Microsoft Corporation
November 1996
The U.S. computer software industry is one of the nation's fastest growing and most internationally competitive industries. Not only has the industry grown seven times faster than the rest of the economy, but U.S. software accounts for over 70 percent of the world market. Last year, almost 60 percent of Microsoft's revenues came from global sales. Still, current U.S. export controls on software with strong encryption jeopardize this phenomenal international success.
Under the International Traffic in Arms Regulations (ITAR), export of mass-market software with greater than 40-bit level encryption is prohibited. U.S. law, however, places no limitation on the level of encryption used domestically or sold in Canada.
Despite its objective of restricting the availability of strong encryption abroad in the interest of U.S. national security, this flawed policy has ultimately failed. These outdated restrictions are being overtaken by the widespread use of software distribution via electronic means as well as the foreign availability of advanced encryption products. As 40-bit encryption has become increasingly vulnerable to commercial attack and to casual hackers, the Data Encryption Standard (DES) algorithm with 56-bit key length has emerged as the current world benchmark. A December 1995 survey identified almost 500 foreign programs and products (193 employing DES) available from 21 countries on the world market, while Pretty Good Privacy (PGP), secure server products, and numerous cryptographic algorithms—all utilizing 128-bit key lengths—can be downloaded for free from the Internet. The quality and quantity of these products will rapidly increase as foreign companies rush to fill the void left by American industry's inability to compete in global markets with stronger encryption.
In order to continue to thrive in the global marketplace, the U.S. software industry needs to offer the strong protection that consumers are increasingly demanding worldwide—our customers are sophisticated and will not tolerate potential invasions of privacy or breeches of security. As such, keeping U.S. software companies on a level international playing field and allowing computer users to protect their electronic data adequately can be achieved immediately by:
On November 15, President Clinton signed an Executive Order (EO) implementing encryption export decontrols announced on October 1, 1996. The EO transfers jurisdiction over commercial encryption exports from the State to Commerce Department as soon as Commerce completes new regulations implementing the EO. While at first glance the EO appears to end the ITAR munitions treatment of commercial encryption products, the transfer by itself does little to liberalize export controls because many Commerce licensing policies will be inapplicable to encryption products. For example:
The EO continues to leave the definition of "key recovery" undefined for purposes of these new regulations, and without a definition, it is impossible to judge whether the new rules will advance the development of strong encryption products that serve customers’ needs. Recent proposals by the Administration would effectively mandate that users escrow their keys with a third party to facilitate government access to user information. Such key escrow proposals are ambiguous, untested, and would be difficult to implement as well as costly for users: they are not market-driven data recovery solutions, and raise serious privacy concerns for many customers.
The importance of a proper definition for key recovery. Although the Clinton Administration's recent announcements regarding key recovery are a step in the right direction, they do not address our customers' demand for longer key lengths (128-bit) for Internet applications, especially those related to electronic commerce. More progress is needed in liberalizing US export laws so that US companies can provide our worldwide customers with strong security and privacy and compete on a level playing field with foreign vendors.
Key recovery is different than key escrow. Enabling a user of a product to recover his data is different than, and separate from, the decision by the user to empower a trusted third party to recover the data. Indeed, this distinction between a "key recovery" product that enables third party access to stored information, and "key escrow," which requires third party access to data or keys, makes all the difference in terms of industry and user acceptance. Quite simply, there should be no government requirement that a copy of a user’s key, or the means to access or reconstruct the key, be given to any government certified agents.
While we believe that in many cases businesses and other organizations will want to have access to keys used by their employees, and that (in time) commercial key recovery services will exist to recover keys of their subscribers, many users may choose not to give a copy of their key to anyone (instead perhaps putting a copy on a floppy disk or storing it securely in a separate file on their hard drive). The analogy to what people do with their house keys seems apt—some give a copy to a neighbor or friend, others put a copy in a safe deposit box or a drawer, and businesses often hold "passkeys" to their employees offices. Importantly, in each situation, the government can rely on existing legal processes (such as warrants and subpoenas) to obtain the stored key, wherever it may be held, and then using this key to obtain the plain text of the information in question. Most if not all users are best served by solutions that implement this kind of market-driven data recovery, rather than key escrow.
Market-driven data recovery refers to a product feature that allows users to maintain a private encryption key in a safe place. Generally, a data recovery system escrows a copy of the key with the message or file, and the user (or perhaps his employer) controls the decision whether to utilize this feature. Customers have told us that market-driven data recovery is an important feature. Microsoft already sells electronic messaging products that allow systems administrators to recover keys. Moreover, CryptoAPI enables Windows users to take advantage of a variety of security solutions that crypto vendors can plug in, including Hewlett Packard’s recently announced International Cryptography Framework and potentially key recovery technology from Trusted Information Systems. But CryptoAPI also supports non-key escrow solutions developed by RSA Data Security, and in the future a wide variety of solutions from Atalla, BBN, Cylink, Spyrus, and Northern Telecom.
Microsoft believes that the commercial, market-driven demand for key-recovery systems for stored data will continue to develop and embrace a variety of solutions. Once such systems are developed and deployed, the government could potentially benefit from access to stored data under controlled, appropriate circumstances. In addition, strong encryption will be an important tool to protect government and critical commercial systems from the emerging threat of information warfare.
In the meantime, Microsoft will continue to work with industry to support legislative proposals granting export control relief for mass market software. The SAFE, ECPA and Pro-Code introduced in the last Congress all recognize the contradiction inherent in preventing the export of encrypted software currently in use domestically and already available abroad. These bills are also mindful of valid national security concerns by enabling the Secretary of Commerce to continue controls in countries believed to be involved in terrorist activity. Ultimately, we believe such a balanced approach will benefit consumers, computer users, industry, as well as the national security and law enforcement communities.
For additional information on crypto policy and export controls, we recommend the following online sources: