13 July 1997 Source: Mail list cypherpunks@toad.com Thanks to Bill Stafford and Robert Hettinga ------------------------------------------------------------------------- Date: Sat, 12 Jul 1997 08:58:20 -0400 To: espam@intertrader.com, e$pam From: Robert Hettinga Subject: Encryption: editoral by IBD --------------------------------------------------------------------- This mail is brought to you by the e$pam mailing list --------------------------------------------------------------------- From: Bill GL Stafford To: "dcsb@ai.mit.edu" Subject: Encryption: editoral by IBD I believe these guys are on our side. Bill GL Stafford Encryption: Keep Feds' Nose Out Of The Net ASHCROFT J. John Ashcroft is a Republican U.S. senator from Missouri and a member of the Senate Commerce Committee. Date: 7/11/97 Edgar Hoover would have loved this. The Clinton administration wants government to be able to read international computer communications - financial transactions, personal e-mail and proprietary information sent abroad - all in the name of national security. In a proposal that raises obvious concerns about Americans' privacy, President Clinton wants to give agencies the keys for decoding all exported U.S. software and Internet communications. Such a policy also would tamper with the competitive advantage that our U.S. software companies currently enjoy in the field of encryption technology. Not only would Big Brother be looming over the shoulders of international cybersurfers, he also threatens to render our state-of-the-art computer software engineers obsolete and unemployed. Granted, the Internet could be used to commit crimes, and advanced encryption could disguise such activity. However, we do not provide the government with phone jacks outside our homes for unlimited wiretaps. Why, then, should we grant government the Orwellian capability to listen at will and in real time to our communications across the Web? The protections of the Fourth Amendment are clear. The right to protection from unlawful searches is an indivisible American value. The president has proposed that American companies and computer users supply the government with decryption keys to high-level encryption programs. Yet European software producers are free to produce computer encryption codes of all levels of security without providing keys to any government authority. Buyers of encryption software value security above all else. They will ultimately choose airtight encryption programs - not those for which the U.S. government maintains keys. In spite of this obvious fact, the president is trying to foist his rigid policy on the exceptionally fluid and fast-paced computer industry. Furthermore, recent developments in decryption technology cast doubt on the wisdom of any government meddling in this industry. Two weeks ago, the 56-bit algorithm government standard encryption code that protects most U.S. electronic financial transactions, from ATM cards to wire transfers, was broken by a low-powered 90-megahertz Pentium processor. In 1977, when this code was first approved by the U.S. government as a standard, it was deemed unbreakable. And for good reason - there are 72 quadrillion different combinations in a 56-bit code. However, with today's technology, these 72 quadrillion different combinations can each be tried - it's only a matter of time and determination. Two days after this encryption code was broken, however, the Senate Commerce Committee voted, in accordance with administration policy, to force American software companies to perpetuate this already compromised 56-bit encryption system. Meanwhile, 128- bit encryption software from European firms is available to every Web user. Interestingly, European firms can import this supersecure encryption technology (originally developed by Americans) to the U.S., but U.S. companies are forbidden by law from exporting these same programs to other countries. So to move forward with the president's policy or the Commerce Committee's bill would be an act of folly, creating a cadre of government peeping Toms and causing severe damage to our vibrant software industries. Government would be caught in a perpetual game of catch-up with whiz-kid code-breakers and industry advances. Majority Leader Trent Lott, R-Miss., has signaled his objection to both proposals. He and I would like to work to bring to the floor a version of the encryption legislation by Sen. Conrad Burns, R-Mont. Burns' bill closely resembles the popular House encryption bill sponsored by Rep. Bob Goodlatte, R- Va. Both measures would not require sharing of keys with the goverment. In essence, these proposals would give U.S. encryption software manufacturers the freedom to compete on equal footing in the worldwide marketplace. They would set up a quasi-governmental board for the industry to decide encryption bit strength based on the current level of international technology. U.S. companies are on the front line of online technologies - the value- added industries of the future. The best policy for encryption technology is one that can rapidly react to breakthroughs in decoding capability and roll back encryption limits as needed. The Burns and Goodlatte proposals would accomplish this. In contrast, the Clinton administration's unnecessary and invasive interest in international e-mail is a wholly unhealthy precedent, especially given this administration's track record on FBI files and Internal Revenue Service snooping. Every medium by which people communicate can be exploited by those with illegal or immoral intentions. Nevertheless, this is no reason to hand Big Brother the keys to unlock our e-mail diaries, open our ATM records or translate our international communications. (C) Copyright 1997 Investors Business Daily