WSJ on Crypto Bills

[John Young <jya@pipeline.com>]

   Wall Street Journal, February 26, 1996, p. B4.


   New Proposals On Encryption Get Tepid Response

   By Jared Sandberg


   Two bills are expected to be introduced in Congress that
   try to resolve the deadlock between the administration and
   the Internet industry on software encryption, but industry
   executives are lukewarm to the new proposals.

   The two proposals, sponsored by Democratic Sen. Patrick J.
   Leahy of Vermont and GOP Rep. Robert W. Goodlatte of
   Virginia, seek to loosen government restrictions on
   encryption -- mathematical formulas that are used to
   scramble data beyond recognition of eavesdroppers. The
   government prevents the export of strong encryption because
   it hampers its efforts to monitor the actions of terrorists
   and foreign governments. The Clinton administration wants
   to set up government-approved repositories that keep copies
   of mathematical keys for decoding encrypted information, so
   law enforcement officials can decode private communications
   if granted a court order.

   Those policies have met with uniform distaste on the part
   of the industry executives, who say that widespread use of
   strong encryption is essential to the success of electronic
   commerce over the Internet. They argue that the
   administration's export restrictions on strong
   cryptography, determined by the length of the key needed to
   unlock the code, are hurting business abroad where
   competitors can freely offer stronger encryption software.

   Producing a separate weaker version of encryption software
   for foreign markets not only raises costs but is becoming
   pointless because hackers can now access computers powerful
   enough to break the weaker code.

   "The federal government's ideas on encryption are based on
   a situation which may have existed 10 or 20 years ago with
   very little realization of the realities of today," said
   Sen. Leahy. "We're not going to sell our computer programs
   if we have outdated computer technology, especialiy if
   people can buy it in Europe or Asia."

   The two new bills would allow for the export of much
   stronger encryption provided that level of security was
   "generally available." Sen. Leahy's proposal states that
   the key-escrow scheme will be voluntary, and establishes
   rules by which companies rather than government agencies
   would hold the keys for decoding data. These companies
   would be liable for abuse of keys and subject to strict
   procedures for releasing the keys to law enforcement.    

   Though industry executives welcome the bills, they say the
   measures don't go far enough to unshackle high-tech
   companies. Thomas Parenty, product manager at the database
   firm Sybase Inc., said that both bills represent "a good
   start." But by allowing U.S. companies to export encryption
   only as strong as that which is available overseas, Mr.
   Parenty said, the bills won't allow them to innovate and
   produce superior products.

   And putting keys in the hands of third-party companies,
   they say, is still likely to meet industry opposition.

   People familiar with the bills said one motivation is to
   build support for a private version of the key-escrow
   concept, which could be an opportunity for several
   companies who are selling products based on the idea. "It
   would establish the legal framework for their
   implementation to go forward," said James Bidzos, chief
   executive officer of RSA Data Security Inc., an
   encryption-software company in Redwood City, Calif.

   -- Don Clark contributed to this article.

   [End]