This summary is compiled from Washington Post and washingtonpost.com staff reports. Last updated Sept. 18, 1997.


Go to Encryption Special Report

Spacer

Encryption: The Story So Far

Pretty Good Privacy dot Clipper Chip
Clinton's Executive Order dot Current Legislation

Encryption used to be the stuff of military intrigues and Cold War spy stories. But now, it's becoming essential to the growing electronic marketplace and to those doing business between far-flung offices.

Pretty Good Privacy
Software Review
The latest version of PGP is a simple plug-in to popular e-mail programs.
Before 1991, the government and large companies were the only real users of encryption technology. That began to change when programmer Phil Zimmermann released a program called Pretty Good Privacy, which can encode ordinary e-mail. Within the United States, people could always scramble messages and data files any way they liked, so the software posed no legal questions.

But when PGP turned up in other countries, the Department of Justice launched a three-year investigation of Zimmermann. The problem was that PGP used powerful 128-bit encoding keys, and until recently U.S. export laws allowed only weaker 40-bit encryption to cross the borders. Anything stronger was classified a "munition," just like guns and warheads.

No criminal charges were filed against Zimmermann. He even won a Pioneer award from the Electronic Frontier Foundation for his work. But the case dramatically highlighted the sharply differing views toward encryption technology.

The Clipper Chip
At about the same time, the Clipper chip controversy was heating up. Export laws prohibited the use of the strongest encryption tools in products destined for export. Companies complained that this put them at a competitive disadvantage. They also had to choose between building separate domestic and export products or using weaker encryption in both. In 1993, the Clinton administration tried to solve the problem by proposing the Clipper chip as the industry standard.

By adding a Clipper chip to, say, a telephone, users could scramble their phone conversations. But precisely how Clipper encrypts messages was classified. And to ensure that law enforcement officers could easily tap Clipper-scrambled exchanges, the government would keep copies of Clipper decoding keys.

This roused the ire of software companies and privacy advocates, and the administration backed away from the plan.

Clinton's Executive Order
On the Web
dot The text of Clinton's executive order is on the White House site.

dot Details of the rules are on the Bureau of Export Controls site.

Last November, in his next major encryption policy decision, Clinton signed an executive order declaring that encryption software would no longer be considered a munition, unless it was created specifically for military purposes.

The order also gave the departments of Commerce and Justice control over encryption technologies. New rules allow manufacturers to incorporate stronger encryption into their products as long as they commit to systems that allow the government to recover keys.

From the Archives
dot Software Firms Call U.S. Plan 'Unworkable'
(The Post, Dec. 11, 1996)

dot Student Cracks High-Level Code
(AP, Jan. 29, 1997)

dot Encryption Control 'Unconstitutional'
(AP, Aug. 26, 1997)

Software companies were still not satisfied, saying the loosening doesn't go far enough. Their protests received more credence in January when a college student broke a 40-bit code, the strongest that companies can export without government approval, in fewer than four hours.

A federal court struck down the order in August, ruling that restricting export of encryption technology amounts to restricting free speech. But another federal court upheld the rule, and the Justice Department has appealed it.

Current Legislation
From the Archives
dot House Panel Rejects FBI Decoding Proposal
(The Post, Sept. 25, 1997)

dot Senate Panel Approves Bill on Encryption
(The Post, June 20, 1997)

dot Improving Security for Online Commerce
(The Post, Oct. 27, 1996)

In response to software industry complaints about the Clinton administration's encryption rules, Rep. Robert W. Goodlatte (R-Va.) introduced a bill that would prohibit the government from requiring back doors for itself. Five House committees have approved different variations of the bill. Although it survived a crucial attempt to dilute its provisions, much negotiation is still ahead.

A Senate bill, sponsored by Sens. Robert Kerrey (D-Neb.), and John McCain (R-Ariz.) would offer a trade-off to developers they could export stronger encryption if they made keys available to the government. The Business Software Alliance called it "a step in the wrong direction."

Meanwhile, companies such as Netscape, working to develop safe electronic commerce, have started integrating similar cryptography into their products.

1997 Digital Ink Company

Back to the top


WashingtonPost.com
Navigation image map
Home page Site Index Search Help! Home page Site Index Search Help!