[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
TWP: Tighten ITAR
The Washington Post, October 4, 1996, p. A22.
Crypto Politics [Editorial]
The Clinton administration once had a coherent, if
unpopular, position on encryption software, the stuff that
allows you to encode your email messages or other data so
that no one can read it en route without a key. Now, in the
wake of word that the president will sign an executive
order, the position is no longer coherent, nor discernibly
more popular with the high-tech audience it attempts to
mollify.
People and companies doing international financial business
are highly interested in this kind of software, the more
powerfully "uncrackable" the better. The U.S. software
industry thinks there's a lot of money in it, especially if
encryption becomes routine.
The administration position till recently was that, much as
U.S. software companies might profit from being able to
market "uncrackable" encryption software freely, national
security and law enforcement considerations dictated that
such exports be controlled by license. Powerful encryption,
like arms, could be dangerous in the hands of terrorists,
rogue governments or international criminals. The software
was classed as a munition; software above a certain
uncrackability level could not be exported unless law
enforcement authorities could get access somehow to the
"key" after obtaining the proper warrants.
Unbreakable codes on the loose strike us as a real danger,
a legitimate reason for tight export controls. But if the
administration really believes this, you'd think it would
stick with steps that can plausibly meet the goal of
control.
Instead, trying to please, it has been splitting and
splitting the difference between itself and the largely
unmoved industry, which argues that no one will buy an
encryption product that a government can decrypt at will.
As with arms sales, the companies also argue that if they
don't sell it, somebody else will, and that anyway it's far
too late to fence off rogues. The national security people
respond that there is still a "window," perhaps two years,
in which they can prevent, if not all leaks of unauthorized
crypto technology, at least its off-the-shelf use and wide
adoption as the international standard.
The administration initially proposed, then repeatedly
refined, the concept of key "escrow" -- depositing a copy
of the code with trusted third parties -- but never came up
with a version the industry would accept. It commissioned
a National Research Council report, which recommended a
significant easing of restrictions. Now the president
appears to have embraced a yet looser form of licensure
upon declaration by a company that it will develop a plan
within two years for key recovery. Also, the technology no
longer will be considered munitions.
What kind of plan? Nobody can quite say. What if the plans
aren't acceptable? Licensing will revert to the old rule in
two years. Will the security issue be moot by then?
Probably. Barring some burst of clarity, one is left
wondering whether the administration has compromised or
caved, and what it now believes about the dangers of
exporting uncrackable software.
[End]
Ditto, see the National Research Council report:
http://pwp.usa.pipeline.com/~jya/nrcindex.htm