Congress wins rules change on encryption software controls

Shawn P. McCarthy

Was anyone surprised when the White House moved recently to ease controls on exporting encryption software? Does anyone really think the Clinton administration has given up trying to control how such software is used internationally?

The White House has been a vocal opponent of any effort to ease restrictions on exporting high-end encryption products. The fear is that terrorists and criminals could hide their tracks with encrypted e-mail, Internet connections and scrambled phone conversations.

But the administration saw a steam engine revving up on Capitol Hill. That engine is called the Security and Freedom through Encryption (SAFE) Act, originally authored by Rep. Bob Goodlatte (R-Va.). With 258 bipartisan supporters of various versions of the bill, it was clear that export rules definitely would change.

One reason given on the Hill for a rollback of export regulations is that foreign development of powerful encryption techniques threatens to challenge U.S. dominance in the market. Plus, regulations limit the sale of lots of U.S. software with built-in encryption.

President Clinton and Vice President Gore are good at getting out in front of a parade that's already formed. The recent unveiling of the Cyberspace Electronic Security Act of 1999 makes it look as if easing the restrictions was their idea.

The battle continues

But the president and vice president have not given up on fighting threats from encryption. The president will ask Congress for legislation to deal with access to encrypted messages. He also proposes an $80 million center to aid law enforcement handling of encrypted messages. Law enforcers would have to go through the courts to get encryption keys to unscramble specific messages or connections.

The legislative battle is about over, and the technology battle has begun. Amateur code-breakers have proved that all but the most expensive encryption can be deciphered given enough computing power, so an organized effort targeted at criminals may be more effective than the current law that applies to everyone but effectively protects no one.

Will the White House ploy work? The rubber hits the road when Congress gets a chance to analyze the White House's final proposed regulations, due Dec. 15. Right now, the law would still require technical review of encryption products before export.

The proposed rules are among the most significant moves the president has made in backing away from his original opposition to encryption restrictions. Clinton apparently realized the current policy wouldn't work if foreign encryption growth continued.

It wasn't a bad decision. Let's hope the proposed legal measures do protect us from terrorists without treading on the rights of law-abiding citizens. It will be a tough job.

To read the White House's Cyberspace Electronic Security Act of 1999, visit

To see Goodlatte's take on how CESA was inspired by his SAFE legislation, visit A report to the president on a cyberspace privacy strategy appears at

Shawn P. McCarthy designs products for a Web search engine provider. E-mail him at [email protected].


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected