Encryption policy challenged

The Business Software Alliance, a powerful Washington trade organization, warned the White House that its encryption policy will fail if the government does not turn to the industry for guidance.

In a letter to Vice President Al Gore, the organization--which represents the software companies including Adobe, Apple Computer, Microsoft, and Novell--cautioned the government that its plans do not address many of the issues that software companies will face after the regulations go into effect January 1.

BSA president Robert Holleyman said he was dismayed with the implementation of the policy and that the government is heading in the "absolute wrong direction."

"We seriously doubt that the regulations will work, meet computer user demands, or be accepted by the private sector unless the administration radically changes its approach," Holleyman wrote.

The White House plan allows the export of more powerful encryption than was previously allowed in an effort to free American technology companies to compete more freely in the international market for online and e-commerce technology. But in return for loosening the export laws, the government wants encryption developers to store the numerical keys in a trust, or independent body. Dubbed key escrow, the system grants law enforcement officials the right to "recover" the keys to unlock encrypted documents with a court order in case of criminal proceedings or a question of national security.

Under the plan, companies can apply for a six-month license to export the longer 56-bit encryption keys. In exchange, exporters must promise to submit their key recovery systems within two years. Domestic use of key escrow will be voluntary and unregulated, Vice President Gore said in October, but few companies can ensure that their technology will be used only within the United States.

When the policy was released on October 1, the BSA came out in support of the regulations. An alliance of 11 major software and hardware companies, the majority of which are BSA members, also agreed to work with the government to develop key recovery solutions. However, the BSA thinks the policy is guaranteed to fail if the government doesn't work with the organization to implement it.

In its letter, the BSA said that the government has been unresponsive to five key principles that must be addressed to make the new rules feasible:

The key recovery systems should be entirely voluntary.

The key recovery products should be exportable without a key length limit.

The government should not dictate "milestones" for companies' plans for key recovery products.

Interim export control relief must permit the export of 56-bit nonkey recovery products.

There must be interoperability between key and nonkey recovery products.

"We don't feel that we're setting unrealistic demands here," BSA spokeswoman Kim Willard said today. "We think the administration has the capability to address these issues. If not, it means we?re looking at a very similar situation to the Clipper chip: a lot of lost sales and lost opportunities for consumers."

Willard added that the vice president has not replied to the letter.

The encryption policy has already garnered the opposition of several other industry organizations, who applauded BSA's change of heart. "I think that is very good news," said Mark Rotenberg, director of the Electronic Privacy Information Center. "We're happy to hear the industry groups also stand up and say, 'This is not a good idea.'"