Know the Code

Making encryption safe, legal--and not rare.


Since taking office in 1993, the Clinton administration has clashed with high-tech companies and privacy advocates over electronic data encryption, the use of mathematical formulas to scramble messages sent over computer networks. The White House has regulated encryption so that law enforcement agencies can easily unscramble messages sent by suspected criminals. Individuals and organizations want to remove these restrictions so that they can ensure the privacy of their communications.

Congress may choose privacy. Three pending bills would bypass current regulations, allowing Americans to use any encryption programs they desire. They would also make it tougher to impose new restrictions on commercial cryptography.

The White House has used Cold War-era regulations that treat encryption as a weapon to restrict the length of the encryption "keys" that can be exported without first obtaining a license from the Commerce Department. The keys unscramble encrypted messages; the shorter the key, the easier the encryption is to crack. The administration also plans to allow companies to sell stronger encryption programs only if the keys are deposited with law enforcement or national security officials (a.k.a. "key escrow").

As a result, software makers have not developed the strongest possible encryption programs for the general public because they won't write separate programs for domestic and foreign customers. And no sensible overseas consumer would buy encryption knowing that its private communications would be subject to U.S. government snooping. If encryption restrictions were removed, the software industry estimates that U.S. companies could sell as much as $60 billion a year in encryption hardware and software by 2000.

The three bills before Congress–introduced by Sen. Conrad Burns (R-Mont.), Rep. Bob Goodlatte (R-Va.), and Sen. Patrick Leahy (D-Vt.)–would each guarantee the right of Americans to use or sell any encryption they want domestically. The bills would also eliminate export controls on any free or mass-market commercial encryption programs (such as Norton Utilities). The Goodlatte and Leahy bills would make it a federal crime to use encryption to conceal the commission of a felony.

Burns unveiled his bill at the March Conference on Computers, Freedom and Privacy in Cambridge, Massachusetts. His bill would go further than Goodlatte's or Leahy's, by prohibiting the federal government from imposing key-escrow requirements and preventing the secretary of commerce from entering into international agreements that limit encryption. Burns planned to formally introduce his bill in mid-April, after press time.

While Congress will probably hold hearings on the bills this year, it's unlikely a vote would occur before the election. Republican presidential nominee and Senate Majority Leader Bob Dole is a principal sponsor of the Leahy bill and may sponsor Burns's legislation–making Dole more in tune with the wired generation than the younger man who currently occupies the White House.