Showdown on Encryption

Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

Sunday, May 25 1997; Page C06
The Washington Post

AFTER A YEAR'S rumbling, Congress seems ready to mount a direct challenge to the administration's position on encryption, the sticky issue of how to handle software that creates, for commercial use, codes too strong to break. The House Judiciary Committee the other day passed a bill dubbed Security and Freedom Through Encryption, or SAFE, which would undo existing curbs on the export of "uncrackable" encryption technology abroad without a license. The administration has fought to maintain those curbs against increasing pressure from the manufacturers of such software and from a loose but growing coalition of privacy and civil liberties groups. A similar bill is pending in the Senate.

The administration maintains that the sellers of software capable of encrypting electronic messages to a complexity beyond ready cracking shouldn't sell it abroad -- or, if they do, should be prepared to deposit keys to the codes with trusted commercial third parties at home. Police or national security authorities could get these keys with a search warrant or court order, as in normal investigations, and a market would develop to provide the third-party service of holding them.

This vision of a worldwide "key management" structure is a clever way to reconcile two otherwise contradictory desires: the desire of Internet users for absolute security and privacy in electronic transactions and the government's desire to prevent criminals and terrorists from making themselves impregnable to a degree never before seen. "Key management" does not, however, exist. And the administration has gone so far toward undercutting its own position -- saying key escrow should be voluntary, trying to accommodate industry with numerous exemptions, licensing uncrackable software separately for banks -- that it's not clear it ever will exist.

Meanwhile, the once-obscure drive to make unlimited-strength cryptography available to all has picked up momentum -- and some odd allies. Phyllis Schlafly was among those who testified in favor of the SAFE bill, saying it would protect Americans from unprecedented government intrusion and the FBI reading their mail. Libertarian groups such as Americans for Tax Freedom are enthusiastic about the vision of a world where powerful, widely available encryption renders communications totally safe.

The odd part is that there currently are no restrictions on use of uncrackable encryption software within this country. The software industry has argued that the export control makes for a de facto domestic curb, because it's too complicated to market a full-strength version for the domestic market and a weaker one for the foreign market. But this isn't a very persuasive argument, since most popular software programs exist in dozens of versions for different markets and in different languages.

The real question is whether you believe this stuff poses a significant national security threat in the wrong hands. If you do -- and we think it irresponsible to assume otherwise -- then it's not enough to declare uncrackable privacy a civil right. You have to at least address the question of how to minimize intrusion into that right while preserving some ability to grapple with the potential danger. Neither the SAFE advocates in Congress nor the administration's voluntary escrow enthusiasts up to now have laid out that vision in a convincing way.