The battle over software encryption heated up today in Washington as several software industry leaders testified before a Senate subcommittee in support of proposed legislation that would free up American companies to use and export stronger encryption technology.
Sponsored by Senator Conrad Burns (R-Montana), the so-called "Pro-Code Bill" would remove current restrictions on encryption technology, which is now technically classified as munitions and cannot be exported.
Among the witnesses who appeared today were Netscape Communications president Jim Barksdale, Lotus Development president Michael Zisman, and Kenneth Dam, chairman of the National Research Council, which last week issued a report urging the broader use of encryption technology to facilitate the growth of electronic commerce.
The Pro-Code Bill also picked up endorsements today from newly elected Senate majority leader Trent Lott (R-Mississippi) and Senator Barbara Boxer (D-California).
The witnesses echoed each other in their claims that the current export ban on encryption "keys," or codes, greater than 40 bits puts U.S. companies at a competitive disadvantage. "We have learned that our foreign customers do not want and will not buy our exportable 40-bit product," Netscape's Barksdale said. "It has been hacked by college students in France and Berkeley, California."
Barksdale also criticized the Clinton administration's current export policy as a subterfuge to bring domestic encryption use under tighter control.
"We were even surprised how strong the statements were from the CEOs," said Alan Davidson, counsel for the Center for Democracy and Technology, a privacy advocacy group that supports Burns's legislation. "They weren't pulling any punches anymore."
The Clinton administration has offered a compromise to encryption proponents: a "key-escrow" system commonly referred to as the Clipper III proposal that would require individuals and companies to give their decryption "keys" to third-party holding firms. This way, law enforcement agencies armed with a court order would be able to decode suspicious messages or software. The administration has offered to ease the export ban only if such key-escrow schemes are established.
The Pro-Code Bill would not only prohibit mandatory key-escrow systems but would also shift the power to grant export licenses from the State Department to the Commerce Department, a move that many observers support.
"Commerce has different goals than State," said Stanton McCandlish of the Electronic Frontier Foundation, an online rights organization. "They want to see U.S. products on the market."
Critics of the current law argue that any overseas users, including criminals, who want to protect their information with encryption already has the means to do so. Even American companies can get around the regulations. For example, Japanese communications giant Nippon Telegraph and Telephone has licensed 1,024-bit encryption technology developed independently by the Japanese subsidiary of a leading U.S. encryption vendor, RSA Data Security. Since the subsidiary recreated the American parent's technology independently, the U.S. export restrictions didn't apply.
Privacy advocates and technical experts are expected to testify at a second day of subcommittee hearings June 26.
Hacking cost businesses $800 million
RSA signs encryption deal with NTT
NRC study recommends encryption use
White House revives Clipper chip idea
Burns bill would ease encryption rules