Americans for Computer Privacy
Your privacy is at stake Home, Who we are, For press, Search Home Who we are For press Search
Encryption technology bolsters your privacy
Table of contents About Bills Questions Myths Glossary Resources Join

Join the Fight

Be ready to help fight for your right to privacy online when Congress acts. Join over 6500 Americans from all 50 states as an Individual ACP Member. (It's Free!)

Email:
5 digit zipcode:

Note: If you don't have a US zip code, please enter 20500 in the zipcode field above.

Our Privacy Policy



Common Questions about Encryption and Computer Privacy

What is encryption?
Encryption is technology that "encodes" computer files and communications to protect people's privacy, much like a combination lock secures a filing cabinet. If computers touch your life in any way, information about you is likely protected by encryption. It protects everything from computer-stored medical records to online credit card numbers.

What is U.S. government policy on encryption?
Currently, Americans can purchase and use products with the strongest encryption available on the market, without providing the government with any extraordinary access to "encrypted" information.

Internationally, however, Administration policy prohibits U.S. companies from exporting products with strong security features, limiting their encryption "strength" to a mere "40-bit" key. (The more "bits," the stronger the encryption.) This is true even though the "40-bit" limit was set in 1992, and today "40-bit" encryption is considered laughably weak. Much stronger products, up to "128 bit," are readily available from foreign competitors in the U.S. and around the world. But U.S.-made "128-bit" encryption products, and even those products utilizing the 20-year-old "56-bit" Data Encryption Standard, are prohibited from competing in those global markets.

Why change the current policy on encryption?
Encryption is the best way to protect information communicated over the Internet. It is also the most effective way to protect sensitive personal information and confidential business data stored on computer systems. Current U.S. policy on the domestic use of encryption is hands-off and has proven effective.

On the other hand, the U.S. export policy on encryption is seriously flawed. Manufacturers in more than 20 different countries sell hundreds of products containing encryption that is much stronger than what U.S. policy allows U.S. manufacturers to sell worldwide. American companies are stuck on a playing field slanted against them in a hot growth market. This outdated policy is costing American jobs. A Computer Systems Policy Project study estimates it will cost 200,000 high-skill, high-wage jobs by the year 2000.

Is there legislation to make the needed changes?
The Security and Freedom through Encryption (SAFE) Act (H.R. 850), championed by Reps. Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA) and cosponsored by a solid majority in the U.S. House of Representatives, would establish a new encryption policy that will protect privacy while stimulating competition. Americans for Computer Privacy (ACP) enthusiastically supports it.

How would the SAFE Act affect U.S. citizens?
The bill would ensure that consumers have access to the strongest possible encryption in the U.S., without depositing "keys" with some government-approved "third party." In essence, it would ensure that any individual, business or organization that uses encryption, or anyone whose life is touched by computers using encryption (i.e., patients whose medical records are online or stored on a network) would be better protected from computer crime.

How would it affect customers abroad?
The legislation would loosen the Administration's limits on the export of strong encryption products to allow U.S. industries to compete on a level playing field in a booming global information economy that involves trillions of dollars and millions of jobs. That would mean customers abroad would be able to choose American-made products with encryption as strong as the non-U.S. products that currently compete for their dollars.

When it comes to individual privacy, where does the Administration stand?
For every encryption code, there exists a "key" to unlock that code, much like a bank card PIN number provides access to a bank account or the proper numerical code provides access to a combination lock. In contrast to the ACP-backed plan, the FBI is asking Congress to change encryption policy as it applies to U.S. citizens. The FBI's goal is to obtain access to those "keys" without your knowledge for investigating criminal activity. The result would be a vastly overreaching and unprecedented system of information access that would allow the government to obtain more personal information than ever before.

How would that affect you?
The FBI's plan would outlaw your ability to encrypt data and communications without providing "keys" to government-approved "third parties." In essence, your ability to communicate and store information in such a way that is not relatively quick and easy for the government to read would be prohibited by law. It would provide law enforcement greater access to your information, which is fundamentally intrusive and threatens our constitutionally protected right to privacy. Moreover, private citizens, corporations, schools, universities, laboratories, hospitals and charities that use encryption all would be vulnerable to unscrupulous "third parties" who carelessly or irresponsibly handle those "keys."

What is the effect of the Administration's export restrictions?
The Administration currently prevents U.S. companies from exporting strong encryption products, costing American jobs, even though foreign competitors from more than 20 countries are selling hundreds of strong encryption products.

This creates a "lose-lose" situation for American companies and consumers. Because of economies of scale, manufacturing and marketing strong encryption products in the U.S. domestically, and weaker encryption products abroad, is very costly. It means American companies will lose the important lead the high-tech industry has earned in the global marketplace because many foreign customers reject American "encryption lite" products. But if American companies simply sell weaker encryption products domestically as well as internationally, they could see the American market disappear to foreign competitors.

The Administration's insistence that the government be given greater access to encrypted data as a trade-off for the ability of American manufacturers to export strong encryption products is simply unfair and heavy-handed. It denies American citizens and businesses their constitutional right to keep personal and business information private. In addition, the impact on the future economic growth of today's information economy could be severe.

Why should Americans care?
Encryption is a fundamental building block of the digital age and critical to the future of electronic commerce, which means trillions of dollars to the American economy and millions of American jobs. The National Research Council warned in 1996, "U.S. export controls may stimulate the growth of significant foreign competition for U.S. vendors to the detriment of both U.S. national security interests and U.S. businesses and industry." These predictions are proving correct.


webmaster@computerprivacy.org  |  © 1998 - 2003 Americans for Computer Privacy  |  Site Credits  |  Privacy Policy

powered by Photofunia