On December 15, part one of the Clinton administration's new encryption policy will take effect. This flawed approach will continue harming technology companies while placing Americans' privacy at risk. Congress should now take matters into its own hands by enacting more sensible reforms.

Information security is an increasingly vital cog in the Internet economy. Encryption programs, which come in various strengths, provide this security by scrambling data. But while encryption helps businesses and consumers, it also protects criminals who wish to cloak their communications. Responding to this threat, regulators have maintained strict export controls on strong encryption programs.

This policy places domestic companies at a disadvantage to foreign competitors that face no such restrictions. Consequently, lawmakers have been challenged to create a new policy that helps both businesses and law enforcers. In the past, the Clinton administration has responded with dangerous proposals.

Intended to guarantee that law enforcers can read all encrypted email, these measures have posed serious privacy risks. For example, the administration and the FBI have repeatedly tried to force encryption manufacturers to build "trap doors" into their products. The keys to these doors would be entrusted to law enforcers. Fortunately, public outcry has killed these proposals. The administration's new approach, though much improved, contains devilish details.

The policy balances relaxed export rules with strict review and reporting requirements. Companies will now be allowed to export even the strongest encryption software, provided it is first reviewed by the Commerce Department. But manufacturers of essential network hardware remain unfairly restricted.

Router and switch manufacturers must still obtain a license before selling products that include encryption to foreign governments. Because most telecommunications networks are partially state-owned, this places a significant bureaucratic hurdle between companies and consumers. Firms such as Cisco systems, already facing increasingly stiff foreign competition, will remain crippled in the fast-moving technology market. The regulations have also re-ignited civil liberties concerns.

As the ACLU and others have pointed out, the review process could become an opportunity for the FBI to impose trap doors on encryption makers. More likely, the national security establishment will use this opportunity to devise ways to break the code before it hits the market. This extremely difficult task would be made easier if the administration successfully enacts part two of its new approach: draft legislation intended to help alleviate national security concerns.

The bill, currently being circulated, would establish an $80 million research center to help law enforcers decipher encryption. The proposal would also establish new laws to facilitate a third party key escrow system, which would allow police to access encryption keys stored in central databases. Instead of acting on this or the encryption reform bills already proposed, Congress has been awaiting the new Clinton policy. With the details out, legislators should override the policy's shortcomings now.

Export restrictions should be eliminated altogether. Companies should be free to sell any product to any consumer without navigating a cumbersome licensing process. This policy would allow all businesses to compete internationally. And it would finally recognize the futility of export regulations: today, criminals can buy the strongest possible encryption from foreign companies. Still, law enforcers should be armed against the threat of high-tech criminals.

Law enforcers should be free to adopt innovative new crime-fighting solutions. But these solutions must minimize privacy risks. For that reason, trap door and key escrow proposals must be abandoned. On the other hand, expedient, one-time reviews, coupled with expanded research capabilities, are reasonable measures. But their results must be watched carefully.

The combination of stringent oversight, free exports, one-time reviews, and expanded research funding represents the only reasonable solution to the encryption problem. Unless Congress overrides the Clinton administration by enacting this policy now, our privacy will remain in jeopardy and our economy harmed.

*Justin Matlick is a Senior Fellow in Information Studies at the Pacific Research Institute. To learn more about PRI and the Center for Freedom and Technology, see www.pacificresearch.org.