Who Trusts Trusted Agents?
By Michael Floyd
That wacky Clinton administration is at it again. They keep coming up with these "Clipper" proposals that would give away our private encryption key to some "agency." You may recall one of my previous editorials on "key escrow" ("Your Electronic Right to Privacy," August 1996), in which I described digital certificates, a scheme that uses public-key cryptography and relies on a "responsible agency" to vouch for your identity. The US government wants to be that responsible agency, so the Clinton administration has proposed Clipper III. The proposed legislation would also require you to surrender your private key to this responsible agency, allowing intelligence organizations such as the NSA and the CIA to "wiretap" email messages in the name of national security.
The carrot Clipper III dangles is the relaxation of current restrictions on the export of encryption software. This would allow US companies to export more powerful encryption software. Currently, many foreign competitors have an edge on US companies because they are not bound by the same restrictions.
More recently, the proposed Pro-CODE Act (SB 1726) from Conrad Burns (R-MT) has been hotly debated on Capitol Hill. Like Clipper III, Pro-CODE relaxes export controls on encryption products and other privacy-related technologies and requires the Secretary of Commerce to allow stronger encryption technologies (up to DES strength) if products of similar strength are generally available outside the US.
