Why John Gilmore believes things are going our way.
John Gilmore recently looked into his crystal ball and made an astounding prediction. Speaking in January before a group of cryptography wonks at the RSA Data Security Conference, Gilmore, the Electronic Frontier Foundation cofounder and primordial cypherpunk, declared that "1997 may be the year we finally win the crypto wars."
At first, Gilmore's heady optimism sounds like pure fantasy. Although last year the White House took steps to rationalize American policies - most notably by shifting jurisdiction over encryption exports from the State Department to Commerce and by allowing the limited export of 56-bit crypto - the battle over Internet privacy and security is far from won. Even after this overhaul, the US government remains committed to mandatory encryption key escrow schemes and prohibitions on the export of superstrong crypto, while the policymaking process is in a stranglehold imposed by the FBI and national security spooks.
But look a little deeper, and you begin to understand why Gilmore believes that "things seem to be going our way." For the first time in recent memory, opponents of the administration's crypto stance are firing in sync - and on all cylinders.
Gilmore, for example, has been playing a supporting role in efforts to undermine the legal foundations of the government's crypto régime. In Bernstein v. US Department of State (see "Reluctant Hero," Wired 4.06, page 112), a federal judge in San Francisco took a solid whack at the government's authority to regulate encryption algorithms as a munitions technology by ruling that encryption source code is a form of speech that deserves First Amendment protection. As the appeals process continues, the feds are likely to face increasing constitutional scrutiny - possibly leading to a nationwide injunction blocking the government from enforcing its crypto controls.
Meanwhile, industry groups have figured out that the White House's "new" policy isn't nearly new enough. In a February letter to President Clinton, representatives from 16 industry groups - including the National Association of Manufacturers and the US Chamber of Commerce - publicly expressed their "profound disappointment" with the current crypto plan. The industry letter blasted the administration for developing a policy that "does not adequately address the needs of either the American business community or the general public" and that "fails to accommodate the competitive concerns of the sellers of encryption products, the security concerns of the buyers of such products, or important privacy rights."
While the White House is trying to ignore this clatter of discontentment, Congress is more willing to listen. In the House, Representative Bob Goodlatte (R-Virginia) has rolled out HR 695, the Security and Freedom Through Encryption (SAFE) Act of 1997, with a whopping 55 cosponsors. The SAFE bill - an effort to make a legislative end run around executive orders - would safeguard the rights of Americans to use any kind of encryption anywhere in the world, outlaw mandatory key escrow, and permit the export of encryption products if products with comparable security are available from foreign suppliers.
On the other side of the Capitol, Senator Conrad Burns (R-Montana) has introduced S 377, the Promotion of Commerce Online in the Digital Era (Pro-CODE) Act of 1997, with 16 cosponsors - including Senate Majority Leader Trent Lott (R-Mississippi). Revised from last year, when Pro-CODE died in committee, the new bill restricts the Commerce Department's authority to establish technical standards for commercial encryption, prohibits state and federal governments from mandating the domestic use of key escrow, and relaxes export controls to allow for the international sale of encryption software that is either "generally available" or "in the public domain" as of the date of enactment.
These provisions are familiar, but this year's Pro-CODE also has a proposal to create a new Information Security Board that includes a forum to "foster communication and coordination between industry and the federal government" and to share "general, nonproprietary, and nonconfidential developments in important information security technologies, including encryption." Senate insiders hope the ISB proposal will shift the crypto debate away from key escrow by helping law enforcement operate in a global environment where strong encryption is routinely used.
Put it all together, and John Gilmore's bold prediction starts to make sense. The administration's crypto policies are coming under concerted attack by the courts, industry lobbyists, and influential members of Congress. Victory may be closer at hand than we thought.
