From: John Young <jya@pipeline.com>
Date: Tue, 12 Mar 1996 00:10:51 +0800
To: cypherpunks@toad.com
Subject: TWP on Crypto Keys
Message-ID: <199603111541.KAA12090@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, March 11, 1996, p. A18.


   Security and Software [Editorial]


   The number of computer users continues to grow, but use of
   the Internet for business and financial transactions isn't
   keeping pace. At least, that's the complaint of many who
   expected a flood of Americans to go on-line for banking,
   publishing and mail-ordering -- with tremendous profits to
   the on-line industries that handle these services. One big
   reason for the lag is customer concern about the safety of
   information, from credit-card numbers to bank balances and
   business secrets, in the hacker-rich environment of the
   Internet -- an eminently reasonable concern that many in
   the industry believe can be addressed only by the wider use
   and availability of sophisticated "encryption software,"
   which scrambles information en route, making it
   indecipherable to anyone who doesn't hold the key to the
   code.

   The sense that encryption technology holds the key to
   future economic growth on the Internet is pushing an arcane
   but intense argument between the Clinton administration and
   the computer industry over whether to lift existing
   restrictions on the export of the most powerful encryption
   software. The administration, especially its law
   enforcement agencies, bars on national security grounds the
   export of encryption software above a certain difficulty
   level, saying that it needs to be able, if neqessary, to
   seek and obtain the equivalent of a permit to wiretap. The
   makers of the software argue that these restrictions are
   ruinous for U.S. competitiveness in the international
   market because foreign customers want the most secure
   encryption available. Some civil liberties organizations
   argue that the restrictions are an invasion of customers'
   privacy rights.

   Legislation introduced this month in both the House and the
   Senate would ease the export restrictions while attempting
   to meet some of the government's security concerns. Code
   makers would deposit a "spare key" to any exported
   encryption software with a trusted third-party agency -- a
   compromise the Justice Department and national security
   agencies also have been pursuing in talks with the
   industry, but at which the industry hesitates because it
   fears that the existence of "spare keys lying around" would
   cause potential customers to balk. (The Justice Department
   also would like a spare-key agreement for encryption
   software sold domestically, but has less leverage because
   such sales require no license.)

   The legislation would heavily penalize any "key holder"
   agency that provides an unauthorized copy to anyone besides
   the government. But it also would make it legal to export
   any encryption technology that is already "generally
   available" -- for instance, in stores or on domestic
   computer bulletin boards.

   Such a sweeping change, law enforcement authorities fear,
   could render the other barriers and safeguards in the bill
   close to academic in the borderless, lightning-quick world
   of Internet transmission. Once it's widely available
   overseas, "uncrackable" software or hardware can't be
   recalled. The U.S. intelligence agencies with their
   superior computing power can still crack most coded
   software, if not immediately, then much faster than 99.9
   percent of ordinary commercial hackers. But that doesn't
   mean their concerns should be shrugged off. Like arms
   sales, encryption technology sales have implications for
   traditional national security interests as well as the
   economic kind. The urgent interest both sides share is to
   get this resolved soon.

   [End]