(A Javascript-enabled browser is required to email me.)



Summary of recommendation of the NAS crypto panel




Recommendation 1: No law should bar the manufacture, sale, or use of
any form of encryption within the United States.

Recommendation 2: National cryptography policy should be developed by
the executive and legislative branches on the basis of open public
discussion and governed by the rule of law.

Recommendation 3: National cryptography policy affecting the
development and use of commercial cryptography should be more closely
aligned with market forces.

Recommendation 4: Export controls on cryptography should be
progressively relaxed but not eliminated.

      4.1 -- Products providing confidentiality at a level that
      meets most general commercial requirements should be easily
      exportable.  Today, products with encryption capabilities that
      incorporate 56-bit DES provide this level of confidentiality
      and should be easily exportable.

      4.2 -- Products providing stronger confidentiality should be
      exportable on an expedited basis to a list of approved
      companies if the proposed product user is willing to provide
      access to decrypted information upon legally authorized request.

      4.3 -- The U.S. government should streamline and increase the
      transparency of the export licensing process for cryptography.

Recommendation 5: The U.S. government should take steps to assist law
enforcement and national security to adjust to new technical realities
of the information age.

      5.1 -- The U.S. government should actively encourage the use of
      cryptography in nonconfidentiality applications such as user
      authentication and integrity checks.

      5.2 -- The U.S. government should promote the security of the
      telecommunications networks more actively.  At a minimum, the
      U.S. government should promote the link encryption of cellular
      communications and the improvement of security at telephone
      switches.

      5.3 -- To better understand how escrowed encryption might
      operate, the U.S. government should explore escrowed
      encryption for its own uses.  To address the critical
      international dimensions of escrowed communications, the U.S.
      government should work with other nations on this topic.

      5.4 -- Congress should seriously consider legislation that
      would impose criminal penalties on the use of encrypted
      communications in interstate commerce with the intent to
      commit a federal crime.

Recommendation 6: The U.S. government should develop a mechanism to
promote information security in the private sector.


[ TBTF for 1996-05-31 ]