October 24, 1997 5:00 PM PDT
Lott lambasts FBI crypto policy
Lott's statements, addressed as a letter to President Clinton in the October 21 Congressional Record, underscored the recent battles over the Security and Freedom through Encryption Act (SAFE) in the House. Originally drafted to ease the federal limits on encryption export, SAFE was subsequently amended in committee to reflect the FBI's desire to extend the "wiretapping" of email to all domestic electronic communications. That effort was eventually defeated in the House Commerce Committee, and it seems unlikely that any type of encryption legislation will pass before the end of the year.
Soon after FBI director Louis Freeh called for domestic encryption controls this summer, other administration officials distanced themselves from him. Sen. Lott's letter, in which he acknowledges the influence of his "good friend" Jim Barksdale, CEO and president of Netscape Communications, expresses grave doubts about the FBI's stance.
"The FBI wants to require that any company that produces or offers encryption security products or services guarantee immediate access to plain text information without the knowledge of the user," Lott wrote. "Their proposal would subject software companies and telecommunications providers to prison sentences for failure to guarantee immediate access to all information on the desktop computers of all Americans. That would move us into an entirely new world of surveillance, a very intrusive surveillance, where every communication by every individual can be accessed by the FBI."
"Where is probable cause?" he asked. "Why has the FBI assumed that all Americans are going to be involved in criminal activities? Where is the Constitution?"
Law enforcement officials maintain that strong, unregulated encryption both at home and abroad will hinder their efforts to catch criminals who use encryption to hide their communications from prying eyes.
The Clinton administration loosened its restrictions on exported encryption at the beginning of the year. But, echoing the position of software industry representatives such as Barksdale, Lott wrote that the administration's export regulations put U.S. companies at a competitive disadvantage by limiting the strength of the encryption they can ship overseas.
"While we are restricting our own international commerce, foreign companies are now manufacturing and selling stronger, more desirable encryption systems, including the top-end 128-bit systems, anywhere in the world they want. Clearly, our policy doesn't make sense," he wrote.
Under current regulations administered by the Commerce Department, a U.S. company can only export encryption stronger than 56 bits in length if it adds "back door" access to the encrypted data via a method known as "key recovery."
Key recovery gives law enforcement officials a way to read scrambled messages without notifying the sender or receiver who hold the secret keys, or codes. It is also a valuable tool for companies or individuals who want to access messages even if the original key is lost, missing, or forgotten.
Lott's criticism of the FBI and current policy doesn't bode well for another crypto bill, the Senate's Secure Public Networks Act. Known commonly as the McCain-Kerrey bill after its two main sponsors, it began as an administration proposal and aims to make key recovery mandatory for all U.S. networks and other computing equipment funded wholly or partially with federal money. This condition, critics say, would practically make key recovery mandatory in the U.S.