Companies blast encryption plans

High-technology companies today criticized the Clinton administration's latest proposals for national encryption regulations, saying that the policies will force the industry to strike an unacceptable deal that gives away the right to secure communications.

The administration proposed a series of new data-scrambling policy initiatives Friday that would permit U.S. companies to more effectively compete internationally. In a press roundtable, Vice President Al Gore said the administration would consider liberalizing export controls on encryption software and was willing to work with the industry to develop an international system for managing the mathematical keys used to scramble data, making it possible for law-enforcement officials to monitor messages.

If the computer industry is willing to cooperate on these key-escrow systems, Gore said, the government would transfer jurisdiction over encryption products from the State Department to the Commerce Department. In a written statement, the administration also said that encryption keys would be provided "voluntarily" by computer users and that in some cases, organizations might guard their own keys.

But those in the software industry saw nothing substantially new about the administration's position. Observers say the concessions are minor and include expanding the licensing of encryption technology for export to include health care and insurance companies. Also, the administration would transfer jurisdiction over encryption products from the State and Commerce departments, a move that would be mostly of impact to those charged with violations.

Philip Zimmermann, chairman and chief technology officer of Pretty Good Privacy, says that the administration isn't committed strongly enough to liberalizing export controls. "We know that the American computer industry is hurting. They want us to strike a Faustian deal by allowing us to export encryption technology in exchange for key escrow," but he feels that because it is a civil liberties issue, it is a deal Zimmermann doesn't want to strike.

The administration itself would seem to back Zimmermann's claim. A study done by the Commerce Department found that even though U.S. software companies hold the majority of the worldwide general purpose encryption software market, "export controls limit U.S. market share in [14] countries."

"Even as an economic issue we should still win this argument without giving them keys," Zimmermann added. "We need to participate in global information infrastructure. There are two ends to every wire, and if we don't supply cryptography to people at other end of wire they're going to supply it themselves."

FTP Software is one company facing the Faustian deal that Zimmermann talks of. FTP announced today that they will be including encryption technology licensed from PGP in their email package. According to the company, 46 percent of their sales are to overseas firms--none of which can buy their new product.

"For the customer base we have, encrypted email is a very big concern because they want secure communications," said John O'Hara, director of security for FTP. "For FTP and many other companies like us, a large percentage of the market is outside of the U.S."

He added that "there are many countries that don't regulate the export of encryption, and companies that are based there enjoy an advantage over us. Obviously, we'd be very apreciative of relief from artificial restrictions."

Even if export controls were relaxed, companies like FTP would still face the dillemma of developing two distinct products, one for the U.S. market, which isn't amenable to a key escrow system, and one for the worldwide market. The administration also appeared to hold to its latest proposal for the export of 64-bit encryption, meaning that in order to tap foreign markets, companies would also likely give U.S. customers the security system that they could export, rather than the strongest possible encryption algorithms.

During the last three years the administration has attempted to persuade the public to support an approach to protecting the privacy of computer and telephone communications that would permit law-enforcement and intelligence-agency officials to continue to wiretap electronically scrambled messages and conversations.

Originally proposed as a system known as Clipper Chip, the data-scrambling technique would split the mathematical "keys"--large numbers--that are used to scramble data and then hold those keys in escrow, making them available to law-enforcement officials who have court orders, permitting them to eavesdrop.

The administration policy, driven by law-enforcement and intelligence-agency requirements, has created bitter opposition from U.S. computer makers, which insist that they are losing sales because of export controls, and by civil libertarians, who argue that Clipper would allow for Big Brother-style surveillance.