NYT: Faulty Crypto Policy

John Young jya at pipeline.com
Mon Dec 16 04:56:26 PST 1996


   The New York Times, December 16, 1996, p. A14.

   Another Faulty Encryption Policy [Editorial]

   The Clinton Administration has issued its third plan in as
   many years to keep powerful encryption programs for
   telephone and computer messages out of the hands of
   international terrorists and criminals. But this latest
   plan to control the export of encryption software, like the
   two before it, is unworkable and risks trampling on privacy
   rights and harming American software firms.

   Encryption in the hands of criminals unquestionably makes
   law enforcement hard. But the greatest use of encryption is
   by banks and other legal businesses that need to transmit
   confidential data without fear of interception. In
   legitimate hands, encryption helps to prevent crime.

   The Administration first sought to steer all Americans
   toward an encryption standard that Washington would design,
   thus preserving the Government's ability to tap phone
   calls. But after sharp criticism of Government snooping,
   the Administration retreated to a policy, still rejected by
   most privacy advocates and software firms, aimed at exports
   of encryption programs. The newly released regulations,
   which were supposed to implement the October policy, in
   fact make a flawed policy even worse.

   The one consistent thread through the Administration's
   plans is commitment to an encryption standard that uses
   mathematical "passwords" to scramble messages. The
   Government would then have the technical capacity to
   recover passwords, upon court order, and unscramble the
   phone or computer message.

   But the new policy will not succeed abroad. The
   Administration insists it needs not only to unscramble
   stored computer files but also to tap phone and computer
   messages, without the caller's knowledge, as they are
   transmitted. That would in effect require the foreign
   purchaser of American software to deposit its passwords
   with a reputable outside party -- a government agency, a
   bank or the computer firm from which it bought the software
   -- which would relinquish them upon court order and without
   notifying the user. What foreign company or individual will
   purchase software that is prey to undisclosed Government
   snooping when they can, buy equally powerful encryption
   from foreign firms that offer no such path for
   eavesdropping?

   The plan runs into other insolvable problems. It does not
   propose prohibiting powerful encryption software for
   domestic purchase, where such programs are constitutionally
   protected and already in wide use. Thus anyone could, with
   a few key strokes, send the domestically available programs
   over the Internet to Europe and beyond.

   The Administration also fears that software firms will
   write their programs so that the powerful domestic versions
   communicate readily with the easier-to-tap export products.
   If so, the technical result would be that criminals here
   and abroad could communicate out of reach of Government
   wiretaps. The Administration proposes to solve that problem
   by prohibiting software firms from providing easy
   communication between their domestic and export products.
   But that would make American export encryption programs
   unsellable abroad.

   A panel of the National Research Council recommended that
   Washington drop export restrictions on encryption software
   already available abroad, beef up the F.B.I.'s ability to
   crack private encryption codes and support private efforts
   to develop high quality encryption to stop illegal
   eavesdropping. Those steps will improve communications
   security and will not put Government law officers in
   corporate boardrooms, open E-mail to instant wiretaps or
   send foreign customers toward European and Asian software
   firms.

   [End]







More information about the cypherpunks-legacy mailing list