The Encryption Enigma

The Big Picture: The Encryption Enigma

Mark Stahlman

Look behind the hype to see the real reasons for export restrictions

Issue column appeared: April 24, 1995

Current U.S. export restrictions on "strong" encryption, and the related key-escrow proposals from the Clinton administration, are important enough for every business that they are now front- page news. Network security--particularly on the Internet--is potentially the biggest technical limit to expanded net-based business.

An American group known as "Cypherpunks" opposes the export ban that classifies powerful encryption technology as "munitions." The Cypherpunks are the poster guys in the battle against the mindless bureaucrats. But amid all the high-minded righteousness, somebody forgot to spread the word--the little secret that belies all the fireworks. Somebody forgot to mention the rest of the world.

Yes, the restrictions that are on the books blocking U.S. companies from exporting powerful crypto-technology are leftovers from the Cold War era. It's a problem for Sun Microsystems not to be able to have a single worldwide release build of Solaris. I've no doubt some business is being lost to foreign competitors that are without U.S.-style restrictions.

The arguments being offered to support the continuing ban about not wanting to abet "terrorism" sound hollow. And the threat to indict crypto-activist Phil Zimmerman, author of the PGP (Pretty Good Privacy) program, under these rules seems cruel. But what about the rest of the world? In particular, what about France?

Spelling It Out

The dilemma with France is this: NATO is in trouble; the U.S. relationship with France is really in trouble. If the United States were unilaterally to release restrictions on "strong" crypto it could create an international incident with a high probability of being used by France as the reason it would pull out of NATO.

Why France? Five U.S. spies were recently thrown out of France for commercial espionage. High-ranking CIA types at the embassy and a modern-day Mata Hari were accused of trying to bribe French officials into disclosing France's negotiating position on intellectual property, as well as its plans to deregulate telecommunications.

In France, all decent encryption technology is simply illegal. The only crypto-technology permitted is on an official list that is widely known to contain only systems that French intelligence services can easily break. The French military has a keen interest in crypto. A U.S. decision to open the U.S. borders to the free flow of this technology--via no less than an Act of Congress in this case--would be a severe slap at France's sovereignty.

Not surprisingly, the Cypherpunks don't want to hear about this. The group has its own agenda and, as is sometimes the case, agendas can be powerful tools. Some of its members even describe themselves as "techno-anarchists." Cypherpunks constitute a laudable self-help organization for the crypto-curious. But like anyone with a narrow world view, jumping into limited public-policy debates with a limited agenda means becoming someone else's pawn.

Mike Nelson, Vice President Al Gore's chief techno-staffer, has said the U.S. crypto-export prohibition will not go away anytime soon and is a direct result of requests from unnamed allies. He also has said that key-escrow technology--best known for its initial example, the proposed Clipper chip--is the solution to this dilemma.

On top of that, an ex-CIA lawyer turned Internet entrepreneur said recently that it's about time NATO and the U.N. got scrapped anyway.

Then he made a joke about the "New World Order." That was truly spooky.