From The New York Times OP-ED, Saturday, August 19, 1995: "Washington's Computer Insecurity" by Whitfield Diffie MOUNTAIN VIEW, Calif. Like the oceans of 200 years ago, the Internet is a far from safe place. Pirates lie in wait to penetrate computer systems, steal trade secrets and cheat people out of their wares. The only way to secure Internet commerce is by building security into the programs through encryption, the process of scrambling information so that only people who hold the secret keys can decode it. Unfortunately, the strong encryption systems that should be in every spreadsheet, word processor and e-mail program are not readily available. The reason is simple. The Federal Government has refused to allow companies to export such systems, insisting that cryptography is a military weapon. Since the companies can't export these programs, it's not worthwhile to produce them for the domestic market only. On Thursday, Clinton Administration officials said they were willing to be more flexlible about the export of encryption systems. But, unfortunately, their notion of flexibility does not adequately address the concerns of the computer companies. If the Administration does not fundamentally alter its position, it is likely that our high-tech industries, which sell more than half their products outside the country, will continue to be forced to sell programs with weak security systems that meet export standards or programs that lack security systems altogether. This will pave the way for foreign companies, under fewer constraints by their governments, to grab what is expected to become a huge market for properly safeguarded computer communications. Thurday's announcement is just a reworking of the plan the Government announced two years ago. Then, it said that it would allow the export of a strong encryption system which used a mechanism known as "key escrow." The hitch was that this system, called the "Clipper chip" allowed the Government to read all communications encoded with that chip. The Government's principal justification for this scheme was that cryptography could interfere with police wiretapping. The Government played down the more important issue that strong encryption might interfere with our ability to spy on enemies and allies alike. In addition to its blatant Big Brother aspect, the Clipper chip used secret military technology (an encryption algorithm designed by the National Security Agency) and required that it be embedded in tamper-resisant hardware. Business leaders and civil libertarians were adamantly opposed to this plan. Not only did the Clipper chip system violate the privacy of individuals, but it was unnecessarily expensive because of the hardware required. Despite this outcry, "key escrow" was adopted as a Federal standard. It bombed in the marketplace. The new plan the Government hinted at on Thursday would be a bit of an improvement. It would be carried out entirely in software, and outside escrow agents, rather than Goverment officials would hold the decoding keys. These could be obtained with a search warrant. But "Clipper chip II," as it is dubbed, won't work either. While other nations may share our interest in reading encrypted messages for law enforcement purposes, they are unlikely to embrace a system that leaves them vulnerable to U.S. spying. They will reject any system that gives decoding ability to agents in the United States. Our Government also wants to limit the length of keys, and hence the sophistication of the encryption codes it allows for export. Up till now, the Government generally did not allow export of codes with more than 40-bit keys, though on Thursday it indicated a willingness to increase keys to 64 bits. But just this week a French computer hacker broke a code with a 40-bit key. Even 64-bit keys are not expected to be adequate. As for the Govenment's concern that encryption will interfere with police wiretapping, so far there is little evidence that criminals are hiding their activities through encryption. Furthermore, if such a problem develops, there will be chance enough to rein in cryptography later. The more pressing problem is the lack of adequate security on the Internet that is stifling business and easing computer penetration by criminals. If Washington will ease its controls on commercial encryption products, industry will be free to build the security mechanisms needed to protect the new medium of world commerce.