The Clinton Administration has proposed a new plan to loosen export restrictions on encryption technology. The government's role in regulating data encryption has been the subject of heated debate for years. The software industry wants to be able to market the strongest encryption it can, in order to maintain an advantage over foreign competitors. Privacy advocates want individuals to have the power to keep their private information safe from prying eyes. The Administration maintains that in order to protect the public from terrorism and organized crime, law enforcement agencies need a means of accessing encrypted material.
The Administration's plan is an attempt to find some middle ground where the software industry and electronic commerce are encouraged, and public safety and the privacy of the individual are protected. The plan is to raise the current ceiling on the strength of encryption software from the relatively weak level of 40 bits to 56 bits. However, software producers who wish to take advantage of the higher ceiling must submit a plan to the Commerce Department outlining a system by which keys to decode encrypted data could be recovered. Companies would have two years to implement their plans At the end of those two years, export of products containing 56 bit encryption without a means of key recovery would not be permitted.
The Administration's plan follows in the wake of two proposed bills in Congress, H.R.3460, known as SAFE, and S. 1961, known as PRO-CODE. Both bills would have prohibited the implementation of a "key escrow" system, in which users of encryption would have had to submit a key to their encrypted data to a central governmental database. At a hearing by the House Judiciary Committee on September 25, Administration representatives argued that a key escrow system and export restrictions were necessary to protect public safety and national security. Key escrow would be voluntary for users in the U.S. At the same hearing, representatives of the software industry pointed to the availability of strong encryption from foreign competitors, and argued that restrictions on export and use of encryption would put the U.S. at a serious disadvantage in the long run.
Although no encryption legislation made it to the floor of the 104th Congress, the Administration's position addresses some of the concerns raised in the legislation while still providing law enforcement with the power they claim they need. It accomplishes this by shifting the responsibility of establishing a decoding system from the federal government to the software industry. The Administration is counting on the desire of software producers to access the foreign market for strong encryption.
Mark Rosenberg, head of the Electronic Privacy Information Center, suggested that the Administration's proposal is simply a new way of pushing key escrow on the public. According to Mr. Rosenberg, the Administration's position is not a compromise; it is simply the old key escrow proposal in a different form; the key escrow would be designed by industry, instead of the government. Mr. Rosenberg referred to the plan as "Clipper Chip 4.5," and stated that it is a threat to the privacy of American citizens, and that it is without support from the public and the software industry.
This is not the end of the story on government control of encryption. PRO-CODE, introduced to the 104th Congress by Sen. Conrad Burns (R-MT), will be reintroduced early next session. The bill would permit the unrestricted export of encryption technology if products of equivalent strength were available on the foreign market. It would also prohibit the government from imposing a mandatory key escrow system on the domestic market.
Other Internet Resources