1. The difference between U.S. encryption controls and those of other nations is a serious -- but not the only -- factor determining success in the computer security market. With or without controls, both U.S. and foreign products are likely to continue to coexist, and other factors are likely to continue to slow deployment of security products. Many foreign companies, for example, especially those influenced by governments, will continue to favor domestic security solutions, and many computer users will not deploy serious security technology until there have been major incidents with losses that can be attributed to lack of encryption.

2. Nonetheless, the adverse impact of controls on U.S. industry is palpable. For many software applications, business customers simply demand security and encryption; it is a checklist item, and its absence is a deal breaker. While simply counting the number of foreign encryption software products in the market is not an accurate measure of the impact of controls, one particularly serious risk is that non-U.S. companies will use their ability to export stronger encryption as "leverage" to dominate particular applications.

This has happened in at least one field - Internet banking - and may occur in other areas of electronic commerce. Brokat, a German company that scarcely existed four years ago, now has 250 employees and offices in several countries including the United States. Brokat's specialty is Internet banking and electronic commerce, but it broke into that business on the strength of being able to offer stronger encryption than German banks could obtain in Netscape or Microsoft browsers. It is now a major player in this niche, with 50% of the European Internet banking market and enough U.S. customers to justify a 20-person U.S. branch office. Meanwhile, encryption constitutes 10% or less of Brokat's revenue, and it has expanded its initial Internet banking offerings to include support for other forms of electronic commerce. Loss of U.S. competitiveness in the electronic commerce software market obviously raises concerns not just about encryption software but other software opportunities. Indeed, it foreshadows a weakening of the U.S. position as a leader in electronic commerce generally.

3. The persistent emphasis in U.S. export control policy over the past two years on key recovery, or "lawful access," has also taken a toll on the credibility of U.S. security products. Key recovery continues to find a market. Business wants to ensure that data are available for corporate purposes, including litigation. Key recovery is seen as an important feature for stored business data (though not for communicated data in transit).

But the use of export controls to drive the key recovery market further than it would go by itself is hurting U.S. industry. Foreign governments and competitors, particularly in Europe, have misinterpreted this U.S. policy, perhaps deliberately. In essence, foreign customers are told often by their governments as well as local security companies that all U.S. encryption products come with a back door allowing the U.S. government to read the contents. In part this is the result of outmoded "Recovery" supplements to U.S. export rules that demand an unrealistic level of U.S. government access to key recovery products. In part it reflects the hostility of many foreign governments toward U.S. key recovery and access policies. It also reflects the fact that some countries will simply never rely on security products that are not home-grown, and misunderstanding U.S. key recovery policies may simply be a handy stick to beat U.S. products with. But it is unfortunate that the U.S. government has provided such a large and easily wielded stick.

4. U.S. controls are driving many U.S. companies into "cooperative arrangements" with foreign encryption suppliers. These cooperative arrangements allow U.S. companies to provide complete security solutions by encouraging their foreign partners to marry foreign-made crypto with U.S. commercial applications. These cooperative arrangements are highly risky under U.S. law, but they are not unlawful per se. Given the stakes, many companies have been prepared to take risks under U.S. law, and it is expected that more will do the same. The result is that U.S. policy has fostered the development of cryptographic software and hardware skills outside the United States. German, Swiss, Canadian, Russian, and Israeli cryptography companies have all benefited form this unintended consequence of U.S. encryption policy.

5. The U.S. government has made efforts to "level the field" of disparate export controls for encryption through negotiations under the Wassenaar Agreement. The U.S. proposal that 56-bit encryption become a new "floor" for encryption exports under Wassenaar, while certainly better than current policy, is likely to be implemented at least a year and perhaps several years too late. In response to the U.S. KMI initiative, which conditionally decontrolled 56-bit encryption in December 1996, other countries also decontrolled 56-bit DES but more or less unconditionally. The countries include Canada and apparently the United Kingdom. And by 1996, other countries, such as Germany, already were approving the export of 56-bit DES to virtually any country for virtually any purpose. Most recently, the exhaustion of a 56-bit DES key using a machine built for a quarter million dollars has entirely discredited DES as a serious security tool for valuable secrets. Single DES remains a useful tool for assuring privacy against a wide variety of potential adversaries and snoops, but decontrolling 56-bit encryption will not provide a significant boost to the competitiveness of U.S. technology for serious security applications.

6. Process and timing: In 1995, the State Department approved routine license applications for the export of encryption in less than a week on average. This was when the State Department had jurisdiction over encryption and NSA staffed the State Department's office and handled all encryption license applications.

This is no longer the case. The Commerce Department has staffed up heavily in the encryption field, but its processes now include parallel reviews by the FBI and NSA under a 30-day deadline that can be extended further with a simple "no" vote by either agency. For whatever reason, these agencies are now taking the full 30 days -- and often 90 days. Against a backdrop of continued export liberalization over the past four years, this degradation in export control performance strikes a jarring note.

The Commerce Department's performance in this area is not necessarily out of line with the performance of other countries. The German government often takes two to three months to approve a license for a new product and six weeks to approve a license for routine shipments. The difference is that German companies know with certainty that a license will be issued at the end of the process; and the German government imposes no key recovery requirement on exporters. Therefore, they can make commitments to deliver products that require a license even before they get the license. In the United States, both the FBI and NSA have at times cast votes intended to roll back existing policies, and they have at a minimum managed to stall licenses that seemed to fit existing policy. A key recovery policy, for example, has been applied sporadically to U.S. multinationals and with some inconsistency to other exports. For this reason, it is not prudent for exporters to assume that a license will be issued or to make commitments on the assumption that the license will be issued - even when existing policy makes it seem likely that a license will eventually be granted. Because an RFP by a foreign company may provide only 30 days for responsive proposals, and the proposals often must include an assurance that an export license will be obtained, some U.S. companies lose bidding opportunities simply because the U.S. government does not process licenses quickly enough.

In other respects, of course, Commerce Department practice is a large improvement over State's performance. This is particularly true for controversial licenses, on which Commerce typically forces a decision over a course of months. In contrast, State Department licenses could be held up for months without any explanation and there were no deadlines for resolving interagency disputes. Nonetheless, it seems clear that the Commerce Department and the other participants in the encryption licensing process should adopt additional procedures to speed the granting of relatively non-controversial licenses.