November 27, 1996
TOM BEARDEN: There's an old motel just outside of Washington, D.C., that's been converted into an unusual museum. Inside is a display of what were some of the most jealously-guarded secrets of the Second World War. Visitors can tap the keys of a crude-looking device called Enigma. It used rotating wheels and electrical plugs to turn plain text into code by transposing letters according to a complex mathematical formula. The Germans and the Japanese used these machines to encrypt their messages during the war. They thought the code was unbreakable. They were wrong. The allies built this machine and broke the code. The ability to read much of the enemy's most secret communications may have literally saved the free world in the 1940's. Just down the hall are more modern code-breaking machines like a Cray supercomputer. This is the National Security Agency's cryptologic museum. It's a testimonial to the once super secret agency's almost legendary ability to crack ever more complicated codes. But that capability may be coming to an end. Companies are now producing software and hardware devices that have the ability to encrypt computer and voice messages and render them virtually unbreakable. William Reinsch is the undersecretary of commerce.
WILLIAM REINSCH, Undersecretary of Commerce: The government has national security interests. We have public safety law enforcement interests, anti-terrorism, drug dealers, things like that. The ability of people like that to communicate using encryption technology or to store data that's encrypted makes it much more difficult for us to deter the violence or the crimes that they might commit.
TOM BEARDEN: So the administration has been fighting a running battle to prevent the export of high-strength encryption technology, even to friendly countries. Authorities cite the World Trade Center bombing as an example of why that's necessary. One of the conspirator's computers had encrypted data in it that the government eventually decoded, but newer software might have put it out of reach forever. Three years ago, the Clinton administration tried to impose a single encryption standard, the so-called "clipper" chip. People could have used the chip to send coded messages, but the government would have held the keys and would have been able to decode any message simply by getting a court order. Any other encryption method would have been illegal. Industry and the public went ballistic.
WILLIAM REINSCH: I think we learned with the clipper-chip approach of several years ago that if you try a top-down market forcing, one-size-fits-all technology, you're going to get the response that you've described.
TOM BEARDEN: The quandary lies in the fact that even government concedes that business needs strong encryption to protect the privacy of transactions and to prevent computer crime. A recent congressional report underlined that need when it revealed that computer systems in six out of every ten major U.S. corporation had been attacked by hackers or competitors in the last year. Every day, more and more business is conducted in cyberspace via the vast telecommunications networks that girdle the planet. Banks and governments exchange billions of dollars, yen, marks, and francs. Companies and individuals exchange electronic mail, everything from birthday greetings to confidential business plans. Jeff Truehaft works for Netscape, a leading Internet software company in San Francisco. He showed us how it's possible to open a checking account while online, giving the bank your address, Social Security number, credit references, and other personal information on the Internet, instead of in person.
JEFF TRUEHAFT, Netscape: So these are some very sensitive things that obviously I'm not going to want the different people out there on the Internet to be able to see. So I'm going to make sure that when I enter this information, it gets transmitted across the Internet securely.
TOM BEARDEN: And people can see them if they make a determined effort. The only way to protect privacy is encryption. Jerry Berman is director of the Center for Democracy and Technology, a Washington privacy rights group.
JERRY BERMAN, Center for Democracy and Technology: The Internet is our future, and we're taking the most sensitive data, our bank records, our financial transactions, our medical records. We're communicating, sending e-mail, sending classified and important documents across the Net. Citizens and users need privacy to conduct commerce, to protect themselves.
TOM BEARDEN: Vermont Democratic Senator Patrick Leahy has introduced legislation to address privacy concerns.
SEN. PATRICK LEAHY, (D) Vermont: We should err on the side of privacy in this country, and if there's any country in the world that should be showing it's going to protect privacy, it's the United States. It should be the--very much the exception to the rule when you're allowed to go in and violate that privacy in the same way that we do wire taps.
TOM BEARDEN: Government and industry have been trying to come to a compromise that would protect the privacy of international business and protect national security. The President recently signed an executive order that will allow the export of moderately strong encryption, provided the users agree to turn over the keys to a third party. It's called Key Escrow. The government could get the keys with a court order.
KENNETH DAM, University of Chicago: They would like to be able to get the keys to an encrypted conversation or encrypted e-mail message or an encrypted fax message.
TOM BEARDEN: Kenneth Dam is a law professor at the University of Chicago. He headed a national research council committee that studied encryption policy. Dam thinks Key Escrow could address law enforcement concerns but could also lead to even bigger crimes.
KENNETH DAM: It's just like the key to your house. If you give it to somebody you don't know, you're more vulnerable than if you keep your key to yourself. And Key Escrow agent which had thousands, perhaps tens of thousands of keys would be an inviting target for a criminal, for example. It would be open sesame. You would get not only into one, one block, you would get into many messages, and that could have catastrophic effects, if these are bank transfers or if you're getting into something else that involves very valuable intellectual property.
TOM BEARDEN: The export policy would have no effect on encryption software available in the U.S.. And, in fact, programs twice as powerful as those the administration would allow out of the country are readily available in any software store.
JERRY BERMAN: The irony of this is that terrorists and criminals can get strong encryption in the United States down at Radio Shack. They can get it on the Net. They can download it, and they will have it after law that's passed that creates this government scheme of a key recovery system.
TOM BEARDEN: But Undersecretary Reinsch says the policy will work because criminals will still have to deal with the outside world.
WILLIAM REINSCH: Sooner or later, they have to, if you will, dip into the normal commercial sector. They have to deal with conventional banks. They have to use, you know, ordinary telephones, even if they're pay phones. They can't operate solely in their own internal network, which they can insulate from law enforcement. They have to step outside. When they step outside, if we have a world of key recovery technologies and key recovery devices, then we'll have a means of dealing with them. It won't be perfect, but it isn't perfect now.
TOM BEARDEN: Some computer hardware companies have endorsed Key Escrow. Hewlett-Packard has received approval to begin exporting a multi-tiered system they call the International Cryptography Framework.
DOUG McGOWAN, Hewlett Packard: The idea behind ICF is to create a crypto-engine, a piece of hardware that we can make as cheap as possible and make it freely available to put in appliances and to computers and to other environments around the world, as customers need, and then download the particular crypto-policy that's commensurate with the user's needs and local government regulations, both U.S. and foreign governments.
TOM BEARDEN: But many software companies remain bitterly opposed, saying Key Escrow will only hurt their ability to compete overseas.
JEFF TRUEHAFT, Netscape: Well, in some sense, the cat is out of the bag, whether it's software that was manufactured here in the states that's been put up online, or whether it's just those companies actually creating their own software programs that do use strong security. There's cases in Europe. There's cases in South America, South Africa. There are cases in Japan, where vendors have provided complimentary software to ours that does offer a high level of security, much higher than we're able to offer that marketplace, and thereby taking an advantage away from an American company.
TOM BEARDEN: No export policy will work unless America's trading partners agree. Sen. Leahy says they won't cooperate if an executive order is the only thing on the table because that order could be changed with the stroke of a pen.
SEN. PATRICK LEAHY: You're not going to do it by administrative fiat, even though some in the administration want to. The problem is I don't think that they fully understand what's required. But secondly, it can be done with legislation and with executive action, but it's going to mean the Congress and the administration is going to have to cooperate a lot more than they have.
TOM BEARDEN: Even the strongest advocates of Key Escrow concede it's only a temporary solution. Governments are finding themselves extremely challenged to keep up with technology that moves much more quickly than their ability to write laws to control it.