Communications Privacy
Federal Policy and Actions Gao ID: OSI-94-2 November 4, 1993Increased use of computer and communications networks, rising levels of computer literacy, and growing dependence on information technology heighten U.S. industry's risk of losing proprietary information to economic espionage. Although industry is turning more and more to hardware and software with encryption features--the conversion of clear text to unreadable form--the development of U.S. encryption technology may be hindered by federal policy that accommodates the needs of law enforcement. For example, the Federal Bureau of Investigation opposes the use of technology by telecommunications firms that would thwart the government's ability to wiretap. During the past several decades, the issue of how best to reconcile these competing needs has been debated extensively, as has the question of whether to establish a civilian or a military agency to control the development of federal information-processing standards for sensitive, unclassified information. The Computer Security Act of 1987 reaffirmed the role of a civilian organization--the National Institute of Standards and Technology (NIST)--in developing such standards, albeit in consultation with the National Security Agency. Because national security and law enforcement concerns have been driving significant NIST decisions on these standards and because the demand for encryption is mounting, the debate continues.
GAO found that: (1) the U.S. computer industry has increasingly used computer and communications equipment with encryption capabilities to protect proprietary information because of the increased risk of economic espionage; (2) national security and law enforcement concerns have led to federal policies that limit the use and export of U.S. commercial encryption technology and hinder its development; (3) the National Institute of Standards and Technology (NIST) and NSA have developed federal cryptographic policies and standards for sensitive, unclassified information, but they have not sought input from affected business interests, academia, and others; (4) although the Departments of State and Commerce are responsible for setting exports controls, NSA plays a major role in determining rules for exporting U.S. products with encryption capabilities; (5) stringent export controls limit U.S. industry's ability to compete in international markets for encryption products; and (6) FBI proposed legislation would compel telecommunications service providers and private branch exchange operators to ensure that wiretapping needs could be met and prohibit any technology that would impede government interception of electronic communications.