Industry Splits on New Encryption Policy
The government's new policy offers industry prizes for cooperation and pain for opposition
Several major infotech companies have announced their support of the White House's latest encryption plan, which allows easy export of 56-bit encryption software for the next two years.
However, the Business Software Alliance, a lobbying group which boasts Microsoft as its main backer, has protested the policy, which requires companies to add government-approved, key-recovery technology to encryption products exported after 1998.
If the government stymies exports with a slow approval process for new key recovery, Congress is more likely to oppose the new policy, said Kenneth Bass, an attorney with the Washington-based firm Venable. One of Bass' clients is Netscape Communications Corp., Mountain View, Calif., which opposes the plan.
Throughout 1996, Microsoft, Netscape and other companies lobbied Congress to pass export-liberalization bills sponsored by Sen. Conrad Burns, R-Mont., Sen. Patrick Leahy, D-Vt., and Rep. Bob Goodlatte, R-Va. The bills were derailed by opposition in Congress and the White House.
Because of the new proposal, "we have a critical mass of companies that will work with us" to promote key recovery, said Greg Simon, domestic political advisor to Vice President Al Gore.
Two companies have asked for approval to export suitable technology, said William Reinsch, the Commerce Department's undersecretary for export administration. He declined to identify the two companies.
The alliance of 11 infotech companies, including Digital Equipment Corp., Maynard, Mass., and IBM Corp., Armonk, N.Y., announced Oct. 2 that they would work to develop key-recovery technology. The technology is intended to reliably shield data from crooks and thieves, but not from court-ordered wiretaps and search warrants.
The government is promoting the use of key-recovery technology to help the FBI and intelligence agencies recover unscrambling keys to encrypted communications among criminals and terrorists.
Under the policy, companies can export encryption products protected by a 56-bit digital key, which is much more difficult to decipher than 40-bit encryption, the strongest that can be easily exported under current rules.
However, each company is required to submit detailed plans to the Commerce Department showing how it will develop and add key-recovery features. Unless features are added by January 1998, the government will curb the companies' export of products with keys larger than 40 bits.
If features are added and deemed reliable, companies will be allowed export products with much longer key lengths, such as 128 bits. These lengths will make it economically impossible for even rich nations to decipher private messages unless the encryption product is used badly or contains a flaw.
The new policy is included in an executive order, scheduled to be signed by President Bill Clinton.