Who will win the crypto war?
By Courtney Macavinta
Staff Writer, CNET NEWS.COM
July 1, 1998, 12:35 p.m. PT
news analysis The high-tech industry and privacy advocates are happy to
see congressional leaders ramping up pressure to ease export restrictions
on encryption.
If only that were enough to end the ongoing battle over
encryption--data-scrambling technology that protects the privacy of
digital communication.
The complicated struggle between national security officials and
proponents of crypto export relief is almost as hard to crack as the
strongest encryption products on the market.
The White House and a growing number of lawmakers say they are looking for
a middle ground, but their search could be in vain. Experts on the issue
say the only real way to end the tug-of-war is for Congress or President
Clinton to pick a side--and soon.
Simply put, U.S. companies want to export strong encryption products
without being forced to make a "spare key" for law enforcement
officials--a current mandate they say is bad for sales. On industry's
side, for the most part, are privacy advocates, who say these "key
recovery" schemes could allow the government to snoop on computer users
without due process.
The FBI counters these assertions, saying encryption helps tech-savvy
criminals and international terrorists cover their tracks. Despite reports
that key-recovery systems are hard to build and not necessarily secure,
the FBI also has pitched a similar mandate for domestic encryption.
The FBI has yet to win domestic controls on crypto, but currently
companies can't export strong encryption without promising to build a
key-recovery system.
Despite House Speaker Newt Gingrich's pledge yesterday to ease crypto
export limits this year and similar statements from Senate leader Trent
Lott, it will be difficult for Congress to pass any solution that doesn't
give national security agencies some concessions.
If such concessions were to include key-recovery, the "free encryption"
camp would beat its collective chest, potentially costing lawmakers clout
with the increasingly powerful high-tech industry.
This is why veteran negotiators in the crypto struggle say Congress plays
a serious role in ending the encryption debate, but that in the end
President Clinton just has to pick a winner.
"The administration can solve this problem with the stroke of a pen,"
said Alan Davidson, staff counsel for the Center for Democracy and
Technology. "It is completely in the power of the president to make
encryption available and to help protect people's privacy."
To be sure, Congress can raise public awareness through hearings and
legislation and by keeping a fire lit under the administration to resolve
this embattled issue.
In the best-case scenario, privacy advocates say, Congress could solve the
problem itself by passing legislation to lift the export controls on
encryption and to prohibit government mandates for key-recovery or
key-escrow systems.
And to its credit, the 105th Congress had made notable progress on this
front by pushing the Security and Freedom Through Encryption (SAFE) Act
through major committees and by introducing a popular compromise bill, the
E-Privacy Act. Still, the chairman of the House Rules Committee, Rep.
Jerry Solomon (R- New York), has been holding up SAFE because he favors
key-recovery mandates.
Some say the administration--which has been internally torn over
encryption--is in a better power position to take a stance.
"I think we're going to finish the year without a bill," said a Washington
political consultant who has been working on this issue for about five
years.
"Congress' role is more for political pressure," he added. "But somebody
in the White House is going to have make a political calculation as to who
is going to win. You can't split the difference. Either you have back
doors for law enforcement or you don't."
What remains to be seen, however, is who will be crowned the crypto
Homecoming Queen--software makers and privacy advocates or FBI director
Louis Freeh. Although Congress is promising to take action, there is no
telling at this point how the final legislation will look.
"There is not much time to get it through both houses," said Kelly Blough,
director of government affairs for Network Associates, the world's largest
supplier of independent computer security products.
"But if Gingrich is willing to weigh in and put some pressure on the Rules
Committee, then that is the only obstacle to overcome to get the SAFE Act
on to the House floor for a vote," she added. "Still, they'll probably
push it out of the Rules Committee with some amendments industry doesn't
like. Then there will be a battle for compromise and industry could end up
wanting to kill a bill rather than see it pass."
Despite the difficulties, some privacy advocates say Congress has a
responsibility to protect U.S. residents' right to use encryption and to
prohibit domestic and international key-recovery mandates.
"The primary role of Congress is to get the administration out of the
middle of the road," said Marc Rotenberg, director of the Electronic
Privacy Information Center.
"On the other hand, I would not absolve Congress of its own responsibility
to pass legislation," he added. "The truth is, Congress has a role to
reform the export control regime; they could do that and they should."
For now, the Americans for Computer Privacy (ACP) is putting its money on
Congress to end the debate. The ACP kicked off this year, and soon after
was invited to closed-door meetings to discuss the policy with White House
officials.
Like similar discussions over the past three years, the meetings have yet
to lead to the export policy being overturned by the administration.
"The fact they are willing to talk is a good sign," said Ed Gillespie,
executive director of the ACP. "But we are at a point where we need to see
good policy results. Right now it seems that the best opportunity for good
policy lies in the House and the Senate."
-o-
Subscribe: mail majordomot_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:32 PDT