Data Privacy: A Win For Business
Software publishers are elated. Privacy advocates are sulking. But U.S. business may be the real winner from the Clinton Administration's abrupt move away from a plan that would have made it easier for the government to eavesdrop on encrypted data transmissions.
If the Information Superhighway's business route is ever to be built, companies need a way to protect sensitive data from prying eyes and to provide the digital equivalent of signatures to make electronic documents legally binding. Encryption can do both (BW--July 4). But controversy over how private encryption can be used has slowed the development of the needed systems.
At the heart of the controversy is a technique called escrowed-key encryption, popularly known as Clipper. Under the Administration's original plan, Clipper would have let users encode voice and data communications. Government agencies would have held in escrow the keys needed to read messages and handed over the keys to intelligence and law-enforcement agencies only in response to court orders. In the interest of national security, severe restrictions were put on the export of all other encryption technologies.
Business reaction to Clipper was overwhelmingly hostile. The major objections: The technology would be cumbersome because it would be available only on a special chip, not in software. It was impossible for private experts to assess how secure the classified computer program was. Executives and privacy advocates alike feared that the government would abuse the key-escrow system. And Clipper was unacceptable to foreign governments, which would not be able to read encrypted messages. In a global economy, this was a severe limitation.
A campaign, led by the major software publishers in the Business Software Alliance and groups such as the Electronic Frontier Foundation, which advocates electronic free speech, forced a turnabout. The climax came on the day that the House was to vote on a measure, drafted by Representative Maria Cantwell (D-Wash.), to ease encryption export restrictions.
In a letter to Cantwell, Vice-President Al Gore said Clipper technology would be limited to scrambling telephone calls. Government will work with industry on alternative ways to guard data communications. Among his promises: The computer code for a new encryption system will be unclassified, not limited to a secret chip. Usage will be voluntary. The technology can be exported. And private institutions might replace the government as escrow agents for the keys.
HOW PRIVATE? The Administration's move drove a wedge between Clipper's privacy opponents and its business foes. Robert Holleyman, president of the Business Software Alliance, praised Gore's letter as "substantial progress." Privacy advocates still demand the complete abandonment of escrowed encryption. Gore's letter is "not a victory for freedom or privacy," declared the Electronic Privacy Information Center. But the Administration has conceded most of the key points. Most important: Gore's pledge that escrowed encryption will be voluntary assures that people can encode messages in ways the government cannot read. A concern for business is how long it will take to develop an encryption system that meets the Administration's new standards. The chore would go much faster if Clipper's computer code, Skipjack, could be used as the starting point. But the hypersecret National Security Agency, which wrote Skipjack, may refuse to declassify it. In addition, setting up a trusted, private key-escrow organization will be difficult. The international data highway is still far from reality. But the Administration has at least cleared the right-of-way.
HOW THE CHANGES WILL HELP
-- Encryption can be done by software, not just by a government-approved secret chip, making the system far more flexible.
-- Law-enforcement and national security agencies are less likely to abuse their access to coded messages.
-- The technology can be exported.