NRF JOINS FIGHT TO ELIMINATE DECODING RULE ON TELECOM
Byline: Jennifer Owens
WASHINGTON — The National Retail Federation has joined 15 other business associations in asking President Clinton to rethink his recent decision involving scrambled electronic data transmissions.
The Clinton decision, which took effect Dec. 30, requires all such encoding — or encryption — programs developed by U.S. software companies to include a way for law enforcement authorities to descramble the electronic data transactions.
In a memo detailing the policy, the President said such back doors, called “key recovery systems,” are necessary to help protect national security as well as U.S. citizens traveling abroad. Technology to make such systems work, however, has not been successfully developed yet.
But critics of the mandate, including the U.S. Chamber of Commerce and the National Association of Manufacturers (NAM), are already arguing against it. They worry that key recovery systems will open their businesses to risk, depriving them “of the security and privacy they need in order to make commercial use of the Internet.”
“It’s an important issue for U.S. companies looking for the fastest and securest way of communicating with branch offices or contractors in other countries,” said David Peyton, NAM’s director of technology policy.
“It’s not just fund transfers,” he said. “It’s business plans, trade secrets, inventory control.”
Under the interim rule, which took effect with the new year, encryption technology export is controlled by renewable licenses that require program suppliers to report biannually how they are progressing with their key recovery research. U.S. encryption programs used domestically are not affected by the mandate.
Meanwhile, companies looking for security can also buy encryption programs from other countries, such as South Africa and Israel, which are not only producing stronger and faster programs, but are doing so without key recovery mandates.
“That’s exactly the choice facing many manufacturers,” Peyton said. “It’s not like they want to, but they have to.”
It’s an issue for retailers as well, said Don Gilbert, NRF’s senior vice president of information technologies. “In retail, we are doing more and more business electronically,” he said. “We are buying more product from sources who are offshore…we are making payments electronically. With all of that, it’s difficult to determine what is domestic and what is international.”
To comply with the mandate, retailers and other business owners usually maintain one scrambling program for domestic as well as offshore business that meets with U.S. regulations, Gilbert said.
For multinational companies, using U.S. technology, that means a back door to unscramble all electronic transactions may soon be added to their current program.
In comments filed last week with the Commerce Department, which now oversees encryption policy, the Computer & Communications Industry Association (CCIA) warned that key recovery systems may eventually aid commercial espionage, especially when the future keys to decipher encryption programs are held by third parties in foreign countries.
“U.S. Constitutional protections against abuse in obtaining the keys would not apply abroad,” the CCIA wrote. “It gives little comfort to a company operating in China that the Chinese government would have to go through the legal system to obtain an order allowing it to obtain the key and access to the plain text of the company’s marketing plan or research information.”
At NAM, Peyton agreed, pointing to the U.S. government’s increasing fight against foreign industrial espionage. Said Peyton, “If this is such a real problem, why can’t we protect ourselves in advance?”
In his memo, however, Clinton cautioned that, “[encryption] products, when used by international criminal organizations, can threaten the safety of U.S. citizens here and abroad, as well as the safety of the citizens of other countries.”
Peyton called the two views “a standoff between the government and business.” However, a CCIA spokesman said its position has been gaining ground on Capitol Hill, where the group has been lobbying for some time against any sort of limitations on encryption programs. “We’re in a much better place than last year at this time,” the spokesman said.
At NRF, Gilbert said the retail association has joined others in writing Sen. Conrad Burns (R., Mont.) to support reintroduction of the bill he proposed during the last Congress. Burns’s bill would essentially raze any barrier against exporting U.S. encryption programs. A similar letter has gone to the House side, Gilbert said.
Meanwhile, Gilbert said retailers’ interest in high-tech encryption programs will only grow as global sourcing and on-line retailing does. The reason why is simple, he said. “They want to make sure those transactions are secure.”