Cyypto Controls Letter

Download PDF

October 2, 2001

To:     Members of the U.S. Congress, Congressional Internet Caucus
Fr:     U.S. Policy Committee of the Association for Computing Machinery (USACM)
          Contact: Jeff Grove, Director of Technology Policy, USACM, (202) 659-9711
Re:    Government Controls on Encryption

The widespread use of strong encryption is fundamental to the protection of our nation's critical infrastructures and should not be impaired by the establishment of a mandatory key-escrow system or imposition of "backdoors" in the algorithms. There are strong technical reasons to believe that any such restrictions are both unworkable and unenforceable; but what is more important is that any attempts to do so will hurt legitimate U.S. security needs and damage the U.S. economy.

Strong encryption is critical to worldwide commerce and interaction. The technology of scrambling data and messages has become a crucial element of computer security for businesses and consumers alike because of demands for private and secure communications. It is embedded in software and hardware, and various forms are standardized. Retroactively altering products to meet key-escrow or recovery requirements would cause significant and costly disruptions to the flow of data, goods, and services throughout the economy, if it could even be implemented in a timely fashion.  In addition, such actions may erode consumer confidence in on-line transactions.

Secure cryptographic systems are notoriously difficult to design. Some older systems that were in common use for years were discovered to have hidden weaknesses after prolonged study. The cryptographic algorithms and protocols in current use have taken considerable time and effort to verify and implement.  Imposing algorithms with backdoors that are largely untested may introduce unintended weaknesses that will not be discovered immediately.  Furthermore, the escrow or recovery mechanisms themselves may actually be compromised by criminals, with unfortunate results.

Any encryption restrictions would be costly to U.S. companies supplying encryption-enabled products to the world. Today, there is a large worldwide demand among law- abiding customers for strong encryption. However, foreign markets have repeatedly indicated that they are unwilling to accept U.S. products limited by key-escrow or "backdoor" schemes, especially as there are companies in more than 20 other nations offering similar products without such "features." U.S. companies would suffer a loss of market as a result.

Last of all, any restrictions will be largely ineffective as criminals and terrorists would still have access to hundreds (if not thousands) of existing encryption products and shareware. In fact, strong cryptographic protocols are so well-known, even relatively unsophisticated users will be able to re-implement them. Legislation against using strong encryption will have as much effect on terrorists and criminals as do current laws against use of weapons in commission of crimes.

Page Two:
ACM Memo on Encryption
October 2, 2001

In summary, we observe that most citizens and businesses in the U.S. now depend -- directly or indirectly -- on strong cryptography to protect their safety, security, finances, and privacy. It is not technically feasible nor is it in the best interests of the U.S. Government or people to attempt to impose weaknesses on encryption technology or use.

The ACM is a leading society of computer professionals in education, industry, and government.  The USACM Public Policy Committee facilitates communication between computer professionals and policy-makers on issues of concern to the computing community.  For more information, please contact the Jeff Grove, Director of the ACM Washington Policy Office at (202) 659-9711 or see the USACM policy web site at:



Related Articles

Global Technology Policy Newsletter – March 2017
ACM PUBLIC POLICY HIGHLIGHTS ACM provides independent, nonpartisan, and technology-neutral research and resources to policy leaders, stakeholders, and the public about public policy issues, as drawn from the deep technical expertise of the computing community. Apply for the new A ...Read More

  • (Posted on 12-Mar-17)
  • ACM Joint Task Force on Cybersecurity Education Grabs Spotlight at U.S. Congressional Hearing
    The ACM Joint Task Force on Cybersecurity Education seized the spotlight during a congressional hearing on “Strengthening U.S. Cybersecurity Capabilities” on Capitol Hill on February 14, 2017. The hearing before the House Science, Space, and Technology Subcommittee on ...Read More

  • (Posted on 18-Feb-17)
  • Global Technology Policy Newsletter – February 2017
    ACM PUBLIC POLICY HIGHLIGHTS ACM seeks to educate policymakers, the computing community, and the public about policies that will that foster and accelerate innovations in computing, computing education, and related disciplines in ways that benefit society. ACM Statement on U.S. E ...Read More

  • (Posted on 12-Feb-17)
  • ACM Sponsors Data Sciences Education Roundtable at the U.S. National Academies of Sciences
    ACM is sponsoring a new 3-year initiative by the National Academy of Sciences on data science postsecondary education. A series of roundtable discussions will bring together representatives from academia, industry, funding agencies, and professional societies to explore the trans ...Read More

  • (Posted on 17-Jan-17)
  • Global Technology Policy Update – December 2016
    ACM PUBLIC POLICY HIGHLIGHTS Cybersecurity Education and Research in Europe – The ACM Europe Policy Committee released a policy white paper “Advancing Cybersecurity Education and Research in Europe.” Committee Chair Fabrizio Gagliardi recently presented the find ...Read More

  • (Posted on 12-Dec-16)
  • Global Technology Policy Update – October 2016
    ACM PUBLIC POLICY HIGHLIGHTS Computer Science Education and Research in Europe – ACM Europe Policy Committee members will be attending the European Computer Science Summit in Budapest, Hungary on October 24-26, which features programs on the challenges and opportunities in ...Read More

  • (Posted on 09-Oct-16)