U.S. Export of High-Tech Devices Planned

The Clinton administration said Tuesday that it intends to adopt a plan to give U.S. companies more freedom to export high-tech devices that maintain the privacy of computer messages.

The plan would liberalize U.S. export policy so that companies could sell more powerful encryption devices abroad.

But companies first would have to assure the U.S. government that law enforcers--upon court order--would be able to crack the code and intercept the communications.

President Clinton intends to sign an executive order by the middle of this month implementing the plan, said Greg Simon, the White House’s point man on the issue and domestic policy advisor to Vice President Al Gore.

Critics said the plan, which builds upon an administration proposal offered in July, would be difficult to make work, doesn’t offer companies enough export freedom and raises privacy concerns.

Noting the objections, Simon said the administration wasn’t looking for a plan that would be “universally popular” but rather “balanced and fair.”

At issue is sophisticated software that allows users to scramble telephone and computer messages that move across computer networks and the Internet. Users, particularly businesses, want to keep their data private with few or no restrictions, while law enforcement officials have argued that they need the power to unscramble the messages to investigate terrorists and other criminals.

The goal is to balance the needs of law enforcement with the needs of U.S. companies, which contend that existing export restrictions are making them lose billions of dollars each year in potential sales abroad.

Law enforcers need to have access to an electronic “key” to unlock secure communications in the event of a national security or law enforcement emergency, said CIA Director John Deutch.

“Our members have consistently been opposed to this idea. They are from the no-way, no-how school on this issue,” said Ken Wasch, president of Software Publishers Assn.

Danny Weitzner, deputy director of the Center for Democracy and Technology, an electronic civil liberties group, said the plan “pretends to put encryption in the hands of Internet users, but there’s no evidence of that.” He also said U.S. companies’ and citizens’ encrypted communications sent over the Internet could be vulnerable to “improper foreign government access.”

The administration doesn’t want that to happen and is working with major trading partners and other countries to adopt plans that are consistent with the U.S. plan and to expedite electronic key recovery by law enforcement, Deutch said.

Administration officials concede companies will have their work cut out for them in creating a system for key recovery.

In fact, today IBM is expected to announce a corporate consortium to collaborate on decoding software.

Armonk, N.Y.-based International Business Machines Corp. will be joined in the consortium by Digital Equipment Corp. of Maynard, Mass., and a small private firm called Trusted Information Systems of Baltimore, among others.

The consortium plans to lay out a road map for the industry to develop key recovery techniques that do not have to be kept in escrow by a third party.

The computer maker and its partners are devising a method that will unlock the data in several steps, and the key to unlock the scrambled data is actually carried in the data itself, in a “locked box,” IBM and Digital executives said.

The White House plan “will make it easier for Americans to use stronger encryption products--whether at home or abroad--to protect their privacy, intellectual property and other valuable information,” Gore said in a statement.

The plan changes U.S. export policy and affirms current U.S. import policy, which does not restrict the sale of encryption devices within the United States.

Under the plan, a company would still have to obtain a license to export encryption technology, but it would get permission from the Commerce Department instead of the State Department, which now exercises primary control.

Companies could begin filing license applications any time, but they would not be approved before Jan. 1, said William Reinsch, undersecretary for the Commerce Department’s bureau of export administration.

Current policy permits companies to export encryption devices with electronic key lengths of up to 40 bits. Devices with a large number of bits are stronger and harder to decode.

The new plan would allow companies to export devices with a harder-to-crack length of 56 bits, as long as they have a plan for law enforcement to unlock secured communications.

Companies would have up to two years to implement a plan to accomplish that or lose the right to export the stronger encryption devices.

As soon as such a plan is implemented and working, companies could export encryption devices stronger than 56 bits.

“This is a step in the right direction,” said Diane Smiroldo, spokeswoman for the Business Software Alliance. “But there are a lot of issues unresolved.”