U.S. law enforcers fear that, by protecting criminal communications, strong encryption jeopardizes national security. In response to this fear, the U.S. government has implemented policies that restrict the manufacture, distribution, and use of strong encryption. Key policy makers, most notably the Clinton Administration, are currently seeking to add to these restrictions.

This report is intended first to act as a primer on issues related to encryption policy, and second to outline a policy that, if adopted, would allow the Information Age to flourish while simultaneously empowering law enforcers to respond to encryption-related criminal threats. It concludes that if maintained and/or broadened, a restrictive U.S. encryption policy accomplishes neither of these goals. A more effective policy would harness market forces by eliminating all regulations on encryption. This would not only assure the security of legitimate transactions, it also would empower law enforcers to respond to computer crimes with market-driven innovations instead of government-imposed regulations.

The report reaches the following conclusions:

The Information Age will only prosper if businesses and individuals know their information is secure. According to a report by Forrester Research, an estimated $8 billion worth of goods and services were to be traded over the Internet in 1997. 1 The same report estimated that this number would rise to $327 billion by the year 2002.2 As this electronic commerce increases, an increasing amount of valuable information will be transmitted electronically. Consequently, the incentives for criminals to steal this information will rise. If electronic commerce is to prosper, businesses and individuals must feel secure against this threat.
Encryption programs are the key to the security of the Information Age. The computerized equivalant of a safe, encryption locks information into unreadable text called "cyphertext." Cyphertext can only be decipheredu read by someone hol the "key"2 that unlocks it. If encrypted with a strong program, data and communications are useless to anyone who doesnÕt hold the key.
The market for encryption is large and growing. In 1991 the size of the world market for encryption confidentiality products was estimated at $695 million.3 IIn 1995, the information security consulting firm Interpact estimated that yearÕs demand for encryption products at $1 billion.4 While this market will undoubtedly grow, the extent of this growth is difficult to project. According to a report on cryptography by the National Research Council, a "high-end estimate" pegs the size of the future market at "many tens of billions of dollars [per year]."5

A restrictive encryption policy threatens not only the growth his market but also the future of the Information Age. U.S. policy makers fear that the spread of strong encryption will spawn a new and unstoppable crime wave. In response to this fear, they have implemented policies that use export regulations to restrict the manufacture, distribution, and use of strong encryption.

These policies do not accomplish the goal of preventing the proliferation of encryption by criminals. Even if strong encryption were banned, criminals could still use several means to acquire it: they could use it from sources abroad, acquire it from internet-based, hidden sources, contract programmers to develop encryption for them, or create the programs themselves.

Despite this fact, key policy makers continue to propose new encryption regulations that would augment past policies. If enacted, these proposals would introduce new vulnerabilities into encryption that will inevitably be capitalized upon by criminals. As a result, the policies would erode the pillar of information security upon which the Information Age would otherwise be built.

The only way to prevent such an erosion is to leave encryption unregulated and let market forces respond to the needs of businesses, individuals, and law enforcers. Businesses and individuals would be left free to manufacture, sell, and use whatever strength encryption they choose. As the proliferation of strong encryption rises, market forces will be brought to bear on law enforcement agencies. Just as the private sector is expected to respond creatively to government regulations, these agencies would be forced to respond to the private sector with innovations of their own.

Encryption programs are the key to this security. The most sophisticated incarnation of cryptography, the art of sending secret messages, these programs scramble data into unreadable text that cannot be deciphered by criminals. Encryption, therefore, ensures the security necessary for the U.S. to continue making progress towards the information age.

This security has a price. While encryption protects information from criminals, it also protects criminals from the police. Just as business transactions can be encrypted, so can communications between spies, drug traffickers, and terrorists. U.S. law enforcers fear that, by protecting these criminal communications, strong encryption jeopardizes national security.

In response to this fear, the U.S. government has implemented policies that are intended to prevent the spread of strong encryption. To date, the preferred policy tools have been export regulations that deny U.S. firms the freedom to export encryption of any strength. In addition to these export restrictions, key policy makers in the Clinton Administration, the FBI, and the National Security Agency have sought to implement policies that require encryption users to provide law enforcers with the means to read all encrypted communications.

The purported aim of these policies is to balance the needs of business and law enforcement. The goal is to allow businesses to use moderately strong encryption while preventing criminals from using encryption that is too strong for the government to decipher.

This report concludes that all existing and proposed encryption regulations will have the opposite effect. Criminals will still be able to acquire encryption of any strength. Legitimate interests will be forced to use weak encryption that is vulnerable to attack. Information will become less secure. The information revolution will be slowed.

Only a free-market encryption policy can prevent such a disaster. Businesses and individuals must be left free to manufacture, sell, and use whatever strength encryption they choose. By harnessing market forces, this environment would allow encryption manufacturers the best chance to outgun criminals in the battle over information security.

Advocates of regulated encryption argue that such a policy would jeopardize national security. This argument rests on two key assumptions. The first is that regulation will prevent criminals from acquiring strong encryption. The second is that law enforcement agencies are impotent against strong encryption.

By using existing research to support a principled argument, this paper disproves these assumptions. It is intended first to act as a primer on issues related to encryption policy, and second to illustrate how any encryption-related problems can only be solved with market-driven innovations, not government-imposed regulations.

This change will be driven by electronic commerce. As the cost of computers continues to fall and more goods and services become available on-line, demand for these products will rise. The relatively low start-up costs of web-based businesses will allow entrepreneurs and existing companies to respond quickly to this demand. Electronic commerce will flourish.

This trend has already begun. In 1994, total business transactions conducted over the Internet were estimated at $100 million.6 By 1997, early returns led to an estimate by Forrester Research of Massachusetts that the year's on-line sales would reach $500 million.7 Another 1997 Forrester report estimated that the value of goods and services traded over the Internet that year would reach $8 billion.8

Projections suggest that these numbers may be only the tip of the iceberg. The same Forrester report estimates that, by the year 2002, $327 billion worth of goods and services will be traded over the Internet.9 The Computer Systems Policy Project concluded that, by the turn of the century, the potential of electronic commerce, electronic distribution, and the resulting opportunities to re-engineer business will total anywhere from $280 billion to $560 billion per year.10

Threats to Information Security

Electronic commerce projections rest on numerous assumptions, the most important of which may be overall public confidence in the security of information. Businesses and individuals must know electronic commerce and communication are safe before they leap into the information age.

There are two primary threats to this security. The first is information theft. As an increasing amount of valuable information is transmitted electronically, the incentives to steal this information rise. As expected, computer-savvy criminals are responding to these incentives by honing their ability to intercept transmissions and invade computers.

The second threat is identity fraud. Internet correspondence does not possess the voice or visual identifiers of telephone conversations or face-to-face meetings. It is therefore possible for hi-tech criminals to assume false identities, such as bank representatives, business associates, and others to whom an unsuspecting party may divulge sensitive information.

How Encryption Works

Encryption programs can overcome these threats. Think of encryption as the computerized equivalent of a safe. Documents stored in a safe are more secure than those stored in an unlocked filing cabinet. They are not, however, invulnerable; the safety of the documents depends on things like the strength of the safeÕs lock, the materials it is made of, and the thickness of its walls.

Encryption programs are similar, only instead of surrounding documents with metal walls, they scramble documents into gibberish called 'cyphertext.' This text appears on screen as an unreadable stream of numbers, letters, and symbols. Cyphertext can only be deciphered by someone holding the 'key' that unlocks it.

Just as safes come in a variety of strengths, encryption programs vary in the level of security that they offer. What determines this safety is a mathematical algorithm, known as a 'key.' If encryption programs are like safes, then keys are like highly sophisticated combination locks. While most combination locks have a five- or six-digit code, keys can have codes that are hundreds, even thousands of digits long.

A key's complexity is indicated by its length, which is measured in bits. As the number of bits in a key-length rises, so does the program's strength. While a safecracker has a chance at stumbling upon a five- or six-digit combination, no criminal can hope to figure out an encryption key without the help of powerful computers able to run through the combinations at high speed.

In addition to its function as a combination lock that guards information, encryption keys provide message-senders with the digital equivalent of a handwritten signature. This signature can be used by others to verify a senderÕs identity.

Strong encryption, therefore, overcomes two of the primary threats to information security. By scrambling information into gibberish, it renders a thief's efforts moot. By providing message sender's with a signature, it helps prevent identity fraud. In an information economy, strong encryption functions as both safe and seal.

The Two Types of Encryption

There are essentially two types of encryption: private-key cryptography and public-key cryptography. In order to fully understand the terms of the debate over encryption policy, it is necessary to understand the differences between these types.

Consider the following scenario: a Tennessee auto mechanic named Betty owns an exotic Italian sports car, which she repairs herself. Since Italian parts are not readily available in most U.S. auto parts stores, Betty must order parts directly from the carÕs manufacturer. Fortunately for Betty, the manufacturer sells these parts on-line to all customers who have credit cards. Because Betty fears that on-line transactions are insecure, when she transmits her order she uses cryptography to protect her credit card number. She can use a private-key system or a public-key system.

Private-key cryptography, also known as symmetrical cryptography, is straightforward. To ensure the confidentiality of her order, Betty encrypts it using her private key, which is stored on her computer and known only to her. In order for the auto manufacturer to decrypt BettyÕs order, the company must have a copy of her private key. While private-key cryptography is safer than naked transmission, the need to reveal oneÕs private key is a severe vulnerability.

Public-key cryptography, or asymmetrical cryptography, corrects for this vulnerability by using two different keys, a public key and a private key. Public keys, which are made widely available, are used to encrypt messages. But these messages can only be decrypted using a private key, which is kept confidential.

For example, under a public-key system, the auto manufacturer would publish its public key on its website. Betty would use the public key to encrypt to her order. The manufacturer would then use the secret, private key to decrypt BettyÕs transmission. Her information would be safe.

Strong public-key cryptography, therefore, can potentially be used to hurdle the security barrier that lays between today and a future where electronic commerce is used for as many types of transactions as consumer preference allows.

Encryption's Vulnerablities

Encryption programs are not invulnerable. A criminal who is both clever and well equipped can use several methods to attempt to crack the key and decipher the message that has been hidden.

The most straightforward of these methods is known as 'brute force attack,' the digital equivalent of a battering ram. Using brute force attack to decipher a key simply means running through every possible combination of numbers until the proper sequence is discovered. While this exercise would be fairly simple with a three-digit combination lock, it gets exponentially more difficult as the number of digits in the combination rises. For example, in a 56-bit encryption key there are 72 quadrillion combinations to try.

As combinations get more sophisticated, so do the means used to crack them. While old-fashioned safe-crackers had to manually pencil out and try each possible combination, todayÕs hackers can simply command a computer to run through the combinations, thereby taking advantage of the machine's computing speed. Or they can send the same instructions to a network of computers that have been strung together to harness collective speed and capacity. More speed translates into the ability to check more combinations at a faster rate; as the amount of available computing speed rises, so does the vulnerability of the key being cracked.

Brute force attack is not the only method used to crack encryption. Since keys must be stored on disk or on a computer, another common method is to try and invade a computer and steal the keys. Encryption users can also be duped into giving away their keys by an emailer or caller claiming to be a business or technical associate who needs key access. As encryption strength increases, criminals will continue to use these and other methods as they seek out and capitalize on information vulnerabilities.

Who Needs Encryption?

Encryption is already becoming a vital link in the security chain used by businesses and individuals. It can be used to protect the privacy of nearly all data and communications, including electronic mail, electronic funds transfer, electronic file transfer, fax transmissions, cellular telephone calls, and standard telephone calls.

This protection is most obviously needed by banks and other financial institutions that transmit large amounts of money via electronic means. For example, two of the largest funds transfer systems, Fedwire and the Clearing House Interbank Payment System, already process more than 350,000 electronic funds messages a day with an estimated value of $1-2 trillion.11 If these messages were left unencrypted, a criminal could intercept or fabricate these transmissions and illegally route payments away from their intended account. The Department of the Treasury already requires all electronic funds transfer to be encrypted as protection against this threat.12

Encryption is equally critical to corporations and businesses, particularly multinational firms that regularly transmit sensitive information to overseas affiliates. These transmissions include information such as business plans, strategic goals, bidding strategies, research and development reports, and plans for mergers and acquisitions. Such information would be of enormous value to competitors, speculators, and investors. With this in mind, more than one-third of Fortune 500 companies already require their software and hardware to have encryption capabilities13

While there are fewer tangible incentives to steal such information, the records and transmissions of professionals and individuals are equally vulnerable to attack. Physicians, lawyers, accountants, therapists, and a host of other professionals possess information that their clients trust to be confidential. This information is both stored on computers and discussed via electronic communication. It is easy to see how opposing counsels or extortionists have tremendous interest in acquiring such information. Encryption programs are an accessible and affordable protection against this threat.

Criminals must also be included among those who stand to gain from the spread of strong encryption. Just as encryption can be used to protect legitimate communications, it can be used to protect the communications of criminals wishing to plot their crimes in absolute secrecy: an encrypted email is less vulnerable to being intercepted by law enforcers than a telephone call or a letter sent via traditional mail. An encrypted file containing plans of a drug deal or a terrorist attack is safer than a notebook or a typewritten manifesto.

The Policy Maker's Dilemma

Because it simultaneously benefits legitimate interests and criminals, encryption presents policy makers with a dilemma over whether or not to regulate. Allowing the unregulated, free manufacture, use, and distribution of strong encryption means assuring businesses and individuals maximum information security. But it also provides criminals easy access to strong encryption that can potentially limit the efforts of law enforcers.

There are two sides to the debate over which policy to adopt. On one side are computer industry representatives, user groups, and civil libertarians, all of whom argue that the only sensible policy would severely deregulate encryption. On the other side are law enforcement agencies and policy makers (most notably the Clinton administration) that assert that the use and distribution of encryption must be heavily regulated in order to stop criminals from acquiring unbreakable encryption.

At the center of this debate is a question of costs. Deregulation's advocates argue that regulations impose heavy costs on businesses and encryption users. Regulation, they say, reduces the competitive advantage of U.S. software companies, promotes information vulnerability and, by consequently reducing confidence in information security, hinders the growth of electronic commerce. They claim that regulations impose costs by causing software companies to lose profits, U.S. firms to lose information, U.S. businesses and workers to lose opportunities, and U.S. individuals to lose privacy.

Advocates of regulation disagree. They argue that unregulated encryption would allow criminals, terrorists, and spies to secretly plot crimes that jeopardize the safety and security of U.S. citizens. The costs of unregulated encryption, they say, would be measured in national security increments such as lost lives and lost intelligence information.

To date, policy decisions have been governed by the perception that these national security costs substantially exceed the costs of regulation. This perception has led to a regulatory policy that favors the concerns of law enforcement over the concerns of business. Section III is intended first to provide an overview of the policy tools that have been applied towards these ends, and second to provide insight into the evolution of the current debate. The efficacy of these policies and the inaccuracy of the cost perceptions behind them will be discussed later, in sections IV and V.

Two Policy Tools

At the center of the federal government's attempt to limit the spread of encryption to spies, criminals, and terrorists are two policy tools: export restrictions and key escrow systems.

Export restrictions have been the policy tool of choice by regulators for over fifty years. These restrictions impose strength ceilings (limits on encryption strength) on the U.S. firms that wish to export encryption products. The regulation's definition of such firms includes not only manufacturers wishing to sell their products abroad but also U.S. companies that wish to use strong encryption to protect communications with overseas affiliates.

Export restrictions are intended to accomplish two goals. The first goal is to prevent strong, U.S-made encryption from spreading overseas. This goal is theoretically accomplished (aside from regulatory loopholes that will be discussed later) via the direct prohibition of the export of encryption that exceeds a certain, predetermined strength.

The second goal is to discourage U.S. companies from manufacturing and distributing strong encryption, in the United States as well as abroad. By relying on market forces, export restrictions use a less direct mechanism to achieve this goal. This mechanism is driven by the fact that roughly half of U.S. software is sold internationally. Because it is less costly for software manufacturers to produce one product than it is for them to produce two, when given an option manufacturers tend to produce products that appeal to the widest possible market. In the case of encryption software, it makes more sense for companies to manufacture a version that can be sold both domestically and abroad than it is for them to manufacture two versions, one with weaker encryption for sale abroad and one with stronger encryption for sale at home.

In the past, policy makers saw export restrictions as an effective method of achieving the intended policy goals. The recent spread and advancement of technology, however, has sent the federal government on a mission to add to its regulatory arsenal: as the demand for and supply of strong encryption products have skyrocketed, regulators have sought to use new policy tools to accomplish the same ends.

'Key escrow' is the new tool that has been featured, in one form or another, in every major new regulatory proposal since 1992. Key escrow systems, known in other incarnations as 'key recovery systems', would guarantee that law enforcement has access to all encrypted communications. They would do so by implementing a system that allowed law enforcers, when aided by a court order, to obtain user's keys in order to decrypt stored information as well as past and real-time communications. An alternative to key escrow are 'trap door' requirements, or requirements that encryption manufacturers build features into their products that assure law enforcers a way to decrypt information outside of possessing the actual key.

It is important to note that encryption regulations do not yet extend to the manufacture, sale, or use of encryption products within the United States. In the past, this exclusion has placated U.S. opponents of regulations. The following policy overview illustrates that this exclusion is in jeopardy.

U.S. Encryption Policy: A Brief History

Until the last thirty years, cryptography was used mainly by the military to protect secret transmissions from the threat of being stolen by the enemy. Encryption first came into widespread use by the United States during World War II, when the development of encryption technology began advancing at a rate that accelerated as the world descended into the cold war.

In hopes of preventing foreign adversaries from acquiring U.S.-developed encryption technology, the State Department classified encryption as munitions and began using regulations to attempt to limit the proliferation of encryption following the war. They did so by including encryption in the International Traffic in Arms Regulations. These regulations dictated that U.S. manufacturers could not export encryption that had strength greater than 40 bits. The regulations did not, however, limit the strength of encryption that could be used or distributed in the United States.

As the century marched along, the use of encryption became increasingly widespread. Government agencies needed it in order to protect their communications from spies and criminals. The private sector needed encryption, too; the early incarnations of innovations like electronic funds transfer, wireless/satellite communications, and fax machines started U.S. businesses, particularly financial institutions, down the road of information vulnerability.

In response to the increasing use of encryption, the National Bureau of Standards (NBS) decided that the U.S. needed a single, standard encryption algorithm. A single standard, thought the NBS, would prevent any interoperability problems with encryption programs of different strengths and types. Engineers at the National Security Agency responded to this decision by developing the algorithm known as the Digital Encryption Standard (DES). Released in 1974, DES is a symmetrical program with a 56-bit key length.

The government wasn't the only player in the encryption game. As the private sector began to need encryption, private agencies responded to the demand. Encryption programs appeared on the U.S. market, with strengths that increased as technology improved.

A Logical Trend

This marked the beginning of a logical trend. Advancing technology leads to increasing reliance on electronic means of storing and transmitting data. This reliance leads to increased information vulnerability, which leads to increased demand for encryption. Increased demand, coupled with increasing computer speeds, leads to an expanding supply of encryption products with strengths that increase every year. Hovering over these developments are criminals using the similarly advancing technology to break encryption and steal valuable information.

As this trend has spiraled along, the number of parties with a vested interest in both the deregulation and the continued regulation of encryption has multiplied. Businesses and individuals want absolute freedom to manufacture, sell, and use encryption. Law enforcers want regulations that limit this freedom in hopes that the threat of criminals using encryption will be averted. The policy debate between these two parties is constantly intensifying; heated clashes over the ITAR export restrictions began in the 1980s, and the frequency and ferocity of these clashes keeps increasing as new, more restrictive policies have been proposed.

Technology and the Clinton Administration

Throughout its tenure, the Clinton White House has promised a technology-savvy, pro-business approach to mediating such clashes. During the President's 1992 campaign the term 'information superhighway' was standard fare in his stump speeches and debates. Al Gore became the first Vice President to hold an interactive news conference14 and, in 1996, President Clinton joined volunteers in California to help install millions of feet of wire that linked 2600 of the state's schools to the Internet.15

The administration's position papers suggest that its understanding of the issues facing hi-tech extends beyond rhetoric and superficial action. The most notable of these papers is the 1997 Internet policy paper entitled 'A Framework for Global Electronic Commerce.' The paper is built around such free-market tenets as 'The Internet should develop as a market-driven arena, not a regulated industry' and 'Governments should refrain from imposing new and unnecessary regulations...on commercial activities that take place via the internet.'16 At the press conference announcing the paper's release, President Clinton voiced his support for these principles when he said that "[T]he Internet can be, and should be, a truly empowering force for large and small business people alike. It should be a place where government makes every effort first, as the Vice President said, not to stand in the wayÑto do no harm."17

The Clinton Administration's Encryption Policy

Encryption policy is an area where the hi-tech industry has hoped that the administration would turn its rhetoric into reality. In a 1993 article on the optimism surrounding the Clinton Presidency, RSA Data Security President Jim Bidzos said "It's a positive sign that Clinton will establish a National Economic Council to elevate economic issues to equality with national security...then we'll be able to talk to real people instead of shadow people from the intelligence community we've been dealing with."18

The Clinton administration's encryption policy, however, has contradicted its rhetoric. The administration has consistently favored the supposed needs of law enforcement over the concerns of business. This precedence has translated into a series of encryption policy proposals that have featured new, stronger, and more restrictive regulations.

The unstated goal of these proposals has been to establish key escrow as part of U.S. encryption policy without gaining congressional approval. In pursuit of this goal, the administration has presented policy proposals at various times, listened to industry feedback, withdrawn the proposals, modified them, and presented the modified policy for review. The administration's hope has been to first gain industry approval of a new encryption policy and then to put the policy into effect through executive action, thereby avoiding Congressional debate. The fear is that a legislative battle would result in the passage of bills that deregulate encryption further than the administration is willing to. Since 1993, a variety of proposals has been presented as part of this process.

Clinton Policy I: The Clipper Chip

In 1993, the administration introduced the Clipper Chip. Designed by engineers at the National Security Agency and the National Institute for Standards and Technology, the Clipper chip was encryption hardware that could be installed into telephones (both cellular and standard) and computers.

The Clipper chip contained an 80-bit algorithm, called ÒSkipjackÓ, that was intended to replace the 56-bit DES algorithm. In return for the benefit of Clipper's stronger Skipjack algorithm, encryption users were required to hand over their keys to a government data base: key escrow was built into the chip, and vendors were required to give copies of the keys to a federal agency.

The administration's intent was to require installation in all telephones and computers used by the federal government, which at the time was the single largest encryption user in the United States.19 The goal was to use the government's enormous purchasing power to influence the encryption product market. The hope was that, by requiring the use of Clipper by such a large segment of the economy, the government would impose a de facto standard on the public: as the government ordered millions of Clipper chips, the price of production would fall, and Clipper would become widely produced, inexpensive, and attractive to consumers.

The proposal, however, was met with fierce objections from the computer industry, computer user associations, and civil libertarians. These objections can be divided into three categories:

Objections in Principle: Civil libertarians vigorously objected to the prospect of giving government the keys to personal communications, contending that such a requirement constituted a violation of a citizen's right to privacy.

Practical Objections: Several aspects of the Clipper proposal elicited practical objections. Most troubling was the proposal's requirement that the keys be stored in a government-maintained database. Concern was rampant over how the security of this database would be maintained, and what recourse companies would have if security was breached and the keys stolen.

Technical Objections: The Skipjack algorithm, though developed and reviewed by experts at the National Security Agency and the National Institute for Standards, was classified and not made available for review by independent authorities. This led to concern that it possibly contained technical flaws such as 'trap-door' features, either intended or accidental, through which interested parties could gain access to encrypted information without actually having the keys. One such flaw was uncovered by an AT&T researcher, who discovered that a 'spoof' key could be created and used to decrypt communications without having knowledge of the actual key.

The vociferous objections elicited by these concerns and discoveries led the administration to temporarily abandon the Clipper proposal. Administration officials regrouped, modified the Clipper proposal, and re-emerged in 1995 with a new encryption plan they hoped would accomplish the goal of satisfying law enforcement while placating the private sector.

Clinton Policy Proposal II: Clipper 2

The Clipper 2 proposal contained several concessions. First, it abandoned the hope that Skipjack would become the standard. Second, Clipper 2 allowed private databases to store the keys, ensuring greater accountability. Third, the proposal called for a loosening of export restrictions to allow the export of encryption with key lengths of up to 56 bits.

The proposal's fundamental problems, however, remained the same. Encryption users still had to give up their keys. Software manufacturers were still prohibited from exporting algorithms strong enough to compete on the international market.

The objections to these requirements remained strong. A statement made by Robert Holleyman, President of the Business Software Alliance, captured the spirit of this opposition. "The continued success and growth of our industry is directly threatened by the United States government's continuing refusal to adopt realistic export control policies," Holleyman said. "America's software companies still are unable to sell worldwide software programs with encryption features that will provide the strong information security demanded by their customers."21

In the face of these objections, the Clinton administration retreated to the drawing board once again.

Clipper 3

On May 20, 1996 the administration's Interagency Working Group on Cryptography Policy released a paper entitled 'Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure.' Critics called it Clipper 3.

Clipper 3 was smarter. It didn't call for key escrow for everybody. Instead, it proposed a new solution to the problem of identity fraud. The paper called the solution a Key Management Infrastructure (KMI). The KMI would be a system of agencies that issued certificates verifying people's digital signatureÑthe coded messages attached to data that verify the sender of a message. Everyone who registered with the KMI would have an easily verifiable identity. But joining the KMI wouldn't be free, it would cost users their keys: those wishing to use the KMI would have to use encryption programs that had a key escrow feature.

According to the paper, the KMI, coupled with widespread use of key escrow, would prevent the national security costs that regulation advocates claim would accompany deregulated encryption. ÒThe widespread use of encryption without safety features such as key recovery can pose serious risks to society,Ó the paper stated. "[I]t will put at risk important law enforcement and national security investigations where electronic surveillance and search and seizure are essential in prosecuting crimes and, more importantly, in saving human life."22

The administration was singing the same tune, but people still weren't listening. According to Montana Senator Conrad Burns "It is crucial that we pass legislation...to ensure that the government won't force anyone to give up the keys to their computers...It's three strikes you're out at the old ball game."23

Current Policy

On October 1st, 1996, administration policy makers swung again, only this time they didn't bother with a proposal. Instead, they announced a policy initiative that went into effect on January 1st, 1997.

The initiative contained a nod to businesses. Jurisdiction over encryption exports was handed from the Justice Department to the Department of Commerce, and the allowable export strength was raised from 40 bits to 56 bits. In addition, the initiative implied that U.S. companies would be allowed to export even stronger encryption pending a case-by-case review of applications made to the Department of Commerce.

But the administration's motives weren't pure. Export approvals wouldn't come cheap: companies wishing to export products of 56-bits or stronger must agree to develop a key recovery system that grants law enforcement agencies access to encoded transmissions. Among the defenders of the policy was Vice President Al Gore. "The initiative will make it easier for Americans to use stronger encryption products," Gore said. "It will support the growth of electronic commerce, increase the security of the global information infrastructure and sustain the economic competitiveness of U.S. encryption product managers during the transition to a key management infrastructure."24

Business and other legislators still weren't buying it. Peter Harter, a public policy lawyer for Netscape, voiced his opposition by saying "This is tantamount to making public policy by extorting hi-tech companies."25 Senator Patrick Leahy (D-Vermont) agreed. "Internet users themselves," he said, "not the national security agency, not any government regulator, should decide what encryption method best serves their needs. The administration is putting the proverbial cart before the horse by putting law enforcement's interests ahead of everyone else's."

But they didn't have any choice. The administration let the policy stand. It went into effect on January 1st.

By implementing an initiative that wasn't approved by business leaders, the administration essentially left encryption policy in the hands of Congress. But it did not give up. While no bills have been passed, a variety has been proposed and the Clinton administration has been involved in negotiations over each of these. These negotiations, as well as the content of the bills themselves, are discussed in part VI of this paper.

Advocates of these regulations think so. Their position rests on several assumptions, the three most significant of which are:

Regulation can prevent criminals from acquiring unbreakable encryption.

Encryption regulations will not adversely affect the information security of U.S. businesses and individuals.

If encryption is not strictly regulated, U.S. law enforcement will be powerless to stop encryption-using criminals.

If these assumptions were valid, encryption regulations would not be accompanied by any significant costs. Strength ceilings and requirements of key escrow, key recovery, and trap-door features would do no harm while preventing the supposedly astronomical national security costs that would accompany unregulated encryption. This is the argument that has been used to justify existing encryption regulations. It is also the argument that will be used if policy makers follow the current trend and try to impose stricter regulations on the manufacture, distribution, and use of encryption within the United States.

Evidence and logic reveal this argument to be false. The three underlying assumptions are not valid, and the effect of encryption regulations is exactly the opposite of their intent. If domestic strength ceilings are enacted, or key escrow, key recovery, or trap door features required, law-abiding businesses and individuals will be forced to operate in the information age with their hands tied. U.S. firms will bear enormous costs, measurable in lost revenue, lost information, and lost opportunities. Criminals, however, will still be able to acquire any encryption they desire. Consequently, law enforcers will not be significantly empowered to decrypt the very communications that the regulations are intended to make accessible.

This section illustrates this argument and proves that encryption regulations don't work. A superior policy would eliminate all regulations and in turn allow businesses the freedom to manufacture and use encryption of any strength. While criminals would also be free to use this encryption, a deregulated policy would force law enforcement to respond to this threat using innovation, not regulation.

IV-a: The Effect of Regulation on Criminals

The Internet is like a worldwide maze of channels and rivers. Regulation advocates assume that encryption flows into this maze through a single floodgate that export restrictions, strength ceilings, key escrow/key recovery requirements or other policy tools can close. They're wrong: encryption flows from a myriad of sources and, while regulation may effectively close some of these, it cannot close them all.

Policy makers need to realize that encryption's demanders and suppliers will find creative ways to assure that strong encryption is always available, regardless of the regulations that are imposed. Criminals and other interested parties will always be able to acquire strong encryption using a variety of methods: they will either purchase it from sources abroad, acquire it from hidden, Internet-based sources, contract programmers to write programs for them, or create the programs themselves. Regulation could never hinder this process.

International Availability

The United States is not the only country in which encryption is produced; encryption programs are manufactured worldwide in countries that place no restrictions on encryption whatsoever. An ongoing study, conducted jointly by the Software Publishers Association and Trusted Information Systems, finds that companies in 29 other countries, including Russia, Japan, Germany, and Canada, are currently manufacturing and distributing a total of 656 encryption products.26 According to the study, 281 of these products use the DES algorithm in spite of U.S. export controls designed to prohibit this proliferation.27

This widespread international availability illustrates the fundamental weaknesses in U.S. regulations designed to prevent criminals from acquiring encryption. Regulations aren't working: the worldwide market is responding to the demand for encryption despite U.S. export restrictions. Consequently, encryption is available to consumers throughout the world, including criminals.

Skirting the Regulations: U.S. Encryption Suppliers

In an ironic twist, United States software manufacturers have actually contributed to the availability of strong encryption programs abroad. These companies have done so by exploiting a regulatory loophole that allows U.S. companies to profit from indirectly assisting programmers abroad in the development of strong encryption programs.

Sun Microsystems is among those companies that have taken advantage of this loophole. In 1996 the company published its programming language, called SKIP, on the Internet, making it available worldwide. Since SKIP is technically a language, not a program, it is not subject to U.S. export restrictions. It does, however, provide programmers with the tools they need to develop strong encryption programs.

While many programmers around the world have been attempting exactly such development, some programmers in Russia were among the first known to succeed. In 1997, it was announced that ElvisPlus, a Russian firm, had used SKIP to develop encryption programs with key lengths of 56, 64, and 128 bits. It was also announced that Sun had entered into a partnership with the company.28

Under the partnership agreement, ElvisPlus encryption will be attached to Sun products, which will be distributed internationally. This agreement makes it possible for Sun, by partnering with an overseas firm, to sell encrypted products abroad. This partnership effectively allows Sun Microsystems to circumvent U.S. regulations that prohibit the direct export of these products.

Sun Microsystems was not the only American firm to devise creative ways to skirt these regulations. RSA Data Security did it too, by creating a Japanese subsidiary called Nihon RSA. In 1996, it was announced that Nihon RSA had developed a highly secure encryption program based on an RSA Data Security algorithm. According to the announcement, the new program has a key length of 1,024 bits.29 The creation of a subsidiary, therefore, allows RSA, like Sun, to internationally distribute encryption that could not legally be exported from the United States.

Not only are the ElvisPlus and Nihon RSA products stronger than those allowed under current U.S. regulations, they also do not possess any type of key escrow feature. The products, therefore, illustrate that regulations simply cannot even prevent the spread of the strongest American encryption technologies overseas.

Criminal Acquisition

In order to understand the sheer impotence of encryption regulations, imagine that every country in the world were to outlaw the manufacture, use, and distribution of all encryption programs. U.S. regulators seem to believe that, if such measures were taken, criminals would not be able to acquire or use encryption. They're wrong. Criminals could still use a variety of means to create and acquire encryption programs.

Such acquisition would most likely occur via an Internet-based underground network that would distribute existing encryption. It would be easy for someone to anonymously set up a web site where interested parties could go to download strong encryption as needed. It would be equally simple to place such programs on a remote computer that could be accessed via modem. Both of these systems could be easily set up and accessed anonymously; even if they were uncovered by law enforcers, it would be difficult for the enforcers to actually tie the systems to people involved in their creation.

A more difficult way to acquire encryption would be for interested parties to build programs from scratch, a process that has become increasingly easy in recent years. As computers seep continually deeper into culture, the number of people with basic and advanced programming knowledge has skyrocketed. It would be simple to anonymously hire one such person over the Internet to write a strong encryption program.

In addition, there already exists a body of "how-to" literature that gives programmers blueprint instructions on writing encryption. For example, the specifications of the encryption program Pretty Good Privacy were published as a book entitled ÒPretty Good Privacy: Source Code and Internals". Such manuals make it easy for people with basic programming skills to construct and modify encryption programs of their own. The rights granted under the first amendment assure that the publication of such books cannot be banned; they will always be available.

Conclusion

Strong, unescrowed encryption will always be available. If regulations are enacted that prohibit the use of certain encryption, interested parties will likely use other avenues to acquire strong encryption: they will either purchase it from sources abroad, acquire it from Internet-based, hidden sources, contract programmers to write programs for them, or create the programs themselves.

IV-b: The Effect of Regulation on U.S. Businesses

Though criminals will not bear the burden of encryption regulations, these regulations will not be costless: United States businesses will suffer. Export ceilings and key recovery requirements make the encryption used and produced by U.S. firms more vulnerable to attack. As a result, U.S. products are less attractive in international markets, and U.S. firms using this encryption are limited in their ability to respond to criminal attacks that will become increasingly sophisticated.

By surveying the effect of regulations on encryption vulnerability, the breadth of the market for U.S. encryption products, and the rising criminal threat to U.S. information security, this section illustrates how United States businesses bear the brunt of the costs imposed by encryption regulations.

Export Restrictions: Weaknesses

Advocates of regulation assert that the current U.S. controls allow for the export of encryption that is strong enough to protect information from attack. What they fail to recognize is that, in the world of encryption, 'strong enough' is a term whose meaning is in constant flux. Because technology advances at such a rapid pace, what is strong enough this year may be laughably weak next year. Since regulated strength ceilings do not account for this rapid advance, they force encryption strength down to a level that will inevitably become vulnerable.

In 1965 Gordon Moore predicted that computer chip capacity would double every year. This prediction has been so accurate that it has become known as "Moore's Law": on average, capacity doubles about every eighteen months. Capacity increases and the accompanying accelerations in computer speed change the face of computing at astronomical rates, rates that render status quo technology outdated, often in a matter of months.

Not surprisingly, this rate of change affects the relative vulnerability of encryption programs; algorithms that were once thought unbreakable are now considered highly vulnerable. Perhaps the most striking tale of such change began in 1977, when RSA laboratory engineers developed a 129-digit key that, using the technology available at the time, would have taken 40 quadrillion years to factor out and break. The engineers predicted that the technology necessary to break the algorithm would not be available until well into the 21st century. The prediction was faulty: the algorithm was broken in 1994 by an international group of mathematicians that took only eight months to decipher the program.30 The lesson here is obvious: technology advances at such a rapid pace that unbreakable encryption quickly becomes vulnerable.

This lesson, of course, applies to government encryption regulations as well: the length of unescrowed, exported encryption is becoming increasingly vulnerable to attack. In January, 1997, RSA Data Security sponsored the "Secret Key Challenge", which offered $10,000 to the first person to decipher a message that had been encrypted with 56-bit DES, an algorithm that has 72 quadrillion possible combinations. In June it was announced that the algorithm had been broken by a group of amateur computer users organized by programmer Jim Verser of Lakeland, Colorado; the 56-bit key had been broken by a loosely organized consortium driven by a $10,000 incentive.31

A second challenge, the "DES Challenge II", was sponsored by RSA in January of 1998. Coordinating the efforts of ingenuity and computing power of thousands of computer enthusiasts, a group called 'distributed.net' took only thirty-nine days to crack the algorithm used in this challenge, less than half the time taken in the original challenge.32

Larger incentives to steal information lead to decrypting efforts that are more focused and can therefore break an algorithm more quickly. According to a paper by Michael J. Wiener (as cited by A. Michael Froomkin in 'The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution'), a computer capable of breaking a DES key in 3.5 hours can be constructed for $1 million.33 A $10 million computer could break a DES key every 21 minutes.34 While these expenditures may seem high, they are miniscule in comparison to the value of the information that could be stolen with them; today, this information would include most government transmissions and most overseas transmissions of U.S.-based, multinational firms.

If bound by export controls or other domestic regulations these transmissions will become increasingly vulnerable over time. The cost of building faster, specialized machines designed to break encryption will plummet. Drawn to the prospect of stealing valuable information, criminals will construct these machines. Unless encryption manufacturers and users are allowed to respond to this threat without being hindered by restrictive regulations, criminals will wreak havoc on electronic communications and stored information.

Key Escrow: Weaknesses

Past and current policy proposals use key escrow, key recovery, and trap door requirements to guarantee that law enforcers have access to encrypted communications, provided that they first obtain a court order. Each of these mechanisms requires that a vulnerability be built in to encryption programs. While there are various technical and philosophical flaws in this requirement, the primary flaw is obvious: pure encryption programs are safer than those with built-in vulnerabilities. If these vulnerabilities are not required, access to the key can be limited to only a single user. By requiring that a key be given either directly to the government or to a neutral third-party, vulnerability requirements do more than mandate that another party has access to the keys: they give criminals another set of avenues they can use to gain access to encrypted information.

While these avenues include the impersonation of law enforcement agents and forgery of access warrants, the most alarming avenues concern the central databases where all the keys would be stored. Anyone with access to such a database would also have access to a neat bundle of keys that could be used to decipher a myriad of potentially lucrative communications. The incentives for infiltrating these databases, therefore, are extremely high. While all employees of such databases would be required to undergo extensive background checks, there is no way to guarantee that they would not respond to bribes and other incentives with dollar values that total into the hundreds of millions.

Cost to American Firms: Lost Markets

As illustrated above, strength ceilings and key escrow requirements on U.S. encryption products make them more vulnerable than products manufactured abroad. Encryption consumers can be expected to respond to this vulnerability in a variety of ways. In the international market, rational consumers would choose unescrowed or recovery-free encryption over escrowed or recoverable encryption; why would a customer seeking to ensure safety voluntarily purchase a product that guarantees vulnerability?

This consumer preference will cause U.S. software manufacturers to suffer. A best-case scenario would have consumers abroad purchasing U.S. products coupled with foreign-made, unescrowed encryption. In the worst case, foreign consumers would not purchase U.S. products at all. In either case, the competitive ability of U.S. encryption producers is hindered.

This hindrance will prove costly: the market for encryption products is already large, and is expected to balloon as electronic commerce becomes more widespread. In 1991, the size of the world market for encryption confidentiality products was estimated at $695 million.35 In 1995, the information security consulting firm Interpact estimated that year's demand for encryption products at $1 billion.36 While this market will undoubtedly grow, the extent of this growth is difficult to project. According to a report on cryptography by the National Research Council, a 'high-end estimate' pegs the size of the market at 'many tens of billions of dollars [per year].'37

There are already strong indications that U.S. regulatory policy will cause the ability of U.S. firms to compete in this market to erode. A 1996 study of the international market for encryption suggests this erosion has already begun. This study, prepared jointly by the U.S. Department of Commerce and the National Security Agency, finds that the U.S. share of the market for encryption software began declining in 1994 in Switzerland, Denmark, and the United Kingdom, financial centers where the safety of information is absolutely vital.38 According to the study, "[S]ources in all three countries attribute the decline to [United States] export controls."39

Threats to Information Security

Regulations not only impose costs on firms that manufacture and sell encryption, they also affect firms that use encryption to protect their information. Key escrow, key recovery, and de facto strength ceilings all make encrypted information more vulnerable to attack. This vulnerability becomes tangible as costs endured by corporations, small businesses, and professionals that are victims of information theft. As discussed earlier, as an increasing amount of information used by these groups is stored and transmitted electronically, the incentives to steal this information will rise. Criminals can be expected to respond to these incentives by developing creative and perhaps unforeseen ways to intercept communications and steal information.

Current estimates and evidence suggests that this response has already begun. According to the National Research Council, "All business trends point to greater volumes of electronically stored and communicated information in the future... [and] it is clear that the potential for information compromises will growÑthe value of information that could be compromised through electronic channels is only going to increase."40 The National Counterintelligence Center substantiated the NRC's assertion when it recently reported that "[S]pecialized technical operations (including computer intrusions and encryption weaknesses) account for the largest portion of economic and industrial information lost by U.S. corporations."41

The 1995 Annual Report to Congress on Foreign Information collection and Industrial espionage reiterated this fact by noting that "[While] there is no formal mechanism for determining the full...impact of the loss of this targeted information...Industry victims have reported the loss of hundreds of millions of dollars, lost jobs, and lost market share."42

The definition of industry victims can be expected to become increasingly broad as the information age advances. Innovations will soon bring together hospital records, medical documents, the majority of personal correspondence, and a host of other information that will attract interest from criminals and voyeurs. The cost of the theft of such records must be added to the cost of the theft of the business information discussed above. While it currently is not possible to accurately estimate the combined total cost of such losses, current evidence suggests that such cost will be measurable in hundreds of millions of dollars.

The use of strong, well-managed encryption can stem the majority of these losses. The success of this use, however, would be compromised by key escrow requirements or government regulations that limit the strength of available encryption.

IV-c: Potential Privacy Costs of Key Escrow/Key Recovery

In addition to economic concerns, privacy concerns have been a central component of opposition to policies that include key recovery and key escrow. These concerns stem from a general unwillingness to give government law enforcement agencies broader means to put citizens' personal and financial information under surveillance.

Many Americans participate in organizations and activities that they are not eager for the government (or anyone else) to have knowledge of. These include political parties, chat groups, or other organizations that could be considered hostile to the United States government and its interests. These citizens fear that, while their activities may not currently seem harmful or notable, unforeseeable future events such as wars or other national crises may stimulate unwelcome government interest in their lives because of their views.

Perhaps the best summary of the viability of these fears is presented in 'The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution', a paper by University of Miami Law Professor A. Michael Froomkin. Froomkin writes:

"It is harder to view fears of government surveillance as aberrational when one learns that in the 1950s the FBI identified 26,000 "potentially dangerous" persons who should be rounded up in the event of a "national emergency," and that it maintained this list for many years. During the 1970s, even sympathizers dismissed as fanatical claims by Black Panthers that they were being wiretapped and bugged by the FBI. These allegations proved to be correct. Indeed, the U.S. government has an unfortunate recent history of intrusion into private matters. During the 1970s, the FBI kept information in its files covering the beliefs and activities of more than one in 400 Americans; during the 1960s, the U.S. Army created files on about 100,000 civilians. Between 1953 and 1973, the CIA opened and photographed almost 250,000 first class letters within the U.S. from which it compiled a database of almost 1.5 million names. Similarly, the FBI opened tens of thousands of domestic letters, while the NSA obtained millions of private telegrams sent from, to, or through the United States."43

Froomkin goes on to point out that:

"...U.S. Census Data is supposed to be private, and that privacy is guaranteed by law. Nevertheless, during World War II the government used Census data to identify and locate 112,000 Americans of Japanese ancestry who were then transported to internment camps. Similarly, the CIA repeatedly violated the prohibition on domestic intelligence contained in its charter."44

These facts, of course, cannot erase the fact that conspiratorial fears rest on hypothetical circumstances. But the evidence of past privacy breaches by government warrant that such concerns be considered.

IV-d: National Security Costs

Despite the apparent costs of encryption regulations to businesses and individuals, key policy makers continue to argue that unregulated encryption would be even more costly. Advocates of encryption regulations claim that, if there were no limits, encryption-using criminals would run roughshod over U.S. law enforcement. According to testimony by William R. Crowell, Deputy Director of the National Security Agency, unregulated encryption "would undermine international efforts to catch terrorists, spies, and drug traffickers. Quite simply, such efforts save American lives and protect our society."45

In 1997 testimony before a Senate Subcommittee, FBI Director Louis Freeh agreed. "If we are unable to access and decrypt real-time, with a court warrant in hand, conversations of people who would commit horrible crimes...we will be hard up to defend the country in many respects," he said. "That is why in my previous testimony I have said that unless we have some solution to unbreakable encryption we will be devastated with respect to our ability to fight crime and terrorism."46

Crowell and Freeh are not alone. Those aligned against the deregulation of encryption include the Clinton administration, the Drug Enforcement Agency, the National Sheriff's Association, the District Attorney's Association, and the Association of the Chiefs of Police.47 Each of these groups shares the fear that deregulated encryption would empower a new and unstoppable crime wave.

While fears of encryption use by criminals are well founded, there are three reasons why the arguments used by law enforcement agencies are not. First, their definition of national security is too narrow and must be amended to include the information security of individuals and businesses. Second, evidence suggests that law enforcers are already capable of decrypting criminal communications; they are not as impotent against the criminal threat as they claim. Third, encryption regulations unfairly put the interests of law enforcement above the interests of businesses and individuals; these agencies should be expected to respond to private sector innovations with innovations of their own, not with regulations.

By focusing on these shortcomings in the national security argument, this section illustrates how this argument not only overstates the cost that encryption deregulation would impose on law enforcement but also understates the ability of law enforcement to respond to the criminal use of encryption.

(Re) Defining National Security

The definition of national security most often used by the FBI, the NSA, the Clinton administration, and others does not include the information security of U.S. businesses or citizens. Instead, it includes only the personal safety of U.S. citizens and the information security of the U.S. government and military. As a result, the arguments used to favor encryption restrictions overstate the ability of regulation to minimize national security costs.

This point is illustrated by a paper co-authored by Georgetown professor Dorothy Denning, one of the key academic supporters of encryption regulations, and former FBI Assistant Director William Baugh, Jr. In the paper, entitled 'Encryption and Evolving Technologies: Tools of Organized Crime,' Denning and Baugh write that "The threat [posed by encryption to national security] is manifest in three ways: failure to get evidence needed for investigations, failure to avert catastrophic or harmful attacks, and failure to get foreign intelligence vital to national security."48

By categorizing the threat as such, Denning and Baugh, Jr. imply that regulation can solve the problems that could potentially accompany the widespread proliferation of strong encryption. In so doing, they ignore the threat that encryption regulations pose to national security: these regulations force information vulnerabilities upon U.S. businesses and individuals. Since the security of a nation necessarily includes the security of its citizens' property, the popular definition of national security must be understood to include the information security of U.S. businesses and citizens.

Assessing the Criminal Threat

There is substantial evidence that encryption is indeed an attractive tool that will be used by criminals to protect their activities. This evidence is well summarized by Denning and Baugh, Jr. in the aforementioned paper, which finds that:

FBI records indicate that the number of cases of encryption use by criminals is rising. The Computer Analysis Response Team (CART) is a FBI division that analyzes computer data that has been gathered as evidence for investigations. In 1994, CART's forensics lab reported that encryption was evident in about seven cases, or two percent of that year's evidence submissions.49 By 1996, this number had quadrupled to about 30 cases, or 5-6% of that year's submissions.50
The worldwide annual number of forensics cases involving encryption numbers somewhere between 500 and 1000.51 Denning and Baugh, Jr. estimate that between 250 and 500 of these cases are in the United States.52
The most extreme estimates of the future use of encryption by criminals assume an annual doubling in the caseload and conclude that by the year 2001 there will be between 8,000 and 16,000 cases involving encryption in the United States alone.53
Responding to the Criminal Threat
While the information base for the Denning and Baugh, Jr. estimates is thin, it seems fair to expect an increase in the use of encryption by criminals to shield their activities. Given this expectation, the next set of important questions concern law enforcement's ability to respond to this threat. Law enforcers argue that their response will be limited unless new regulations guarantee their access to encrypted communications. Existing evidence and logical assumptions suggest this argument is false: law enforcement agencies can effectively respond in the absence of regulations that require key escrow, key recovery, strength ceilings, trap doors, or some combination of the four.

When making their case, law enforcers begin at the assumption that they must possess the ability to decrypt encrypted data and communications. In the absence of key escrow, key recovery, or trap door requirements that ensure shortcuts to this decryption, law enforcers must resort to other methods.

Ironically, the arguments used by law enforcers also include evidence of their ability to use these methods to decrypt communications. When advocates of encryption regulations present their case to Congress, the press, and the public, they usually cite several sensational cases in which encryption was used by criminals to protect their information. While these cases do substantiate claims that encryption can be used to protect horrible crimes, they also illustrate how law enforcement can effectively deal with encryption. The three most often used examples of this are:

The World Trade Center Bombing In 1995, law enforcers seized a laptop computer belonging to Ramzi Yousef, a member of the terrorist organization that planned the 1994 World Trade Center bombing. Some of the computer's files were encrypted. After being successfully decrypted, the files were found to contain plans to sabotage eleven commercial aircraft operated by U.S. airlines.54

The Murder of U.S. Marines by Bolivian Terrorists. Several years ago, four U.S. Marines were assassinated by a Bolivian terrorist organization. Shortly after the murders, law enforcement authorities seized the organization's computer files as part of the murder investigation; these files were encrypted with a custom, non-commercial algorithm. With assistance from Utah's AccessData corporation, the files were decrypted in 12 hours, and the terrorists were apprehended shortly thereafter.55

The Japanese Cult "Supreme Truth" (Aun Shinri Kyo) In March, 1995, Aun Shinri Kyo killed 12 people and injured thousands more when they flooded parts of the Tokyo subway system with Sarin gas. It was later learned that, in addition to the Sarin, the cult had also developed biological weapons, other chemical weapons, and was attempting to develop nuclear weapons. The cult's efforts to ensure the secrecy of these activities included the encryption of related computer files with an RSA algorithm. Authorities decrypted these files after discovering the key on a floppy disk that had been seized as evidence.56
Two important aspects of these cases weaken the position that regulators are trying to validate. The first is that, in each case, the files were successfully decrypted and the hidden crimes averted: already, law enforcement can decrypt communications without having guaranteed access to the key. Second, not one of the criminals involved was American and two of three crimes took place abroad: export restrictions didn't prevent the acquisition of strong encryption by criminals.

Conclusion: Innovation, Not Regulation

While law enforcers argue that encryption regulations are necessary to ward off criminal threats to safety and national security, these regulations result in none of the desired benefits but all of the undesired costs. Regulations cannot prevent criminals from acquiring strong, unescrowed encryption and therefore will not give law enforcers access to the keys they want the most. Stricter encryption regulations would, however, not only make the information of U.S. businesses and individuals more vulnerable, they also would affect the competitive ability of U.S. encryption manufacturers. These facts inevitably leave policy makers asking the following question: If regulation is not the solution, then what is?

Innovation. Just as industries can respond creatively to government regulations, the police and other public agencies can respond creatively to developments in the private sector.

Encryption exemplifies this idea. Private sector needs are leading to the widespread proliferation of strong encryption. As this proliferation empowers criminals, law enforcers can respond with innovative, non-regulatory solutions. They can acquire more powerful computers, partner with data security firms to devise new ways to decrypt communications, and devise new, more efficient search methods. As section IV-d illustrates, previous cases have demonstrated that such innovation can occur successfully and in the absence of further regulation.

While an innovation-based approach is less tangible than overt regulation, it would be less costly and more effective. Businesses and individuals would be freed from the costs of encryption regulations. Contrary to the vast majority of most existing government policies, a deregulated approach would apply market forces to public agencies and force them to identify and understand upcoming problems and devise the most effective solutions to those problems.

If the information age is to prosper, this approach must be carried beyond encryption and into all areas of technology policy. As the rate of technological advancement increases, policy makers are going to be faced with a myriad of unforeseen circumstances and issues that they will perceive as problems. Regulatory solutions to these problems will inevitably seal off opportunities for businesses and individuals that could have otherwise been explored. Non-regulatory, innovation-based approaches, however, would leave all opportunities available while still allowing for an effective and appropriate government response.

Ensure the ability of U.S. firms and individuals to protect their information.

Allow U.S. firms to compete in the international market for encryption products and products that use encryption.

Maximize the ability of law enforcers to respond to the use of encryption to protect criminal acts.

With these goals in mind, the only effective policy would eliminate encryption regulations altogether. The free market would be highlighted, the costs of regulation would be prevented, and all parties would still have the opportunity to be better off. This free-market "policy" would:

Ensure maximum information security for firms and individuals. As technology advances and even more information becomes computer-based, criminals will devise new ways to steal and decrypt stored data and electronic communications. If encryption regulations were eliminated, encryption of any strength could be freely manufactured, distributed, and used, both domestically and internationally. This would allow firms and individuals the best chance to outgun criminals in the battle over information security, and consequently ensure the information security necessary for an electronic commerce-driven information age to prosper.

Prevent the costs that regulations impose on businesses, citizens, and national security. U.S. firms would be free to compete in the international marketplace. Businesses and individuals could purchase and use unescrowed, unrecoverable encryption of any strength.

Would NOT make it substantially easier for criminals to acquire strong encryption. As illustrated throughout this paper, encryption regulations do not prevent criminals from acquiring strong encryption. Strong, unescrowed encryption can be purchased abroad, acquired over the Internet, or created from scratch.

Force law enforcement agencies to respond to criminal threats with innovations. The complete deregulation of encryption would apply market forces to government agencies and consequently force them to respond to encryption threats with innovations. Given that encryption regulations apparently do not reduce the threat of criminal use or acquisition of strong encryption, such innovation is law enforcement's only hope.

The conclusion is clear: a deregulated, free-market policy can accomplish what encryption regulations cannot. Until regulation advocates recognize this fact as truth, policy makers will continue to march forward carrying policy proposals that not only threaten U.S. businesses and citizens, but the future itself.

Already important, this realization will be even more critical in the future. As telecommunications and the Internet blossom into an ever more integral part of the economy and society, policy makers will face many technology policy quandaries similar to encryption. These problems will defy regulation and call for innovative new governing strategies and solutions. Only free market policy approaches will promote the most effective innovation. By harnessing market forces, these approaches will empower individuals, businesses, and government agencies by leaving them unencumbered and limited only by the rule of law.

The Security and Freedom Through Encryption Act: Not A SAFE Haven

Initially co-sponsored by Representatives Bob Goodlatte (R-VA) and Joe Lofgren (D-CA), the Security and Freedom Through Encryption Act (HR 695) moves towards the prohibition of key escrow/key recovery requirements while significantly relaxing export controls. As the bill that best meets the computer industry's demand for freedom, the Security and Freedom Through Encryption Act (SAFE) has been the subject of much debate. On the industry side, SAFE has received the support of a broad coalition of companies, associations, think tanks, and user groups, including the Software Publisher's Association, the Information Technology Association of America, the Business Software Alliance, the Security Industries Association, and Americans for Tax Reform.57 Not surprisingly, the bill has received a nearly equal amount of opposition from the national security establishment and the Clinton administration. As a result, SAFE has emerged from the committee review process in a variety of amended forms which, at this point, seem unreconcilable, despite the fact that SAFE has received the sponsorship of over 250 members of the House, including 158 Republicans and 92 Democrats.58

While the amendments will warrant later discussion, it is first necessary to examine the bill's original text. SAFE proposes a variety of changes in encryption policy, and these changes can be broken down into three categories:

Domestic Controls: SAFE proposes measures that, to a limited extent, protect the rights of citizens within the U.S. to manufacture, use, and distribute encryption of all types and strengths. The bill guarantees the free manufacture, distribution, and use of encryption hardware and software, regardless of key length or algorithm type. The bill also takes aim at a prohibition on mandatory key escrow when it states that "No person in lawful possession of a key to encrypted information may be required by Federal or State law to relinquish to another person control of that key", a provision that is not as watertight as its advocates claim.

Export Controls: SAFE would ease, but not abolish, the current restrictions on the export of encryption hardware and software. The bill would allow encryption hardware of any strength to be exported so long as other products of comparable strength are already available from a foreign supplier. Encryption software of any strength could be exported so long as the strength of such software is already "generally available" on the international market. The freedom to export strong software would end, however, if there was evidence that the software would be "diverted to military or terrorist use."

Criminalization: SAFE would make it illegal to use encryption for criminal purposes such as protecting information and communications associated with the commission of a crime.
By easing export restrictions and protecting certain freedoms associated with encryption in the United States, encryption policy under SAFE would be more free than existing policy. If enacted, however, the bill would neither ensure protection from key escrow-related systems nor bring about the free-market policy environment that is necessary to ensure maximum benefits to all parties. There are substantial weaknesses in each of the three policy categories that the bill addresses:

Domestic Controls: The domestic policy outlined in SAFE possesses two fundamental flaws that could be easily exploited by policy makers seeking expanded government access to encrypted data and communications.
The first flaw concerns the government's ability to require manufacturers to install recovery features into encryption products. The past has seen many quiet policy proposals that would require encryption manufacturers to equip their products with recovery features that users could turn on or off. While any such requirements would seem harmless at first, they would lay the groundwork for a future measure requiring all recovery features to be turned on, which would equate to a system of mandatory key escrow. SAFE does not prevent this threat.

The second threat is more troubling. While SAFE prohibits laws requiring an encryption user to "relinquish to another person control of that key," the claim that this amounts to a prohibition of mandatory key escrow, mandatory key recovery, or government imposed trap-door systems is false. The key word is "control": key escrow, key recovery, and trap door systems do not relinquish control of a key, they only guarantees access to a key. These systems, therefore, could still be allowable under this provision. When combined, these two flaws in SAFE reveal that the bill does not offer significant protection against the threat of government-imposed recovery systems. Future legislation could still require voluntary or mandatory key escrow-related systems. Under SAFE, the threat of domestic encryption controls would not be averted.

Export Controls: SAFE would not only continue to limit the export of encryption products, it also would give legislators substantial leeway to re-establish strict controls in the future.
SAFE would not make exports free. If implemented, the bill would only allow the export of a product so long as a similar product is already available outside of the United States. While this is a considerable improvement over current policy, it remains a costly restriction: U.S. firms are prohibited from introducing new products into international markets. This prohibition favors foreign competitors by allowing them to establish their products within a market before U.S. firms are allowed to compete. International encryption markets, therefore, could potentially be cornered by foreign firms before U.S. products are allowed across the border.

More troubling is SAFE's declaration that export freedoms could end if evidence arises that U.S. encryption software is being used by foreigners for criminal or military purposes. Because such uses are virtually inevitable, it seems as though it would be only a matter of time before strict export restrictions were re-imposed. SAFE, therefore, does not provide U.S. firms with long-term protection against encryption export restrictions.

Criminalization. The criminalization of use of encryption for criminal purposes is naÑve and innocuous. The aim of this provision is to deter criminals from using encryption to protect their data and communications. It seems unlikely, however, that these criminal penalties would outweigh the incentives for criminals to use encryption to protect their data and communications. A person already willing to commit a crime in spite of the law seems unlikely to modify their behavior in response to new, relatively minor criminal penalties.
Because of the flaws in each of SAFE's three primary categories, the bill does not offer significant, long-term protection of the commercial or privacy interests of businesses and individuals. SAFE provides strong protection against domestic strength ceilings but does not effectively prohibit the future implementation of a key escrow-related system. While SAFE relaxes export controls, it still hinders the entry of U.S. encryption products into foreign markets while leaving policy makers with the opportunity to re-impose strict controls in the future. SAFE would not guarantee the free market environment that would be most beneficial to all parties.

Despite these weaknesses, SAFE has been embraced as a cure-all by the computer industry and those aligned with its interests. Opposition to the bill has fallen along the standard lines. The debate between these interest groups came to a head during the committee review process and consequently manifested itself in the form of five of different versions of the bill. A brief examination of each of these versions provides insight into the debate.

The House Judiciary Committee-Version #1

On May 15, 1997, the House Judiciary Committee made only minor changes before approving a version of SAFE that remained true to the intent of the original text.

The House International Relations Committee-Version #2

On July 23, 1997, the House International Relations Committee approved the original text without amendment. The approval came after an intense debate over an amendment, offered by Representative Ben Gilman (R-NY), that would have allowed the manufacture, use, and distribution of encryption only if the encryption permitted real-time decryption of communications.

The House National Security Committee-Version #3

The House National Security Committee approved a radically altered version of SAFE on September 9, 1997. The altered version includes an amendment, co-offered by Curt Weldon (R-PA.) and Ronald Dellums (D-CA.), that eliminates the bill's export provisions. Instead of relaxing export restrictions, the amendment maintains current export policy by allowing the President to continue imposing strength ceilings on those wishing to export encryption. These ceilings would be subject to annual review.

The House Intelligence Committee-Version # 4

On September 11, 1997, the House Intelligence Committee dealt a severe blow to SAFE's passage when its members passed a version of the bill that includes key access requirements. Under the amendment, which was offered by Committee Chairman Porter Goss (R-FL.) and ranking Democrat Norm Dicks (D-WA.) encryption programs would be required to contain functions that guarantee immediate access to encrypted data and communications. This requirement would go into effect immediately for products intended for export, and in the year 2000 for products intended for domestic sale and use.

The House Commerce Committee-Version # 5

The House Commerce Committee approved a relatively pure version of SAFE on September 24, 1997 - with one interesting amendment. The amendment, offered forth by Rick White (R-WA) and Ed Markey (D-MA), calls for the establishment of a National Electronic Technologies Center. The primary function of this Center would be to collect, analyze, and disseminate information about how law enforcement can overcome the threat of criminal use of encryption. It would also research and develop new methods of analyzing and decrypting encrypted information.

Before approving the amended bill, the Commerce Committee did strike down a troubling amendment that called for mandatory key recovery. The amendment, offered forth by Michael Oxley (R-OH) and Thomas Manton (D-NY) would have required that all encryption manufactured, used, distributed in, or imported into the United States have a key recovery feature. This amendment was the subject of intense debate and earned the official, publicly stated opposition of 28 of the nation's most prominent law professors59 and more than 63 companies, user groups, and industry associations, including the Silicon Valley Software Industry Coalition, the National Association of Manufacturers, the Online Banking Association, and the IBM Corporation.60

Conclusion

The differences between the amendments illustrate the distance that remains between the two sides of the debate over U.S. encryption policy. The "pure" versions of the bill approved by the judiciary, international relations, and commerce committees represent the industry side of the debate - those who wish to leave domestic encryption unfettered while easing restrictions on the export of encryption. The National Security Committee and Intelligence Committee versions obviously represent the standpoint of those who seek to use key escrow and related regulatory mechanisms in an attempt to prevent the proliferation of unreadable, unbreakable encryption by criminals and/or terrorists.

Perhaps the most encouraging of these amendments is the one approved by the Commerce Committee. While this version does not take steps to ensure an absolute free-market environment, the creation of a National Electronic Technologies Center is encouraging because it represents a willingness to seek different, non-regulatory solutions to the problem of the use of encryption by criminals. This willingness is the basis of the approach outlined in sections IV and V of this paper and, if it were to permeate government culture, would lead to a technology policy that would be more likely to satisfy the needs of all parties involved. Such a policy, however, at this point seems unlikely, given the apparent difficulty of reconciling the different versions of SAFE as well as the alarming provisions of the Secure Public Networks Act, currently awaiting approval in the Senate.

The Secure Public Networks Act

As co-sponsors of the Secure Public Networks Act (SPNA), Senators John McCain (R-AZ) and Bob Kerrey (D-NB) have offered forth a bill that would bring about the antithesis of a free-market encryption policy. The SPNA would not substantially ease export restrictions, would introduce new criminal statutes that are just as innocuous as those introduced by SAFE and, by abiding to much of the plan laid out under the Clinton Administration's Clipper III proposal, would lay the groundwork for a domestic key recovery system:

Domestic Controls: The Secure Public Networks Act mirrors Clipper III in many ways and, as a result, lays the groundwork for a domestic, nationwide key recovery system. Though the act does contain a provision that specifically prohibits the U.S. government from requiring key escrow, this provision is rendered moot by the Key Management Infrastructure (KMI) that the bill proposes.
As in the Clipper III proposal, the Secure Public Networks Act would set up a nationwide system of agencies with the intention of preventing identity fraud on the Internet. The agencies, known as Certificate Authorities, would issue certificates that verify people's digital signature. The initial version of the bill required participants in this system (those wishing to possess certificates as well as those wishing to receive information from others possessing these certificates) to use encryption programs that possess key recovery features and to register their keys with "key recovery agencies." The current draft eliminates this connection.

Despite this change, the SPNA's key recovery requirements remain substantial. The bill would mandate that key-recovery systems be used by anyone who uses networks that are constructed or maintained using government funds. These networks include most university networks as well as the Internet II project. In addition, the bill requires that all encryption products purchased and/or used by the U.S. government possess key recovery features.

These provisions are extremely troubling. While the SPNA is careful to emphasize that participation in its proposed system is voluntary, and that law enforcers would be required to obtain a court order before being permitted access to a user's keys, the bill amounts to an effort by the government to exert monopoly control over cyberspace and consequently force computer users into using encryption programs that possess key recovery features. Because of the government's vast purchasing power and its plans to contribute resources to the development of new networks the SPNA would effectively funnel computer users into avenues where they would be forced to give up their keys. This would result in an electronic environment that would be far less secure than an environment dominated by unescrowed, unrecoverable encryption. For an in-depth discussion of the information vulnerabilities associated with such an environment, see Section IV-b.

Export Controls: The SPNA would not make exports free. Instead, it would hinder the export of unescrowed, unrecoverable encryption while promoting the export of encryption that possesses key recovery features. In addition, policy makers would be given leeway to impose stricter export restrictions in the future.
This analysis is substantiated by the bill's three key export provisions. First, the bill would allow the export of unrecoverable products only after these products have received the explicit approval of a 12-member advisory board (8 members of which are industry representatives) and the tacit approval of the President, who would retain veto power over the board's decisions. Second, encryption products with key recovery features could be freely exported, regardless of their strength. Third, the federal government would retain the right to ban the export of particular products if evidence were to arise that those products had been used in acts against the national security of the United States or the personal safety of its citizens.

These three provisions would hinder the competitive ability of U.S. firms while allowing for strict future controls. U.S. firms would likely be prohibited, either by the advisory board or the President, from exporting strong, unrecoverable encryption. As a result they would be required to either partner with a foreign encryption manufacturer, export recoverable products, or both. In either case, U.S. firms would lose sales to foreign firms that are not bound by U.S. regulations. The best case scenario under the SPNA, therefore, means lost sales for U.S. firms, which translates into fewer jobs for U.S. workers.

The worst case scenario depends on the willingness of policy makers to impose stricter export restrictions in the future. Because encryption programs will almost assuredly be used by criminals, and because the definition of "national security" is so nebulous, it seems likely that policy makers will possess the evidence that is necessary under the SPNA to prohibit the export of particular products. Should policy makers choose to enact broad prohibitions, U.S. firms could be entirely frozen out of the international encryption market.

Criminal Provisions: In addition to provisions that outlaw the use of encryption to plan or carry out crimes, the Secure Public Networks Act would criminalize a host of activities. These revolve around the illegal seizure, theft, or distribution of keys, either by law enforcers, agents associated with the KMI, or private citizens. Such provisions make law enforcers, as well as KMI agencies, liable for actions that would illegally compromise the information security of those computer users who participate in the system. While this liability does introduce a counter-incentive to the incentive to steal the keys to valuable information, it does not diminish the substantial effect that the vulnerabilities inherent in the KMI will likely have on overall information security or the future of electronic commerce.
Conclusion

Despite the fact that the SPNA's advocates present it as a positive reform, the bill would make the manufacture, distribution, and use of encryption less free. The KMI would drive non-criminal users of encryption into a government managed infrastructure. As the Clinton proposals and the unamended version of the SPNA prove, key policy makers have already shown their willingness to use this infrastructure not only as a vehicle of government oversight but also as a mechanism to impose recoverable encryption on all users.

The bill's export provisions also point toward further erosion of free commerce. Past policy proposals by the Clinton administration and the national security establishment exhibit an existing willingness to place national security interests above commercial interests. There is every reason to believe that this anti-business prejudice will continue in the future and consequently lead to vast prohibitions on the export of encryption.

Conclusion

Neither the Security and Freedom Through Encryption Act nor the Secure Public Networks Act would bring about the free market policy and commercial environment that is necessary if electronic commerce, information privacy, and legal responses to computer crimes are to flourish. While SAFE would make encryption policy more free, it is a weak measure that does not prevent further intrusion by the government into business and privacy. The SPNA would lay the groundwork for this intrusion by making encryption policy less free. If the information age is to reach its potential, these measures must be abandoned in favor of new measures that would deregulate the manufacture, use, and distribution of encryption entirely.

3 Lance Hoffman, Faraz A. Ali, Steven L. Heckler, Ann Huybrechts, Cryptography Policy, Communications of the ACM, Volume 37, Number 9 (September, 1994), p. 109.

4 According to Winn Scwartau, executive director of Interpact, as reported by Jill Gambon in The business of security, Information Week, April 10, 1995, p. 64

5 The National Research Councils Committee to Study National Cryptography Policy, Cryptography's Role in Securing the Information Society, section 4:3, p. 25.

6 PR Newswire, GTSI Announces New Electronic Commerce System for Government Use, April 4, 1995.

7 Adrienne Fox, Was the Internet overhyped?, Investor's Business Daily, October 10, 1997, p. A1.

8 Juliana Gruenwald, "Congress, uneasy with nets ways, wants laws," San Diego Union Tribune, February 10, 1998, p. 4.

9 Ibid.

10 The National Research Councils Committee to Study National Cryptography Policy, "Cryptography's Role in Securing the Information Society" (Washington, D.C.: National Academy Press, 1996), Kenneth W. Dam and Herbert S. Lin, Editors, Chapter 4, p. 30. Available: http://www.nap.edu/readingroom.

11 A. Michael Froomkin, "The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution," p. 4. Originally published at 143 University of Pennsylvania Law Review, #709 (1995.) Now available at: http://www.law.miami.edu/~Froomkin.

12 Ibid.

13 The United States Department of Commerce and the National Security Agency, A Study of the International Market for Computer Software With Encryption," (Washington, D.C.: The United States Department of Commerce, 1995), p. III-6.

14 Peter H. Lewis, "Gore Preaches, and Practices, the Techno-gospel", New York Times, January 17, 1994, p. D1.

15 Marlene Cimons, "Gore Calls for More Efforts to Link Schools to the Internet,"Los Angeles Times, June 30, 1996, p. A18.

16 The PresidentÕs Information Infrastructure Task Force, "A Framework For Global Electronic Commerce," (Washington, D.C.: The National Institute of Standards and Technology), July 1, 1997, pp. 1-2. Available: www.iitf.nist.gov/eleccomm/ecomm.html.

17 Remarks by the President in Announcement of Electronic Commerce Initiative, from the East Room, July 1st, 1997. Available: http://www.whitehouse.gov.

18 Mark Stephens, "Clinton team to review security policy," Infoworld, December 7, 1993, p. 1.

19 According to a survey conducted by the Business Software Alliance as cited in: The United States Department of Commerce and the National Security Agency, "The International Market for Computer Software With Encryption," p. III-6.

20 See Matt Blaze, "Protocol Failure in the Escrowed Encryption Standard," in Lance J. Hoffman, ed., "Building in Big Brother," (Berlin, Germany: Springer-Verlag, 1995).

21 Jeff Ubois, "Encryption plan has scary consequences," MIDRANGE systems publication, October 27, 1995, p. 28.

22 The Interagency Working Group on Cryptography Policy, "Enabling Privacy, Commerce, Security, and Public Safety in the Global Information Infrastructure," (Washington, D.C.: Office of Management and Budget, Executive Office of the President), May 20, 1996, p. 7. Available: www.cdt.org.

23 Kevin Power, "Council tells administration to back off its encryption policy," Government Computer News, June 10, 1996, p. 3.

24 Kevin Power, "Key Plan Gets Industry Support", Government Computer News, November 4, 1996, p. 54.

25 John Markoff, "Compromise is Offered on Computer Security Codes", New York Times, October 2, 1996, p. D1.

26 Trusted Information Systems and the Software Publishers Association, in conjunction with Dr. Lance Hoffman of the George Washington University, "A Worldwide Survey of Cryptographic Products," available: www.tis.com/research/crypto/crypt_surv.html.

27 Ibid.

28 Information gathered from a variety of news reports, including: Julia Angwin, "Sun exploits loophole in encryption ban," San Francisco Chronicle, May 20, 1997, p. C1; John Fontana, "Sun Crypto Skirts Feds - Imported 128 bit technology sidesteps U.S. regulations, Communications Week, 5/19/97; Michael Kanellos, "Nyet to Uncle Sam: Sun finds loophole to cryptography ban - Sun signs deal with Russian Company", Computer Reseller News, June 9, 1997.

29 Newsbytes News Release, June 4, 1996

30 Gail Kolatam, "100 Quadrillion Calculations Later, Eureka!," New York Times, April 27, 1994, p. A13.

31 RSA Press Release, "Government Encryption Standard Takes a Fall," June 18, 1997. Available: www.rsa.com/pressbox.

32 RSA Press Release, "RSAÕs Secret-Key Challenge Solved by Distributed Team in Record Time," February 26, 1998. Available: www.rsa.com/pressbox.

33 A. Michael Froomkin, "The Metaphor is The Key," p. 10.

34 Ibid.

35 Lance Hoffman, Faraz A. Ali, Steven L. Heckler, Ann Huybrechts, "Cryptography Policy," Communications of the ACM, Volume 37, Number 9 (September, 1994), p. 109.

36 According to Winn Scwartau, executive director of Interpact, as reported by Jill Gambon in "The business of security,"Information Week, April 10, 1995, p. 64.

37 The National Research Councils Committee to Study National Cryptography Policy, "Cryptographys Role in Securing the Information Society," section 4:3, p. 25.

38 The United States Department of Commerce and the National Security Agency, "A Study of the International Market for Computer Software With Encryption," pp. III-7 - III-8

39 Ibid.

40 The National Research Councils Committee to Study National Cryptography Policy, "Cryptographys Role in Securing the Information Society," section 4.4, p. 31.

41 Ibid.

42 The National Research Councils Committee to Study National Cryptography Policy, "Cryptographys Role in Securing the Information Society," section 4.4, pp. 30-31.

43 A. Michael Froomkin, "The Metaphor is the Key," p. 8.

44 Ibid.

45 Testimony by William R. Crowell before the House National Security Committee, July 30, 1997.

46 Testimony by FBI Director Louis Freeh before the Terrorism, Technology, and Government Information Subcommittee of the Senate Judiciary Committee, September 3, 1997.

47 With the exception of the Clinton administration, these groups are listed in the Congressional Record, 10/28/97, p. E2108. The Clinton administrationÕs position has been delineated by the policy proposals it has advanced since 1993.

48 Dorothy Denning and William Baugh Jr., "Encryption and Evolving Technologies: Tools of Organized Crime," (Washington, DC: The National Strategy Information Center, 1997), pp. 1-2.

49 Denning and Baugh, Jr., p. 12.

50 Ibid.

51 Denning and Baugh, Jr., p. 13.

52 Ibid.

53 Denning and Baugh, Jr. p. 14.

54 Denning and Baugh, Jr., pp. 6-7.

55 Denning and Baugh, Jr., p. 5.

56 Ibid.

57 September 10, 1997 joint letter sent to Congressman Thomas J. Bliley. Available: http://www.cdt.org/crypto/legis_105/SAFE/9709_house-ltrs.html.

58 Newsbytes News Release, "McCain, Kerrey Seek Encryption Compromise," March 5, 1998. back

59 Letter sent to Representative Thomas J. Bliley, Jr., Chairman, House Commerce Committee, in opposition to the Oxley-Manton Amendment. Available: www.cdt.org/crypto/legis_105/SAFE/97023_profs.html.

60 Letter of opposition sent by industry representatives to Thomas J. Bliley. Available: www.cdt.org/crypto/legis_105/SAFE/970922_OxlMan.html.