The New York Times
Thursday, April 16, 1998

Commerce Chief Calls U.S. Encryption Policy Flawed

by Jeri Clausing, jeri@nytimes.com

WASHINGTON -- The Clinton Administration's attempts to control encryption technology have been a failure and are forcing American software makers to concede ground to foreign competitors, Secretary of Commerce William M. Daley said on Wednesday.

Daley's remarks, made in a speech here to the high-tech industry, were the strongest indication yet that the administration is seriously considering parting ways with Louis B. Freeh, the director of the Federal Bureau of Investigation, and other law enforcement and spy agencies over the issue of how data can be scrambled.

"We are headed down a lose-lose path, and we have to get back to win-win", Daley said. He lay the blame for the failed policy on both industry and law enforcement officials, saying that the two sides had failed to find a reasonable compromise between the need to monitor the activities of criminals and the need to offer consumers strong security for online transactions.


RELATED ARTICLE

U.S. Report Weighs Impact of E-Commerce

The purpose of his speech on Wednesday was to release the Commerce Department's first comprehensive report on the impact of electronic commerce on the nation's economy. The report shows that information technology, including business on the Internet, is growing twice as fast as the overall economy, employing some 7.4 million workers at salaries 64 percent above the national average.

But while the report was full of impressive numbers and glowing predictions for the future, Daley said that strong encryption and a solid encryption policy were essential if electronic commerce was to realize its full potential.

Daley's blunt comments marked the first public admission that the Clinton administration's encryption policy has failed. And his remarks echoed what the industry has contended for years -- that foreign companies are fast taking over the high-demand market for products that protect the privacy of communications.

The software industry is currently prohibited from exporting strong-encryption programs, which scramble data in ways that make it difficult or impossible for unauthorized people -- including law enforcement agencies -- to decode. Such software is essential to electronic commerce, which requires that credit card information and other private data be encrypted when products are ordered on the Internet.

The software industry has long argued that the export rules put American companies at a great disadvantage relative to off-shore competitors, who are not under such restrictions.

Freeh and the National Security Agency argue that the threat of terrorists and other criminals scrambling data to thwart law enforcement officials is so great that the export restrictions should be removed only if the police are given keys to unlock encrypted data.

At the end of 1997, Daley said, an estimated 656 encryption products were being produced in 29 countries outside the United States. Products from Germany, Ireland, Canada, Israel and Britain can compete with anything made domestically, he said, and can meet the need of the world's computer networks. "Our policy, ironically, encourages the growth of foreign producers at the same time it retards growth here", Daley said.

Daley called for a sincere dialogue between industry and law enforcement, but he stopped short of saying that the Administration would give up on demands from the FBI and the National Security Agency that a lifting of export controls be contingent on adopting a scheme, called a "key recovery plan", that guarantees the police keys to unlock scrambled computer communications. "There are solutions out there", Daley said. "Solutions that would meet some of law enforcement's needs without compromising the concerns of the privacy and business communities. But I fear our search has thus far been more symbolic than sincere."

"The cost of our failure will be high", he added. "The ultimate result will be foreign dominance of the market. This means a loss of jobs here, and products that do not meet either our law enforcement or national security needs."

Daley declined to offer examples of what the administration might be willing to give up to reach a compromise. "The next step, hopefully, is for us in government and those in industry to come back to the table with something besides a demand for 100 percent victory and joy in knowing we can block each other", he said.

Industry officials, however, said there was no room for compromise. "People want complete privacy", said Peter F. McCloskey of the Electronic Industries Alliance.

Harris N. Miller, president of the Information Technology Association of America, said companies were willing to continue discussions with the administration, but he asserted that Government officials "think compromise is something in the middle; sometimes compromise is found outside of the box."

Miller said that the solution needed to be a technical one, perhaps one that gave law enforcement better training and equipment to crack encrypted criminal communications without requiring that everyone hand over spare keys to their computer files. "Law enforcement has legitimate concerns", Harris said. "What we disagree with is their demand for unlimited access."


Related Sites


Copyright © 1998 by The New York Times Company. All Rights Reserved. Reprinted with permission.