January 15, 1999 4:00 PM PST
New move to ease encryption limits
- Related Stories
Net groups protest crypto policyDecember 22, 1998
Short Take: Shopping.com shares tank on withdrawalAugust 27, 1998
Who will win the crypto war?July 1, 1998
Remote access under control with AventailNovember 24, 1997
Encryption has been the center of a more than six-year battle between national security officials, who want to tightly monitor distribution of the data-scrambling technology, and the high-tech industry and civil liberties advocates, who say global companies and citizens should have unfettered access to U.S. products that secure their private communication.
President Clinton's Export Council subcommittee on encryption met at Hewlett-Packard here today, where Rep. Lofgren (D-California), who has been a long-time supporter of encryption export relief, said she and Rep. Bob Goodlatte (R-Virginia) plan to revive the Security and Freedom Through Encryption (SAFE) Act.
The subcommittee is made up of high-tech executives, academia, cryptographers, and law enforcement officials and was created to make crypto policy recommendations to the administration.
Lofgren, who sits on the House Judiciary Committee, which voted last month to impeach President Clinton, said she now has time to get back to work on high-tech issues. Although many of her colleagues remain distracted by the historic Senate impeachment trial, she pledged to push the SAFE Act forward.
The bill gained 249 sponsors in the House and died in Congress last year after going through five renditions--one of which aimed to give law enforcement quick access to unlock secure messages within the United States during criminal investigations.
"We did run into some roadblocks, but one of the primary opponents, Rep. Jerry Soloman, who was chairman of the Rules Committee, has retired," Lofgren said. "And the new chairman of the Rules Committee, Rep. David Drier (R-California), supported [the SAFE Act]. On the other hand, the new speaker, Denny Hastert (R-Illinois), supported the Oxley amendment."
In December, the White House eased restrictions on encryption for several key industry sectors--such as banking and e-commerce--after a one-time review by the Commerce Department. The rules essentially allow for the free export of 56-bit encryption--a standard that has been cracked before.
Lofgren said the administration concessions don't go far enough, but that she plans to include compromises made with the administration last year, such as supporting the FBI's proposal to build a one-stop shop--dubbed the National Electronic Technology Center--to study the cracking of sophisticated encryption algorithms.
A new Cold War?
However, she said that encryption could get tangled in a growing conflict in Congress over the transfer of technology to China, which is reminiscent of export controls imposed during the Cold War with Russia.
"The issue is whether cryptography can not be a part of that and to talk about this issue not in terms of the Cold War," she said. "The Cold War years opposed the export of computers you can now buy on the street."
William Reinsch, the Commerce Department undersecretary for the export administration, was in attendance and agreed with Lofgren.
"We do face a big debate coming up over China policy and national security," Reinsch said. "I think encryption is going to get sucked in to that debate," he said, adding that his office would be reviewing the latest export revisions next month.
A major issue in the ongoing encryption debate is that fact that strong products already are readily available around the globe.
However, the Wassenaar Arrangement--a focus of the meeting here today--was adopted by 33 nations in December and could impose strict new export controls on encryption elsewhere. Japan, Germany, Britain, and others agreed to allow the easy export of 64-bit encryption, but the move also marks the first time many of the nations have imposed controls on mass-market encryption software.
"Previously, Waasenaar didn't control mass-market software. I found it surprising to see this called a liberalization [by the U.S. government]," said Ira Rubenstein, senior corporate attorney for Microsoft.
As momentum gains in the fight to liberate encryption technology, U.S. officials have been accused of promoting stronger crypto controls elsewhere even while they scale back regulations at home.
"I see it as an end run around the democratic process. Instead of coming up with these rules in a public forum, [the United States] pressured a lot of countries into signing the agreement," said John Gilmore, cofounder of the Electronic Frontier Foundation.
Government officials countered that Wassenaar encourages the export of secure products and other consumer electronics.
"From our perspective it's liberating," said Michelle O'Neil, executive director of the office of the undersecretary of commerce. "Companies no longer have to fulfill certain reporting requirements to export, and everything from set-top boxes to DVDs to handheld consumer electronics is now easier [to export]."
The lone law enforcement official here today, Larry Coutorie, chief of police for the University of Texas Medical Center Police Department, said that he finds the arrangement irrelevant when it comes to domestic matters. "U.S. citizens can import the strongest encryption they want," he said.
He added, however, that he does think there are valid reasons investigators may need help in cracking crypto, backing up the FBI's desire to get manufactures to build products that can be penetrated if law enforcement has the proper court order.
"As soon as encryption gets integrated into every program and computerized [device], so that it is transparent, law enforcement's problems are going to arise," Coutorie said. "That is when unsolvable crime statistics are going to start to rise, when we can't [decrypt] computer files involved in a crime."