NSA: 56-Bit Crypto Export OK

30 October 1998
Date: Fri, 30 Oct 1998 11:07:35 +1000
To: cryptography@c2.net
From: Greg Rose <ggr@qualcomm.com>
Subject: Movement on Export regulations

I was in a TIA standards committee meeting the other day[*], which was
attended by a couple of representatives from the NSA's export regulation
group (they don't like naming names), and an interesting comment came out
of them. After clarification, the comment boiled down to:

   "There is no longer any reason that an export licence for 56 bit
encryption would be denied."

That is, s/40/56/ in all previous discussions.

This prompted me to ask whether the guidelines they used were themselves a
matter of national security, that is, would a FOIA request for the
guidelines be productive. I should have learned not to ask double barreled
questions by now. After a short period of silence, I rephrased it to two
questions. The former got an explicit "no comment", while the latter got a
somewhat whimsical "if you like to see mostly black paper, with the
occasional 'if' or 'the' visible, yes, it would be productive."

With the US involvement in the international efforts to standardise 3rd
generation mobile phones hamstrung by these regulations ("SHA based
authentication algorithms cannot be exported to the ITU, because they don't
exclude the T7 nations"), expect to see some more interesting action on
this front from the telephone industry.

Greg.

Greg Rose                                       INTERNET: ggr@Qualcomm.com
Qualcomm Australia          VOICE:  +61-2-9181-4851   FAX: +61-2-9181-5470
Suite 410, Birkenhead Point,               http://people.qualcomm.com/ggr/ 
Drummoyne NSW 2047      232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C



Greg,

Provocative report. Can it be put on our Web site?

Was that TIA meeting in the US?

And, are wireless folks working with the TIA J-STD-025
Interim Standard for "Lawfully Authorized Electronic
Surveillance?"

Thanks,

John



Date: Fri, 30 Oct 1998 15:42:14 +1000
To: John Young <jya@pipeline.com>
From: Greg Rose <ggr@qualcomm.com>
Subject: Re: Movement on Export regulations

>Provocative report. Can it be put on our Web site?

Sure... I cleared it with my boss before I posted it.

>Was that TIA meeting in the US?

It was in Santa Barbara, 27-28th October, at the Harbor View Inn. The AHAG
(TIA TR45 Ad Hoc Authentication Group) has previously invited public
participation, see http://scitech.ctia.org/Security/index.html, and John
Gilmore has occasionally asked for people to come to them.

>And, are wireless folks working with the TIA J-STD-025
>Interim Standard for "Lawfully Authorized Electronic
>Surveillance?"

We are in the process of figuring out how to comply... there
is another TIA ad hoc group doing it, I think. The industry is pushing
back, hard, but not necessarily successfully. The compliance date has
already been pushed back (the original deadline to have it implemented has
already passed).

regards,
Greg.

Greg Rose                                       INTERNET: ggr@Qualcomm.com
Qualcomm Australia          VOICE:  +61-2-9181-4851   FAX: +61-2-9181-5470
Suite 410, Birkenhead Point,               http://people.qualcomm.com/ggr/ 
Drummoyne NSW 2047      232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C



Note: J-STD-025, Interim Standard for "Lawfully Authorized Electronic
Surveillance," December 1997, 146 pp. is available by online order from 
Global Engineering Documents for $136.00. Thanks to DE for pointing.