The International Market for Encryption
 
by Stewart A. Baker and Richard C. Barth, Symposium on Information, National Policies & International Infrastructure (30/01/1996)

 
TABLE OF CONTENTS

STEWART A. BAKER

I. GOVERNMENT ENCRYPTION POLICIES 1

A. United States: Export Controls 2
B. France: Reasonable Use Controls 3
C. Israel: Use Controls 4
D. Russia: Import and Use Laws 5
E. China: Strict Controls 6
F. Japan: Potential Industrial Policy 7
G. Conclusion 8


RICHARD C. BARTH (MOTOROLA CORPORATION)

II. PROBLEMS WITH RESTRICTIVE GOVERNMENTAL APPROACHES 9

A. Introduction 9
B. Legitimate Private Sector Security Needs Have Created Urgent Demand for Strong Encryption 10
C. Information Security Know-How is Spreading Worldwide 11
D. Interoperability is Inevitable and Imminent 13
E. Controls are Ineffective 13
F. Conclusion 15


I. GOVERNMENT ENCRYPTION POLICIES

Encryption, the process of protecting the confidentiality of information by the application of mathematical formulae, was until recently the exclusive domain of governments. Only when the international financial services industry became more automated in the 1970s did it begin to incorporate strong encryption to secure payment and clearing systems. Other components of the private sector began to follow the financial services industry's lead as their needs for secure information became apparent. Today encryption is considered an essential element of the infrastructure for electronic commerce and information exchange. Government encryption regulation, as it has been since the advent of encryption regulation, is driven by two distinct interests: (1) a foreign intelligence interest in collecting all information that implicates national security; and (2) a law enforcement interest in collecting evidence of criminal activity. The military concerns itself with the first interest, the police with the second. The prospect of widely available strong encryption threatens both. Governments have taken different policy approaches in their efforts to contain the threat they see posed by encryption. Mechanisms for controlling encryption can be placed into three general categories: import controls, export controls, and use controls. The summaries that follow of encryption policy in the U.S., France, Israel, Russia, and China explore these forms of control. A small minority of governments, most notably in Scandinavia, do not control encryption at all because they view encryption as an important tool for protecting personal privacy. Other governments, especially in the developing world, do not regulate encryption at all, perhaps because domestic use of encryption has not become widespread and the government has not had cause to focus on the need for controls. These encryption "safe havens" free from government regulation threaten to undermine the efforts of governments seeking to contain the spread of strong encryption, principally because in some of these countries there is a highly educated cadre of scientists that understand and can use the tools of encryption. And only recently, encryption has emerged as the object of industrial policy. In a departure from Western governments' efforts to stifle private sector encryption developments, Japan has embarked on an initiative to finance encryption research and development. This nascent policy, which also has the potential to undermine the efforts of governments seeking to contain the spread of strong encryption, is described below.

United States: Export Controls

Like most Western countries, the United States does not control domestic use of strong encryption. While the Arms Export Control Act provides the President authority to control the import of encryption for national security reasons, to date encryption imports have not been regulated. Instead, United States encryption policy is focused on controlling and monitoring the export of strong encryption. The U.S. in theory controls the same encryption products as controlled by its former COCOM allies -- the scope of what is controlled is contained in the International Munitions List. As a matter of law, the State Department has final say in decisions for strong encryption exports. As a matter of practice, the State Department defers to the judgment of the National Security Agency, part of the Department of Defense. U.S. export control regulations authorize unrestricted encryption exports to Canada and most encryption exports to foreign subsidiaries of U.S. corporations to secure their corporate communications. The State Department also has a liberal policy regarding the export of strong encryption products which are limited to functions such as digital signatures, access control, and authentication. Additionally, the State Department has shown a willingness to authorize the export of strong encryption to financial institutions so long as its use is limited to protecting the security of financial transactions. In sum, U.S. export policy reveals a bias in favor: (a) certain destinations, Canada; (b) certain reliable end-users, such as the financial services industry and the foreign subsidiaries of U.S.-based corporations; and (c) certain end-uses (e.g., digital signatures and PIN codes) necessary for the establishment of an electronic commerce infrastructure but which do not include a capability to encrypt communications. The U.S. Government's liberalization of encryption export controls has been incremental and always in response to private sector demands. For instance, in 1992, under pressure from the software industry, the government agreed to reduce controls on exports of encryption software with a key length of 40-bits or less. More recently, the State and Commerce Departments have reduced the time necessary for processing export licenses for those encryption products which are still controlled. But government has successfully stonewalled broader decontrol campaigns waged by encryption producers. Recent U.S. policy reflects a concerted government effort to use export controls to encourage the development and use of key escrow encryption systems both within and outside the United States. The first step was the controversial 1993 Clipper Chip proposal which required the escrow of private keys with the government. The less controversial 1995 commercial key escrow initiative would require the escrow of private keys with trusted third parties. Commercial key escrow is potentially attractive because it would provide both the private sector and the government the capacity for data security and data recovery. But to date, industry response to the initiative has been lukewarm because of the numerous conditions, in the form of exportability requirements, imposed by the government. There are signs that the U.S. believes international coordination is necessary to prevent widespread international deployment of strong encryption. The U.S. government spearheaded the December 1995 OECD information-exchange on national encryption policies, perhaps in part because of the unprecedented degree of government coordination required for operation of an international commercial key escrow system. The U.S. can be expected to continue its efforts to forge consensus in support of encryption controls.

France: Reasonable Use Controls

France imposes controls on the use of encryption products within France, in addition to export controls similar to those in the U.S. French encryption use controls are based on a December 1990 decree and are administered by the Service Central de la Sécurité des Systèmes d'Information (SCSSI), an office reporting to the Prime Minister through the Secrétariat Général de la Défense Nationale (SGDN). SCSSI embodies the French view that technology and industrial policy are critical elements of national defense. French use controls differentiate between two categories of products that incorporate information security functions. A company wishing to distribute or use a product containing authentication, digital signature, or access control security features must submit a "declaration" to the SCSSI. Because the use of such products is routinely approved, the declaration requirement as a practical matter functions as a registration requirement. A prior "authorization" from the government is required only if a product contains data, file, or text encryption features. If a product incorporates both types of features, both types of approval must be obtained. For certain products employing strong encryption (apparently including PGP), this authorization may be denied or restricted to specifically identified individuals or groups. SCSSI has come into serious conflict with a number of large foreign software companies. In the course of this fight, both the foreign software giants and SCSSI have had their hubris dented a bit. One U.S. software company faces very substantial potential liability for its distribution of unapproved encryption. SCSSI has received far less support at the top of the new French government than it expected. As a result, SCSSI seems to have accepted that it cannot control cryptography policy by fiat but must be perceived as reasonable and willing to work with industry. The French government appears willing to participate in international discussions of encryption controls, as evidenced by their participation in the December 1995 OECD conference. Additionally, based on the French representatives' comments at that conference, it is clear that France is supportive of the U.S. goal of encouraging the development of key escrow, or trusted third party, encryption. However, highly publicized allegations concerning France's conduct of industrial espionage against foreign multinationals will cause industry to be wary of any international policy under which the French government could gain access to private keys of foreign companies.

Israel: Use Controls

Israel, like France, controls not only the export but also the import and domestic use of encryption. The legal authority for Israel's controls is a 1974 court order, issued pursuant to the Supervision of Products and Utilities Law of 1957. The order requires a license from the Minister of Defense for the import, export, production or use of any encryption product.

Russia: Import and Use Laws

Russia has import and use laws on the books, but to date there has apparently been no enforcement of these measures. President Yeltsin's April 3, 1995 Edict on Measures to Observe the Law on Development, Production, Sale and Use of Encryption Devices and on Provision of Services in Encrypting Information restricts the use of encryption technologies by state-owned, private, and foreign entities, as well as by Russian government agencies. The Edict complements a rapidly growing body of law publicly regulating activities which previously were the exclusive domain of the KGB, other national security agencies, and the military. The Edict bans the development, import, sale, and use of uncertified encryption devises, including "protected technological means of storage, processing and transmission information." Any person engaged in the development or sale of such products must obtain a license, and all encryption products must be approved by the government. The Edict directs the Federal Counterintelligence Service and other enforcement agencies to ensure compliance and prosecute violators. The Edict also directs the Central Bank to require that all communications between commercial banks and the Central Bank employ only certified cryptography and encryption devices. Review of applications and issuance of licenses and use approvals is conducted by the Federal Agency of Government Communications and Information (FAGCI). FAGCI reports directly to the President and is responsible for the security of government communications and intelligence operations in connection with encrypted and coded information. So far, the Russian bureaucratic apparatus for issuing licenses and certifications has not been established and the procedures are not yet in force. According to one commentator involved in the Russian cryptography industry, because there are still no FAGCI certified products, there is no evidence that the Edict has been enforced. The prospects for Russian participation in international encryption policymaking are uncertain. Russia is not an OECD member and did not participate in the December 1995 OECD meetings. However, Russia will participate in any discussion of multilateral encryption control rules conducted in the "New Forum," COCOM's successor.

China: Strict Controls

In the Peoples Republic of China, a company wishing to import or export encryption products must first obtain a license. License applications can be reviewed either by the Ministry of Foreign Trade or the province's foreign trade bureau. The Ministry of Foreign Trade maintains the List of Prohibited and Restricted Imports and Exports. This list, enacted in 1987, indicates that China restricts the import and export of voice-encoding devices. Anecdotal evidence from U.S. multinationals indicates that approval for use of encryption products inside China is not necessarily easy to obtain. China is perhaps one of the least likely major powers to join in an international consensus on encryption policy. China is not part of the New Forum is not an OECD member, and has not sent representatives to major international meetings on encryption such as the December 1995 OECD meeting. Moreover, given that China is the frequent target of sanctions as a result of its arms proliferation and human rights practices, it is questionable whether China would participate in, or be welcome at, an international initiative that would require broad cooperation with the other advanced nations of the world on the sensitive issue of encryption.

Japan: Potential Industrial Policy

Japan's encryption policymaking is in its early stages, and not transparent to outsiders. But there are strong signs that encryption is increasingly seen as a key technology for improving Japan's penetration of the Global Information Infrastructure. The authors' highly selective sampling of informed Japanese opinion on cryptography suggests a growing determination to treat cryptography as a national Japanese economic priority. In the United States and Europe, encryption policy is formed by a mix of governmental interests. Advocates of business, national security agencies, and more recently the police -- all play a large role in the policy debate. This policy triumvirate is difficult to see in Japan. For a variety of reasons, commercial interests are predominant in Japanese government thinking about encryption. It is often said that Japan is an island nation that has not had to defend itself for fifty years and so has not had to confront the national security concerns associated with encryption. Additionally, Japanese police face severe political and constitutional constraints on wiretapping, so the prospect of losing this criminal investigative tool seems not to be as troubling to the Japanese government as to the United States and many European nations. Unlike the U.S. and Europe, encryption policy in Japan apparently is not dominated by the military intelligence and law enforcement agencies. Rather the powerful Ministry of Posts and Telecommunications (MPT) is hoping to take the lead in driving this area of policy. Likely competitors for control of cryptography policy include the Ministry for International Trade and Investment and the Bank of Japan -- also agencies with a predominantly commercial focus. The MPT has sponsored three study group reports relevant to Japanese cryptographic policy. Each report treats cryptography as a central enabling technology for digital commerce. The Ministry of International Trade and Industry (MITI) has its own computer technology initiative. It funds the Information-Technology Promotion Agency (IPA). The IPA and MITI, like MPT, have concluded that cryptographic technology is important for Japan's competitiveness as the Internet grows in importance and as electronic commerce increases. The IPA intends to spend more than $300 million on research and development to evaluate cryptography for electric commerce. MITI is spurring as much Japanese industry and academic work as possible on cryptography. Perhaps because of the commercial focus to Japanese encryption policy, and the traditional U.S. dominance of the commercial market for information security, Japanese resistance to U.S. priorities in cryptographic policy is also a growing trend. One opinion-maker in the Japanese media has suggested that the use of the U.S.-origin TCP/IP Internet protocol was a threat to Japanese success in network technology. Another commentator on cryptography policy described recent U.S. proposals for national escrow of internationally traded cryptographic products as raising "serious problems of constitutional and public international law." Just below the surface of Japanese government comments on encryption policy there seems to lie a suspicion that U.S. government concerns about national security and law enforcement are an excuse to perpetuate what is increasingly seen as U.S. domination of a strategic industrial technology.

Conclusion

The likely U.S. purpose in calling the December 1995 OECD meeting on encryption policy was to raise the consciousness of other governments about the problem of uncontrolled encryption. At the same time, the meeting also was intended to demonstrate to U.S. industry that defeating U.S. export controls would not open the door to a vast market for unescrowed encryption, but could instead spark new and perhaps inconsistent national government regulation of encryption in countries where encryption previously was not regulated. If these were the purposes of the meeting, the OECD meeting was a qualified success, dampened only by the anti-regulation position of the Scandinavian countries and Japan's apparent lack of interest in strict controls. It is an open question whether the government consensus forming around the concept of key escrow will survive and develop once governments turn to the logistics of coordinated regulation of an international commercial key escrow service in which each government seeking the encryption keys of a surveillance target will be forced to rely on the assistance of commercial key escrow agents both inside and outside its borders.

II. THE PROBLEMS WITH RESTRICTIVE GOVERNMENTAL APPROACHES

Introduction

Two recent technical developments have caused a boom in demand for encryption: (1) the explosive growth of electronic communications for both social and economic transactions; and (2) the global deployment of networked computer systems. As a result of this urgent demand for secure transmission and storage of private information, encryption has become an integral component of electronic commerce. Electronic commerce is conducted on an international, not a national basis, making the market for encryption a single international market. Private sector interests in encryption policy are represented by two distinct groups. The first group is encryption users, who require encryption to secure the information they value. Five years ago this group represented the computer activist fringe and a few major multinational corporations. Today it has grown dramatically in size and political power, increasing in proportion to the growth in the aggregate value of the information stored and transmitted in electronic form. The second group is the information security industry. Five years ago this group represented a small core of companies dependent on either government contracts or sector-specific security applications. Today it includes a wide array of the world's most sophisticated technology companies who have targeted the lucrative global market for products that secure electronic information. Neither group favors any form of government regulation which limits the availability of strong encryption.

Legitimate Private Sector Security Needs Have Created Urgent Demand for Strong Encryption


Governmental controls on encryption technology often interfere with legitimate private sector needs for strong encryption. Government controls to date have made weak security for private sector information more readily available than strong security. As indicated above, technological advancements in the broader information technology industry have generated growing class of users who require strong encryption to protect their information. For those companies and individuals transmitting valued information across borders, reports of widespread government-sponsored industrial espionage place additional urgency in the demand for strong encryption . For companies such as Motorola and many others whose global growth is outstripping U.S. growth, the imperative for strong protection of company proprietary information and communications in advancing as fast as the technology is evolving to meet its needs. Sensitive Motorola data on software development for next generation products needs to freely flow through many countries to tie together key software centers in India and the U.S. Motorola sales data for Europe and Asia need to flow to Motorola headquarters in Chicago without unauthorized access and without unanticipated delays. This information must be safe both against commercial as well as state-sponsored surveillance. Yet, much encryption made available without restrictions by governments would pose little trouble to cryptographers with access to the government-strength decryption resources. For example, the strongest encryption readily exported under United States export control laws has a key length of 40 bits. Because of U.S. export controls, 40-bit encryption is widely used in U.S. origin commercial software that dominates the global market. Recent developments have called into questions whether 40-bit encryption offers sufficient security. In July 1995, a group of Internet users broke the 40-bit algorithm used by Netscape, known as RC-4. Using mostly desktop computers, this group was able to exhaust every possible 40-bit key in about a week. One month later a French graduate student broke 40-bit RC-4 encryption in eight days by networking 120 workstations and two supercomputers at an estimated cost of less than $10,000. Even the security of 56-bit DES is in doubt -- a private sector engineer claims that for $1.5 million he can build a computer capable of decrypting any DES-encrypted communication in four hours. As the cost of computing power goes down, the demand for stronger encryption is certain to rise. These recent events demonstrate that the encryption that governments readily make available can be broken relatively quickly and at a reasonable expense. The communication of valuable commercial information demands stronger security than is available under current governmental controls. Technological advance is the driver for industry's needs for strong encryption, not the marketing goals of corporate sales offices. Users' urgent need for information security will inevitably lead users to search out the strongest available encryption. The higher the stakes, and the higher the value of information which a user seeks to protect, the more likely the user will be to by pass at least or flaunt at worst applicable government regulations.

Information Security Know-How Is Spreading Worldwide

Controls on encryption technology, especially export controls, can harm national industries that stand to benefit from the booming demand for information security products containing strong encryption. This harm occurs as a direct result of the diffusion of encryption technology and the differences in control levels among governments. National companies burdened by controls which are not imposed by the governments of their commercial competitors are at a competitive disadvantage. Encryption controls impose costs on producers, though the costs are difficult to quantify. In some cases it may be necessary to develop and produce two or more versions of the same software or hardware -- one for domestic use and one for export. The need to deal with complex governmental licensing or authorizations requirements also impose legal and administrative costs that are not incurred by competitors in countries with fewer regulations. Finally, companies operating in countries with strict controls may be forced to license their products to companies in other countries, forgoing the profits that would accrue from having the ability to manufacture and distribute the products themselves. These costs will deter companies in highly regulated countries from developing products to meet the global demand for secure communications. This will create an opportunity for companies in countries where the controls on cryptography are less burdensome. It also creates an opportunity for companies with a global presence to develop encryption in unregulated countries for more global sales. Whether controlled or not, technology will migrate to those locations offering a "safe haven" from encryption controls. As the potential profits from sales of encryption products increase, the incentive for by passing or violating government encryption controls will also rise -- and increased amounts of encryption know-how will filter out to companies in a position to profit unimpeded by government controls. We may already see evidence of this. Encryption products are produced in 35 countries. The U.S. is no longer the "sole-source" of information security -- of 1035 encryption products worldwide, 455 are produced outside the United States. While it is impossible to attribute the increasing availability of foreign products to U.S. encryption controls, it is easy to acknowledge that absent U.S. controls, U.S. companies would exploit their dominant position in the software market and their massive installed base of users, and as a result foreign production would be lower. What is indisputable is that this proliferation of security products is in response to the boom in global demand for encryption. Just as there is no indication that demand will drop, there is no reason to believe that migration of encryption technology will decline and there is no indication that the government controls discussed above will prevent the widespread deployment of strong encryption once the market demand for it exists.

Interoperability is Inevitable and Imminent

Government encryption policies will not hinder the development of interoperable software and hardware. The reason why standards have not yet emerged is not government policy, but rather the lack of infrastructure and lack of demand, which until recently have left strong encryption as an insignificant commercial niche. With the well-documented and inevitable proliferation of personal computers, modems, and quality telecommunications service, the technical capability to use encryption is a reality for an enormous class of users. In response to market demand for products that allow the large class of users to communication with one another, a handful of standard encryption algorithms, such as DES, IDEA, and RSA, have emerged. Key exchange and interopability standards are also under discussion, also driven by user demand. As more of the private sector becomes technology-enabled, and more information is exchanged and stored in electronic form, encryption will become ubiquitous, no longer an obscure technique clouded in secrecy and understood only by the government.

Controls are Ineffective

In the face of these technology and global market changes, governmental controls are ineffective today and in danger of becoming irrelevant tomorrow. Export controls cannot stop the global spread of encryption technology, they can only slow its development and export from the U.S. As a technical matter, encryption can, and has been, made widely available over the Internet. Internet FTP sites allow easy, and often anonymous, access to encryption software. The Software Publishers Association has identified more than 450 foreign encryption products, although the strength of some foreign products has been questioned by a January 1996 government study, parts of which remain classified. Import and use controls cannot stop the use of the technology within the country's borders since encryption software is so readily available on publicly available distributed networks. The uses least likely to be deterred by such controls are the criminal and hostile government uses of encryption at which these controls are presumably aimed. Moreover, as more consumers and companies pass information over unsecured networks, the public will demand the right to use strong encryption. Government use restrictions, once attacked by only a cadre of libertarian computer activists, could become the target of a new, large and powerful lobby of encryption users. Controls will become even less effective as the profit potential of evading controls rises. Companies developing encryption products and wishing to profit from the international market take advantage of loopholes in export control laws. For instance, under U.S. law the owner of a U.S. encryption invention can license a foreign company to manufacture and distribute products which have reduced the invention to tangible form. A U.S. company with a marketable encryption invention could license the right to have it built in Taiwan, then import the product back to the U.S. for domestic use, even though the U.S. company could not build that product in the U.S. and export it. Aggressive use of such loopholes, and even an increase in intentional violations of encryption controls, will become more common as the commercial market for strong encryption grows. Unilateral national government efforts to limit the availability of encryption are especially prone to ultimate failure. Only through a combination of strict use controls and limitations on access to the Internet can a government effectively limit the availability of strong encryption within its own borders. Such strategies run the risk of attack from both local users and producers of encryption. Such strategies, if maintained over time will only isolate that country from the benefits resulting from secure access to the developing Global Information Infrastructure and prevent national participation in the ever increasing amount of commerce that is conducted electronically. The only prospect for effective government controls is tightly coordinated international policymaking coupled with strict national enforcement, and there is little indication that this will occur in the near term. Japan, for example, is suspicious of the U.S. commercial key escrow initiative. Scandinavian and certain EU governments value privacy rights and oppose the concept of mandating the escrow of keys with trusted third parties. Only a glimmer of cooperation was reflected at the December 1995 OECD meeting -- it remains to be seen if this can mature into effective policy coordination.

CONCLUSION

Market realities based on advances in technology make it likely that strong encryption will form an essential component of the international infrastructure for electronic commerce. The inevitable emergence of internationally accepted encryption standards, and the ability of sophisticated companies to sidestep government controls on the export, import, and use of encryption, will doom the unilateral efforts of individual governments to prevent the emergence of secure international communications. If Japan puts the weight of its government and industry behind strong encryption, competitive pressure could further undermine isolated government attempts to limit the deployment of encryption through export controls and other measures. The immediate emergence of international consensus on encryption policy poses the only potential obstacle to the otherwise inevitable global deployment of strong encryption. Governments could choose between overt domestic regulation in the Russian and French manner or the export-focused policies that now prevail in the domestic markets of countries like the United States. But any international effort will run a high risk of failure unless enforcement is closely coordinated. This currently is not the case with encryption export controls. And given the rapid pace of technical developments discussed in this paper, any effort undertaken to coordinate encryption policymaking at an international level may be too late.