“Encryption algorithms are nothing but sophisticated mathematics,” Smith said. “And while the United States may realistically hope to remain the leader in such a field, it cannot realistically expect to monopolize it.”
Stating that current encryption policy is “highly problematic,” Smith noted that ACP’s industrial members have ample evidence of the rapidly growing market share of foreign encryption and examples of U.S businesses losing out because of U.S. export regulations.
“For example, a December 1997 study conducted by Trusted Information Systems found that 656 non-American encryption products are available from 29 foreign countries.” He also noted that “foreign producers of information technology systems are finding that their ability to provide end-to-end systems incorporating stronger encryption than U.S. companies are permitted to export gives them a decided market advantage.”
“If we do lose that U.S. leadership position, what will that mean?” Smith asked. “It will mean that the national security agencies will be confronting ubiquitous encryption made not by U.S. companies, but by foreign companies. Where then will the national security agencies go for technical help on encryption?”
“…it seems to us (ACP),” Smith said, “that the President, Congress and industry have a responsibility to ensure that in the future our law enforcement and intelligence agencies have the ability to continue to protect this nation as they do today. Indeed, they will probably need additional resources and technical help to meet the challenges of the next century. But those challenges are far greater if they are forced to face a world in which the majority of communications pass over systems that are foreign designed, foreign built, foreign installed and incorporate foreign encryption.”
While acknowledging that “significant progress was made last year” in both the new Administration policy announced in September by the Vice President, and in the interim final regulations of December 31, Smith said the Administration policy “does not represent the clear and realistic national policy this issue requires.” He went on to site the shortcomings of the Wassenaar Arrangement, an agreement the U.S. entered into with 32 other nations containing certain export controls on encryption.
“… Wassenaar has only 33 members and does not include encryption-producing countries such as China, India, South Africa, or Israel,” Smith noted. He went on to explain that the agreement “is only as effective as the implementing regulations adopted by the signatory states” and that some of those states “will promulgate regulations that are less restrictive” than those of the U.S., giving them a competitive advantage. He also pointed out that current regulations impose greater restrictions on American companies than called for under Wassenaar, and that as a minimal step, U.S. controls should be made consistent with the revised arrangement.
“As we move into the new millennium,” Smith said, ” information technology will play an increasingly important role in the way we govern ourselves, communicate among peoples, conduct commerce, and operate and protect our national infrastructure. Strong encryption is key to the continued vitality and growth of all these activities. Accordingly, the United States needs a clear and realistic national policy to assure that industry is able to develop the products that will help meet our national objectives.”
ACP is a broad-based coalition that brings together more than 100 companies and 40 associations representing financial services, manufacturing, telecommunications, high-tech and transportation, as well as law enforcement, civil liberty, pro-family and taxpayer groups. ACP supports policies that advance the rights of American citizens to encode information without fear of government intrusion, and advocates the lifting of current export restrictions on U.S.-made encryption.