New York Times: Federal Inquiry on Software...

[Zeek]

----------------------------
The New York Times
Tuesday, September 21, 1993
Business Day
----------------------------
 
      Federal Inquiry on Software Examines Privacy Programs

                         By John Markoff

SAN FRANCISCO, Sept. 20 -  In a Government investigation with
implications for free speech and privacy in the information age, a
Federal grand jury in San Jose, Calif., has issued subpoenas to two
software publishers selling versions of a program that protects the
privacy of electronic mail and other computer data.  

The investigation appears to focus on whether the program has been
illegally exported in violation of State Department regulations
that control the sale of weapons and other technologies whose
export the Government believes may compromise national security. 
The relevance of such regulations in the post-cold war era is the
topic of growing debate in Washington, where communications and
computer executives plan to testify before Congress on Wednesday.
[Page C3.]

The software program, known as Pretty Good Privacy, or P.G.P., was
written several years ago by an independent programmer in response
to Federal threats to crack down on the distribution of encryption
software which is used to protect computer data by converting them
into secret code.  No one can read the encoded information without
access to mathematical keys - one that is publicly known, a second
known only to the recipient of the coded message.  

The program has since been freely distributed around the world,
used on thousands of personal computers and work stations.  

Receiving the Federal subpoenas were Viacrypt, a Phoenix company
that plans to sell a licensed version of P.G.P., and Austin Code
Works of Austin, Tex., which is selling a version of P.G.P. for
other software developers to incorporate their own programs.  The
grand jury subpoenas, which the companies received Sept. 9, ordered
them to supply all correspondence and records related to the
international distribution of P.G.P. and other information related
to computer cryptography.  

A Customs Department official refused to comment on the case today. 
William P. Keane, the assistant United States attorney who signed
the subpoenas, confirmed that there was a grand jury investigation,
but said he could not comment.  

Both publishers said they had no plans to sell their products
abroad.  

"I think they're more concerned with our intentions than what we've
done," said Leonard Mikus, president of Viacrypt, which is a
division of the software company Lemcom Systems Inc. of Phoenix. 
"They're on a fishing expedition, but this could become a landmark
case that sets the limits that distinguish between electronic and
conventional publishing."

Battling the N.S.A.

The investigation is the latest round in a growing battle in recent
years between the National Security Agency and a variety of groups
in this country, including high-technology companies, computer
researchers and civil libertarians, over the role of coding
software in protecting computer data.  The N.S.A., whose role is to
monitor electronic communications around the world, has
consistently acted to block the adoption of new technologies that
would make its mission more difficult.

But the widespread availability of high-speed digital communication
links and inexpensive personal computers may make it impossible to
enforce technology restrictions in the future - as the widespread
international dissemination of P.G.P. has already indicated.  

President Clinton alluded to the problems of controlling
distribution of software technology in a speech last week promoting
the North American Free Trade Agreement.  

"Nothing we do in this great capital can change the fact that
factories or information can flash across the world, that people
can move money around in the blink of an eye," the President said.
"Nothing can change the fact that technology can be adopted, once
created, by people all across the world and then rapidly adapted in
new and different ways by people who have a little different take
on the way that technology works."

Question of Legality

Government regulations, enforced by the State Department, make it
illegal to export cryptographic software without a special
munitions export license issued for weapons sales.  

Those restrictions have angered many computer industry executives
who argue that encryption software is the crucial technology
underlying a variety of information-age services, ranging from
secure electronic mail to computerized payment of bills.  

Last year, a number of United States software companies,
represented by the Software Publishers Association, a trade group,
struck a deal with the N.S.A. permitting them to export software
that contained coding functions.  Those codes, however, are
believed to be easily cracked by the N.S.A. The P.G.P. software
under investigation is thought to defy most N.S.A. code-cracking
efforts.  

The legitimacy of the export regulations is also disputed by legal
scholars who argue that they restrict freedom of speech.  

"There is a First Amendment right to speak in a encrypted way,"
said Eben Moglen, a professor of law and legal history at Columbia
University who is familiar with the case.  "The right to speak
P.G.P. is like the right to speak Navajo.  The Government has no
particular right to prevent you from speaking in a technical manner
even if it is inconvenient for them to understand."

Protection from Code-Breaking

P.G.P. has been controversial since it was written by the
programmer, Philip Zimmerman, because it uses a coding formula that
many researchers believe powerful enough to protect information
from even the National Security Agency's high-speed code-cracking
computers.  The formula was developed by three well known computer
scientists: Ronald Rivest, Adi Shamir, and Leonard Adelman.  
--------------