11 June 1997
Source: http://www.sjmercury.com/opinion/docs/066550.htm
Thanks to BF.


San Jose Mercury News, June 11, 1997

EDITORIAL

Feds have lost battle against encryption

The Clinton administration is fighting yesterday's battle against exports of high-powered encryption software. The battle has already been won, and not by the feds. That's clear from the business deal between Sun Microsystems Inc. and a Russian firm with the cybercute moniker Elvis+ Co.

Prolonging the fight doesn't make Americans safer, and harms U.S. high-tech companies.

Encryption software translates computerized information into codes that only the sender and intended receivers can read. The administration requires companies to get an export license, for which they must promise to develop or obtain "key recovery'' technology, and to switch to the technology within two years. "Key recovery'' allows someone besides the intended users of the information to break in and read it.

In other words, the feds want exported encryption software to provide privacy from everyone but the FBI.

The Sun-Elvis+ deal is the best illustration yet of the futility of this kind of regulation.

Although U.S.-developed encryption software can't be exported, there are no restrictions on U.S. companies exporting foreign-developed software. So Sun has made a deal to market the encryption software developed by Elvis+ in Russia. Sun will sell the product overseas as well as here -- demonstrating that Elvis+ software isn't just appropriate for the export market, but also for the demanding American market.

Government regulators are trying to figure out how to kill the Sun-Elvis+ deal. They should back off. Killing the deal would just compound their errors.

Obviously, if Sun is prevented from selling the software overseas, somebody else will. Stopping Sun means the profits would go overseas instead of here.

With this deal, Sun is delivering a loud "We told you so.'' As software manufacturers have been saying, the administration's restrictions aren't stopping foreign software manufacturers, but they're holding back American companies and leaving international markets open to their competitors.

Beneath these backwards export rules lies a legitimate concern. Administration officials such as FBI Director Louis Freeh believe that terrorists and other international criminals will use the Internet for communication, and law enforcement agencies won't be able to eavesdrop the way they can on a telephone.

But the Internet is not the telephone, and the government rules, as the Sun deal shows, are futile. Any criminal with a fistful of currency and a computer anywhere in the world probably can find encryption software on the international market that will keep information out of the FBI's reach.

By limiting access to the world market, our export restrictions threaten the position of U.S. firms as market leaders, even though they produce some of the best encryption technology available. Why would even law-abiding foreign companies buy U.S. encryption products, knowing our government has an access key, when they can buy elsewhere without that encumbrance?

The export rules also inadvertently limit encryption available within the United States. Software firms don't want to waste time and money developing and selling two versions of a product, one for here, and one for abroad.

Government warriors should pack up their rusty cannons, admit that they've lost this battle, and learn to live in the 1990s. If they don't retreat, Congress might force them to. H.R. 695, sponsored by Rep. Bob Goodlatte, a Virginia Republican, and supported by most of Silicon Valley's representatives, would allow Americans to use and sell any type of encryption here, and would permit export of advanced software if something similar is available elsewhere.

Criminals who use encryption software to commit crimes could be sentenced to up to 10 years in jail.

The bill would be better if it removed all controls from encryption software exports. But even as written, it would be an improvement over the administration's "key recovery'' plan.