It's time to end the encryption wars

It's time to end the encryption wars
We're seeing a steady escalation in the "encryption wars." Instead of converging on a solution, the U.S. government, encryption vendors, software vendors and civil libertarians have become mired in a cycle of recriminations and non-responsive nonsense. Many of those involved are well meaning, intelligent and articulate. So why can't we reach a mutually acceptable accord that fosters the widespread use of strong encryption?

Don't attempt to solve complex political issues with equally complex technology solutions-they simply don't line up. Unless all sides drop the rhetoric and focus on the issues, the wars will continue and we'll all lose.

This impasse stems from a 200-year-old debate between the rights of individuals and the rights of the society. Does the government have the right to violate an individual's privacy? Current U.S. law allows the government to wiretap telephones (over 1,000 were performed last year), forcibly open safes, copy information from personal computers and otherwise gain access to private information. Congress and the courts have made it legal to obtain "private" information when it serves the interests of the society at large.

Encryption technology complicates this debate, because an individual can store or transmit encrypted information-good or bad-and prevent the government (or anyone else) from accessing it. So, encryption technology gives the privacy advocates a means of achieving their political ends. Encryption essentially makes the privacy debate moot by neutralizing the government's ability to lawfully obtain private information without the owner's permission.

As of today, Congress appears to hold the view that the use of strong encryption is a free-speech issue and should not be regulated. However, other factions of the U.S. government are attempting to "regulate" encryption by restricting U.S. vendors from exporting encryption prod - ucts without key recovery, "doorbell" or other features that allow access to encrypted data. The government is using export regulations to try to promote a domestic encryption policy-one that appears to ignore foreign suppliers who sell products without key-recovery features. As a result, this policy hamstrings the U.S. encryption industry without giving the government the ability to monitor encrypted data.

Unfortunately, the debate has distorted both the political and the technology issues. For example, researchers have developed a number of techniques for providing reasonable trade-offs between the individual's need for privacy and the society's need to protect itself. Once a policy has been set, these techniques will be able to support it.

Encryption has fundamentally changed the ground rules of our 200-year-old privacy debate. Unless we quickly come up with a political solution, we face the real possibility that the privacy debate will continue to retard the deployment of strong encryption, which will prevent the U.S from pro- tecting its critical information infrastructure. The need for encryption to support electronic commerce and other 21st-century initiatives removes the luxury of continuing this never-ending debate. We need the political process, not technology, to strike the privacy balance. Once the political process has set the requirements, the technology is available to satisfy all likely outcomes. Let's get to work.

— Chuck Williams is the chief scientist for Cylink Corp. (Sunnyvale, Calif.).