The Importance of Keeping Secrets

Published June 23, 1994

Electronic communication is essential for global commerce. The telephone has become an indispensable business tool, as has the fax machine. Increasingly, important business is being conducted over computer networks. This trend is likely to continue as mor e and more of the globe becomes interconnected.

Security is also essential for global commerce. In a world where property rights are under siege, you can’t always trust another country’s laws . . . or even another country’s legislators. Companies must take security into their own hands. With respect to physical assets, this might mean hiring private guards and not bringing certain items into certain countries. With respect to communications and computer data, security means cryptography.

Cryptography is the science of keeping information secret. It has been around for about as long as people have had secret information. Countries have used it to protect diplomatic and military communications; sweethearts have used it to protect their love letters; manufacturers have used it to protect products and processes so vital to their competitive edge that mere trademark protection won’t suffice.

According to the State Department’s export rules, cryptography is a weapon: It is treated just like M-16 rifles, F-16 fighter planes, and Tomahawk cruise missiles. Someone who exports cryptography without the proper approvals can be convicted under the Ar ms Export Control Act as an international arms trafficker.

In practice, it’s easier to get approval to export a cruise missile than to export cryptography. The rules are simple enough: A manufacturer cannot export any encryption product that is any good. If a product uses weak cryptography that the National Secur ity Agency (NSA) can break, the State Department will allow manufacturers to export it. If a product uses strong cryptography, the State Department will stop it at the border.

The government’s rationale is that good cryptography is essential to a strong military–and thus only the U.S. military should have access to good cryptography. The NSA is still fighting the Cold War, against the hostile military interests of the world. B ut it’s time we turned our attention to the hostile business interests of the world. Japan, for example–and indeed much of the Pacific–have become “superpowers” not through their armies but through their corporations.

Today, the interests of the nation do not necessarily coincide with the interests of the nation’s military. It is in our nation’s best interest for strong cryptography widely distributed. We need to be able to protect our data anywhere in the world, not j ust within our national borders. Industrial espionage has increased dramatically in recent years; any company that uses electronic communications is vulnerable. There are documented cases of companies and even foreign governments stealing the information assets of U.S. companies. In global commerce, information is the measure of power.

We also need to compete in the global marketplace for cryptography products. The National Computer Security Association has collected data showing that an estimated $160 million in known business was lost in 1993 alone due to the U.S. cryptography export restrictions. This estimate did not take into account potential or future sales. The global market for cryptography is exploding and expected to exceed $2 billion; U.S. companies are denied even a piece of that market.

Foreign cryptography companies are growing rapidly. Free from U.S. competition, they provide strong cryptography in response to this growing demand. British companies are world leaders in cryptography products. Japan allows free export of mass-market cryp tography software, as do many other countries. They even regularly sell cryptography into the U.S.; multinational companies need to buy products that can be used in their offices throughout the world, and they cannot be hindered by U.S. export controls.

Advances in cryptography in the U.S. will come regardless of the NSA’s export controls. Intellectual property rights have tremendous economic value, and secrecy remains the best mechanism for safeguarding those rights. Congress cannot effectively legislat e against thinking or any other powerful human force so strongly motivated.

Congress can, however–and should–protect property rights. The Cantwell Bill, H.R. 3627, would do just that. It would allow public domain and mass-market cryptography software to be treated as a normal commodity, and to be exported to non-terrorist and n on-embargoed countries. It would allow U.S. companies to deploy strong cryptography in their offices world-wide, and permit them to satisfy the global demand for cryptography products.

The science of keeping information secret will develop despite the best efforts of government. The only question is whether U.S. companies will be treated like war criminals if they participate in the effort.

Bruce Schneier is a policy advisor to The Heartland Institute and author of Applied Cryptography (John Wiley & Sons, Inc., 1994).