In October 1993, then Deputy Secretary of Defense William Perry said government policy makers "have to recognize that we don't have any ability to control computers which are available on the mass retail markets." Unfortunately, other senior Clinton administration officials disagree. They have used Cold War era regulations to equate exporting data encryption–the use of mathematical formulas to scramble messages over computers–with selling munitions.
Now a panel appointed by the National Research Council has surprisingly concluded that using arms control laws to regulate encryption "is not adequate to support the information security requirements of an information society." In "Cryptography's Role In Securing the Information Society" (CRISIS), a 500-page report requested by Congress, a panel of 20 academics, attorneys, and computer entrepreneurs called for export controls to be relaxed and for government encryption policies to get the same public scrutiny as other economic regulations.
Law enforcement officials say encryption must be tightly regulated to prevent terrorists, drug dealers, and other lawbreakers from concealing their criminal activities. They want any changes in policy developed in secret. The Clinton administration has responded by proposing new programs that would require encryption users to deposit their decoding "keys" with the FBI or third parties designated by the government.
But individuals and businesses wish to accelerate the use of the Internet and other electronic networks to exchange information and conduct commerce. And export controls could cost domestic encryption manufacturers as much as $60 billion in lost sales by the end of the decade. "[I]n an era in which cryptography plays an important role in protecting information in all walks of life," say the authors of the report, "public consensus and government secrecy related to information security in the private sector are largely incompatible."
Indeed, the ultra-respectable authors, who include former Attorney General Benjamin Civiletti, former deputy director of the National Security Agency Ann Caracristi, and Council on Foreign Relations President Leslie Gelb, reject the law-enforcement demand that encryption policies must be treated as classified information and decided behind closed doors. Instead they "believe that the broad outlines of national cryptography policy can be analyzed on an unclassified basis." While not calling for an end to export controls, the authors would like to have these restrictions "progressively relaxed but not eliminated."