[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bidzos editorial moves across business wires




This just went out over the wires... attributed to Investors Business Daily

Headline: Guest Editorial Nothing Safe About Encryption Bills

======================================================================
   By D. JAMES BIDZOS Congress is intent on regulating encryption
technology in the name of law enforcement, no matter what the cost.
But the real debate's not about fighting crime. It's about the
ability of American business to compete in our new networked world.
   The Senate is nearing a vote on a bill, by Sen. John McCain, R-
Ariz., and Sen. Bob Kerrey, D-Neb., requiring all encryption products
made, sold or used in the U.S. to provide on-demand government access
to encrypted files with a court order.
   In the House, the story's more complicated.
   The Commerce Committee on Wednesday approved the Security and
Freedom through Encryption Act, a bill by Rep. Bob Goodlatte, D-Va.
that was written to bar domestic controls on encryption.
   A few weeks ago, SAFE was amended to resemble the Senate bill.
But the Commerce Committee scrapped the change and restored the
bill's original language. The battle now moves to the Rules
Committee, where Rep. Gerald Solomon, R-N.Y., vows to restore the
decoding provisions.
   FBI Director Louis Freeh wants encryption controls passed. He
told the Senate Judiciary Subcommittee on Technology that without
such a law, "Our ability to investigate and sometimes prevent the
most serious crimes and terrorism will be severely impaired."
   No one wants the FBI stymied in its efforts to fight crime.
Unfortunately, the debate in Congress so far has painted the Senate
bill's opponents as ignorant of public safety and national security
concerns, or, worse, willing to put commercial interests ahead of
them.
   What's missing from the current encryption debate is a clear
understanding of the implications of the Senate bill, and the
identification of safeguards against abuse of a "key recovery"
system.
   Key recovery means that someone other than the main user holds a
copy of an encryption key. Everyone agrees that key recovery is
useful, even necessary. The bottom line is, who should hold the
keys?
   Strong encryption is already a fact of life in the U.S. and around
the world. Advanced, strong, unescrowed encryption is used in
millions of products, including every Web browser sold by Netscape
Communications Corp. and Microsoft Corp.
   Law enforcement and the national security establishment view
strong encryption as a threat to their efforts to safeguard the
public from those who would encrypt incriminating data.
   But this is a myopic view. Fact is, in our evolving
cyber-society, everything about us will be stored digitally.
Contrary to the position of the FBI -which says it only wants to
maintain wiretap capabilities as they have existed since 1968 - the
proposal for key recovery is not the digital equivalent of putting
alligator clips on phone wires. It's more like giving the government
the keys to all of our personal and professional lives.
   While the FBI says such access will only be by authorized court
order, it has not explained how controls and audits will prevent
abuse of these valuable keys. Would people allow local and federal
law enforcement to have and store a copy of the keys to their homes
and their filing cabinets?
   The computer industry fears that a law requiring products to
include U.S. government access will make them unable to compete in a
market where roughly 60% of their revenues come from outside the U.S.
   And U.S. firms operating overseas are very concerned. Foreign
governments with key recovery would have every reason to use it to
steal trade secrets and pass them on to their own industries. In
France and elsewhere, government spies often help state-owned firms
steal trade secrets from U.S. companies.
   The FBI hopes that the U.S. encryption market can sway the rest of
the world. But if other countries take the position - as Germany has
- - that they will not control the export of encryption or require key
recovery, how will U.S. industry compete?
   Along with Germany, encryption companies are springing up in South
Africa, Ireland, Belgium, Switzerland and Singapore to exploit
opportunities created by a restrictive U.S. export policy.
   The administration and Congress seem ready to accept that American
industry will become a casualty of the crypto-wars as it struggles to
comply with a law no one fully understands, and foreign suppliers
step in to meet the demand.
   We can only hope that Congress will stop and think on this
critical issue before enshrining key recovery in law.
   D. James Bidzos is president of RSA Data Security Inc. in Redwood
City, Calif.


------- End of Forwarded Message




-- 
-------------------------------------------------------------------------------
David HM Spector                                         [email protected]
Network Design & Infrastructure Security                 voice: +1 212.580.7193
Amateur Radio: W2DHM (ex-N2BCA) (ARRL life member)       GridSquare: FN30AS
-.-. --- -. -. . -.-. -  .-- .. - ....  .- -- .- - . ..- .-.  .-. .- -.. .. ---
"New and stirring things are belittled because if they are not belittled, 
the humiliating question arises, 'Why then are you not taking part in them?'"
                                                        --H. G. Wells