Sen. Dianne Feinstein, D-Calif., recently brought leaders of the computer industry to Washington, D.C., to meet with Attorney General Janet Reno and FBI Director Louis Freeh to see if there was any way to resolve the ongoing dispute over U.S. encryption policy. After meeting with Bill Gates of Microsoft, Jim Barksdale of Netscape and Steve Case of America Online, the meeting reached what has become a predictable conclusion in this debate -- no progress was made.
While Gates called the meeting "a good exchange," he added, "there wasn't an agreement to change any position." Feinstein's comments were a bit more hopeful. "I think both sides did listen," she said. "I think some seeds for possible approaches were developed, and we'll see what happens with them."
But Dave Banisar, staff counsel at the Electronic Privacy Information Center (EPIC) and co-author of The Electronic Privacy Papers, a comprehensive look at the encryption debate, noted, "there's no serious possibility of an agreement being reached that would satisfy all sides of this. There is no easy solution, no such thing as a win-win on this."
The debate on the use of strong encryption has been going on at least since the beginning of the Clinton administration. It is an issue of extreme importance to the high-tech industry, which generally would like to see no restrictions on the export and use of encryption programs. But the law enforcement and intelligence communities hold just as passionately to a position that, if not directly opposite that of industry, calls for restrictions that are totally unacceptable.
Ever since the "Clipper Chip" proposal at the beginning of the Clinton administration, the government's position has been that encryption programs must contain some kind of "key escrow" -- a mechanism by which a third party, such as a law enforcement agency, could decode encrypted messages pursuant to a court order. It is a situation that has been characterized as allowing a third party to hold the key to your safe-deposit box, and it is totally unacceptable to industry and privacy advocates.
At a press conference held by the Business Software Alliance, a group representing high-tech companies, Novell Chairman Eric Schmidt observed, "This encryption thing is turning out to be a real crisis. It's killing the American industry."
Just how complicated resolution of these issues is was clear at EPIC's recent Cryptography and Privacy Conference in Washington. Gathered in a hotel auditorium were many of the world's leading experts in this area, along with government officials from the United States and abroad.
The current legislative solution to the problem was presented by Rep. Bob Goodlatte, R-Va., and Sen. Conrad Burns, R-Mont., who are sponsoring bills in both housesof Congress to allow for the unrestricted export of unbreakable encryption programs.
Goodlatte rejected the government's argument that unbreakable encryption would lead to catastrophic problems for law enforcement since it would not be able to obtain documentary evidence of criminal wrongdoing if it were encrypted in such a way that it could not be decoded. Instead, he pointed out that unbreakable encryption would prevent far more crime than it would foster, and companies and individuals would be able to send sensitive electronic files over the Internet without fear that the files would be read and used by unauthorized third parties.
Perhaps one of the most interesting aspects of the current situation is the question of whether the key-escrow concept promoted by the government is technologically possible. A panel that included Matt Blaze of AT&T Labs and Bruce Schneier of Counterpane Systems -- Banisar's Electronic Privacy Papers co-author -- suggested that keeping track of all necessary keys and allowing access only to authorized third parties was not so easy. They indicated that not only would keys that