The Potential Threat of Dual-Use Technology
While video-game lovers around the world rejoiced at the opportunity to play W "Duke Nukem: Total Meltdown" on the newly released Sony Playstation 2, the Japanese government was preparing its case to impose export controls on the revolutionary gaming system on the grounds that it represented "a general-purpose product related to conventional weapons." The argument was straightforward the new Playstation came with a 128-bit microprocessor fast enough to humble the speediest desktop processors and a graphics card capable of such precision that it could guide a cruise missile. Fearing that hostile states and terrorist groups might use this gaming system for aggressive ends, the government passed a new law restricting exportation from Japan to no more than a few units at a time, under penalty of fines and imprisonment. Though this policy might deter some smugglers, it is difficult to imagine that any government intervention could prevent a widely-available and easily portable commercial product from reaching th e wrong hands.
The Playstation 2 problem is not unique. As the level of technological sophistication in commercial products increases, so does the likelihood that states without indigenous technological expertise will import these products and adapt them to their own ends. So-called "dual-use" commodities- including computer, aerospace, chemical, biological, and electronic devices-can be found in virtually any high-tech market, making their eventual dissemination inevitable. But because these technologies can be applied so easily to encryption, missile control, and other military projects, they pose a significant threat to the very nations that produce them. In a world where one nation's household tool is another's offensive weapon, policymakers concerned with stopping the flow of dual-use technologies to potential enemies are left with an impossible challenge.
The Encryption Debate
Political and commercial leaders alike have long faced a similar challenge in the debate over regulation of encryption-related technologies and software. The ability to intercept and analyze communications is vital to espionage, anti-terrorist, and law-enforcement operations, providing technologically-savvy countries with a strong motive to protect their own encryption abilities.
But the importance of encryption is not limited to national security. Corporations, especially e-businesses, also rely on airtight security to prevent fraud and earn public trust. This need has prompted international businesses to demand from their governments the right to use advanced encryption software and technologies, whether from domestic companies or from abroad.
Beginning in 1996, the US government tried to reconcile the interests of national security and commercial interests by establishing a 56-bit cap encryption export level. International corporations and certain financial institutions operating in foreign nations were exempt from this restriction. There was no cap on the degree of encryption that could be developed or used domestically.
Though modifications to this policy were made, any fixed standard set in the rapidly-changing world of computer science was bound to be inadequate. Within a few years, 56-bit encryption software became readily available both in foreign markets and from publicly-accessible Internet sources. Faster computers also meant that the old standard of 56-bit encryption posed far less of a challenge to code breakers than it did when the policy was implemented. In fact, while the prohibition was still in place, companies routinely employed encryption methods much stronger than those allowed for international use. The situation was further complicated by the fact that there was no international consensus on encryption export regulation. As a result, US businesses were unable to offer the same level of encryption to their international clients as businesses based in less stringently regulated countries could. …