By Amy Branson
A key Clinton administration official Friday defended current export policies for encryption, or data scrambling technology, although he admitted that the policies have been poorly implemented.
William Reinsch, undersecretary for export administration in the Commerce Department, told a briefing of the Congressional Internet Caucus that the Clinton administration's encryption export policies attempt to "reflect balance" among competing interests: promoting commerce and protecting privacy while ensuring that law enforcement officials have adequate resources to fight crime.
For instance, he explained that the administration has worked to ease export restrictions on very strong encryption technology used by financial institutions as a way to help those institutions preserve their network security.
For now, "the Commerce Department is issuing export licenses on a case-by-case basis to allow the export of products specifically designed to support financial transactions," according to a department spokeswoman. This means that with prior government approval, the strongest non-recoverable encryption products available on the commercial market can be sent to banks and other financial institutions around the world.
The Clinton administration's current policies also permit U.S. companies to export relatively weak encryption products without an export license. Stronger encryption employing 56-bit strength may be exported or re-exported after a one-time review, as long as the exporter makes some guarantees to build features into the product that will allow the cryptography to be broken in "emergency situations," the department spokeswoman explained.
Still, specific concessions for some financial institutions hardly satisfy those who favor lifting nearly all export controls.
"Events have over-taken the policy," proclaimed Edward Gillespie, executive director of Americans for Computer Privacy, a broad coalition of more than 70 companies and 28 various associations. The ACP advocates lifting export controls on strong encryption and opposes domestic controls on the technology.
To many like Gillespie, the administration's export control policies simply are seen as harmful to American businesses and foolish in light of current realities. He mentioned, among other things, the recent announcement by Network Associates, the nation's largest independent maker of computer security software, that its Dutch subsidiary would begin selling its strongest, non-recoverable encryption technology overseas. (Incidentally, the U.S. government has not openly opposed this move, indicating that competing U.S. firms could use the same strategy to get around this country's export controls.)
And Gillespie also noted that Ronald Rivest, a scientist for the Massachusetts Institute of Technology, has developed a technique to secure electronic files and communications in a way that does not rely on encryption.
"These developments are leaving our policy in tatters," said Gillespie, who spent a decade on Capitol Hill working in various positions for House Majority Leader Richard Armey, R-Texas.
And the ACP was not alone in its condemnation.
David Peyton, director of technology policy at the National Association of Manufacturers, said Friday that the future of American competitiveness depends on the ability of American firms to use unbreakable encryption.
Peyton, who explained that manufacturers now rely on software to build their goods, said industrial espionage could cause business losses of $100 billion to $300 billion each year if the government requires firms to use software employing cryptography with built in "backdoors" for law enforcement purposes.
But Bruce McConnell, an official with the Office of Management and Budget, emphasized that Vice President Al Gore is trying to work with industry to develop a technical solution to the encryption impasse.
"Surely there must be a technical solution we Americans can figure out," said McConnell, who is chief of information policy and technology for the office of information and regulatory affairs at OMB.
He added that many larger businesses have expressed an interest in encryption products that would allow them to recover the plain text of their encrypted files should they ever happen to be "locked out" of those files. "Key recovery does have a place in the market," McConnell said.
Gillespie, however, argued that the ACP does not oppose the commercial development of products with recovery features -- it opposes the federal government telling businesses and individuals that they must use those products.
"The president is trying to pursue a policy that balances law enforcement, national security, privacy and commercial interests," Daley said. "The truth is that while out policy goal balance is the right one, our implementation has been a failure. We have not been able to agree, amongst ourselves or with the business community, on how to reach that balance.
"I fear our search has thus far been more symbolic than sincere," Daley said.
He conceded that current U.S. policy "ironically encourages the growth of foreign producers at the same time it retards growth here" by requiring complex export licenses for the most desirable encryption technology. Meanwhile, countries like Germany, Israel and Canada take competitive advantage of the U.S. rules.
Unless U.S. industry and law enforcement agencies agree on a compromise solution, he said, there could be "foreign dominance of the market."
Still, Daley sounded a hopeful note to an industry wary of government intervention.
"As you know, our approach to e-commerce is that the private sector should lead. Government's role is to establish a climate where electronic commerce can flourish," he said, and even "where we need to act, the private sector should be part of that dialogue."
But it seemed Daley and industry representatives talked past each other when they separately addressed reporters after the report's unveiling.
Daley stuck to the spirit of his remarks and said both sides could compromise on encryption legislation now before Congress, but he quipped, "I think we've held too many meetings and had too much dialogue."
Information Technology Association of America president Harris Miller was equally adamant that the industry clings to a fundamental position. "What they define as compromise is giving up the right to compete in the global market," Miller said, adding that he believed law enforcement agencies armed with more powerful computers was the best answer.
"I have confidence," he said, "that technology can overcome this problem."