[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Editorial on US Policy

FYI von der GILC - Liste


>                              Journal of Commerce
>                           February 13, 1998, Friday
> Wrong encryption policy
>   The Department of Commerce has yielded to reason and decided to ease
>restrictions on the export of encrypted software for credit card and
>securities firms. As commendable as this decision is, it doesn't go far
>enough. The most sophisticated encryption programs are available in
>practically any country nowadays.
>   Restricting their export from the United States for security reasons in
>this global environment makes little sense. It merely harms the commercial
>interests of U.S. companies and, equally important, poses serious privacy
>risks for the growing transmission of personal data.
>   What encryption technology does is scramble text or data using
>sophisticated codes. Only those who have the appropriate key to unlock the
>code can decipher the message. From a baseline 56-bit data encryption
>standard to the 128-bit ""Pretty Good Privacy'' encryption level, the
>technology is changing from one day to the next. Whereas coding messages
>was once the domain of the military, explosive growth in electronic
>commerce means civilian use has spread exponentially. It affects anyone
>surfing the Internet, sending e-mail, making an on-line purchase,
>publishing on-line or transmitting credit card numbers, contracts,
>corporate strategies, personal health and financial data or trade secrets.
>   There's the rub. As FBI Director Louis J. Freeh told the Senate Select
>Committee on Intelligence late last month, ""Uncrackable encryption is and
>will continue, with ever increasing regularity, to allow drug lords,
>terrorists and even violent gangs to communicate about their criminal
>intentions with impunity and to maintain electronically stored evidence of
>their crimes impervious to lawful search and seizure.''
>   For that reason, the Clinton administration has sided with the security
>establishment in advocating restricted use of advanced encryption
>technology and in insisting that companies seeking to export such
>technology should store the key in escrow with a ""trusted third party.''
>That party would then make it available to law enforcement agencies
>pursuing criminal investigations. Without this, Mr. Freeh warned, the
>growing use of uncrackable encryption ""will devastate our ability to fight
>crime and terrorism.''
>   As ominous as this sounds, the protection the FBI wants is a relic of a
>different era when only the intelligence community had access to encryption
>technology. Today, the most sophisticated encryption software can be
>downloaded from the Internet by anyone armed with a PC. Of course, this may
>well pose an insurmountable challenge for the law enforcement community.
>But if Mr. Freeh had his way, only the legal users of codes would deposit
>the key in escrow, and
>all the crooks wouldn't. His policy wouldn't help him a bit.
>   On the contrary, throwing obstacles in the path of the development of
>encryption technology is against many legitimate interests and imposes
>great cost on society.
>   The administration is kidding itself if it thinks it is making any
>progress in its quest for international encryption technology controls. A
>survey by the Electronic Privacy Information Center released earlier this
>week showed that a vast majority of the 200 governments it asked allow
>unrestricted use, production and sale of cryptography. Only the United
>States, along with countries like China, Belarus, Pakistan or Russia, seek
>   That goes against the guidelines agreed last year by the developed
>countries of the Organization for Economic Cooperation and Development,
>which call for liberalization of controls on cryptography and the
>development of market-based, user-driven encryption products and technology.
>   Reforming the export controls regime to reflect the growing need for
>cryptography in commercial transactions and to protect privacy would meet
>both the OECD guidelines and the dictates of today's marketplace.
>David Banisar (Banisar@epic.org)                *    202-544-9240 (tel)
>Electronic Privacy Information Center           *    202-547-5482 (fax)
>666 Pennsylvania Ave, SE, Suite 301             *    HTTP://www.epic.org
>Washington, DC 20003 * PGP Key  http://www.epic.org/staff/banisar/key.html