September 8, 1997

The Government Eyes Encryption By Willie Schatz ncryption software scrambles E-mail messages, computer files, and telephone conversations, securing them against spies, busybodies, and thieves. But does permitting encrypted software products to leave the country make the United States more secure, or less? Congress is debating that question. At the same time, a federal judge has ruled that the government's rules limiting the export of encryption code are unconstitutional. Leading the free encryption movement is a House bill, H.R. 695, also known as the Security and Freedom Through Encryption Act. It was created to, in its own words, "affirm the rights of U.S. persons to use and sell encryption and to relax export controls." Its keep-it-here counterpart is a Senate bill, S.909, the Secure Public Networks Act. It would "encourage and facilitate the creation of secure public networks." The computer industry says the debate is a no-brainer. "Information security is critical to the integrity, stability, and health of both corporations and governments," Raymond Ozzie, chairman of Iris Associates and the creator of Lotus Notes, told the Senate Judiciary Committee in July. Cryptography, he added, is the "keystone of secure distributed systems." Michael MacKay, Novell's VP for corporate architecture, was even more adamant. "S.909 is actually worse than the status quo," he told the same Senate committee. MacKay's main objection: He believes that a key-recovery security system, as proposed by the Senate bill, would be tremendously expensive. There have been a few attempts to quantify the cost of doing nothing. The Business Software Alliance, an industry group in Washington, thinks the government's current controls on encryption export put companies at risk of losing $60 billion in the international software market. The Manhattan Cyber Project, an industry-government consortium, plans to reveal in January its estimates on the losses that could accrue from an attack on eight vital government information infrastructures. The pro-encryption H.R. 695 has passed two key committees and has three more to survive before it reaches the floor. S.909 has passed the Senate's commerce committee, but faces fierce opposition from industry and privacy groups. Meanwhile, a federal judge in San Francisco ruled on Aug. 26 that recently revised federal rules limiting encryption exports are unconstitutional. U.S. District Court Judge Marilyn Hall Patel approved an injunction as part of a suit filed by Daniel Bernstein, a math professor at the University of Illinois. Bernstein sued the government two years ago, arguing that federal controls on encryption violate his First Amendment rights to free speech. Judge Patel's injunction forbids the government from prosecuting Bernstein for posting h is encryption software, called Snuffle, on the Internet. It also frees Bernstein to post his software on the Net and discuss the code in public. The government is expected to appeal. Back to News in Review Send Us Your Feedback Top of the Page

---