Facebook Twitter

COMPUTER OFFICIAL SEEKS LEGALIZATION OF CODES

SHARE COMPUTER OFFICIAL SEEKS LEGALIZATION OF CODES

James H. Clark, the person arguably most responsible for the Internet revolution, called Thursday for the government to legalize strong encryption technology to guarantee the security of financial and other transactions made by worldwide computer networks.

Clark is a former Utahn who founded the computer giant Silicon Graphics, then the even bigger Netscape Communications Corp. Today he is chairman of the board of Netscape, whose software was the first commercially available browser that allowed users to cruise the World Wide Web. It is still the most popular Web browser.Before Netscape, the Internet was an academic and scientific network, available to only a relative few specialists. Netscape turned it into a powerful international tool. A person using a home computer can instantly access - from almost anywhere in the world - graphics, sound, animation, text and even live video and voice communications.

But the Internet has not fulfilled its promise in the field of financial transactions carried out on a worldwide scale. The reason is simple: Until communications are secure, immune from hackers and thieves, institutions are unwilling to use electronics to transmit huge sums.

It's not that the technology doesn't exist to send messages via unbreakable code, according to Clark. Such powerful protocols as 128-bit encoding can ensure that no prying eyes will ever decipher data sent via Internet.

But the federal government fears terrorists or common criminals could send their nefarious messages through the ether without the possibility of law enforcement decoding them if the strong encoding technology were widely available. So it has banned the export of the codes.

Speaking the annual Financial Services and Technology Conference Thursday evening, Clark spelled out an alternative to banning the use of the codes while still ensuring that law enforcement and others who need access could crack it.

Clark was the speaker at the dinner launching the conference, which ends Friday at the Little America Hotel. The host was Sen. Bob Bennett, R-Utah, chairman of the newly formed Senate Subcommittee on Financial Services and Technology.

The conference was carried live on the Internet via RealAudio. The speeches can be accessed on the worldwide web at (www.klay.com/

live).

Bennett noted that technological changes are blurring all the old lines between banks, insurance companies, brokerage houses and investment firms. The changes are "making all the old regulatory standards obsolete," he said.

"Now . . . money is transferred around the world with a keystroke," he said. "Technology is breaking the distinction between the financial service companies."

Bennett added, "If there's anybody who understands where we are and where we are going . . . that person is Jim Clark."

Clark charged that the United States government's policy on encryption "is really impeding the whole process of making the world secure" in computer financial transactions. The point of strong encryption is "either to achieve privacy . . . or to allow someone to be authenticated" so a person can be sure of the identity of the person on the other end of the transaction.

Companies need to keep some information confidential, he said, and encryption is the way to do that. But Netscape and other software providers "have been impeded by the government" in selling Internet browsers that allow strong encryption.

The government has perfectly good reasons, including the fight against terrorism, he said. But preventing American companies from selling the coding technology isn't the way to achieve its goals. For one thing, other countries - notably Japan - don't have such restrictions, and terrorists could use Japanese browsers.

Also, even as the technology is used today, terrorists could decide on using a particular computer node in the Internet to communicate. If they knew the electronic address, they could leave each other uncoded messages, and the government wouldn't catch on until they had moved to another address.

Meanwhile, companies' legitimate needs for financial and communications security are hindered. Clark proposed "a way out of this dead end."

The way out is to allow strong encryption, but with a method available to break it. That would be in the form of registered key recovery system. Clark said such a system is desirable for business anyway, to check that employees are properly using their communications systems.

"It's probably a fiduciary responsibility of the company to make sure the employees are behaving properly . . . a company needs that ability."

Also, a key recovery system is needed as a backup in case something happens to a person authorized to send encrypted messages, he said. Medical records could be encrypted, too, but in an emergency a way might be needed to quickly crack the code.

The way to get at the encrypted information is through a key recovery code. "There must be some mechanism for recovering the keys," he said.

They could be a complex system, so that it couldn't be easily cracked. The particular key recovery code for anyone using strong encryption could be deposited with a bonded authorization company, he said. Several people might need to work together to assemble pieces of the code that only they know.

For law-enforcement purposes, a court order would be required to access the code.

Bennett said he is interested in legislation to make encryption available and said he may call Clark as a witness when his committee considers the proposal.