Multilateral export controls are generally recognized as more effective than unilateral export controls alone, especially where items are available from multiple countries. The United States uses its participation in certain multilateral organizations or arrangements listed below to encourage other countries to adopt export controls similar to those of the United States. The primary purpose of these efforts is to impose broader transnational export controls on items of particular concern, but the efforts also have the benefit of at least partially harmonizing U.
S. and foreign export controls through the use of shared regulatory goals and schemes. In particular, the United States is a member of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual Use Goods and Technologies (“Wassenaar Arrangement”). The Wassenaar Arrangement is the successor to the defunct Coordinating Committee on Export Controls (“COCOM”), which consisted of most NATO members plus Australia and Japan, and whose members coordinated their national export controls to restrict exports to the USSR and its satellite states.
COCOM was disbanded in 1994 following the breakup of the USSR, and the Wassenaar Arrangement was established in 1996 as a broader, replacement multilateral body for the post-Cold War era. Other multilateral organizations and agreements relating to export controls in which the United States participates include the Chemical Weapons Convention (“CWC”) and the Australia Group Chemical and Biological Weapons Nonproliferation Control Regime; the Nuclear Suppliers Group; and the Missile Technology Control Regime.
All of these multilateral organizations reflect attempts by members to establish relatively harmonized national export controls on potentially problematic activities. The EAR have been amended to reflect some of these changes. As a result, the EAR share significant similarities with export controls on commercial items maintained by some of the United States’ most important trading and foreign direct investment partners, who are also members of Wassenaar. The modifications to the EAR necessary to implement these multilateral initiatives are generally authorized pursuant to the constitutional authority of the President or under U.
S. export control statutes, primarily the EAA of 1979 and IEEPA. Encryption Standards and Exportation of Technology With the advent of public-key cryptography and the inclusion of encryption capabilities in mass-marketed software, encryption now is available to more users than ever before. However, for encryption to be used on a broad scale in electronic commerce – home banking and legal transactions, for example – users must have the same level of confidence they have in paper transactions.
Encryption is a process that transforms a message into a series of encoded numbers, rendering it unreadable by anyone other than its intended recipient. With the Internet’s rise as a major medium of trade and communication, encryption has become a vital tool of electronic commerce. Unfortunately, the ability to keep electronic communications secure through encryption can also be used by criminals and terrorists to shield their activities from the prying eyes of law enforcement and national security agencies.
Due to the threat to national security that encryption represents, the U. S. government has enacted strong controls on the international distribution of encryption software and hardware. There are two main categories of modern computer encryption technology: symmetric and asymmetric. Symmetric cryptography is a computer-generated advancement of the earlier forms of cryptography, in that it uses the same “key” for both encrypting and decrypting the coded message.
Asymmetric cryptography, more commonly referred to as “public key” cryptography, uses one key for encryption and a different key for decryption. To illustrate, when Bob wants to send a secure message to Sally using public key encryption, he encrypts his message using Sally’s public key, and Sally decrypts it using her private key. This method of encryption relies entirely on maintaining the privacy of an individual’s private key. Otherwise, anyone would be able to use someone else’s private key to decipher messages that were once intended to be kept secret.
Public key cryptography is inherently more secure than symmetric cryptography, because of the use of different keys for encrypting and decrypting information. The level of security provided by public key cryptography depends entirely on the length (measured in “bits”) of the public and private keys. As a result of the greater security that public key cryptography provides the user, particularly when used with longer keys, the focus of the public debate on cryptography for the last twenty years has been on public key cryptography.
Exportation of Technology The U. S. government defines exports broadly in most instances. For example, under the EAR exports include: ? An actual shipment or transmission of items out of the United States; ? Release of software or technology in a foreign country; ? Release of technology or source code to a foreign national wherever located. This includes visual inspection by a foreign national of U. S. -origin equipment or facilities. It also includes oral exchanges of information; ? Items produced abroad using U. S. -origin technology; and
? Re- export of previously exported items. By using the word “transmission” the government clearly intends that the use of electronic mail (“e-mail”) or the Internet to send items be subject to the EAR. As such, controlled software or data could be included. As specified in the EAR’s discussion of the export of encryption source and object code, transmission includes: “downloading, or causing the downloading of, such software to locations (including electronic bulletin boards, Internet file transfer protocol, and World Wide Web sites) outside the U.
S. , or making such software available for transfer outside the United States, over wire, cable, radio, electromagnetic, photo optical, photoelectric or other comparable communications facilities accessible to persons outside the United States, including transfers from electronic bulletin boards, Internet file transfer protocol and World Wide Web sites, unless the person making the software available takes precautions adequate to prevent unauthorized transfer of such code. “
The terms “export” and “reexport” are broadly defined to cover both transborder physical export shipments of items subject to the EAR, as well as certain non-physical transmissions of software or technology – including in some instances the domestic transfer of software or technology to foreign nationals. Specifically, the term “export” is defined as “an actual shipment or transmission of items subject to the EAR out of the United States, or release of technology or software subject to the EAR to a foreign national in the United States….
” The use of the word “transmission” – which also appears in the EAA of 1979 – denotes a clear intent to cover more than just physical exports. The language concerning domestic “releases” of technology or software, which is discussed further below, further demonstrates this broad intent. It is important to emphasize that the EAR’s definition of “export” does not distinguish between sales transactions versus intra-company transactions or communications. Accordingly, the latter activities can constitute exports for EAR purposes.
The term “reexport” is defined in similar fashion to the term “export. ” Reexports include “an actual shipment or transmission of items subject to the EAR from one foreign country to another foreign country; or release of technology or software subject to the EAR to a foreign national [of another country] outside the United States…. ” The EAR’s definition of “reexport” is also not limited to sales transaction activities, and can include intra-company transactions or communications.