The evidence is clear: U.S. export restrictions on encryption software aren’t just ineffective, but are also harmful to business, the economy, and the Internet. So why does the White House keep insisting on regulation?

Encryption programs are the key to security in the Information Age. By scrambling data into unreadable text, encryption ensures the privacy of electronic communications. It gives companies and consumers confidence that their information is safe. Such confidence is critical for electronic commerce to flourish.

The problem? Encryption comes in many strengths, and strong encryption carries a price.

Strong encryption protects information from criminals, but it also protects criminals from the police. Just as business transactions can be encrypted, so can communications between spies, drug traffickers, and terrorists.

That’s why the White House, backed by the FBI, has insisted on restricting exports of encryption products. Most companies are barred from exporting programs too strong to be easily cracked. Current rules apply not only to firms that want to sell encryption abroad but also to some companies that want to use strong encryption to communicate with their foreign affiliates.

But export restrictions haven’t deterred illegal activity. Most countries have no restrictions at all. Right now, criminals abroad can buy unbreakable encryption software products from Germany and Japan.

The U.S. government’s preferred brand of encryption, known as the Data Encryption Standard (DES), is weak by global standards and is broken easily and often by computer hackers.

How easily? In January, U.S. encryption maker RSA Data Security offered $10,000 to the first group to decrypt a DES-encrypted message. It took a group of computer enthusiasts just 22 hours to crack the code. Attacks on encryption will become even more efficient as the value of information transmitted across the Internet increases.

This just goes to show that by preventing programs that are invulnerable to hackers, government encryption controls compromise the very national security they are trying to protect. In fact, reports the National Couterintelligence Center, private transmissions are already being stolen at alarming rates. Computer invasions and encryption weaknesses accounted for the largest portion of economic and industrial information lost by U.S. corporations in 1996, says the NCC.

The current policy also hurts businesses by keeping them out of the booming global encryption market. Companies such as Sun Microsystems have had no choice but to partner with foreign encryption producers or set up overseas affiliates. That means to fewer jobs and fewer dollars for Americans.

The ideal policy would empower American businesses by eliminating encryption regulations and relying on a free market

Anyone seeking guaranteed privacy could buy unbreakable encryption software. Companies could communicate with their affiliates without fear of having their ideas and plans pilfered by competitors at home and abroad. High-tech firms could compete in the global encryption market, returning jobs and dollars to U.S. soil. Consumers could conduct online transactions with confidence. The Internet would be secure.

Even if criminal communications increased under such a plan, law enforcement wouldn’t be powerless. Just as they can demand phone records, they can subpoena email and records of electronic transactions. More significantly, law enforcement could respond to threats with technological innovations of their own.

While the idea of ending regulation remains painfully absent from the U.S. encryption debate, other countries—even some left-wing governments—have seen the light.

In France, for example, socialist Prime Minister Lionel Jospin abolished the government’s strict encryption controls in January. Recognizing that such regulations harmed the French economy, Jospin replaced them with more funding for police efforts to counter the encryption threat. Could there be a lesson there for U.S. lawmakers?

The United States should eliminate its controls on encryption. Just as industries can respond creatively to regulations, the police and other public institutions can respond creatively to private-sector innovations. But until Congress faces the reality of the information-age economy, it’s fair to say that national security will remain in jeapordy, the economy will be stymied, and the Internet won’t realize its potential.

Justin Matlick is a Chicago-based senior fellow in information studies for the Pacific Research Institute in San Francisco. He can be reached via email at jmatlick@pacificresearch.org.