Go to Encryption Special Report

Encryption: The Story So Far

Pretty Good Privacy Clipper Chip
Clinton's Executive Order Current Legislation

Encryption used to be the stuff of military intrigues and Cold War spy stories. But now, it's becoming essential to the growing electronic marketplace and to those doing business between far-flung offices.

Pretty Good Privacy

Software Review The latest version of PGP is a simple plug-in to popular e-mail programs.

Before 1991, the government and large companies were the only real users of encryption technology. That began to change when programmer Phil Zimmermann released a program called Pretty Good Privacy, which can encode ordinary e-mail. Within the United States, people could always scramble messages and data files any way they liked, so the software posed no legal questions.

But when PGP turned up in other countries, the Department of Justice launched a three-year investigation of Zimmermann. The problem was that PGP used powerful 128-bit encoding keys, and until recently U.S. export laws allowed only weaker 40-bit encryption to cross the borders. Anything stronger was classified a "munition," just like guns and warheads.

No criminal charges were filed against Zimmermann. He even won a Pioneer award from the Electronic Frontier Foundation for his work. But the case dramatically highlighted the sharply differing views toward encryption technology.

The Clipper Chip
At about the same time, the Clipper chip controversy was heating up. Export laws prohibited the use of the strongest encryption tools in products destined for export. Companies complained that this put them at a competitive disadvantage. They also had to choose between building separate domestic and export products or using weaker encryption in both. In 1993, the Clinton administration tried to solve the problem by proposing the Clipper chip as the industry standard.

By adding a Clipper chip to, say, a telephone, users could scramble their phone conversations. But precisely how Clipper encrypts messages was classified. And to ensure that law enforcement officers could easily tap Clipper-scrambled exchanges, the government would keep copies of Clipper decoding keys.

This roused the ire of software companies and privacy advocates, and the administration backed away from the plan.

Clinton's Executive Order

On the Web The text of Clinton's executive order is on the White House site. Details of the rules are on the Bureau of Export Controls site.

Last November, in his next major encryption policy decision, Clinton signed an executive order declaring that encryption software would no longer be considered a munition, unless it was created specifically for military purposes.

The order also gave the departments of Commerce and Justice control over encryption technologies. New rules allow manufacturers to incorporate stronger encryption into their products as long as they commit to systems that allow the government to recover keys.

From the Archives Software Firms Call U.S. Plan 'Unworkable' (The Post, Dec. 11, 1996) Student Cracks High-Level Code (AP, Jan. 29, 1997) Encryption Control 'Unconstitutional' (AP, Aug. 26, 1997)

Software companies were still not satisfied, saying the loosening doesn't go far enough. Their protests received more credence in January when a college student broke a 40-bit code, the strongest that companies can export without government approval, in fewer than four hours.

A federal court struck down the order in August, ruling that restricting export of encryption technology amounts to restricting free speech. But another federal court upheld the rule, and the Justice Department has appealed it.

Current Legislation

From the Archives House Panel Rejects FBI Decoding Proposal (The Post, Sept. 25, 1997) Senate Panel Approves Bill on Encryption (The Post, June 20, 1997) Improving Security for Online Commerce (The Post, Oct. 27, 1996)

In response to software industry complaints about the Clinton administration's encryption rules, Rep. Robert W. Goodlatte (R-Va.) introduced a bill that would prohibit the government from requiring back doors for itself. Five House committees have approved different variations of the bill. Although it survived a crucial attempt to dilute its provisions, much negotiation is still ahead.

A Senate bill, sponsored by Sens. Robert Kerrey (D-Neb.), and John McCain (R-Ariz.) would offer a trade-off to developers — they could export stronger encryption if they made keys available to the government. The Business Software Alliance called it "a step in the wrong direction."

Meanwhile, companies such as Netscape, working to develop safe electronic commerce, have started integrating similar cryptography into their products.