| TABLE OF CONTENTS
STEWART A. BAKER
I. GOVERNMENT ENCRYPTION POLICIES 1
A. United States: Export Controls 2
B. France: Reasonable Use Controls 3
C. Israel: Use Controls 4
D. Russia: Import and Use Laws 5
E. China: Strict Controls 6
F. Japan: Potential Industrial Policy 7
G. Conclusion 8
RICHARD C. BARTH (MOTOROLA CORPORATION)
II. PROBLEMS WITH RESTRICTIVE GOVERNMENTAL APPROACHES 9
A. Introduction 9
B. Legitimate Private Sector Security Needs Have Created Urgent Demand
for Strong Encryption 10
C. Information Security Know-How is Spreading Worldwide 11
D. Interoperability is Inevitable and Imminent 13
E. Controls are Ineffective 13
F. Conclusion 15
I. GOVERNMENT ENCRYPTION POLICIES
Encryption, the process of protecting the confidentiality of information
by the application of mathematical formulae, was until recently the exclusive
domain of governments. Only when the international financial services
industry became more automated in the 1970s did it begin to incorporate
strong encryption to secure payment and clearing systems. Other components
of the private sector began to follow the financial services industry's
lead as their needs for secure information became apparent. Today encryption
is considered an essential element of the infrastructure for electronic
commerce and information exchange. Government encryption regulation, as
it has been since the advent of encryption regulation, is driven by two
distinct interests: (1) a foreign intelligence interest in collecting
all information that implicates national security; and (2) a law enforcement
interest in collecting evidence of criminal activity. The military concerns
itself with the first interest, the police with the second. The prospect
of widely available strong encryption threatens both. Governments have
taken different policy approaches in their efforts to contain the threat
they see posed by encryption. Mechanisms for controlling encryption can
be placed into three general categories: import controls, export controls,
and use controls. The summaries that follow of encryption policy in the
U.S., France, Israel, Russia, and China explore these forms of control.
A small minority of governments, most notably in Scandinavia, do not control
encryption at all because they view encryption as an important tool for
protecting personal privacy. Other governments, especially in the developing
world, do not regulate encryption at all, perhaps because domestic use
of encryption has not become widespread and the government has not had
cause to focus on the need for controls. These encryption "safe havens"
free from government regulation threaten to undermine the efforts of governments
seeking to contain the spread of strong encryption, principally because
in some of these countries there is a highly educated cadre of scientists
that understand and can use the tools of encryption. And only recently,
encryption has emerged as the object of industrial policy. In a departure
from Western governments' efforts to stifle private sector encryption
developments, Japan has embarked on an initiative to finance encryption
research and development. This nascent policy, which also has the potential
to undermine the efforts of governments seeking to contain the spread
of strong encryption, is described below.
United States: Export
Controls
Like most Western countries, the United States does not control domestic
use of strong encryption. While the Arms Export Control Act provides the
President authority to control the import of encryption for national security
reasons, to date encryption imports have not been regulated. Instead,
United States encryption policy is focused on controlling and monitoring
the export of strong encryption. The U.S. in theory controls the same
encryption products as controlled by its former COCOM allies -- the scope
of what is controlled is contained in the International Munitions List.
As a matter of law, the State Department has final say in decisions for
strong encryption exports. As a matter of practice, the State Department
defers to the judgment of the National Security Agency, part of the Department
of Defense. U.S. export control regulations authorize unrestricted encryption
exports to Canada and most encryption exports to foreign subsidiaries
of U.S. corporations to secure their corporate communications. The State
Department also has a liberal policy regarding the export of strong encryption
products which are limited to functions such as digital signatures, access
control, and authentication. Additionally, the State Department has shown
a willingness to authorize the export of strong encryption to financial
institutions so long as its use is limited to protecting the security
of financial transactions. In sum, U.S. export policy reveals a bias in
favor: (a) certain destinations, Canada; (b) certain reliable end-users,
such as the financial services industry and the foreign subsidiaries of
U.S.-based corporations; and (c) certain end-uses (e.g., digital signatures
and PIN codes) necessary for the establishment of an electronic commerce
infrastructure but which do not include a capability to encrypt communications.
The U.S. Government's liberalization of encryption export controls has
been incremental and always in response to private sector demands. For
instance, in 1992, under pressure from the software industry, the government
agreed to reduce controls on exports of encryption software with a key
length of 40-bits or less. More recently, the State and Commerce Departments
have reduced the time necessary for processing export licenses for those
encryption products which are still controlled. But government has successfully
stonewalled broader decontrol campaigns waged by encryption producers.
Recent U.S. policy reflects a concerted government effort to use export
controls to encourage the development and use of key escrow encryption
systems both within and outside the United States. The first step was
the controversial 1993 Clipper Chip proposal which required the escrow
of private keys with the government. The less controversial 1995 commercial
key escrow initiative would require the escrow of private keys with trusted
third parties. Commercial key escrow is potentially attractive because
it would provide both the private sector and the government the capacity
for data security and data recovery. But to date, industry response to
the initiative has been lukewarm because of the numerous conditions, in
the form of exportability requirements, imposed by the government. There
are signs that the U.S. believes international coordination is necessary
to prevent widespread international deployment of strong encryption. The
U.S. government spearheaded the December 1995 OECD information-exchange
on national encryption policies, perhaps in part because of the unprecedented
degree of government coordination required for operation of an international
commercial key escrow system. The U.S. can be expected to continue its
efforts to forge consensus in support of encryption controls.
France: Reasonable
Use Controls
France imposes controls on the use of encryption products within France,
in addition to export controls similar to those in the U.S. French encryption
use controls are based on a December 1990 decree and are administered
by the Service Central de la Sécurité des Systèmes
d'Information (SCSSI), an office reporting to the Prime Minister through
the Secrétariat Général de la Défense Nationale
(SGDN). SCSSI embodies the French view that technology and industrial
policy are critical elements of national defense. French use controls
differentiate between two categories of products that incorporate information
security functions. A company wishing to distribute or use a product containing
authentication, digital signature, or access control security features
must submit a "declaration" to the SCSSI. Because the use of
such products is routinely approved, the declaration requirement as a
practical matter functions as a registration requirement. A prior "authorization"
from the government is required only if a product contains data, file,
or text encryption features. If a product incorporates both types of features,
both types of approval must be obtained. For certain products employing
strong encryption (apparently including PGP), this authorization may be
denied or restricted to specifically identified individuals or groups.
SCSSI has come into serious conflict with a number of large foreign software
companies. In the course of this fight, both the foreign software giants
and SCSSI have had their hubris dented a bit. One U.S. software company
faces very substantial potential liability for its distribution of unapproved
encryption. SCSSI has received far less support at the top of the new
French government than it expected. As a result, SCSSI seems to have accepted
that it cannot control cryptography policy by fiat but must be perceived
as reasonable and willing to work with industry. The French government
appears willing to participate in international discussions of encryption
controls, as evidenced by their participation in the December 1995 OECD
conference. Additionally, based on the French representatives' comments
at that conference, it is clear that France is supportive of the U.S.
goal of encouraging the development of key escrow, or trusted third party,
encryption. However, highly publicized allegations concerning France's
conduct of industrial espionage against foreign multinationals will cause
industry to be wary of any international policy under which the French
government could gain access to private keys of foreign companies.
Israel: Use Controls
Israel, like France, controls not only the export but also the import
and domestic use of encryption. The legal authority for Israel's controls
is a 1974 court order, issued pursuant to the Supervision of Products
and Utilities Law of 1957. The order requires a license from the Minister
of Defense for the import, export, production or use of any encryption
product.
Russia: Import and
Use Laws
Russia has import and use laws on the books, but to date there has apparently
been no enforcement of these measures. President Yeltsin's April 3, 1995
Edict on Measures to Observe the Law on Development, Production, Sale
and Use of Encryption Devices and on Provision of Services in Encrypting
Information restricts the use of encryption technologies by state-owned,
private, and foreign entities, as well as by Russian government agencies.
The Edict complements a rapidly growing body of law publicly regulating
activities which previously were the exclusive domain of the KGB, other
national security agencies, and the military. The Edict bans the development,
import, sale, and use of uncertified encryption devises, including "protected
technological means of storage, processing and transmission information."
Any person engaged in the development or sale of such products must obtain
a license, and all encryption products must be approved by the government.
The Edict directs the Federal Counterintelligence Service and other enforcement
agencies to ensure compliance and prosecute violators. The Edict also
directs the Central Bank to require that all communications between commercial
banks and the Central Bank employ only certified cryptography and encryption
devices. Review of applications and issuance of licenses and use approvals
is conducted by the Federal Agency of Government Communications and Information
(FAGCI). FAGCI reports directly to the President and is responsible for
the security of government communications and intelligence operations
in connection with encrypted and coded information. So far, the Russian
bureaucratic apparatus for issuing licenses and certifications has not
been established and the procedures are not yet in force. According to
one commentator involved in the Russian cryptography industry, because
there are still no FAGCI certified products, there is no evidence that
the Edict has been enforced. The prospects for Russian participation in
international encryption policymaking are uncertain. Russia is not an
OECD member and did not participate in the December 1995 OECD meetings.
However, Russia will participate in any discussion of multilateral encryption
control rules conducted in the "New Forum," COCOM's successor.
China: Strict Controls
In the Peoples Republic of China, a company wishing to import or export
encryption products must first obtain a license. License applications
can be reviewed either by the Ministry of Foreign Trade or the province's
foreign trade bureau. The Ministry of Foreign Trade maintains the List
of Prohibited and Restricted Imports and Exports. This list, enacted in
1987, indicates that China restricts the import and export of voice-encoding
devices. Anecdotal evidence from U.S. multinationals indicates that approval
for use of encryption products inside China is not necessarily easy to
obtain. China is perhaps one of the least likely major powers to join
in an international consensus on encryption policy. China is not part
of the New Forum is not an OECD member, and has not sent representatives
to major international meetings on encryption such as the December 1995
OECD meeting. Moreover, given that China is the frequent target of sanctions
as a result of its arms proliferation and human rights practices, it is
questionable whether China would participate in, or be welcome at, an
international initiative that would require broad cooperation with the
other advanced nations of the world on the sensitive issue of encryption.
Japan: Potential
Industrial Policy
Japan's encryption policymaking is in its early stages, and not transparent
to outsiders. But there are strong signs that encryption is increasingly
seen as a key technology for improving Japan's penetration of the Global
Information Infrastructure. The authors' highly selective sampling of
informed Japanese opinion on cryptography suggests a growing determination
to treat cryptography as a national Japanese economic priority. In the
United States and Europe, encryption policy is formed by a mix of governmental
interests. Advocates of business, national security agencies, and more
recently the police -- all play a large role in the policy debate. This
policy triumvirate is difficult to see in Japan. For a variety of reasons,
commercial interests are predominant in Japanese government thinking about
encryption. It is often said that Japan is an island nation that has not
had to defend itself for fifty years and so has not had to confront the
national security concerns associated with encryption. Additionally, Japanese
police face severe political and constitutional constraints on wiretapping,
so the prospect of losing this criminal investigative tool seems not to
be as troubling to the Japanese government as to the United States and
many European nations. Unlike the U.S. and Europe, encryption policy in
Japan apparently is not dominated by the military intelligence and law
enforcement agencies. Rather the powerful Ministry of Posts and Telecommunications
(MPT) is hoping to take the lead in driving this area of policy. Likely
competitors for control of cryptography policy include the Ministry for
International Trade and Investment and the Bank of Japan -- also agencies
with a predominantly commercial focus. The MPT has sponsored three study
group reports relevant to Japanese cryptographic policy. Each report treats
cryptography as a central enabling technology for digital commerce. The
Ministry of International Trade and Industry (MITI) has its own computer
technology initiative. It funds the Information-Technology Promotion Agency
(IPA). The IPA and MITI, like MPT, have concluded that cryptographic technology
is important for Japan's competitiveness as the Internet grows in importance
and as electronic commerce increases. The IPA intends to spend more than
$300 million on research and development to evaluate cryptography for
electric commerce. MITI is spurring as much Japanese industry and academic
work as possible on cryptography. Perhaps because of the commercial focus
to Japanese encryption policy, and the traditional U.S. dominance of the
commercial market for information security, Japanese resistance to U.S.
priorities in cryptographic policy is also a growing trend. One opinion-maker
in the Japanese media has suggested that the use of the U.S.-origin TCP/IP
Internet protocol was a threat to Japanese success in network technology.
Another commentator on cryptography policy described recent U.S. proposals
for national escrow of internationally traded cryptographic products as
raising "serious problems of constitutional and public international
law." Just below the surface of Japanese government comments on encryption
policy there seems to lie a suspicion that U.S. government concerns about
national security and law enforcement are an excuse to perpetuate what
is increasingly seen as U.S. domination of a strategic industrial technology.
Conclusion
The likely U.S. purpose in calling the December 1995 OECD meeting on encryption
policy was to raise the consciousness of other governments about the problem
of uncontrolled encryption. At the same time, the meeting also was intended
to demonstrate to U.S. industry that defeating U.S. export controls would
not open the door to a vast market for unescrowed encryption, but could
instead spark new and perhaps inconsistent national government regulation
of encryption in countries where encryption previously was not regulated.
If these were the purposes of the meeting, the OECD meeting was a qualified
success, dampened only by the anti-regulation position of the Scandinavian
countries and Japan's apparent lack of interest in strict controls. It
is an open question whether the government consensus forming around the
concept of key escrow will survive and develop once governments turn to
the logistics of coordinated regulation of an international commercial
key escrow service in which each government seeking the encryption keys
of a surveillance target will be forced to rely on the assistance of commercial
key escrow agents both inside and outside its borders.
II. THE PROBLEMS WITH RESTRICTIVE
GOVERNMENTAL APPROACHES
Introduction
Two recent technical developments have caused a boom in demand for encryption:
(1) the explosive growth of electronic communications for both social
and economic transactions; and (2) the global deployment of networked
computer systems. As a result of this urgent demand for secure transmission
and storage of private information, encryption has become an integral
component of electronic commerce. Electronic commerce is conducted on
an international, not a national basis, making the market for encryption
a single international market. Private sector interests in encryption
policy are represented by two distinct groups. The first group is encryption
users, who require encryption to secure the information they value. Five
years ago this group represented the computer activist fringe and a few
major multinational corporations. Today it has grown dramatically in size
and political power, increasing in proportion to the growth in the aggregate
value of the information stored and transmitted in electronic form. The
second group is the information security industry. Five years ago this
group represented a small core of companies dependent on either government
contracts or sector-specific security applications. Today it includes
a wide array of the world's most sophisticated technology companies who
have targeted the lucrative global market for products that secure electronic
information. Neither group favors any form of government regulation which
limits the availability of strong encryption.
Legitimate Private Sector Security Needs Have Created Urgent Demand for
Strong Encryption
Governmental controls on encryption technology often interfere with legitimate
private sector needs for strong encryption. Government controls to date
have made weak security for private sector information more readily available
than strong security. As indicated above, technological advancements in
the broader information technology industry have generated growing class
of users who require strong encryption to protect their information. For
those companies and individuals transmitting valued information across
borders, reports of widespread government-sponsored industrial espionage
place additional urgency in the demand for strong encryption . For companies
such as Motorola and many others whose global growth is outstripping U.S.
growth, the imperative for strong protection of company proprietary information
and communications in advancing as fast as the technology is evolving
to meet its needs. Sensitive Motorola data on software development for
next generation products needs to freely flow through many countries to
tie together key software centers in India and the U.S. Motorola sales
data for Europe and Asia need to flow to Motorola headquarters in Chicago
without unauthorized access and without unanticipated delays. This information
must be safe both against commercial as well as state-sponsored surveillance.
Yet, much encryption made available without restrictions by governments
would pose little trouble to cryptographers with access to the government-strength
decryption resources. For example, the strongest encryption readily exported
under United States export control laws has a key length of 40 bits. Because
of U.S. export controls, 40-bit encryption is widely used in U.S. origin
commercial software that dominates the global market. Recent developments
have called into questions whether 40-bit encryption offers sufficient
security. In July 1995, a group of Internet users broke the 40-bit algorithm
used by Netscape, known as RC-4. Using mostly desktop computers, this
group was able to exhaust every possible 40-bit key in about a week. One
month later a French graduate student broke 40-bit RC-4 encryption in
eight days by networking 120 workstations and two supercomputers at an
estimated cost of less than $10,000. Even the security of 56-bit DES is
in doubt -- a private sector engineer claims that for $1.5 million he
can build a computer capable of decrypting any DES-encrypted communication
in four hours. As the cost of computing power goes down, the demand for
stronger encryption is certain to rise. These recent events demonstrate
that the encryption that governments readily make available can be broken
relatively quickly and at a reasonable expense. The communication of valuable
commercial information demands stronger security than is available under
current governmental controls. Technological advance is the driver for
industry's needs for strong encryption, not the marketing goals of corporate
sales offices. Users' urgent need for information security will inevitably
lead users to search out the strongest available encryption. The higher
the stakes, and the higher the value of information which a user seeks
to protect, the more likely the user will be to by pass at least or flaunt
at worst applicable government regulations.
Information Security Know-How
Is Spreading Worldwide
Controls on encryption technology, especially export controls, can harm
national industries that stand to benefit from the booming demand for
information security products containing strong encryption. This harm
occurs as a direct result of the diffusion of encryption technology and
the differences in control levels among governments. National companies
burdened by controls which are not imposed by the governments of their
commercial competitors are at a competitive disadvantage. Encryption controls
impose costs on producers, though the costs are difficult to quantify.
In some cases it may be necessary to develop and produce two or more versions
of the same software or hardware -- one for domestic use and one for export.
The need to deal with complex governmental licensing or authorizations
requirements also impose legal and administrative costs that are not incurred
by competitors in countries with fewer regulations. Finally, companies
operating in countries with strict controls may be forced to license their
products to companies in other countries, forgoing the profits that would
accrue from having the ability to manufacture and distribute the products
themselves. These costs will deter companies in highly regulated countries
from developing products to meet the global demand for secure communications.
This will create an opportunity for companies in countries where the controls
on cryptography are less burdensome. It also creates an opportunity for
companies with a global presence to develop encryption in unregulated
countries for more global sales. Whether controlled or not, technology
will migrate to those locations offering a "safe haven" from
encryption controls. As the potential profits from sales of encryption
products increase, the incentive for by passing or violating government
encryption controls will also rise -- and increased amounts of encryption
know-how will filter out to companies in a position to profit unimpeded
by government controls. We may already see evidence of this. Encryption
products are produced in 35 countries. The U.S. is no longer the "sole-source"
of information security -- of 1035 encryption products worldwide, 455
are produced outside the United States. While it is impossible to attribute
the increasing availability of foreign products to U.S. encryption controls,
it is easy to acknowledge that absent U.S. controls, U.S. companies would
exploit their dominant position in the software market and their massive
installed base of users, and as a result foreign production would be lower.
What is indisputable is that this proliferation of security products is
in response to the boom in global demand for encryption. Just as there
is no indication that demand will drop, there is no reason to believe
that migration of encryption technology will decline and there is no indication
that the government controls discussed above will prevent the widespread
deployment of strong encryption once the market demand for it exists.
Interoperability is Inevitable
and Imminent
Government encryption policies will not hinder the development of interoperable
software and hardware. The reason why standards have not yet emerged is
not government policy, but rather the lack of infrastructure and lack
of demand, which until recently have left strong encryption as an insignificant
commercial niche. With the well-documented and inevitable proliferation
of personal computers, modems, and quality telecommunications service,
the technical capability to use encryption is a reality for an enormous
class of users. In response to market demand for products that allow the
large class of users to communication with one another, a handful of standard
encryption algorithms, such as DES, IDEA, and RSA, have emerged. Key exchange
and interopability standards are also under discussion, also driven by
user demand. As more of the private sector becomes technology-enabled,
and more information is exchanged and stored in electronic form, encryption
will become ubiquitous, no longer an obscure technique clouded in secrecy
and understood only by the government.
Controls are Ineffective
In the face of these technology and global market changes, governmental
controls are ineffective today and in danger of becoming irrelevant tomorrow.
Export controls cannot stop the global spread of encryption technology,
they can only slow its development and export from the U.S. As a technical
matter, encryption can, and has been, made widely available over the Internet.
Internet FTP sites allow easy, and often anonymous, access to encryption
software. The Software Publishers Association has identified more than
450 foreign encryption products, although the strength of some foreign
products has been questioned by a January 1996 government study, parts
of which remain classified. Import and use controls cannot stop the use
of the technology within the country's borders since encryption software
is so readily available on publicly available distributed networks. The
uses least likely to be deterred by such controls are the criminal and
hostile government uses of encryption at which these controls are presumably
aimed. Moreover, as more consumers and companies pass information over
unsecured networks, the public will demand the right to use strong encryption.
Government use restrictions, once attacked by only a cadre of libertarian
computer activists, could become the target of a new, large and powerful
lobby of encryption users. Controls will become even less effective as
the profit potential of evading controls rises. Companies developing encryption
products and wishing to profit from the international market take advantage
of loopholes in export control laws. For instance, under U.S. law the
owner of a U.S. encryption invention can license a foreign company to
manufacture and distribute products which have reduced the invention to
tangible form. A U.S. company with a marketable encryption invention could
license the right to have it built in Taiwan, then import the product
back to the U.S. for domestic use, even though the U.S. company could
not build that product in the U.S. and export it. Aggressive use of such
loopholes, and even an increase in intentional violations of encryption
controls, will become more common as the commercial market for strong
encryption grows. Unilateral national government efforts to limit the
availability of encryption are especially prone to ultimate failure. Only
through a combination of strict use controls and limitations on access
to the Internet can a government effectively limit the availability of
strong encryption within its own borders. Such strategies run the risk
of attack from both local users and producers of encryption. Such strategies,
if maintained over time will only isolate that country from the benefits
resulting from secure access to the developing Global Information Infrastructure
and prevent national participation in the ever increasing amount of commerce
that is conducted electronically. The only prospect for effective government
controls is tightly coordinated international policymaking coupled with
strict national enforcement, and there is little indication that this
will occur in the near term. Japan, for example, is suspicious of the
U.S. commercial key escrow initiative. Scandinavian and certain EU governments
value privacy rights and oppose the concept of mandating the escrow of
keys with trusted third parties. Only a glimmer of cooperation was reflected
at the December 1995 OECD meeting -- it remains to be seen if this can
mature into effective policy coordination.
CONCLUSION
Market realities based on advances in technology
make it likely that strong encryption will form an essential component
of the international infrastructure for electronic commerce. The inevitable
emergence of internationally accepted encryption standards, and the ability
of sophisticated companies to sidestep government controls on the export,
import, and use of encryption, will doom the unilateral efforts of individual
governments to prevent the emergence of secure international communications.
If Japan puts the weight of its government and industry behind strong
encryption, competitive pressure could further undermine isolated government
attempts to limit the deployment of encryption through export controls
and other measures. The immediate emergence of international consensus
on encryption policy poses the only potential obstacle to the otherwise
inevitable global deployment of strong encryption. Governments could choose
between overt domestic regulation in the Russian and French manner or
the export-focused policies that now prevail in the domestic markets of
countries like the United States. But any international effort will run
a high risk of failure unless enforcement is closely coordinated. This
currently is not the case with encryption export controls. And given the
rapid pace of technical developments discussed in this paper, any effort
undertaken to coordinate encryption policymaking at an international level
may be too late.
|