Congress wins rules change on encryption software controls
Shawn P. McCarthy
Was anyone surprised when the White House moved last month to ease controls on exporting encryption software? Does anyone really think the Clinton administration has given up trying to control how such software is used internationally?
The White House has been a vocal opponent of any effort to ease restrictions on exporting high-end encryption products. The fear is that terrorists and criminals could easily hide their tracks with encrypted e-mail, Internet connections and scrambled phone conversations.
But the administration saw a steam engine revving up on Capitol Hill. That engine is called the Security and Freedom through Encryption (SAFE) Act, originally authored by Rep. Bob Goodlatte (R-Va.). With 258 bipartisan supporters of various versions of the bill, it was clear that export rules definitely would change.
One reason given on the Hill for a rollback of export regulations is that foreign development of powerful encryption techniques threatens to challenge U.S. dominance in the market. Plus, regulations limit the sale of lots of U.S. software with built-in encryption.
President Clinton and Vice President Gore are good at getting out in front of a parade that's already formed. Last month's unveiling of the Cyberspace Electronic Security Act of 1999 makes it look as if easing the restrictions was their idea. As proposed, the act would allow worldwide sales but limit availability to foreign governments and militaries. Sales to Iraq and Libya would still be banned, for example.
But the president and vice president have not given up on fighting threats from encryption. The president will ask Congress for legislation to deal with access to encrypted messages. He also proposes an $80 million center to aid law enforcement handling of encrypted messages. Law enforcers would have to go through the courts to get encryption keys to unscramble specific messages or connections.
The legislative battle is about over, and the technology battle has begun. Amateur code-breakers have proved that all but the most expensive encryption can be deciphered given enough computing power, so an organized effort targeted at criminals may be more effective than the current blanket law that applies to everyone but effectively protects no one.
Will the White House ploy work? The rubber hits the road when Congress gets a chance to analyze the White House's final proposed regulations, due Dec. 15. Right now, the law would still require technical review of encryption products before export. The products could still be limited on an individual basis, which could add up to significant restrictions in time.
Whatever the outcome, the proposed rules are among the most significant moves the president has made in backing away from his original opposition to encryption restrictions. Clinton apparently realized the current policy wouldn't work if foreign encryption development continued, and he saw a political advantage to helping U.S. companies while heading off legislation that would have done the same thing.
It wasn't a bad decision. Let's hope the proposed legal measures do protect us from terrorists without treading on the rights of law-abiding citizens. It will be a tough job.
To read the White House's Cyberspace Electronic Security Act of 1999, visit www.epic.org/crypto/legislation/cesa/bill_text.html
To see Goodlatte's take on how CESA was inspired by his SAFE legislation, visit www.house.gov/apps/list/press/va06_goodlatte/091699nr.html
. A report to the president on a cyberspace privacy strategy appears at www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1999/9/17/1.text.1
. The paper was co-authored by Defense Secretary William Cohen, Attorney General Janet Reno, Commerce Secretary William Daley, and Office of Management and Budget director Jacob J. Lew.Shawn P. McCarthy designs products for a Web search engine provider. E-mail him at firstname.lastname@example.org.