Commentary

The U.S. Government’s Encryption Policy Dodge

By Solveig Bernstein
September 11, 1996

Faced with overwhelming opposition to one of its domestic policies, the U.S. government may be trying to use an international agency — the Organization for Economic Cooperation Development (OECD) — to turn an unpopular proposal into a nearly inescapable political reality. Such a venture would be unlikely to succeed; the policy in question is a bad one, and the OECD is unlikely to go along with it. Meanwhile, the government’s stubborn refusal to back down threatens to cause substantial losses to the U.S. economy. It is time for Washington to abandon its misbegotten policy and seriously address the concerns of its domestic critics.

At issue is digital encryption. Encryption is a way to encode computer files so that only someone with access to a secret “key” can read them. Encryption can protect computer systems and intellectual property from industrial spies and malicious hackers. It is also vital to the future of business on the Internet and online services, since it protects consumers when they enter credit information. Someday digital encryption may be the technology that creates a whole new form of electronic money.

But the U.S. government is strangling the electronic commerce goose before it lays any golden eggs. The government now restricts the export of strong encryption, fearing that terrorists will obtain access to it. But those export restrictions will not keep strong encryption out of the hands of terrorists, since the technology is available worldwide. If U.S. companies are forbidden to satisfy the worldwide demand for encryption, companies based in other countries will.

Japanese companies are poised to seize the lead. A consortium has just introduced two computer chips that can be used to provide very strong encryption. Those chips are sold worldwide. The project has the blessing of the Japanese government, which accepts that law enforcement can work without electronic spying — the Japanese constitution prohibits wiretapping.

Washington recognizes that its present policy is untenable. It now proposes to allow exports of encryption only if the decoder keys are given to escrow agents, so the government can get the keys easily. Furthermore, the government seeks to have domestic users of encryption escrow their keys by prohibiting participation in an approved encryption system without escrow; presently, domestic use of encryption is not regulated.

Key escrow is not acceptable to the user community, which fears the government will abuse the keys. And software companies know they could never sell encoding software to companies abroad if the purchasers knew the code could be read by the U.S. government. Would you put your trade secrets in a vault if you knew that foreign governments had access to the key?

That is the plan that Washington is now advocating at the OECD. If the OECD accepts Washington’s proposal, legislators and industry in the United States will find it hard to ignore. Technically, OECD recommendations are nonbinding. However, the OECD is extremely influential. Congress is more likely to be persuaded to support key escrow if it sees other governments accepting the policy. And, as a practical matter, U.S. companies would be unable to disregard software standards adopted in global markets.

The government’s interest in controlling the outcome of the OECD’s deliberations is a testament to the strength of the OECD’s influence. The U.S. representatives at the OECD primarily represent the views of law enforcement, not a cross-section of opinion in the United States.

Fortunately, the other countries represented at the OECD are unlikely to blindly follow the lead of the U.S. representatives in this matter. The primary purpose of the OECD is to develop policies that will facilitate economic growth, not the goals of law enforcement.

While the U.S. government probably can’t use the OECD to get around domestic opposition to the key escrow scheme, the attempt is significant. The irony is this: The government claims that we can trust it not to abuse a key escrow system. But its willingness to downplay business and privacy concerns in the OECD shows that users simply cannot trust government to represent their interests.

Solveig Bernstein is assistant director of telecommunications and technology studies at the Cato Institute.