The following text is copyright 1999 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

The Absurdity of Limits

by Scott Bradner

The US government still seems to think we know how to do encryption better than the rest of the world and limits the quality of the encryption technology that can be exported. This is a demonstratively silly idea. Yet the US government persists in its delusions. I assume they are delusions since the only other obvious explanation has administration officials being overly conservative with the truth in front of congress. Recent developments in the cryptography field will make it still harder for the administration to continue to maintain that limiting the quality of exportable encryption technology does anything other than harm US companies.

Israeli scientist Adi Shamir announced the other day that he had developed yet another new way to help break the secret keys for what is currently regarded as the best type of encryption in use on computer networks. Mr Shamir is the co developer, along with Ron Rivest from MIT and Leonard Adleman from the University of Southern California, of the RSA public key cryptography technology. RSA, and other public key cryptosystems , are already widely deployed in computer systems and seen as the best hope for scaleable and reliable encryption systems for use on the Internet. His new announcement is of a special computer, at this point only a proposal, which would significantly improve the ability of code breakers to find the secret key needed to decrypt data which has been encrypted using public key cryptosystems.

It might seem a bit counter productive for an inventor of a public key cryptosystem to help develop methods for breaking the security of public key cryptosystems but it is the normal way that people in the crypto business work. Unless you try to break the encryption you do not know how good the encryption is. In addition, one has to assume that government agencies in many countries are doing their best to break cryptosystems in use by rival governments (and businesses in rival countries.

But this new announcement means that the quality of the encryption needed to protect the secrets of American business from the prying eyes of companies and agencies in other countries now has to be higher than it was before the announcement. This is a constantly changing picture - the only sensible thing to do, if the administration were serious about protecting the assets of American companies abroad, is to remove all limits on the quality of the cryptosystems which can be exported from the US.

The administration tells horror stories about the dangers of pedophiles, terrorists, and foreign spies using encryption to thwart the efforts of law enforcement officials trying to do their duty. But the administration must assume a really strange class of criminals - people who are too dumb to surf the web to get good encryption software, which is very widely available, and at the same time too smart to be caught using normal law enforcement methods. It’s a strange world they live in.

disclaimer: Some claim that it's a strange world Harvard lives in, but the above are my observations.