What to prepare for
You will write a supporting memo (at most 3 pages long) for a senior FBI official testifying before a committee of the U.S. Congress. The official has been asked to testify in support of a bill tightly regulating the sort of encryption software which can be sold or exported. Some points listed below may be helpful to you, but don't feel limited to them, please. See this FBI website and possibly find more support for your positions at the websites of the NSA and the CIA.
In your oral rebuttal
Be prepared to deal with the financial argument that restrictions on strong crypto domestically lead to decreased sales since residents of other countries can write software with good crypto. Also, export regulations of crypto software lead to de facto restrictions on what U.S. citizens are likely to be able to use inside the U.S. since there is, effectively, world-wide, one market for software, thereby regulating even what U.S. citizens are likely to be able to use inside the U.S.! Of course, be prepared to deal with arguments about civil liberties.
Indeed, it is believed that since our military power is so great, foreign nations are looking for other ways to attack. "Our reliance on information technology [for] controlling critical government and private sector systems" puts our national security at risk for attack by this "information warfare." "The law enforcement community is urgently calling for the adoption of a balanced public policy on encryption." That is, we need to enhance our abilities to defend against international terrorists while still holding true to personal freedom for our citizens. One way to ensure that the security of our nation is upheld is to implement use of U.S. Government sanctioned cryptographic software. Frankly, this means that the U.S. Government will have available to it some backdoors into the encryption scheme; however, these backdoors serve only to allow access by authorized U.S. Government persons in order to protect the security of our nation. This restricted access works to protect the privacy of citizens who use the software and also to protect our nation against those who are using the encryption against us. Furthermore, the software will be available in a variety of versions in order to appease skeptical consumers who might question the security of a single cryptographic program. In addition, the ban on exporting cryptographic software could be lifted. The purpose of the present prohibition of exportation of cryptographic software is to protect us against the invasion of a foreign nation who is using our homegrown cryptographic weapon against us. Allowing export of sanctioned software not only opens up the worldwide market for U.S. software companies, but it also serves to ensure that these products used by other nations cannot be used to attack us.
Electronic commerce, or e-commerce, has been popularized by the business world resulting in an estimated $100 billion in sales from over 100 million Internet users in this country in 1999 alone. With the emergence of this new sector of the American market, not to mention its impact on the global economy, a new transaction venue (cyberspace) places intellectual property in the midst of crime and victimization of a higher order. Information such as credit card numbers, banking accounts, financial institution codes, and any other similar data which may at any time pass on an electronic current compromises the security of not only the acting parties, but the nation as a whole.
Encryption in e-mail is used to assure the reader of the authenticity of the sender's message and the true identity of the sender. Protecting encryption technology from reaching the mainstream allows coding techniques to stay away from criminal minds. While a computer is not necessary to steal someone's key, the key is only useful when coupled with the appropriate coding algorithm. A criminal with a valid key but without a knowledge of the key's proper application is less likely to commit a crime. Strictly regulating what algorithms become essentially "public knowledge" will prevent criminals from opening the lock encryption provides.
As this bill attempts to take away encryption knowledge from criminals, it in turn empowers the government with the greater probability of decoding data that is already encrypted. The large scope of e-mail users has the government convinced that among its users are narcotics traffickers negotiating a sale, hackers manipulating private information, pedophiles coding child pornography, and kidnappers plotting a crime. In order to effectively pursue and prosecute these criminals, a vital piece of evidence needed would be an e-mail message plotting out the crime. Unfortunately, covert operations are already currently discussed through encrypted e-mail. Strong encryption regulation would limit the possibility of new encryption algorithms being produced independently. Therefore, when an encrypted message needs to be decrypted, the government official should only have to investigate algorithms registered with the NSA. The need to investigate independent coding schemes only lengthens the investigation process.
A common feature of most encryption schemes is the existence of a private "key", usually a string of numbers of a predefined length, that is vital to decoding an encrypted message. Aware of the many ways criminals can obtain keys through violence, the owner of private key may choose to store it in a recovery agent. The US government has already taken steps to augment the security of recovery agents. On September 13, 1999, the Cyberspace Electronic Security Act (CESA) was passed which set rules all recovery agents must follow.
First, keys stored in a recovery agent cannot be released without proper authentication from the person who stored the key or his/her heir. Second, all keys in a recovery agent must be decoded when requested by the FBI for investigation into crimes. Finally, all recovery agents must abide by a "decode and destroy" policy, which requires the disposal of a key once it is removed from a recovery agent. Currently, almost all recovery agents utilize strong encryption schemes of which the government has in-depth knowledge. The passage of this bill ensures that all recovery agents are somehow linked to the government. If strong encryption schemes are released, recovery agents could become a commercial market. Independent companies can create and market their own recovery agents and secretly break CESA regulations. Criminals can illegally utilize their cache of keys by releasing them to unauthorized users, randomly destroying keys, or keeping records of keys already taken out of the recovery agent. This bill will ensure that recovery agents are made by government employees and strictly follow CESA regulations.