Economic Strategy Institute (ESI) report: Finding the Key

Yaman Akdeniz lawya at lucs-01.novell.leeds.ac.uk
Thu, 2 Apr 1998 18:30:56 GMT0BST 

This recent US  Economic Strategy Institute (ESI) report might be of 
interest to the members of this list.

Yaman

http://www.econstrat.org/crypto.htm

Finding the Key: Reconciling National and Economic Security Interests
 in Cryptography Policy

Erik R. Olbeter Christopher  Hamilton

Executive Summary

U.S. encryption policy has been debated as if it were a zero-sum game,
pitting national security and commercial interests at odds with one
another, but national security and economic interests should not be
irreconcilable.

While policymakers, in response to markets, have tried making
incremental modifications to U.S. encryption policy, it is now clear
that the markets have undergone such radical change that a serious
review of U.S. policy is necessary. In addressing that need, this
study by the Economic Strategy Institute (ESI) documents how current
and proposed policies fail to deliver comprehensive national security
protection and, at the same time, significantly harm U.S. commercial
interests.

ESI believes it is time to discontinue policies that have proved
ineffective, and even detrimental, to America's well-being, and
consider a policy alternative that takes into consideration the
legitimate needs of both industry and law enforcement agencies.

[snip]

Policy Recommendations

ESI's review of the different policy options, and of the negative
impact exerted by current policies, reveals four fundamental
characteristics that should be included in any encryption policy, if
both economic and national security are to be enhanced. The policy
must:

               be technologically neutral, 
               be market-driven and not distort the market, 
               be international in scope and in design, and 
               protect the privacy of individuals and corporations. 

Any policy resolution on encryption must consider existing
cryptography rules affecting the telecommunications industry
(specifically the requirements of the Communications Assistance for
Law Enforcement Act of 1994) and be technologically neutral. As
communications and IT technologies begin competing in one another's
markets, it is crucial that all industries be on a level regulatory
playing field.

Export controls on encryption technology should be dropped. The record
shows that these controls have had no discernible impact on national
security, but have demonstrably compromised America's economic
security. Foreign encryption products are present in the free
international market, their competitiveness is increasing at the
expense of American companies, and their products are outside U.S.
regulatory authority. In this light, export controls are indefensible.

Likewise, a domestic key-recovery system provides no compelling
national security benefit if other countries do not implement similar
systems abroad. Given the presence of foreign, unrecoverable
encryption technology, domestic key-recovery systems will neither
restrict determined criminal efforts nor grant law enforcement
agencies substantially increased evidence-gathering capabilities
against established criminal groups. These proposals should be
abandoned.

Finally, the United States should not implement its own policy in the
hopes of inspiring other countries to follow. In fact, the opposite
effect is likely, because foreign software 
companies and manufacturers would "free ride," 
taking advantage of U.S. restrictions without implementing similar 
systems themselves, and thereby earning billions at the expense of 
U.S. firms.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yaman Akdeniz <lawya@leeds.ac.uk>
Cyber-Rights & Cyber-Liberties (UK) at:
http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm

Read CR&CL (UK) Report, 'Who Watches the Watchmen'
http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~