Wall Street Journal, February 26, 1996, p. B4. New Proposals On Encryption Get Tepid Response By Jared Sandberg Two bills are expected to be introduced in Congress that try to resolve the deadlock between the administration and the Internet industry on software encryption, but industry executives are lukewarm to the new proposals. The two proposals, sponsored by Democratic Sen. Patrick J. Leahy of Vermont and GOP Rep. Robert W. Goodlatte of Virginia, seek to loosen government restrictions on encryption -- mathematical formulas that are used to scramble data beyond recognition of eavesdroppers. The government prevents the export of strong encryption because it hampers its efforts to monitor the actions of terrorists and foreign governments. The Clinton administration wants to set up government-approved repositories that keep copies of mathematical keys for decoding encrypted information, so law enforcement officials can decode private communications if granted a court order. Those policies have met with uniform distaste on the part of the industry executives, who say that widespread use of strong encryption is essential to the success of electronic commerce over the Internet. They argue that the administration's export restrictions on strong cryptography, determined by the length of the key needed to unlock the code, are hurting business abroad where competitors can freely offer stronger encryption software. Producing a separate weaker version of encryption software for foreign markets not only raises costs but is becoming pointless because hackers can now access computers powerful enough to break the weaker code. "The federal government's ideas on encryption are based on a situation which may have existed 10 or 20 years ago with very little realization of the realities of today," said Sen. Leahy. "We're not going to sell our computer programs if we have outdated computer technology, especialiy if people can buy it in Europe or Asia." The two new bills would allow for the export of much stronger encryption provided that level of security was "generally available." Sen. Leahy's proposal states that the key-escrow scheme will be voluntary, and establishes rules by which companies rather than government agencies would hold the keys for decoding data. These companies would be liable for abuse of keys and subject to strict procedures for releasing the keys to law enforcement. Though industry executives welcome the bills, they say the measures don't go far enough to unshackle high-tech companies. Thomas Parenty, product manager at the database firm Sybase Inc., said that both bills represent "a good start." But by allowing U.S. companies to export encryption only as strong as that which is available overseas, Mr. Parenty said, the bills won't allow them to innovate and produce superior products. And putting keys in the hands of third-party companies, they say, is still likely to meet industry opposition. People familiar with the bills said one motivation is to build support for a private version of the key-escrow concept, which could be an opportunity for several companies who are selling products based on the idea. "It would establish the legal framework for their implementation to go forward," said James Bidzos, chief executive officer of RSA Data Security Inc., an encryption-software company in Redwood City, Calif. -- Don Clark contributed to this article. [End]