Those figures represent the low and high estimates of U.S. losses due to: lost encryption sales that are picked up by non-U.S. vendors; slower growth in encryption-dependent industries like banking; forgone cost savings and efficiency gains that could be earned from greater Internet, extranet and intranet usage; and indirect costs, the Economic Strategy Institute (ESI) of Washington, D.C., concluded in its report released last week.

The U.S. encryption export policy "negatively affects a market that gives us this big economic boom," Erik Olbeter, co-author of the study and director of the advanced telecommunications and information technology program at the ESI, said today. "It is related to the industries that we expect to continue the boom, including electronic commerce and Internet-related markets."

Specifically, the report, "Finding the Key: Reconciling National and Economic Security Interests in Cryptography Policy," estimates that over the next five years:

• U.S. encryption vendors will lose between $1.8 billion and $8.9 billion in sales to foreign competitors, in a worldwide industry that will be worth nearly $20 billion in 2002;

• general software sales could lose between $1.2 billion and $3.3 billion, with the networking equipment market losing between $4.3 billion and $8 billion; Internet and online service providers losing between $1.8 billion and $2.3 billion, and marketers of personal communicators, cellular phones, pagers and other wireless products losing $1.7 billion to $3.7 billion;

• the U.S. could lose between $2.38 billion and $7.1 billion in lost online sales and higher online shopping costs;

• the U.S. could forgo between $4.4 billion and $10.9 billion in cost reduction savings from inter-business network operations with suppliers and other business partners; and

• less activity in these sectors creates spillover effects throughout the economy and these indirect impacts could total $17.6 billion to $51.6 billion.

Olbeter said the ESI, which is not funded by any software vendors or encryption-related firms, arrived at the cost estimates by analyzing figures and projections from a variety of different sources, including Wall Street brokerage firms, and industry and other publications. The group did not use one methodology, but conducted different types of analysis and research for each of the different market segments, he said.
The deviation between the low and high estimates allows for unknown variables in each of the areas, Olbeter said, adding that the study has been criticized for being conservative in its cost estimates.

Officials at the U.S. Department of Commerce and Department of Justice did not return phone calls seeking comment on the report.

Current administration policies allow exemptions for exporting strong encryption only for financial institutions and for software built with key-recovery mechanisms that allow law enforcement to obtain data to decode encrypted information with a court order.

The current policy is jeopardizing both the country's economic and national security, the report said. It has had little or no impact on enabling law enforcement to protect against or prosecute cyber-terrorists, partly because encryption products are readily available from non-U.S. sources, according to the report.

As of September 1997, there were 1,601 encryption products available from 941 vendors in 30 countries, the report said. Of those, 653 products were made outside the U.S. by 472 firms.

The study also looked at a range of policy options - including maintaining domestic and export controls as the FBI desires, eliminating export controls only, eliminating both domestic and export controls as the software industry is asking, and eliminating export controls if global controls are in place as the White House wants - but found all of them lacking and/or unfeasible.

The study concluded that, at a minimum, export controls should be dropped because they aren't protecting national security and are instead compromising U.S. economic security. In addition, a domestic key-recovery system undermines national security if other countries do not require similar systems internally, the report said.

"This issue has been lingering in Washington for five years now and no action has been taken on it," Olbeter said when asked why the ESI chose to research the economics of the U.S. encryption export policy. The policy is providing opportunities for non-U.S. companies to get into areas they aren't competing in now, which hurts not only U.S. encryption and application software vendors, but vendors in many other areas, as well, he said.

"There's a real potential for serious damage" to the country's economic health, Olbeter warned.