ROANOKE TIMES Copyright (c) 1996, Roanoke Times DATE: Wednesday, September 25, 1996 TAG: 9609250042 SECTION: EDITORIAL PAGE: A-9 EDITION: METRO SOURCE: KENNETH W. DAM AND HERBERT S. LIN
IN AN INFORMATION age, the ability to keep information private is more than a luxury. It is vital for businesses that want to protect proprietary and other sensitive information, for individuals who want to maintain the privacy of their communications, and for electronic commerce over the Internet. Yet current federal policy impedes the efforts of the private sector to ensure the security of information.
One of the most effective tools for keeping information secure is encryption - converting messages into a string of letters and symbols that cannot be deciphered without a "key" that breaks the code. For example, cellular phone calls that are encrypted cannot be intercepted and understood by third parties. Companies use encryption to shield proprietary information from competitors, from criminals, and from foreign governments conducting economic espionage. Governments encrypt information to keep it from falling into the hands of adversaries.
The problem is that making encryption more available to businesses and law-abiding citizens also makes it more available to parties that are hostile to public safety and national security. Drug dealers and terrorists can use encryption to shield their communications from law-enforcement officials. National-security agencies worry about foreign groups using encryption to disguise their efforts to build or use nuclear weapons. These are legitimate objections to the more widespread availability of encryption, and they have made the topic highly controversial.
Today the federal government makes it difficult for U.S. companies to sell products with strong encryption capabilities in other countries. Companies claim that such products are available from foreign vendors, undermining the international competitiveness of the U.S. information-technology industry.
In addition, the federal government has been aggressively promoting a technology known as escrowed encryption, which would require private users of encryption to place the key to encrypted messages "in escrow" with a third party so that government authorities with proper legal authorization can read those messages. But many individuals and companies in this country and abroad are unlikely to accept a form of encryption where a third party holds a key. And many concerned about civil liberties fear that escrowed encryption would give the government unprecedented and unwarranted capabilities to intrude into private lives.
Disputes over these issues have become so heated that one government official has referred to encryption as the Bosnia of telecommunications policy, where stakeholders take positions that polarize rather than reconcile. But consensus is not impossible. We recently were involved with a National Research Council committee representing a wide range of interests, and the committee came to a strong consensus on a national cryptography policy appropriate to the information age.
We concluded that the benefits of the widespread use of encryption outweigh the costs. Encryption can support as well as harm law enforcement and national security. It can protect nationally important computer networks and systems from electronic attack. Individuals and companies can use encryption to reduce financial crimes and economic espionage.
The committee recommended that export controls on encryption technology be progressively relaxed, though not eliminated. This would strengthen the market positions for U.S. companies operating abroad while also significantly improving information security.
We also argued against the forced use of escrowed encryption. It is an interesting and promising technology that may prove valuable in the future. But today it is unproven and has potentially serious liabilities. Government should experiment with escrowed encryption for its own uses, providing a base of experience if deployment on a wider basis proves desirable.
Government officials sometimes contend that classified information reveals the necessity of keeping tight reins on encryption. But 13 of the 16 committee members attended classified briefings, and all remained convinced of the need for greater use of encryption. Moreover, the committee agreed that national cryptography policy can and should be developed through open public discussion, not behind closed doors. Only through such an open process will it be possible to achieve the national consensus that is needed.
Technology has always been a two-edged sword. Encryption can be used to serve or to harm society - and it will no doubt be used for both purposes by different groups. But over the long run its widespread use is inevitable and, on balance, desirable. The overall interests of the nation would best be served by a policy that fosters a judicious transition toward the broad use of encryption.
Kenneth W. Dam, a law professor at the University of Chicago and a former deputy secretary of state, recently chaired the National Research Council's Committee to Study National Cryptography Policy. Herbert S. Lin was study director for the committee.
LENGTH: Medium: 89 lines ILLUSTRATION: GRAPHIC: GARY VISKUPIC/Newsdayby CNB