Eshoo
By ANNA ESHOO
Cyberspace is getting crowded. As millions of people discover the joys of emailing and surfing the Net, it's evolved from being the private domain of scientists and students into a dazzling part of our popular culture. Along the way, the rush to use this uniquely open and public medium ironically has created a demand for greater privacy online.
Companies now need more protection for their computer documents against electronic intruders. A recent study found that nearly 50 percent of 400 organizations surveyed experienced violations of their computer systems within the past year--some more than 1,000 times--and the leading source of illegal entry into their systems was the Internet.
Efforts to develop robust commercial trade and banking systems online also require greater privacy. Few people are going to send their credit-card numbers, Social Security numbers or bank account information over the Internet unless they're confident that their transmissions are secure.
And just as people write letters instead of postcards to keep their messages private, many email devotees are asking for better ways to shield their communications from prying eyes.
Fortunately, technology exists to improve security and privacy for those who travel the Information Superhighway. It comes in the form of encryption software that can make electronic information indecipherable to anyone lacking the right mathematical formula, or "key," to unlock the data. The more bits in a key, the harder it is for someone to crack the encryption code and read the information.
American high-tech companies normally would be expected to lead the way in getting superior encryption products to market. But they haven't been able to do so with encryption because outdated federal controls are holding them back.
These controls are aimed at keeping powerful encryption out of the hands of terrorists and hostile nations. However, they're only succeeding in keeping foreign customers away from American products.
Current U.S. policy only allows export of software with 40-bit encryption, which can be cracked in a fraction of a second with new computer chips that cost as little as $10. Not surprisingly, most encryption users prefer stronger 56-bit products that are already available on the Internet and from foreign manufacturers. In fact, more than 200 foreign encryption programs are now available in 21 countries.
This imbalance between what the market wants and U.S. law allows is creating a major economic problem for American companies. An industry study found that current export restrictions could cost U.S. businesses $30 billion to $60 billion by the year 2000. This is particularly troubling for California, since more than 1,000 companies produce prepackaged software in our state, contributing nearly $2 billion to our economy through their payrolls.
Furthermore, current restrictions on U.S. encryption exports limit the types of products available here at home. It can be prohibitively expensive for companies to make two versions of the same software--a weak package for export and a strong package for domestic consumption. As a result, Americans often only have access to weaker encryption products.
The administration has responded to this situation with a proposal that is inadequate at best. It would let U.S. companies export software with stronger encryption--up to 64 bits--but only if a "key escrow" system is attached. This "key escrow" system would require a third party located in the United States (or where we have bilateral escrow agreements) to have the key to encrypted material so the American government could gain access to it if the U.S. determines that our national security is at stake.
This plan is flawed for several reasons. Few foreign consumers are going to buy American encryption software that's compromised by our government. Without stringent safeguards, the administration plan opens the door to potential government violations of personal privacy. And it ignores the fact that foreign encryption programs without key escrow requirements are already widely available.
I support a stronger, bipartisan effort to relax U.S. export restrictions while protecting our national security interests. The Security And Freedom through Encryption Act (SAFE) would ensure that Americans are free to use any encryption package anywhere, prohibit man-datory key escrow schemes, guarantee companies the ability to sell any encryption package within the United States, and make it unlawful to use encryption to commit a crime.
Most important, it would allow U.S. businesses to export encryption software if products with comparable security capabilities are commercially available from a foreign supplier. In effect, American encryption exports would be stronger, but offer no greater threat to the U.S. than other products already being used abroad.
Reforming America's encryption export policy is important for high-tech companies hoping to increase their sales, businesses that want better security for their computers, online entrepreneurs looking to tap a global market for their services, and email users who desire more privacy for their electronic messages. SAFE offers a way to achieve all these goals and protect our national security interests at the same time.
Anna Eshoo represents California's 14th Congressional District.
This article appeared in the Sunnyvale Sun, June 5, 1996.
©1996 Metro Publishing, Inc. All rights reserved.