Encryption's In The Federal Spotlight (08/05/97; 9:00 a.m. EDT) By Darryl K. Taft, Computer Reseller News
WASHINGTON -- President Clinton is determined to push electronic commerce forward, but when it comes to encryption, some safeguards need to remain in place because of law enforcement and national security concerns, said William Reinsch, the U.S. Department of Commerce's undersecretary for export administration.
Speaking at the National Computer Security Association's (NCSA) Electronic Commerce Security conference here, Reinsch reiterated that the president and U.S. policy favors an electronic marketplace that is not regulated by the government.
"It's obvious our policies about encryption is a piece of the large puzzle that doesn't quite fit our definition of a free market," said Reinsch, adding, "The increased use of encryption carries with it serious risks for public safety and our national security. Any policy on encryption must address these risks as well if it is to be in the national interest. Our policy provides that balance by working in close consultation with the private sector and by working with the market, not against it."
William Murray, an executive consultant with Deloitte & Touche, disagreed. Murray said the present government policy favors security and ease of investigation over crime prevention and "the lawless over the law abiding. I know of no criminals who are worried about the administration's policies, but my law-abiding clients are."
Murray, who also spoke at the NCSA conference, said he believed the government's policy is "sowing so much fear, uncertainty and doubt that it is the single most incapacitating thing we have to deal with."
Meanwhile, Reinsch outlined several areas where he said he felt the administration's policies regarding export control and key management are making a difference. Reinsch said new regulations creating a license exemption that allows recoverable encryption products of any strength and key length to be exported freely after a single review by the Department of Commerce, the Department of Justice and the Defense Departments.
To encourage the development of recoverable encryption products, the government created a special two-year liberalization period during which companies may export 56-bit DES or equivalent products, provided they show that they are working to develop the key management infrastructure envisioned by the administration, Reinsch said.
Perhaps the best gauge of industry response to the administration policies has been the flow of applications for exports, Reinsch said. In the seven months since the policy went into effect, the Commerce department received more than 100 license applications for exports, valued at more than $500 million. In addition, Reinsch said 33 companies have submitted plans on how they will build key recovery products, and the Commerce department approved 29 of them with more to come. "None have been rejected," Reinsch said, noting that he could only name the companies that have already announced their applications, such as Netscape Communications, IBM, Trusted Information Systems and Digital Equipment.
Reinsch said the market continues to be confusing because "companies might say one thing in private with the government and then take a totally different position publicly." Murray said, "The government does the same thing."
Moreover, Reinsch said industry concerns that foreign availability of encryption products appear to be exaggerated. "We do not yet see widespread foreign use of encryption," he said. "We've discovered that every country is going through the same issues we are."