[ISN] Who will win the crypto war?

From: mea culpa (jerichot_private)
Date: Wed Jul 01 1998 - 16:25:45 PDT

  • Next message: mea culpa: "[ISN] Security Newsletter from Bruce Schneier"

    Who will win the crypto war?
    By Courtney Macavinta                 
    Staff Writer, CNET NEWS.COM           
    July 1, 1998, 12:35 p.m. PT           
    
    news analysis The high-tech industry and privacy advocates are happy to
    see congressional leaders ramping up pressure to ease export restrictions
    on encryption. 
                                          
    If only that were enough to end the ongoing battle over
    encryption--data-scrambling technology that protects the privacy of
    digital communication. 
                                          
    The complicated struggle between national security officials and
    proponents of crypto export relief is almost as hard to crack as the
    strongest encryption products on the market. 
    
    The White House and a growing number of lawmakers say they are looking for
    a middle ground, but their search could be in vain. Experts on the issue
    say the only real way to end the tug-of-war is for Congress or President
    Clinton to pick a side--and soon. 
                                          
    Simply put, U.S. companies want to export strong encryption products
    without being forced to make a "spare key" for law enforcement
    officials--a current mandate they say is bad for sales. On industry's
    side, for the most part, are privacy advocates, who say these "key
    recovery" schemes could allow the government to snoop on computer users
    without due process. 
    
    The FBI counters these assertions, saying encryption helps tech-savvy
    criminals and international terrorists cover their tracks. Despite reports
    that key-recovery systems are hard to build and not necessarily secure,
    the FBI also has pitched a similar mandate for domestic encryption. 
                                          
    The FBI has yet to win domestic controls on crypto, but currently
    companies can't export strong encryption without promising to build a
    key-recovery system. 
                                          
    Despite House Speaker Newt Gingrich's pledge yesterday to ease crypto
    export limits this year and similar statements from Senate leader Trent
    Lott, it will be difficult for Congress to pass any solution that doesn't
    give national security agencies some concessions. 
                                          
    If such concessions were to include key-recovery, the "free encryption" 
    camp would beat its collective chest, potentially costing lawmakers clout
    with the increasingly powerful high-tech industry. 
    
    This is why veteran negotiators in the crypto struggle say Congress plays
    a serious role in ending the encryption debate, but that in the end
    President Clinton just has to pick a winner. 
    
    "The administration can solve this problem with the stroke of a pen," 
    said Alan Davidson, staff counsel for the Center for Democracy and
    Technology. "It is completely in the power of the president to make
    encryption available and to help protect people's privacy." 
    
    To be sure, Congress can raise public awareness through hearings and
    legislation and by keeping a fire lit under the administration to resolve
    this embattled issue. 
    
    In the best-case scenario, privacy advocates say, Congress could solve the
    problem itself by passing legislation to lift the export controls on
    encryption and to prohibit government mandates for key-recovery or
    key-escrow systems. 
    
    And to its credit, the 105th Congress had made notable progress on this
    front by pushing the Security and Freedom Through Encryption (SAFE) Act
    through major committees and by introducing a popular compromise bill, the
    E-Privacy Act. Still, the chairman of the House Rules Committee, Rep. 
    Jerry Solomon (R- New York), has been holding up SAFE because he favors
    key-recovery mandates. 
    
    Some say the administration--which has been internally torn over
    encryption--is in a better power position to take a stance. 
    
    "I think we're going to finish the year without a bill," said a Washington
    political consultant who has been working on this issue for about five
    years. 
    
    "Congress' role is more for political pressure," he added. "But somebody
    in the White House is going to have make a political calculation as to who
    is going to win. You can't split the difference. Either you have back
    doors for law enforcement or you don't." 
    
    What remains to be seen, however, is who will be crowned the crypto
    Homecoming Queen--software makers and privacy advocates or FBI director
    Louis Freeh. Although Congress is promising to take action, there is no
    telling at this point how the final legislation will look. 
    
    "There is not much time to get it through both houses," said Kelly Blough,
    director of government affairs for Network Associates, the world's largest
    supplier of independent computer security products. 
    
    "But if Gingrich is willing to weigh in and put some pressure on the Rules
    Committee, then that is the only obstacle to overcome to get the SAFE Act
    on to the House floor for a vote,"  she added. "Still, they'll probably
    push it out of the Rules Committee with some amendments industry doesn't
    like. Then there will be a battle for compromise and industry could end up
    wanting to kill a bill rather than see it pass." 
    
    Despite the difficulties, some privacy advocates say Congress has a
    responsibility to protect U.S.  residents' right to use encryption and to
    prohibit domestic and international key-recovery mandates. 
    
    "The primary role of Congress is to get the administration out of the
    middle of the road," said Marc Rotenberg, director of the Electronic
    Privacy Information Center. 
    
    "On the other hand, I would not absolve Congress of its own responsibility
    to pass legislation,"  he added. "The truth is, Congress has a role to
    reform the export control regime; they could do that and they should." 
    
    For now, the Americans for Computer Privacy (ACP) is putting its money on
    Congress to end the debate. The ACP kicked off this year, and soon after
    was invited to closed-door meetings to discuss the policy with White House
    officials. 
    
    Like similar discussions over the past three years, the meetings have yet
    to lead to the export policy being overturned by the administration. 
    
    "The fact they are willing to talk is a good sign," said Ed Gillespie,
    executive director of the ACP. "But we are at a point where we need to see
    good policy results. Right now it seems that the best opportunity for good
    policy lies in the House and the Senate." 
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:32 PDT