Just when I figured the debate over cryptography was hopelessly stalled, there come signs of a budge.
You may be familiar with the broad outlines of this fight: Encryption software can scramble our communications and data to protect privacy, but U.S. law enforcement and national security officials fear that the technology will be used to conceal the plotting of unspeakable crimes.
So the Clinton administration has long tried to curb the growth of encryption software abroad through export controls, raising the ire of cryptographers, encryption advocates and the companies that want to serve the burgeoning market. Despite bipartisan support for looser encryption rules, the administration and its allies have so far successfully kept bills from moving forward.
The current focus of the debate is the Security and Freedom Through Encryption (SAFE) Act of 1999, which would liberalize exports and has 254 sponsors. The usual combatants slugged it out last week over SAFE at a meeting of the House Permanent Select Committee on Intelligence.
A similar bill with an equally hokey name, the Promote Reliable Online Transactions to Encourage Commerce and Trade (PROTECT) measure championed by Sen. John McCain (R-Ariz.), was the subject of a Senate Commerce Committee hearing.
SAFE sponsor Rep. Robert W. Goodlatte (R-Va.) told me the encryption debate was "coming to a head," with action on his bill likely as soon as next month. "There's an overwhelming case to be made that if you don't export strong encryption, you'll simply lose a market that we dominate."
In one of the most interesting developments, Sen. John F. Kerry (D-Mass.), once a Clinton ally, has joined the pro-crypto forces. He still frets about what evil may be done under encryption's cloak, but says that "the compromise we once sought has been overtaken by the marketplace itself," since the products are available globally.
"All we're doing at this point is restraining our businesses against a sort of phantom menace," he said. Kerry said he was optimistic that things could move, based on talks he had last week with Democratic leadership and the White House.
Two reports released last week provide the kind of data that helped persuade Kerry. One, by the pro-encryption Electronic Privacy Information Center in Washington (www.epic.org), looked at the cryptography policies of other nations and found that the United States stands virtually alone in its attempts to curtail encryption.
The other, by researchers at George Washington University (http://www.seas.gwu.edu/seas/ institutes/cpi/library/docs/cpi-1999-02.pdf), found that the number of encryption products available in other countries has jumped in the last 18 months, with 805 products now manufactured in 35 foreign countries -- a 22 percent increase.
"You can walk in off the street and buy it at a French newspaper kiosk," bundled with a magazine's freebie software CD, George Washington professor Lance Hoffman says. High-quality strong encryption is winning over the world's customers in a game that U.S. companies are barred from entering, Hoffman argues; and "once you have created a relationship with that customer, it's going to be harder for the U.S. [companies] to break that."
Administration officials are still fighting congressional action, suggesting that there's too much danger in the world to allow unfettered use of encryption. Some have hinted that the Cox report on Chinese spying makes the case against SAFE and PROTECT all the clearer.
Its namesake, Rep. Christopher Cox (R-Calif.), is a sponsor of the SAFE bill, and he disagrees. His China report, he notes, "is completely silent on the subject. . . . Nothing in the course of this investigation convinced me of the logic of the Clinton administration's position on encryption."
Commerce Undersecretary William Reinsch, who oversees the export control system, told me that although the administration takes the availability of foreign products seriously, "that's not the only thing we think about."
Lots of products, from machine tool precursors to chemical weapons, are available from foreign companies, he said. "There just aren't that many things that the United States has a monopoly on anymore." Still, the government has to make what he called a "national security judgment."
Reinsch complained that the administration has come a long way in softening its line over encryption in the past six years, but that its opponents won't compromise. "We're always happy to talk to members of Congress and have a constructive dialogue with them," he said. "If Senator Kerry is optimistic about a dialogue, I'm optimistic too -- and happy to have one."
Judge Betty B. Fletcher of the Ninth Circuit Court of Appeals recently wrote an ode to privacy that transcends the business side of the encryption battle. In that court's ruling against the Clinton administration's attempt to keep college professor Daniel J. Bernstein from distributing encryption programming code, she wrote, "In this increasingly electronic age, we are all required in our everyday lives to rely on modern technology to communicate with one another. This reliance on electronic communication, however, has brought with it a dramatic diminution in our ability to communicate privately."
Cell phones, e-mail, Internet transactions all put us at risk, Fletcher wrote, because "when we employ electronic methods of communication, we often leave electronic `fingerprints' behind, fingerprints that can be traced back to us. Whether we are surveilled by our government, by criminals, or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb."
Given this unpleasant state of affairs, she wrote, "The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."
With arguments like that from people like Fletcher, it's easy to see why Reinsch these days seems more and more like a lonely guy.
Schwartz's e-mail address is firstname.lastname@example.org