Commerce/Reinsch: Encryption's in the Federal Spotlight

[geeman@best.com]

>Encryption's In The Federal Spotlight
>(08/05/97; 9:00 a.m. EDT)
>By Darryl K. Taft, Computer Reseller News
>
>WASHINGTON -- President Clinton is determined to push electronic
>commerce forward, but when it comes to encryption, some safeguards need
>to remain in place because of law enforcement and national security
>concerns, said William Reinsch, the U.S. Department of Commerce's
>undersecretary for export administration.
>
>Speaking at the National Computer Security Association's (NCSA)
>Electronic Commerce Security conference here, Reinsch reiterated that
>the
>president and U.S. policy favors an electronic marketplace that is not
>regulated by the government.
>
>"It's obvious our policies about encryption is a piece of the large
>puzzle that
>doesn't quite fit our definition of a free market," said Reinsch,
>adding, "The
>increased use of encryption carries with it serious risks for public
>safety and
>our national security. Any policy on encryption must address these risks
>as
>well if it is to be in the national interest. Our policy provides that
>balance by
>working in close consultation with the private sector and by working
>with the
>market, not against it."
>
>William Murray, an executive consultant with Deloitte & Touche,
>disagreed.
>Murray said the present government policy favors security and ease of
>investigation over crime prevention and "the lawless over the law
>abiding. I
>know of no criminals who are worried about the administration's
>policies, but
>my law-abiding clients are."
>
>Murray, who also spoke at the NCSA conference, said he believed the
>government's policy is "sowing so much fear, uncertainty and doubt that
>it is
>the single most incapacitating thing we have to deal with."
>
>Meanwhile, Reinsch outlined several areas where he said he felt the
>administration's policies regarding export control and key management
>are
>making a difference. Reinsch said new regulations creating a license
>exemption that allows recoverable encryption products of any strength
>and
>key length to be exported freely after a single review by the Department
>of
>Commerce, the Department of Justice and the Defense Departments.
>
>To encourage the development of recoverable encryption products, the
>government created a special two-year liberalization period during which
>companies may export 56-bit DES or equivalent products, provided they
>show that they are working to develop the key management infrastructure
>envisioned by the administration, Reinsch said.
>
>Perhaps the best gauge of industry response to the administration
>policies has
>been the flow of applications for exports, Reinsch said. In the seven
>months
>since the policy went into effect, the Commerce department received more
>than 100 license applications for exports, valued at more than $500
>million.
>In addition, Reinsch said 33 companies have submitted plans on how they
>will build key recovery products, and the Commerce department approved
>29 of them with more to come. "None have been rejected," Reinsch said,
>noting that he could only name the companies that have already announced
>their applications, such as Netscape Communications, IBM, Trusted
>Information Systems and Digital Equipment.
>
>Reinsch said the market continues to be confusing because "companies
>might
>say one thing in private with the government and then take a totally
>different
>position publicly." Murray said, "The government does the same thing."
>
>Moreover, Reinsch said industry concerns that foreign availability of
>encryption products appear to be exaggerated. "We do not yet see
>widespread foreign use of encryption," he said. "We've discovered that
>every
>country is going through the same issues we are." 
>
>
>