- May 6. OECD Meeting in DC.
- May 20. Clipper III (PKI and Commerce).
USG root CA, must comply with escrow to paticipate. To participate in the network a user
needs a public key certificate signed by a CA which "binds" the user's identity
to their public key. One condition of obtaining a certificate is that sufficient
information (e.g., private keys or other information as appropriate) has been escrowed
with a certified escrow authority to allow access to a user's data or communications.
- May 30, the National Research Council released a prepublication draft
of Cryptography's Role in Securing the Information Society ("CRISIS")
- "the cleared members of the [National Research Council's Committee to Study
National Cryptography Policy] (13 of its 16 members) concluded that the debate over
national cryptography policy can be carried out in a reasonable manner on an unclassified
basis."{118}
- The Committee's first recommendation is that "No law should bar the manufacture,
sale, or use of any form of encryption within the United States."{119}
- Export controls "should be progressively relaxed but not eliminated."
- October, 3.11
- transfer primary jurisdiction over cryptographic control from the U.S. Munitions List
(USML) administered by the traditionally more cautious State Department to the Commerce
Control List (CCL), administered by the traditionally more export-oriented Commerce
Department.{215}
- the Administration proposed to allow temporary export of 56-bit encryption products --
i.e. of DES, the de facto global standard commercial encryption product -- but for no more
than two years, and only so long as the exporters promised "to build and market
future products that support key [escrow]," albeit with an option to have keys held
by approved private parties rather than the government.
- November, Crypto Ambassador Aaron goes abroad. Permanent rep. to OECD.
What is the idea here? What can be gained?
- November, OECD Guidelines are leaked.
