The New York Times, December 16, 1996, p. A14. Another Faulty Encryption Policy [Editorial] The Clinton Administration has issued its third plan in as many years to keep powerful encryption programs for telephone and computer messages out of the hands of international terrorists and criminals. But this latest plan to control the export of encryption software, like the two before it, is unworkable and risks trampling on privacy rights and harming American software firms. Encryption in the hands of criminals unquestionably makes law enforcement hard. But the greatest use of encryption is by banks and other legal businesses that need to transmit confidential data without fear of interception. In legitimate hands, encryption helps to prevent crime. The Administration first sought to steer all Americans toward an encryption standard that Washington would design, thus preserving the Government's ability to tap phone calls. But after sharp criticism of Government snooping, the Administration retreated to a policy, still rejected by most privacy advocates and software firms, aimed at exports of encryption programs. The newly released regulations, which were supposed to implement the October policy, in fact make a flawed policy even worse. The one consistent thread through the Administration's plans is commitment to an encryption standard that uses mathematical "passwords" to scramble messages. The Government would then have the technical capacity to recover passwords, upon court order, and unscramble the phone or computer message. But the new policy will not succeed abroad. The Administration insists it needs not only to unscramble stored computer files but also to tap phone and computer messages, without the caller's knowledge, as they are transmitted. That would in effect require the foreign purchaser of American software to deposit its passwords with a reputable outside party -- a government agency, a bank or the computer firm from which it bought the software -- which would relinquish them upon court order and without notifying the user. What foreign company or individual will purchase software that is prey to undisclosed Government snooping when they can, buy equally powerful encryption from foreign firms that offer no such path for eavesdropping? The plan runs into other insolvable problems. It does not propose prohibiting powerful encryption software for domestic purchase, where such programs are constitutionally protected and already in wide use. Thus anyone could, with a few key strokes, send the domestically available programs over the Internet to Europe and beyond. The Administration also fears that software firms will write their programs so that the powerful domestic versions communicate readily with the easier-to-tap export products. If so, the technical result would be that criminals here and abroad could communicate out of reach of Government wiretaps. The Administration proposes to solve that problem by prohibiting software firms from providing easy communication between their domestic and export products. But that would make American export encryption programs unsellable abroad. A panel of the National Research Council recommended that Washington drop export restrictions on encryption software already available abroad, beef up the F.B.I.'s ability to crack private encryption codes and support private efforts to develop high quality encryption to stop illegal eavesdropping. Those steps will improve communications security and will not put Government law officers in corporate boardrooms, open E-mail to instant wiretaps or send foreign customers toward European and Asian software firms. [End]