Give a little
No matter how hard it tries, the Clinton administration can't get widespread support
for its key escrow encryption policy.
In its revision of what has become a cup full of bitter dregs, the administration
offered these sweeteners: a slight loosening of export restrictions on high-end crypto
products, a ceding to crypto users of the choice of who holds the disencryption keys in
escrow, and no imposition of a particular crypto algorithm.
But that still can't mask the bitter taste of federal law enforcement
"wiretapping" rights that the administration insists on and that is so
unpalatable to so many.
U.S. crypto vendors want no export restrictions because they don't want to cede market
share to vendors in other countries. A Japanese subsidiary of RSA Data Security reportedly
is ready to start selling 1,024-bit encryption products that are exponentially more
powerful than the 56-bit ones U.S. companies are permitted to export.
Some Republican senators, such as Conrad Burns of Montana, don't like key escrow
because they figure the bad guys wouldn't use escrowed keys in any case.
And the cyber-savvy everywhere object to letting the FBI--or any agency--have access to
those keys, even if access requires a court order.
For its part, the administration argues that were law enforcement agencies reduced to
using brute supercomputer force to unlock encrypted documents of alleged criminals, cops'
efforts would be hopelessly slowed down.
It all reminds me of the bumper sticker argument: "If you outlaw guns, only
outlaws will have guns."
In other words, after all the discussion and compromise, crypto policy is boiling down
to a hard nub of essentially religious issues.
Now a bill is proposed in the Senate outlawing some of the already-discarded
administration key escrow proposals. But there's no specific mention of law enforcement
needs in S 1726, so the White House has fought the bill.
What's to be done?
Everyone is going to have to give a little. In my opinion, the cyber worriers and Hill
opponents must yield to law enforcement requirements, although they--and we all--have the
right to expect full constitutional protection and assurances that escrow keys will not
end up in the hands of people like Craig Livingstone. The administration should yield on
export controls, since the technology will find a way out anyhow.
If electronic commerce is going to happen in a big way, we've got to get on with it.