June 9, 1998 11:35 AM PDT

Crypto battle rages on

WASHINGTON--If a heated debate yesterday over federal encryption export rules is any indication, today's meeting between industry executives and the director of the FBI may prove to be difficult.

Yesterday representatives on both sides of the crypto debate refused to give ground.

During the Electronic Privacy Information Center's (EPIC) encryption conference, which concludes today, lawmakers who favor unlimited access to data security technologies continue to blast the White House policy that restricts the export of strong encryption. The rules also require that products eventually support key-recovery systems, which let investigators access secure email or computer files.

Clinton administration officials contended that they need a "spare key" to unlock crypto codes when investigating tech-savvy criminals who traffic in narcotics or engage in espionage and terrorism, for example. Unless encryption is regulated, "lives are going to be lost," an official declared.

A compromise does not seem likely.

Likening law enforcement-backed policy proposals to "a bucket of manure," Sen. Conrad Burns (R-Montana) told the 250 conference attendees from think tanks, government agencies, law firms, and the computer industry that "the genie is out of he bottle. You can't stop the spread of encryption.

"And if bad people are going to do bad things, they are not going to give their master plan to law enforcement," he added.

Despite today's meeting between the high-tech industry and the Clinton administration, Burns repeated a message he delivered in Silicon Valley last week: that a solution was not going to clear Congress by this year.

Nonetheless, in an ongoing quest to find a middle ground, officials from the FBI and the Justice Department are in discussions with executives from America Online, AT&T, Netscape Communications, Microsoft, MCI Communications, and Novell, among other companies.

Parties on both sides are searching for a solution that allows the unfettered export of encryption, while addressing law enforcement concerns.

The EPIC conference panels yesterday gave some foreshadowing into how the high-powered meeting could turn out.

Attendees had questions about reports and recent admissions by top-level officials that encryption export policy has failed.

But when asked by an audience member about a 1996 report by the National Research Council in which a blue-ribbon panel called for relaxed export controls, associate attorney general Robert Litt said he "never reviewed it...I never read it." His comment drew snickers from some in the audience.

Litt instead tried to explain the Justice Department's stance on encryption.

"Law enforcement's position has been fairly consistent, though misrepresented and misunderstood," he noted. "But we've done a poor job of explaining.

"We want strong encryption," he added. "Make no mistake about the fact that encryption is going to have an adverse impact as well as a positive impact--an adverse impact on law enforcement's ability to protect you, your family, your business, and the nation as a whole."

He tried to dispel other "myths" about law enforcement's views on encryption. For instance, he said the neither the CIA nor the FBI have "secret supercomputers that can crack any encryption that's out there.

"Without some sort of a leg up, law enforcement is unable to crack even the encryption available today, much less what's available in the future," he added.

In addition, he said that strong encryption without keys could prevent authorities from being able to access records such as the ones contained on the laptop left by the World Trade Center bombers.

"I don't want to be sensational, I don't want to be hysterical--but we can count on the fact that the spread of strong encryption is going to mean, sooner or later, that lives are going to be lost. We just have to accept that," he said.

Still, even college students have been able to break 56-bit encryption, the standard strength allowed for export, although there are some exceptions to the rule.

Proponents of stronger encryption say there is no global market for U.S. products that can be easily cracked.

Burns, who wrote the now-dormant Pro-Code crypto export relief bill, said attempts to restrict encryption hurt an industry that is "responsible for one-fourth of our nation's economic growth in the past five years.

"If you try to put lid on it, you will freeze us at the current level of technology, while the rest of the world moves on," he added.

Burns urged those attending the conference to lobby their members of Congress for encryption rights. "When you talk to your representatives, start at the fourth-grade level, because they don't understand the eighth-grade [level]. Even most of their staffs have a hard time understanding this issue," he said.

All parties did agree that the administration and industry should keep working toward a settlement.

Rep. Bob Goodlatte (R- Virginia), who was cospeaker with Burns, did accuse the administration of stalling until encryption rights advocates give up.

Goodlatte sponsored the SAFE Act to ease restrictions on encryption. The bill has 250 cosponsors, enough to pass the measure if it ever came up for a vote, but it has been blocked by the chairman of the Rules Committee, Rep. Gerry Solomon (R-New York), he said.

"We're faced with a situation where rapidly changing market conditions are putting U.S. industry at a disadvantage" because the encryption issue has not been resolved, Goodlatte said.

But the Justice Department's Litt also challenged industry to "come up with a solution" to the need for the government to access encrypted information with the help of the person who encrypted it.

"If we don't solve that problem now, I'm afraid that in the long run we will be worse off," he warned. The pendulum between concern for the individual and concern for society will swing, and "we will end up with less liberty than we have now."

Last month, Burns cosponsored the most popular compromise yet: the E-Privacy Act. The bill would lift crypto export regulations for products that are generally available on the international market.

Pushed by the Americans for Computer Privacy, the legislation also would prohibit the government from mandating within those products key-recovery systems or key escrow, in which copies of people's private crypto keys are stored with licensed third parties or the government. Currently, manufacturers must show they plan to support key recovery in the future to get an export license.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.