Page 111

PART II
Policy Instruments

TO THE BEST OF THE COMMITTEE'S KNOWLEDGE, the goals of U.S. cryptography policy have not been explicitlyformalized and articulated within the government. However, senior government officials have indicated that U.S. cryptography policy seeks to promote thefollowing objectives:

• Deployment of encryption adequate and strong enough to protect electronic commerce that may be transacted on the future information infrastructure;

• Development and adoption of global (rather than national) standards and solutions;

• Widespread deployment of products with encryption capabilitiesfor confidentiality that enable legal access for law enforcement and national security purposes; and

• Avoidance of the development of defacto cryptography standards (either domestically or globally) that do not permit access for law enforcement and national security purposes, thus ensuring that the use of such products remains relatively limited.

Many analysts believe that these goals are irreconcilable. To the extent that this is so, the U.S. government is thus faced with a policy problem requiring a compromise among these goals that is tolerable, though by assumption not ideal with respect to any individual goal. Such has always been the case with many issues that generate social controversy—balancing product safety against the undesirability of burdensome regulation on product vendors, public health against the rights of individuals to refuse medical treatment, and so on.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 111
Page 111 PART II Policy Instruments TO THE BEST OF THE COMMITTEE'S KNOWLEDGE, the goals of U.S. cryptography policy have not been explicitlyformalized and articulated within the government. However, senior government officials have indicated that U.S. cryptography policy seeks to promote thefollowing objectives: • Deployment of encryption adequate and strong enough to protect electronic commerce that may be transacted on the future information infrastructure; • Development and adoption of global (rather than national) standards and solutions; • Widespread deployment of products with encryption capabilitiesfor confidentiality that enable legal access for law enforcement and national security purposes; and • Avoidance of the development of defacto cryptography standards (either domestically or globally) that do not permit access for law enforcement and national security purposes, thus ensuring that the use of such products remains relatively limited. Many analysts believe that these goals are irreconcilable. To the extent that this is so, the U.S. government is thus faced with a policy problem requiring a compromise among these goals that is tolerable, though by assumption not ideal with respect to any individual goal. Such has always been the case with many issues that generate social controversy—balancing product safety against the undesirability of burdensome regulation on product vendors, public health against the rights of individuals to refuse medical treatment, and so on.

OCR for page 111
Page 112 As of this writing, U.S. cryptography policy is still evolving, and the particular laws, regulations, and other levers that government uses to influence behavior and policy are under review or are being developed. Chapter 4 is devoted to the subject of export controls, which dominate industry concerns about national cryptography policy. Many senior executives in the information technology industry perceive these controls as a major limitation on their ability to export products with encryption capabilities. Furthermore, because exports of products with encryption capabilities are governed by the regime applied to technologies associated with munitions, reflecting the importance of cryptography to national security, they are generally subject to more stringent controls than are exports of other computer-related technologies. Chapter 5 addresses the subject of escrowed encryption. Escrowed encryption is a form of encryption intended to provide strong protection for legitimate uses but also to permit exceptional access by government officials, by corporate employers, or by end users under specified circumstances. Since 1993, the Clinton Administration has aggressively promoted escrowed encryption as a basic pillar of national cryptography policy. Public concerns about escrowed encryption have focused on the possibilitiesforfailure in the mechanisms intended to prevent improper access to encrypted information, leading to losses of confidentiality. Chapter 6 addresses a variety of other aspects of national cryptography policy and public concerns that these aspects have raised.