US Report: Clinton's crypto policy 'a failure'

Department of Commerce Secretary, William Daley, yesterday said what civil libertarians and industry executives have asserted for years: The Clinton administration's policy on banning exports of data-scrambling technologies has failed.

Similar admissions usually signal a thaw in long-frozen relations. But signs of real progress on what a White House official once dubbed the "Bosnia of technology policy" are still nowhere to be seen.

"While our policy goal - balance - is the right one, our implementation has been a failure," Daley told a group of industry executives. "We have not been able to agree, amongst ourselves or with the business community, on how to reach that balance. The lack of agreement is caused by the unwillingness to compromise. There are solutions out there," Daley continued. "Solutions that would meet some of law enforcement's needs without compromising the concerns of privacy and business communities. But I fear our search has thus far been more symbolic than sincere."

Daley's comments were part of a larger speech on issues related to online commerce raised in the department's just-released 300-page paper "The Emerging Digital Economy," which likens the impact of the Internet and other digital technologies to that of the Industrial Revolution.

For more than five years, industry and civil libertarians on one hand and police and intelligence communities on the other have butted heads over ordinary Americans' rights to use strong encryption technology and export those same techniques abroad.

Strong encryption protects electronic communications and stored computer data with near-absolute security. Since well-encrypted communications remain impervious to eavesdropping no matter who intercepts them, experts say the technology is indispensable to private communications for business and personal use on insecure networks like the Internet.

Yet that same security poses a threat to law enforcement, which says criminal groups have already begun to use encryption software to protect telephone calls and computer files alike from eavesdropping. As a result, U.S. companies' efforts to export their products abroad have been met with a thicket of restrictions and impenetrable regulation, frustrating American companies' attempts to keep up in a market that even administration officials now concede is being lost to European and Asian competitors at an alarming rate.

"At the end of 1997, we estimate there were 656 encryption products in 29 countries outside the United States," Daley said. "There are major producers in Germany, Ireland, Canada, Israel and Great Britain. They are competitive with anything U.S. producers can make. And they can supply almost all the needs of computer networks."

The FBI and the Department of Justice have pushed U.S. encryption producers for a "key recovery" program, under which encryption users would deposit descrambling codes with federally approved key recovery centres so that law enforcement could access the plain text of encoded messages when authorised under court order.

That approach has met almost universal opposition outside law enforcement and intelligence communities. Most foreign governments' rejection of the law enforcement's views has all but assured a thriving market for unregulated encryption technologies for non-U.S. competitors like Brokat, Siemens, Ascom.

Marc Rotenberg, director of the Electronic Privacy Information Center, praised Daley for his new found flexibility. "I think he's right," Rotenberg said. It's been a difficult issue because law enforcement has been at the table pounding hard. I'd give Daley credit for saying what everyone's thinking."

Industry executives admitted they had reached an impasse but denied they were blocking reasonable efforts to reach a settlement. "Certainly there's incentive to compromise, but the problem is the reality of the world marketplace is that no matter what the compromise is here, our customers overseas will demand stronger and stronger encryption," said Peter F. McCloskey, president of the Electronic Industries Alliance. "They would very much like to retain the tools that law enforcement have, but the rest of the world is not going to let them have it."

For the time being, McCloskey said, industry negotiators are encouraging law enforcement to harness more powerful computers to crack codes instead of trying to ban unrestricted encryption use outright.