On October 1, 1996, the Clinton administration offered what it called a “compromise” to the computer industry with regard to the export of cryptography. The proposed policy, released by Vice President Al Gore, offered to remove export restrictions on cryptography technology if the corporations that market the technology would agree to allow law enforcement to decrypt any encrypted material. Critics immediately began referring to the policy as Clipper 3.1.1.
It’s little surprise that this new compromise is championed by the U.S. intelligence community. Law enforcement officials wouldn’t need the actual keys used to encrypt a message, you see. Instead, officials with the proper warrant could obtain the cooperation of two “outside parties” also referred to as “trusted agents” to help decrypt the information.
IBM developed the new technology, referring to it as a “key recovery” system to differentiate it from the “key escrow” systems that drew strong opposition a few years ago. In practice, the differentiation is in name only.
In a key escrow system, a third party—either governmental or corporate—would hold the keys necessary to decrypt any encrypted message. With a warrant, these keys could be used by law enforcement to read any encrypted message. In a key recovery system, more than a single third party would hold the information necessary to recover any encryption key.
The Clinton administration, for its part, has implied that export restrictions would be retained for any company refusing to implement the key recovery system in its products.
Companies that include encryption technology in their products can apply for a six-month cryptography export license so long as they agree to submit their keys to an escrow agent within two years. Cryptographers generally recommend an encryption key of at least 75 bits; the Clinton administration plan will allow encryption keys up to only 56 bits long. The White House plan also transfers encryption export control jurisdiction from the State Department to the Commerce Department, a move that’s likely to have little—if any—effect on cryptography export controls since the Justice Department will retain ultimate control over the granting of the export licenses.
A trade association for the software industry, the Business Software Alliance, has lobbied for inclusion of a cost-of-cracking adjustment (COCA) in any cryptography legislation. A COCA would increase the encryption key length by two bits every three years to account for advances in code-cracking methods and technology. Gore’s proposal makes no mention of a COCA. It’s assumed the Clinton administration would oppose any such adjustment.
Appallingly, by mid-October, only two elected officials had responded to the compromise proposal. Senator Conrad Burns (R-MT) released a statement criticizing the Clinton administration for refusing to negotiate on key escrow. Senator Patrick Leahy (D-VT), in a statement released the same day, said that the issue of encryption “cannot be resolved by Executive fiat,” and blasted the Clinton administration for “directing the resources of our high-tech industry to develop breakable, rather than unbreakable, encryption.”
Even worse, a cabal of 11 high-tech companies—Apple, Atalla, Digital Equipment, Groupe Bull, Hewlett-Packard, IBM, NCR, RSA Data Security, Sun, Trusted Information Systems, and United Parcel Service—announced intentions to develop the key recovery systems proposed by the Clinton administration.
Simultaneously, all is not quiet on the Justice Department front. Justice is arguing that the entire Internet should be completely wire-tappable based on the capabilities offered by Internet-based telephony. Both the Justice Department and the FBI consider personal privacy to be an acceptable casualty of guarding national security.
0 responses. Comments closed for this article.