SAN FRANCISCO--Speaking today for the first time before the encryption industry, President Clinton's special envoy for cryptography, David Aaron, reiterated the administration's party line and clarified the role he will play as the White House point man on encryption.
In his address to the RSA Data Security conference here, Aaron didn't provide any surprises but simply outlined the main tenets of the Clinton Administration's encryption export policy. He reconfirmed the government's commitment to a global key management system, a system that would let encryption software vendors increase the potency of their technology while allowing law enforcement to get at encrypted messages.
Aaron was appointed to his current post as part of a recently implemented set of regulations that make up Clinton's encryption policy. He said today that his job is to persuade other countries to copy U.S. regulations on encryption--with the goal of building an international key management system.
But he is also widely seen as the White House's domestic representative on encryption. As the White House has argued all along, Aaron said today that key management balances the need for individual privacy with concerns about online crime, pointing to several cases in which encryption has been used to aid or conceal criminal activity.
So far, Clinton's position has not proven popular with the encryption industry. CEOs for many of the major security technology companies have argued that Clinton's rules on how to implement a key management system put too much of the burden on private companies and will impede the growth of the American encryption industry and e-commerce overall.
Nevertheless, even the most ardent critics of mandatory key management took Aaron's appearance today as a good sign.
"It's important to have an emissary on cryptography, one voice that can speak for the administration," said conference host and RSA President Jim Bidzos as part of his introduction of Aaron.
Members of the audience agreed.
"We're happy that he's making himself available and that he's interested in really understanding the technology," said Peter Harter, public policy counsel for Netscape Communications. According to Harter, Aaron spent Monday meeting with the executives of several Silicon Valley companies.
Aaron wasn't the only government representative to show up at this week's conference. Before Aaron's speech this morning, four Congressmen spoke via satellite to voice their opposition to mandatory key management systems. They said they understood the need for security but argued that encryption was the solution, not the problem.
"It's a great tool for fighting crime," said Representative Bob Goodlatte (R-Virginia), echoing last year's National Research Council report which recommended encryption as the best way to secure networks and data from criminal attack. Rep. Goodlatte will re-introduce his Security and Freedom through Encryption (SAFE) Act in the House this year.
Three senators also appeared to announce the reintroduction of the Pro-Code bill, which also seeks to outlaw mandatory key storage. Pro-Code gained the bipartisan support of several key senators last year but did not make it to a full Senate vote.
"This is strictly a non-partisan issue," said the bill's main sponsor, Conrad Burns (R-Montana), who appeared with Pro-Code co-sponsors Patrick Leahy (D-Vermont) and Ron Wyden (D-Oregon). "All administrations, Democrat or Republican, have taken the same stand."
Much of the encryption industry gathered here would like to see the Pro-Code bill pass, an event that would make much of Clinton's new regulations obsolete. Knowing he was not playing in front of a home crowd, Aaron began his speech by making fun of himself.
"I wonder if I'm not the anybody that everybody chose for the job nobody wanted," Aaron joked.
He also stressed that he doesn't like being called the "crypto czar," a moniker that implies that he exercises complete control over the policy process. "For one thing, I'm mindful of what happened to the real czar," Aaron said.
Aaron is also the permanent ambassador to the Organization for Economic Cooperation and Development based in Paris. The OECD, with 29 member countries, is due to release its own non-binding policy guidelines for encryption this spring.
Aaron can be expected to make future appearances as the debate over the Pro-Code and SAFE bills heats up. If Capitol Hill passes either bill, the president is expected to veto it, and Congress would then need a difficult two-thirds majority to override the veto.
Photo by Donald R. Winslow