Federal Inquiry on Software Examines Privacy Programs

Federal Inquiry on Software Examines Privacy Programs

By John Markoff
The New York Times

September 21, 1993

In a Government investigation with implications for free speech and privacy in the information age, a Federal grand jury in San Jose, Calif., has issued subpoenas to two software publishers selling versions of a program that protects the privacy of electronic mail and other computer data.

The investigation appears to focus on whether the program has been illegally exported in violation of State Department regulations that control the sale of weapons and other technologies whose export the Government believes may compromise national security. The relevance of such regulations in the post-cold war era is the topic of growing debate in Washington, where communications and computer executives plan to testify before Congress on Wednesday. [ Page D3. ]

The software program, known as Pretty Good Privacy, or P.G.P., was written several years ago by an independent programmer in response to Federal threats to crack down on the distribution of encryption software, which is used to protect computer data by converting them into secret code. No one can read the encoded information without access to mathematical keys -- one that is publicly known, a second known only to the recipient of the coded message.

The program has since been freely distributed around the world, used on thousands of personal computers and work stations.

Receiving the Federal subpoenas were Viacrypt, a Phoenix company that plans to sell a licensed version of P.G.P., and Austin Code Works of Austin, Tex., which is selling a version of P.G.P. for other software developers to incorporate in their own programs. The grand jury subpoenas, which the companies received Sept. 9, ordered them to supply all correspondence and records related to the international distribution of P.G.P. and other information related to computer cryptography.

A Customs Department official refused to comment on the case today. William P. Keane, the assistant United States attorney who signed the subpoenas, confirmed that there was a grand jury investigation, but said he could not comment.

Both publishers said they had no plans to sell their products abroad.

"I think they're more concerned with our intentions than what we've done," said Leonard Mikus, president of Viacrypt, which is a division of the software company Lemcom Systems Inc. of Phoenix. "They're on a fishing expedition, but this could become a landmark case that sets the limits that distinguish between electronic and conventional publishing."

Battling the N.S.A.

The investigation is the latest round in a growing battle between the National Security Agency and a variety of groups in this country over the role of coding software in protecting computer data. The N.S.A., whose role is to monitor electronic communications around the world, has consistently acted to block the adoption of new technologies that would make its mission more difficult.

But the availability of high-speed digital communication links and inexpensive personal computers may make it impossible to enforce technology restrictions in the future -- as the international dissemination of P.G.P. has already indicated.

President Clinton alluded to the problems of controlling distribution of software technology in a speech last week promoting the North American Free Trade Agreement.

"Nothing we do in this great capital can change the fact that factories or information can flash across the world, that people can move money around in the blink of an eye," the President said. "Nothing can change the fact that technology can be adopted, once created, by people all across the world and then rapidly adapted in new and different ways."

Question of Legality

Government regulations, enforced by the State Department, make it illegal to export cryptographic software without a special munitions export license issued for weapons sales.

Those restrictions have angered many computer industry executives who argue that encryption software is the crucial technology underlying a variety of information-age services.

Last year, a number of United States software companies, represented by the Software Publishers Association, a trade group, struck a deal with the N.S.A. permitting the export of software that contained coding functions. But unlike the P.G.P. software, those codes are believed to be easily cracked by the N.S.A.

The legitimacy of the export regulations is also disputed by legal scholars who argue that they restrict speech.

"The right to speak P.G.P. is like the right to speak Navajo," said Eben Moglen, a professor of law at Columbia University. "The Government has no particular right to prevent you from speaking in a technological manner even if it is inconvenient for them to understand."

P.G.P. has been controversial since it was written by a programmer, Philip Zimmerman, because it uses a coding formula that many researchers believe strong enough to protect data from even the N.S.A.'s high-speed code-cracking computers. The formula was developed by three computer scientists: Ronald Rivest, Adi Shamir and Leonard Adelman.

The formula has been patented by a company representing the scientists, Public Key Partners, and is being sold commercially in the United States by a Redwood City, Calif. company, RSA Data Security Inc. After Mr. Zimmerman first used the formula to write the P.G.P. and distribute it, RSA notified him that he was infringing Public Key's patent.

Mr. Zimmerman recently signed a licensing agreement with Viacrypt, which has a separate sublicense agreement with Public Key Partners. The subpoena Viacrypt received sought copies of contracts and other documents involving the company's dealings with Mr. Zimmerman.