Academic journal article Law and Policy in International Business

Who Are We Protecting? A Critical Evaluation of United States Encryption Technology Export Controls

Academic journal article Law and Policy in International Business

Who Are We Protecting? A Critical Evaluation of United States Encryption Technology Export Controls

Article excerpt

When making public policy decisions about new technologies for the government, I think one should ask oneself which technologies would best strengthen the hand of a police state. Then, do not allow the government to deploy those technologies. This is simply a matter of good civic hygiene.(1)

Phillip R. Zimmermann, creator of "Pretty Good Privacy" (PGP)(2)

Thank you Mr. Chairman and members of the Committee for providing me with this opportunity to discuss with you an issue of extreme importance and of great concern to all of law enforcement, both domestically and abroad--the serious threat to public safety posed by the proliferation and use of robust encryption products that do not allow for timely law enforcement access and decryption.(3)

Louis J. Freeh, Director, Federal Bureau of Investigation


The debate on encryption export controls can be thought of as an exercise in balancing these two viewpoints. With the Internet's rise as a major medium of trade and communication, encryption has become a vital tool of electronic commerce. Unfortunately, the ability to keep electronic communications secure through encryption can also be used by criminals and terrorists to shield their activities from the prying eyes of law enforcement and national security agencies. Due to the threat to national security that encryption represents, the U.S. government has enacted strong controls on the international distribution of encryption software and hardware.

Recognizing that existing controls on encryption exports were too restrictive, in December of 1998, the U.S. Department of Commerce enacted a new set of regulations governing all U.S. exports of data encryption technology.(4) This Note examines these new regulations and concludes that, while they are a positive step forward, they do not go far enough toward striking the appropriate balance among the interests of national security, privacy, and the needs of U.S. industry.

Part II of this Note briefly summarizes the history of encryption technology and the U.S. government's regulation thereof, and follows with a detailed discussion of the newly enacted regulations. In addition, it discusses a number of international attempts to address global concerns about encryption. Part III summarizes the major scholarly and judicial criticisms of the previous U.S. export controls, including potential constitutional concerns and the regulations' effects on privacy and the domestic business community. It then discusses and criticizes the motives behind the government's persistent reliance on national security interests as justification for the regulation of encryption exports. Finally, Part IV of this Note presents critiques of the newest set of regulations, concluding that they do little, if anything, to cure the problems of the old regulations.


Encryption is a process that transforms a message into a series of encoded numbers, rendering it unreadable by anyone other than its intended recipient.(5) This Part first discusses the history and development of encryption technology and then reviews the history of the U.S. government's regulation of the use of encryption. Next, it summarizes the major changes promulgated by the Clinton Administration's new export controls governing encryption technology. Finally, it discusses international efforts to regulate encryption technology.

A. History and Development of Encryption

Cryptography has been used throughout history to create and maintain secret correspondence between individuals.(6) The earliest forms of cryptography were simple codes that merely changed each letter of a word to another letter.(7) With the advent of the computer age, encryption has become more complex and thus more secure.

There are two main categories of modern computer encryption technology: symmetric and asymmetric.(8) Symmetric cryptography is a computer-generated advancement of the earlier forms of cryptography, in that it uses the same "key"(9) for both encrypting and decrypting the coded message. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.