[1567] in cryptography@c2.net mail archive
CBO estimates
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Mon Sep 22 17:04:04 1997
To: cryptography@c2.net
Date: Mon, 22 Sep 1997 16:35:31 -0400
From: Steven Bellovin <smb@research.att.com>
See http://www.cbo.gov/showdoc.cfm?index=54&from=2&sequence=0, or go to
http://www.cbo.gov, then "Cost Estimates", followed by "H.R. 695".
It's actually a fairly strong argument against this whole concept...
Their estimate of the cost of compliance ranges from $200,000,000 to
$2,000,000,000 -- an order of magnitude difference. The total size of
the (U.S.) encryption market in 1996 was $500,000,000-1,000,000,000.
Taking the geometric mean of both estimates, we find that the cost of
GAK is only slightly smaller ($632,000,000) than the total market size
($707,000,000). A simple application of the laws of economics shows
what that kind of cost increment will do to the market -- current
growth is described as "explosive". I especially liked this
paragraph:
CBO concludes that Internet service providers and others who
are basing their business strategies on the expectation of
substantial growth in markets dependent on encryption, such as
electronic commerce, may find their opportunities limited, but
they may very well be able to maintain their current customer
base by offering services that exclude or modify encryption
capabilities.
They also note that this cost is considerably in excess of the
$100,000,000 limit established by the Unfunded Mandates Reform Act.
Exactly what that means isn't clear to me.
