Memorandum on Encryption Export Policy
Memorandum for the Vice President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, the Secretary of Commerce, United States Trade Representative, Director of the Office of Management and Budget, Chief of Staff to the President, Director of Central Intelligence, Director, Federal Bureau of Investigation, Director, National Security Agency, Assistant to the President for National Security Affairs, Assistant to the President for Economic Policy, Assistant to the President for Science and Technology Policy
Subject: Encryption Export Policy
Encryption products, when used outside the United States, can jeopardize our foreign policy and national security interests. Moreover, such products, when used by international criminal organizations, can threaten the safety of U.S. citizens here and abroad, as well as the safety of the citizens of other countries. The exportation of encryption products accordingly must be controlled to further U.S. foreign policy objectives, and promote our national security, including the protection of the safety of U.S. citizens abroad. Nonetheless, because of the increasingly widespread use of encryption products for the legitimate protection of the privacy of data and communications in nonmilitary contexts; because of the importance to U.S. economic interests of the market for encryption products; and because, pursuant to the terms set forth in the Executive order entitled Administration of Export Controls on Encryption Products (the "new Executive order") of November 15, 1996, Commerce Department controls of the export of such dual-use encryption products can be accomplished without compromising U.S. foreign policy objectives and national security interests, I have determined at this time not to continue to designate such encryption products as defense articles on the United States Munitions List.
Accordingly, under the powers vested in me by the Constitution and the laws of the United States, I direct that:
1. Encryption products that presently are or would be designated in Category XIII of the United States Munitions List and regulated by the Department of State pursuant to the Arms Export Control Act (22 U.S.C. 2778 et seq.) shall be transferred to the Commerce Control List, and regulated by the Department of Commerce under the authority conferred in Executive Order 12924 of August 19, 1994 (as continued on August 15, 1995, and August 14, 1996), Executive Order 12981 of December 5, 1995, and the new Executive order except that encryption products specifically designed, developed, configured, adapted, or modified for military applications (including command, control, and intelligence applications), shall continue to be designated as defense articles, shall remain on the United States Munitions List, and shall continue to be controlled under the Arms Export Control Act. The transfer described in this paragraph shall be effective upon the issuance of final regulations (the "Final Regulations") implementing the safeguards specified in this directive and in the new Executive order.
2. The Final Regulations shall specify that the encryption products specified in section 1 of this memorandum shall be placed on the Commerce Control List administered by the Department of Commerce. The Department of Commerce shall, to the extent permitted by law, administer the export of such encryption products, including encryption software, pursuant to the requirements of sections 5 and 6 of the former Export Administration Act (50 U.S.C. App. 2405 and 2406), and the regulations thereunder, as continued in effect by Executive Order 12924 of August 19, 1994 (continued on August 15, 1995, and on August 14, 1996), except as otherwise indicated in or modified by the new Executive order, Executive Order 12981 of December 5, 1995, and any Executive orders and laws cited therein.
3. The Final Regulations shall provide that encryption products described in section 1 of this memorandum can be licensed for export only if the requirements of the controls of both sections 5 and 6 of the former Export Administration Act (50 U.S.C. App. 2405 and 2406), and the regulations thereunder, as modified by the new Executive order, Executive Order 12981 of December 5, 1995, and any Executive orders and laws cited therein, are satisfied. Consistent with section 742.1(f) of the current Export Administration Regulations, the Final Regulations shall ensure that a license for such a product will be issued only if an application can be and is approved under both section 5 and section 6. The controls on such products will apply to all destinations.
Except for those products transferred to the Commerce Control List prior to the effective date of the Final Regulations, exports and reexports of encryption products shall initially be subject to case-by-case review to ensure that export thereof would be consistent with U.S. foreign policy objectives and national security interests, including the safety of U.S. citizens. Consideration shall be given to more liberalized licensing treatment of each such individual product after interagency review is completed. The Final Regulations shall also effectuate all other specific objectives and directives set forth in this directive.
4. Because encryption source code can easily and mechanically be transformed into object code, and because export of such source code is controlled because of the code's functional capacity, rather than because of any "information" such code might convey, the Final Regulations shall specify that encryption source code shall be treated as an encryption product, and not as technical data or technology, for export licensing purposes.
5. All provisions in the Final Regulations regarding "de minimis" domestic content of items shall not apply with respect to the encryption products described in paragraph 1 of this memorandum.
6. The Final Regulations shall, in a manner consistent with section 16(5)(C) of the EAA, 50 U.S.C. App. 2415(5)(C), provide that it will constitute an export of encryption source code or object code software for a person to make such software available for transfer outside the United States, over radio, electromagnetic, photooptical, or photoelectric communications facilities accessible to persons outside the United States, including transfer from electronic bulletin boards and Internet file transfer protocol sites, unless the party making the software available takes precautions adequate to prevent the unauthorized transfer of such code outside the United States.
7. Until the Final Regulations are issued, the Department of State shall continue to have authority to administer the export of encryption products described in section 1 of this memorandum as defense articles designated in Category XIII of the United States Munitions List, pursuant to the Arms Export Control Act.
8. Upon enactment of any legislation reauthorizing the administration of export controls, the Secretary of Defense, the Secretary of State, and the Attorney General shall reexamine whether adequate controls on encryption products can be maintained under the provisions of the new statute and advise the Secretary of Commerce of their conclusions as well as any recommendations for action. If adequate controls on encryption products cannot be maintained under a new statute, then such products shall, where consistent with law, be designated or redesignated as defense articles under 22 U.S.C. 2778(a)(1), to be placed on the United States Munitions List and controlled pursuant to the terms of the Arms Export Control Act and the International Traffic in Arms Regulations. Any disputes regarding the decision to designate or redesignate shall be resolved by the President.
WILLIAM J. CLINTON
NOTE: The Executive order is listed in Appendix D at the end of this volume.
William J. Clinton, Memorandum on Encryption Export Policy Online by Gerhard Peters and John T. Woolley, The American Presidency Project https://www.presidency.ucsb.edu/node/222124