The New York Times
Tuesday, June 9, 1998

Encryption Debate Heats Up in Washington

by Jeri Clausing,

WASHINGTON -- Encryption policy is on the front-burner in the capital again this week, with high-level meetings that could determine whether the contentious debate over exporting software and decrypting personal messages will finally make it to a Congressional vote or simmer for yet another year.

On Monday, some of the world's top cryptographers gathered in Washington to debate Clinton Administration officials and issue their second indictment of the Administration's push for a system guaranteeing law enforcement quick access to scrambled data.

The cryptographers' report said that if any such system, known as key escrow or key recovery, met the Administration's stated objective, it could not be "operated securely, in an economical manner, on a large scale or without introducing unacceptable risks".

On Tuesday, Microsoft's founder, Bill Gates, and other high-tech executives who oppose the policy are scheduled to meet with Louis J. Freeh, the director of the Federal Bureau of Investigation, who is pushing the administration's key recovery plan.

And later this week, two Congressional leaders on opposite sides of the issue are meeting to discuss a compromise. Senator Conrad Burns, a Montana Republican helping lead the Senate effort to pass legislation that would ease export controls on encryption technology and forbid government-mandated key-recovery systems, said he is meeting with Representative Gerald B. Solomon, a New York Republican, who as chairman of the House Rules Committee is the force keeping similar House legislation from a vote.

"We could have some breakthroughs here", Burns said. "We've got to get this to the floor. If we get it to the floor, it will pass."

Others were less optimistic much headway would be made, particularly during the meeting between Gates, Freeh and some other high-tech executives. That meeting was arranged by Senator Dianne Feinstein, a Democrat from Silicon Valley who has been very sympathetic to the FBI stance -- despite her strong high-tech constituency.

"I expect that there will be very high-level discussions of principles", said Jeff Smith of Americans for Computer Privacy, a coalition of industry and privacy groups fighting the administration's encryption policy.

"My guess is that both sides will acknowledge this is a difficult problem and progress needs to be made."

Robert Litt, a principal associate attorney general at the Justice Department, agreed.

"There is a limited amount that can be accomplished in this kind of environment", he said. The best both sides can hope for, Litt added, is a "commitment to solve the problem".

But if the debates at the Electronic Privacy Information Center's Cryptography and Privacy Conference on Monday were any indication, little movement is being made in the dialogue between high-tech companies and the administration.

Industry and privacy advocates are seeking legislation to lift the current export controls on strong encryption software. The administration, however, at the urging of the FBI, has insisted that any easing of export controls must be coupled with a key-recovery system that would guarantee law enforcement access to spare "keys" to unscramble data if they thought a law was being broken.

During a panel discussion with Smith, Litt, Commerce Undersecretary William A. Reinsch and David Peyton of the National Association of Manufacturers, Smith said his group put a compromise plan on the table May 8, but has yet to receive a response. That plan, introduced as legislation by Burns and Senators John Ashcroft, a Missouri Republican, and Patrick J. Leahy, a Vermont Democrat, attempts to address law enforcement's concerns by financing a center for encryption research by law enforcement.

Litt said the proposal "is worth talking about, but we have to give it a lot more thought before responding".

Also at the conference, 11 cryptographers and computers scientists who last summer wrote a report for the Center for Democracy and Technology on the risks of key recovery presented an updated version of that effort.

The bottom line, they say, is that the essential findings "remain unchanged and substantially unchallenged: The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs."

Matt Blaze, a cryptographer with AT&T Laboratories who co-wrote the report, said the original report was prompted by assertions by advocates of key recovery that a genie could come down and present a magic box that would give the government -- and only the government - a key to encrypted communications.

"We don't have such a magic box", he said.

Over the past year, he said, there has been "no design or architecture that leads us to question the original conclusion that it is infeasible" to create such a system.

Litt, however, called on those at the conference and the high-tech industry to make sure that the government has the proper surveillance tools as more and more criminals turn to encrypted communications.

"Law enforcement is not opposed to encryption. Like everyone else in this room, we want strong encryption to be widespread", he said.

"But everyone in this room should understand that strong encryption is going to have an adverse impact on law enforcement's ability to protect you, your family, your business, your country as a whole. We can count on the fact that the spread of strong encryption is going to mean that sooner or later, lives are going to be lost."

Related Sites

Copyright © 1998 by The New York Times Company. All Rights Reserved. Reprinted with permission.