Don't Give Federal Cops E-Mail Keys

Article excerpt

Like the ghoulish cryptkeeper in the TV series Tales From the Crypt, the Clinton administration's flawed cryptography policy refuses to die. Recently, though, the administration has attempted to mandate its policy by fiat. When Congress returns early next year, overturning this bad decision should be the first order of business.

Administration sources have said the president likely will sign an executive order jump-starting the administration's new encryption policy over the strenuous objections of the computer industry and Congress.

U.S. companies only can export programs with "40-bit" key lengths. A "key" is used to close or open, encrypt or decrypt digital data. The longer the key, the better. Think of Passwords. A snooper would have an easier time breaking into your computer or reading your E-mail if the password were "Tom" than if the password were all the letters in the "Star-Spangled Banner" strung together.

The administration's plan allows a company to export "56-bit" key-length software for two years, provided that the company is approved by the Commerce and Justice departments. The company must tell Commerce its plan to implement "key recovery" in its products so that the FBI and other law-enforcement agencies win be able to decode the information.

Encryption is not just an issue for computer jocks: It is used in the manufacture of everything from World Wide Web browsers to cellular phones. As Internet commerce grows, more people will rely on encryption to protect personal data such as credit-card numbers.

This new initiative recalls the administrations previous efforts to push "snooper" technology: its campaign to have computer companies use the "Clipper" encryption chip (see Symposium, Oct. 24, 1994) - deemed safe by the government but cracked by hackers, elicited guffaws as well as grimaces from the industry.

What foreign individual, corporation or government will buy U.S. software if U.S. agencies can decrypt their data or read their Internet traffic? U.S. companies know that a key recovery system, even if it could be implemented effectively, puts them at a disadvantage worldwide.

The Business Software Alliance, a coalition of high-technology companies, says that more than 500 foreign-encryption programs are available from 21 countries, and more are being created every minute. Japanese companies such as Nippon Telephone and Telegraph - the world's largest telecommunications firm - are poised to take control of the worldwide market for digital cellular-phone encryption. …