Commerce Department Issues New Rule For Encryption Exports

Remember all the talk in the 1990’s that surrounded the legalities, and largely restrictions, surrounding how encryption could be used for data sent outside the U.S.? Or how encryption tools and algorithms could be exported? It’s been a significantly more silent issue during this new century.

However, the U.S. Department of Commerce Bureau of Industry and Security just published on October 3 their “Encryption Simplification” interim final rule.
The rule basically allows for self-classification and also allows “low-level” encryption products to be exported without review. However, it also establishes some new export restrictions. It also adds Bulgaria, Canada, Iceland, Romania, and Turkey to the list of destinations receiving favorable licensing treatment under the License Exception.
Here is the primary text of the new rule…there is a HUGE amount of supplementary information you should also read at the site if you are interested in knowing all the different exclusions and conditions…

“SUMMARY: This interim final rule amends the Export Administration Regulations (EAR) to make the treatment of encryption items more consistent with the treatment of other items subject to the EAR, as well as to simplify and clarify regulations pertaining to encryption items. The restrictions pertaining to technical assistance by U.S. persons with respect to encryption items are removed, because the current export and reexport restrictions set forth in the EAR for technology already include technical assistance. This rule also removes License Exception KMI as it has become obsolete because of developments in uses of encryption. In addition, this rule removes notification requirements for items classified as 5A992, 5D992, and 5E992. This rule also increases certain parameters under License Exception ENC, which is intended to reflect advances in technology. This rule adds two new review and reporting requirement exclusion paragraphs under License Exception ENC for wireless ”personal area network” items and for ”ancillary cryptography” items. This rule also
adds Bulgaria, Canada, Iceland, Romania, and Turkey to the list of countries that receive favorable treatment under License Exception ENC.
Commodities and software pending mass market review may no longer be exported under ECCNs 5A992 and 5D992 using No License Required (NLR). However, once the mass market review has been received by BIS, then such commodities and software may be exported using License Exception ENC under ECCNs 5A002 and 5D002. This
rule will reduce the paperwork burden on the public by 9% (annual dollar amount savings of approximately $14,000 to the public and $5,000 to the U.S. Government), because of the removal of certain notification requirements, addition of countries to the list of those receiving favorable treatment under License Exception ENC, and the increase of reporting and review requirement exclusions. The Departments of Commerce, State and Defense will continue to review export control, license review policies, and license exceptions for encryption items in the EAR.
DATES: Effective Date: This rule is effective October 3, 2008.
ADDRESSES: Written comments on this interim final rule may be sent by e-mail to Include ”Encryption rule” in the subject
line of the message. Comments may also be submitted by mail or hand delivery to Sharron Cook, Office of Exporter Services, Regulatory Policy Division,
Bureau of Industry and Security, Department of Commerce, 14th St. & Pennsylvania Avenue, NW., Room 2705, Washington, DC 20230, ATTN: Encryption rule; or by fax to (202) 482-3355.
FOR FURTHER INFORMATION CONTACT: For questions of a general nature contact Sharron Cook, Office of Exporter Services, Regulatory Policy Division at (202) 482-2440 or E-Mail:
For questions of a technical nature contact: The Information Technology Division, Office of National Security and Technology Transfer Controls at 202-482-0707 or E-Mail: C. Randall Pratt at”

Tags: , , , , , , , ,

Leave a Reply