Loosening Restrictions on Cryptography
By Lincoln D. Stein
Recently Microsoft, Netscape, and other Web vendors issued a spate of press releases heralding the availability of strong encryption in their exported software products. This is cheering news, but don't unroll the ticker tape just yet. Many caveats are concealed within these announcements, as you'll soon see. This month I'll take a stab at putting the confusing topic of U.S. encryption policy into perspective. (For additional details, see Michael Floyd's WT editorials "Your Right to Electronic Privacy," August 1996, and "Bugs and Bills," May 1997.)
Cryptography is the art of secret-message writing. Until recently, cryptography was the exclusive provenance of governments, where it was considered an essential part of military operations. If an army can intercept and read the enemy's internal communications, it can anticipate the enemy's next move, or even deceive it with planted false information. To prevent this, the military encrypts its secret communications, rendering them unreadable by the foe. An ingenious encryption scheme known as Enigma allowed German U-boats to coordinate their attacks on U.S. and British vessels during World War II. Conversely, the cracking of a Japanese code allowed the U.S. to shorten the war in the Pacific. In the U.S., the agency responsible for cryptography is the National Security Agency (NSA), which researches cryptographic systems, attempts to crack existing systems, and (it is widely assumed) monitors international electronic communications for signs of sedition.
