[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TWP: Tighten ITAR



   The Washington Post, October 4, 1996, p. A22. 
 
 
   Crypto Politics [Editorial] 
 
 
   The Clinton administration once had a coherent, if 
   unpopular, position on encryption software, the stuff that 
   allows you to encode your email messages or other data so 
   that no one can read it en route without a key. Now, in the 
   wake of word that the president will sign an executive 
   order, the position is no longer coherent, nor discernibly 
   more popular with the high-tech audience it attempts to 
   mollify. 
 
   People and companies doing international financial business 
   are highly interested in this kind of software, the more 
   powerfully "uncrackable" the better. The U.S. software 
   industry thinks there's a lot of money in it, especially if 
   encryption becomes routine. 
 
   The administration position till recently was that, much as 
   U.S. software companies might profit from being able to 
   market "uncrackable" encryption software freely, national 
   security and law enforcement considerations dictated that 
   such exports be controlled by license. Powerful encryption, 
   like arms, could be dangerous in the hands of terrorists, 
   rogue governments or international criminals. The software 
   was classed as a munition; software above a certain 
   uncrackability level could not be exported unless law 
   enforcement authorities could get access somehow to the 
   "key" after obtaining the proper warrants. 
 
   Unbreakable codes on the loose strike us as a real danger, 
   a legitimate reason for tight export controls. But if the 
   administration really believes this, you'd think it would 
   stick with steps that can plausibly meet the goal of 
   control. 
 
   Instead, trying to please, it has been splitting and 
   splitting the difference between itself and the largely 
   unmoved industry, which argues that no one will buy an 
   encryption product that a government can decrypt at will. 
   As with arms sales, the companies also argue that if they 
   don't sell it, somebody else will, and that anyway it's far 
   too late to fence off rogues. The national security people 
   respond that there is still a "window," perhaps two years, 
   in which they can prevent, if not all leaks of unauthorized 
   crypto technology, at least its off-the-shelf use and wide 
   adoption as the international standard. 
 
   The administration initially proposed, then repeatedly 
   refined, the concept of key "escrow" -- depositing a copy 
   of the code with trusted third parties -- but never came up 
   with a version the industry would accept. It commissioned 
   a National Research Council report, which recommended a 
   significant easing of restrictions. Now the president 
   appears to have embraced a yet looser form of licensure 
   upon declaration by a company that it will develop a plan 
   within two years for key recovery. Also, the technology no 
   longer will be considered munitions. 
 
   What kind of plan? Nobody can quite say. What if the plans 
   aren't acceptable? Licensing will revert to the old rule in 
   two years. Will the security issue be moot by then? 
   Probably. Barring some burst of clarity, one is left 
   wondering whether the administration has compromised or 
   caved, and what it now believes about the dangers of 
   exporting uncrackable software. 
 
   [End] 
 
   Ditto, see the National Research Council report: 
 
   http://pwp.usa.pipeline.com/~jya/nrcindex.htm