF THE SECRETARY
FOR IMMEDIATE RELEASE CONTACT: Carol Hamilton
Thursday, January 11,1996 (202) 482-4883
DEPARTMENT OF COMMERCE RELEASES STUDY ON THE
INTERNATIONAL MARKET FOR ENCRYPTION SOFTWARE
Washington, D.C. -- The growth of an international market for encryption
software is being slowed by strong export controls, both in the United
States and other major countries. Moreover,the quality of products offered
abroad varies greatly, with some not providing the level of protection
The study, jointly prepared by the Commerce Department's Bureau of Export
Administration (BXA) and the National Security Agency (NSA), evaluates the
current and future market for computer software with encryption, which
allows users to protect their data using codes. The study also reviews the
availability of foreign encryption software and assesses the impact that
U. S. export controls on encryption have on the competitiveness of the
"Our study provides a clear snapshot of the international competition in
this segment that the software industry faces," said Cornmerce Secretary
Ron Brown. "Better understanding of the products and the marketplace gives
us the tools to ensure that our export control policies are appropriate,"
The study noted encryption software presently accounts for only a small
percentage of the total computer software but should grow substantially as
the U.S. and other countries deveiop and expand public networks and
The study found that the U.S. software industry still dominates world
markets. In those markets not offering strong encryption locally, U.S.
software encryption remains the dominant choice. However, the existence of
foreign products with labels indicating DES (Data Encryption Standard) or
other strong algorithms, even if they are less secure than claimed, can
nonetheless have a negative effect on U. S competitiveness. The study also
notes that the existence of strong U.S. export controls on encryption may
have discouraged U.S software producers from enhancing the security
features of general purpose software products to meet the anticipated
growth in demand by foreign markets.
All countries that are major producers of commercial encryption products
were found to control exports of the products to some extent. A few
countries (e.g., France, Russia, and Israel) control imports and domestic
use of encryption, as well.
As part of the study, NSA evaluated twenty-eight different foreign
encryption software products, finding that some were less secure than
advertised. Because customers lack a way to determine actual encryption
strength, they sometimes choose foreign products over apparently weaker
U.S. ones, giving those foreign products a competitive advantage.
For subscription info, archived postings/documents, and other useful
material, visit the CPSR Cyber-Rights Web Page at:
You are encouraged to forward and cross-post list traffic,
pursuant to any contained copyright & redistribution restrictions.