INTERNET ISSUES - Encryption
Encryption White Paper
Computer technology has rapidly become a fundamental element of day-to-day life. Encryption is what protects computer files and communications from eavesdroppers, thieves and other criminals. It protects medical records, corporate trade secrets, data on personal buying habits, air-traffic control centers, legal documents, credit histories, hospital databases, credit card transactions, e-mail and government files.
Encryption is technology that 'encodes' computer files and communications, much like a combination lock secures a filing cabinet. Currently, Americans can purchase and use products in the United States with the strongest encryption available on the market, without providing the government with any extraordinary access to 'encrypted' information.
Internationally, however, Administration policy prohibits U.S. companies from exporting products with strong security features, limiting their encryption 'strength' to '40-bit' key. (The more 'bits,' the stronger the encryption.) This is true even though the '40-bit' limit was set in 1992, and today '40-bit' encryption is considered comparably weak. Much stronger products, up to '128 bit,' are readily available from foreign competitors in the U.S. and around the world. But U.S.-made '128-bit' encryption products, and even those products utilizing the 20-year-old '56-bit' Data Encryption Standard, are prohibited from competing in global markets unless the company presents an government approved, third party key recovery plan to be in use by January 1, 1999.
A majority in the U.S. House of Representatives has cosponsored a bill to protect the freedoms Americans currently enjoy when it comes to computer privacy and to lift restrictions on the sale of U.S. encryption products overseas. That bill is the Security and Freedom through Encryption (SAFE) Act, H.R. 695, sponsored by Reps. Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA).
The law enforcement community, however, supports keeping the current export restrictions, and some have advocated creating domestic restrictions on encryption products. They propose that users of encryption deposit "keys" to their encrypted documents with a government-approved third party, thereby allowing access to law enforcement for investigative and prosecutorial reasons. In essence, they argue that this "key recovery" would ensure that any individual, business or organization that uses encryption would be better protected from computer crime because enforcement officials would have better means by which to identify, investigate and prosecute online criminals and terrorist.