1997 Congressional Hearings
Intelligence and Security


Security and Freedom Through Encryption (SAFE) Act
March 20, 1997 - House Judiciary Subcommittee on Courts and Intellectual Property

  I have grave concerns that our export control policy, insofar as it seeks to limit the export of encryption products, may compromise our ability as a nation to compete abroad.

  I also have my doubts that these same export restrictions have any good law enforcement effect.

  Lastly, I worry that such export restrictions compromise our privacy and security.

  It is my sincere hope that today's witnesses may, by their testimony, dispel some of my concerns and move us closer to an agreement, if not to legislation, that resolves these very difficult issues involving international trade, law enforcement, privacy, and security .

  As it may be helpful, permit me to expand upon my concerns.

  First, as for our crypto export regulations, foreign marketing campaigns have charged our standards ''prohibit the export of strong encryption technology'' and argued that customers should buy foreign encryption products that have ''full encryption enabled all over the world.'' I have here a copy of a page I got off the Internet for a South African company that last year made precisely this charge and wish to make it part of the record.

  A company from Great Britain explained on its Internet home page, and this was just yesterday, that its product is ''available world-wide with full 128-bit (and higher) security.'' The British firm goes on to say, ''By comparison servers available from companies in the USA such as Netscape and Microsoft are limited by the US government to trivially-cracked 40 bit security'' (italic supplied). I have copies of these pages for the record as well.
  Thus, our competitive disadvantage. At least in advertising.

  Second, as for promoting law enforcement by these export restrictions, when the Deputy Attorney General appeared at our last hearing, in response to a question from the Gentleman from Virginia, Representative Bobby Scott, she conceded that none of these export restrictions would have any direct effect, I repeat, any direct effect on any terrorist or anyone conducting illegal operations because such criminals would never release the key to unlock their encrypted messages to any third party. I am concerned therefore that we are only limiting encryption for legitimate companies, for honest people who need it the most to secure themselves from the dishonest.

  Third, as for privacy, it strikes me that more encryption, not less, protects individual human and corporate privacy. If no one can break the code we use to encrypt what we say on a cellular telephone call overseas or when we transmit medical or financial or other privileged information outside the United States, aren't we preventing crime? If we artificially compromise the shield that is encryption, aren't we promoting crime?

  It is my hope that we'll be able to address these concerns at this hearing and in the days ahead as we search for a solution to these difficult and troubling questions.