For years, the battle over data encryption--the technology used to keep computerized information confidential--was an arcane fight over export controls. National Security Agency spooks wanted tight controls to keep software capable of cloaking information with an unbreakable code out of the hands of terrorists. U.S. industry protested that such restrictions would cut off billions in sales and curtail the growth of electronic commerce--without doing much to boost national security.
Then last year, the debate took a dramatic and, some would argue, dangerous turn. FBI director Louis J. Freeh called for domestic controls on encryption, as well. Without them, he argued, law enforcement agencies would be hamstrung. Key members of Congress agreed. Last September, the House Permanent Select Committee on Intelligence gutted an industry-backed bill to relax export controls and replaced it with a measure that would prevent anyone from making, distributing, or selling any encryption product that didn't provide "keys" to unlock coded information that police could seize. Privacy advocates on both sides of the political spectrum were aghast. Companies, who want to assure consumers that doing business on the Net is completely secure and confidential, foresaw lost billions.
"STALKING HORSE." Now, opponents are mounting a counteroffensive. Organizations such as Microsoft Corp., the U.S. Chamber of Commerce, and the Business Software Alliance plan to contribute more than $10 million to finance a massive lobbying and publicity campaign to beat back domestic controls and relax export restrictions. Heading the offensive are Washington insiders Edward W. Gillespie, who helped write the GOP's Contract With America, and Jack Quinn, former chief of staff for Vice-President Al Gore. "We are going to bring about change in U.S. encryption policy," vows Quinn. The group, Americans for Computer Privacy, plans a rollout on Mar. 4.
Is all this firepower necessary? Many veterans of the decade-long encryption battle believe Freeh's plan is too extreme to even take seriously. "Proposals like this are a tremendous stalking horse, but are dead on arrival," says Kawika Daguio, encryption-policy expert at the American Bankers Assn.
Other players argue, however, that it wouldn't hurt to drive as many nails as possible into the coffin. Every time a law enforcement case is made more difficult because the perpetrators used unbreakable encryption to cover their tracks, the FBI and police will run to Congress looking for help, warns Washington attorney and former NSA official Stewart A. Baker. "Companies will not have won this fight until they win the fight against `Mothers Against Strong Encryption,"' he says.
Still, much of the current rhetoric is overblown. For one thing, observes Stephen T. Walker, CEO of Trusted Information Systems in Glenwood, Md., "in spite of all the smoke," export controls on cryptography products--which were once classified as munitions--are already easing. Now, all products that use computer "keys" up to 56 bits long to encode information are freely exportable. That produces a strong enough code for most purposes. And products that have keys of unlimited length (and thus, strength) can be exported as long as they also contain a mechanism for recovering the keys. The situation "is not as bad as the zealots on either side would say," says Walker.
Also, a compromise may be at hand. Senators John McCain (R-Ariz.) and J. Robert Kerrey (D-Neb.) are currently working on a bill, sources say, that would release exports from controls when similar encryption products are already available overseas. They could also add a ban on domestic controls. "It appears McCain and Kerrey are searching for some way out of what appears to be legislative gridlock," says Commerce Under Secretary William A. Reinsch, who oversees the Administration's policy.
But Reinsch and others are not optimistic that the Senate effort can break the logjam--especially given the new coalition's hard line. "Aside from Kerrey and McCain, no one wants to compromise," Reinsch laments. "It's the oddest thing I've ever seen. Both sides think they are getting stronger--and want to go for the whole loaf." As a result, America's encryption policy will probably continue to be half-baked.