1997 Congressional Hearings
Intelligence and Security





 Page 1       TOP OF DOC
44–880 CC
1998
H.R. 695: SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT

MARKUP

BEFORE THE

SUBCOMMITTEE ON INTERNATIONAL ECONOMIC POLICY AND TRADE

OF THE

COMMITTEE ON
INTERNATIONAL RELATIONS
HOUSE OF REPRESENTATIVES

ONE HUNDRED FIFTH CONGRESS

FIRST SESSION

JUNE 24, 1997

Printed for the use of the Committee on International Relations



 Page 2       PREV PAGE       TOP OF DOC

COMMITTEE ON INTERNATIONAL RELATIONS
BENJAMIN A. GILMAN, New York, Chairman
WILLIAM GOODLING, Pennsylvania
JAMES A. LEACH, Iowa
HENRY J. HYDE, Illinois
DOUG BEREUTER, Nebraska
CHRISTOPHER SMITH, New Jersey
DAN BURTON, Indiana
ELTON GALLEGLY, California
ILEANA ROS-LEHTINEN, Florida
CASS BALLENGER, North Carolina
DANA ROHRABACHER, California
DONALD A. MANZULLO, Illinois
EDWARD R. ROYCE, California
PETER T. KING, New York
JAY KIM, California
STEVEN J. CHABOT, Ohio
MARSHALL ''MARK'' SANFORD, South Carolina
MATT SALMON, Arizona
AMO HOUGHTON, New York
TOM CAMPBELL, California
JON FOX, Pennsylvania
JOHN McHUGH, New York
LINDSEY GRAHAM, South Carolina

 Page 3       PREV PAGE       TOP OF DOC
ROY BLUNT, Missouri
JERRY MORAN, Kansas
KEVIN BRADY, Texas
LEE HAMILTON, Indiana
SAM GEJDENSON, Connecticut
TOM LANTOS, California
HOWARD BERMAN, California
GARY ACKERMAN, New York
ENI F.H. FALEOMAVAEGA, American Samoa
MATTHEW G. MARTINEZ, California
DONALD M. PAYNE, New Jersey
ROBERT ANDREWS, New Jersey
ROBERT MENENDEZ, New Jersey
SHERROD BROWN, Ohio
CYNTHIA A. McKINNEY, Georgia
ALCEE L. HASTINGS, Florida
PAT DANNER, Missouri
EARL HILLIARD, Alabama
WALTER CAPPS, California
BRAD SHERMAN, California
ROBERT WEXLER, Florida
STEVE ROTHMAN, New Jersey
BOB CLEMENT, Tennessee
BILL LUTHER, Minnesota
JIM DAVIS, Florida

 Page 4       PREV PAGE       TOP OF DOC
RICHARD J. GARON, Chief of Staff
MICHAEL H. VAN DUSEN, Democratic Chief of Staff

Subcommittee on International Economic Policy and Trade
ILEANA ROS-LEHTINEN, Florida, Chairperson
DONALD A. MANZULLO, Illinois
STEVEN J. CHABOT, Ohio
TOM CAMPBELL, California
LINDSEY O. GRAHAM, South Carolina
ROY BLUNT, Missouri
JERRY MORAN, Kansas
KEVIN BRADY, Texas
DOUG BEREUTER, Nebraska
DANA ROHRABACHER, California
SAM GEJDENSON, Connecticut
PAT DANNER, Missouri
EARL F. HILLIARD, Alabama
BRAD SHERMAN, California
STEVEN R. ROTHMAN, New Jersey
BOB CLEMENT, Tennessee
TOM LANTOS, California
BILL LUTHER, Minnesota
MAURICIO TAMARGO, Chief of Staff
YLEEM D.S. POBLETE, Professional Staff Member
AMOS HOCHSTEIN, Democratic Professional Staff Member

 Page 5       PREV PAGE       TOP OF DOC
JOSE A. FUENTES, Staff Associate
C O N T E N T S

WITNESSES

    Text of H.R. 695
    En bloc amendment offered by Ms. Ros-Lehtinen, Mr. Gejdenson, Mr. Campbell, and Mr. Sherman
H.R. 695: SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT

TUESDAY, JUNE 24, 1997
House of Representatives,
Subcommittee on International Economic Policy and Trade,
Committee on International Relations,
Washington, DC.
    The Subcommittee met, pursuant to notice, at 4:08 p.m. in room 2172, Rayburn House Office Building, Hon. Ileana Ros-Lehtinen, chair of the Subcommittee, presiding.
    Ms. ROS-LEHTINEN. The Subcommittee will come to order. The Committee meets in open session to consider House Resolution 695, the Security and Freedom Through Encryption Act, known as the SAFE Act. House Resolution 695 was introduced by our colleague, the distinguished gentleman from Virginia, Mr. Goodlatte, on February 12 of this year. It was referred to the Committee on Judiciary and to the Committee on International Relations for appropriate action. It has already been reported out of the Committee of Judiciary, and thus, the onus is now upon us to consider this legislation.
    Meetings and hearings have been held on the issue of encryption and on this bill specifically throughout the last several months. We have listened to the concerns that are raised by all sides, including from those who argue about a potential negative impact on national security and law enforcement. However, the facts presented and arguments raised overwhelmingly support the liberalization of export controls on generally available encryption products.

 Page 6       PREV PAGE       TOP OF DOC
    The data clearly substantiates the need for the SAFE Act, if the United States is going to be able to effectively compete in the global arena and not only actively participate, but assume a leadership role in the formulation of international cryptology.
    Current law regulates the export of encryption technology in a manner similar to military technology. The SAFE Act brings the U.S. law into the present and the future by looking at today's realities, not at myths, but at the actual technological developments taking place on the world stage.
    The SAFE Act already has over 120 co-sponsors, many of whom are Members of this Subcommittee. It enjoys the enthusiastic support of related industries and industry groups, civil liberties organizations and privacy advocates. I commend the author of this legislation, Mr. Goodlatte, for his ongoing commitment and for his foresight in bringing this issue to the forefront.
    Now, if I may, I would like to recognize the sponsor of this bill, Mr. Goodlatte, to speak briefly on his legislation.
    Mr. GOODLATTE. Thank you, Madame Chairman, and first, I would like to thank you for your leadership on this issue and for holding this markup today to help move this legislation forward, which has been reported by voice vote from the Judiciary Committee.
    I would also like to thank Congressman Gejdenson for his long support and involvement in this very important issue as well.
    This is a vitally important piece of legislation, if we are going to continue to promote the U.S. dominance of the software industry worldwide. Nearly 75 percent of all the software created and published worldwide is created in the United States. But, we are at risk of losing that standing if we allow our current Administration policy of using our export control laws to restrict the export of heavily encrypted software to foreign competition, which has been gearing up very rapidly in many countries around the world.

 Page 7       PREV PAGE       TOP OF DOC
    This legislation is also very important from the standpoint of promoting the safety and security of American citizens and others in the use of the Internet. People are aware that right now their credit card numbers, their medical records, their industrial trade secrets, are not secure on the Internet and the reason is that government policy inhibits the use of strong encryption, not only internationally, but also domestically, because the Internet is an international communication system, and you cannot use something effectively if you can only use it domestically.
    The legislation now has 133 co-sponsors. We keep adding new co-sponsors by the hour. It is supported by a wide array of Members on both sides of the aisle. It is also endorsed by a wide array of privacy groups, everyone from the American Civil Liberties Union to Americans for Tax Reform and the Center for Democracy and Technology.
    It is not only supported by the computer industry, both software and hardware, but also by major business groups, including the U.S. Chamber of Commerce, the National Association of Manufacturers, the National Retail Federation, the On-Line Bankers Association and the Direct Marketing Association.
    So, I again thank you for moving this legislation forward and look forward to working with you as we move it through the House of Representatives.
    Ms. ROS-LEHTINEN. Thank you so much. Are there any Members who wish to speak before we turn to the markup?
    Mr. BEREUTER. Madam Chairman?
    Ms. ROS-LEHTINEN. Mr. Bereuter.
    Mr. BEREUTER. Thank you, Madam Chairman. I will speak in opposition to H.R. 695 for a narrow but important reason. Let me say at the outset that my objections to this legislation concern only U.S. export control policy and the part of H.R. 695 which is in the jurisdiction of this Committee. I am not commenting about the domestic use and availability of encryption.

 Page 8       PREV PAGE       TOP OF DOC
    This legislation is, of course, well intended. In every aspect of U.S. export controls, a goal must be the balance between the competitiveness of U.S. companies and U.S. national security goals. However, this bill fails that balance, because it significantly relaxes U.S. export control of encryption, without requiring a key recovery policy appended to those exports.
    This legislation would, thus, hinder our law enforcement, public safety and national security efforts, while undermining the ability of the Administration to forge international consensus on the use and implementation of national key recovery policies.
    A June 23 letter from the Deputy Director of the Federal Bureau of Investigation, the Administrator of the Drug Enforcement Administration, bluntly states why H.R. 695 upsets the delicate balance between export competitiveness and our national security.
    That letter states, ''Bills now being considered would have the effect of largely removing these existing export controls on encryption products, and would promote the widespread availability and uses of any type of encryption product, regardless of the impact on national security and public safety.''
    Enactment would, in our view, have a significant negative impact on national security, effective law enforcement, public safety and on ongoing efforts to establish a balanced encryption policy.
    Madam Chairman, U.S. export control restrictions on encryption are still necessary to encourage other nations to develop their own national key recovery policies. The development of key recovery policies is crucial, not because law enforcement believes it can keep strong encryption out of the hands of terrorists, but because the ubiquitous use of strong encryption in the near future will make it virtually impossible to determine which encrypted communications to focus on for law enforcement and national security purposes. Brute force to crack encryption algorithms in that type of environment is not useful. Access for law enforcement to decrypt certain communications will be essential for even routine law enforcement and national security purposes.

 Page 9       PREV PAGE       TOP OF DOC
    This Member believes that the use of strong encryption is essential for the security and privacy concerns of U.S. nationals and U.S. businesses. Moreover, there can be no doubt that the U.S. Government's export controls on encryption have become outdated, prior to the Administration's recent regulatory changes. Our export control policies risked undermining the competitiveness of U.S. hardware and software encryption exporters, by driving the encryption industry offshore to countries that do not have export controls.
    Recognizing that the United States cannot forever maintain its technological lead in the development and mass marketing of strong hardware and software encryption products without permitting the export of strong encryption, the Administration relaxed controls on encryption exports with a requirement that companies wishing to export those products submit a key recovery plan.
    Will the Administration's key recovery policy work? Nobody yet knows, but it certainly is our best chance, it seems to me, to work out a balanced, workable policy. It certainly is being utilized by some of America's encryption exporters. For example, a small but fast growing company in my home State is exporting wireless telecommunication devices with strong encryption under the Administration's current regulations. That company is working with the government to preserve the delicate balance between our competitiveness and law enforcement. We should give that policy a chance to work.
    Madam Chairman, this legislation, H.R. 695, is only one small piece of the entire encryption issue. The Administration's current key recovery policy requires congressional approval of legislation for key management infrastructure, and it is not clear that the Administration sufficiently has its act together to get such legislation enacted.
    Although progress in this regard has been made in the Senate with the passage of the Kerry-McKain-Hollings legislation, S. 909, out of the Senate Commerce Committee, I am not yet convinced that the Administration sufficiently understands the gravity of the current situation. While strong encryption is currently being exported, the FBI seems stuck on the issue of the domestic use of strong encryption, which the Senate legislation pledges will not be curtailed.

 Page 10       PREV PAGE       TOP OF DOC
    Moreover, our national security agencies do not have sufficient answers yet on the issues of foreign availability on strong encryption, like the Sun Russian joint venture, which is on plan to export 128 encryption.
    I strongly regret that this Committee will not be able to wait until Thursday's briefing by the Administration's law enforcement and national security officials. I intend to ask very tough questions of the Administration, along some of the lines that I have outlined here today. Frankly speaking, the Administration must provide better answers to these questions and show leadership at the very highest levels, if it wishes to get Congress to give it authority for a key management infrastructure.
    Madam Chairman, if the Administration fails to get Congress to support a key management infrastructure plan, then strong encryption will be available throughout the world without a recovery system. The current policy Administration assures that. Therefore, it is very likely that within a short period of time, both the Administration's current policy and H.R. 695 will be overtaken by the forces of the market.
    Until then, however, we should not unilaterally undermine the Administration's ability to strike the appropriate balance between our hardware and software exporter's competitiveness and our national security. We must not cripple them from negotiating reasonable measures with foreign governments.
    For these reasons, I cannot support H.R. 695 in its current form. I thank you for the time.
    Ms. ROS-LEHTINEN. Thank you so much, Mr. Bereuter.
    Mr. Gejdenson.
    Mr. GEJDENSON. Thank you. First, I would like to commend Mr. Goodlatte, whom I have worked with on this issue and say what a pleasure it has been to work with him, and how it saddens me that I am not on the same side as my good friend, Mr. Bereuter, whom I have the greatest—no, I want to be on this side. And, frankly, having looked at your caucus lately, you would do much better on my side than you would over there. But, we will not go into that today.

 Page 11       PREV PAGE       TOP OF DOC
    [Laughter.]
    Mr. GEJDENSON. I think that my friend, Mr. Bereuter, and I am very serious about how much respect I have for him and my friendship for him, that frankly, he ignores recent history in a bipartisan manner, that both Republican and Democratic Administrations have intentionally refused to come to grips with this issue, because they have come to the conclusion that it is better to let history pass them by than to come up with a responsible policy.
    This predates this Administration, which I have great respect for, and frankly, it entails the entire information age, not just the issue of encryption. We remember Secretary Mosbacher decontrolling 286 computers and Secretary of Defense Cheney saying the world would immediately come to an end. Shortly, a world did come to an end after we decontrolled 286 computers. It was the Soviet world that came to an end.
    We are now in a situation where there is no practical way to control the use of this encryption. We clearly see other countries thanking us for our controls, because it is creating significant industries in their countries. So, what is happening here? Capital, in an economic sense, capital in an intelligence sense, will continue to move from the United States, which will endanger us in two ways.
    One, economically, it will endanger us and that is an inconvenience. We have lost other fields of technology before. We have lost the machine tool industry, we have lost the electronics industry, and Lord, we have survived all that. So, I guess the economic consequences may not frighten us.
    But, the security consequences here should, because if we continue to push people who are involved in encryption offshore, then all the talent will be offshore and, indeed, our intelligence agencies will lose out in that as well.
    So, we have today a situation where an American company, to follow the law, sends its product to Russia. They add the encryption. It is then sold worldwide. That company then brings in the Russian encryption here and adds it so they have the same system operating worldwide.

 Page 12       PREV PAGE       TOP OF DOC
    If a company wanted to, of course, it just sells the encryption here in this country and anybody with the most outmoded computer and modem in the world can send any of the encryption we have discussed worldwide in a matter of seconds, without compromise.
    Now, we have had Clipper chip, we now have son of Clipper chip. The reality is that none of this has worked. Administration after Administration has kind of dropped an anchor in the sand and said to the Congress and the economy of the world, please drag us forward, we are not going to participate.
    I think the only way to get an Administration, this one that I have good friends in and I admire in many ways or any other to move forward, is us to start a bus or a train heading for the floor. Even then, I am not sure that they are capable of getting their act together in this field. But, we have to send this to the floor. We need to do it today, and maybe that will be the first message to the Administration to seriously engage in a rational encryption policy.
    I have spent more trips to more secret meetings to more people involved in this, and never gotten serious answers about what they are trying to achieve or how they are trying to achieve it. I do not think they have an argument for their position. This is not large, sophisticated, cumbersome systems that you can control in the old manner. Yes, we caught Saddam Hussein moving large pieces of pipe through England. This is the information age technology. We need to get out in front of it. We need to try to make sure we control it, but we cannot continue to ignore it, as this and previous Administrations have done.
    So, I would hope we pass the legislation and pass it expeditiously.
    Ms. ROS-LEHTINEN. Thank you. I would like to ask the other Members to hold their comments for awhile so we can get to the markup, because other Members do have to go for other commitments, and I am afraid to lose our quorum.
    So, pursuant to notice, the Subcommittee will now turn to the consideration of H.R. 695, which the clerk will report.

 Page 13       PREV PAGE       TOP OF DOC
    The CLERK. To amend title 18, United States Code, to affirm the rights of United States persons to use and sell encryption and to relax export controls——
    Ms. ROS-LEHTINEN. Without objection, the clerk will read the text of the bill for amendment. Without objection, the bill is considered as having been read and is open to amendment at this point.
    I have an amendment, and I would like to ask the clerk to report the amendment.
    The CLERK. Page 5, line 14, strike ''COMPUTERS'' and insert——
    Ms. ROS-LEHTINEN. I ask unanimous consent that further reading of the amendment be dispensed with and the gentleman from Connecticut, Mr. Gejdenson, is recognized for 5 minutes in support of our amendment.
    Mr. GEJDENSON. Madam Chairman, this amendment is primarily technical, consistent with the original draft language of the bill, provides basically some additions and perfections by a number of our colleagues here, Mr. Sherman and others, and I would——
    Ms. ROS-LEHTINEN. Thank you, Mr. Gejdenson.
    Mr. BEREUTER. Will the gentleman yield?
    Ms. ROS-LEHTINEN. Mr. Bereuter.
    Mr. BEREUTER. Will the gentleman yield?
    Mr. GEJDENSON. Yes, I would be happy to.
    Mr. BEREUTER. Thank you. I am not trying to stall for any reason. I am ready to vote and cast mine soon, but I would like to know what is in the amendment. This is the first time we have seen the amendment. As you know, it was not available, so would you be willing to go over it, subsection by subsection, and tell us what is happening here?

 Page 14       PREV PAGE       TOP OF DOC
    Ms. ROS-LEHTINEN. Mr. Gejdenson.
    Mr. GEJDENSON. I would be happy to go through a brief review of the amendment and then I would be happy to go through it line by line, if my friend is interested.
    This amendment provides for technical changes only, and does not affect the substance or intent of objective of the legislation. There have been consultations with the author of H.R. 695, Mr. Goodlatte, on all sections of the amendment.
    One section of the amendment serves to remove the distinction between mass market and customized software, helps ensure the customized software is also the subject of liberalized export. Expand section three of H.R. 695 by extending the exemption from licensing to customized software.
    Other language in the amendment serves to ensure that no inequities in the marketplace result from passage of H.R. 695 by providing the inclusion of consumer products. Manufacturers, in responding to the demands for movie studios, record labels and others, are beginning to incorporate more encryptive capability in products that do not necessarily fall under the umbrella of computing products. These are products such as small dish satellites, receivers, digital video disks, small cards, etc., which require encryption in some cases, such as new WEB TV, products now being sold in the United States that may fall under multiple munitions control, when they are clearly and purely for consumer end users and not primarily for military purpose.
    Another section of the amendment is Congress regarding the international cooperation, which goes to the very core of the debate over encryption and the need for a multilateral agreement on trade of this technology and mutual security.
    Ms. ROS-LEHTINEN. Are there additional Members seeking recognition on this amendment?
    Mr. CAMPBELL. Madam Chair.
    Ms. ROS-LEHTINEN. Mr. Campbell.

 Page 15       PREV PAGE       TOP OF DOC
    Mr. CAMPBELL. To amplify my colleague's response to Mr. Bereuter's question, I am also part of this en bloc and my purpose was to deal with what is called encryption-ready software, that might inadvertently be swept up under the restrictions on software encryption itself, simply because it has an interface that could fit with the software, that then does the encrypting. Inadvertent, in my sense, inadvertent sweeping, and to prevent that, whatever the executive branch does with the software itself, we should not be restricting our exports of encryption ready, which itself has no technological or, in my judgment, national security risk.
    Mr. BEREUTER. Will the gentleman yield?
    Mr. CAMPBELL. I would be pleased to yield.
    Ms. ROS-LEHTINEN. Mr. Bereuter.
    Mr. BEREUTER. On the bottom of page 2, to which you are referring, is that the part which you produced?
    Mr. CAMPBELL. I am the author of the changes on page 8 and page 6 and the specific references, here, I will show it to you, ''any computing device solely because it incorporates or employs in any form——interface mechanisms for interaction with other hardware and software, including hardware and software, with encryption capabilities,'' which would be page 6, line 21.
    Mr. BEREUTER. Bottom of page 2 on the amendment. Thank you.
    Mr. CAMPBELL. That seems to me correct. Thank you.
    Ms. ROS-LEHTINEN. Thank you. The Chair will put the question on the Ros-Lehtinen and Gejdenson-Campbell-Rothman Amendment. As many as are in favor of the amendment, say aye.
    [Chorus of ayes.]
    Ms. ROS-LEHTINEN. As many as are opposed to the amendment, say no.

 Page 16       PREV PAGE       TOP OF DOC
    [Chorus of noes.]
    Ms. ROS-LEHTINEN. The ayes appear to have it. The ayes do have it, and the amendment is agreed to.
    Are there further amendments? If there are no further amendments, the Chair will put the question on favorable, reporting the bill as amended to the Full Committee. So many as are in favor to the question say aye.
    [Chorus of ayes.]
    Ms. ROS-LEHTINEN. So many as are opposed, say no.
    [Chorus of noes.]
    Ms. ROS-LEHTINEN. The ayes appear to have it.
    Mr. GEJDENSON. Madam Chair, I ask for a recorded vote.
    Ms. ROS-LEHTINEN. A recorded vote is requested. Those in favor of taking the vote by recorded vote shall raise their hands. Evidently a sufficient number. The clerk will call the roll.
    The CLERK. Ms. Ros-Lehtinen?
    Ms. ROS-LEHTINEN. Aye.
    The CLERK. Ms. Ros-Lehtinen votes aye.
    Mr. Manzullo?
    Mr. MANZULLO. Aye.
    The CLERK. Mr. Manzullo votes aye.
    Mr. Chabot?
    Mr. CHABOT. Aye.
    The CLERK. Mr. Chabot votes aye.
    Mr. Campbell?
    Mr. CAMPBELL. Aye.

 Page 17       PREV PAGE       TOP OF DOC
    The CLERK. Mr. Campbell votes aye.
    Mr. Graham?
    [No response.]
    The CLERK. Mr. Blunt?
    Mr. BLUNT. Aye.
    The CLERK. Mr. Blunt votes aye.
    Mr. Moran?
    [No response.]
    The CLERK. Mr. Brady?
    Mr. BRADY. Aye.
    The CLERK. Mr. Brady votes aye.
    Mr. Bereuter?
    Mr. BEREUTER. No.
    The CLERK. Mr. Bereuter votes no.
    Mr. Rohrabacher?
    Mr. ROHRABACHER. Aye.
    The CLERK. Mr. Rohrabacher votes aye.
    Mr. Gejdenson?
    Mr. GEJDENSON. Aye.
    The CLERK. Mr. Gejdenson votes aye.
    Mrs. Danner?
    Ms. DANNER. Aye.
    The CLERK. Mrs. Danner votes aye.
    Mr. Hilliard?
    Mr. HILLIARD. Aye.

 Page 18       PREV PAGE       TOP OF DOC
    The CLERK. Mr. Hilliard votes aye.
    Mr. Sherman?
    Mr. SHERMAN. Aye.
    The CLERK. Mr. Sherman votes aye.
    Mr. Rothman?
    Mr. ROTHMAN. Aye.
    The CLERK. Mr. Rothman votes aye.
    Mr. Clement?
    Mr. CLEMENT. Aye.
    The CLERK. Mr. Clement votes aye.
    Mr. Lantos?
    [No response.]
    The CLERK. Mr. Luther?
    Mr. LUTHER. Aye.
    The CLERK. Mr. Luther votes aye.
    Mr. Graham?
    [No response.]
    Mr. Moran?
    [No response.]
    Mr. Lantos?
    [No response.]
    The CLERK. Madam Chairman, on this vote, there are 14 ayes and one no.
    Ms. ROS-LEHTINEN. The motion is agreed to. I thank all the Members for their cooperation. We will be in touch with Mr. Gilman about prompt consideration of this measure in Full Committee before the July 11 deadline. The Subcommittee stands in recess, subject to the call of the Chair. Thank you.

 Page 19       PREV PAGE       TOP OF DOC
    [Whereupon, at 4:28 p.m., the Subcommittee adjourned subject to the call of the Chair.]

A P P E N D I X

    Insert "The Official Committee record contains additional material here."