Securing the Message
July 4, 1997
The framework – which was drafted by President Clinton's chief Internet policy advisor, Ira Magaziner, and is the administration's final word when it comes to electronic commerce – calls for the creation of a key-recovery system.
The system would provide a "key" -- a piece of code that tells how a message can be unscrambled -- to a third-party "key recovery center," or KRC.
Law enforcement officials could then use the "keys" in the KRC, after gaining permission from a judge, to decipher encrypted messages they believe contain information on illegal activities. Internet users sending encrypted messages within the United States would not have to provide a key to a KRC but could do so voluntarily.
"This is a very difficult issue. There are legitimate concerns that commercially-orientated people have about the necessity to have strong encryption in order to protect commerce," Magaziner said in an Online NewsHour interview. "On the one hand, law enforcement people are concerned, legitimately, that the Internet not be used in ways that encourage international terrorism or international drug trading."
"I think we're closed now to a balanced solution," Magaziner said. "We think that key recovery system is likely to be part of what happens in the marketplace, and we're trying to promote the develop of that infrastructure."
Policy could move into law as a result of efforts by Senator John McCain (R-AZ) and other senators. They have introduced legislation, dubbed the "Secure Public Networks Act," that would require the computer industry to create a key recovery system. Companies that want to export "strong" encryption software would be required to have include a key recovery system in their software.
Senator McCain, chairman of the Senate's Commerce committee, said the legislation is necessary to protect the nation from international child pornographers, illegal gambling as well as international terrorism and other national security threats.
"I'm a strong supporter of the free market," Senator McCain said, "but the free market can not be allowed to act in a matter that is contrary to our nation's security needs."
"I understand and appreciate why (companies) are fighting for unfettered controls," the senator said," but I have an obligation as an elected official to act not just for corporate interests but for all my constituents."
Businesses have objected to the key recovery system, saying that it will hurt them when they go out to compete in the global marketplace. American companies will be at an disadvantage, they say, because companies from other countries are allowed to export high-level encryption software without such restrictions.
"We are concerned how the global customers will perceive this system," said Smita Deshpande, director of Electronic commerce for Sun Microsystems, whose company attributes 52 percent of its revenue to overseas sales. "In some cases massive rework would be required for the systems we are currently shipping."
Vint Cerf, MCI's senior vice president for Internet architecture and engineering also objected to the government requiring the key recovery system. Cerf developed TCP/IP, the language computers on the Internet use to communicate with each other.
"MCI's position, and my personal position, has been that key recovery, as a requirement, is probably overkill and won't be accepted on a global scale," Cerf said. Cerf said, though, many businesses may opt to give keys to a third party to access encrypted information whose original keys have been lost. Some Internet users associations are also objecting to the administration's encryption policies.
"The paradigm isn't quite right," Stanton McCandlish, program director for the Electronic Frontier Foundation, a San Francisco-based users group, said. "Had Magaziner polled the typical user, he would have said something very differently about encryption."