ARLINGTON, Virginia -- The Clinton administration will increase pressure on other nations to restrict data-scrambling software, according to US Commerce Department undersecretary William Reinsch.
Last week's agreement among major industrial nations to limit exports of strong encryption products was a "very significant accomplishment," said Reinsch. "At the same time, I don't want to underestimate the amount of work that needs to be done," Reinsch said at a conference sponsored by Defense Week.
Only the 33 signatories to the Wassenaar Arrangement have agreed in principle to limit exports. Few smaller states have any such rules, and some companies that make popular encryption software sell it from islands in the Carribbean.
"It wouldn't surprise me ultimately if we were to have discussions with those countries," Reinsch said.
President Clinton has long been criticized by high-tech firms and civil libertarians for having signed an executive order that restricts exports of strong encryption software.
Companies have unsuccessfully asked Congress to override Clinton's executive order. But bills like SAFE and Pro-CODE -- backed by many Republicans and a few Democrats -- have met with only limited success.
Reinsch said Republicans have grown increasingly nervous about allowing unrestricted exports of technology, and he said the possibility that any crypto legislation would succeed in the next Congress was unlikely.
"There is no bill that has been introduced that won't be filibustered in the Senate by somebody," Reinsch said.
Reinsch said he felt awkward discussing the controversy on encryption, since he opposes any domestic restraint on it. He acknowledged the technology was key to fending off malicious snoops and securing vital networks.
US companies have complained that Clinton's order shackles their ability to ship popular software, like PGP and secure Web browsers, since their overseas competitors don't have to play by the same rules.
The 3 December agreement, championed by US crypto ambassador David Aaron, is designed to respond to that complaint. It sets similar rules for all countries that are part of the Wassenaar Arrangement, including the United States and Great Britain. Wassenaar restricts encryption technology that cannot be easily broken by governments under the premise that it might be used by terrorists.
But only a few Wassenaar members currently restrict overseas shipments of encryption products, and the remaining countries have yet to change their domestic laws.
Other speakers at the two-day conference, which began Monday, described steps the federal government has taken to secure services like electric power, banking, and telecommunications from unwelcome intrusions via computer networks.
"If you rely on the public network [for communications] you should basically presume it is penetrated. There are some very wily hackers out there," said Guy Copeland, vice president of Computer Sciences Corporation and a critical infrastructure adviser to the government.
The CIA lists hackers, terrorists, criminals, disgrunted employees, and industrial competitors as potential threats.
"Information warfare has the potential to deal a crippling blow to the national security if we don't take strong measures," said John Serabian, chief of the CIA's critical technologies group. "Enemies may seek to harm us by using non-traditional attacks -- that is, cyber means."
Serabian said the CIA joined a National Security Council working group that led to Clinton's May 1998 executive order creating a National Infrastructure Protection Center and continued to participate in critical infrastructure discussions.
"Terrorists and extremists are already using the Internet and their Web pages as ways to recruit, gather funds, and gather intelligence," Serabian said.
