WASHINGTON-President Clinton has threatened to repeal a key provision of the administration’s new encryption policy if it determines that legislation undercuts security safeguards, a move one prominent Republican telecom lawmaker believes is intended to derail his bill to liberalize scrambling technology exports.
In a memorandum accompanying Clinton’s Nov. 15 executive order on encryption policy, the president said, “if adequate controls on encryption products cannot be maintained under a new statute, then such products shall … be designated as defense articles.”
To do so would subject encryption software to State Department oversight that is stricter than it is for the commercial products that the Commerce Department is now responsible for licensing.
Matt Raymond, a spokesman for Sen. Conrad Burns (R-Mont.), accused Clinton of trying to “broadside” legislation sponsored by the lawmaker that would go further than the White House in relaxing encryption exports and would not require a key recovery mechanism.
Raymond said Burns, who is in line to chair the Senate communications subcommittee, will likely reintroduce his encryption bill next year.
Gore said the transfer of export control jurisdiction from State to Commerce, which is expected to become effective before the end of the year, and the appointment of David Aaron as special U.S. envoy for cryptography “will help promote the growth of international electronic commerce and robust secure global communications in a manner that protects the public safety and our national security.”
But while the administration fashions its position as an export policy, critics say Clinton and Vice President Gore are attempting to use the export issue to leverage a de facto encryption standard domestically that could limit wireless carriers and others to weaker-than-necessary scrambling schemes.
That’s because encryption suppliers may not want to make separate encryption products for home and abroad. By insisting on key recovery and threatening to reclassify commercial products as military products if highly liberal export legislation is passed, encryption suppliers may feel compelled to manufacture a single product line for domestic and foreign sales to keep concessions included in the president’s executive order.
In that way, the administration could establish a worldwide encryption standard with a key recovery mechanism that allows law enforcement to decode encrypted communications under a court order. But the standard created might not be the most secure one on the market.
U.S. officials say key recovery is crucial in combating drug trafficking and international terrorism. They say breaking codes is not a big problem now, but could become one in the future.
The Clinton policy of giving the FBI a role in the encryption export license application process is expected to produce added skepticism among encryption software developers and privacy advocates.
Today, there are no restrictions on domestic encryption. Until now, sales overseas of encryption of 40 bits or less were prohibited by the U.S. government.
The new policy will allow the export of non-military encryption software and hardware of 56 bits “under a general license contingent upon industry commitments to build and market future products that support key recovery.”
Instead of fighting the administration over encryption policy as many firms have done in recent years, Hewlett-Packard Co. is attempting to capitalize on government intervention by introducing a new “government-approved” encryption scheme. HP said its encryption framework is backed by the United Kingdom and France.
Clinton’s encryption policy is less restrictive than the Clipper Chip encryption scheme inherited from the Bush administration and supported initially by the president. Industry and privacy groups pressured Clinton to abandon that initiative and are not fully supportive of the new policy.