The Clinton administration first thought that the best way to ensure the creation of this technology was through direct regulation—by banning all other encryption technology. This strategy proved controversial, so the government then fixed on a different technique.¹ It subsidized the development and deployment of the Clipper chip.

The thinking was obvious: if the government could get industry to use Clipper by making Clipper the cheapest technology, then it could indirectly regulate the use of encryption. The market would do the regulation for the government.²

The subsidy plan failed. Skepticism about the quality of the code itself, and about the secrecy with which it had been developed, as well as strong opposition to any governmentally directed encryption regime (especially a U.S.-sponsored regime), led most to reject the technology. This forced the government to take another path.

That alternative is for our purposes the more interesting. In the government’s most recent proposals, the authors of encryption code would be regulated directly—with a requirement that they build into their code a back door through which the government could gain access.³ While the proposals have been various, they all aim at ensuring that the government has a way to crack whatever encryption code a user selects.

Compared with other strategies—banning the use of encryption or flooding the market with an alternative encryption standard—this mode presents a number of advantages.

First, unlike banning the use of encryption, this mode of regulation does not directly interfere with the rights of use by individuals. It therefore is not vulnerable to a strong, if yet unproven constitutional claim that an individual has a right “to speak through encryption.”⁴ It aims only to change the mix of encryption technologies available, not to control directly any particular use by an individual. State regulation of the writing of encryption code is just like state regulation of the design of automobiles: individual use is not regulated. Second, unlike the technique of subsidizing one market solution, this solution allows the market to compete to provide the best encryption system, given this regulatory constraint. Finally, unlike both other solutions, this solution involves the regulation of only a relatively small number of actors, since manufacturers of encryption technology are far fewer in number than users or buyers of encryption systems.

Like the other examples in this section, then, this solution is an example of the government regulating code directly so as to better regulate behavior indirectly. As in other examples, the government uses the architecture of the code to reach a particular substantive end. Here the end, as with digital telephony, is to ensure that the government’s ability to search certain conversations is not blocked by emerging technology.

Circumvention

My final example is the most recent. As I discuss in some detail in chapter 10, many businesses are developing systems for protecting intellectual property in cyberspace. The problem is the same as with digital audio technology. Copies in cyberspace are digital and free; digital copies are perfect; free copies are cheap. The fear is that cyberspace will become the place where copyright can be defeated. Using MP3 technologies, for example, a CD recording can be compressed to a file the size of the Word file containing this book and in seconds e-mailed to one hundred friends around the world.

The systems being developed in response will make it hard to copy without permission. How hard, and how they will work, are questions we can postpone for now. Suffice it to say that the systems are designed to give holders of intellectual property more power over the distribution of that property.

Footnotes

¹ See Field, “1996: Survey of the Year’s Developments in Electronic Cash Law . . . ,” 967, 993, n.192. Edit Delete

² See A. Michael Froomkin, “It Came from Planet Clipper: The Battle over Cryptographic Key ‘Escrow,’” University of Chicago Legal Forum 1996 (1996): 15, 32. Edit Delete

³ This was the purpose of the proposed Oxley-Manton Amendment to the Security and Freedom Through Encryption (SAFE) Act of 1997, NR 695, 105th Cong., 1st sess. Baker and Hurst (The Limits of Trust, 21–22) note that “1997 saw remarkable change in the nature of the encryption debate. The beginning of the legislative session saw industry pushing for export liberalization and the closing weeks saw industry defending against domestic controls.”In 1996 the government implemented a policy to allow firms to export encryption technologies using the government’s DES (digital encryption standard) so long as a key recovery system is built in; see EFF, Cracking DES, 1–4–1–5. As EFF’s “Cracking DES” project makes clear, however, DES is an unreliable encryption standard.There was some hope for the government’s encryption policy after the 1996 publication of the National Research Council’s report, the product of a committee appointed by the NRC to study national cryptography policy. The committee, chaired by University of Chicago Law Professor Kenneth Dam, was made up of major leaders in both the industrial and research sectors. The report’s conclusions were clear—and damning for the government’s anti-encryption policy. The report argued strongly for liberalization of encryption regulations; see Cryptography’s Role in Securing the Information Society, edited by Kenneth W. Dam and Herbert S. Lin (Washington, D.C.: National Academy Press, 1996). Some believed that the report would have a significant effect, but there were doubts early on. As Froomkin says (“It Came from Planet Clipper,” 69), the battle is far from over. Edit Delete

⁴ This is one reading of the decision in Bernstein v U.S. Department of Justice, 176 F3d 1132 (9th Cir 1999). There were dissents from the view of the rights of programmers (Judge Thomas Nelson: “I am still inevitably led to conclude that encryption source code is more like conduct than speech”). See also Laura M. Pilkington, “First and Fifth Amendment Challenges to Export Controls on Encryption: Bernstein and Karn,” Santa Clara Law Review 37 (1996): 159, 210; Thinh Nguyen, “Cryptography, Export Controls, and the First Amendment in Bernstein v U.S. Department of Justice,” Harvard Journal of Law and Technology 10 (1997): 667, 677–78; in “Cryptic Controversy: U.S. Government Restrictions on Cryptography Exports and the Plight of Philip Zimmermann,” Georgia State University Law Review 13 (1997): 581, 603). Ronald J. Stay claims that the right to speak cryptographically is supported as much as the right to speak Navajo. Edit Delete