Encryption Policy Debate Lights Up San Francisco

Friends and foes of U.S. encryption rules face off at conference

At the 1997 RSA Data Security Conference in San Francisco in Jan., one didn't have to look far to find an opinion on government regulation of cryptography export. The topic hung over the proceedings like a winter storm cloud, complete with lightning bolts. It seemed everyone had an opinion--and they formed around two opposite poles. There was no middle ground.

On the government side, Washington's new envoy on cryptography, David Aaron, told the gathering of some 2,400 that a wide-open international market for encryption technology is unlikely. He said he is trying to convince other nations to adopt regulatory policies similar to the ones the Clinton Administration is insisting on--the same ones that many in the industry find so odious.

Aaron, whose title is special envoy to the Organization for Economic Cooperation and Development, was appointed as part of the government's new policies allowing export of stronger cryptography--as long as law enforcement authorities have access to cryptographic keys held by third parties. The basic technology behind the policy is known as key recovery.

Strong Opinions
The opposition of most in the audience to that limitation was obvious during a panel discussion on the subject that included spokespersons from both government and industry. Advocates of unregulated international trade seemed to have taken heart from the Dec. 18 decision by a federal judge against federal rules. In that decision, U.S. District Judge Marilyn Hall Patel said in San Francisco that federal regulations barring the export of strong encryption technology violate the Constitution's free speech protections.

After Georgetown University computer science professor Dorothy Denning told the conference she didn't see why software should be protected as free speech, the audience reacted with stony silence. Then Denning was taken strongly to task by Cindy Cohn, attorney in the San Francisco case, who came out of the audience to chastise Denning. Cohn was cheered enthusiastically. In the San Francisco case, Cohn represented Daniel Bernstein, an Illinois mathematics professor who didn't want to be forced to submit to the government's licensing requirements for exporting his software.

The U.S. government is committed to buying key-recovery products for government use and to the development of key-recovery technology.

Still, government agencies pressed their case. "There is extreme danger without key recovery," said Ed Appel, director of counterintelligence programs for the National Security Council in Washington, D.C. The U.S. government is committed to buying key-recovery products for government use and to the development of key-recovery technology, he said. But he acknowledged that government agencies cannot agree among themselves on what U.S. encryption policy should be.

"To us, it's a vital issue because of terrorist activity," said Nigel Hickson, representing the United Kingdom's Ministry of Trade and Industry. "We intercept messages from the IRA in London. Some of those messages contain information about bomb explosions. If some of those messages are encrypted, then it's possible some of those explosions won't be prevented."

But Peter Harter, public policy counsel for Netscape Communications, warned of the economic consequences of restraining free trade in cryptography. "More delay here is going to sacrifice something that all nations need, and that is the Internet economy. It has already added 1.5 percent to the gross national product of this country. There are bad uses for encryption but it's like a kitchen knife. There are more good ones than bad ones."

The conference was sponsored by RSA Data Security, a developer of encryption tools and technology.

Back | Table of Contents | Next