SF Encryption Ruling Paves Way For Internet Commerce, But Export Restrictions Still Too Severe: Internet’s Future Could Be At Stake

The battle over encryption controls is back in the political spotlight, and policymakers continue to ignore the light of reason. Though nearly all of Washington’s lawmakers have voiced support for one reform or another, none of the debate’s participants have stopped to outline an ideal encryption policy. Those who do will reach the obvious conclusion: The only sensible policy eliminates the role of government and embraces the free market.

The current debate is centered around two issues: new legislation being circulated by the Clinton administration, and existing regulations that prohibit the export of encryption products, which protect the privacy of electronic communications by scrambling them into unreadable text.

While three bills before Congress seek to ease the export restrictions, the administration’s proposal would strengthen existing controls and create new regulations. Under the Clinton policy, all encryption products used or produced in the U.S. would be required to contain a “trap door” feature that allows law-enforcement officials to decode and monitor any transmission they deem suspect.

While encryption policy is what’s at issue, the future of the Internet is what’s at stake. The Internet will only flourish in an environment where companies and consumers are confident that their communications and transactions are secure. This confidence will not exist unless people are free to use the strongest possible technology to protect their information, without fear of being watched by the government.

This freedom is what the Clinton administration, backed by FBI Director Louis Freeh, are seeking to limit. In recent testimony before a Senate subcommittee, Freeh used a national security argument to call for restrictions similar to those in the Clinton proposal. “Unbreakable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and conspiracies,” Freeh argues. “Our national security will… be jeopardized.”

But Freeh, Clinton and other regulation advocated refuse to recognize two things. The first is that most other countries place no restrictions on encryption. Even if Clinton’s proposal were adopted, criminals abroad could still buy unbreakable products from German and Japanese companies. Domestic criminals could download this software from the net. Restrictive policy, therefore, would have no effect on illegal activity.

Second, by prohibiting U.S firms from using unbreakable encryption to protect communications, encryption controls compromise the national security they are supposed to protect. Private transmissions are already being stolen at alarming rates; the National Counterintelligence Center recently reported that “(S)pecialized technical operations (including computer intrusions and encryption weaknesses) account for the largest portion of economic and industrial information lost by U.S. corporations.” By requiring a built-in weakness in all programs, the Clinton policy would make this information even more vulnerable.

Those who support the bills or the proposal claim to promote market solutions, but what these measures represent is compromise. Even the most liberal bill, the “Promotion of Commerce On-Line in the Digital Era Act” sponsored by Sen. Conrad Burns (R-Mont.), would only allow the export of products whose strength is equal to the technology “generally available” on the world market. By placing a ceiling on encryption strength, this restriction would stifle innovation. U.S. hi-tech companies would lose their front-runner status as they are reduced to followers of the world market.

While legislators’ limited vision only allows for controls they see as less strict, the ideal policy would eliminate export restrictions altogether. The free market would be highlighted, facilitating an opportunity for all parties to be better off.

The most obvious result of this policy would be a totally secure electronic environment. Anyone seeking guaranteed privacy would buy unbreakable encryption software. Companies could communicate with affiliates without fear of having their ideas and plans stolen. Hi-tech firms could compete in the global encryption market, bringing jobs and dollars to American workers. Consumers could conduct Internet transactions with confidence, knowing their credit card numbers are safe. We would begin speeding down the road toward the information society.

While Freeh’s predictions of increased criminal communications would also likely come true, law-enforcement officials would not be impotent. Just as they can demand phone records, they would have the power to acquire records of electronic communications. More significantly, they could respond to whatever threats technology presents with innovations of their own. Just as industries can respond creatively to regulations, public institutions like the police can respond creatively to private-sector innovations.

Undoubtedly critical, this idea remains painfully absent in the encryption debate. As the information age grows near, legislators must open their eyes to policies that abandon the status quo and maximize opportunities for the public and private sectors to respond to each other with innovations, not regulations. Until this approach is adopted into technology policy, the future of the Internet will remain a promising vision on a distant horizon.

Justin Matlick is a Chicago-based senior fellow in information studies for the Pacific Research Institute in San Francisco. He can be reached via email at jmatlick@pacificresearch.org.