After a brief August honeymoon, feuding has broken out again among the U.S. government, industry and civil liberty advocates trying to devise rules that would permit high-technology companies to more easily export sophisticated technologies that scramble information.
Yesterday, the various parties sat down in a day-long meeting to discuss the technology, which keeps information safe from eavesdroppers, but found little common ground. Government officials tried to put a positive light on the process, but several private sector people who attended said they felt "confused," and "burned" by the discussions.
"This whole thing is like trying to find a way through a maze that none of us have found a way through before," said Steve Walker, president of Trusted Information Systems, an information security company in Brentwood, Maryland. "Everybody would like everything, and we're all going to have to give up something."
Both industry and government thought they saw possible grounds for compromise in August, when Clinton administration officials said they were willing to let companies export sophisticated encryption technologies that provided some private organizations would hold onto a spare key for unlocking scrambled information. That way if law enforcement officials had the proper court authorization, they could get a peek at otherwise locked information.
But sparks began to fly a few weeks later when the administration met with industry and others to explore precisely how such a policy would work. For example, although the new policies would let companies export more complex encryption technology than current law permits, businesses began worrying that the most sophisticated techniques would still be out of bounds.
Others worried about who would hold the spare keys. Since U.S. law enforcement agencies want to be able to reach the keys, some felt they should in most cases be held in the United States unless the federal government had struck a deal with its foreign counterparts that would enable, say, the FBI to obtain spare keys stored elsewhere on short notice.
"There is not going to be an export market for products" that require that the spare key be left in the United States," said David Sobel of the Electronic Privacy Information Center, an electronic privacy advocacy group. As long as foreign companies can sell products unencumbered by the spare-key requirement, "ours won't be competitive," he asserted.
Clint Brooks, advisor to the director of the National Security Agency, countered that there were few "facts" that demonstrated that U.S. companies would lose sales if they could export the kind of encryption technology that the government was proposing to permit. "We just need to find out," he said, in a telephone interview.
Others attending yesterday's meeting felt that there were too many groups trying to tug the emerging policy from very different concerns. "There's the government wanting to have secure messages ... domestic security issues and espionage issues...[as well as]...industry coming in with its agenda of selling products overseas. Oh, its going to be hard," said Jeff Rulifson a technology director for Sun Microsystems, Inc. Mountain View, Calif.
Government officials say they hope to draft a new set of proposals during the next few weeks and circulate them for another round of comments. In the meantime, at least two industry groups are scrambling to draft their own versions of an encryption policy.