Joe Salkowski

The federal government began fighting to suppress strong encryption more than six years ago, a period that seems like eons in so-called Internet time.

Even so, the war was lost before it even began.

Government officials never stood a chance of stopping the spread of data-scrambling technology. As the Internet’s growth rendered national boundaries about as impenetrable as a snow fort in July, the effectiveness of U.S. export restrictions on encryption products simply melted away.

The feds finally raised the white flag on Sept. 16, announcing that rules limiting the export of strong encryption would be all but eliminated in December. The move frees U.S. companies to begin building stronger safeguards into Web browsers, e-commerce shops and other online products.

A few battlegrounds still remain active, including a proposed bill that could give federal agents a way to break into encrypted messages whenever they please. But Congress, emboldened by public opinion and the open wallets of high-tech companies, seems ready to reject any attempt to undermine the impact of the Clinton administration’s apparent surrender.

For now, at least, it seems the crypto war will end with a victory for the Net and common sense.

Government restrictions on encryption date back to the days of the earliest computers, which were used to decode military messages during World War II. At the time, an encryption product was a room-sized collection of vacuum tubes and switches, just the sort of large physical object export laws were designed to address.

These days, though, encryption is handled by software programs that can be e-mailed around the world in the time it takes a customs inspector to uncap his pen. And while the old rules prevent U.S. companies from selling crypto to overseas customers, computer users around the world now have their pick of strong encryption products made elsewhere.

Nevertheless, the restrictions have kept companies like Microsoft and Netscape from building strong data protection features into their most popular products. And the growth of e-commerce has been slowed by the lack of global standards for securing purchase data or verifying identities online, both of which require strong encryption.

Federal law enforcement agents have argued that as use of encryption spreads, they’ll lose the ability to decipher the digital data seized from international terrorists and other criminals. But they’ve never managed to overcome the simplest of truths: Anyone who wants strong encryption can already get it.

Attorney General Janet Reno complained that rolling back export restrictions “will mean that more terrorists and criminals will use encryption.” But people who aren’t bothering to use encryption today are people with nothing to hide. Giving federal agents a way to break into these people’s private data once they start using encryption would only compromise their privacy.

Yet that’s exactly what could happen if Congress passes the Cyberspace Electronic Security Act, a bill the Clinton administration hopes will accompany the end of export restrictions. While the White House wisely scrapped a proposed section that would have allowed police to secretly break into Net users’ homes to disable encryption programs, the bill offers authorities a chance to accomplish the same goal from the comfort of their own offices.

The bill would, among other things, allow prosecutors to use evidence gathered from encrypted messages without disclosing how they got that data. If it passes, software companies could be compelled to provide police with secret back doors into their crypto products without alerting consumers.

“Open disclosure of (decryption) techniques and trade secrets can jeopardize them for all future investigations and severely hamper law enforcement,” reads a White House memo about the bill.

But subjecting encryption products to secret back doors just as they’re becoming popular would significantly increase the chance of unwarranted intrusions into our private lives. And I mean that quite literally: If companies that store or route your encrypted data opt to cooperate with investigators, those officials wouldn’t need so much as a search warrant to rifle through your life.

Still, Congress has offered plenty of reason to believe that such language will be rejected. A majority of House members supported a bill introduced by Rep. Bob Goodlatte, R-Virginia, that would have rolled back export restrictions on encryption. The measure’s popularity was one reason the administration acted when it did, and the GOP-led Congress isn’t itching to undermine its victory.

“It remains to be seen whether the administration will follow through on the implementation of (its) encryption export policy announcement,” Goodlatte said in a prepared statement. “Congress will be watching carefully to make sure that the regulations issued in December match the policy announced today.”

Of course, Goodlatte’s bill was just one of several reasons the Clinton administration opted to concede defeat on encryption export controls. The move also helps smooth federal government relations with the high-tech industry, and it certainly won’t hurt Al Gore’s next fund-raising trip to Silicon Valley.

But if you’re feeling charitable, you might conclude the government decided to stop fighting encryption because the fight just doesn’t make sense anymore.

After six years of battling over scrambled data, that message seems perfectly clear.

Syndicated columnist Joe Salkowski can be reached via e-mail at [email protected], or write to him c/o Tribune Media Services. Inc., 435 N. Michigan Ave., Suite 1400, Chicago, IL 60611.