1997 Congressional Hearings
Intelligence and Security


Security and Freedom Through Encryption (SAFE) Act
March 20, 1997 - House Judiciary Subcommittee on Courts and Intellectual Property

  First, I would like to thank Chairman Coble for holding this hearing, and to praise Congressman Goodlatte for his excellent efforts to try to create sensible national encryption policies that will foster America's technological development and economic supremacy.

  The United States has been the world leader in the development of encryption technology, with much of it produced in Silicon Valley, my home. It would seem to follow that American companies would be, and would continue to be, dominant in the global market for encryption and encryption-protected products. However, due to a myopic Federal government policy regulating this technology, our country risks losing its advantage in this vital industry; many within the industry believe that we are already some length down that path.

  Export controls, implemented before the advent of high performance computing, provide impediments for American companies to export the strongest encryption available on the world market, and from utilizing it in computer software and hardware that they sell overseas. Obviously, this directly costs thousands of American jobs, but it also creates a huge risk for Americans and American industry due to the indirect effect restrictions create for domestic users. Because it is rarely commercially feasible to create an ''export'' version and ''domestic'' version of software, domestic users generally do not have access to the best encryption. Strong encryption is needed in the United States so that U.S. companies and computer users are less vulnerable to hackers, criminals, and industrial spies.

  This export policy has also placed the U.S. encryption industry, and the broader high tech industry, in peril. Computer hardware and software producers are barred from exporting information systems integrated with powerful encryption, but their international customers want this technology to secure their proprietary information. Potential overseas purchasers are thus required to either purchase U.S. products with inferior encryption, look to non-American suppliers, who are becoming more plentiful each year, or purchase products with security features imposed by the U.S. government that are not favored—and not incorporated into competing products produced by our foreign competitors. Obviously, this is an entirely untenable situation for our high-tech exporters. If the United States cedes the overseas encryption market to foreign suppliers, our domestic encryption technology producers will eventually be driven out of business or offshore. In addition, our entire computer and technology industry could be seriously impaired.

  It has been estimated that losses to the U.S. information industry could reach as high as 30 to 60 billion dollars and 200,000 jobs annually by the year 2000. Many believe these estimates are conservative. These calculations do not even fully account for the lost potential of other international electronic commerce over the Internet, and the effect that the above circumstances could have on U.S. companies that want to participate in this potentially enormous market.

  I understand the government's desire to have access to electronic files and to monitor electronic communications that could be encrypted. However, I believe that it is time for our government to recognize that superior encryption products are already widely available and being sold by overseas competitors, and that the current controls only hurt American industry, without furthering law enforcement and national security goals.

  The Administration has repeatedly maintained that the assertion that ''the genie is already out of the bottle'' for strong cryptography is not borne out by the current availability of products overseas. Even if this were true, and the evidence seems to say otherwise, it is indisputable that the science behind strong cryptography is well known, and has been widely discussed in academic literature distributed all over the globe. If these products are not currently available, and some of them can be downloaded off of the Internet right now, then they certainly will be in a very short period of time, particularly if the U.S. government implements certain policies now under consideration.

  The Administration argues that the United States, combined with its allies, can control the world encryption market and can coordinate the implementation of an international ''key recovery'' regime, which they claim will be ''market driven.'' However, U.S. negotiators have already tried and failed to get an agreement to implement such a plan among the Organization for Economic Cooperation and Development (OECD). Even if agreement is reached with the European Union and Japan, for this scheme to work we would need circumstances in which every nation capable of producing encryption agrees and has the capacity to enforce the agreement. I think it is pretty obvious that this will not come to pass, no matter how much well intentioned persons might diligently pursue such an outcome.

  Notwithstanding the absence of any demonstrable progress toward such an agreement, the aspirations for a comprehensive global key escrow scheme ignore the undeniable power of market demand for cryptographic products that do not incorporate any form of escrow or recovery, or at the very least products that do not have to go through a U.S. government approval process. If U.S. suppliers are forbidden to supply these products, then someone else undoubtedly will. Whatever hopes we may have for an international system of key escrow, we will never achieve 100 percent participation, and those who do not participate will profit heavily at our expense. And in the end, any sophisticated criminal or terrorist will obviously not utilize the ''government approved'' products, and will defeat the ultimate purpose of the policy at everyone else's expense.

  Rather than continuing to pursue this flawed and unworkable policy, I would urge the national security and law enforcement community to assume a cooperative posture with our domestic technology industry, and utilize the minds of the foremost scientists in the world to pursue technological answers to their national security and law enforcement concerns. While we have probably lost much of our ability to monitor the totality of digital communications and data, with the assistance of the private sector the U.S. government could have the most potent decoding tools available in the world.

  In order to reverse current government encryption policy, Congressman Goodlatte, along with myself and over 60 other Members of Congress, have sponsored H.R. 695, the Security and Freedom Through Encryption (SAFE) Act, the subject of today's hearing. This legislation would recognize the rights of Americans to use encryption and to sell it domestically. H.R. 695 would also prohibit requirements for any mandatory key escrow arrangement. Furthermore, the bill makes it a crime to use encryption unlawfully in furtherance of a crime. Finally, the SAFE Act liberalizes export controls to permit free export of generally available encryption technology, and export of other encryption software unless it is likely to be used for military or terrorist purposes, or to be reexported.

  As I have stated previously, I believe that the Administration is indeed motivated by legitimate national security and law enforcement concerns, but I do believe their proposed policy is terribly misguided and counterproductive toward their own purposes. I also am aware that my view is shared by many within the Administration, but to this point these voices have not carried the day. I am hopeful that through hearings like this one and in the Senate Commerce Committee yesterday, through continued dialogue with industry, or ultimately through congressional action, we can convince the Administration to alter its stance and join us in taking steps to approach national security and law enforcement concerns sensibly and more effectively.