[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NYT: Faulty Crypto Policy
The New York Times, December 16, 1996, p. A14.
Another Faulty Encryption Policy [Editorial]
The Clinton Administration has issued its third plan in as
many years to keep powerful encryption programs for
telephone and computer messages out of the hands of
international terrorists and criminals. But this latest
plan to control the export of encryption software, like the
two before it, is unworkable and risks trampling on privacy
rights and harming American software firms.
Encryption in the hands of criminals unquestionably makes
law enforcement hard. But the greatest use of encryption is
by banks and other legal businesses that need to transmit
confidential data without fear of interception. In
legitimate hands, encryption helps to prevent crime.
The Administration first sought to steer all Americans
toward an encryption standard that Washington would design,
thus preserving the Government's ability to tap phone
calls. But after sharp criticism of Government snooping,
the Administration retreated to a policy, still rejected by
most privacy advocates and software firms, aimed at exports
of encryption programs. The newly released regulations,
which were supposed to implement the October policy, in
fact make a flawed policy even worse.
The one consistent thread through the Administration's
plans is commitment to an encryption standard that uses
mathematical "passwords" to scramble messages. The
Government would then have the technical capacity to
recover passwords, upon court order, and unscramble the
phone or computer message.
But the new policy will not succeed abroad. The
Administration insists it needs not only to unscramble
stored computer files but also to tap phone and computer
messages, without the caller's knowledge, as they are
transmitted. That would in effect require the foreign
purchaser of American software to deposit its passwords
with a reputable outside party -- a government agency, a
bank or the computer firm from which it bought the software
-- which would relinquish them upon court order and without
notifying the user. What foreign company or individual will
purchase software that is prey to undisclosed Government
snooping when they can, buy equally powerful encryption
from foreign firms that offer no such path for
eavesdropping?
The plan runs into other insolvable problems. It does not
propose prohibiting powerful encryption software for
domestic purchase, where such programs are constitutionally
protected and already in wide use. Thus anyone could, with
a few key strokes, send the domestically available programs
over the Internet to Europe and beyond.
The Administration also fears that software firms will
write their programs so that the powerful domestic versions
communicate readily with the easier-to-tap export products.
If so, the technical result would be that criminals here
and abroad could communicate out of reach of Government
wiretaps. The Administration proposes to solve that problem
by prohibiting software firms from providing easy
communication between their domestic and export products.
But that would make American export encryption programs
unsellable abroad.
A panel of the National Research Council recommended that
Washington drop export restrictions on encryption software
already available abroad, beef up the F.B.I.'s ability to
crack private encryption codes and support private efforts
to develop high quality encryption to stop illegal
eavesdropping. Those steps will improve communications
security and will not put Government law officers in
corporate boardrooms, open E-mail to instant wiretaps or
send foreign customers toward European and Asian software
firms.
[End]