From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: c6d6415b30dc3e8c4c2b73bc60a2a00048cd9a8a613e2c65d0b95bd1e53e1452
Message ID: <1.5.4.16.19961011171637.2a77d966@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1996-10-11 17:18:21 UTC
Raw Date: Fri, 11 Oct 1996 10:18:21 -0700 (PDT)
From: John Young <jya@pipeline.com>
Date: Fri, 11 Oct 1996 10:18:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: JoC Nox GAK
Message-ID: <1.5.4.16.19961011171637.2a77d966@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
The Journal of Commerce, October 10, 1996.
Editorial/ Encryption Technology Policy
Oct. 10 -- SECRET CODES: Let's say you're selling your house and,
after months of searching, you've found a potential buyer. But
there's a problem: The local sheriff wants a spare set of keys in
case the house is used for unlawful purposes. Your buyer, a solid
citizen, doesn't want his privacy invaded. He decides to look in
another neighborhood, with a less intrusive sheriff.
This improbable scenario describes, more or less, Washington's
policy toward U.S. exports of encryption technology -- devices
that scramble computerized data. Under a revised policy, the
Clinton administration says that, following a partial two-year
grace period, it will require exporters of sophisticated
encryption devices to keep a spare set of "keys" -- the
formulas that turn encrypted data back into plain text -- in a
place accessible to the government. That may seem like a sensible
precaution, but it is likely to hurt exporters while doing little
for law enforcement. The government's effort to control encryption
goes to the heart of the information networks that are becoming a
bigger part of people's lives almost by the day. Individuals and
companies leave behind them an ever-broadening wake of electronic
records -- on everything from video rentals and catalog sales to
car registrations and health records. As hackers get better at
breaking into these files, it becomes more urgent to use
encryption to protect them.
The government, however, has other ideas. It says encryption sold
overseas poses a threat because law enforcement officials may not
be able to decode the secret communications of terrorists and
drug dealers. To ease its access to such files, the government
essentially is building a trap door into billions of records
stored in computers overseas.
Of course, there are caveats and loopholes. The policy applies
only to foreign sales; U.S. law forbids government prying into
domestic computer files. Also, the policy grants exporters a
two-year period in which they can sell encryption up to a
moderate level of sophistication -- 56 bits in key length --
without restriction. After that, a key-access requirement would
take effect.
The government-access rule will force U.S. exporters to do some
fancy sales footwork. Foreign buyers, after all, may not be
thrilled to know Uncle Sam can gain access to their private
files. They may worry that if Washington has keys, their own
governments may demand the same, and that the strangers holding
the keys may not guard them carefully, no matter what the rules
say.
Terrorists, meanwhile, will have plenty of ways to circumvent
the U.S. rules. They have a choice of 179 foreign-made encryption
devices of at least 56-bit strength that are not burdened by
key-access requirements. Terrorists also could make their own
scrambling devices -- there are books available on how to write
encryption codes -- or buy them in the United States, which has
no domestic sales restrictions, and carry them out of the
country. Why, then, is Washington bothering with export
controls? In part, it's an attempt at back-door control of the
domestic market. If companies are forced to limit the
sophistication of encryption destined for export markets they
may do the same for domestic products, to cut production costs.
That would make life easier for law enforcement officials,
who worry increasingly about impenetrable barriers to suspected
criminals' computerized information.Those agencies indeed have
a problem. Technology has given the world's bad actors a better
cover of secrecy than ever before. But trying to control exports
and limit domestic technology is not the solution. As a
practical matter, the encryption horse has long since departed
the law enforcement barn.
Absent an agreement among all nations on a key access system --
an impossible goal and not a very desirable one, given different
countries' views on protecting privacy -- unilateral restrictions
will be futile. They will serve mainly to scare customers away
from U.S. manufacturers. Rather than try to restrict the
encryption industry, the administration should promote it, and
find other ways to improve criminal surveillance.
-----
On the Internet:
Visit The Journal of Commerce on the World Wide Web. Point your
browser to: http://www.joc.com/
-----
Return to October 1996
Return to “John Young <jya@pipeline.com>”
1996-10-11 (Fri, 11 Oct 1996 10:18:21 -0700 (PDT)) - JoC Nox GAK - John Young <jya@pipeline.com>