ACM Computer Policy Experts Oppose Government Controls On Encryption

WASHINGTON, DC -- The U.S. Public Policy Committee of the Association for Computing Machinery (USACM) today expressed strong concerns regarding legislative proposals to revive government controls on strong encryption. A letter to Senator Judd Gregg (R-NH) and other key lawmakers outlining USACM's concerns may be found at: www.acm.org/usam/crypto/gregg-crypto-letter.html. Recently, there have been renewed calls among some U.S. lawmakers for restrictions on the use and availability of strong encryption products. In particular, Senator Gregg has indicated support for legislation to require the establishment of a mandatory key-escrow system to be installed in encryption products. Key-escrow systems provide "backdoors" for encrypted data to be used by government agencies for law enforcement and intelligence purposes. Members of USACM and security experts are concerned about the imposition of escrow and recovery forms of encryption for several reasons: they are difficult to get right, they are unproven in widespread use, they offer new weaknesses that can be exploited, and they would be prohibitively expensive to retrofit into the infrastructure. Imposing weakened encryption would endanger the public and damage the US economy, experts say. "Key-escrow systems are inherently less secure, more costly, and more difficult to use than similar systems without such features," stated USACM Co-Chair Dr. Barbara Simons, a member of the President's Export Council Subcommittee on Encryption. "The complexity involved in retroactively altering systems to include backdoors is enormous. Widely-used products, such as the 128-bit browsers common in millions of personal computers, could be affected. This approach is also counter-productive since potential criminals or terrorists are unlikely to use a system that they know to be escrowed by law enforcement." USACM Co-Chair Dr. Eugene Spafford added, "Strong encryption is fundamental to the protection of our nation's critical infrastructures. Imposing weakened forms of encryption is not in the best interests of the government, or of the people of the United States. Furthermore, legislation enacting controls on encryption will do little to limit its worldwide use except to stop U.S. companies from selling their products to law-abiding customers - including law enforcement, financial services, and critical infrastructure operators." The ACM is a leading society of computer professionals in education, industry, and government. The USACM facilitates communication between computer professionals and policy-makers on issues of concern to the computing community. For more information, visit the USACM web site at www.acm.org/usacm/