Senate hears encryption testimony
Bill would ease export of encryption technology
The Promotion of Commerce Online in the Digital Era (Pro-CODE S.1726) bill would allow U.S. manufacturers to export encryption technology as strong as that generally available overseas, doing away with the current 40-bit key length limit on mass-market software.
"There's no codification of the top level since computing technology is advancing so rapidly," said Mike Rawson, director of Internet policy for Senator Conrad Burns (Republican of Montana), who introduced the bill.
The bill's sponsors are seeking support to bring the bill to the Senate floor for a vote, according to Rawson. They got a strong boost from two computer industry leaders who testified in the bill's favor: Jim Barksdale, CEO of Netscape Communications Corp., and Roel Pieper, CEO of Tandem Computers Inc.
Pieper complained that the current export restrictions handcuff U.S. companies overseas and will threaten the U.S. computer industry.
"As encryption becomes an integral part of computer products, those computer products will have to be developed and built abroad," Pieper said, in written testimony. "If we cannot compete on equal terms with our foreign competition, it is hard to see how we can prevail."
The Clinton administration came out in force against the bill, however, with testimony from FBI Director Louis Freeh, U.S. Commerce Department undersecretary William Reinsch, and National Security Administration deputy director William Crowell.
The administration argued that the bill would put strong cryptography into the wrong hands -- terrorists, pornographers, and other criminals -- and hamper the computer industry's development of a key escrow system.
But other witnesses pointed out that strong cryptography -- such as Pretty Good Privacy, the encryption program that can be found free on the Web -- is already widely available outside the U.S.
"The point is not that bad people will use strong crypto to do bad things," Rawson said. "The point is, do we want to prevent good people from using strong crypto for doing good things when we can have no effect on the lawbreaker in any case?"
Hearing simulcast over the Web
The hearing was simulcast over the World Wide Web via RealAudio, drawing more than 1,000 listeners, Rawson said. A senator and senate staffers also went online to field questions from around the world.
The bill was also a focal point during a security conference in California sponsored by the Usenix society of computer cryptographers.
In a panel called Cryptography and the Law, panelists from the U.S. Department of Justice, the Electronic Frontier Foundation and staff aids to Senator Burns spoke about the implications of the implementation of a third-party key escrow system. The system, which would require users of strong encryption to register their private keys with a third party, would enable U.S. and foreign governments to gain access those private keys if needed for investigation of alleged illegal activity.
Key escrow is the administration's favored approach to encryption export control, and several FBI and Department of Justice officials would like to see such a system extend to encryption use within the U.S. So far, no legislation has been proposed concerning a worldwide key escrow system of this kind, but the FBI and U.S. Department of Justice are trying to ramp up public concern in order to get a bill on the floor.
Proponents of the system say that key escrow would allow law enforcement officials to find and prosecute criminals that use the Internet to communicate.
"It is our responsibility to protect the public," said Scott Charney, chairman of computer crime unit for the Justice Department during the panel discussion.
While the Justice Department is trying to steer a course toward strong encryption use, a lack of limits on domestic use of encryption means that pornographers and terrorists will be protected from prosecution, Charney said. "Cryptography shifts the balance of power from the government to the people, and when criminals are concerned, that is not a good thing."
Opponents, however, believe that a key escrow system is a violation of individual rights and the Fourth Amendment to the U.S. Constitution, which protects against unreasonable search and seizure. Senator Burn's bill proposes that no key escrow system be used, either in or out of the U.S.
"A key escrow system is not only unconstitutional, but it is a fundamentally bad and unfeasible idea," said Stanton McCandlish, an online activist for the EFF. "The U.S. government would have to create a fascist police state in order to enforce the registration of keys."
While the EFF supports Senator Burns' bill, it doesn't believe the bill goes far enough to abolish all export restrictions and is currently involved in prosecuting a case called Bernstein vs. Department of State, which alleges that export laws are unconstitutional because software creation is protected under the Constitution's First Amendment guarantees of free speech.
"Burns' bill, and all of the bills we've seen so far, don't remedy the major unconstitutional problems [with encryption export]," said John Gilmore, another member of the EFF, during the panel session.
Gilmore also argued that the key escrow plan proposed by Charney and the FBI, which would enable foreign governments to gain access to U.S. private keys and vice versa, would not only put the U.S. at risk of spy attacks from foreign governments, but put individuals at a civil and human rights risk in certain countries.
"If there is a database of private keys available to a corrupt government, they will find a way to get to that information and use it to torture and kill people, and we can't take that risk," said Gilmore.
Matt Raymond, a staff aid for Senator Burns, agreed with Gilmore that a key escrow system could easily have the opposite effect from the one desired. "There are major national security risks involved in giving out private keys of American citizens to overseas governments," said Raymond, who likened the system to the U.S. government having keys to individual citizens' houses and document cabinets.
Charney charged that while a key escrow system could hurt some people, the tradeoff would fall more heavily in the direction of helping protect the public.
"All sorts of criminals will gravitate toward encryption if there is no way to regulate it." said Charney. "We shouldn't make it easier for them to hide their criminal activity."
"Well, just because there are drunk drivers, doesn't mean we should
ban the car," said Raymond.
--Sari Kalin and Kristi Essick, IDG News Service
If you have technical problems with this magazine, contact firstname.lastname@example.org