A report released today by the European Commission is putting more pressure on the Clinton administration as it attempts to forge a policy on encryption that is palatable to law enforcement agencies and national security interests.
The report, drafted by the EC's European Internet Forum, does not specifically rebuff the Clinton administration's proposals, but the broad language in the plan clearly takes issue with some of the more controversial points White House officials recently have floated on encryption.
"Restricting the use of encryption could well prevent law-abiding companies and citizens from protecting themselves against criminal attacks," the report warns. "It would not, however, totally prevent criminals from using these technologies."
It also addresses mandatory key recovery, or requiring that "back doors" be placed in encryption technology to allow law enforcement access to coded messages. "If at all required, [key recovery] should be limited to what is absolutely necessary," the plan directs.
The report, which also cites several studies that are critical of administration proposals, is significant because it suggests that the Clinton administration is out of step with Europe as both strive to develop policies concerning encryption. Over the last several months, the White House has opposed efforts to loosen existing controls on the export of encryption, and some officials within the administration have gone so far as to propose mandatory key recovery on the domestic use of encryption as well.
In arguing its case to Congress, administration officials have stressed that governments abroad are likely to adopt similar measures. Today's report indicates that Europe is likely to be at odds with U.S. policy, critics said.
"This is the most recent and probably most definitive indication that the administration does not have international support for key escrow and any significant regulation of encryption," said David Sobel, legal counsel for the Electronic Privacy Information Center. "I basically see this as the European Commission saying to its member states, 'We are going to provide a counterpoint against the pressure you're receiving from the United States."
Jon Englund, vice president of the Information Technology Association of America, agreed, noting that France and the United Kingdom, the two European countries most in line with U.S. encryption policy, have recently backed away from their respective stances. "What the European Union does and says will be very significant," he said.
Officials from the Bureau of Export Affairs, which administers U.S. government policy on encryption, were not available for comment on the report.