Encryption Export Controls [Updated January 11, 2001]   [open pdf - 142KB]

The U.S. Government has traditionally maintained that controls over strong encryption are necessary for national security, foreign policy, and law enforcement reasons. While most encryption was originally controlled under the AECA, in late 1996 the President transferred jurisdiction over nonmilitary items to DOC, which at the same time eased controls over commercial encryption that used a key recovery feature or was destined for financial institutions. In 1998 the Administration further relaxed controls over 56-bit technology generally and stronger encryption destined for U.S. subsidiaries, insurance companies, and other end-users, retreating from earlier key recovery requirements. Further modifications were announced in September 1999, allowing license exceptions for the export of encryption of any key length after a technical review to most end-users in all but terrorist countries; draft regulations were issued in late 1999. Following criticism by companies, privacy groups and Internet proponents, DOC expanded aspects of its original proposal and issued new regulations in January 2000. Regulations issued in October 2000 further streamlined controls over encryption exports to 23 countries including European Member states. Restrictive export licensing regulations have raised constitutional concerns, some arguing that they impose a prior restraint on speech in violation of the First Amendment. Federal courts have both upheld and dismissed First Amendment challenges to export controls, the outcome generally turning on whether the court viewed the encryption item and its export as essentially expressive or functional.

Report Number:
CRS Report for Congress, RL30273
Public Domain
Retrieved From:
Via E-mail
Media Type:
Help with citations