Web Outpaces Crypto Rules

TORONTO (04/07/2000) - The growth of e-commerce and the corresponding need for privacy and security are eclipsing government attempts to curb strong encryption worldwide, according to a study released this week by the Washington-based Electronic Privacy Information Center (EPIC).

"Governments attempting to develop e-commerce are recognizing that encryption is an essential tool for transactions and are reversing decades-old restrictions based on national security concerns," according to the study "Cryptography and Liberty 2000, An International Survey of Encryption Policy."

For example, in January, the U.S. relaxed export controls on mass-market encryption software. Former regulations had required companies to obtain a government license to export encryption products with key lengths higher than 56 bits.

"We won, we've really won. There is no going back," said Phil Zimmermann, creator of the widely used Pretty Good Privacy encryption software. Zimmermann was in Toronto last week for the annual Computers, Freedom and Privacy conference. "They are letting strong crypto through, and it would be politically difficult to single out one product."

Privacy advocates found another reason to celebrate last week: Canada passed the first privacy legislation in the world that applies to private industry.

According to Stephanie Perrin, former director of privacy policy at Industry Canada, the law is based on a model privacy code created by the Canadian Standards Association.

"Canadian companies, if they're dealing with American counterparts, oblige them through contract to meet the standards," said Perrin. The legislation applies to companies in industries that are subject to Canadian regulation.

She noted that the Canadian Direct Marketing Association supported the law, which is called the Protection of Personal Information and Electronics Documents Act.

Encryption Control Remains

But David Sobel, EPIC general counsel, said several countries, including the U.K., India, Belgium and the Netherlands, are still considering proposals that would give public agencies the ability to demand access to encryption keys.

Other countries, such as China, Russia and Pakistan, continue to restrict the use of encryption technology.

According to the EPIC report, the continued expansion of e-commerce and the lack of international consensus on encryption regulations will frustrate efforts by those countries to continue their restrictive polices. The study added that the availability of encryption on the Internet will also make it difficult for countries to enforce these laws without imposing censorship and surveillance.

"Legislation . . . drives crypto activists to develop new and better forms of encryption," said David Del Torto, executive director of the San Francisco-based Crypto-Rights Foundation, which provides security consulting to human rights activists.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Direct Marketing AssociationElectronic Privacy Information Center

Show Comments