WASHINGTON-The Clinton administration is on a collision course with Congress over encryption policy, as policymakers try to balance law enforcement and national security needs with privacy and commercial interests.
The latest White House proposal, outlined by Vice President Al Gore in a briefing with reporters July 12, moves closer to industry’s position. But it is unclear whether the administration can secure enough support by the time detailed policy recommendations are sent to the president in early September.
The initiative’s reliance on a key recovery mechanism, even though the federal government would not necessarily hold keys to unlock scrambled data codes, remains controversial and could hinder the quest for consensus on the policy.
Early reaction indicated custom encryption software developers were more likely than sellers of mass market, shrink-wrapped computer software to buy into the White House plan.
In the meantime, the administration said it would consider in the short-term liberalizing export controls for certain commercial encryption products provided they include or will include a key recovery system; working with industry to develop performance and technical standards and to pilot several key recovery projects; and shifting jurisdiction of encryption products from the State Department to the Commerce Department.
The latter measure may prove particularly enticing to telecommunications and computer sectors that have run into bureaucratic and foreign policy snags at State.
Christopher Padilla, a spokesman for Lucent Technologies Inc., said a wireless credit card verification system with encryption being sold to Peru was put on hold because of military export restrictions that kicked in when a border dispute with Ecuador arose.
“I think we are willing to work with the administration over the next couple of months to see what the market opportunities are for key escrow encryption,” said Padilla.
Lucent, the manufacturing unit spun off from AT&T Corp., was one of the few commercial entities to adopt Clipper Chip encryption technology that the White House inherited from the Bush administration and attempted without success to sell to American industry.
“Frankly, our experience with Clipper means they have a lot of convincing to do,” said Padilla.
Today there are no restrictions on encryption technology within the United States. Yet firms are limited to selling encryption with key lengths of up to 40 bits overseas. The 40-bit encryption products, while perhaps adequate to scramble paging messages or cellular conversations of rank-and-file subscribers, are considered too weak for corporate use.
The federal government uses a 56-bit encryption system, which would take years to decode and therefore is not allowed to be exported.
Early versions of Clipper Chip had the federal government holding the keys to descrambled code messages, a feature attractive to law enforcement but not embraced by civil liberty groups and industry. The Clinton administration has since backed off the idea of a government key holder, but is clinging to the key escrow scheme in deference to the FBI, the intelligence community and national security agencies.
The White House is courting industry in hopes of winning support for its recent encryption plan, and claims already to have backing from Sens. John Kerry (D-Neb.), Jeff Bingaman (D-N.M.) and Arlen Specter (R-Penn.).
Moreover, the White House is competing with encryption bills authored by Sens. Conrad Burns (R-Neb.), whose bill has been referred to the Commerce Committee, and by Patrick Leahy (D-Vt.), whose measure is before the Judiciary Committee.
The Senate Commerce Committee will hold a hearing this week on the Burns bill, with FBI Director Louis Freeh and Central Intelligence Agency head John Deutsch on tap to testify.
