October 1, 1996
The timing of the Administration's announcement on encryption, within hours of the Congress' likely adjournment, is unfortunate. The Administration needs to work with Congress to develop a consensus on a national encryption policy that takes account of the privacy, law enforcement and competitiveness concerns of our Nation's citizens and businesses.
Taking unilateral steps will not resolve this issue, but instead could delay building the consensus we so urgently need. This issue simply cannot by resolved by Executive fiat.
While technology should not dictate policy, particularly when our public safety and national security interests are at issue, any policy we adopt must protect our privacy. As the Administration and industry rush to find an alternative to unbreakable encryption, they should take heed that any solution which fails to protect the Fourth Amendment and privacy rights of our citizens will be unacceptable.
That is why, with bipartisan support, Senator Burns and I introduced legislation in March that set out privacy safeguards to protect the decoding keys to encrypted communications and stringent legal procedures for law enforcement agencies to get access to those keys.
In this plan, the Administration is directing the resources of our high-tech industry to develop breakable, rather than unbreakable, encryption. But no one is yet clear about who will be legally allowed to break into encrypted messages, and under what circumstances. These are questions that have to be answered not only with our own government but also with foreign governments. The weakest link in a key recovery system may be the country with the weakest privacy protections. Internet users, who can send messages around the globe seamlessly, do not want the privacy of their encrypted communications to be at the mercy of a country that ignores the Fourth Amendment principles we enjoy here.
These are significant privacy and security concerns not answered by the Administration's plan.
Even without reading the fine print, the general outline of the Administration's plan smacks of the government trying to control the marketplace for high-tech products. Only those companies that agree to turn over their business plans to the government and show that they are developing key recovery systems, will be rewarded with permission to sell abroad products with DES encryption, which is the global encryption standard.
Conditioning foreign sales of products with DES on development of key recovery systems puts enormous pressure on our computer industry to move forward with key recovery, whether their customers want it or not.
Internet users themselves -- not the FBI, not the NSA, not any government regulator -- should decide what encryption method best serves their needs. Then the marketplace will be able to respond. The Administration is putting the proverbial cart before the horse, by putting law enforcement interests ahead of every one elses.
But that is not the only catch in the Administration's plan. Permission to export DES will end in two years. Allowing American companies to sell DES overseas is a step long overdue. Given the fact that a Japanese company is already selling "triple DES", one might say this step is too little, too late. Threatening to pull the plug on DES in two years, when this genie is already out of the bottle, does not promote our high-tech industries overseas. Does this mean that U.S. companies selling sophisticated computer systems with DES encryption overseas must warn their customers\\that the supply may end in two years? Customers both here and abroad want stable suppliers, not those jerked around by their government.
The most effective way to protect the privacy and security of our on-line communications is to use encryption technology. Every American should be concerned about our country's policy oencryption since the resolution of this debate will affect privacy, jobs and the competitiveness of our high-tech industries.
Return to the
Key Escrow Page
Return to the EPIC Crypto Policy Page
Return to the EPIC Home Page