The US government still seems to think we know how to do encryption better than the rest of the world and limits the quality of the encryption technology that can be exported.
This is a demonstratively silly idea, yet the US government persists in its delusions. At least I assume they are delusions because the only other obvious explanation would be that Clinton administration officials are being overly conservative with the truth in front of Congress.
Recent developments in the cryptography field will make it still harder for the administration to maintain that limiting the quality of exportable encryption technology does anything other than harm US companies.
Israeli scientist Adi Shamir recently announced that he had developed yet another way to help break the secret keys for what is currently regarded as the best type of encryption in use on computer networks.
Shamir is the co-developer, along with Ron Rivest from MIT and Leonard Adleman from the University of Southern California, of the RSA public-key cryptography technology. RSA and other public-key cryptosystems are already widely deployed in computer systems and are seen as the best hope for scalable and reliable encryption systems for use on the Internet.
Shamir's new announcement regards a special computer, at this point only a proposal, which would significantly improve the ability of code breakers to find the secret key needed to decrypt data that has been encrypted using public-key cryptosystems.
It might seem a bit counterproductive for an inventor of a public-key cryptosystem to help develop methods for breaking the security of public-key cryptosystems, but this is typically how people in the crypto business work. Unless you try to break the encryption, you do not know how good it is. In addition, one has to assume that government agencies in many countries are doing their best to break cryptosystems used by rival governments (and businesses in rival countries).
But Shamir's announcement means that the quality of the encryption needed to protect the secrets of American businesses now has to be higher than it was before. The encryption picture is constantly changing. The only sensible thing to do - if the administration is serious about protecting the assets of American companies abroad - is to remove all limits on the quality of the cryptosystems that can be exported from the US.
The administration tells horror stories about the dangers of paedophiles, terrorists and foreign spies using encryption to thwart the efforts of law enforcement officials. But the administration must assume the existence of a really strange class of criminals -- people too dumb to surf the Web to get good encryption software and too smart to get caught via normal law enforcement methods. It's a strange world the administration lives in.
Disclaimer: Some claim that it's a strange world Harvard lives in, but the above are my observations.
Scott Bradner is a consultant with Harvard University's University Information Systems. He can be reached at firstname.lastname@example.org.