APPENDIX
C

Report of the Subpanel on Computer Technology*

EXECUTIVE SUMMARY

  • A number of trends in global computer technology have lessened the feasibility and desirability of controlling exports of many dual use computer hardware and software products.

  • Controllability of computer technologies is a central issue. Trying to control exports of inherently uncontrollable products damages U.S. competitiveness abroad, undermines the credibility of export controls, and wastes government resources.

  • The risks of misuse may be reduced for some classes of products through forms of end-use control. "Sunset" provisions, also, would allow for automatic decontrol of certain classes of hardware and software products after a number of years, subject to appeal by relevant government agencies.

  • The foreign availability assessment (FAA) procedure is seriously flawed and has not functioned well as a mechanism for removing products from

*  

The Subpanel on Computer Technology was appointed by the Committee on Science, Engineering, and Public Policy to work in conjunction with the main panel to examine the impact of both current policy and alternative future policies on its specific industrial sector. The subpanel was not asked to consider the full range of issues addressed by the main panel; rather, it was given a specific set of tasks to undertake. The subpanel met less frequently than—and independently of—the main panel, and it had considerable latitude in conducting its discussions.

Thus, it should be noted that the conclusions and recommendations of this subpanel report, while providing valuable input to the deliberations of the main panel, do not necessarily reflect the main panel's views and, therefore, should not be considered to be a part of its findings.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment APPENDIX C Report of the Subpanel on Computer Technology* EXECUTIVE SUMMARY A number of trends in global computer technology have lessened the feasibility and desirability of controlling exports of many dual use computer hardware and software products. Controllability of computer technologies is a central issue. Trying to control exports of inherently uncontrollable products damages U.S. competitiveness abroad, undermines the credibility of export controls, and wastes government resources. The risks of misuse may be reduced for some classes of products through forms of end-use control. "Sunset" provisions, also, would allow for automatic decontrol of certain classes of hardware and software products after a number of years, subject to appeal by relevant government agencies. The foreign availability assessment (FAA) procedure is seriously flawed and has not functioned well as a mechanism for removing products from *   The Subpanel on Computer Technology was appointed by the Committee on Science, Engineering, and Public Policy to work in conjunction with the main panel to examine the impact of both current policy and alternative future policies on its specific industrial sector. The subpanel was not asked to consider the full range of issues addressed by the main panel; rather, it was given a specific set of tasks to undertake. The subpanel met less frequently than—and independently of—the main panel, and it had considerable latitude in conducting its discussions. Thus, it should be noted that the conclusions and recommendations of this subpanel report, while providing valuable input to the deliberations of the main panel, do not necessarily reflect the main panel's views and, therefore, should not be considered to be a part of its findings.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment control lists. A revised procedure could serve as a proactive mechanism for decontrolling some product classes. High-performance computers have been subjected to rigorous and cumbersome export controls for years. The advancing capability of both high performance and mainstream computing has made established static thresholds for supercomputers obsolete. A more reasonable approach for indexing levels of performance would track ongoing advances in computing technology. The subpanel does not recommend the removal of all controls on supercomputers, however. Interconnected computer networks now extend worldwide. Transborder data flow and network access are commonplace, and demand for network security products has increased significantly for a range of commercial enduse applications. U.S. industry has lost its competitive lead in the design, manufacture, and testing of protocols and network products. Global competition will be directed toward increases in data transfer performance and lower costs. It is not practical to expect legislative or regulative solutions to control unauthorized flows of technical data over networks. The first line of defense must lie in protection of data against unauthorized access. Software sold over the counter should be decontrolled worldwide; the sale and distribution of other object code should be decontrolled within the member countries of the Coordinating Committee for Multilateral Export Controls (CoCom), but subjected to licensing controls for other nations. Source code to such object code should be tightly controlled. The traditional computing industry in the Soviet Union has undergone considerable changes. The potential for technology transfers has increased greatly, which makes it even harder to restrict the flow of Western technology. Soviet attempts to acquire Western technology can be expected to continue. Monitoring of technological developments with military applications of concern to national security should continue and be extended. More comprehensive attention should be paid to commercial as well as military applications in a much larger number of countries, including both developed and newly industrializing nations. INTRODUCTION The computer industry (including the manufacture of computer hardware, software, microelectronics, and telecommunications equipment) is, in a number of ways, quite different from the other industrial sectors examined by the study's subpanels. Manufacture does not require scarce raw materials, and given the necessary capital and expertise, can take place almost anywhere. Product assembly from components requires moderate technical knowledge and can make use of a relatively unspecialized work force. Moreover, the pace of innovation is very rapid, and new technological generations

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment may succeed one another in less than two years. Finally, the pervasive applicability of computer-related products distinguishes the computer technologies sector from other industrial sectors. Although the U.S. computer industry still leads the world in systems engineering, systems integration, and computer-aided design and engineering (CAD/CAE) technologies, it faces increasingly stiff competition in many areas from Europe, Japan, and a number of newly industrializing countries. In its deliberations, the subpanel drew heavily on the 1988 National Research Council report, Global Trends in Computer Technology and Their Impact on Export Control (hereafter Global Trends).*1 The subpanel reaffirms the four major trends identified in that report: Rapid technological progress, leading to the extension and ''filling in" of the technological spectrum. Globalization of the technologies, along with increased international competition. Commoditization of many products, a trend typified by low and steadily decreasing prices, high production volumes, a multiplicity of producers, and high degrees of substitutability of increasingly more powerful computer equipment. Changes in the Soviet Union and Eastern Europe that, together with the three trends above, have lessened the feasibility and desirability of controlling many dual use computer hardware and software products. Detailed descriptions and analyses of these trends may be found in Global Trends and in the work of Goodman and colleagues.2 All of the trends have continued and, in some cases, accelerated since Global Trends was published in 1988. This subpanel report focuses on a number of new issues and includes a more comprehensive set of recommendations than did the earlier report. Given the characteristics of the industry, controllability of the technology is a central issue. The subpanel's discussion begins with an examination of controllability, followed by an analysis of various means of control and decontrol (as applied to computer technologies), and an evaluation of the foreign availability assessment procedure. The discussion next focuses on the control of a number of specific technologies and products, and then closes with an examination of some international issues in the context of computer-related export control policy. *   Seven members of the subpanel were also members of the Committee to Study International Developments in Computer Science and Technology, which wrote the Global Trends report. Seymour E. Goodman chaired both committees.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment CONTROLLABILITY Today, technological innovation and product engineering and manufacturing are taking place all over the world. As a result, a major constraint on the effective use of export controls lies in the uncontrollability of access to given products. Trying to control classes of products that are inherently uncontrollable is counterproductive: It damages U.S. competitiveness abroad, undermines the credibility of export controls, and wastes government resources. The subpanel determined that computer products may be divided into four classes of controllability: militarily critical products, "high-walls" products, commodities, and "middle-ground" products. Each of these classes is discussed briefly below. Militarily Critical Products These are products exclusively or predominantly used by the military and clearly linked to essential military goals or capabilities. Such products are covered by munitions controls, the International Traffic in Arms Regulations (ITAR), and similar control lists and were excluded from further consideration by the subpanel. "High-Walls" Products These are products that can be located, verified, traced, observed, or otherwise tracked in a protective environment. The concept of "high walls" involves the existence of product characteristics that enhance the ability to manage the protection of products on an individual basis. High-walls products are generally produced in unit fashion by the tens or hundreds, can be identified by serial or manufacturing sequence numbers, and are often large enough to inhibit undetected transport. High-walls products are amenable to the inclusion of internal tracking mechanisms, which can be used to create an audit trail of users. They are distributed by few suppliers, and vendor participation in training, service, maintenance, and product upgrading remains vital, often over the lifetime of the product. Disposal of such large and expensive items may be problematic as well. An example of a high-walls product is the high-performance system, or "supercomputer." Supercomputers are usually heavy and large, are produced in small quantities, maintain internal audit trails of users, and require prolonged vendor support. The Supercomputer Safeguard Plan is a current "high walled" protection mechanism applied to the shipment of supercomputers to countries other than the United States, Canada, and Japan.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment Commodities Commodities are products that are widely available, inexpensive, and in many cases, substitutable. Indeed, they are so widely available that they cannot effectively be controlled, and generally should not be controlled. The following definition for computer hardware is suggested as a guide to the determination of commodity status. In the view of the subpanel, a computer hardware product becomes a commodity when six of the following eight characteristics are satisfied: Production volume: at least 1 million units in cumulative worldwide production. If a sequence of increasingly advanced versions of the candidate product exists, the candidate for commodity status would be the least sophisticated version necessary to add up to the 1 million unit level. Unit cost: less than $25,000. Number of source countries: at least two countries that are not participants in CoCom. Distribution methods: at least two of the following: a minimum of three distinct purchasing channels, value-adding intermediaries, multiple outlets (e.g., chain stores), lot purchases of 100 or more units. Substitutability: product performs tasks that could be similarly performed by another product. Size: less than 1 cubic meter in volume. Purchasability: no special qualifications are required to purchase the product. Service and maintenance: no service or maintenance required, or multiple service alternatives to the manufacturers exist. (Software has different characteristics and is discussed separately below.) A good example of a hardware product that is a commodity is the personal computer (PC) based on the Intel 80286 chip. Well over 1 million IBM PC/AT-compatible machines have been produced, and supply and service of the machines are widely available through many channels and from many sources worldwide. Costs are well below $25,000 for all common configurations and rapidly approaching $1,000 in some cases. Unit size is less than 1 cubic meter. "Middle-Ground" Products All products not included in any of the three categories above fall into this category. Products in the "middle ground" are not sold in sufficiently large numbers to be considered commodities. They are sold in small numbers because they are new, are specialized for niche markets, or are expensive. Because of availability, size, portability, low maintenance demands, or easy

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment disposability, they may not be protectable by high walls, and yet they may have important military applications. Examples of middle-ground products include on-board signal processors, graphics work stations, advanced software development systems, math coprocessor chips, and high-end personal computers (e.g., those based on the 80486 chip). SOME MEANS OF CONTROL AND DECONTROL The following risks of product misuse should be considered if a product is to be physically located on foreign territory: Inspection and analysis with the intent to duplicate the product. Diversion-in-place, for example, the use of a supercomputer located in a weather research facility to run military-related applications. Relocation and diversion, for example, the movement of array processors to a different facility for use in military applications. Diversion of manufacturing capability, for example, the use of Western-made microelectronics manufacturing equipment to produce components used in weapons systems. End-Use Controls The risks of product misuse may be reduced through end-use controls. These can take several forms, including on-site inspections, technical controls and inspections, and restrictions that place the product "under U.S. eyes," for example, at a facility under the management or supervision of U.S. citizens. The most effective on-site inspections are those that can be made without advance notice. Technical end-use controls might include software configured to run on a limited number of hardware hosts and remote monitoring of machine performance. Remote monitoring might be limited to observation for signs of inappropriate application (e.g., running large floating-point applications on a mainframe that is intended for administrative and data processing applications at a hospital). Another form of technical control might be a "shut off" mechanism to enforce sanctions against misuse. Very high level foreign government guarantees that would result in severe political repercussions if diversions were exposed might also serve as a form of end-use control in conjunction with other methods. The subpanel makes the following recommendation concerning end-use controls. End-use controls should be considered as one way to permit the sale of a number of high-walls or middle-ground products under acceptable risks. These controls would be most effective against relocation and diversion. The effectiveness of end-use controls against

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment other forms of misuse is strongly dependent on specific local conditions, and end-use controls should not be used in circumstances in which violations would be difficult to detect or strong deterrence is required. A "Sunset" Provision Computer products frequently have a useful life of five to eight years. However, commodity products, such as personal computers, may be superseded by newer models in only 18 months. To compensate for this performance upgrade, industry adjusts prices to maintain a competitive price/performance growth curve. For example, at release in 1985, a Sun 3 work station cost about $10,000 per million instructions per second (MIPS), whereas in 1990 the latest model Sun SPARC station cost less than $750 per MIPS. Supercomputers and computer networks have followed a similar pattern. Parallel processing is leading to considerable price/performance improvements in supercomputers. Again, published figures suggest a rapid upgrading process, in these cases on about a three-year cycle. The useful life of software is much longer. Software evolves incrementally; successive updates are released about a year apart for most unclassified software, three to five years apart for classified software. Given these facts, the subpanel proposes the establishment of a "sunset" provision for both hardware and software, which would cause computer products to be automatically decontrolled after a certain number of years, subject to appeal by relevant government agencies. A distinct advantage of a sunset provision is that it provides an easy, semiautomatic method for decontrolling items as they become readily available to proscribed countries, but still provides concerned government agencies with the opportunity to challenge the removal of any item whose decontrol is considered a threat to national security. Mechanisms to prevent abuse of such challenges must, however, be included. To this end, the subpanel recommends the following: Controlled hardware and software should be subject to an over-ridable decontrol, or "sunset," provision. The length of time of this provision for a given technology might be based on cost, which usually reflects technological level and availability. For example, a product costing $1 million or more might have a sunset period of 10 years; $4,000 or less, 2 years, with a nonlinear scale for products in between these extremes. Unclassified software, because of its longer life cycle, should be decontrolled less frequently than low-end hardware. A five-year sunset provision is suggested in this case. For classified software, a sunset provision should

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment be developed along the lines of the automatic reclassification provisions on most classified documents, which provides for downgrading every 10 years. FOREIGN AVAILABILITY ASSESSMENTS The subpanel conducted an evaluation of the current procedure for determining the foreign availability of export-controlled products.* The evaluation included examination of the U.S. decision to decontrol PC/AT-compatible microcomputers and of the export control implications of reduced instruction-set computer (RISC) technology. On the basis of its discussions, the subpanel reached the following conclusions: The foreign availability assessment (FAA) procedure is seriously flawed and has not functioned well as a mechanism for removing products from control lists. A revised procedure may function well to remove middle-ground products from control lists and could provide a proactive mechanism for decontrolling products that have attained "commodity" status in advance of the automatic sunset provisions discussed earlier. The central focus of the FAA process is the control of dual use products of importance to foreign military forces. The process does not recognize, however, the rapid rate at which technology is advancing in the global computing industry. The operational aspects of the process, moreover, are subject to interpretation by various agencies, which leads to contentious debates regarding the determination of foreign-available status for products. For example, there are no satisfactory operational definitions for terms that are key to the assessments, such as "availability-in-fact," "evidence of use," or "sufficient quantity." This allows agencies to interpret the terms in ways that favor their individual concerns. Lack of timely options for conflict resolution and/or arbitration exacerbates the contention and places the U.S. computer industry at a significant disadvantage with respect to global competition. On the basis of its conclusions, the subpanel makes the following recommendations: The focus of the FAA process should be shifted toward a proactive mission of removing from control lists those middle-ground products that either have reached, or are about to reach, commodity status or that satisfy reasonable foreign availability conditions, rather than a passive mission that requires "after-the-fact" evidence of use in proscribed countries. *   The determination of foreign availability can be used as an argument for removing export controls on an item.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment The revised process should also be used to remove from control lists dual use, middle-ground niche products that may never reach commodity status due to their inherent low-production volumes. However, satisfactory, noncontentious operational definitions focused on non-U.S. availability, rather than on evidence of use, must be developed to make this process effective. The participation of industry and the decision-making capability of expert committees involved in reviewing hardware and software products for removal from control lists should be increased to ensure timely arbitration of disagreements and conflict resolution. EXPORT CONTROL OF SPECIFIC TECHNOLOGIES AND PRODUCTS Commodities In June 1990, CoCom removed many commodity products from the list of controlled items. The subpanel concurs with this decision and believes that once a computer product enters the commodity classification, it is inherently uncontrollable. Therefore, the subpanel recommends the following: Computer products that meet defined criteria for commodity status should not be controlled. A mechanism should be developed to ensure that products that are nearing commodity status are removed from the list in a timely fashion. This mechanism might be a modified version of the foreign availability assessment outlined earlier. Technologies MANUFACTURING EQUIPMENT In contrast to many computer end products, computer technology manufacturing equipment tends to have a much longer lifetime because components no longer considered state of the art still must be produced for use in high-volume commodity products or the upgrading of existing machines. Moreover, the denial of manufacturing equipment to a proscribed country limits that country's ability to develop its own production facilities. For these reasons, the subpanel recommends the following: There should be no semiautomatic decontrol or "sunset" provision for computer manufacturing equipment. Export of each piece of equipment should be individually licensed for the life of that equipment.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment HIGH-PERFORMANCE COMPUTING As a class, supercomputers have been subjected to rigorous and cumbersome export controls for years. This class of product is ideal for high-walls classification and has been controlled as such for use within all countries except the United States, Canada, and Japan by the Supercomputer Safeguard Plan. The safeguard plan, however, has become obsolete and cumbersome for two main reasons: (1) indiscriminate use of controls without regard to a nation's trustworthy practice or status and (2) adherence to outmoded, static performance levels. The subpanel favors consideration of a hierarchical implementation of controls, in which countries that are considered low risk are treated more favorably than those considered less trustworthy. The subpanel questions the concept of high-walls controls within CoCom countries, and perhaps within 5(k) countries.* The threat of diversion-in-place within CoCom countries to benefit other countries is overstated. The subpanel questions the value of cumbersome reexport controls within CoCom at all. The Departments of Commerce and State and other involved agencies have continued to invoke supercomputer controls at the level of 100 Mflops (millions of floating-point operations per second) calculative speed. However, the capability of mainstream computing has already made that threshold obsolete, and experts project that desktop computers will exceed 100 Mflops in 1991. Thus, the static threshold fails to recognize the realities of technological progress to the point that some desktop personal computers will be considered, by U.S. government standards, to be supercomputers. This means that the number of potential sites for policing will rapidly rise from a few hundred to tens of thousands, a situation with which no agency can adequately cope. A more reasonable approach for indexing the levels of performance at which special export controls go into effect would track ongoing advances in computing technologies. Performance levels requiring controls would increase with advances in computational speed. The approach proposed in Global Trends—establishing a relative performance threshold (e.g., the n percent most powerful, as measured by generally accepted benchmark tests)—should be seriously considered. The subpanel makes the following recommendations regarding export controls on supercomputers: Diversion-in-place protection (i.e., the Supercomputer Safeguard Plan) should be discontinued for all CoCom, and possibly also 5(k), nations. *   Non-CoCom countries that have signed export control agreements with the United States.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment The technological level at which high-performance computing export controls would go into effect should be higher for countries of moderate concern than for those of significant concern. Hence, the subpanel supports the concept of tiered control management for this technology. A more flexible and timely indexing method must be developed to replace the obsolete static control-level scheme, which does not recognize the rapid rate at which computing technology is progressing. As technology advances, the supercomputer protection rules must keep pace in order to focus enforcement effectively on state-of-the-art, high-performance systems. The subpanel does not recommend the removal of all controls on supercomputers. This technology has significant military value to any receiving country, as well as enormous value as a scientific and industrial tool. The technology, however, has great potential for high-walls protection and it fits well within the scope of end-use controls. The subpanel does not advocate the decontrolled shipment of supercomputers to the Soviet Union or certain other countries, but it believes that the export of advanced systems could be considered for specific applications, given appropriate end-use controls to prevent diversion for military uses. Industry's concern that continued use of export controls at low performance levels will lead to a significant competitive disadvantage for mainstream U.S.-produced products is valid. Thus, the subpanel believes that export controls should be (1) focused on those products that are truly state of the art, (2) significantly liberalized within CoCom and 5(k) countries, and (3) dynamic enough to accommodate rapidly changing technological capabilities. COMPUTER NETWORKS Computer networks are leading to the homogenization of computer systems. With the strong trend toward "open systems" (i.e., those that employ common standards), universal interoperability of commodity products of different manufacturers is possible over interconnected networks, which constitute a worldwide "internet." The networks themselves are part of the homogeneity. They are built from standard products, such as common operating systems, common file standards, common user interfaces, and standardized interface devices to connect host computers to networks and the networks to one another. The subpanel supports the original conclusions and recommendations in Global Trends regarding computer networks, and it notes that little progress has been made in modifying existing policies governing transborder network access and in establishing more reasonable ITAR restrictions on network

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment security products. The trends cited in the 1988 Global Trends report have accelerated rapidly since then, however. For example, Transborder data flow and network access are now commonplace and are primary corporate resources for sustaining competitive advantage among global competitors. Commercial demand for network security products, including encryption devices and trustworthy systems, has increased significantly for a range of commercial end-use applications. Current ITAR restrictions, however, retard the U.S. ability to compete with foreign producers, who have developed network products that support the International Standards Organization's (ISO) protocol standards. U.S. industry has lost its lead in the design, manufacture, and testing of protocols and network products to European and Pacific Rim competitors. This is due to the rapid emergence of products for 100 megabit/second local area networks (LANS) that follow the ISO's Fiber Distributed Data Interface (FDDI) standards. Given these trends, global competition will be directed toward increased performance of data transfer and lower costs for network interconnections. Today, FDDI 100 megabit/second LANs represent the state of the art. Products incorporating the FDDI international standard are beginning to sell in numbers that will lead to commodity status within the next few years. These products have clear dual use potential: for commercial transaction systems and in new distributed command/control/communications systems. The export control level for high-speed network products should be a moving threshold measured in "cost/termination" units comparable to processing data rates (PDRs). Transborder data flow is now the rule for the homogenized worldwide network. It is not practical to expect legislative and/or regulatory solutions, such as tariffs, export controls, and restrictions on network interconnections or communications traffic, to restrict potential unauthorized flows of technical data. The first line of defense must be protection of data against unauthorized access, whether while in storage or during transmission. Control of network proliferation, restriction of U.S.-international network interconnection, and regulation of traffic (including transborder data flow) should not be the means by which export control of software and technical data is achieved. Data security must increase in the worldwide network to ensure the integrity of traditional business practices conducted through this new medium. Measures employed to prevent fraud should include authentication of the transaction, authentication of the parties in the transaction, authorized transactions,

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment notarized transactions, valid receipting, transaction secrecy, protection of ''soft" assets transferred in the transaction from corruption or unauthorized replication, and validation of the asset and its ownership. Control of exports of restricted software products through transborder network data flows should be carried out by "authorized transaction" technical means. Encryption technology is the best way to achieve transaction protection. If foreign encryption technology is imported into the United States to meet ISO standards but is prohibited from use by ITAR regulations, U.S. industry, the U.S. government, and other users will be isolated from the worldwide network for much of the future commerce that increasingly will use such technology. Further, U.S. industry will be unable to manufacture and export compatible equipment to compete in the world market. Existing ITAR regulations should be revised to enable the use of high-quality encryption protocols for the worldwide network. Otherwise, U.S. interests will he sidestepped by ISO encryption schemes and standards currently progressing internationally. SOFTWARE Effective, enforceable controls are very difficult to define for software because of its particular characteristics. Software is easy to conceal and easy to duplicate. Hence, once a single copy of a piece of software is obtained in the United States on behalf of a proscribed country, it is a trivial matter to smuggle it to that country or transmit it by a computer or telephone network. Under such conditions, the only reasonable choices are total decontrol of readily available software and tight controls on software requiring protection, especially on the source code. Consequently, the subpanel makes the following recommendations: Software should be divided into the following three classes for control purposes: Military-use software. Software built or customized for direct military applications, and the customized tools used to build such software, should be tightly controlled. In most cases, classification procedures should be used for such controls, especially for source code. Publicly available software. Over-the-counter software, that is, software available for purchase from multiple sources and without qualification, as well as software in the public domain, should be decontrolled worldwide. Over-the-counter software embodied in other forms (as hardware or "firmware") should similarly

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment be decontrolled. The widespread availability of such software, coupled with its difficulty of detection and ease of reproduction makes any attempt at control impossible. Other object code. The sale and distribution of all other object code should be decontrolled within CoCom countries, but subject to licensing controls on exports to other countries. Source code to software in this class should be tightly controlled, and export licenses should be granted on a case-by-case basis for all foreign organizations. Given the ease of acquisition and use of most software, any complete control system should include controls that promote respect for intellectual property rights. In particular: Companies, especially startups, should be warned that the release of source code can easily compromise their ability to control the use of their software. The U.S. government should spearhead an effort to bring about worldwide enforcement of copyright protection of software. Countries that do not enforce such regulations should be subject to sanctions. INTERNATIONAL ISSUES The Soviet Union Since the publication of Global Trends in 1988, computing in the Soviet Union has undergone considerable changes. The potential for technology transfers has increased greatly, and political and economic changes have gone far beyond what was anticipated. THE TRADITIONAL COMPUTER INDUSTRY The changes in the Soviet industrial structure described in Global Trends have continued, but they have failed to make a significant difference in the performance of the computer industry. Mainframe and minicomputer producers continue to produce enhanced versions of earlier functional duplicates of Western machines, such as the IBM 370 and the PDP-11 and VAX series of the Digital Equipment Corporation, (DEC). A number of trends and conditions illustrate the current state of the industry. First, the use of hard currency for intra-CMEA (Council for Mutual Economic Assistance) sales, and the sale of East European assets to Western companies, will open new channels for the purchase of higher quality computers by Soviet consumers who have access to hard currency, but it will eliminate the availability of some of the better machines for other consumers.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment In addition, the Soviet computer industry will be deprived of the technical assistance it received from some East European partners, which may hinder Soviet duplication of Western machines. Second, the Soviets admit that their microelectronics industry is no longer able to produce the components necessary to continue with the functional-duplication policy. Laboratory samples of more powerful components may exist, but evidence of the availability of industrial quantities of VLSI chips, high-density storage chips, application specific integrated circuits (ASICs), and so on, is still lacking. Third, indigenous Soviet efforts to build high-performance computers will continue. However, despite some progress since 1988, the lack of suitable components and production facilities continues to constrain the production of such machines. Fourth, also since 1988, many software cooperatives have been created in the Soviet Union. As many as one-fifth of all Soviet programmers may work primarily for cooperatives or moonlight for them. The pervasive use of copied Western software, the absence of copyright protection, and the continued existence of various forms of state controls have hindered the development of the industry. Nevertheless, Soviet software cooperatives are experiencing rapid growth and finding many customers. Fifth, the area of networks continues to be one of the weakest for the Soviet computer industry. The Soviets are only now on the verge of having sufficient numbers of installed computers to make interconnection via a network worthwhile. Electronic mail in the Soviet Union remains a rarity, and access to foreign computer networks is limited. The indigenously constructed network Akademset' remains underdeveloped and underexploited. Finally, many parts of the Soviet computer industry remain clouded in secrecy. This casts suspicion on the industry's activities and inhibits more extensive approaches to the relaxation of export controls. TECHNOLOGY TRANSFER As predicted in Global Trends, East-West technology transfer has continued and accelerated. Several new methods of technology transfer have become available, which has made it even harder to restrict the flow of Western computer technology to the Soviet Union.3 As Western personal computers have become available and Soviet consumers have gained more control over their finances, demand for indigenously produced machines has dropped precipitously. Joint-venture contracts have been signed for importing components, production technologies, and complete machines. Some agreements may be stalled by hard currency payment problems, but a large number of agreements have been signed and it is unlikely that all will fail. Some factories have already opened. According

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment to Soviet sources, factories in Shuya and Kishinev will have a combined production capacity of over 1 million machines annually. Such output in the near future is highly unlikely, however. Joint-venture agreements that include shipments of personal computers to the Soviet Union have been signed with countries all over the world, including the United States, the United Kingdom, France, Finland, Germany, Norway, Poland, Luxembourg, Austria, India, Malaysia, Singapore, and South Korea. Recent changes in CoCom regulations will make possible agreements involving larger machines. Data General has already signed an agreement that will allow a well-established software supplier for process control systems to bundle its software with Data General minicomputers. Few Western or Far Eastern computer concerns can be unaware of the ready market waiting for them to replace their existing minicomputer and mainframe base with much more reliable and powerful machines. DEC has already started a joint venture in Hungary and will be moving "aggressively" into the rest of Eastern Europe. It seems likely that Soviet industry will become considerably more dependent on the West and Far East, buying components and assembling machines for the internal market. The scope of indigenous development areas will be scaled back to high-performance computers and other areas directly related to military needs, perhaps at an even greater cost to maintain because the bulk of the industry will be involved in the purchase and assembly of components. Several other technology transfer mechanisms have become available, including the following: publication in the Soviet Union of translations of Western computer journals; increased foreign travel by Soviet computing professionals; the employment of Soviet programmers by Western companies to develop software in the Soviet Union; increased availability of network connections to the West; and removal of restrictions on the number of Soviets who can be present in the United States to do business. The removal of some internal Soviet restrictions, increased interest in the Soviet market by Western businesses, and relaxed CoCom controls mean that the impact of the conditions that have helped to restrict technology transfer has diminished. The number of channels by which the Soviets can acquire foreign computers continues to increase, especially through Eastern Europe. The flow of technology to the Soviets is less stoppable than ever, and poor internal Soviet protection mechanisms for intellectual property contribute to the spread of the technology once it crosses the border. These changes confirm a trend toward commoditization noted in Global Trends.

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment The shift in demand away from indigenous machines to machines made in the West or made with Western components could have one of two effects on the Soviet industry. The industry may become, on the one hand, more desperate to produce bigger and better mainframes and minicomputers, which could force it into more illegal acquisitions of technology or more licensing agreements. On the other hand, the industry may crumble to a large extent, and Western machines may come to dominate the Soviet market. For the time being, Soviet attempts to acquire Western technology can be expected to continue. Based on the trends and conditions discussed above, the subpanel recommends the following: The relaxation of controls should continue to be gradual given the instability of the current situation. Given U.S. interest in strengthening Soviet private business and promoting the free flow of information in the Soviet Union, most middle-ground and commodity hardware should be gradually de-controlled as long as the process of Soviet reform continues. In particular, the shipment of commodities to the Soviet Union should now be considered desirable. For larger computers and networks, end-use controls are likely to be necessary. Because of the absence of an indigenous infrastructure to perform maintenance, end-use controls are less risky because withdrawal of support would constitute a substantial threat. In addition, as the hegemony of the military in the Soviet economy declines, the risk of diversion-in-place is likely to diminish. International Coverage Although the U.S. intelligence community monitors technological developments with military applications of concern to national security in a small number of countries, including the Soviet Union, it should give more comprehensive attention to commercial as well as military applications in a much larger number of countries. These should include both developed and newly industrializing countries. The government should undertake periodic reviews of technological and market trends along the lines of the Global Trends study of 1988. Rapid change in these technologies makes trend assessments perishable, and thus this type of review should be conducted at least once every three years. The U.S. government should more comprehensively track rapidly changing developments in computing technologies (microelectronics, telecommunications, computer hardware and software), as well as associated worldwide market trends. This coverage is necessary

OCR for page 248
Finding Common Ground: U.S. Export Controls in a Changed Global Environment if sound decisions are to be made on issues of importance to traditional national security, export controls, the proliferation of high-performance conventional weapons, and trade negotiations and other matters related to the economic competitiveness of the United States. NOTES 1.   National Research Council, Global Trends in Computer Technology and Their Impact on Export Control (Washington, D.C.: National Academy Press, 1988). 2.   Seymour E. Goodman, Marjory S. Blumenthal, and Gary L. Geipel, "Export Control Reconsidered," Issues in Science and Technology (NAS), vol. VI, no. 2 (Winter 1989–90), pp. 58–62; Seymour E. Goodman, "Trends in East-West Technology Transfer," IEEE Computer (July 1990), pp. 94–95. 3.   See National Research Council, Global Trends; Goodman, "Trends in East-West Technology Transfer."