SPEAKERS CONTENTS INSERTS Tables
Page 1 TOP OF DOCSECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT
THURSDAY, MARCH 20, 1997
House of Representatives,
Subcommittee on Courts and
Committee on the Judiciary,
The subcommittee met, pursuant to notice, at 9:32 a.m., in room 2141, Rayburn House Office Building, Hon. Howard Coble (chairman of the subcommittee) presiding.
Present: Representatives Howard Coble, F. James Sensenbrenner, Jr., Bob Goodlatte, Sonny Bono, Edward A. Pease, John Conyers, Jr., Zoe Lofgren, William D. Delahunt.
Also present: Mitch Glazier, chief counsel; Blaine Merritt, counsel; Joseph Gibson, counsel; Vince Garlock, counsel; Eunice Goldring, staff assistant; and John Flannery, minority counsel.
OPENING STATEMENT OF CHAIRMAN COBLE
Mr. COBLE. Good morning. The Subcommittee on Courts and Intellectual Property will come to order.
Today the subcommittee is conducting a hearing on H.R. 695, the Security and Freedom Through Encryption (SAFE) Act, commonly known as the SAFE Act. H.R. 695 addresses the complex and important issue of encryption.
Page 2 PREV PAGE TOP OF DOC Encryption, as you perhaps know, is the process of encoding data or communications in a form that only the intended recipient can understand. Once the exclusive domain of the national security agencies, encryption has become increasingly important to persons and companies in the private sector concerned with the security of the information they transmit.
The encryption debate encompasses two main issues. The first is whether there should be any restriction on the domestic use and sale of encryption technology and, in particular, whether domestic users may place their keys in escrow with the Government or some neutral third party. This requirement would provide a mechanism which would allow law enforcement and national security agencies some ability to monitor transmissions. Current law does not have such restrictions.
The second issue is whether there should be any restrictions on the export of encryption technology. Current law regulates the export of encryption technology in a manner similar to military technology.
I commend the gentleman from Virginia, Mr. Goodlatte, for his extensive work in this area and for having introduced this important piece of legislation.
[The bill, H.R. 695, follows:]
INSERT OFFSET RING FOLIOS 1 TO 9, 55 HERE
Mr. COBLE. I would like to recognize the ranking member of the full committee, the gentleman from Michigan, Mr. Conyers, and after Mr. Conyers speaks, I'd like to recognize Mr. Goodlatte to further explain his bill.
Page 3 PREV PAGE TOP OF DOC
The gentleman from Michigan.
Mr. CONYERS. Thank you, Mr. Chairman, and good morning to the members of the committee, the witnesses and those interested citizens assembled here.
There are some concerns about our export control policy insofar as it seeks to limit the export of encryption products and may compromise our ability as a nation to compete abroad. I have some doubts that these same export restrictions have any good law enforcement effect, and I further worry that such export restrictions compromise our privacy and security.
I'm looking for some help from you in the first panel to assist me in dispelling the doubts that I carry to this hearing.
Let's if we can move closer to legislation and agreement about the issues that involve international trade, law enforcement, privacy, and security.
As for our crypto-export regulations, you all know foreign marketing campaigns have charged that our standards prohibit the export of strong encryption technology and argue that customers should buy foreign encryption products that have full encryption capability all over the world. From the Internet, I've got a South African company that last year made that charge, and I will subsequently make it part of the record.
In England, a company explained on its Internet home page yesterday that its product is, ''available worldwide with full 128-byte and higher security.'' The British firm goes on, ''By comparison, servers available from companies in the USA, such as Netscape and Microsoft, are limited by the U.S. Government to trivially-cracked 40-byte security.''
Page 4 PREV PAGE TOP OF DOC
So what are we doing here this morning? It appears we've got a competitive disadvantage. At least in advertising.
Now let's look at law enforcement. Jamie Gorelick appeared before our committee, and in response to Congressman Bobby Scott, she conceded that none of these export restrictions would have any direct effect on any terrorists or anyone conducting illegal operations because such criminals would never release the key to unlock their encrypted messages to any third party, obviously. So I'm concerned that we are limiting encryption for legitimate companies, for honest people who need it the most to secure themselves from the dishonest.
Now finally, Chairman Coble, with reference to this privacy, it strikes me that more encryption protects individual, human and corporate privacy. If no one can break the code we use to encrypt what we say on a cellular phone call overseas or when we transmit medical or financial information outside the United States, aren't we preventing crime, slowing it down? If we artificially compromise the shield that is encryption, aren't we enabling criminal activity to occur?
So, Witnesses, I'm glad you're all here, and I'll be listening carefully.
Thank you, Mr. Chairman, for this intervention.
[The prepared statement of Mr. Conyers follows:]
PREPARED STATEMENT OF HON. JOHN CONYERS, JR., A REPRESENTATIVE IN CONGRESS FROM THE STATE OF MICHIGAN
Page 5 PREV PAGE TOP OF DOC I have grave concerns that our export control policy, insofar as it seeks to limit the export of encryption products, may compromise our ability as a nation to compete abroad.
I also have my doubts that these same export restrictions have any good law enforcement effect.
Lastly, I worry that such export restrictions compromise our privacy and security.
It is my sincere hope that today's witnesses may, by their testimony, dispel some of my concerns and move us closer to an agreement, if not to legislation, that resolves these very difficult issues involving international trade, law enforcement, privacy, and security .
As it may be helpful, permit me to expand upon my concerns.
First, as for our crypto export regulations, foreign marketing campaigns have charged our standards ''prohibit the export of strong encryption technology'' and argued that customers should buy foreign encryption products that have ''full encryption enabled all over the world.'' I have here a copy of a page I got off the Internet for a South African company that last year made precisely this charge and wish to make it part of the record.
A company from Great Britain explained on its Internet home page, and this was just yesterday, that its product is ''available world-wide with full 128-bit (and higher) security.'' The British firm goes on to say, ''By comparison servers available from companies in the USA such as Netscape and Microsoft are limited by the US government to trivially-cracked 40 bit security'' (italic supplied). I have copies of these pages for the record as well.
Page 6 PREV PAGE TOP OF DOC Thus, our competitive disadvantage. At least in advertising.
Second, as for promoting law enforcement by these export restrictions, when the Deputy Attorney General appeared at our last hearing, in response to a question from the Gentleman from Virginia, Representative Bobby Scott, she conceded that none of these export restrictions would have any direct effect, I repeat, any direct effect on any terrorist or anyone conducting illegal operations because such criminals would never release the key to unlock their encrypted messages to any third party. I am concerned therefore that we are only limiting encryption for legitimate companies, for honest people who need it the most to secure themselves from the dishonest.
Third, as for privacy, it strikes me that more encryption, not less, protects individual human and corporate privacy. If no one can break the code we use to encrypt what we say on a cellular telephone call overseas or when we transmit medical or financial or other privileged information outside the United States, aren't we preventing crime? If we artificially compromise the shield that is encryption, aren't we promoting crime?
It is my hope that we'll be able to address these concerns at this hearing and in the days ahead as we search for a solution to these difficult and troubling questions.
INSERT OFFSET RING FOLIOS 10 TO 16 HERE
Mr. COBLE. Thank you, Mr. Conyers, and now the Chair recognizes the gentleman from Virginia, Mr. Goodlatte.
Page 7 PREV PAGE TOP OF DOC Mr. GOODLATTE. Well, thank you, Mr. Chairman.
I'd like to thank the subcommittee for holding today's important hearing on legislation that I've introduced, H.R. 695, the Security and Freedom Through Encryption Act of 1997, to encourage the use of strong encryption by all Americans.
This much-needed bipartisan legislation which currently has over 60 cosponsors, including a majority of the members of this subcommittee, accomplishes several important goals. First is aids law enforcement by preventing piracy and white-collar crime on the Internet.
At a Crime Subcommittee hearing during the 104th Congress on the subject of economic espionage, our colleague from Florida, Chairman McCollum, cited studies finding that the theft of proprietary business information costs American industry anywhere from $24 billion to well over $100 billion each year. The use of strong encryption to protect financial transactions and information would prevent this theft from occurring, which is one of the reasons why I have introduced the SAFE Act. If an ounce of prevention is worth a pound of cure, then an ounce of encryption is worth a pound of subpoenas.
With the speed of transactions and communications on the Internet, law enforcement cannot stop pirates and criminal hackers by waiting to react until after the fact. Only by allowing the use of strong encryption, not only domestically but internationally as well, can we hope to make the Internet a safe and secure environment.
As the National Research Council's Committee on National Cryptography Policy concluded, ''If cryptography can protect the trade secrets and proprietary information of businesses and thereby reduce economic espionage''which it can''it also supports in a most important manner the job of law enforcement. If cryptography can help protect nationally-critical information systems and networks against unauthorized penetration''which it can''it also supports the national security of the United States.''
Page 8 PREV PAGE TOP OF DOC
Second, if the global information infrastructure is to reach its true potential, citizens and companies alike must have the confidence that their communications and transactions will be secure. The SAFE Act, by allowing all Americans to use the highest technology and strongest security available, will provide them with that confidence.
Third, with the availability of strong encryption overseas and on the Internet, our export controls only serve to tie the hands of American business. According to a widely-noted study in December 1995, failure to remove these export controls by the year 2000just 3 short years from nowwill cost our economy $60 billion and 200,000 jobs.
Under the current system, America is surrendering our dominance of the global marketplace. The SAFE Act remedies this situation by allowing the export of generally available software and hardware if a product with comparable security features is commercially available from foreign suppliers. Removing these export barriers will free U.S. industry to remain the leader in software, hardware, and Internet development. And by allowing our computer industry to market the highest technology with the strongest security features available, America will lead the way into the 21st century information age and beyond.
This bipartisan legislation enjoys the support of members and organizations across the entire spectrum of ideological and political beliefs. The SAFE Act enjoys this support not only because it is a common-sense approach to solving a serious problem, but also because ordinary Americans' privacy and security is being assaulted by this administration.
Amazingly enough, the administration wants to mandate a back door into people's computer systems in order to access their private communications. In fact, the administration has stated that if people do not, quote, ''voluntarily,'' unquote, create this back door, it may seek legislation forcing them to give the government access to their information by mandating a key recovery system requiring people to give the keys to decode their communications to a Government-approved third party. This is the technological equivalent of mandating that the Government be given a key to every home in America.
Page 9 PREV PAGE TOP OF DOC
The administration is proposing an industrial age solution to an information age problem. The SAFE Act, on the other hand, prevents the administration from placing roadblocks on the information superhighway by prohibiting the Government from mandating a back door into the computer systems of private systems and businesses.
Additionally, the SAFE Act ensures that all Americans have the right to choose any security system to protect their confidential information. With the millions of communications, transmissions, and transactions that occur on the Internet every day, American citizens and businesses must have the confidence that their private information and communications are safe and secure. That is precisely what the SAFE Act will ensure. I urge each of my colleagues to support this bipartisan legislation and I look forward to hearing from the witnesses who will testify before us today.
Thank you, Mr. Chairman.
Mr. COBLE. I thank the gentleman, and the Chair again expresses thanks to you, Mr. Goodlatte, for the work you've done on this bill.
Does the gentlewoman from California have an opening statement?
Ms. LOFGREN. I do, Mr. Chairman, and, first, I would like to thank you for holding this hearing. I think it is enormously important that we are doing so, and I'd also like to thank Congressman Goodlatte for his excellent efforts to endeavor to create a sensible national encryption policy for the United States.
Page 10 PREV PAGE TOP OF DOC
As the chairman knows, I am a coauthor, or Democratic cosponsor of the Goodlatte bill and am proud to be. I represent Silicon Valley and hear constantly from my constituents, who are doing simply marvelous things in technology, how important this issue is, not only for personal security and safety of America and our data and our technological advances, but also for the economy of the United States.
The panel before us today, for the most part, consists of people that we have dealt with in public hearings before, with whom we've had private discussions, who've been to the valley. I don't currently agree with some of the testimony that I think is going to be offered todayat least what I think will be offered based on the written statementsbut it's important to recognize that, although I disagree with their policies, the intentions and motives of the administration, I think, are admirable and should be shared by all of us on both sides of the aisle.
Law enforcement has an interest in preserving the safety and security of Americans, and we all want that to occur. The flaw, I fear, is not that the intentions are wrong or misplaced, but that the technology has moved way beyond what the policy envisions.
I look forward to hearing from the witnesses today, including this first panel. I am still struggling to understand the rationale behind the current policy of the American Government, and, hopefully, by the end of the day, we will have an understanding which I have failed to achieve after much diligent research and listening for the last 2 years, and so I'm eager to hear.
I would like to say for witnesses that this is the last day before our 2-week district work period. I have, as I think other Members do, conflicting obligations. So my apologies in advance if I have to run out and reappear from time to time, and I think that would probably be true of all of us.
Page 11 PREV PAGE TOP OF DOC
[The prepared statement of Ms. Lofgren follows:]
PREPARED STATEMENT OF HON. ZOE LOFGREN, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF CALIFORNIA
First, I would like to thank Chairman Coble for holding this hearing, and to praise Congressman Goodlatte for his excellent efforts to try to create sensible national encryption policies that will foster America's technological development and economic supremacy.
The United States has been the world leader in the development of encryption technology, with much of it produced in Silicon Valley, my home. It would seem to follow that American companies would be, and would continue to be, dominant in the global market for encryption and encryption-protected products. However, due to a myopic Federal government policy regulating this technology, our country risks losing its advantage in this vital industry; many within the industry believe that we are already some length down that path.
Export controls, implemented before the advent of high performance computing, provide impediments for American companies to export the strongest encryption available on the world market, and from utilizing it in computer software and hardware that they sell overseas. Obviously, this directly costs thousands of American jobs, but it also creates a huge risk for Americans and American industry due to the indirect effect restrictions create for domestic users. Because it is rarely commercially feasible to create an ''export'' version and ''domestic'' version of software, domestic users generally do not have access to the best encryption. Strong encryption is needed in the United States so that U.S. companies and computer users are less vulnerable to hackers, criminals, and industrial spies.
Page 12 PREV PAGE TOP OF DOC This export policy has also placed the U.S. encryption industry, and the broader high tech industry, in peril. Computer hardware and software producers are barred from exporting information systems integrated with powerful encryption, but their international customers want this technology to secure their proprietary information. Potential overseas purchasers are thus required to either purchase U.S. products with inferior encryption, look to non-American suppliers, who are becoming more plentiful each year, or purchase products with security features imposed by the U.S. government that are not favoredand not incorporated into competing products produced by our foreign competitors. Obviously, this is an entirely untenable situation for our high-tech exporters. If the United States cedes the overseas encryption market to foreign suppliers, our domestic encryption technology producers will eventually be driven out of business or offshore. In addition, our entire computer and technology industry could be seriously impaired.
It has been estimated that losses to the U.S. information industry could reach as high as 30 to 60 billion dollars and 200,000 jobs annually by the year 2000. Many believe these estimates are conservative. These calculations do not even fully account for the lost potential of other international electronic commerce over the Internet, and the effect that the above circumstances could have on U.S. companies that want to participate in this potentially enormous market.
I understand the government's desire to have access to electronic files and to monitor electronic communications that could be encrypted. However, I believe that it is time for our government to recognize that superior encryption products are already widely available and being sold by overseas competitors, and that the current controls only hurt American industry, without furthering law enforcement and national security goals.
Page 13 PREV PAGE TOP OF DOC The Administration has repeatedly maintained that the assertion that ''the genie is already out of the bottle'' for strong cryptography is not borne out by the current availability of products overseas. Even if this were true, and the evidence seems to say otherwise, it is indisputable that the science behind strong cryptography is well known, and has been widely discussed in academic literature distributed all over the globe. If these products are not currently available, and some of them can be downloaded off of the Internet right now, then they certainly will be in a very short period of time, particularly if the U.S. government implements certain policies now under consideration.
The Administration argues that the United States, combined with its allies, can control the world encryption market and can coordinate the implementation of an international ''key recovery'' regime, which they claim will be ''market driven.'' However, U.S. negotiators have already tried and failed to get an agreement to implement such a plan among the Organization for Economic Cooperation and Development (OECD). Even if agreement is reached with the European Union and Japan, for this scheme to work we would need circumstances in which every nation capable of producing encryption agrees and has the capacity to enforce the agreement. I think it is pretty obvious that this will not come to pass, no matter how much well intentioned persons might diligently pursue such an outcome.
Notwithstanding the absence of any demonstrable progress toward such an agreement, the aspirations for a comprehensive global key escrow scheme ignore the undeniable power of market demand for cryptographic products that do not incorporate any form of escrow or recovery, or at the very least products that do not have to go through a U.S. government approval process. If U.S. suppliers are forbidden to supply these products, then someone else undoubtedly will. Whatever hopes we may have for an international system of key escrow, we will never achieve 100 percent participation, and those who do not participate will profit heavily at our expense. And in the end, any sophisticated criminal or terrorist will obviously not utilize the ''government approved'' products, and will defeat the ultimate purpose of the policy at everyone else's expense.
Page 14 PREV PAGE TOP OF DOC
Rather than continuing to pursue this flawed and unworkable policy, I would urge the national security and law enforcement community to assume a cooperative posture with our domestic technology industry, and utilize the minds of the foremost scientists in the world to pursue technological answers to their national security and law enforcement concerns. While we have probably lost much of our ability to monitor the totality of digital communications and data, with the assistance of the private sector the U.S. government could have the most potent decoding tools available in the world.
In order to reverse current government encryption policy, Congressman Goodlatte, along with myself and over 60 other Members of Congress, have sponsored H.R. 695, the Security and Freedom Through Encryption (SAFE) Act, the subject of today's hearing. This legislation would recognize the rights of Americans to use encryption and to sell it domestically. H.R. 695 would also prohibit requirements for any mandatory key escrow arrangement. Furthermore, the bill makes it a crime to use encryption unlawfully in furtherance of a crime. Finally, the SAFE Act liberalizes export controls to permit free export of generally available encryption technology, and export of other encryption software unless it is likely to be used for military or terrorist purposes, or to be reexported.
As I have stated previously, I believe that the Administration is indeed motivated by legitimate national security and law enforcement concerns, but I do believe their proposed policy is terribly misguided and counterproductive toward their own purposes. I also am aware that my view is shared by many within the Administration, but to this point these voices have not carried the day. I am hopeful that through hearings like this one and in the Senate Commerce Committee yesterday, through continued dialogue with industry, or ultimately through congressional action, we can convince the Administration to alter its stance and join us in taking steps to approach national security and law enforcement concerns sensibly and more effectively.
Page 15 PREV PAGE TOP OF DOC
Again, I thank the Chairman for holding this hearing and I look forward to hearing from the witnesses.
Mr. COBLE. Thank you, Ms. Lofgren.
The gentleman from California, Mr. Bono.
Mr. BONO. Thank you, Mr. Chairman. Excuse me for being late.
I did want to make a comment. This came up last year, and it has intensified this year. Here is my concern: I think bringing the notion up on this encryption and, basically, as I understand, letting the Government have access to it only is the gist of it. My problem is this: in the days when we were very solid with the Government agencies, probably something like this could have flown. But in this day and age I think there's a credibility problem here. I could never promote turning something over to an agency that doesn't have just absolutely squeaky clean credibility. And right now that doesn't exist in the agencies that want to have authority over the encryption.
It would seem to me that what needs to be done hereand I'm not a lawyer; I'm a guy from the street, and I'm new to this place, so I just respond from what logic and common sense I have. But I think the place to begin here is to start to have these agencies promote that they are credible and that there is nothing for the public to be concerned about. And until that happens, I certainly can't promote something like this until I know the agencies we turn these things over tobecause this is very confidential datawould handle it in a proper manner. So I am thoroughly and utterly opposed to this. And, frankly, I'm surprised that everybody in these agencies doesn't stop.
Page 16 PREV PAGE TOP OF DOC
I'm on a subcommittee that deals with the INS. Members of Congress caught them in a blatant lie. We caught them releasing prisoners from Krome, FL. We caught them in flagrant activities that I consider criminal. When we did catch them, the penalties that were imposed upon them were transferred to a different department, and they were minimal. They were like misdemeanor traffic tickets. And they can appeal this.
And so these people that really committed horrendous crimesan agencyare just going to walk away and whistle. Everybody'll have their job back. They'll get fined 10 or 15 bucks and that's going to be it.
And so, again, I'm just a guy. But, until the Government can represent itself the way it should, until these agencies can represent itself the way it should, until the Justice Department can represent itself the way it should, I don't even think we should talk about this, because you can say all these things, and they'll sound perfect in a perfect world. But obviously we don't have a perfect world or a perfect country or a perfect Government. I wish all of you would put this much energy in saying let's clean up these agencies, so when we do go and pitch these things, we have the respectability that we're supposed to have. So under no circumstances could I support something like that until there's some energy on the part of the efforton the agenciesto represent themselves the way they're supposed to.
Mr. CONYERS. Would the gentleman from California yield?
Mr. BONO. Yes, I will.
Page 17 PREV PAGE TOP OF DOC Mr. CONYERS. I thank you very much.
You're awfully modest and unassuming today as an ordinary guy that just landed on Judiciary. You have more experience and background in this field, based on just what I know about you, than anybody on the committee. And you're a valued member of this committee, Sonny, and we'll be looking for you and the experiences that you bring to the committee on this subject matter.
Mr. BONO. That is very kind, and I appreciate those nice words. Thank you, sir.
That's all I have to say. I hope Government starts making an effort to look the way they should to the public. So on a daily basis, the public doesn't read about different scandals, because asking for public support is just not going to happen in these days. Thank you.
Mr. COBLE. I thank the gentlemen.
Not unlike my friend from California, the gentlewoman said earlier, we are all going to be moving about today, and I want to apologize in advance to the panels as well, if we do this. This is not an indication that we're not interested, but there is another bill that's floating around this Hill which the lady from California, the gentleman from Michigan, the gentleman from Virginia, and I are very interested in, and I have some work to do on that today. And we may try to get the gentleman from California to come aboard, so I'm not sure what kind of luck we'll have on that.
But having said all that, let me introduce our first panel. Our first panel consists of three witnesses who will present the administration's position on H.R. 695.
Page 18 PREV PAGE TOP OF DOC
First, from the Department of Commerce, we have the Honorable William Reinschhave I the correct pronunciation, Mr. Reinsch?the Under Secretary for Export Administration. Mr. Reinsch holds bachelor's and master's degrees from Johns Hopkins University. He has worked much of his career in Congress. He's served on the staff of the late Senator John Heinz from 1977 to 1991 and on the staff of Senator Jay Rockefeller from 1991 to 1993, prior to joining the administration.
Next, we have the Honorable William Crowell, the Deputy Director of the National Security Agency. Mr. Crowell is a graduate of Louisiana State University. Except for one short tour in private industry, he has been with the Agency since 1962. He became the Deputy Director in 1994.
Finally, from the Department of Justice, we have the Honorable Robert Litt, the Deputy Assistant Attorney General for the Criminal Division of the Department of Justice. Mr. Litt is a graduate of Harvard College and the Yale Law School. After clerking for Justice Potter Stewart, Mr. Litt became an assistant U.S. attorney in the Southern District of New York and later became a partner in the law firm of Williams & Connelly. He joined the State Department in 1993 and moved to his current position in June 1994.
We have written testimony from these witnesses and from other witnesses who will appear, and I ask unanimous consent that their statements be made a part of the record, and I, furthermore, ask unanimous consent that the statements of the members be made a part of the record this morning.
Page 19 PREV PAGE TOP OF DOC Gentlemen, we have three panels today, and we are going to request your cooperation as we impose a 5-minute rule. When the red light illuminates, that is your signal. Now, you will not be keel-hauled if you don't immediately respond, but if you could stay within the 5-minute timeframe, I will be appreciative.
And, Mr. Goodlatte, if you would come to the chair, I will work on our other bill while you preside here, and I'll try to come back before the day is over.
Gentlemen, good to have you, and you all may go in any desired order.
STATEMENT OF WILLIAM A. REINSCH, UNDER SECRETARY, BUREAU OF EXPORT ADMINISTRATION, DEPARTMENT OF COMMERCE
Mr. REINSCH. Thank you very much, Mr. Chairman.
It's a pleasure to be back before the subcommittee. A lot has happened since I was here last on September 25. The President has decided on an encryption policy. We're well on our way to implementing it. It is intended to balance all the competing interests that have been identified on this issue: privacy, electronic commerce, law enforcement, and national security. My task amongst the three of us is to lay out what we have done since my last appearance in September and to tell you a little bit about the legislation that we plan to submit shortly.
The President's policy of balance, as I said, is based on trying to promote key recovery in the marketplace. And in order to do that and to facilitate the creation of products that provide key recovery, we have undertaken a number of actions since last October.
Page 20 PREV PAGE TOP OF DOC
On December 30, we published new regulations that transferred the licensing of commercial encryption products from the Department of State to the Department of Commerce. This change of jurisdiction makes clear that strong encryption is not something to be used primarily by governments or military forces, but will become an accepted part of normal commercial activity.
The new regulations set forth several procedures which support the development of a key management infrastructure. The most important of these is to allow recoverable encryption products of any strength and any key length to be exported freely after a single review by Commerce, Justice, and the Department of Defense.
We've also expanded the definition of eligible products to include not only key escrow systems which use a trusted third party, but also other systems which allow for recovery of the keys or plain text.
The new regulations also allow for self-escrow and escrowing of keys overseas in certain circumstances which will make key recovery products more attractive in export markets.
We have also created a special 2-year liberalization period during which companies may export 56-bit DES or equivalent products, provided they submit plans and show that they are working to develop the key management infrastructure envisioned by the administration.
In addition, we have continued discussions with our trading partners on a common approach to encryption policy. To head this effort, the President appointed David Aaron, our Ambassador to the OECD, as a special envoy on encryption. Ambassador Aaron couldn't be with us today, but in his absence, if you'd like, I'd be glad to discuss some of the things that he's done in his efforts to get a multilateral approach to this problem.
Page 21 PREV PAGE TOP OF DOC
Probably a good gauge of industry response to what we've done has been the flow of applications since the change of policy. In the first 2 months we've received close to 400 license applications for exports valued at almost $500 million. Seventeen companies have submitted commitment plans which lay out how they will build and market key recovery products, and we know that others are preparing them. These 17 companies include some of the largest software and hardware manufacturers in the country. We have approved seven of these plans, and we expect to approve more very shortly.
The flow of licenses and the company commitment plans tell us our policy is working. We intend to amend our regulations in the near future to reflect the many helpful comments we received from industry, and we want to make sure that our efforts to regulate the export of recoverable encryption are compatible with the larger structure for electronic commerce now beginning to take shape.
Now, the administration has stated on numerous occasions that we do not support mandatory key escrow and key recovery. Our objective is to enable the development and establishment of a voluntary key management system for public key-based encryption.
We believe the administration's policy is succeeding in bringing key recovery products to the marketplace, and our intention is now turning toward how we can best facilitate the development of the key management infrastructure that will be necessary to support these products.
To that end, we will shortly submit our own legislation that is intended to do the following: expressly confirm the freedom of domestic users to choose any type or strength of encryption; explicitly state the participation in the key management infrastructure as voluntary; set forth legal conditions for the release of recovery information to law enforcement officials pursuant to lawful authority; provide liability protection for key recovery agents who have properly released such information; criminalize the misuse of keys and the use of encryption to further a crime; offer, on a voluntary basis, firms that are in the business of providing public cryptography keys the opportunity to obtain government recognition allowing them to market the trustworthiness implied by Government approval.
Page 22 PREV PAGE TOP OF DOC
In reviewing H.R. 695, let me say that we welcome a continuing dialog with Mr. Goodlatte and others interested in this subject to see if we can reach a common view, and we particularly appreciate the comments of Ms. Lofgren in that regard.
At the same time, I must tell you that legislation such as H.R. 695 would not be helpful, and the administration cannot support it. The bill has a number of similarities to what we will shortly submit, but it proposes export liberalization far beyond what the administration can entertain and which would be contrary to our international export control obligations.
We are sympathetic to some aspects of H.R. 695, such as penalties for unlawful use of encryption and access to encrypted information for law enforcement purposes, but the bill does not provide the balanced approach we are seeking and, as a result, would unnecessarily sacrifice our law enforcement and national security needs.
Thank you very much, Mr. Chairman.
[The prepared statement of Mr. Reinsch follows:]
PREPARED STATEMENT OF WILLIAM A. REINSCH, UNDER SECRETARY, BUREAU OF EXPORT ADMINISTRATION, DEPARTMENT OF COMMERCE
Mr. Chairman, much has happened since encryption was debated during the 104th Congress. The President has decided on an encryption policy, and we are well on our way to implementing it. It balances all of the competing interests in this issue: privacy, electronic commerce, law enforcement, and national security.
Page 23 PREV PAGE TOP OF DOC Making strong commercial encryption widely available is in the best interest of the United States. Indeed, it is inevitable, as powerful computers and advanced telecommunications rapidly lead to the creation of broad electronic networks which will form the basis for communication and commerce in the future. The ability to encrypt electronic messages and data will be essential for electronic commerce and for the full development of information technology. Businesses and individuals need encrypted products to protect sensitive commercial information and to preserve privacy, and their demand for those products will further facilitate the spread of encryption.
This trend is also economically desirable. Protecting the confidentiality of business information will reduce losses from industrial espionage. Perhaps more important, we are the world's leading producer of information technology with almost half the world's producers and roughly half their revenues coming from exports. And we want to keep it that way.
To retain this leading position and the jobs it produces, we must ensure our producers' continued ability to capture foreign market share. Our companies must be able to meet the growing demand for products with strong encryption. If they do not, foreign firms will step in to fill the void. The United States cannot allow its encryption policy to become a point of vulnerability for this vital industrial sector. We must shape our export control policies to allow American companies to take advantage of their strengths in information technology in their pursuit of global markets.
But the increased use of encryption carries with it serious risks for law enforcement and our national security. Any policy on encryption must address these risks as well if it is to be in the national interest. Our policy provides that balance, and does it in close consultation with the private sector and by working with the market, not against it.
THE ADMINISTRATION'S POLICY
The President's policy of balance is based on trying to promote key recovery in the marketplace.
Page 24 PREV PAGE TOP OF DOC By ''key recovery'' I refer to a range of technologies, some in existence, some under development, some still being conceived, designed to permit the plain text recovery of encrypted data or communications. There has been a tendency in this debate to construe this term and others as narrowly focussed on a single technology, and I want to make clear that is not our intent. We expect the market to make those judgments. In order to facilitate the development and dissemination of these products, we have taken the following steps:
On December 30, 1996, we published new regulations that transferred the licensing of commercial encryption products from the Department of State's Munitions List to the Department of Commerce's Dual-Use list. This change of jurisdiction emphasized the Administration's decision that strong encryption is not something to be used primarily by governments or military forces, but will become an accepted part of normal commercial activity.
The new regulations set forth several procedures which support the development of a key management infrastructure. The most important of these is the creation of a license exemption which would allow recoverable encryption products of any strength and key length to be exported freely after a single review by Commerce, Justice and the Department of Defense.
We have also expanded the definition of products eligible for this key recovery license exemption to include not only ''key escrow'' systems, which use a trusted third party, but also other systems which allow for recovery of the keys or plain text. This means that we have gone beyond a simple prescription for key escrow and trusted third parties as the solution to all encryption needs.
The new regulations also allow for self-escrow and escrowing of keys overseas in certain circumstances, which will make key recovery products more attractive in export markets. Since the establishment of a key management infrastructure may take some time, the regulations make explicit that we will consider requests for self escrow and escrowing overseas even before there are government agreements on access or an established network of recovery agents in place.
Page 25 PREV PAGE TOP OF DOC To encourage the movement toward the development of these recoverable encryption products. we have also created a special. two year liberalization period during which companies may export 56 bit DES or equivalent products. provided they submit plans and show that they are working to develop the key management infrastructure envisioned by the Administration. This temporary relief will help provide an incentive and a transition period for manufacturers to move to Key Management Infrastructure.
To help create standards which will guide the Federal Government in its own key management efforts, the National Institute of Standards and Technology has formed an industry advisory committee to develop requirements and standards for key recovery. We have invited representatives of foreign governments to attend meetings of this advisory committee, which has met twice, to help ensure coordination and compatibility on a multilateral basis.
In addition, we have continued discussions with our major trading partners on a common approach to encryption policy. To head this effort, the President appointed David Aaron, our Ambassador to the Organization for Economic Cooperation and Development as his Special Envoy on Encryption.
We also asked for public comments on this new regulation. We received 43. They are posted on BXA's web site for all to review. A few are critical, but many are very helpful. Perhaps a better gauge of industry response has been the flow of applications since the change in policy. In the first two months we have received close to 400 license applications for exports valued at almost $500 million. Twelve companies have submitted commitment plans which lay out how they will build and market key recovery products, and we know that others are preparing them. These twelve companies include some of the largest software and hardware manufacturers in the country. We have approved six of these plans, and we expect to approve more very shortly.
The flow of licenses and the company commitment plans tell us our policy is working. That said, we intend to amend our regulations in the near future to reflect the many helpful comments we received from industry. We want to make sure that our efforts to regulate the export of recoverable encryption are compatible with the larger structure for electronic commerce now beginning to take shape.
Page 26 PREV PAGE TOP OF DOC We have also supported the development of ten pilot projects designed to demonstrate key recovery in such diverse applications as processing electronic grants and sharing international patent applications. I have with me a description of those projects, and I would request that it be included in the record.
The Administration has stated on numerous occasions that we do not support mandatory key escrow and key recovery. Our objective is to enable the development and establishment of a voluntary key management system for public-key based encryption. We believe the Administration's policy is succeeding in bringing key recovery products to the marketplace. Our attention is now turning toward how we can best facilitate the development of the key management infrastructure that will support those products. To that end, we will shortly submit legislation intended to do the following:
Expressly confirm the freedom of domestic users to choose any type or strength of encryption.
Explicitly state that participation in the key management infrastructure is voluntary.
Set forth legal conditions for the release of recovery information to law enforcement officials pursuant to lawful authority and provides liability protection for key recovery agents who have properly released such information.
Criminalizes the misuse of keys and the use of encryption to further a crime.
Offers, on a voluntary basis, firms that are in the business of providing public cryptography keys the opportunity to obtain government recognition, allowing them to market the trustworthiness implied by government approval.
In reviewing H.R. 695, let me first say that we welcome a continuing dialog with Mr. Goodlatte and others interested in this subject to see if we can reach a common view. At the same time, I must tell you that legislation such as H.R. 695 would not be helpful, and the Administration cannot support it. The bill has a number of similarities to what we will shortly submit, but it proposes export liberalization far beyond what the Administration can entertain and which would be contrary to our international export control obligations. We are sympathetic to some aspects of H.R. 695, such as penalties for unlawful use of encryption and access to encrypted information for law enforcement purposes, but the bill does not provide the balanced approach we are seeking and as a result would unnecessarily sacrifice our law enforcement and national security needs. I defer to other witnesses to describe the impact of the bill on law enforcement, but let me describe a few of its other problems.
Page 27 PREV PAGE TOP OF DOC
The bill appears to decontrol even the strongest encryption products, thus severely limiting government review of highly sensitive transactions. The Administration has a long-standing policy that the risks to national security and law enforcement which could arise from widespread decontrol of encryption justify continued restrictions on exports.
In addition, whether intended or not, we believe the bill as drafted would preclude the development of key recovery even as an option. The Administration has repeatedly stated that it does not support mandatory key recovery, but we most certainly endorse and encourage development of voluntary key recovery systems, and we see a strong and growing demand for them that we do not want to cut off.
As I have said on many occasions, Mr. Chairman. encryption is one of the most difficult issues in public policy today, but we are committed to solving it in cooperation with industry, the law enforcement community, and the Congress in a way that reinforces market principles and achieves our diverse goals. We hope that you will work with us to facilitate that process by passing the legislation we are proposing.
EMERGENCY ACCESS DEMONSTRATION PROJECT
Until recently, federal agencies have not made significant use of commercial cryptography to protect sensitive unclassified information. However, as federal agencies have begun to realize the sensitivity of their information and that cryptography can help protect that information, more agencies are making use of encryption mechanisms. As encryption becomes more prominent, providing a means for management and other authorized entities to recover keys in the event that a user is away on vacation or is terminated from employment will become critical to the continued operation of each organization. Key recovery (also known as emergency access) is a security service which provides a secure and trusted means of storing private encryption keys, and ensures that mechanisms are in place for management and other authorized entities to recover those keys.
Page 28 PREV PAGE TOP OF DOC
The Interagency Working Group on Cryptography Policy (IWG) has established a task group to demonstrate the practicability of key recovery as an element of a key management infrastructure/public key infrastructure (KMI/PKI). The Task Group is formed jointly of representatives from the Government Information Technology Services Board (GITS) and the IWG. The Task Group is chaired by a representative from the Department of the Treasury, who also serves as the Champion for Security and Privacy for the GITS Board with participation from NIST, FBI, NSA, and GSA and each agency with a pilot selected from this demonstration.
Ten Federal agency pilots will test the elements of the vision laid out in the white paper, ''Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure.'' In addition, the pilots have been selected based on their ability to:
be scalable in size and breadth to other applications;
be a meaningful and readily understood application, but not necessarily mission-critical;
allow for a diversity of user community technology sophistication;
be capable of being implemented and evaluated in 915 months;
assure extensive involvement of industry in design and implementation; and
use commercial products, to the extent available.
The following presents a brief description of each candidate agency's pilot:
The Department of Energy (DOE) EDI/Internet Security project will test emerging security technologies for Electronic Data Interchange (EDI) that are based on the Internet transport protocols for e-mail, ftp, and http. Participants include six Federal agencies and eight academic research organizations currently involved in the Electronic Research Administration (New ERA). The project will test the interoperability of multiple vendors' products across open processing environments. The initial implementation will focus on processing electronic grants between Federal agencies and universities.
Page 29 PREV PAGE TOP OF DOC The Department of Transportation (DOT) Electronic Grants Program's pilot project will demonstrate that a secure electronic grants system can be built around low cost, World Wide Web technology while maintaining the standard EDI data structure required for government-wide information sharing. In fiscal year 1995, approximately $236 billion in grants were awarded government-wide; the DOT awarded more that 10% of those grants supporting goals like improved transportation safety and construction and rehabilitation of transportation infrastructure. DOT will pilot this application with a small segment of grantees that represent universities, state and local governments.
The Lawrence Livermore National Laboratory Advanced Manufacturing for the National Information Infrastructure (AMNII) Program is a DOE initiative to automate traditional engineering and business processes, to significantly reduce cycle time and costs, deliver a high level of assurance of stockpile safety and integrity, and develop an infrastructure for Nuclear Weapons Complex (NWC) enterprise integration. The NWC electronic concurrent engineering and business processes utilize the Internet to connect the AMNII national laboratories, production plants, and their vendors. Given the sensitive nature of this work, the infrastructure must provide strong authentication, non-repudiation, message integrity, and privacy for the information being exchanged over the Internet.
The National Institute of Standards and Technology's (NIST) Public Key and Non-Public Key Emergency Access Project will test the interaction among certificate authorities for the other pilots. NIST will serve as technical lead in establishing a pilot public key infrastructure consisting of a root certificate authority and three descendent certificate authorities in a hierarchy. The root certificate authority will be located at, and operated by, NIST. The remaining certificate authorities will be located at either pilot agencies or at trusted third party sites. In addition, NIST will provide primary technical support for the purpose of testing the feasibility of implementing emergency access capabilities.
Page 30 PREV PAGE TOP OF DOC The National Technical Information Service's (NTIS) FedWorld Secure Web and Certificate Authority Project will prototype trusted-agent services that support digital signature, the encryption of files and messaging, and authorized emergency access to encrypted information through key recovery management.
The Social Security Administration (SSA) has defined, for its Annual Wage and Reporting System pilot, a proof of concept demonstration to file annual wage reports, using a special forms-based Client Application and Web browser, fully compliant with the magnetic media standard specifications published by the SSA.
The Patent and Trademark Office's (PTO) Patent Cooperation Treaty Project will demonstrate the exchange of international application in secure electronic form between the Trilateral Offices (U.S. Patent and Trademark Office, European Patent Office, and Japanese Patent Office) and the International Bureau of the World Intellectual Property Office (WIPO) to reduce processing costs and the burden on applicants.
The Small Business Administration (SBA) Electronic Lending Program is an initiative to re-engineer its loan accounting processes to support more efficient technically advanced mechanisms to enhance its electronic lending program.
The Department of the Treasury Network Infrastructure/Electronic Messaging Services will implement, jointly with the GSA E-mail Program Management Office, a private Administrative Management Domain for federal government use offering origin authentication, secure access management, data confidentiality, data integrity, non-repudiation, and emergency access.
Page 31 PREV PAGE TOP OF DOC For further information or if you have any questions about the Emergency Access Demonstration Project, please contact Ms. Patricia N. Edfors, U.S. Department of the Treasury, at (202) 6221552.
Mr. GOODLATTE [presiding]. Thank you, Mr. Reinsch. We appreciate having your testimony.
STATEMENT OF ROBERT S. LITT, DEPUTY ASSISTANT ATTORNEY GENERAL, CRIMINAL DIVISION, DEPARTMENT OF JUSTICE
Mr. LITT. Thank you, Mr. Chairman and members of the subcommittee, for giving me this opportunity to discuss with you law enforcement's views on the issue of encryption. I particularly appreciate it, because in the time I've been at the Justice Department and dealing with this issue, I've come to recognize that law enforcement's views are frequently mischaracterized and misunderstood, and I appreciate this opportunity to explain them fully for you.
In the last few years, some people who have very legitimate concerns about privacy, commerce, and computer security in the information age have argued that Government should simply stay out of the encryption issue entirely. Export controls have come in for particular criticism.
I want to make clear at the outsetbecause this is one of the areas where I think our position is misunderstoodthat the Department of Justice and law enforcement in general supports the spread of strong encryption. We believe that the availability and wide use of strong cryptography are critical if the global information infrastructure is to fulfill its promise in areas such as personal communications, financial transactions, medical care, and a wide variety of other areas.
Page 32 PREV PAGE TOP OF DOC
And our support for robust encryption stems in part from the fact that we have the responsibility under the law to protect privacy and commerce through a variety of statutes. At the same time, however, we also have the responsibility to protect the American people from the threats posed by terrorists, organized crime, child pornographers, drug cartels, foreign intelligence agents, and others, and to prosecute serious crime when it does occur.
And, thus, while we strongly favor the spread of strong encryption, we are gravely concerned that the proliferation and use of unbreakable encryption would seriously undermine the safety of the American people. Our national policy must reflect a balance between these competing interests of privacy and public safety.
If unbreakable encryption proliferates, critical law enforcement tools would be nullified. For example, even if the Government satisfies the rigorous legal and procedural requirements for obtaining an order to tap the phones of drug traffickers, the wiretap would be worthless if the intercepted communications amount to an unintelligible jumble of noises or symbols. Or we might legally seize the computer of a terrorist or a child molester using the Internet and be unable to read the data identifying his targets or his plans.
The potential harm to law enforcement and to our own security from unbreakable encryption could be devastating.
And I also want to emphasize that this concern is not a theoretical one or exaggerated. In my written statement I gave a number of specific examples of cases where we are already encountering encryption in criminal investigations. As encryption proliferates and becomes an ordinary component of mass market items, and as the strength of encryption products increases, the threat to public safety will increase proportionately.
Page 33 PREV PAGE TOP OF DOC
To some this is an acceptable outcome. They argue that people have a right to absolute immunity from Government intrusion regardless of the costs to public order and safety and that any new technology that enhances absolute privacy should go unrestricted.
But our Founding Fathers recognized that an absolute right to privacy was incompatible with an ordered society, and so our Nation has never recognized such an absolute right. Rather, the fourth amendment strikes a careful balance between an individual's right to privacy and society's need, on appropriate occasions and when authorized by a court order, to intrude into that privacy. Our encryption policy should try to preserve that time-tested balance.
Others claim that our fears are overstated. They believe that with enough resources law enforcement and intelligence agencies can break any encryption. But that is just not true. The time and cost to decrypt a message rises exponentially as the length of the encryption key increases. To decrypt a single message using 56-bit DES, which is a product whose export we are now allowing, would require over 1 year using a supercomputer, and it's never just one message.
Moreover, we're not talking only about Federal law enforcement here. We must also consider with the thousands of State and local police forces all over the country who don't have access to supercomputers. Brute force attacks are just not a feasible solution, particularly when what you're talking about is trying to find a kidnapped child before she's murdered or preventing a terrorist attack.
Our goal then is to encourage the use of strong encryption to protect privacy and commerce, but in a way that preserves law enforcement's ability to protect public safety and national security against terrorism and other threats. The best way to achieve this balance is through use of a key recovery system.
Page 34 PREV PAGE TOP OF DOC
But I want to emphasizebecause our position here is also often misunderstoodthat a key recovery system would give the Government no new power. It would create no new authority to obtain data to examine personal records or to eavesdrop. Access to encrypted data could be obtained only as part of a legally authorized investigation and under the same circumstances that today would authorize access to the unencrypted data. The same constitutional and statutory protections that preserve every American's privacy interests today would prevent unauthorized intrusions in a key recovery regime. All that we would be doing is preserving law enforcement's ability to do what it is legally and constitutionally entitled to do today.
For many months we've been engaged in serious discussions on this subject with foreign governments, which are now anxious to join us in developing international standards to address this issue on a global scale. And we believe that key recovery encryption is going to become the worldwide standard. Thus, U.S. businesses will be able to compete abroad, effectively retaining and even expanding their market share, while law enforcement agencies continue to have a legally authorized means of decrypting encoded data.
The argument is sometimes made that key recovery encryption is not a solution because criminals will simply use nonkey recovery encryption to communicate among themselves and to hide evidence of their crimes. But we believe that if American companies develop and market strong key recovery encryption products and a global key management infrastructure arises, key recovery products will become the worldwide standard, and even criminals will use key recovery products, because even criminals need to communicate with legitimate organizations such as banks.
Page 35 PREV PAGE TOP OF DOC We've heard, of course, the claim that the genie is out of the bottlethat strong encryption is already widely available overseas and its dissemination cannot be halted. We disagree with that.
First, although strong encryption products can be found overseas, these products are not ubiquitous, in part because of our export controls.
Second, the products that are available overseas are not widely used because there's not yet an infrastructure to support the distribution of keys among users.
Third, the quality of encryption products offered abroad varies greatly, with some encryption products not providing the level of protection advertised.
And, finally, the vast majority of legitimate businesses and individuals with a need for strong encryption do not and will not rely on encryption downloaded from the Internet from untested sources, but prefer to deal with known and reliable suppliers. For these reasons, export controls continue to serve an important function.
Now I want to make two other points about export controls. Our allies agree with us that unrestricted export of encryption would severely hamper law enforcement objectives. It would be a terrible irony if this Government, which prides itself on its leadership in fighting international crime, were to enact a law that our allies would perceive as jeopardizing public safety and weakening law enforcement agencies worldwide.
Second, in light of the concern that other countries have, we believe that many of these countries would respond to any lifting of U.S. export controls by imposing their own import controls or restricting the use of strong encryption by their citizens. Indeed, many countries are already doing so. In the long run, then, U.S. companies might well be not any better off if our export controls were lifted.
Page 36 PREV PAGE TOP OF DOC
In light of these factors, we believe it would be profoundly unwise simply to lift export controls on encryption. National and domestic security should not be sacrificed for the sake of uncertain commercial benefits, especially when we have the real possibility of satisfying both security and commercial needs simultaneously.
Mr. Chairman, our policy in this area has to be a balanced one that recognizes and accommodates the competing interests of privacy and security. As I've said, law enforcement recognizes the privacy interests and endorses them, and we welcome strong encryption, and we've made many accommodations in our preferred policy in order to try to obtain the benefits of privacy while preserving law enforcement equities.
I would ask you to ask the members of the panels who are going to come on after this whether they recognize the interests and the equities that law enforcement has and believe those are valid interests, and what they would do and how their policy accommodates those interests, because I think it is important that our policy achieve this balance.
Thank you very much.
[The prepared statement of Mr. Litt follows:]
PREPARED STATEMENT OF ROBERT S. LITT, DEPUTY ASSISTANT ATTORNEY GENERAL, CRIMINAL DIVISION, DEPARTMENT OF JUSTICE
Thank you, Mr. Chairman and members of the Subcommittee, for providing me with this opportunity to discuss with you the important and complex issue of encryption. The Nation's policy on this issue must carefully balance important competing interests, and it is essential for all interested parties to recognize the validity and importance of all of these interests. Although the Department of Justice does not support H.R. 695 in its present form, we look forward to continuing the productive discussions we have had with Congress on this issue, with the goal of arriving at a policy that accommodates all of these interests.
Page 37 PREV PAGE TOP OF DOC
Since 1992, when AT&T announced its plan to sell a small, portable telephone device that would provide users with low-cost but robust voice encryption, the issue of encryptionthat is, the use of mathematical algorithms to protect the confidentiality of datahas been vociferously debated in the United States. Some people, who have legitimate concerns about privacy, commerce, and computer security in the information age, have advocated the unfettered proliferation of strong encryption products. They have argued that government should simply stay out of the encryption issue entirely. Government controls on the export of strong cryptography have come in for particular criticism.
Let me make clear at the outset that the Department of Justice supports the spread of strong encryption. We believe that the availability and use of strong cryptography are critical if the ''Global Information Infrastructure'' (GII) is to fulfill its promise. Communications and data must be protectedboth in transit and in storageif the GII is to be used for personal communications, financial transactions, medical care, the development of new intellectual property, and myriad other applications. Indeed, people sometimes lose sight of the fact that law enforcement's responsibilities include protecting privacy and promoting commerce over our nation's communications networks. For example, we prosecute under existing laws those who violate the privacy of others by illegal eavesdropping, hacking or theft of confidential information. Indeed, last year the Administration sought, and Congress passed, the National Information Infrastructure Protection Act of 1996, to provide further protection to the confidentiality of stored data. And we help promote commerce by enforcing laws that protect intellectual property rights, by combating computer and communications fraud, and by helping to protect the confidentiality of business data through enforcement of the Economic Espionage Act. Our support for robust encryption stems from this commitment to protecting privacy and commerce.
At the same time, however, we must be mindful of our other principal responsibilities: to protect public safety and national security against the threats posed by terrorists, organized crime, foreign intelligence agents, and others, and to prosecute serious crime when it does occur. Thus, while we favor the spread of strong encryption, we are gravely concerned that the proliferation and use of unbreakable encryption would seriously undermine our ability to protect the American people.
Page 38 PREV PAGE TOP OF DOC
The most easily understood example is electronic surveillance. Court-authorized wiretaps have proven to be one of the most successful law enforcement tools in preventing and prosecuting serious crimes, including drug trafficking and terrorism. We have used legal wiretaps to bring down entire narcotics trafficking organizations, to rescue young children kidnaped and held hostage, and in a variety of matters affecting our national security. In addition, as society becomes more dependent on computers, evidence of crimes is increasingly found in stored computer data, which can be searched and seized pursuant to court-authorized warrants.
But if unbreakable encryption proliferates, these critical law enforcement tools would be nullified. Thus, for example, even if the government satisfies the rigorous legal and procedural requirements for obtaining a wiretap order, the wiretap would be worthless if the intercepted communications of the targeted criminals amount to an unintelligible jumble of noises or symbols. Or we might legally seize the computer of a terrorist and be unable to read the data identifying his targets, his plans and his co-conspirators. The potential harm to law enforcementand to the nation's domestic securitycould be devastating.
I want to emphasize that this concern is not theoretical, nor is it exaggerated. Although encryption is only in its infancy, we have already begun to encounter its harmful effects in recent investigations.
In the Aldrich Ames spy case, Soviet intelligence operatives directed Ames to encrypt computer files that he transmitted to them.
Ramzi Yousef, recently convicted of conspiring to blow up 10 U.S.-owned airliners in Asia, and his co-conspirators apparently stored information about their terrorist plot in an encrypted computer file. (Yousef is also one of the alleged masterminds of the World Trade Center bombing.)
Page 39 PREV PAGE TOP OF DOCOne of the subjects in a child pornography case encrypted pornographic images of children before sending the pictures out on the Internet.
The subject of a major international drug-trafficking case used a telephone encryption device to seriously reduce the effectiveness of a court-ordered wiretap.
In several major hacker cases, the subjects have encrypted computer files, thereby concealing evidence of serious crimes. In one such case, the government was unable to determine the full scope of the hacker's activity because of the use of encryption.
These are just a few examples of recent cases involving encryption. As encryption proliferates and becomes an ordinary component of mass market items, and as the strength of encryption products increases, the threat to public safety will increase proportionately.
To some, this is an acceptable outcome. They argue that people have a right to absolute immunity from governmental intrusion, regardless of the costs to public order and safety, and that any new technology that enhances absolute privacy should go unrestricted. But the Founding Fathers recognized that an absolute right to privacy was incompatible with an ordered society, and so our Nation has never recognized such an absolute right. Rather, the Fourth Amendment strikes a careful balance between an individual's right to privacy and society's need, on appropriate occasions, to intrude into that privacy. We have always permitted government to invade a person's privacy, for example by searching for and seizing personal communications and papers, when it is necessary to prevent, solve, and prosecute crimes, but, for the most part, we allow this only when the government demonstrates ''probable cause'' and obtains a warrant from the court. Unbreakable encryption would upset this delicate constitutional balance, which is one of the bedrock principles of our legal system, by effectively nullifying a court's issuance of a search warrant or wiretap order. The notion that advances in technology should dictate public policy is backwards. Technology should serve society, not rule it; technology should promote public safety, not defeat it.
Page 40 PREV PAGE TOP OF DOC
Others claim that the fears of law enforcement are overstated. They argue that U.S. law enforcement and intelligence agencies can be given the resources necessary to decrypt encrypted communications. Essentially, they argue that expensive, fast computers can be used to decipher encrypted communications by ''brute force''which essentially means trying every possible ''key'' (a sequence of symbols that determines the transformation from plain text to cipher-text, and vice versa) until the right one is found. They point to the recent, highly publicized success of a graduate student in deciphering a message encrypted with a 40-bit key in under four hours and argue that law enforcement can surely do the same. But this argument does not withstand scrutiny.
Most significantly, the time needed to decrypt a message rises exponentially as the length of the encryption key increases. According to the National Security Agency's estimates, the average time needed to decrypt a single message by means of a brute force cryptoanalytic attack on 56-bit DESa strength whose export we are now allowingwould be approximately one year and eighty-seven days using a thirty-million-dollar supercomputer. And, of course, law enforcement would not be confronted with only one message to decrypt. During 1995, for example, federal and state courts authorized more than a thousand electronic surveillance court orders, resulting in over two million intercepted communications, each of which would require separate decryption. Given such numbers, brute force attacks are not a feasible solution.
Additionally, law enforcement agencies at the federal, state, and local level are finding that searches in routine, non-wiretap cases now commonly result in the seizure of electronically stored information. Because storage devices have increased in capacity and decreased in price, the quantity of data seized in ''ordinary'' cases continues to increase dramatically. If all of these communications and stored files were DES-encrypted, brute force attacks would not provide a meaningful and timely solution, especially since some cases, such as kidnappings, may require immediate decryption to prevent death or serious bodily harm. Thus, even if hundreds of such supercomputers were built (an expensive undertaking, to say the least), the approximately 17,000 federal, state, and local law enforcement agencies could not be given timely access to necessary decryption services.
Page 41 PREV PAGE TOP OF DOC Finally, many proponents of strong encryption advocate its proliferation precisely because it cannot be decrypted by the government. Thus, even if the government could acquire the ability to quickly decrypt DES-encrypted communications and information, many of the advocates of absolute privacy would push for even greater key lengths, on the ground that 56-bit DES no longer provided acceptable security. But greater key lengths would, of course, increase the difficulty and cost of decrypting encrypted data even more. We must recognize that it will always be easier and cheaper to devise algorithms using longer keys than to build computers powerful enough to break them in a reasonable period of time.
Our goal, then, must be to encourage the use of strong encryption to protect privacy and commerce, but in a way that preserves law enforcement's ability to protect public safety and national security against terrorism and other criminal threats. We have engaged in extensive international discussions on this topic over the last year, and a consensus is now emerging throughout much of the world that the way to achieve this balance is through the use of a ''key recovery'' or ''trusted third party'' system. Under this system, a key for a given encryption product would be deposited with a trusted third party or ''recovery'' agent. (Some entities, such as large corporations, might be able to hold their own keys, provided that certain procedural protections were established to preserve the integrity of a law enforcement investigation.) If the government had lawful authority to obtain the encrypted information, for example by a search warrant or a court-ordered wiretap, it could obtain the key from the recovery agent in order to decrypt the information it was entitled to get.
But I want to emphasize that a key recovery system would give the government no new power. It would create no new authority to obtain data, to examine personal records, or to eavesdrop. Access to encrypted data could be obtained only as part of a legally authorized investigation, and under the same circumstances that today would authorize access to unencrypted data. The same constitutional and statutory protections that preserve every American's privacy interests today would prevent unauthorized intrusions in a key recovery regime. All we would be doing would be preserving law enforcement's ability to do what it is legally and constitutionally entitled to do today. At the same time, though, individuals and companies would gain the benefit of strong cryptography to protect the confidentiality of their data, whether in storage or in transmission.
Page 42 PREV PAGE TOP OF DOC
Effective law enforcement is not, however, the only reason to support a key recovery system. Business, as well, needs a routinely available method of recovering encrypted information. For example, a company might find that one of its employees had encrypted confidential information in the company's files and then absconded with the key, or just lost it. Without a key recovery system, the company would be out of luck. Key recovery thus serves important private interests as well.
In short, key recovery holds great promise for providing the security and confidentiality that businesses and individuals want and need, while preserving the government's ability to protect public safety and national security. There are no restrictions on the use of encryption domestically, and we do not propose to require the manufacture and use of key recovery products. Administration policy is to promote the voluntary manufacture and use of key recovery products, to develop a global key management infrastructure (''KMI''), and to liberalize United States restrictions on the export of robust cryptographic products in the hope that market forces will make such products a de facto industry standard.
For many months, we also have been engaged in serious discussions on this subject with foreign governments, which are now anxious to join us in developing international standards to address this issue on a global scale. In fact, an experts working group of the Organization for Economic Cooperation and Development is expected to issue shortly a statement of principles that acknowledges the need to consider public safety when establishing national cryptographic policies. We believe that key recovery encryption will become the worldwide standard for users of the GII.
If key recovery encryption does become the worldwide standard, U.S. businesses will be able to compete abroad effectively, retaining and even expanding their market share. At the same time, law enforcement agencies will have a legally authorized means of decrypting encoded data. This approach would therefore effectively serve the interests of all Americans.
Page 43 PREV PAGE TOP OF DOC
The argument is sometimes made that key recovery encryption is not the solution, because criminals will simply use non-key recovery encryption to communicate among themselves and to hide evidence of their crimes. But we believe that if our companies develop and market strong key recovery encryption products that will not interoperate with non-key recovery products and a global KMI arises, key recovery products will become the worldwide standard. Under those circumstances, even criminals will be compelled to use key recovery products, because even criminals need to communicate with legitimate organizations such as banks, both nationally and internationally.
That is the cornerstone of our policy: encouraging the voluntary development of key recovery products and a KMI to preserve the balance of privacy and law enforcement that our Constitution embodies. For this reason we cannot support H.R. 695 as it is presently drafted. We believe that the central provision of the bill, Section 3which would effectively eliminate all export controls on strong encryptionwould undermine public safety and national security by encouraging the proliferation of unbreakable encryption. In addition, we believe that the bill would discourage the development of a key management infrastructure.
As to the first issue, export controls, we have heard, of course, the oft-repeated argument that the ''genie is already out of the bottle''that strong cryptography is already widely available overseas and over the Internet, that its dissemination cannot be halted, and that regulation serves only to handicap U.S. manufacturers seeking to sell their encryption products overseas. We disagree.
First, although strong encryption products can be found overseas, these products are not ubiquitous, in part because the export of strong cryptography is controlled today by both the U.S. and other countries. It is worth noting in this regard that export of encryption over the Internet, like any other means of export, is restricted under U.S. law. Although it is difficult to completely prevent encryption products from being sent abroad over the Internet, we believe that the present legal restrictions have significantly limited the use of the Internet as a means of evading export controls.
Page 44 PREV PAGE TOP OF DOC
Second, the products that are available overseas are not widely used because there is not yet an infrastructure to support the distribution of keys among users and to provide interoperability among the different products. Such an infrastructure will have to be created in order to realize the full benefits of encryption, and we should strive to ensure that it is created in a way that preserves public safety.
Third, the quality of encryption products offered abroad varies greatly, with some encryption products not providing the level of protection advertised.
Finally, the vast majority of businesses and individuals with a serious need for strong encryption do not and will not rely on encryption downloaded from the Internet from untested sources, but prefer to deal with known and reliable suppliers. For these reasons, export controls continue to serve an important function.
It is also important to consider that our allies strongly concur that unrestricted export of encryption would severely hamper law enforcement objectives. Indeed, when the U.S. let it be known at a December 1995 meeting of the OECD that it was considering allowing the export of some stronger, non-recoverable encryption, many of our allies expressed dismay at the prospect of such an action. They feared that unbreakable encryption would become so internationally pervasive that criminal organizations and terrorists would be able to use it freely. It follows that the elimination of U.S. export controls, as provided by H.R. 695, would have an even more devastating impact on international law enforcement. It would be a terrible irony if this governmentwhich prides itself on its leadership in fighting international crimewere to enact a law that would jeopardize public safety and weaken law enforcement agencies worldwide.
Page 45 PREV PAGE TOP OF DOC
In addition, it would be a mistake to assume that if the U.S. were to lift export controls, U.S. companies would have unrestricted access to foreign markets. This assumption ignores the likely reaction of foreign governments to the elimination of U.S. export controls. Up to now, most other countries have not needed to restrict imports or the domestic use of encryption, largely because export controls in the U.S.the world leader in computer technologyand other countries have made such restrictions unnecessary. But given other countries' legitimate concerns about the potential worldwide proliferation of unbreakable cryptography, we believe that many of those countries would respond to any lifting of U.S. export controls by imposing import controls, or by restricting use of strong encryption by their citizens. For example, the import and domestic manufacture, sale and use of encryption products have already been restricted in France, Russia and Israel. And the European Union is moving towards the adoption of a key-recovery-based key management infrastructure similar to that proposed by the Administration. In the long run, then, U.S. companies might not be any better off if U.S. export controls were lifted, but we would have undermined our leadership role in fighting international crime and damaged our own national security interests in the meantime.
However, in recognition of the legitimate interests of U.S. software manufacturers, the Administration, as this Subcommittee is of course aware, has considerably liberalized export controls for certain commercial encryption products. The Administration transferred jurisdiction over commercial encryption products from the Department of State to the Department of Commerce at the end of December, a step that we expect will ease the burden on industry by providing for faster and more transparent decisions on applications for export licenses. We have allowed unlimited export of key recovery products as well as export of non-key recovery 56-bit encryption during a two-year transitional period by those companies that commit to the development of key recovery products.
Page 46 PREV PAGE TOP OF DOC
In light of these factors, we believe it would be profoundly unwise simply to lift export controls on encryption. National security should not be sacrificed for the sake of uncertain commercial benefits, especially when there is the possibility of satisfying both security and commercial needs simultaneously through global adoption of a key recovery system.
The second problem that we see with H.R. 695 is its failure to promote development of a key management infrastructure. The Administration believes that the development of a key management infrastructure is critically important for a safe society. H.R. 695 prohibits laws that would require a keyholder to relinquish keys to third parties under certain circumstances. Unfortunately, to the extent that this provision would actually prohibit government from encouraging KMI development, the provision would put public safety and national security at risk and is inadvisable. For example, it might preclude the United States government from utilizing useful and appropriate incentives to use key recovery. The government might not be able to require its own contractors to use key recovery or demand its use in the legally required storage of records regarding such matters as sales of controlled substances or firearms.
We as government leaders should embark upon the course of action that best preserves the balance long ago set by the Framers of the Constitution, preserving both individual privacy and society's interest in effective law enforcement. We should promote encryption products which contain robust cryptography but that also provide for timely and legal law enforcement access and decryption. This is the Administration's policy. We look forward to working with this Subcommittee as we continue to develop and implement our approach.
I would now be pleased to answer any questions you may have.
Page 47 PREV PAGE TOP OF DOC
Mr. GOODLATTE. Thank you, Mr. Litt.
Mr. Crowell, welcome.
STATEMENT OF WILLIAM P. CROWELL, DEPUTY DIRECTOR, NATIONAL SECURITY AGENCY
Mr. CROWELL. Thank you, Mr. Chairman, for this opportunity to testify again this year on this subject. I'm pleased to offer some of my thoughts on the technical aspects and implications of the administration's policy on encryption.
Cryptography is a core mission of the National Security Agency. For over 44 years we've been in the business of developing encryption, protecting communication systems, and understanding the vulnerabilities of information networks. It is because of this experience that NSA has been a technical advisor in the formulation of the administration's encryption policy.
NSA believes that the use of encryption has the potential to protect private citizens and businesses from frivolous criminal access to their information and the potential to enable individuals to use technology that will make their lives more productive and the potential to deny our adversaries access to vital information wherever it is stored.
But to fulfill the encryption's potential, a number of technical steps are required. The first step is to recognize the need for a key management infrastructure. A robust, full-featured key management infrastructure is needed to provide an internationally-accepted framework that will enable the use of encryption to grow and electronic commerce to flourish. We will not be able to have a dynamic and viable system of electronic commerce that we can trust without a viable, well-constructed key management infrastructure.
Page 48 PREV PAGE TOP OF DOC
When I say ''trust,'' I mean that you must be willing to bet your company's future, not just on the strength of the algorithm, but also on the integrity of all of those who may issue the public key certificates that vouch for your identity or the identity of those that you deal with, those that build the directories that allow others to know how to communicate securely with you, and an infrastructure that will assist you if you believe your encryption key or certificate has been compromised, lost, or corrupted.
A key management infrastructure will help to ensure that the products with encryption are interoperable and can be used with confidence. Users, both corporate and individual, must be able to trust that their valuable information will be protected across the innumerable and diverse networks that make up the emerging global information infrastructure. The system integrity fostered by key management infrastructure will allow us to have the same confidence in electronic commerce that we currently have in signatures on paper, contracts, or in handshakes with business partners. Without the key management infrastructure, we risk building an electronic Tower of Babel.
Users also expect a key recovery feature when using encryption. If any of your have forgotten you computer password or your bank card PIN, you'll know exactly what I mean. Key recovery enables an encryption key to be recovered when that key is needed by the user or by others who are authorized by the user to have it. Encryption users, for example, will want the system administrator to provide assistance is accessing an important encrypted document if the encryption key is corrupted or lost. Having a key recovery capability is simply good business practice. I doubt that an auditor would give a four star rating to a company that is unable to access its encrypted electronic files because it's lost the key or didn't have the ability to recover it.
Page 49 PREV PAGE TOP OF DOC
Several major companies recognize the benefits of key recovery and have formed a business venture for this new climate. In October 1996, the Key Recovery Alliance was formed and that alliance has already grown to 57 domestic and international companies. Some alliance members are Mitsubishi, Boeing, DEC, Hewlett-Packard, Motorola, Novell, SUN, Unisys, RSA, IBM, Apple, and America Online.
Key recovery integrated with a key management infrastructure can also provide a means of access to encrypted communications for legitimate law enforcement purposes, as Mr. Litt has just been discussing. This is an important technical issue since law enforcement cannot use brute force techniques to gain access.
You recently heard that a University of California, Berkeley student developed a method using 250 workstations to decrypt a 40-bit RC4 key in about 3 hours. This was in response to a challenge by RSA for someone to be able to break those keys.
I'd like to offer you a little more information about what would have been involved if the key had been a bit longer. Suppose, for example, that the key was 128 bits and you attacked the same encrypted message with 250 workstations. It would have taken an estimated 9 trillion times the age of the universe to have broken that first message. Even if all the personal computers and workstations in the world were put to the task, it would still have taken an estimated 12 million times the age of the universe, on average, to break a single message.
Clearly, brute force attacks cannot be the basis for long-term encryption policy decisions. We believe it is important not to base our encryption policy on any bit length. It is more productive to focus on providing a strong key management infrastructure and the key recovery that would allow it to operate properly.
Page 50 PREV PAGE TOP OF DOC
In closing, let me say that from a technical perspective NSA sees the emergency of a key management infrastructure as necessary and inevitable. We have built and are expanding the key management infrastructure that currently supports Department of Defense users. The administration's policy would help other infrastructures to be established and to grow and would encourage the acceptance of key recovery. The policy would also help ensure early on that such growth is not haphazard and does not place infrastructure users and public safety at risk.
I want to emphasize that while a government can assist in significant ways, only industry can build a robust and scalable key management infrastructure. A truly global solution can only occur through industry, government, and international collaboration. This is an important juncture in the road to full use of networks to expand business opportunities. Are we going to take the road that leads to an electronic Tower of Babel, devoid of standards and true security, or are we going to take the one that allows the American people to trust the Internet and use it?
These policies will have significant impact, by the way, on NSA's foreign intelligence mission, but I believe that they are reasonable response to a complex, interdependent set of issues, and I hope that the administration can continue to work with you, the Congress, and with industry to resolve disagreements and solve problems.
Thank you very much, Mr. Chairman.
[The prepared statement of Mr. Crowell follows:]
PREPARED STATEMENT OF WILLIAM P. CROWELL, DEPUTY DIRECTOR, NATIONAL SECURITY AGENCY
Page 51 PREV PAGE TOP OF DOCINTRODUCTION
I appreciate the opportunity to comment on the pending Pro-CODE legislation and to discuss with you NSA's involvement with the development of the Administration's encryption policy. Since NSA has both an information security and a foreign signals intelligence mission, encryption touches us directly.
NSA's role in support of the Administration's initiative has been that of a technical advisor. For decades, NSA has been the nation's center of cryptographic expertise. We have played an important role in using cryptography to produce the safeguards that control our nuclear arsenal, enable our military commanders and policy makers to communicate securely anywhere in the world, provide our intelligence customers with vital information to support U.S. interests, and protect classified and sensitive-but-unclassified information. I believe it is important for the nation's encryption policy makers to base their decisions on the best possible information, and I would like to help clarify several issues for the record.
THE USE OF ENCRYPTION CAN BE A SIGNIFICANT BENEFIT TO AMERICA
The country is now engaged in a national discussion on encryption centered on how to accommodate the private interests of individuals and businesses with the public interests of law enforcement and national security. How we resolve this will affect how well the nation succeeds in the information age.
Some would argue that if we overemphasize the public interests, we risk a world with too much government access and too few secrets. Others argue that if we overemphasize the interests of the private sector, we risk a world with perhaps too many secretsfor example, a world in which terrorists, organized crime, and hackers acquire the capability to operate with impunity. Both of these extremes are unpalatable and are therefore not part of the Administration's policy. We need to strike a balance that provides adequate protection for both individuals and businesses, and for society as a whole.
Page 52 PREV PAGE TOP OF DOC
The White House recently defined a policy initiative that is designed to accelerate growth in the use of encryption. Some believe the administration's initiative is about key recovery and export controls, but in the broadest sense the initiative deals with the preparations we must make as a nation to use information technology to its full potential. It transcends the key recovery issue. It focuses on the more fundamental question of key management infrastructure (KMI). In other words, it is an attempt to create an international framework in which the use of strong encryption will grow. I cannot overemphasize either the importance or the difficulty of moving this initiative from concept to reality.
Encryption usage has the potential to enable citizens to use technology that will make their lives more convenient, enhance the economic competitiveness of U.S. industry, combat frivolous and criminal access to private and valuable information, and deny adversaries from gaining access to U.S. information wherever it may be in the world. That's the good news. The bad news is that the encryption in most commercial products today has very little chance of being used to its full potential until a support infrastructure is established that enables the encryption to be used widely and with integrity. Furthermore, if encryption is used by criminals and other adversaries (e.g., terrorists) to help hide their activities, the public safety of U.S. citizens, and citizens of other countries, may be placed in jeopardy. This is a problem whether a support infrastructure exists, or not.
The U.S. must address these challenges. Instead, we seem mired in an unfocused debate about bit lengths, brute force attacks, and product ''availability'' that often takes place in press releases, newspaper editorials, and Internet Newsgroups. We all need to focus-in on what will enable encryption to be used to its potential. The way to do this is to mutually acknowledge the interests, roles, and responsibilities that industry and governments have in this issue.
Page 53 PREV PAGE TOP OF DOC
OVERVIEW OF KEY MANAGEMENT INFRASTRUCTURE AND PUBLIC KEY ENCRYPTION
Crypto products use algorithms and keys to encrypt and decrypt information. The algorithm combines the key with the information that a person wants protected or authenticated. The keys must be unique, random number streams generated by a trusted authority and delivered by a trusted means to the users. The system of people and processes that provide these services is called a key management infrastructure (KMI), and it enables keys to be generated properly, securely transported, authenticated, and stored.
For years, secure KMIs consisted of people hand-delivering keys to each pair of potential communicators. Such a secure KMI became impractical when a large number of people needed to potentially communicate. Furthermore, security was often degraded when keys were compromised during the delivery stage. Even computer delivery of keys did not solve these problems. In general, the use of encryption was not widespread because of these KMI complexities and limitations.
A type of encryption technology called public key technology was invented to address the KMI scalability problem and reduce the possibility of key compromise during delivery. Public key encryption does not eliminate the need for a KMI, it only changes what products and services we expect from the infrastructure.
A public key infrastructure (PKI), a type of KMI, does not require shared, confidential keys to be pre-placed in order for people to communicate. Instead, it uses two related keysa public key and a private keyand allows the public encryption key to be made known and stored in publicly-accessible places. There is no magic involved, only the use of complex mathematics and other techniques to effectively hide the part of the key that must be kept secret.
Page 54 PREV PAGE TOP OF DOC A PKI's services are for: 1. Verifying user identities; 2. generating user public and private key pairs; 3. linking user identities with their keys; 4. accessing the database of user identities & keys; 5. verifying the integrity of user identities & keys; 6. deleting invalid user identities & keys; and 7. dealing with compromised or lost keys.
All of the above services are necessary to enable public key-based encryption products to be used widely, securely, and with integrity. The certification of the public key value for each individual using public key encryption is the absolute foundation of trustworthy public key encryption. Without this certification service, users of computer networks have no way of verifying who they are talking to or who has signed documents or commercial transactions in digital transactions.
AN INFRASTRUCTURE IS NEEDED TO SUPPORT THE WIDESPREAD USE OF ENCRYPTION
Today, businesses hope to use encryption to expand into the ''new world'' of electronic commerce (EC), but the lack of a robust KMI leaves EC pioneers shortchanged. For this reason, the KMI is the keystone of the Administration encryption policy reform proposal. Encryption has little chance of being used to its fullest potential, here or overseas, until there is an international key management framework in place. Unfortunately, there has been too much emphasis on algorithms and key lengths in the encryption debate. There is much more to the issue of trust than a good encryption algorithm. The algorithm gets you perhaps 5% of the way there. Without a trustworthy infrastructure to support it, an encryption algorithm's value is comparable to that of a bank vault door on a cardboard box. Many commercial information products and services are facing a tide of resistance because of their lack of security or trust.
When I say trust, I mean that you must be willing to bet your company's future not only on the strength of your algorithm, but on the integrity of those who:
Page 55 PREV PAGE TOP OF DOCIssue the encryption certificates that vouch for your identity and the identity of those you deal with;
Build the directories that allow others to know how to communicate securely with you; and,
Assist you if you believe your encryption key or certificate has been compromised or lost.
Rhetoric aside, there is very little disagreement in the software or hardware industry that KMIs are needed to increase the use of encryption. The system integrity fostered by such an infrastructure will allow us to have the same confidence in electronic commerce that we now have in signatures on paper contracts or in handshakes with business partners, and is needed to achieve our vision of global electronic commerce with secure interoperability.
An encryption support infrastructure does not exist today, other than in the KMI used by the Defense Department and other specialized areas where it is essential to the viability of systems. The Administration's recommended KMI-focused approach intends to help fill that void by helping U.S. KMIs to grow, addressing the nation's public safety interests, and helping to open doors for U.S. encryption overseas.
THE KMI'S WILL NEED TO SUPPORT KEY RECOVERY
As the EC pioneers build KMIs to support large numbers of encryption users, they will need to provide the capability to regain access to their encrypted data when encryption keys are lost, corrupted, destroyed, or otherwise unavailable. This feature, commonly referred to as ''key recovery,'' is a means to ensure greater safety and trust, and there are compelling business reasons for it. Key recovery ensures, for example, that:
Employees can recover encrypted E-mail or files in the event that the disk that holds their encryption key crashes;
Corporations are not held hostage to a disgruntled employee who sabotages company files by encrypting valuable company intellectual property; and,
Companies can pass accounting audits, even if archived data had been encrypted with an expired encryption key.
Page 56 PREV PAGE TOP OF DOC The KMI is a logical place to support key recovery. While key recovery may not yet be widely recognized as a user requirement, analogies to key recovery are common in the workplace. Today, computer system administrators help users recover their forgotten passwords. Similarly, most of flees securely maintain spare door and desk keys for emergency use.
Certainly users should have the ability to choose their own responsible agents to generate and store their keys, but the government's public safety responsibilities will require that law enforcement, with proper authorization, to be able to gain access to such keys. Without key recovery, law enforcement agencies will be unable to decrypt encrypted criminal files and communications since modern commercial encryption can prevent computerized ''brute force attacks'' against the criminal communications. The Administration proposes to use privately operated KMI data recovery features to support authorized law enforcement investigations, rather than creating a separate infrastructure that solely supports those investigations.
A GLOBAL SOLUTION DEPENDS ON INDUSTRY/GOVERNMENT COLLABORATION
The Administration's encryption policy satisfies a cross-section of society's needs. The policy enables industry and government to work together to develop and build the infrastructures for managing encryption keys. Industry can bring their market knowledge and infrastructure technology and services to the collaborative effort, while the U.S. government can contribute decades of KMI expertise, and extensive in-place working relationships with foreign governments.
The Administration has engaged various industry and international groups to further define the infrastructure concept. All agree that the emergence of a KMI is necessary. Some in industry, however, continue to seek immediate relaxation of existing export controls on encryption. The Administration is mindful that any such relaxation must be consistent with the objective of encouraging the development of a robust, full-featured, key management infrastructure that supports key recovery.
Page 57 PREV PAGE TOP OF DOCMYTHS AND DISTRACTIONS IN THE ENCRYPTION DEBATE
I would like to help clarify some of the frequently-repeated factual errors regarding encryption so we all can stand on firm ground during the formation of the nation's encryption policies.
The encryption debate has often been mischaracterized as a struggle between the high-tech industry, which wants unlimited freedom to sell encryption products worldwide, and the government which is perceived as wanting to prevent the spread of encryption. Such myths, and other threads of the encryption debate, are unsound. They do not address the issues at hand, they can cause unnecessary conflicts among the parties to the debate, and they ultimately delay the resolution of the hard problems. These myths and distractions include brute force attacks, comparisons to earlier key escrow initiatives, and encryption availability and use.
It Is Short-Sighted To Base Long-Term Encryption Policy On Bit Lengths And Brute Force Attacks
You may have heard news accounts of a University of California Berkeley student who recently decrypted a message that was encrypted with a 40-bit key using 250 workstations as part of a contest from RSA Inc. This so-called ''challenge'' is often cited as evidence that the government needs only to conduct ''brute force'' attacks on messages when they are doing a criminal investigation. In reality, law enforcement does not have the luxury to rely on headline-making brute force attacks on encrypted criminal communications. I think you will find it useful to see for yourselves how increased key sizes can make encryption virtually unbreakable. Ironically, the RSA challenge proves this point.
If that Berkeley student was faced with an RSA-supplied task of brute forcing a single PGP based (128-bit key) encrypted message with 250 workstations, it would take him an estimated 9 trillion times the age of the universe to decrypt a single message. Of course, if the Berkeley student didn't already know the contents of part of the messageRSA provided some of the unencrypted message content to assist those who accepted the challengeit would take even longer.
Page 58 PREV PAGE TOP OF DOC For that matter, even if every one of the 29,634 students enrolled at UC Berkeley in 1997 each had 250 workstations at their disposal7,408,500 computers (cost: $15B)it would still take an estimated 100 billion times the age of the universe, that is over 1 sextillion years (1 followed by 21 zeros), to break a single message.
If all the personal computers in the world260 million computerswere put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message (assuming that each of those workstations had processing power similar to each of the Berkeley student's workstations).
Clearly, encryption technology can be made intractable against sheer compute power, and longterm policies cannot be based on bit lengths. Brute force attacks cannot be the primary solution for law enforcement decryption needs. This line of argument is a distraction from the real issues at hand, and I encourage you to help put this debate behind us.
*RSA gave away part of the decrypted text to those trying to solve the challenge.
**Berkeley student recovered RSA Challenge 40-bit key 33% into exhaust attack.
Average point at which a key is recovered during an exhaust attack = 50%.
Berkeley student performed 100 billion operations per hour using 250 workstations.
Age of the universe = 15 billion years.
The Administration's Approach To Encryption Policy Reform Is Very Different From Earlier Key Escrow Initiatives
Some have argued that the Administration's recent policy initiative is the same as previous key escrow initiatives. Their argument is disingenuous and incorrect. The KMI initiative is about creating an environment in which commercial encryption can flourish. Just as significant, the Administration's proposal differs significantly from previous key escrow initiatives because: It eliminates the focus on bit lengths; the government doesn't hold the keys; a separate key escrow infrastructure is not required; keys can be held overseas; it doesn't prescribe algorithms or limit them to hardware; and users' data recovery needs can be met.
Page 59 PREV PAGE TOP OF DOC
With these impediments addressed, industry and government can work to develop encryption products that will win acceptance in foreign markets and establish infrastructure services to support those products.
Several major companies recognize these profound changes and have formed business ventures to thrive within the new climate. In October 1996 IBM formed the Key Recovery Alliance and that alliance has already grown to over 50 domestic and international companies. Alliance members include America Online, Apple, Mitsubishi, Boeing, DEC, Hewlett Packard, Motorola, Novell, SUN, Unisys, and RSA.
Despite Being Available, Encryption Is Not Being Widely Used
Most measurements of encryption are inadequate (incomplete or inconclusive) since they do not show how many people arc using encryption. Encryption can be measured in a number of ways. Depending on how it is measured, one could misconstrue the data to conclude that ''the encryption genie is out of the bottle'' or that the bottle is tightly plugged. The fact of the matter is that encryption is widely available (e.g., embedded in tens of millions of commercial software products) but, based on our impressions from market surveys, etc., is not widely used.
Those who argue that government encryption policies are outdated because ''the encryption genie is out of the bottle'' (i.e., there are many products advertised to contain encryption and some of them are available from the Internet) must consider two important perspectives.
Page 60 PREV PAGE TOP OF DOC
First, encryption is not now being, and will not be used to its fullest potential (with confidence by 100s of millions of people) until there is an infrastructure in place to support it.
Encryption is not a genie that will magically solve the security problem. Nor is the Administration trying to ''keep the plug in the bottle.'' The Administration wants to help promote a full range of trusted security services providing privacy, authentication, and data integrity while simultaneously fulfilling public safety and national security responsibilities for our government, and governments worldwide.
Second, serious users of security products don't use free security products from the Internet. The president of a prominent Internet security corporation was recently asked in a magazine article on this issue: ''Since encryption technology is available as freeware off the Internet, why would anyone pay a company for it?'' He responded by saying: ''Freeware is worth exactly what you pay for it. I'd rather not implement security systems using software for which the source code is available to any 12-year-old who thinks being a hacker is fun.'' In other words, when determining what encryption you use to protect valuable business secrets, you should consider who you're getting it from, how it got to you, and whether you'll receive support when you need it.
U.S. ENCRYPTION POLICIES ARE ADDRESSING CONCERNS THAT THE REST OF THE WORLD IS ALSO FACING
The U.S. is not the only nation which has concerns that encryption use by criminals can threaten public safety. All countries that are major producers of cryptography control its export. Some of those countries have voiced their displeasure with the U.S. decision to export 56-bit encryption. Though the U.S. does not have domestic restrictions, some countries do through import controls of encryption and its domestic use. Recently, France, Israel, and Russia imposed import and domestic use restrictions, and several Asian, South American, and African countries have informally done so for many years.
Page 61 PREV PAGE TOP OF DOC
At this point, it would be overgeneralizing to say that the world has agreed to an approach on key recovery, but it is accurate to say that all governments want authorized access to encrypted information. The U.S. is not the only nation that recognizes the dual-edged nature of the encryption tool.
The Administration is basing its policies on the foundation that the need for robust commercial encryption will grow and it has proposed policy reforms to ensure that American companies and the public, can flourish in the future encryption market. The Administration's approach is not past its time, it is just in time. The fundamental issue in play is how industry will build a key management infrastructure to support mass market products with encryption. If an infrastructure is built that supports key recovery, then the export control debate can be concluded. Otherwise, governments worldwide are likely to resist the use of those products because of public safety concerns.
Though the Administration's proposed policies will have a significant impact on NSA, I believe they are a reasonable response to a complex, interdependent set of issues. I hope that the Administration can continue to work with Congress and industry to reach a resolution of these issues. Thank you for the opportunity to address this important matter.
Mr. GOODLATTE. Thank you, Mr. Crowell. And again, welcome to all of you. I feel like I know you all exceedingly well, the number of times we've held hearings on this and met on this and been briefed by you on this, and I consider you all my friends.
However, we just don't seem to quite get together on the conclusions we should draw from this process. I agree with many of the premises that each and every one of you cited. I do agree with you, Mr. Litt, that terrorists and drug smugglers, and so on, are going to have to communicate with legitimate organizations such as banks, but the fact of the matter is when they do that, you will have the opportunity to get the keys to that encryption through the channels that already exist by dealing with the bank. The terrorists, the drug smugglers, they're not going to put their keys into any kind of key recovery or key escrow system that would be suitable for you.
Page 62 PREV PAGE TOP OF DOC
And I also would note that, you're right, there are foreign governments that are also dealing with this issue, and their reaction to the availability of encryption coming into their countries is a factor we have to deal with, but I'll tell you that I don't think their motivation is to prevent encryption, but rather to capture this market. And that's what we have to be exceedingly concerned about, is the ability to do that.
Mr. Crowell, I agree with you strongly that key recovery is a good idea, but the issue here is that you have to allow people to store those keys with people that they trust. In many instances that's going to be the very institutions themselves that will set up their own operation to do that. Some may entrust it to some third party. But to mandate that they store keys with a third party that the Government approves is going to be a serious inhibiting factor.
And to me, the bottom line on all of this is that, ultimately, while today our foreign competition is saying we can offer you more heavily encrypted software than our U.S. competitors can offer because of the export control limits, once you reach agreementand I know you've reached agreement with a few vendors alreadyonce you reach agreement with them for a key recovery system, the foreign marketing technique is going to shift from ''we've got stronger encryption'' to ''we're the only ones who can offer you encryption where no one else holds the keys.'' That's going to be a huge competitive disadvantage in the foreign marketplace and is a serious concern to me.
I also agree with you, and I'm pleased to hear all of you say that you want to promote broad use of encryption. You have said that before, and I think that's appropriate.
Page 63 PREV PAGE TOP OF DOC I'd like to read you a statement from the FBI's 1998 budget request: ''Illegal electronic intrusion into computer networks is a rapidly-escalating crime problem. White-collar criminals, economic espionage agents, organized crime groups, foreign intelligence agents, and terrorist groups have been identified as electronic intruders responsible for penetrations of American computer networks. It is estimated that the Pentagon's computers are subject to hackers' attempts 250,000 times a year. Intelligence and industry forecasts indicate the United States is just beginning to realize the potentially damaging effects and extent of computer crime problems.''
Mr. Crowell, Director Freeh has stated that economic espionage costs U.S. businesses more than $24 billion each year, and I take it you would agree that an effective way to prevent economic espionage is to use strong encryption. Why then does the administration continue to hinder the use of strong encryption which will prevent many of the crimes that you are trying to prosecute? And I'll also ask Mr. Litt to respond to that, too.
Mr. CROWELL. Well, as I said in my earlier testimony, sir, we're not trying to inhibit it. We're trying to promote encryption that is built on a sound foundation of the key management infrastructure.
I'd just point out to you, from a technical standpoint, that the strongest encryption that one can obtain is totally unsafe without some way of identifying the users with their public key. Public key cryptography is untrustworthy without an infrastructure that people can trust. And that's the principle that we're after. And we do want to promote good, sound, and strong encryption, but we want to promote with it the necessary infrastructure to make sure that people can trust it instead of just plowing ahead without any real indication that it's worthwhile.
Page 64 PREV PAGE TOP OF DOC
Mr. GOODLATTE. But will they trust it if they know that someone else has a copy of their key who they may not want to have a copy?
Mr. CROWELL. Mr. Goodlatte, I'd like to comment on that because your earlier statement about the key being held by parties designated by the Government is not a feature of the policy that we have been supporting.
Mr. GOODLATTE. Would parties approved by the Government be a safer way to
Mr. CROWELL. No. Anyone can use any certificate authority or key recovery authority that they would like to use. They must designate that there is one, if they use a certificate authority that has been licensed by the Government and, therefore, has some liability protection.
Mr. GOODLATTE. Well, let me put it this way: Who will be allowed to keep their own keys?
Mr. CROWELL. Any corporation and any individual.
Mr. GOODLATTE. Any individual can keep their own keys?
Mr. CROWELL. Yes.
Mr. GOODLATTE. Well, if that's the case, it seems to me that the regulations that have come forward to implement that policy are contradictory to the intended policy, and perhaps we could close the gap here considerably by trying to work out that difference.
Page 65 PREV PAGE TOP OF DOC
Mr. CROWELL. I'd like for Mr. Reinsch to be able to address the legislation that will be proposed a little bit more, but I think you will find that that legislative package answers many of the questions that you have raised, in that it does provide for self-escrow or self-storage of keys and, by the way, it does not restrict from a technical standpoint any methodology that any individual or any corporation wants to use that would add increased protection for them, like splitting the keys among multiple parties or any other technical solutions that industry might propose. We're totally open to allow a thousand technical flowers bloom.
Mr. GOODLATTE. Well, Mr. Reinsch, in listening to your description of the legislation which we are very interested in seeing, I recognized many sections of my bill in there, and, frankly, if you took your section that mandates a key recovery system and substitute it for my section that prohibits a mandatory system, we'd probably have an agreement here, but go ahead and comment on that. [Laughter.]
Mr. REINSCH. Our primary problem with your bill, Mr. Goodlatte, is not that piece of it, but rather the piece relating to export controls because we think your language, as drafted, would effectively decontrol all encryption, particularly all encryption software. That may or may not have been your intent.
Mr. GOODLATTE. Isn't it only to meet foreign competition?
Mr. REINSCH. Well, that may be your purpose. We don't think decontrol is necessary even to achieve that purpose. I'd like to go back to the other issue that Mr. Crowell raised, but clearly on the foreign questionif the other countries that make and use these kinds of devices and this kind of equipment are not moving down the same road we are, then we will have a problem implementing our policy. There's no question about that.
Page 66 PREV PAGE TOP OF DOC
That is why the President appointed Ambassador Aaron to talk to them. He has been doing that. Our judgment is that most of them are moving in the same direction that we are, and I don't think at the end of the dayand the end of the day is going to be relatively soon; we posited a 2-year windowthat American companies are going to find themselves at a competitive disadvantage. I don't think they're at one now.
In fact, the irony of this debate has been that while the companies are telling you that all this stuff is out there that's more sophisticated than what we make, what Ambassador Aaron has found in his conversations with other governments is that they view our going to 56 bits as an effort on our part to obtain competitive advantage over them.
They view it as a trade-motivated measure, and there's a real disconnect there.
I think Mr. Litt's point that you have to measure availability by what is actually useful and usable in the marketplace, rather than simply by what exists, is a very important point to keep in mind.
Mr. GOODLATTE. We have a vote on the floor on adjournment, and why did the lights go out? I guess they're coming back again. The gentleman from Massachusetts may not make it back after the vote, so I'm going to yield to him for some questions; then we're going to recess and vote.
Mr. FRANK. Well, I'm not going to ask any questions, Mr. Chairman. I'm going to go ahead on the assumption that adjournment does not carry. I will be staying over because the leadership has scheduled the abortion bill, and that's an issue where I have some amendments, so Inot being able to be in both places at the same timewill be staying on the floor. So, I just want to apologize to these and subsequent witnesses, but because the abortion bill will be on the floor, I think a lot of us on the Judiciary Committee, in fact, will not be here. You're going to get a smaller attendance because these are both Judiciary Committee responsibilities.
Page 67 PREV PAGE TOP OF DOC So, I will be back and read the material, and I guess I'll to some extent, Mr. Crowell, think about the implications of technical flowers blooming. That metaphor will probably sustain me for the rest of the day.
And thank you, Mr. Chairman. [Laughter.]
Mr. GOODLATTE. Well, thank you, and I can pretty well bet that the adjournment vote will not pass and we will be back. So if you'll just bide your time, we'll be back as quick as we can.
Thank you. We'll stand in recess.
Mr. GOODLATTE. The committee will come back to order.
Well, it looks like I have a monopoly for the moment, but, have no fear, I have plenty of questions.
Mr. Reinsch, you testified before the Senate last year that, quote, ''Where we want to get is a world of software with encryption capabilities out there that have a back door that can be accessed by law enforcement organizations in any country. We are trying to do the best we can to establish a system in which the greatest number of people will procure the kinds of systems and the kind of software that we can deal with.''
Page 68 PREV PAGE TOP OF DOC I'd like to ask you, if a key escrow system is as beneficial as you and Mr. Crowell think it is, meaning that people will want to store their keys with third parties in case they lose them, why does the Government need to use export controls to force people to buy key escrow products or key recovery products?
Mr. REINSCH. What we see happening, Mr. Chairmanand I think the market is bearing out the accuracy of what we were predicting last yearis a natural growth and demand for key recovery products exclusive of what the Government's equities or interests are. People want key recovery for the reasons my colleagues here said. Companies, in particular, want key recovery for a variety of corporate and commercial reasons. We see that demand growing rapidly.
What we would like to use export controls for is to help make sure that the pace of growth of these products worldwide is in some way related to the growth of demand for key recovery products. In other words, we think that the best way to get to the key recovery world I described in the statement you quoted is one where we are encouraging the export of key recovery products rather than the export of nonkey recovery products. So we're trying to pace things.
Mr. GOODLATTE. But, I mean, it seems to me that's what the free market does. If it has the demand for this productand I think there is definitely an interest in some form of key recovery by some institutions and some individualsif you have something heavily encrypted, Mr. Crowell's right; if you lose that key, you've lost that information probably forever. You're not going to be able to send it over to the NSA to try to crack it, and the NSA may not even be able to do it. So, that's a concern, and I think that's a legitimate concern.
But it seems to me that the creative folks with all of the software companies seated behind you can take care of that problem without having the Government mandate it on those people who don't trust key recovery and don't want to utilize it for whatever purpose, and I would include in that group the criminals and terrorists who I think are, quite frankly, smarter than you give them credit for being in terms of not using a product that they think will give you access to them, except when they have to deal with legitimate entities like banks and other financial institutions in which case you then have access to recover the key through the legitimate institution.
Page 69 PREV PAGE TOP OF DOC
Mr. LITT. Yes, I'd just like to address that point briefly in two regards. First of all, I think that we're likely to seeparticularly as the technologies converge in the futurethat it's not going to be particularly convenient for people to use one form of encryption when they're communicating with one person and another form of encryption when they're communicating with another person. Our hope is that eventually we end up with a system where encryption is essentially built into everything that goes out there, so that when you buy your computer or your operating system, you've got the encryption built into it. And so they're using the same encryption for everything.
But the second point is that when you
Mr. GOODLATTE. Does that mean that the same key will recover everything?
Mr. LITT. Yes
Mr. GOODLATTE. Well, that's not going to make people very happy either. Mr. Crowell, I think, views that differently.
Mr. LITT. Not necessarilynot the same key but the same system. It won't be the same individual key but the same system.
Mr. GOODLATTE. Well, I agree with that because this is going to be something that will be universally used. Anybody who wants to deal with a bank, anybody who wants to have any kind of secure communicationwhether it be on their cellular telephone or over the Internetis going to have to have encryption. It's going to be built into the standard software products that we all use today and, therefore, this is something, it's notwhen we're talking about export control laws, we're not talking about a small segment of the market. We're talking about any form of software that's used in communications.
Page 70 PREV PAGE TOP OF DOC
Obviously, there are some things that stand alone you use on your home computer, a game or something that's not going to be encrypted, but everything else is going to be encrypted pretty soon. And what you're telling people is that we're going to have access to the key in most instances from the software manufacturer themselves because they're going to be the recovery agent for you, and people are going to buy it and utilize it, and, quite frankly, anybody concerned about privacy is not going to use that. They're not going to buy that product.
Mr. CROWELL. Mr. Chairman, that is not the basis of the policy that we have presented today. It just isn't.
Mr. GOODLATTE. Sir, set me straight.
Mr. CROWELL. OK. The basis of the policy is that key recovery will be something that is not mandated; it's electable by the individual. They choose whether or not they want key recovery. If they choose to have it, they choose who they want key recovery with or multiple parties for key recovery. So it is not a mandated system, and it is not based upon some principle that they will get flawed products. It is instead based on the principle that they deserve good security, and they can buy whatever security they want.
Mr. GOODLATTE. But if they want to export that, then they do have to go through several hoops that you will impose upon them. Is that correct?
Mr. REINSCH. Well, if they want to export key recovery products, there's only one hoop.
Page 71 PREV PAGE TOP OF DOC
Mr. GOODLATTE. Encryption products.
Mr. REINSCH. Well, encryption products containing
Mr. GOODLATTE. Encryption products they want to export are going to have to have some form of key recovery or they're not going to get a license under the export control laws.
Mr. REINSCH. Well, we have established a line at 56 bits. Below 56 bits under the circumstances I described in my testimony; the answer to that question is no. You can export encryption products without key recovery features below that limit under the circumstances I described. You can export encryption products with key recovery features at any level now after a one-time review. You were right in that we are attempting to use this policy to nudge the market. Now I think it's nudging the market in the direction it's going anyway, which is one reason why I'm having trouble understanding why this is such an onerous feature.
Mr. GOODLATTE. Well, let me just say this: it's an onerous feature because over the past several years the testimony that we hear in committees regarding this issue has moved our direction very, very well, but the policy has not moved that direction nearly as rapidly, and so we welcomeI mean your legislation is of great interest to us because if it is as advertised, we are moving closer together on this issue, and that's what we need to do, and I very much welcome the opportunity to look at it.
But last fall we had a rollout of regulations on which the advertising sounded betterit didn't sound good enough to me, but it sounded betterthan the actual product that was delivered in the form of the regulations, and so that's the essence of the problem we have.
Page 72 PREV PAGE TOP OF DOC
Mr. REINSCH. Well, I think we are getting closer clearly, Mr. Chairman. In fact, I was struck yesterday when we had a similar hearing in the Senate, and Mr. Barksdale testified. And although we disagreed with his conclusion, I thought he made a telling comment. He said that, if we did things his way, it would solve 85 percent of Mr. Litt's problems, and if we did things the Government's way, it would solve 50 percent of Mr. Litt's problems. And while I don't particularly agree with his numbers
Mr. GOODLATTE. We're two-thirds of the way there then; we only have 35 percent to go
Mr. REINSCH [continuing]. It's gratifying to know that's the only gap. We are making progress. I also think it's worth noting that a lot of the companies that have come before you and made the statements that you've referred to have also come before us with plans and commitments to develop key recovery products.
Now, I don't think they're doing that simply because of the Government's export control policy. It's too big a deal for that. They are doing it because they have concluded that there is a market out there, and they're prepared to spend some of their R&D dollars and time to provide products that serve that market.
As I said, we have 17 companies that have submitted plans so far, and I think, you know, these are serious companies and serious products that cover a range of technologies. This is not one size fits all.
Page 73 PREV PAGE TOP OF DOC Mr. GOODLATTE. Thank you.
I have used more of my time than I should. I recognize the gentlewoman from California.
Ms. LOFGREN. Actually, Mr. Goodlatte, since it's just you and I, and I just walked in, if you have a couple more questions while I get organized, I'll ask my questions in a minute.
Mr. GOODLATTE. I'll vamp until ready.
Mr. REINSCH. Mr. Chairman, may I add one point?
Mr. GOODLATTE. Yes, please.
Mr. REINSCH. Thank you. Going back to something that happened right before the vote, I wanted to comment on a point that Mr. Crowell made.
I think there has been an assumption in the private sector that what we intend to do is to make the Federal Government the exclusive licensing agent for key recovery, and I simply want to say, as Mr. Crowell pointed out, that that is not correct. That is not our intention, and there will be choices in the marketplace.
Mr. GOODLATTE. Mr. Litt, what standard does the administration propose in order to obtain the keys from third parties, probable cause or a lesser standard, and from what court, just district courts or the special intelligence court at the Department of Justice? And would grand jury subpoenas be sufficient to obtain the keys from third parties or would there be due process safeguards involved to protect defendants?
Page 74 PREV PAGE TOP OF DOC
Mr. LITT. Essentially, the standard that we would propose would be the samewhatever the appropriate standard is under which we could obtain the unencrypted evidence today. That is to say, if an order or a search warrant, upon probable cause, is required to obtain the underlying evidence, then we'd use that to get the key. If we could obtain the underlying evidence by grand jury subpoena, then we would use that to get the key as well. So that whatever the applicable legal standard is today would be carried forward.
Mr. GOODLATTE. The National Research Council report on encryption found that aggressive government promotion of escrowed encryption is not appropriate at this time. Would each of you comment on this? Mr. Crowell, do you want to address that?
I understand you need to leave at some point in time. If we're holding you up
Mr. CROWELL. I need to leave by 11, if that's all right, Mr. Chairman. I
Mr. GOODLATTE. You get the last word here. [Laughter.]
Mr. CROWELL. To comment on the NRC report, there were a number of areas where they agree with what we didin fact, what are we are doing, rather. In fact, we are actually going further than they recommended. They recommended that we release 56-bit DES immediately. We have now done that through an interim relaxation of the export controls for a period of 2 years.
At the time their report was finishedand I know this extremely well because I've talked with themseveral of their members beforethey had not carefully considered the implementation of a key management infrastructure. They were looking, primarily, at key escrow techniques that required that the producers of products build into the product a methodology for recovery of the key from the product or from the transmissions of the product.
Page 75 PREV PAGE TOP OF DOC
In the late days and stages of the NRC reporting process, we introduced the concept of using the basic key management infrastructure and key recovery associated with it as a means of providing for law enforcement interests. They threw a very short paragraph into their report about that, but it was not something that I believe they carefully considered as a part of their year-and-a-half deliberations.
Mr. GOODLATTE. All right. Because you need to leave and Ms. Lofgren may have some questions for you, let me recognize the gentlewoman from California at this time.
Ms. LOFGREN. Just one quick question, and I'm sure we will have an opportunity to talk many times in the future, both in our offices and in public hearings, but I thinkto state it simplythe plan that we have, our current American policy, really depends on this model being adopted universally and internationally. And so the question really goes to whether that is occurring and whether it is possible to occur.
Now, in talking not only to Mr. Reinsch but to Mr. Kantor before he left the Commerce Department, and others, I've tried to get a good analysis on what is available internationally and where we are in terms of international agreements and whether it's broad enough, and there's an enforcement issue as well. Obviously, it's easy to say you're going to do something, but not every country is capable of enforcing the laws that they adopt.
I just received something called a ''crypto-survey'' that was compiled by Trusted Information Systems, Inc. I don't know how much credence to give it, having just seen it, but I'm wondering if you have seen it and whether you find this information credible, and if it is credible, what our progress is in getting agreements with all of the countries listed, including Iran.
Page 76 PREV PAGE TOP OF DOC
Mr. CROWELL. I have seen the report. It's on their home page, as a matter of fact, on the Internet. It has been studied by a number of people who are involved in this policy development. Most of those products are on there because of product announcements.
Ms. LOFGREN. OK, so it's not actual products in the marketplace?
Mr. CROWELL. Some are actual products; some are only product announcements. I don't believe that Trusted Information Systems in any way has said that they've evaluated the products or that they have seen the products. They merely have gathered the information that is available. I happen to believe it's a pretty good list of all of the products that are either available or in the process of being developed.
There are a lot of countries that are involved in developing cryptography, many of them for purposes that are fairly narrow eithermostly in the financial area, as a matter of fact. There's an increasing number of products, as I have mentioned to you before. This is a growing market and everyone understands it's a growing market.
As far as will other countries, you knowis it occurring that other countries are accepting this notion? The first thing that is occurring is that they have all come to agree that some form of key management infrastructure is necessary for international commerce.
Ms. LOFGREN. That's every country in the world
Mr. CROWELL. That's every country in the world. They know that they must
Page 77 PREV PAGE TOP OF DOC
Ms. LOFGREN [continuing]. Including Libya and Iran and Hong Kong
Mr. CROWELL. Libya, Iran, if they've thought about it. Many countries haven't thought about it, and you can go and visit countries who say, well, we're going to prohibit it, or we haven't thought about it. But those that have actually got experts and have thought about it know that the strongest encryption in the world without an infrastructure means that, even though I'm talking encrypted to you, I don't know who you are. I don't know what authorities you have. I don't know what you're authorized to do. And so that infrastructure is very important to international commerce. That's one area where they all agree.
The second area where they all agree is that some method is required for recovering information necessary for law enforcement or forin many countries also forcounterintelligence. They have not agreed on what that method would be. But none has offered any technical solution other than key escrow or key recovery.
Ms. LOFGREN. Mr. Chairman, understanding that the witness had previously said he needed to leave by 11, I don't want to hold him up, but I would like to submit for the record this survey with the understanding that it is, as the witness has indicated, merely an identification, not an analysis, and suggest that we should pursue this issue in the administration or with our own committee staff to try and get a better handle on what is going on in these various countries and what is commercially available, not just to identify it.
And thank you.
Page 78 PREV PAGE TOP OF DOC Mr. GOODLATTE. Without objection, the document will be made a part of the record.
[The information follows:]
INSERT OFFSET RING FOLIOS 17 TO 18 HERE
Mr. GOODLATTE. Mr. Crowell, thank you very much for your participation, and if Mr. Litt and Mr. Reinsch can stay, we have a few more questions.
Mr. CROWELL. Thank you, Mr. Chairman. I apologize for having to leave, but I had already planned to be gone by this time. So thank you.
Mr. GOODLATTE. Thank you.
The Chair recognizes the gentleman from Indiana. All right, he has no questions. Does the gentlewoman have any further questions?
Ms. LOFGREN. I think the questions I was hearing you ask, Mr. Chairman, are really quite similar to those that I have, and given the hour and the fact that we will be interrupted for a vote, in about 45 minutes, perhaps we should proceed with the other panels.
Mr. GOODLATTE. All right. I have a couple more questions.
Ms. LOFGREN. Oh, do you? OK.
Page 79 PREV PAGE TOP OF DOC Mr. GOODLATTE. Just very briefly, Mr. Reinsch, one of the things that concerns me about this is the whole issue of how this export control law works. I take it there isn't anyif you have a U.S. manufacturer of software, Microsoft, Netscape, Sun Micro Systems whateverthat wants to export a more heavily-encrypted product than our control laws permit, they cannot do that without going through your regulatory process at this time. But if you have a foreign manufacturer of an encryption product because there's no limit on the level of encryption we can utilize domestically in the United States, if somebody wants to sendsell that more heavily-encrypted software in the United States, there's nothing to restrict them from doing that, is there, for a foreign company?
Mr. REINSCH. That's correct, Mr. Chairman. We do not have import controls. We haven't proposed any.
Mr. GOODLATTE. All right. So one of the problems with the utilization of encryption for a major company is you don't want to just use it between your New York and San Francisco offices, which our laws would not prohibit them from doing with any level of encryption, but they also need to communicate with their London and Tokyo and Frankfurt offices. They can't do that with U.S. software right now unless they go through your regulatory process, but a foreign competitor, dealing, of course, with what laws are in existence in England and Germany and Japan, can sell that software into the United States, sell it into those other countries, and establish a network using more heavily-encrypted software and bypass our control laws, it seems to me. Correct me on that if I'm wrong.
Mr. REINSCH. I think you are correct in theory. I think you've put your finger, though, on the key point, and that is it would be subject to the laws of the other countries that you mentioned. Some of those countries have already asked. France, for example, has import controls and rather strict regulations about what can be used inside the country. Some of the other countries you mentioned are moving along the same path we are, some a little faster, some a little slower, and at a fairly early point in time will have their own legislation and their own rules. They might end up with systems that would permit what you've described. My current belief is that most of them will not.
Page 80 PREV PAGE TOP OF DOC
Mr. GOODLATTE. I take it you agree with me, though, that it is not a good idea to encourage a development of a dual system where you have one set of software and hardware
for the domestic market and a different product for the international market?
Mr. REINSCH. That's not in anybody's commercial interest, and it's not a preferred course of action, you're right. What we hope is that, through this 2-year interim period, we will be developing more sophisticated encryption products that do have key recovery features. The marketplace will grab onto those, and that will be the bulk of the market both domestically and abroad.
Mr. GOODLATTE. Thank you. Anybody else have any other questions prompted by my questions?
Mr. GOODLATTE. If not, we thank both of you for your participation.
Mr. Litt, did you want to make another comment?
Mr. LITT. Yes, I stillgoing back to the original question, I still had one more point to make with respect to the use by criminals
Mr. GOODLATTE. OK.
Page 81 PREV PAGE TOP OF DOC Mr. LITT [continuing]. Whether or not they'll use it, and that is that over the years I spent in law enforcement I've learned that the criminals frequently do what's easy. Everybody knows that we have the ability to wiretap telephones today, and yet it's astonishing how many criminals still use the phones on occasions when they didn't need to. In our view, if key recovery encryption is made cheap and widely available and reliable, most criminals will use that as well because that's what will be out there.
Ms. LOFGREN. Mr. Chairman, could I just follow up with a question?
Mr. GOODLATTE. Yes. Yes. Sure, Ms. Lofgren.
Ms. LOFGREN. Maybe this was addressed while I was at my other meeting, but it has always mystified me, in terms of the law enforcement position on this issue, that unlimited length encryption is permitted for sale in the United States broadly and controlled for export. We're apparently not worried about the potential of criminals within the United States to obtain access to encryption that cannot be broken readily. How can that be a position that the Justice Department is comfortable with?
Mr. LITT. I wouldn't say that we're comfortable with it or that we're not worried about it, but, as I said in my statement and as you recognizedand I appreciate that very muchwe're engaged in a balancing of interests here. We're not getting something out of this approach that makes law enforcement 100 percent comfortable, but we are very hopeful that balancing of interests that's achieved here will, in the end, end up with widespread ability for us to recover the data through whatever system is available.
Page 82 PREV PAGE TOP OF DOC Ms. LOFGREN. I guess the followup question I would have for law enforcement, and again it's something that, with all due respect, I've never been able to really understand
Mr. LITT. I'll try.
Ms. LOFGREN. I heard the comments that Mr. Reinsch made about various countries moving forward, and as well the comments by Mr. Crowell, but the capacity to produce good encrypted products exists beyond those countries that I've heard mentioned here by the witnesses, and maybe I have missed some of it.
For example, the Indians have some really first class encryption people, and the Swiss certainly do, and the capacityeven if not currently in placeto produce very high quality encryption is certainly present in many diverse parts of the world.
And why we think prohibiting or restraining exports will actually protect us if a criminaland presumably if we're talking about international terrorists, they are more sophisticated than your average kid on the street who's a muggerwhy they couldn't seek out commercial products available from such providers as, an India or a Pakistan down the line, why we would be kept safe by our current policy.
Mr. LITT. I guess the best answer I can give you to that is that that's why we're engaged in extensive consultations internationally as well as what we are doing domestically. By and large, we're finding that most of the countries with whom we're talking are sympathetic to this position. Their law enforcement has the same concerns that we do, and while we're not there yet, we're hopeful that we will move to an international regime where everybody is on the same page.
Page 83 PREV PAGE TOP OF DOC
Ms. LOFGREN. Thank you, Mr. Chairman.
Mr. GOODLATTE. Thank you, and again we thank this panel for their participation. We may have some additional questions we may submit to you in writing, but we do appreciate the time you've taken, and we look forward to seeing the legislation that you are working on. Do you have any timetable as to when you think that might be coming forward?
Mr. REINSCH. We hope to have it finished by the end of next week, soyou'll be in recess, but we'll get it up to you as soon as it's available, Mr. Chairman.
Mr. GOODLATTE. We may be holding another set of hearings on this soon. That's good.
Mr. REINSCH. We'll look forward to it.
Mr. LITT. Can't wait.
Mr. GOODLATTE. Thank you. Thank you both.
The next panel is made up of members of the private sector. Our first witness is Mrs. Phyllis Schlafly, the president of the conservative, pro-family organization, Eagle Forum. Mrs. Schlafly holds degrees from Washington University and Harvard University. She is a lawyer, author, or editor of 16 books, syndicated columnist and radio commentator. Her radio commentaries are heard daily on 270 radio stations, and she has testified more than 50 times before Federal and State legislative committees on a variety of issues.
Page 84 PREV PAGE TOP OF DOC
Our second witness is Mr. Ira Rubinstein, senior corporate attorney for the Microsoft Corp. Mr. Rubinstein is a graduate of Clark University and Yale Law School. After practicing law for several years in Washington State, Mr. Rubinstein joined the Microsoft Corp. in 1990, and he has been there ever since. He appears here today on behalf of the Business Software Alliance.
Our next witness is Dr. Roberta Katz. Dr. Katz is not only a lawyer, but also a Ph.D. in cultural anthropology. She has been a partner in the law firm of Heller, Ehrman, White, & McCauliffe, and she has also been general counsel to McCaw Cellular Communications. She is currently senior vice president, secretary, and general counsel of Netscape Communications Corp. She appears here today on behalf of the Information Technology Association of America and the Software Publishers Association.
Our fourth witness on this panel is Mr. Jonathan Seybold, chairman of the executive committee and director of Pretty Good Privacy, Inc. Mr. Seybold is a graduate of Oberland College, and he has also done graduate work at Yale University. Mr. Seybold has extensive experience in the technology field, both as an author and an entrepreneur. In 1996, he became a cofounder of Pretty Good Privacy, Inc.
Our final witness on this panel is Mr. Tom Morehouse, president and chief executive officer of SourceFile, Inc. Mr. Morehouse has been in that position since 1986. Before that, he was the vice president of the United States Line, a shipping company. Mr. Morehouse has extensive international business experience, having worked in Asia, Europe, and South America.
We welcome all of you, and we look forward to hearing your testimony. Your entire written testimony will be made a part of the record.
Page 85 PREV PAGE TOP OF DOC
And we will start with you, Mrs. Schlafly. We are glad to have you with us.
You might want to turn on your microphone with that little switch at the bottom.
STATEMENT OF PHYLLIS SCHLAFLY, PRESIDENT, EAGLE FORUM
Mrs. SCHLAFLY. Good morning, Mr. Chairman and members of the committee. My name is Phyllis Schlafly. I'm president of Eagle Forum, a national volunteer organization concerned with public policymaking on many issues, including constitutional issues.
Thank you for inviting me to present our views on H.R. 695 and cryptography. Advances in computer technology have been wonderful in so many ways, but they are constantly eroding our personal privacy. Massive data bases are now keeping track of our phone numbers, addresses, income, credit records, medical histories, and purchases. With everything connected to the Internet, the only way to keep our information private is to avoid computers, which is impossible, or to encrypt it.
Encryption should be recognized as a fundamental right. I believe that our right to speak in private, whether in English, a foreign language, or in code, is protected by the first amendment to the U.S. Constitution, and that the Government cannot regulate or limit that right without seriously eroding our fundamental civil liberties.
I thank Congressman Goodlatte and the other sponsors of this bill for recognizing that our rights of free speech are endangered by the Justice Department. It is a sad day to think that Americans might need permission from Congress to have a private conversation. It should not be necessary for Congress to pass a law declaring that encryption is lawful.
Page 86 PREV PAGE TOP OF DOC
The problem is that Attorney General Janet Reno and FBI Director Louis Freeh are giving speeches advocating the regulation of cryptography and giving the Government access to our computer messages. They repeatedly demand that the Government be able to get a key to our telephones and computer systems. Mr. Freeh even says that encryption poses a threat to public safety.
On the contrary, the threat to public safety comes from the lack of encryption, and from the demands of the Justice Department officials to have a key so they can read our private messages.
Are we worried about the Justice Department abusing its power to eavesdrop on our computer messages? You bet we are. The misbehavior of the FBI in so many areas and the coverups that followed have been shocking to Americans who like to support law and order. The FBI abuses are such that, to give the FBI access to our computer messages would be a long, dangerous step toward making America a totalitarian state.
We are also very concerned that a ban on mandatory key escrow might not preclude the Government from other coercive key escrow plans deceptively called ''voluntary.'' The Federal Government is notorious for using all sorts of weapons, including intimidation and funding incentives, to make something mandatory while they are loudly proclaiming it to be voluntary. The right of the individual to privacy would be meaningless if the telephone companies voluntarily agreed to key escrow.
I believe it's not only important to recognize that encryption is a right of free speech, but also that encryption is a good thing, not a bad thing or a criminal thing. We are very opposed to the criminal penalties in this bill. It is doubtful that Congress even has the constitutional authority to criminalize encryption.
Page 87 PREV PAGE TOP OF DOC
Let's take an example. It is, of course, lawful to use opaque envelopes. Would it make sense to legislate 5 years in Federal prison for using opaque envelopes in connection with a crime? Would it stop the problem of bad checks if we were all forced to mail our checks in transparent envelopes? We should punish criminals for actual crimes, not for auxiliary activities that are entirely lawful and proper.
We don't want to move toward a Nation in which any State crime becomes a Federal felony merely because a computer, telephone, or other electronic device is involved. We object strenuously toward the current trend to federalizing crimes. This is offensive to our constitutional system of federalism. Considering the present status of judicial activism, Congress should be removing jurisdiction form the Federal courts, not adding to their jurisdiction.
We object to the implication that encryption is somehow suspect. Strong encryption is one of the greatest achievements of the information age. It means we will be able to talk on the telephone with assurance that no one is eavesdropping. It means we can exchange E-mail, make purchases, and invest our money in privacy because snoops cannot decode data traffic, even if they gain access to a network.
It should be the policy of the United States to encourage wide dissemination of strong encryption technology. I thank the sponsors of H.R. 695 for recognizing the importance to individuals of unrestricted cryptography, and I hope the bill will be amended to remove criminal deterrence to using cryptography.
Thank you, Mr. Chairman.
Page 88 PREV PAGE TOP OF DOC
[The prepared statement of Mrs. Schlafly follows:]
PREPARED STATEMENT OF PHYLLIS SCHLAFLY, PRESIDENT, EAGLE FORUM
My name is Phyllis Schlafly. I'm president of Eagle Forum, a national volunteer organization concerned with public policymaking on many issues, including constitutional issues. Thank you for inviting me to present our views on H.R. 695 and cryptography. Our home page on the Internet is at www.eagleforum.org.
Advances in computer technology have been wonderful in so many ways, but they are also constantly eroding our personal privacy. Massive databases are now keeping track of our phone numbers, addresses, income, credit records, medical histories, and purchases. With everything connected to the Internet, the only way to keep our information private is to avoid computers (which is impossible), or to encrypt it.
Encryption should be recognized as a fundamental right. I believe that our right to speak in private (whether in English, a foreign language, or in code) is protected by the First Amendment to the U.S. Constitution, and that the government cannot regulate or limit that right without seriously eroding our fundamental civil liberties.
I thank Congressman Goodlatte and the other sponsors of this bill for recognizing that our rights of free speech are endangered by the Justice Department. It is a sad day to think that Americans might need permission from Congress to have a private conversation! It should not be necessary for Congress to pass a law declaring that encryption is lawful.
Page 89 PREV PAGE TOP OF DOC The problem is that Attorney General Janet Reno and FBI Director Louis Freeh are giving speeches advocating the regulation of cryptography and giving the government access to our computer messages. They repeatedly demand that the government be able to get a key to our telephones and computer systems.
Mr. Freeh even says that encryption poses a ''threat to public safety.'' On the contrary, the threat to public safety comes from the lack of encryption and the demands of Justice Department officials to have a key so they can read our private messages.
Are we worried about the Justice Department abusing its power to eavesdrop on our computer messages? You bet we are. The misbehavior of the FBI in so many areas, and the coverups that followed, have been shocking to Americans who like to support law-and-order. The FBI abuses are such that, to give the FBI access to our computer messages would be a long, dangerous step toward making America a totalitarian state.
We are also very concerned that a ban on ''mandatory key escrow'' might not preclude the government from other coercive key escrow plans, deceptively called ''voluntary.'' The Federal Government is notorious for using all sorts of weapons, including intimidation and funding incentives, to make something mandatory while they are loudly proclaiming it to be ''voluntary.'' The right of the individual to privacy would be meaningless if the telephone companies ''voluntarily'' agree to key escrow.
I believe it is not only important to recognize that encryption is a right of free speech, but also that encryption is a good thing, not a bad thing or a criminal thing. We are very opposed to the criminal penalties in this bill. It is doubtful that Congress even has the constitutional authority to criminalize encryption.
Page 90 PREV PAGE TOP OF DOC
Let's take an example. It is, of course, lawful to use opaque envelopes. Would it make sense to legislate five years in federal prison for using opaque envelopes in connection with a crime? Would it stop the problem of bad checks if we were all forced to mail our checks in transparent envelopes? We should punish criminals for actual crimes, not for auxiliary activities that are entirely lawful and proper. We don't want to move toward a nation in which any state crime becomes a federal felony merely because a computer, telephone, or other electronic device is involved.
We object strenuously to the current trend toward federalizing crimes. This is offensive to our constitutional system of federalism. Considering the present status of judicial activism, Congress should be removing jurisdiction from the federal courts, not adding to their jurisdiction.
We object to the implication that encryption is somehow suspect. Strong encryption is one of the greatest achievements of the information age. It means we will be able to talk on the telephone with assurance that no one is eavesdropping. It means we can exchange E-mail, make purchases, and invest our money in privacy, because snoops cannot decode data traffic even if they gain access to a network.
It should be the policy of the United States to encourage wide dissemination of strong encryption technology. I thank the sponsors of H.R. 695 for recognizing the vital importance to individuals of unrestricted cryptography, and I hope the bill will be amended to remove criminal deterrents to using cryptography.
Page 91 PREV PAGE TOP OF DOC Mr. GOODLATTE. Thank you, Mrs. Schlafly.
STATEMENT OF IRA RUBINSTEIN, SENIOR CORPORATE ATTORNEY, MICROSOFT CORP., ON BEHALF OF THE BUSINESS SOFTWARE ALLIANCE
Mr. RUBINSTEIN. Good morning, Mr. Chairman. My name is Ira Rubinstein. I'm a senior corporate attorney at Microsoft. I'm testifying this morning on behalf of the Business Software Alliance, an association of leading software publishers, including Adobe, Apple, Novell, Lotus, and Microsoft, and others.
I want to thank you, Mr. Chairman, for sponsoring the SAFE Act and also thank other members of the subcommittee, the full committee, and the total of 61 cosponsors of this important legislation.
In my remarks this morning I'm going to emphasize an aspect of this debate that has not received sufficient attention; namely, the mass market software perspective. The Business Software Alliance companies, including Microsoft, are sellers of mass market software products. That means that there are millions and tens of millions of users of these products.
At Microsoft, for example, more than 75 percent of our revenue is derived from sales to small and medium organizations and to individual end-users. These customers are not in a position, nor do they have the expertise or resources, to use complex and costly encryption systems. Rather, they make purchasing choices based on cost, ease of use, convenience, and general availability of the product.
Page 92 PREV PAGE TOP OF DOC
The mass market software industry has invested millions of dollars in developing a distribution system to deliver products to these customers, including preloading products on computers, selling them at retail through value-added resellers, and, more recently, through electronic, online distribution. I emphasize this aspect because I think the SAFE Act takes account of it, while the administration's new policy fails to. Let me say why.
In particular, the SAFE Act recognizes the mass market segment in two ways: first, by recognizing the core principle of user choice, allowing Americans to select whatever encryption is most appropriate to their needs, and, second, by allowing for the expert of generally-available software, and recognizing that it's impossible to control software products that are inherently uncontrollable. And I would simply add here that the mere fact that a software product has encryption features does not suddenly make it controllable. It remains inherently uncontrollable.
The administration policy, on the other hand, fails to solve the encryption impasse in large measure because it does not recognize the mass market aspect. To begin with, it does provide for easy export of 56-bit products, contrary to the testimony heard earlier today. It imposes licensing conditions on 56-bit products that are quite burdensome, and it also conditions export of those products on a commitment to develop Government-defined key recovery systems. These key recovery systems are not market-driven. It is true that there is a growing demand by customers for key recovery of stored data, provided that the customers have complete control over who holds the key and who has access to the decryption key.
The Government wants to extend this market demand to communicated data, which greatly adds cost and complexity to the products, and it also wants to control or dictate the approval of who can hold a key. I would go so far as to say that the Government's policy does not really serve law enforcement objectives, and I would make the suggestion that the best thing the Government can do now to serve those objectives is simply to stand aside and let the mass market software industries sell products that already contain key recovery features. The simple reason for that is as follows:
Page 93 PREV PAGE TOP OF DOC
The only way to achieve the law enforcement objectives of taking advantage of key recovery features is if those products are used. If they are not popular, if they are not bought, if they're not used, then it makes no difference what the requirements are for key recovery because when law enforcement needs to take advantage of these features, they will find that the product has not been used and no keys are available to recover.
So, again, I want to express my appreciation for the chairman's work on this bill, and I would ask the committee to take full account of this mass market perspective in reviewing the bill. Thank you.
[The prepared statement of Mr. Rubinstein follows:]
PREPARED STATEMENT OF IRA RUBINSTEIN, SENIOR CORPORATE ATTORNEY, MICROSOFT CORP., ON BEHALF OF THE BUSINESS SOFTWARE ALLIANCE
Good Morning. My name is Ira Rubinstein, and I am a Senior Corporate Attorney with Microsoft Corporation at its headquarters in Redmond, Washington. Over the past twenty years, Microsoft has sought to empower personal computer users by developing software that makes it easier for them to use their PCS at home and at work for an increasing number of purposes. In pursuit of this goal, Microsoft has grown, changed, adapted and reinvented itself continuously today we employ nearly 19,000 people, approximately 9,000 of which are located at our headquarters in Redmond, Washington. We are now one of the leading software publishers with products ranging from operating systems, to applications software such as word processing and spreadsheet programs, to software development tools and programming language products that help people develop and write creative software, and to an Internet on-line service, the Microsoft Network (''MSN'').
Page 94 PREV PAGE TOP OF DOC I greatly appreciate the opportunity to appear today before this Committee on behalf of the Business Software Alliance (''BSA''). The Business Software Alliance promotes the continued growth of the software industry through its international public policy, education, and enforcement programs in 65 countries throughout North America, Europe, Asia, and Latin America. BSA worldwide members include the leading publishers of software for personal computers including Adobe, Apple Computer, Autodesk, Bentley Systems, Lotus Development, Microsoft, Novell, The Santa Cruz Operation, and Symantec. BSA's Policy Council consists of these software publishers and other leading computer technology companies including Computer Associates, Compaq and Sybase.
But we really are here today to speak on behalf of the tens of millions of users of American software products. The American software industry has succeeded because we have listened and responded to the needs of computer users worldwide. We develop and sell products that users want and for which they are willing to pay.
One of the most important features computer users are demanding is the ability to protect their electronic information and to communicate securely worldwide. American companies have innovative products that can meet this demand and compete internationally. But there is one thing in our way the continued application of overly broad, unilateral, export controls by the U.S. Government.
For that reason BSA strongly supports H.R. 695, the Security and Freedom through Encryption (SAFE) Act. Right at the start I want to commend Representative Goodlatte for his vision and leadership in introducing this bill. I want to thank you, Chairman Coble, for your support and willingness to hold a hearing on this bill so quickly. I also want to recognize the other members of this Subcommittee who have cosponsored the billRepresentatives Conyers, Sensenbrenner, Bono, Pease, Cannon, Boucher, and Lofgren. You also have been joined in cosponsoring the bill by a number of other members of the Judiciary CommitteeRepresentatives Gekas, Smith, Inglis, Bryant, Chabot, Barr, Jackson Lee and Waters. Although hearings in both the House and the Senate occurred last year, there was insufficient time to move the legislation forward. By starting early this year, we are hopeful that legislation will be enacted in the very near future. Certainly, the 61 total co-sponsors to date is indicative of broad bi-partisan support.
Page 95 PREV PAGE TOP OF DOC I also want to thank Senator Burns for introducing S. 377, the Promotion of Commerce OnLine In The Digital Era (Pro-CODE) Act, and Senator Leahy for introducing S. 376, the Encryption Communications Privacy Act (ECPA).
While these bills differ in some respects, they all modernize export laws regarding software and hardware with encryption capabilities to permit American software companies to compete on a level international playing field and to provide computer users with their choice of adequate protection for their confidential information.
THE IMPORTANCE OF THE AMERICAN SOFTWARE INDUSTRY
Today, computer usersour customersenjoy unprecedented access to information that is changing the way we all live and work. This is true whether users are in the largest of cities or the most isolated of rural communities. Importantly, the Global Information Infrastructure, which is driving the current ''Information Age,'' is made possible by software that routes data and helps users navigate oceans of information. Fortunately, to date, the U.S. computer software industry has been the world leader.
Indeed, the incredibly dynamic U.S. computer software industry is an American success story. Since 1980 the industry has grown seven times faster than the rest of the economy and today is now larger than all but five manufacturing industries. Conservative estimates are that more than 1.2 million are employed in the software, hardware and semiconductor industrieswith more than 500,000 people in the computer software industry alone. This economic success has fueled research and development and spurred the creation of numerous market-leading products.
The computer software industry is one of our country's most internationally competitive. American-produced software accounts for over 70 percent of the world market in software, with exports of U.S. software programs constituting half of many software companies' revenues. The incredible growth of the industry and its exporting success benefits America through the creation of highly skilled, well-paid jobs here in the United States.
Page 96 PREV PAGE TOP OF DOCTHE NEED FOR IMMEDIATE EXPORT CONTROL RELIEF
1. The Importance Of Encryption
Strong encryption becomes critical in a networked world. Today, millions of personal computers are connected through private LANs and WANs and the public Internet. Companies, governments and individuals are now realizing that they can no longer protect data and communications from intruders by relying on securing physical access to computers or relying on stand-alone centralized mainframes.
Strong encryption is essential to protect the confidentiality and privacy of sensitive personal and confidential business electronic information, as well as ensure its authenticity and integrity. Without encryption, businesses and individuals will not entrust their valuable proprietary information, creative content, and sensitive personal information to electronic networks and risk unauthorized disclosure, theft or alteration of their information or transactions. The promise and potential of the Global Information Infrastructure simply will not materialize. Companies will hesitate to design new products or work collaboratively from remote locations. A routine visit to the doctor becomes an invasive procedure unless your records can be kept private. Electronic banking and commerce will not happen ''on-line'' without strong encryption.
The widespread use of encryption is also necessary to protect our national and economic security. Without encryption, the electronic networks that control such critical functions as airline flights, health care functions, electrical power and financial markets remain highly vulnerable. Indeed, the U.S. General Accounting Office in its report issued in May of 1996 entitled ''Information Security: Computer Attacks at Department of Defense Pose Increasing Risks,'' found that: computer attacks are an increasing threat, particularly through connections on the Internet; that such attacks are costly and damaging; and that such attacks on Defense and other U.S. computer systems pose a serious threat to national security.
Page 97 PREV PAGE TOP OF DOC For all these reasons, computer users worldwide are demanding stronger encryption to protect the security and privacy of their electronic information. American computer software and hardware companies have responded by developing programs and products with strong encryption features.
2. The Problem With Current Unilateral U.S. Export Controls
Currently, there are no restrictions on the use of cryptography within the United States. However, the U.S. Government maintains strict unilateral export controls on computer software which offers strong encryption capabilities. Therefore, while we can provide programs with strong encryption to customers in the United States, we cannot sell and they cannot use those same programs overseas. This is problematic for international customers because they need global interoperability; and it is problematic for U.S. software companies because foreign customers refuse to purchase weaker versions of an encryption product and it is very costly to develop, market and distribute two versions of a program worldwide.
American software companies have been unable to upgrade the strength of their encryption beyond the 40-bit key length level set in 1992despite an Administration commitment at that time to increase key lengths regularly to take into account technological and market developments. This 40-bit level ignores the facts that:
I. The current world benchmark is at least DES (56-bit keys) and triple-DES (112-bit keys) and 128-bit key RC4 are increasingly common;
II. Hundreds of alternatives are available from foreign manufacturers and off the Internet (about half using DES or stronger encryption); and
III. 40-bit encryption is increasingly vulnerable to commercial attack.
Ironically, the people most harmed by the Administration's export controls are American companies and American computer usersa perfect example of ''the tail wagging the dog.'' Because exports account for over one-half of the American software industry's revenues, U.S. software companies mostly focus their efforts on software which can be shipped both domestically and abroad. The effect of the Administration's policy is thus to limit the effectiveness, variety and availability of encryption products in the United States.
Page 98 PREV PAGE TOP OF DOC Also, American companies face a strong competitive disadvantage overseas and are losing encryption product sales. If an encryption product is combined with other applications such as Internet browsers and servers, U.S. companies may lose both sales. One recent study estimates that by the year 2000, the computing industries' revenue losses due to U.S. export controls will be $60 billion annually. Thus, the Administration's policy is harming the U.S. industry's international competitiveness. America's software companies should not be forced to play catch-up in a market which they currently dominate with a 70 percent worldwide market share.
In short, the inability of American software and hardware companies to supply their users with strong encryption to meet their legitimate needs for information security directly threatens the continued success of our industry. Moreover, it means American computer users' electronic information remains vulnerable. Finally, and perhaps most importantly, U.S. export controls threaten to dislodge continued American leadership in developing not only the Global Information Infrastructure, but the next generation of security technology.
A. The Current World Benchmark Is At Least 56-Bit DES, With Triple-DES and 128-Bit RC4 Increasingly Common
The Data Encryption Standard (DES) algorithm with 56-bit key lengths was developed by government and industry in the 1970s. It remains the U.S. Government's standard for unclassified confidential information (although it appears to be wearing thin). Thus, all the proposed ''Internet Protocols'' addressing security call for encryption at least at the 56-bit DES level and recognize the growing popular demand for ''triple DES'' (112-bit keys) and the RC4 algorithm with 128-bit keys.
It is essential to understand that the backbone of the Global Information Infrastructure is the Interneta network of networks not controlled by any one government or organization. In the last few years, American companies have recognized that they must adapt their business plans to work with the Internet, rather than instead of, or even in addition to, the Internet. Companies wishing to provide software for, or do business on, the Internet must acknowledge such standards if their products or services are to have any chance of gaining widespread acceptance.
Page 99 PREV PAGE TOP OF DOC
B. Continued Unilateral U.S. Export Controls Have Not Been Effective in Restricting The Availability of Foreign Encryption Products
Continued unilateral U.S. export controls have not been effective in restricting the availability of encryption abroad. Foreign software and hardware manufacturers have seized the opportunity to create sophisticated encryption products and to capture sales. A 1996 Department of Commerce study confirmed the widespread availability of foreign manufactured encryption programs and products. An on-going industry study reveals that as of January 1996, there were 497 foreign programs and products available from 28 countries, 193 of which employ DES. (There are also 684 American programs and products330 with DESreadily transferable abroad with a modem and public telephone line.)
I would like to mention just two specific examples with respect to foreign availability of encryption products. First, the UNIX-based Apache Server is the number-one Internet server product, with a 43 percent market share, up from 29 percent market last April. Stronghold, a U.K. company, markets a secure version of Apache that incorporates a protocol for secure communications at 128-bits. Second, we have identified at least one-half dozen foreign software companies (in Germany, Belgium, Switzerland, the U.K., Ireland, and Australia) who have responded to local customer demand for stronger encryption products by developing add-on products that easily allow anyone with a Web browser to download software off the Internet and thereby upgrade their ''export-crippled'' U.S. products from 40-bits to 128-bits. These vendors have recognized the void created in Internet security products by U.S. export controls and have responded accordingly. Moreover, in developing these add-on products they neither require nor depend upon any technical assistance from U.S. companies. To the contrary, they utilize standard programming techniques and free, public-domain versions of encryption algorithms and Internet security protocols to develop products that completely avoids U.S. export controls. Is any clearer evidence needed that the genie is out of the bottle?
Page 100 PREV PAGE TOP OF DOC The General Accounting Office also confirmed in 1995 that sophisticated encryption software was widely available to foreign users on Internet sites hosted outside the U.S.. For example, Pretty Good Privacy (''PGP'')with 128-bit keysis available for free on the Internet and is soaring in popularity. Moreover, individuals may easily transmit U.S. developed programs overseas using a modem and the public telephone network without fear of detection. Clearly, the Administration's export controls are in no way preventing foreigners, let alone those with criminal intent, from obtaining access to encryption products.
C. 40-bit Encryption Is Increasingly Vulnerable To Commercial Attack
Finally, we believe that there can be little dispute that information encrypted at the 40-bit level no longer provides sufficient protection against even casual hackers using idle computers. Students with Ecole Polytechnique in France and at our own MIT have successfully performed ''brute force'' attacks on 40-bit encryption. Also, more recently at the RSA encryption conference held in January, a student from University of California at Berkeley responded to RSA's challenge and decrypted a 40-bit encrypted message in only 3 1/2 hours. Indeed, a report released last year by seven leading private sector cryptologists and computer scientists highlighted the vulnerability of 40-bit keys to commercial attack.
3. The NRC's CRISIS Report Echoes These Views
As you know, in its May 1996 CRISIS Report (''Cryptography's Role in Securing the Information Society''), the blue ribbon National Research Council (NRC) Committee called for U.S. policies which foster the broad use of encryption technologies. The Committee's report echoes what industry has been saying for several years regarding the need for export control relief. Importantly, the Committee concluded that as demand for products with encryption capabilities grows worldwide, foreign competition could emerge at levels significant enough to damage the present U.S. world leadership in information technology products. The Committee felt it was important to ensure the continued economic growth and leadership of key U.S. industries and businesses in an increasingly global economy, including American computer, software and communications companies. Therefore, the Committee called for an immediate and easy export ability of products meeting general commercial requirementscurrently the 56-bit DES level encryption. The Committee also noted that this would have to be updated periodically.
Page 101 PREV PAGE TOP OF DOCTHE ADMINISTRATION'S ''NEW'' POLICY IS NO SOLUTION
On October 1, 1996, the Administration announced a new encryption policy claiming that it would let industry take the lead in developing a worldwide key management infrastructure and purporting to make it easier to export 56-bit encryption products. This had been the strong recommendation of an expert National Research Council Committee (after a two year study) and many in the private sector hoped that the Administration had decided to follow that advice.
On November 15, 1996, the Administration transferred all commercial encryption items listed on the State Department's U.S. Munitions List to the Commerce Department's Commerce Control List. However, while this transfer of jurisdiction should have resulted in easier exporting, the Administration continued to impose many of the same stringent national security and foreign policy controls traditionally applied to munitions! For example, the provisions minimizing export controls when U.S. companies demonstrate the availability of similar products from foreign sources, or the publicly availability of such products, are deemed inapplicable for encryption items. In short, the forum changed, but not the substance.
On December 30, 1996, the Department of Commerce's Bureau of Export Administration issued an interim rule amending the Export Administration Regulations (''EAR'') to further implement the Administration's policy. Unfortunately, the result fails to deliver on the Administration's earlier promises. The regulations do not offer easy export of 56-bit encryption products. Moreover, the regulations offer no assurances that a variety of market-driven, commercially-developed, voluntary ''key recovery'' or ''data recovery'' products using longer key lengths can be exported.
The Administration's policy does not offer easy export control relief. The new regulations do not permit the easy export ability of 56-bit encryption products as called for by the National Research Council in its May 1996 CRISIS Report. Instead they only permit the export of such products for up to 2 years if companies commit to produce or market ''key escrow'' or ''key recovery'' products that meet governmentas opposed to market-basedrequirements. Moreover, companies must submit a detailed business and marketing plan for government approval and pass a progress report every six months in order to be allowed to continue exporting 56-bit encryption products in the interim. (After two years, companies will be limited to servicing and supporting existing customers of already existing 56-bit products.) This requirement for 6-month renewable licenses subject to ongoing U.S. Government review is burdensome and intrusive and may serve as a disincentive to software vendors who might otherwise be interested in developing key recovery products.
Page 102 PREV PAGE TOP OF DOC The Administration's policy permits U.S. software and hardware manufacturers to export strong encryption only if their products provide the encryption key (''key escrow'') or other decryption means (''key recovery'') (1) in advance, (2) to a government approved third party, (3) who could decrypt a user's stored data and communications if the Government so demands pursuant to court order. Unfortunately, the export ability of market-driven, commercially-motivated, stored data recovery products remains very uncertain. The regulations also generally ignore the realities of mass-market software distribution. Mass-market software publishers have invested hundreds of millions of dollars in developing multiple distribution channels such as OEMs (i.e., hardware manufacturers that pre-load software onto computers), value-added resellers, retail stores and the emerging channel of on-line distribution. The mass-market distribution model presupposes that software publishers will take full advantage of these multiple channels to ship identical or substantially similar products worldwide (allowing only for differences resulting from localization) irrespective of specific customer location or characteristics. But the regulations require specific knowledge of customers in order to qualify them as key recovery agents and impose reporting and record keeping requirements that are ill-suited for mass market products. Compliance with these requirements would be impossible without substantial changes in current methods of software distribution as well as the collection of downstream information that is neither readily available nor of any obvious utility to enforcement officials.
The Administration's policy is flawed and ultimately self-defeating. The Administration's plan appears to differ significantly from the voluntary key recovery or data recovery functions for stored data desired by customers.
There has been much discussion about obtaining access to the keys with which users encrypt information. For example, it is certainly possible to envision companies or organizations wanting access to the keys of their employees in order to recover encrypted information generated in the course of their work. Several U.S. vendors offer commercial products that allow someone within the organization, or a third party voluntarily entrusted by that organization, to access the decryption key under defined policies. Individuals at home also might want the convenience and assurance of recovering their information in the event that they forget or lose their key.
Page 103 PREV PAGE TOP OF DOC But unlike government key escrow or key recovery proposals, the commercial demand for key recovery or data recovery encryption is limited to stored data (including e-mail, which is a ''store and forward'' product). It does not extend to real-time communications, for several reasons:
Users of commercial encryption applications have little reason to recover the ''session'' keys used to protect their communications. If the communications is successful, senders and receivers of encrypted communications already have access to plaintext; if it is unsuccessful, the easiest and most obvious solution is simply to re-send the encrypted communications using a new session key.
A number of popular Internet protocols generate new session keys each and every time a user connects to a Web site or communicates in any way over the Internet. Thus, hundreds of millions of Internet and intranet users will create hundreds of billions of session keys, and these numbers will grow by orders of magnitude as the expected communication revolution pushes more people online.
Developing and maintaining a key management infrastructure for storing and retrieving this vast number of communication session keys adds cost and complexity to encryption systems, and primarily benefits law enforcement agencies engaged in surveillance activities.
Furthermore, permitting a user to recover data is not the same as forcing them to provide a key or other decryption means to a third party who must be approved by the U.S. Government.
In addition, the Administration's new regulations are too tenuous for many of our companies to invest in developing mass market encryption products that meet the requirements of the Administration's plan. It also is unclear how the plan would work for millions of small and medium-size businesses or individuals who may lack the expertise and resources of large corporations and government agencies. Companies are unlikely to develop products if they are unsure that they will be purchased and would be approved for export.
Page 104 PREV PAGE TOP OF DOC I would note that for all these reasons, the NRC Committee recommended a policy of ''deliberate exploration'' for key escrow and key recovery, rather than one of ''aggressive promotion.'' We couldn't agree more.
In order for any encryption policy to succeed, it must be market-driven. It must be flexible and recognize that encryption is used by individuals in a wide variety of settings and for a broad range of purposes (e.g. user authentication and integrity checks, stored data, financial applications, communications).
Importantly, to the extent that key recovery or data recovery encryption products are widely used, then much information will be available to the government for law enforcement purposes under appropriate judicial proceduresjust like physical property, including memoranda, letters, and files, is today. But users must see the value of key recovery features and want to use them. Whereas if the government mandates undesirable encryption products, the likely result is that no one will use products implementing these features thereby frustrating law enforcement objectives. In short, any key recovery system must result from a user-driven, market-led process. It cannot be a mandated, government-designed, top-down, one-size-fits-all, complicated solution.
The Administration's policy is an attempt to use export policy to control the domestic use of encryption. As the Congressional Research Service recently stated, ''[u]sing the export process to restrain the availability of strong encryption remains a core principle of Clinton Administration policy.'' There can be little doubt about the real thrust of the Administration's policy: indeed, in 15 pages of detailed Federal Register text, there is only one sentence that addresses who can be an acceptable foreign key agentpresumably of great interest to foreign users! As I explained earlier, the domestic software industry makes approximately one-half of its revenues through exports, and customers are increasingly demanding uniform encryption capabilities; therefore, most mass-market software and hardware is designed to offer the same encryption capabilities both domestically and abroad. Thus, this new policy effectively forces domestic encryption hardware and software into the Hobson's choice of maintaining separate products lines for the domestic and international markets or complying with the Administration's export restrictions. Moreover, the FBI has said it is willing to seek legislation mandating domestic encryption restrictions if the effort to leverage export controls fails.
Page 105 PREV PAGE TOP OF DOC The Administration's new policy will soon be tested. Finally, we wanted to take the opportunity to inform you that two weeks ago a BSA member company, Sybase, submitted an export application for a software product which encrypts both stored data and electronic communications. A user of this product may choose to permit one or more user-selected (and not necessarily government approved) third parties to have access to the keys used for encrypting stored data (but there is no such feature for communications).
The December 30th regulations state that the Administration may approve the export of ''recoverable encryption'' products which allow government access to unencrypted data and communications pursuant to court authorization without the knowledge of the user. However, the regulations provide no guidance or guarantees for exporting such products. Hence the need for a ''test case'' to determine whether the Administration will approve exports of market-driven encryption products for which there is identified commercial demand. We look forward to determining whether this type of ''recoverable encryption'' product will be exportable under License Exception pageKMI.
BSA STRONGLY SUPPORTS PENDING LEGISLATION BECAUSE IT PROVIDES NEEDED EXPORT CONTROL RELIEF
The SAFE, Pro-CODE and ECPA bills recognize as a fundamental proposition that the United States should not try to control the export of something that is, by its very nature, uncontrollable. It makes little sense for our government to require individual export licenses for the export of mass market software when it is generally available to the public in retail outlets, pre-loaded on computers, over the Internet, and in the public domain. Nor should computer hardware be so controlled simply because it incorporates such software. In short, it makes little sense to continue trying to control exports of software that is already available to millions of people, and nothing about encryption software alters this conclusion: it is still software and still easily and readily available on a worldwide basis.
Page 106 PREV PAGE TOP OF DOC Importantly, the bills do permit the Secretary of Commerce to continue preventing exports to countries of terrorist concern or other embargoed countries pursuant to the Trading With The Enemy Act or the International Emergency Economic Powers Act.
The bills provide that if strong encryption products have been permitted to be exported to foreign banks, then they should be exportable to other foreign commercial purchasers in that country. Note that the type of software and hardware we are talking about here is a ''custom'' product (if it were generally available it would not need an individual license under the bills other provisions). Because it is at least theoretically possible to control such exports, the question then occurs as to what should be the allowable level of encryption.
Once again, the bills do contain safeguards when relaxing export controls for such productsthe Secretary of Commerce is not required to permit such exports if there is substantial evidence that the software will be diverted or modified for military or terrorist use or re-exported without requisite U.S. authorization.
Finally, I do want to note that we believe the sponsors and supporters of the various bills have made a wise decision in seeking to make explicit what is now implicit under existing laws that there is not and should not be any restriction on the domestic use, choice or sale of strong cryptography. Some argue that it is already law because there is nothing to the contrary. That is correct nevertheless we believe that it is important and helpful to explicitly reaffirm the rights of Americans in this area.
U.S. export controls prevent American software and hardware companies from supplying their customers with strong encryption to meet their legitimate needs for information security and thereby directly threaten the continued success of our industry. Moreover, because U.S. vendors invest more heavily in developing products for worldwide markets, export controls also delay the introduction of sophisticated security products in the U.S. market, leaving American computer users electronic information vulnerable to hackers and other intruders. U.S. export controls also threaten to dislodge continued American leadership in developing the Global Information Infrastructure.
Page 107 PREV PAGE TOP OF DOC One last and very important point. The interests of computer users, hardware and software companies and privacy groups are not opposed to those of law enforcement and national security. As the NRC Committee found, encryption prevents crime by protecting the trade secrets and proprietary information of businesses and correspondingly reducing economic espionage. Encryption also promotes the national security of the United States by protecting nationally critical information systems and networks against unauthorized penetration. Thus, the Committee found that on balance the advantages of more widespread use of encryption outweighed the disadvantages and that the U.S. Government has ''an important stake in assuring that its important and sensitive ... information ... is protected from foreign government or other parties whose interests are hostile to those of the United States.''
The time for action is now. In order to keep American vendors on a level international playing field and American computer users adequately protected export controls must be immediately updated to reflect technological and international market realities.
Mr. GOODLATTE. Thank you.
Ms. Katz, welcome back. You were with us last year, and we are pleased to have you again and look forward to your testimony.
STATEMENT OF ROBERTA KATZ, SENIOR VICE PRESIDENT, GENERAL COUNSEL, AND SECRETARY, NETSCAPE COMMUNICATIONS CORP., ON BEHALF OF INFORMATION TECHNOLOGY ASSOCIATION AND SOFTWARE PUBLISHERS ASSOCIATION
Ms. KATZ. Thank you very much. I'm glad to be back, and I very much appreciate the opportunity to testify once again on this extremely important matter, which bears very directly on how Americans will live and work in the information age.
Page 108 PREV PAGE TOP OF DOC
The real issue here, as the chairman pointed out before, is how quickly and effectively we can implement information security into our networks. The system of export controls promulgated by the administration is hindering information security. The proposed legislation will help us have information security faster.
I want to point out that we are here in a noncombative spirit. We have been working closely with the administration to come up with a technology solution that will meet market demand for key recovery and nonrecovery products as well, and still meet the Government's very legitimate and essential need to protect law enforcement and national security.
But we've always said that the answer to the problem here does not lie in the export regulations, because those regulations presume the existence of a unified global key recovery system that we believe simply cannot be built in the foreseeable future. It would be way too complex and way too costly for any entity, even a vast, intergovernmental, global entity, to build and then support.
And so the more time we spend talking about how to build a system that ultimately cannot be built, the more harm we do to U.S. software producers like Netscape. We're talking about something that we think is really just a wish and a prayer, and in the meantime real damage is being done. It would be a real shame if U.S. industry were to lose its leadership in this vital arena due to the export controls, but that is exactly what's at stake here.
There are four points I want to make today. First, the export control regulations have fully served their purpose, and they are no longer useful. Last year's debate on this issue made the market more aware of the need for information security and encouraged U.S. industry to build key recovery features into their products sooner rather than later. That was good. We concede that point.
Page 109 PREV PAGE TOP OF DOC
We've always been in favor of a truly voluntary key recovery system, but when we say ''voluntary,'' we mean one that does not require advance Government approval. Having served their purpose, the existing regulations should now be replaced by the legislative structure provided in H.R. 695. This will allow us to freely export our products and also keep us working with the Government to help the Government maintain a state-of-the-art knowledge of encryption technologies.
My second point is that what we seek here is to produce and export products that will give all our customers the ability to secure the financial, medical, and other private information they send over the Internet. Information security is something to encourage, not forbid. Export controls will not help us catch criminals so much as they will leave our computer networks much more vulnerable to intrusion by hackers and other criminals.
My third point: the export controls won't really stop the criminals. The criminals, as we've discussed this morning, will simply reencrypt their communications within a key recovery system to avoid detection by law enforcement.
Finally, the export controls really are hurting our business. As our applications for permission to export our products are slowed in the approval process, which can take weeks or even months, and which is a lifetime in Internet time, our foreign competitors are racing ahead on an open field. Our competitors can freely sell strong encryption products into the United States, as well as outside the United States, but we can freely sell our products only within the U.S. and Canada.
Page 110 PREV PAGE TOP OF DOC And I would like to read as part of my testimony today, and, therefore, enter into the record an article that appeared in the Financial Times yesterday, March 19. The title of the article is ''Curbs on Encryption Cracked.''
Mr. GOODLATTE. You can enter the whole thing in the record and read the critical parts.
Ms. KATZ. That's what I'm going to do.
Mr. GOODLATTE. Good.
Ms. KATZ. It's very short.
''U.S. restrictions over the export of 128-bit key encryption technology remain a source of frustration for European and other organizations which need the highest security for their Internet and Intranet applications. Now Siemens Nixdorf, part of the German Siemens''it's a subsidiary of Siemens Nixdorf''has developed a new product called TrustedWeb which incorporates 128-bit public key/private key developed by Dublin-based Systems Engineering, a joint venture between Siemens and its parent. 'TrustedWeb is an independent European product and, hence, is not subject to the export restriction imposed by the U.S. Government in relation to encryption software,'says Siemens Nixdorf''Siemens Nixdorf Ireland will market the software worldwide over the Web.'' Now Siemens is not a small company.
This goes to the heart of the voluntary issue. If we can't export unless and until we have Government approval, what is voluntary about the Government's regulation scheme?
Page 111 PREV PAGE TOP OF DOC
And, finally, this leads to the heart of what I think is the ultimate question. If the export controls really won't be able to accomplish the Government's goal of stopping production of strong encryption worldwide, and if those controls are hurting U.S. industry to the clear benefit of foreign producers, isn't it time to replace the controls that don't work with a more realistic and effective way of solving our national security and law enforcement wiretapping problems? We believe that's the goal of the SAFE Act, and that is why we give it our full support. Thank you very much.
[The prepared statement of Ms. Katz follows:]
PREPARED STATEMENT OF ROBERTA KATZ, SENIOR VICE PRESIDENT, GENERAL COUNSEL, AND SECRETARY, NETSCAPE COMMUNICATIONS CORP., ON BEHALF OF INFORMATION TECHNOLOGY ASSOCIATION AND SOFTWARE PUBLISHERS ASSOCIATION
My name is Roberta Katz. I am the Senior Vice President, General Counsel and Secretary of Netscape Communications Corporation. I am pleased to state for the record that I am also here as a witness on behalf of the Information Technology Association (ITAA), an international organization of several thousand information technology product and service providers, and on behalf of the Software Publishers Association (SPA), an international organization dedicated to the protection of intellectual property and the interests of software publishers small and large.
It is an honor and a privilege to testify before the Committee today. I submit to you that while it may not seem like it at first glance, the subject of information security is one of the most important issues facing our society and, therefore, the Congress.
Page 112 PREV PAGE TOP OF DOC I believe we are at a critical juncture with regard to the Administration's policies on the subject of information security. In a narrow sense the issue is about the export of encryption technology by U.S. firms, but the ramifications of these policies are much broader, so I commend you for having this important hearing early in the 105th Congress. I believe it is time that we move the debate on this subject. We want to address in a positive way the degree to which the marketplace has responded as the Administration would have hoped, and the hope that market driven changes in the infrastructure have the concomitant benefit of addressing law enforcement and national security concerns.
If the government truly intends to micromanage a key escrow or key recovery infrastructure, its policies will be doomed to failure. Indeed, the government has accomplished all that it can realistically accomplish through the use of existing export controls, as it has pushed U.S. industry into building key-recovery programs to create and meet market demand. But there are limits to what the government can accomplish in the marketplace. We have stated consistently that there would be demonstrable demand for voluntary deployment of key recovery products for commercial use. The debate of the last year has undoubtedly accelerated this demand. At the same time there is clearly a significant demand for non-recovery products. Try as it might, the government simply doesn't have the ability to eliminate demand for non-key-recovery products.
The Administration has, through its actions, guaranteed that people who want key recovery products can choose from many capable suppliers. Without broad agreement enforceable through a multilateral organization, a world-wide government approved key recovery system will not come to fruition. Let me say again: More cannot be accomplished through the existing scheme of export controls. The Administration should take credit where credit is due, and let the marketplace develop the solutions going forward.
We will never have a perfect world. A perfect world certainly does not exist with respect to wiretap ability in telephony markets; there will surely not be a perfect solution with respect to data. It is now time to clearly recognize that and to move on. With an ear to the marketplace and our willingness to share technical information about our products with appropriate government agencies, we can and will develop solutions that are both successful in the world marketplace and provide aid to law enforcement authorities. We must change the policy of this country so that companies like mine can get on with the business of selling our products around the world and we need legislation to accomplish this. We support H.R. 695 wholeheartedly. It will bring overdue relief and allow U.S. industry to compete openly and fairly with other international developers and providers of encryption hardware and software products and services.
Page 113 PREV PAGE TOP OF DOCII. WHY THE ADMINISTRATION'S POLICIES AND REGULATIONS DO NOT WORK
A. The Administration's Current Policy: Grudging Acceptance of Yesterday's Technology While the Rest of the World Moves Ahead
The Administration's regulations try to force computer code to include some form of key recovery by restricting sale of strong encryption outside of the U.S. and Canada. Other witnesses will stress that companies have filed applications under the new regulations, and suggest this validates the new regulatory approach. It is true that some see new market opportunities, and other companies must respond to competitive pressures. Some companies will attempt to satisfy the new regulatory regime while seeking broader changes in the law. The primary reason the regulations will not work is this: while U.S. companies attempt to comply with regulations, companies such as Stronghold in the U.K., Brokat in Germany, Siemens Nixdorf in Germany and NTT in Japan are providing strong, sophisticated encryption throughout the world in a manner unimpeded by government regulation.
The current US policy on encryption exports provides companies with a 2-year interim period during which companies can export products including 56-bit DES (without key recovery) provided the following is met:
The company supplies the government (Bureau of Export Administration, Commerce Department) with a business plan outlining a 2-year plan for implementing a key recovery mechanism within the product(s) in question;
The 2-year plan should outline the proposed technical solution for key recovery, some schedules and milestones for delivering key recovery enabled products; and
Provide the government with a 6-month progress report.
The policy does not necessarily require a company to implement any specific key recovery method, rather the companies are asked to provide the plan that would work for their products and market. The policy also suggests that after key recovery has been implemented and approved by the various government agencies, the products can be exported with basically unlimited key length, provided the encryption algorithms are known. Hackers and computing power make a 56 bit solution totally vulnerable today. Cryptographers have reported as recently as last year that the minimum necessary key bit length is at least 90. Customers demand to have at least the same level of strength as U.S. customers. For communicated data that is 128 bit SSL. With non-U.S. developers such as Stronghold and Siemens Nixdorf producing and selling 128 bit SSL the benchmark is 128. There is no telling what the benchmark may be in just two years.
Page 114 PREV PAGE TOP OF DOC There is an inverse relationship between the degree of government control of information security features and the value of those features. Foreign customers and governments grow suspicious of products that fit too neatly into a U.S. government standard. They fear that it has some sort of back door for governments to creep in through or that the U.S. policy favors U.S. firms that have gone along with the policy through and through and will block out non-U.S. firms in some way. Whether or not such suspicions are substantial or permanent they are interfering with the development of the marketplace and they taint the image of U.S. firms trying to do business overseas.
B. Regulatory Processes and Timetables Stifle Businesses Who Must Operate on ''Internet Time''
To date the U.S. industry has had to suffer from uncertaintythe Administration has changed its policies four times in as many yearsand from costly and risky regulatory burdens. Small U.S. firms cannot afford the licensing process and it is inefficient for any firm to have to file and argue for a license for each non-U.S. customer. This is especially true for start-up companies like mine in relatively new industries which operate at a fast pace called ''Internet time.'' Now we have yet another regulatory experiment aimed at ''skewing the marketplace.''
The regulations require industry to participate in a two year interim process. In two years time, four to five product cycles will have come and gone. We will be on version eight or nine of our software by the end of this experiment in industrial policy making. It is our view that government regulations are retarding the deployment of market-driven solutions and technologies which might actually do more to the achieve the goals of the Administration than the regulations themselves.
The experimental and evolving nature of U.S. regulations undermine their effectiveness and hamper U.S. businesses. Mr. Reinsch told industry representatives last year at a meeting in Silicon Valley that if they don't work, the Administration would have to try something else. Also, once a license to export is obtained under the current regulations, there is nothing to prevent the license from being taken away for no clear reason, as the regulations and their process are not reviewable in Federal Court or under the Administrative Procedures Act. For this reason alone, Pro-CODE is critical. Netscape cannot afford to invest in a technology that is one day exportable and then another not. When our customers make the commitment to become a Netscape customer, they want to know that we will be there year in and year out to support the products we sell them, no matter what part of the world they are doing business in.
Page 115 PREV PAGE TOP OF DOCC. Current Polices Fail Cost-Benefit Analysis.
The cost of doing business under the U.S. policy and regulations is not defensible, and greatly outweighs the benefits of the regulations. We believe the benefits of the regulations have largely been maximized to datethat is, that the market for key recovery products has been accelerated. The costs to develop and operate an infrastructure are truly not known because, to our knowledge, nothing of this dimension has been attempted. But it is clear that those costs would be astronomical. Many of the products and services necessary to support a global public key recovery infrastructure simply do not yet exist or are only in their early stages of development.
D. Standards and U.S. Law Enforcement Interests
The Administration can incorrectly take credit for making encryption an important issue. By forcing industry to lose market leadership and sales over the past three years, industry has had to make a complex topic very plain, simple and immediate. Without the deployment of strong and sophisticated information security, both law enforcement and industry suffer. Neither wins. If there is no sophisticated encryption, data may be in the clear but it can be authenticated to and inadvertently shared with an unintended user. Without strong, interoperable encryption available world-wide, companies and individuals are unable to protect their intellectual property or private communications in the global information society.
Currently available key recovery products meet customers need for e-mail and stored data comprise an part of an infrastructure which is fortuitously consistent with the need for lawful access when appropriate procedures are followed. These features allow an employer to have access to encrypted data immediately if, for example, an employee dies, defects to a different firm, steals proprietary information, or vanishes. These functions can be achieved without mandating that keys to unlock the information be escrowed to a particular kind of third party, in a specific country, using a specific algorithm, or using government prescribed key recovery features.
Page 116 PREV PAGE TOP OF DOC Secure Sockets Layer (''SSL'') is the Internet industry standard for securing communications. The SSL protocol provides data recovery capabilities that law enforcement can utilize to get access to encrypted data through the server. The use of strong cryptography, in fact, provides strong authentication for users which, in turn, actually increases the possibility for law enforcement to obtain data pursuant to lawful procedures and to match this data to the proper person.
If the session is unencrypted, the parties can not be authoritatively identified. In telephony, wiretapping data in original form naturally contains individual identification information (e.g., the sound of a person's voice can be matched), but trying to wiretap an SSL session is not at all the same. The ability to intercept the data midstream and decrypt it in real time would not necessarily allow the data to be linked to a particular person. Even if a wiretap could be made on a telephone line that was being used to dial out to the Internet via a modem, it is not clear that a useful law enforcement objective would be achieved. If this wiretap were able to collect the keystrokes in the clear or decrypt them, and if such keystrokes indicated that the communicant were typing in a URL to a secure server in the Cayman Islands such as ''www.cashlaundry.com,'' one cannot prove from the wiretap who committed those keystrokes to the keyboard. A communicant could be mobile, use wireless technology, or route their connections through a proxy, or spoof an Internet protocol (IP) address (i.e., domain name) in order to avoid detection. Attaching identity to the client end of communications on the Internet is extremely difficult. We submit that SSL does not on balance undermine law enforcement. Rather, a security feature like SSL allows the communicants to be authenticated to the session, and the session authenticated to a particular server, which is of considerable value to law enforcement. It is one of the reasons we believe that deployment of a secure and sophisticated infrastructure will come to be viewed as a deterrent to technology-savvy criminals.
Key recoverability is an added value feature for email and certain stored data systems. In contrast, there is no user demand for this feature in the context of transmission of point to point communications. We believe that a system that attempts to escrow SSL communication session keys cannot work even if it were somehow brought into existence. Billions of session keys are being created and discarded every day, and it is inconceivable that a system could be designed which would allow useful interception of information in transit. Additionally, such a system would involve far too many additional communications, too many added key exchanges, and too many new points of attack for hackers to be useful, practical or secure.
Page 117 PREV PAGE TOP OF DOC The Internet only exists because of open, non-proprietary, non-secret, interoperable standards. Current U.S. policies make it increasingly likely that foreign manufacturers will set standards inconsistent with these objectives. Foreign manufacturers of strong encryption software such as Stronghold and Siemens market themselves by stressing the opportunities presented to them by U.S. policies which hurt us: They state that their products are available world-wide with a full 128 bit SSL function and distinguish themselves from U.S. companies like Netscape and Microsoft that are limited by the U.S. government to trivially-cracked 40 bits.
For the time being, Stronghold and other non-U.S. developers build on open standards like SSL, but there is no guarantee open standards will prevail or survive. The requirement for U.S. firms to participate in shaping the implementation of open standards as well as the standards for other components of the architecture of information security such as certificates and certificate authorities is critical. If implementation of standards is driven by non-U.S. product, there is not certainty that those developers will have any sympathy for law enforcement concerns or consumer protection, especially the concerns of U.S. law enforcement authorities.
Open, interoperable, global technical standards are the best way to provide a robust and sophisticated infrastructure that can address and balance the needs of the market with public safety. At present, U.S. policy and regulations prohibit Netscape engineers from talking to Siemens Nixdorf engineers about how to make sure each firm's implementation of SSL and SMIME interoperate with respect to how the data can be recovered and the user can be authenticated in an Intranet environment. The only way such technical discussions can occur is if Netscape files for a license and waits for approvala bureaucratic process that is costly, uncertain and possibly undermines the business relationship. The non-U.S. firm is handicapped by the uncertainty, delay and restrictions inherent in the U.S. regulatory bottleneck. Our foreign customers are law abiding citizens living in countries whose national security and law enforcement communities cooperate with their U.S. counterparts. Although we are trying to help them establish systems that can provide this critical balance, government licensing procedures hinder our ability to provide this balance.
Page 118 PREV PAGE TOP OF DOCE. Unilateral Destabilization
Foreign governments have expressed the view that the U.S. policy represents a ''unilateral destabilization of a traditionally multilateral, cooperative process.'' The lobbying efforts of Ambassador Aaron and his predecessors are of particular concern to us. Ambassador Aaron has been given the job of convincing sometimes reluctant foreign governments to adopt the U.S. key recovery plan. Simultaneously, the Administration has disseminated the view on Capitol Hill and elsewhere that the rest of the world has adopted or is moving towards adoption of the U.S. plan. The lobbying strategy of the Administration has even included telling members of Congress that foreign governments are rapidly adopting their own domestic and import restrictions. This process is not only skewed, but some of this information being disseminated is just not true.
We are trying to compete in a global marketplace. Not only won't our government help us sell our products to foreign customers, as we suggest would be more appropriate behavior, they keep us in the dark about just exactly what they are doing in their world-wide campaign. The much discussed National Research Council report, released in 1996, concluded that there was no reason to work through these policies in the darkness of government secrecy. The use of U.S. tax dollars to secretly undermine the interests of U.S. industry is confusing and frustrating to us. We appreciate the fact that Ambassador Aaron has come to our company to share information, and believe he plays a valuable role in educating industry about law enforcement rules and procedures in non-U.S. jurisdictions.
III. CURRENT RESTRICTIONS DO NOT ACHIEVE STATED OBJECTIVES
Netscape or Wal-Mart or Sears can sell any product to anybody in the world unless there is a compelling policy reason to limit that sale, and if the practical means used to enforce that policy are effective. In this case, the goal of any restrictions would be to keep something out of the hands of criminals or terrorists. We support the goal, but we can't conceive of any reason why the government still believes that the U.S. export controls prevent these benign products from coming into possession of bad people. Imagine that you are part of a criminal enterprise and that you wanted to be able to communicate securely so that the law enforcement agencies couldn't listen in. First, you might take a walk in the park and simply have a conversation. That would be hard for the government to listen in on. But if you wanted to communicate over a data network, you might obtain some product with information security features. You could walk into a store in America and buy anything you want, or you could simply download it off the Internet. If the government imposed a mandatory key recovery program supported by all governments in the world, which is unlikely, a criminal or terrorist would simply re-encrypt his communications. So the result of a key recovery system, would not be that U.S. authorities can listen in on terrorist or criminal communications. It will mean that the communicants will take other steps to avoid detection. There is a tempting story that strict export controls will allow meaningful, real time interception of communications and that all bad actions will be thwartedbut unfortunately, that story doesn't withstand scrutiny.
Page 119 PREV PAGE TOP OF DOC Computer fraud and computer-related crime rank high among law enforcement concerns. In this context, the government surely agrees that information security features are not a problem; they are the solution to a problem. The FBI has testified about the threat of economic espionage, and expressed concern that, in the post-Cold War era, foreign governments have increasingly shifted much of their intelligence focus to the business sector. Hostile intelligence efforts to pry secrets from corporate America presents a clear threat to our economic and national security. The key escrow and key recovery solutions advanced by the Administration would increase the likelihood that foreign governments and their agents would have access to the intellectual property and trade secrets of U.S. companies.
We do not want to be alarmists, but it is worth repeating that government computer systems, including those at the Pentagon, have been repeatedly penetrated. Our power grid, gas and oil pipelines, stock exchanges and related intellectual property are among potential civilian targets. It is no secret that the supposedly confidential medical records of our citizens are often maintained on insecure and vulnerable networks. Information security embedded into the infrastructure is the solution to these problems.
I believe the Administration has conceded that all but the dumbest criminals and terrorists will be able to take steps to avoid detection, even under a key recovery scheme. But the Administrations has maintained that the real purpose of a key escrow or key recovery system is to obtain communications between terrorists and criminals and legitimate institutions such as banks. The suggestion is that without a government mandated key recovery system, a criminal could conduct a transaction with a financial institution or commercial enterprise and could somehow encrypt the communication to avoid detection by law enforcement. That rationale for export controls simply does not withstand scrutiny.
First, export controls and communications between criminals and financial institutions are simply different subjects. Second, Banks and other users of communications technologies must adopt systems which allow for data recovery. If they want to stay in business very long, they won't give the keys to government agents in advance, but instead they will adopt their own procedures that provide for lawful access. Criminals can't hide the fact that transactions have taken place with legitimate institutions simply by using encryption software. Legitimate institutions maintain records that are susceptible to lawful surveillance, and such institutions obviously maintain decryption keys. Law enforcement authorities do not need key recovery schemes to determine that a communication with a financial institution has occurred, the location and identity of the communicant (assuming a secure environment) and the nature of the communications. If this ''catch the criminal when he goes to the bank'' is really the underlying rationale for the export controls, the restrictions should be lifted immediately.
Page 120 PREV PAGE TOP OF DOC Netscape is an American company and we're proud to say we are the fastest growing software company in history. We regularly communicate with top officials at the NSA, the FBI and other government agencies about our products. We are willing to share certain information with the government (and other governments, when we can get an export license from our own government) so they can do their jobs and better understand the latest technology. We do not want to hide anything, except that we must be cautious about disclosing proprietary information that would find its way into the hands of our competitors.
The new policy of the Administration has been in place for nearly three months and it is clear, from the comments filed on the Commerce Department regulations to the White House's ''Framework for Global Electronic Commerce'' section on security, that the Administration's policy is widely unpopular. When Ira Magaziner, Senior Policy Advisor to the President, spoke last week in San Francisco at a conference called ''Computers, Freedom and Privacy,'' he acknowledged that the security section, a direct reflection of the Administration's policy and regulations of encryption, was not supported by 90 to 95% of the comments received. Last year Administration officials often used the Organization for Economic Cooperation and Development (OECD) and its work on cryptography guidelines to somehow support the notion that there was international consensus for the U.S. government position on key escrow and recovery. In fact, at the last substantive meeting on the guidelines in December in Paris, the U.S. delegation's proposals to include an explicit reference to key recovery in the guidelines was rejected.
Senior Netscape executives and employees have met and continue to meet with the President and other senior officials of the Administration. We acknowledge they do not see it our way yet, but we are convinced the shortcomings of their current plan will become apparent. And then what? Will it lead to yet another series of experimental regulations? We suggest the regulatory futility must stop. The Administration has accomplished all that it is going to with the existing export control regime. They will not succeed if they proceed with the implicit goal of mandating that every customer in the world use U.S. key recovery products or if, as has been suggested, they pursue domestic controls on information security products.
Page 121 PREV PAGE TOP OF DOC Netscape strongly supports H.R. 695 and we look forward to its swift enactment this year, which will preserve our strategic interests in leading the development of the information age.
Mr. GOODLATTE. Thank you, Ms. Katz, and, without objection, the article you cited will be made a part of the record.
[The information follows:]
CURBS ON ENCRYPTION CRACKED
U.S. restrictions over the export of 128-bit key encryption technology remain a source of frustration for European and other organizations which need the highest security for their Internet and intranet applications.
Now Siemens Nixdorf Informationssysteme, part of the German Siemens group, has developed a new product called TrustedWeb, which incorporates a 128-bit public key/private key developed by Dublin-based Systems Engineeringa joint venture between SNI and its parent.
''TrustedWeb is an independent European product and hence is not subject to the export restriction imposed by the U.S. government in relation to encryption software,'' says Siemens Nixdorf.
The software, which comprises three components, is expected to be used with conventional firewall software both to protect corporate intranets against unauthorized external access, and to prevent internal access to confidential Web pages or application data.
Siemens Nixdorf Ireland will market the software worldwide over the Web.
Page 122 PREV PAGE TOP OF DOC Watching Brief is compiled by Nicholas Denton: e-mail infotech.page@FT.com; fax UK 0171 873 3196
Mr. GOODLATTE. Mr. Seybold, we're pleased to have you with us.
STATEMENT OF JONATHAN SEYBOLD, CHAIRMAN, EXECUTIVE COMMITTEE, AND DIRECTOR, PRETTY GOOD PRIVACY, INC.
Mr. SEYBOLD. Thank you.
The dark side of modern computer communications technology is it exposes our private conversations and private information to the world. Eavesdropping is simple; copying someone's intellectual property is even simpler; accessing private stored information is not much more difficult.
Fortunately, with modern cryptography, we have technology which restores the privacy that technology is taking away. That's important to emphasize. What we're talking about here is not new rights. What we're talking about here is restoring something that the technology would otherwise take away from us.
We all understand that crypto is essential for privacy of communications, privacy of data, security of electronic commerce, production of intellectual property, not just in the computer industrywe're talking about everything from banking to movies.
Weak cryptography, which may be broken by a 12-year-old with a desktop computer, or key escrow is not acceptable. The market simply will not accept something that it doesn't trust, and it doesn't trust either of those solutions. I'll come back to talk more about key escrow later.
Page 123 PREV PAGE TOP OF DOC
The answer is real industrial-strength cryptography. Everyone is using different analogies, metaphors for this; I'll throw one into the pot. The toothpaste is out of the tube. Crypto technology is available, freely available, worldwide, and the issue is really not crypto technology. The issue really is what the market is demanding, which is that this technology be packaged and built into the full range of products; and that is, indeed, what is happening overseas right now. The current Government regulations make it almost impossible for U.S. companies to compete effectively overseas, in spite of what they tell you. It is just too difficult and too cumbersome, and the overseas markets don't trust what we would export if we did comply with these regimes.
An increasing number of companies outside the U.S. can and are providing these products. We, PGP, sent teams overseas looking for these products. We have found lots of them, and they are good.
Another example of this occurred when IETF, the Internet Engineering Task Force, had a meeting in San Diego earlier this year. One of the sessions was on approving the standard for PGP MIME. At that meeting, independent people from all over the world, different countries, showed up. They had never talked to each other before. They had never seen each other before. They opened their laptop computers and they were able to interoperate and communicate securely using the PGP MIME standardwith no assistance from anybody in the United States to do that.
At the moment the United States effectively owns worldwide information technology. We are about to lose that, and we are about to lose that because of crypto. It will soon be the foreign suppliers who supply the solutions, and, therefore, the foreign suppliers who set the standards.
Page 124 PREV PAGE TOP OF DOC
The second point I want to make is thatI think people have talked about this amply so I'll make it very quicklyU.S. companies are vulnerable to industrial espionage around the world. If the administration's policy were successfuland I don't think it could be successfulif it were successful, it would mean that every government in the world would have access to communications that touched that country. If you had a foreign branch, then that foreign country would be able to access communications to and from that foreign branch. I don't think U.S. companies want that.
The third point I want to make is the right to privacy. As important as all the rest of this is, the thing which pleases us most about the proposed bill is it explicitly recognizes the rights of U.S. citizens to privacy, and that the long-term practical effect of this will be to extend these rights to people around the world. Privacy is essential to democracy. Technology is rapidly eroding our privacy. Your bill gives us that privacy back.
I'd like to make a couple of comments on comments that were made by the previous panel about the key recovery or key management infrastructure. Let's very quickly go through a couple of simple facts.
No. 1, many corporations will implement internal key recovery schemes to be able to recover their own stored data. But this is vastly different from trying to put in place a massive, global key escrow system for all external communications. We're not talking about the same thing here at all, and it's disingenuous to try to mix the two up.
No. 2, an essential part of secure communications will be directory services to manage keys, but we as an industry don't even agree on how to do this, how to put it in place, how to scale it to the size required. We have to work on this. The best way to ensure that we don't get this work done is to make sure that the Government meddles in that process. It's going to be quite a process for us to get there.
Page 125 PREV PAGE TOP OF DOC
No. 3, it is simply not true that you need key management infrastructure for authentication. People around the world are using older PGP technology for this quite well, including major corporations, without this key infrastructure, and they are getting authentication as part of that. This is simply not true.
No. 4, a universal key recovery system is simply not going to work, and it's not going to work for the kinds of things that they're saying it will work for. E-mail uses published public keys because you send something and someone receives it at a different time. The reality is that most real-time transactions don't do this. Most real-time transactions use session keys, which are generated for the session, used, and then discarded. We are talking about generating hundreds of thousands and millions of these keys a day, and no one has a clue as to how to escrow that stuff.
Thank you very much.
[The prepared statement of Mr. Seybold follows:]
PREPARED STATEMENT OF JONATHAN SEYBOLD, CHAIRMAN, EXECUTIVE COMMITTEE, AND DIRECTOR, PRETTY GOOD PRIVACY, INC.
Mr. Chairman and Members of the Committee, I appreciate the opportunity to testify on Mr. Goodlatte's bill, the Security and Freedom through Encryption Act of 1997. I would also like to take this opportunity to thank Mr. Goodlatte for his leadership on the issue of liberalizing controls on the export of encryption technology. PGP strongly supports legislation, such as the SAFE Act, that protects the sale and use of encryption technology domestically and liberalizes controls on the export of strong encryption.
Page 126 PREV PAGE TOP OF DOCABOUT PRETTY GOOD PRIVACY
I am Chairman of the Executive Committee and a co-founder of Pretty Good Privacy, Incorporated. PGP provides corporate and individual consumers with a broad array of privacy and security solutions that prevent the risk of unauthorized access to digital privacy.
Pretty Good Privacy was co-founded by myself, Dan Lynch (Chairman of CyberCash), and Philip Zimmermann, the creator of PGP, our flagship product. PGPwhich we now call PGPmailis a public key encryption software package for the protection of electronic mail.
PGP's products address three interrelated aspects of privacy. The first aspect is encryption, which prevents unauthorized individuals or organizations from reading intercepted files. Encryption basically scrambles a message, allowing only the intended recipient to unscramble the message with the use of a key.
The second aspect of privacy is authentication, which ensures that a message received originated from the correct source, and has not been altered in transition. Our products let senders include a unique digital signature with a transmission, proving that they originated the message, and that it has not been altered.
The third aspect of privacy is anonymity, which limits the extent to which an individual or corporation's identity can be tracked electronically over the Internet. This allows a company or individual to explore the Internet freely, without fear that they are sending out valuable information about themselves in the process.
Almost half of the U.S. Fortune 100 companies, and over 2 million individuals worldwide, use Pretty Good Privacy to guarantee the confidentiality and authenticity of their communications and transactions.
CURRENT ENCRYPTION POLICY
Last December, the Clinton Administration made an attempt to liberalize export controls on encryption technology and address law enforcement concerns by publishing new regulations covering the export of encryption. Under these new laws, companies may receive permission to export strong encryption only if government access to the keys is facilitated through a government-approved escrow arrangement.
Page 127 PREV PAGE TOP OF DOC We strongly oppose this government-mandated solution, for three primary reasons: 1). It threatens the competitiveness of U.S. corporations such as PGP that are the world leaders in encryption technology. 2). It ignores the serious security concerns of consumers of encryption products. 3). It compromises the privacy rights of individuals worldwide, thus prohibiting the spread of democracy.
Representative Goodlatte's (RVA) Security and Freedom through Encryption Act of 1997, which I will talk about in more detail momentarily, makes great strides toward correcting the inadequacies of the Administration's policy.
1. The Administration's Policy Threatens the Competitiveness of U.S. Corporations
The Administration's key recovery mandate wrongly assumes that the market will accept a governmental, non-market driven approach to encryption. Based on our customers' response, we do not believe that a significant market exists for encryption designed to facilitate government access to keys. Companies from other countries, including Japan and South Africa, are developing and exporting strong encryption without government-mandated escrow requirements. It is far too late to control the development overseas of this technology. That horse is already out of the team. If the Administration's policy is maintained, consumers worldwide will choose to purchase foreign encryption technology, because it will be strong, readily available, and market driven. But most importantly, they will buy foreign encryption technology because buying U.S. encryption will be like buying a safe to which another person has the key or combination.
The Clinton Administration argues that it can allay these competitiveness concerns by leveling the playing field, ie., convincing our allies not to export their strong encryption technology without an escrow system. If past is prologue, such efforts will be fruitless. In the past, the U.S. government has been unsuccessful in its efforts to convince even some of our closest allies, such as Germany, France and Japan, to control the export of high technology. In the days of CoCom (the Coordinating Committee for Multilateral Export Controls), U.S. controls on technology exports were almost always more restrictive than those of other nations. This led to the loss of key sales to foreign competitors in technologies such as supercomputers and telecommunications equipment, where U.S. industry was technologically dominant but hindered by outdated export controls.
Page 128 PREV PAGE TOP OF DOC Maintenance of the Administration's key recovery mandate will cripple U.S. leadership in the worldwide market for encryption technology.
The Administration's policy negatively affects not only the international competitiveness of U.S. encryption technology companies, but also puts U.S. companies at a competitive disadvantage in their own market. Creating and deploying two encryption standardsone for the domestic market and one for the international marketis expensive and burdensome for encryption technology suppliers, putting them at a disadvantage vis-a-vis their international competitors. In addition, maintaining two standards is burdensome for corporate users of encryption technology who must communicate both domestically and internationally.
2. The Administration's Policy Ignores the Security Concerns of Users of Encryption Technology
The theft, misappropriation and wrongful receipt of intellectual property and technology, particularly by foreign governments and their agents, directly threatens the development and making of the products that flow from that information.... For an individual, a stolen plan, process or valuable idea may mean the loss of their livelihood; for a corporation, it could mean lost contracts, smaller market share, increased expenses and even bankruptcy; and, for our Nation, a weakened economic capability, a diminished political stature, and loss of our technological superiority. Most estimates place the losses to businesses from theft and misappropriation of proprietary information at billions of dollars a year.
Within this evolving global environment in which information is created and shared instantaneously over national and global information highwaysan environment in which technology is critical to all types of industryboth the opportunities and motives for engaging in economic espionage are increasing.FBI Director, Louis Freeh, Testimony before the Senate, Select Committee on Intelligence, February 28, 1996.
As these quotes from FBI Director Louis Freeh explain, it is increasingly difficult to protect privacy and confidentiality in the information age, and increasingly important to do so. The cost of corporate and individual exposure is mounting daily. The U.S. Department of Justice estimates that annual losses related to computer security breaches in the U.S. could be as high as $7 billion. As the electronic transactions and communications increase, so will the losses, unless companies and individuals are given the tools to protect themselves from security breaches. Law enforcement officials are trying to combat these nefarious practices, but they are like doctors who try to treat the symptoms of disease, rather than giving the population a readily available vaccine. The Administration policy withholds the vaccineencryption technologythat companies and individuals need to protect their confidential information, from espionage, hackers, and criminals.
Page 129 PREV PAGE TOP OF DOC The Administration proposal does this by prohibiting the export and overseas use of U.S. encryption technologyeven between U.S. companies and their wholly owned foreign subsidiarieswithout a special license, which is virtually impossible to get for strong encryption products. Companies and individuals should have the right to protect their private and confidential transactions regardless of whether the transactions are conducted domestically or across international borders.
3. The Administration's Policy Compromises Important Privacy Rights of Individuals, and Inhibits the Spread of Democracy
Cryptography is the cornerstone of the protection of individual privacy in the Information Age. As face-to-face conversations are replaced by teleconferencing, paper mail is replaced by electronic mail, and cash transactions are being replaced by electronic commerceit becomes increasingly easy for others to eavesdrop on our private communications. This has phenomenal implications for individual rights, particularly as they relate to potentially repressive governments, whose ability to monitor and collect information on citizens has grown exponentially in the Information Age.
The Justice Department argues that its ability to investigate and prosecute criminal activity is strengthened by export controls on encryption. It could also be argued that law enforcement's ability to investigate and prosecute criminal activity would be strengthened by the repeal of nearly every one of the first ten amendments to the Constitution. Of course, no one advocates that approach. Our forefathers understood that Democracy requires a balance in favor of individual rights, and they designed the U.S. Constitution and the Bill of Rights to protect that balance.
Individual rights should not be enjoyed only by Americans, however. As the leaders and promoters of Democracy worldwide, it is our responsibility not only to protect the rights of American individuals to privacy, but also to foster the protection of those rights for citizens of the rest of the world. Phil Zimmermann, the creator of PGP, regularly receives e-mail messages from individuals and organizations which use PGPmail overseas. It is used by witnesses to report human rights abuses in repressive countries. It is used by Amnesty International. In October 1993, when the Russian government was shelling the Parliament building, Phil received a message from a man in Latvia who said:
Page 130 PREV PAGE TOP OF DOC
Phil, I wish you to know: let it never be, but if dictatorship takes over Russia your PGP is widespread from Baltic to Far East now and will help democratic people if necessary. Thanks.
Pretty Good Privacy and other U.S. corporations have the technology to export the individual right to private communications, thus contributing to the global spread of Democracy. It is essential that we be allowed to do so.
The Security and Freedom through Encryption Act of 1997
To correct these flaws in the current policy, we support H.R. 695, the SAFE Act. The SAFE Act significantly liberalizes export controls on encryption technology, addressing many of our competitiveness concerns. The SAFE Act also prohibits mandatory key escrow and codifies the right of U.S. citizens to use encryption, addressing important security and privacy concerns.
The SAFE Act contains one section in particular that PGP finds very disturbing. We are concerned that Section 2805 stigmatizes the use of encryption. The section provides additional penalties for ''any person who willfully uses encryption in the furtherance of the commission of a criminal offense ...''
PGP would like the language modified to clarify that encryption is not a crime in and of itself, that a person must be convicted of a crime before additional penalties can be imposed for the use of encryption, and that a person must be willfully using encryption with the intent of hiding evidence of a crime before the additional penalties would apply.
We are happy to work with the subcommittee staff, and with Mr. Goodlatte's office, on the specific language.
There are three other issues that we would like addressed in the SAFE Act:
Page 131 PREV PAGE TOP OF DOC1. Some of the terminology is confusing, and should be changed for simplicity's sake. For example, the use of the terms ''generally available'' is different in the legislation than it is understood under Export Administration Regulations. We would prefer that the SAFE Act use the EAR term ''mass market'' software.
2. ''De minimis'' exceptions should be reinstated for both hardware and software. The Administration's Executive Order states that foreign origin products that contain even a ''de minimis'' amount of U.S.-origin content are subject to export controls.
3. The foreign availability provisions that apply to hardware in the bill should also apply to software.
Again, we look forward to working with the staff to address these issues, and to move this legislation toward passage. Thank you again for the opportunity to testify, and I am pleased to answer any questions.
Mr. GOODLATTE. Thank you, Mr. Seybold. We also thank you for adding to our metaphor collection with the toothpaste is out of the tube. [Laughter.]
So far, we already have the horse is out of the barn; the genie is out of the bottle; the cat is out of the bag, and my favorite, which is that the administration's policy is an industrial age solution to an information age problem.
Mr. Morehouse, welcome.
STATEMENT OF THOMAS R. MOREHOUSE, PRESIDENT AND CEO, SOURCEFILE
Page 132 PREV PAGE TOP OF DOC
Mr. MOREHOUSE. Thank you, Mr. Chairman, members of the committee. Thank you for this opportunity to share my views on commercial encryption products. I'm honored to appear here before you today. Recognizing we have 11 people testifying, I'll be brief.
This debate covers three groups: civil libertarians and privacy advocates, business and industry, law enforcement and national security. A solution must embrace all parties to be successful, and we think we need a compromise. Current export policy requires key recovery for strong encryption. The SAFE legislation prohibits mandated key recovery or escrow.
My company, SourceFile, is the only company authorized to hold keys for export-approved strong encryption. So my remarks might surprise you.
Gentlemen and ladies, we think key recovery already exists. I have a credit card that has a PIN. The bank has the PIN. That's a key recovery system, and that's OK with me. I have a telephone card. The telephone company has a PIN. They can listen in; they can put any telephone calls that they want. I have a palmtop computer. One of my colleagues lost about half his data in his palmtop because he lost his password. We wish we had key recovery for our palmtops.
And the most basic piece of key recovery which we all can remember is the little magnetic keyholder that holds the spare key to your car, which is stored under the fender. Everybody has or knows one of these ideas. So we already have key recovery.
With the free use of encryption, we think people will use key recovery. They have to understand it, of course. At a recent RSA Data Security Conference, we talked to 300 or 400 makers of software. They all said, ''We need key recovery. We will use key recovery.'' The standard will come, and it is needed.
Page 133 PREV PAGE TOP OF DOC
It is a compromise. The world will evolve the system. We do not have to have a mandate. Encryption providers recognize the need for a standard.
SourceFile currently holds the most important information imaginable. We have AIDS test results. We have original software programs. We have patient records. When encryption is available and used, its owners will wantactually, they must havea trusted third party to hold the method to decrypt, just as the bank holds my PIN number.
So we endorse this legislation and want this committee to break the current logjam with this legislation. We recognize we all walk a fine line to ensure the three-party acceptance. We especially support the provision in this bill that criminalizes the use of encryption in the commission of a crime. We think that's strong medicine.
Mr. Chairman, I thank you and the other members of this committee for the privilege to appear before you, and for your attention.
[The prepared statement of Mr. Morehouse follows:]
PREPARED STATEMENT OF THOMAS R. MOREHOUSE, PRESIDENT AND CEO, SOURCEFILE
Mr. Chairman and Members of the Committee, thank you for this opportunity to share my views on commerce in encryption products. I am honored to appear before you today. As the National Research Council's 1996 study on Cryptography's Role in Securing the Information Society says, we have a policy crisis, not a technology crisisthe technology is here. Thus this hearing is both timely and extremely important.
My company, SourceFile, through its SourceKey division, is the only company authorized by the United States government to provide key recovery services for export-approved products containing strong encryption. Companies look to SourceFile as a trusted third party to protect their copyrights, trade secrets and other intellectual property. Through our source code escrow services, Fortune 1000 companies rely on us to protect their investment in mission-critical computer software. Thus, we have a keen interest in public policy that protects private intellectual property. As American citizens, we are also concerned about safeguarding our privacy, protecting our national security and preventing crime.
Page 134 PREV PAGE TOP OF DOC The debate over encryption export policy involves parties with three distinct interests: civil libertarians and free speech advocates, business and industry, and law enforcement and national security agencies. Each party has legitimate concerns and interests. Let me say up front that I believe compromise is necessary. To embrace any one party's concerns to the exclusion of others' will undermine individual liberty or U.S. leadership of the computer industry or our security as a nation, or a combination thereof. Any of these options is unacceptable to the vast majority of the American people.
Current U.S. export policy requires that a key recovery system be built into strong encryption products. The SAFE legislation sponsored by Rep. Goodlatte and co-sponsored by many of you on this Subcommittee, would effectively prohibit the Federal government from mandating a key escrow or key recovery regime. Given SourceFile's unique position as the only firm authorized to provide key recovery services, you may be surprised by my next comments.
Although my company stands to profit from the government mandate to use key recovery, I am not here necessarily to argue in favor of such a requirement.
Americans are deeply divided over the trade-offs between protecting privacy and property on one hand, and supporting law enforcement officials in the fight against crime on the other. I recently saw an Equifax/Harris poll that shows this division with respect to real time communications. Internet users split 51%49% on whether ''the government needs to be able to scan Internet messages and user communications to prevent fraud and other crimes.'' Non-Internet users agree 21 with that statement (see table).
Source: 1986 Equifax/Harris Consumer Privacy Survey, The Internet, published in Inc. Technology, 1997, No. 1, page 18.
Allowing development and use of encryption strong enough to secure Americans against invasions of privacy and economic espionage while simultaneously allowing for national defense against other forms of espionage and for law enforcement requires a delicate balancing act. I do not presume to know exactly what policy will provide the balance most Americans seek. But I do know we cannot stand still. We must break this gridlock.
Page 135 PREV PAGE TOP OF DOC The market is already leading the way, moving toward some sort of key recovery system. And whether the government requires the use of key recovery centers or not, SourceFile will be in the key recovery business because market forces demand our service. Commercial and individual users alike look to key recovery as an essential part of their key management infrastructure, and as a preferred way to secure, manage and control the administration and recovery of encrypted data files.
Encryption users simply will not risk losing access to all their secrets if they lose a key. I have never met a car owner who did not have at least one duplicate key to his car. No one wants to invest in an automobile, lose the key and be unable to open the door. Losing the key for robust encryption is far more disastrous because you cannot call a locksmith to open the door to your data.
Persons who use strong encryption do so to protect extremely valuable assets. No one in his right mind would use cryptography throughout an organization without a backup system to retrieve the information should he lose his key. To repeat, the market will demand key recovery whether government mandates it or not. The only persons who will not avail themselves of a backup system are the foolhardy. Even many criminals will want key recovery.
Concerns about encryption's effects on criminal investigations must be weighed against its benefits in crime prevention. One cannot ''lock out'' a law enforcement agency's need, with a proper court order, to intercept and decrypt an e-mail; nor should any government entity have a free end to browse and read encrypted communications. As I said at the beginning of my testimony, it is a question of finding the right balance.
For decades, American businesses have sought protection, both privately and from government, against industrial espionage. Today's electronic commerce and flow of digitized data over the Internet make invaluable information vulnerable to industrial espionage unless it is secured with strong encryption.
Page 136 PREV PAGE TOP OF DOC As the Subcommittee on Crime learned at a hearing last May, the theft of proprietary business information costs American companies from $24 billion to more than $100 billion each year.(see footnote 1) That is a wide range. But even if one assumes the lower figure is correct, it still represents an enormous hit on our nation's economic well being. One good, patented idea may generate hundreds or thousands of new jobs, and lead to the creation of new companies or even an industry. Individuals and companies must be able to safeguard proprietary information against determined economic espionage efforts.
My firm, SourceFile, is an international leader in protecting intellectual property. Hundreds of developers and user organizations from more than 20 countries rely on SourceFile to hold their program source code in escrow. As a trusted third party, SourceFile's parent company hold millions of highly confidential corporate and financial records, hospital records, and, perhaps most sensitive of all, records from AIDS tests. I mention this to make two points. First, there is precedent for third parties that are properly equipped, secured, and insured to be trusted with the most confidential information imaginable. Second, SourceFile and companies like it are bound by strict laws that protect the privacy of the persons whose records we hold. There should be and are severe penalties if a third party breaches the trust reposed in it.
SourceFile believes that the protection of private property rights dictates that severe penalties should be levied against key recovery centers that abuse the trust placed in them. Such penalties would be similar to those for banks that misappropriate or embezzle depositors' funds.
In the new information age, intellectual property is many companies' most valuable asset. For example, one of our clients designs and develops gene sequence and expression databases. Their revenue comes from leasing access to these databases. If anyone broke their encryption and stole their databases, the company's asset and market values would plummet. The means to transfer data securely is essential to this firm and a fast-growing number of others like it. Most of these firms, I might add are American and represent an important new source of employment and economic prosperity for our country.
Page 137 PREV PAGE TOP OF DOC These companies will benefit now, if they can use strong encryption worldwide. The uncertainty over what policy and what law will govern their actions inhibits them from using robust encryption.
I believe the companies who are our customers want and expect government to help them protect their intellectual property and trade secrets through vigorous law enforcement. I further believe our customers recognize there will be occasions when law enforcement will require access to encrypted data.
But for government to restrict the strength of encryption that these new information-based companies can use will either make them vulnerable to theft of their intellectual property or drive them offshore. Either way, it is an untenable policy for the United States as we move into the information age.
A graduate student at the University of California at Berkeley named Ian Goldberg proved in January that stronger encryption is needed. According to news reports, it took Mr. Goldberg only 3 1/2 hours to break the most secure encryption code the United States allows to be freely exported. He did so by linking together 250 idle workstations that allowed him to test 100 billion possible ''keys'' per hour. As far as I know, Mr. Goldberg is not a criminal of any sort. But if a lone graduate student could marshal the computing power to break this encryption, you can be certain that a foreign intelligence service, or a large corporation or even a technologically-savvy thief can do so, too.
Certainly it makes sense to maintain export controls on hardware and software for military applications as the SAFE bill does. But any attempt by government to hold back the progress of encryption technology will be futile. Microprocessor technology is advancing relentlessly. Encryption will rapidly continue to get stronger and stronger, whether it is produced in the United States or elsewhere. Even if government succeeds in retarding improvements in encryption used by law-abiding persons, those seriously determined to break the law will find sources for the strong encryption and code-breaking products they desire.
Page 138 PREV PAGE TOP OF DOC Rather than attempt to hold back the hands of time or put the Genie back into the bottle, it makes more sense to levy criminal penalties against those who use cryptography to commit a crime. The SAFE bill would do that.
Finally, we believe it is reasonable to expect key recovery centers to comply with law enforcement authorities who, through due process, present court orders for access to encryption keys. Such cooperation is analogous to telephone companies who permit officials with proper legal authorization to install wiretaps. Following this analogy, key recovery centers who obey court orders should not be liable to civil penalties for such compliance.
Mr. Chairman, I thank you and the other Members of this Subcommittee for the privilege to appear before you and for your attention. I will be pleased to answer your questions.
Mr. GOODLATTE. Thank you very much, Mr. Morehouse.
Mrs. Schlafly, I've heard the administration argue that there needs to be a cop on the Information Superhighway. What's your response to that?
Mrs. SCHLAFLY. Well, I think the panel this morning from the administration was really highly offensive. Administration spokesmen have the attitude that they might allow us to do this, that, or the other thing. I think their testimony has to be read in context with the really outrageous statements by Janet Reno and Louis Freeh in which they just want the Government to control things. It's unlikely they're going to be able to control the whole world, as evidenced by some of the other testimony here, but they sure are trying. And, no, we don't trust them.
Mr. GOODLATTE. Would you comment on the National Research Council's finding that increased use of strong encryption would enhance national security rather than diminish it?
Page 139 PREV PAGE TOP OF DOC
Mrs. SCHLAFLY. Yes, that was an excellent report, and I think they did back up the position that strong encryption is a good thing. We want people to understand that it is good. It's not suspect or possibly criminal.
Mr. GOODLATTE. Thank you.
One noted study estimated in December 1995 that failure to address the current export controls by the year 2000 will cost U.S. industry $60 billion and 200,000 jobs. Mr. Rubinstein, do you believe that this estimate is accurate?
Mr. RUBINSTEIN. I think those numbers are very difficult to calculate. Microsoft, for example, does not track lost sales, and if we did, I doubt if we would disclose them. But I am familiar with a number of cases where we have very large customers seeking licenses for anywhere from 50,000 to 100,000 copies of products where we lost those sales precisely because we could not provide 128-bit encryption.
I would also point out that, to some extent, this really misses the point. The point is that companies overseas, such as Siemens, such as a company in the U.K. called Apache, are in a position to sell secure servers without these encumbrances, and that's really putting us in a position of competing with one handwell, not even one hand tied behind our back; that's no competition.
Mr. GOODLATTE. Speaking of not wanting to announce lost salesand I certainly understand as a business why you wouldn't want to do thatisn't it also really true that this problem has been around and brewing for quite a few years now, and the industry has been reluctant to really get out in front on it, as much as they, in my opinion, should have, until the last year or so because of the fear that it will become widely known that various types of software or communications products are not as secure as people would like them to be?
Page 140 PREV PAGE TOP OF DOC
Mr. RUBINSTEIN. I think that's very much the case, and a dynamic has now played itself out. For a long time, U.S. companies sought to offer a single product worldwide because of the additional cost of supporting and distributing two products, one for the worldwide market and one for the U.S. market, and also because that would call attention to the differences. A lot of foreign customers now think of worldwide products as ''cryptolite'' and have little interest in purchasing them, and with the increased interest in the Internet, even for the domestic market, companies have decided to offer separate products within the United States. So that both Microsoft and Netscape and other leading Internet companies do offer 128-bit versions of their products for the domestic market. But I would add that those products are not as readily available as our worldwide products because we're not able to invest in the same distribution methods that I've mentioned earlier. We have to make them available in a much more tightly-restricted way, so that they don't inadvertently get exported, and that inhibits the use of strong encryption within the United States.
Mr. GOODLATTE. Thank you.
Ms. Katz, or really anybody who wants to jump in on this, some U.S. companies, in bidding for projects overseas, have lost out to foreign competitors who tell prospective clients not to deal with American firms because they will never be able to export strong encryption without key escrow. Could you relate some actual experiences with foreign competitors where the export controls have negatively impacted your ability to do business?
Ms. KATZ. I will without using names of potential customers.
Page 141 PREV PAGE TOP OF DOC Mr. GOODLATTE. Sure.
Ms. KATZ. We've definitely faced that, particularly most recently in Europe, where there's increasing awareness of the issue, and we've had large financial institutions try to work with us. We have to submit their requests for export of 128-bit products through the regulatory process at Commerce, and that process, even when we try to get the permission, is weeks and weeks with no assurance of resolution. We have several applications for export that have been pending for months, and in the interim the customer is saying, ''I've got to build my product.'' So there are actually companies in Germany, for example, that are set up now to provide independent 128-bit product, and now with this Siemens-type announcement, we'll see more and more of that.
Mr. GOODLATTE. Thank you. Anybody else want to address that?
Mr. GOODLATTE. If not, Mr. Seybold, or anybody else, if you want to jump in on this one, how quickly do we need to address the current export controls in order to maintain U.S. leadership in the global marketplace, and how soon will technology take over in the manufacture of strong encryption?
Mr. SEYBOLD. As I indicated earlier, the products are already available overseas. They are good products, and we areI think all of us here are seeing the pressure of these products grow daily. Every time we turn around we learn about more products and we encounter more situations in which customers say, ''I want to deploy on a worldwide basis. I do not want weak crypto. I do not want key escrow. I will get the solution wherever I have to get it. If you can't supply it, somebody else will.''
Page 142 PREV PAGE TOP OF DOC
Mr. GOODLATTE. OK, thank you.
At this time the Chair will recognize the gentleman from Massachusetts, Mr. Delahunt.
Mr. DELAHUNT. I have no questions.
Mr. GOODLATTE. Thank you. I do; I'll continue on, unless someone else has any questions.
What is your response to the administration's assertion that strong encryption products may currently be widely available, but they are not widely used because there is no infrastructure in place to support them? Any of you? Mr. Morehouse, I don't know if you want to take a crack at that?
Mr. MOREHOUSE. Yes, I think that is true; private industry does not want to produce something that tomorrow will not be out in the open market, will not be useful. We are struggling with our key recovery because we spend so much time filling out export approval applications and we're concerned that tomorrow we'll face a new set of applications. And you don't want to spend money as a private business when tomorrow you'll have to spend some more money on the same thing. We need a straight and narrow path. It may change, but we need everybody in alignment, at least to get this engine started.
Mr. GOODLATTE. Mr. Rubinstein.
Page 143 PREV PAGE TOP OF DOC Mr. RUBINSTEIN. Yes, if I could add to that, just in the last few months there's been a development that I think greatly changes that situation. The most widely distributed piece of software for the Internet is the browser, and in the last few months a number of foreign vendors have developed techniques for taking a U.S. browser, which on their Web pages they described as ''export-crippled,'' and providing additional software that can be downloaded from the Internet and installed on top of U.S. browsers to convert them to 128-bits. The combination of U.S. browsers, which are out there in numbers approaching 40 or 50 million, all of which areor at least the most recent versions of which are fully enabled for security, together with secure servers supplied by companies like Siemens and Apache, will make encryption for communication purposes fully ubiquitous throughout the world.
The idea that until this complex and costly key management infrastructure is developed encryption won't be used is simply false, and I would echo the comments of Ms. Katz and Mr. Seybold that a key management infrastructure of that size and complexity is not needed for purposes of trust. Trust is always relative to the need for which you have to identify someone. A credit card is perfectly adequate trust for commercial transactions. If I'm betting my company, I already have a relationship with another business. I don't identify them over the Net; I already know them, and we can exchange our keys as needed. White pages may be sufficient for sending E-mail to someone whom I don't know previously, just as it's sufficient for calling someone on the telephone. I don't have absolute certainty that when I look up someone's name in the white pages that they are who is listed in that book, and I don't need absolute certainty anymore in that circumstance than I do on the Web just to send E-mail.
Mr. GOODLATTE. Thank you.
Page 144 PREV PAGE TOP OF DOC Mr. Seybold.
Mr. SEYBOLD. Yes, I think that the real issue here is nothing to do with key management infrastructure. The real issue here is making encryption transparent to the user. Until now, encryption has been very, very difficult to use. That's been the barrier. All of that are changing that very rapidly, both here and overseas. The goal is to make it disappear into the infrastructure, so that users don't have to think about it; it's just there. And that's happening. If we don't provide it, the overseas companies will.
Mr. GOODLATTE. Ms. Katz.
Ms. KATZ. I would just add to that. I think the fact is correct that there has not been widespread use, but the reason that the Government has given is wrong. The reason is what Mr. Seybold just said: that the ability to use it easily is only now coming into the marketplace. His company didn't even exist six months ago, and now they're devoted to that. The rest of us are coming right along.
Mr. GOODLATTE. Thank you.
The Chair recognizes the gentlewoman from California.
Ms. LOFGREN. Thank you, Mr. Chairman.
All of us here in this hearingthe witnesses and the members of the committeeare obviously very interested in the issue of encryption. I think nearly all of the members of the subcommittee are cosponsors of this bill, and I think we're, to some extent, talking the same language for the same reasons.
Page 145 PREV PAGE TOP OF DOC
But there are large numbers of Members of this body, of the Congress, and really of the American public, who have no idea what you're talking about, what this is. And I'm wondering if you, Mr. Seybold, could just describe for the layperson how does encryption work?
Mr. SEYBOLD. In 25 words or less? [Laughter.]
Ms. LOFGREN. In 25 words or less. I have to tell you that I was the proud recipient, along with other panelists at the Stanford Conference on Encryption last year, of ''Applied Cryptography,'' and although I'm not a technical person, I did have the opportunity to read it. But that is probably more advanced than the average American wants to hear in terms of cryptography.
Mr. SEYBOLD. I think that most people have a sort of inherent understanding of how cryptography works because as kids we experimented with secret codes and things of this sort. I mean, basically, the objective is to scramble data so that someone else can't read it.
The thing that keeps circling around here is really not the encryption so much; it is the key by which you can encrypt and decrypt the information. And the key breakthrough in the technology that all of us are depending on here was work that was done originally at Stanford. Originally, until a decade or so, when you encrypted something, you had to then give someone else the key by which you encrypted it, so they could decrypt it, and that was always the weak linkis how you passed the key around. The breakthrough with public key encryption has been the ability to encode something with one key, a public key, and to decode with a matching private key. So that I can publish my public key, and you can encrypt to that, but only the private key that matches that will decrypt that, and that's the key which I hold. And that's the technology that makes all this possible.
Page 146 PREV PAGE TOP OF DOC
So when we talk about key escrow and key recovery, and so forth, what we're talking about is access to that private key that decrypts the information that has been encrypted by any one of a number of different people, and that's the key thing we're talking about herewho has access to that? And our contention, basically, is, if this is my key, I should control who has access to this.
Ms. LOFGREN. Ms. Katz, I think it might be also instructive for people who are watching this on CSPAN and the like, and other Members, for you to explain how encryption works. For example, Phil Zimmermann designed PGP and it's posted on the Internet, where people can get it through Netscape's wonderful software. How does that actually work? If you're on the Net and you go to that site, explain to the user what is happening there.
Ms. KATZ. OK, I'll start with my very simplistic explanation of encryption, and with apologies to the technologically more sophisticated folks. Encryption is nothing more than a string of randomly-generated 1's and 0's. And the purpose of encryption is to put a wrapper around what would otherwise be a very transparent communication. So the analogy I like to use is encryption is the envelope that goes around the postcard. Right now, without encryption, when you send something over the Internet, it's as if you were sending a postcard through the mail. Anyone who processes that postcard, who delivers the mail, can read the postcard. Encryption just puts those 1's and 0's around that, simplistically, so that they can't be read. The key is then the little mechanism that opens up that string of 1's and 0's. And, again, very simplistically, when we talk about strong encryption versus weak encryption, we're just talking about the length of 1's and 0's, how complicated that package, that envelope is.
Page 147 PREV PAGE TOP OF DOC Ms. LOFGREN. And so the 40-bit, the 56-bit, and the triple DES classifications all have to do with how many and how long that string can be?
Ms. KATZ. That's right, and it's not as simple as 56 being 16 more than 40. There are exponential numbers here. But, very simplistically, it's nothing more than randomly-generated numbers that serve the sole function of putting the envelope around the postcard, and then the key is what unlocks that string of numbers.
Ms. LOFGREN. OK, so going to my second question
Ms. KATZ. As to your second question, we actually do not post on the Internet the secret sauce, but the secret sauce is available by publication. In other words, there's nothing that precludes the printed explanation of what that is from being exported. What we are forbidden from doing is exporting the electronic version of what we can put in black and white on paper.
Ms. LOFGREN. Right, and that's really the encryption book, the ''Applied Cryptography'' issue. You can send the book out, but you can't send the disk out.
Ms. KATZ. Exactly, and it's one of the reasons that when the courts have looked at this issue, they have questioned the whole issue from a first amendment standpoint.
And then the only other thing I would say is that we can't even talk to people, even foreign governments, outside the United States about what encryption is without getting permission from the Commerce Department now.
Page 148 PREV PAGE TOP OF DOC Ms. LOFGREN. Mr. Seybold.
Mr. SEYBOLD. I think I'd like to pick up and make one point here that I think may not be widely understood. How do you trust something that's encrypted? How do you entrust an encryption method? This is pretty arcane technology. And the reason and the way you trust it is that it gets published. It gets published so that graduate students all around the world can try to break it. If they try to break it, and they try over and over again and they fail, then you've got some confidence that a lot of bright people tried to break this thing and they haven't succeeded. You can only know that if you publish it. If you publish it, it becomes public information.
We have learned time and time again, if you don't publish stuff, if you hold it secret and say, ''This is my private algorithm. I won't tell you what it is,'' that people break those because they have not been subjected to the same kind of public scrutiny that something that's published is. So the nature of this is that you have to publish it for it really to be trusted.
Mr. RUBINSTEIN. If I might add one point to that, I think the Internet has really changed permanently the nature of the export problem in a particular way that goes to Mr. Seybold's point about publishing. Internet security protocols are published standards. That is why a Siemens or any foreign vendor is able to take three elements and produce a product that is competitive with U.S. products and fully interoperative with products worldwide.
First of all, they need the encryption algorithms, and these are in the public domain. Second of all, they need access to the standards, and these are published. Third, they need the skill to implement those standards, and that skill is by no means limited to U.S. software developers. But taking those elements together, companies are now able to produce from anywhere in the world products that fully interoperate with all other products, and it's simply not necessary to acquire them from a U.S. vendor. So if we're not in a position to compete on a level playing field, customers will go to those foreign vendors.
Page 149 PREV PAGE TOP OF DOC
Ms. LOFGREN. Now let me just ask a followup question for any of the technical people who feel they can shed light on it. I have heard from time to time defenders of the current American policy suggest that the level of sophistication required to actually produce good cryptography is very high, and, therefore, a country that is perhaps not considered a highly-developed countryfor example, with the infrastructure of the United Statescould never really be a competitor or pose a threat. Do you agree with that? And if not, why not? What is required to develop a product that would compete effectively in the crypto area?
Mr. SEYBOLD. Let's bear in mind now that there are two levels to this. One is the pure cryptography, the mathematics of inventing the cryptographic algorithms, and there are a modest number of people around the world who are good at doing this, and they're very good at doing this, and they're not just U.S. citizens. They're from all over the world. And, in fact, the PGP mail product, the bulk cipher program that PGP uses to actually encrypt the text comes from Switzerland; it doesn't come from the U.S. But most of the stuff is in the public domain because most of the stuff is published.
Ms. LOFGREN. So, to summarize, first, you need good mathematicians.
Mr. SEYBOLD. Right.
Ms. LOFGREN. And the United States doesn't have all the good mathematicians in the world.
Mr. SEYBOLD. Right, but that's not the secret, because that's generally available. There's a library of these things you can pick from. The secret is picking from these libraries and packaging things together in a fashion that works seamlessly as far as the user is concerned. That's good application software, to know what you're doing. There are good application software developers all over the world. There are good application software developers in Europe, in India, in Russia, in Israel, in South Africa. I mean, these are just bright people who know what they're doing. We don't have any monopoly on that in this country.
Page 150 PREV PAGE TOP OF DOC
Ms. KATZ. And I would just add that a lot of the cryptographers in American companies are actually foreign-born.
Ms. LOFGREN. I am well aware of that coming from Silicon Valley, and we are so lucky that there are so many smart from all over the world who want to come and be Americans and enrich our country.
Mr. RUBINSTEIN. I would also add, very quickly, that that argument cuts two ways because U.S. export controls also prevent companies from selling products that have an interface that would allow a foreign vendor to plug-in foreign crypto, and if foreign crypto is so weak, then why do we have these restrictions on interfaces?
Ms. LOFGREN. I think I'll stop my questioning, Mr. Chairman, because the bells have rung, but I think this has been helpful for those are just becoming introduced to this subject matter. Thank you.
Mr. GOODLATTE. I thank the gentlewoman.
Have her questions prompted any questions from the gentleman from Massachusetts?
Mr. DELAHUNT. No, Mr. Chairman.
Mr. GOODLATTE. Thank you. I have a couple more quick questions.
Page 151 PREV PAGE TOP OF DOC Mr. Rubinstein, I have heard many people argue that those of us who seek to solve the current encryption problem must choose between industry's needs and law enforcement's needs. Do you agree with that dichotomy?
Mr. RUBINSTEIN. No, I don't agree with that at all. I think that industry is in a position to assist law enforcement and national security in achieving their objectives because we are able to sell U.S. products in mass volume. If we're cut off from foreign markets or if we're forced to endure delays while this KMI plan takes place over the next few years, I think we'll lose this opportunity to support those objectives.
Mr. GOODLATTE. Thank you.
And, Mr. Morehouse, you've already elaborated on this, but I want to again commend you for coming in and for your testimony, because of all the organizations represented here today, you seem to gain the most from a Government-imposed mandatory key escrow, key recovery system, and, yet, you are opposed to that attempt by the Government to mandate such a system. So I commend you for your principled stand. I don't know if you want to add anything to that.
Mr. MOREHOUSE. We talked about this last night. We think if this was in the early 1900's, and Henry Ford, Mr. Stutz, and Mr. Mercedes were having a talk about their new fast cars that could go 60 or 70 miles an hour and upset the horses and buggies, the horse-drawn buggies, we don't think they'd be talking about whether we should have a speed limit. But we're here today talking about the speed limit, even though the engine hasn't been made or is just being made. We think that you have the right operation to come up with speed limits, but we don't think you have to impose them before we've designed the car.
Page 152 PREV PAGE TOP OF DOC
Mr. GOODLATTE. Thank you. Well, we want to thank all of you for your participation.
Mrs. SCHLAFLY. Mr. Chairman, I would like to comment on your point: Is this a conflict between industry needs and law enforcement? I'm here to speak for individual privacy and individual first amendment rights, and I think they're just as important and are sometimes overlooked.
Mr. GOODLATTE. I think you're absolutely right. In fact, I think this is a threefold issue. It is industry and the jobs related to that. It is privacy, and it is anticrime itself. Encryption fights crime. It prevents crime, just as much as it could be abused by criminals, and we need to be concerned about that.
I want to thank all of you for your participation. Ms. Katz, we will make your metaphor a part of our collection as well. The key is now the secret sauce. We like that. And, again, thank you all for your participation.
We do have a series of votes coming up. So we'll stand in recess until 12:45, and then take up our last panel at that time.
[Whereupon, at 12:08 p.m., the subcommittee recessed to reconvene at 12:57 p.m., the same day.]
Page 153 PREV PAGE TOP OF DOC[AFTERNOON SESSION]
Mr. GOODLATTE. The committee will come back to order.
Our final panel consists of four witnesses who have various ideological perspectives on the encryption debate. Since the first is not here, he'll be fourth.
Mr. Phil Karn, staff engineer with Qualcomm, Inc., is a graduate of Cornell University and Carnegie Mellon University. Before coming to Qualcomm in 1991, Mr. Karn worked with Bell Communications Research and Bell Telephone Laboratories. He is the primary architect of the CDMA Internet Packet Data Service recently announced by Qualcomm. In addition, he is the plaintiff in one of the leading cases challenging the administration's policy on encryption.
Our second witness is Mr. Marc Rotenberg, director of the Electronic Privacy Information Center. Mr. Rotenberg is a graduate of Harvard College and Stanford Law School. Mr. Rotenberg has been active on many privacy issues, having served on numerous national and international advisory panels. Most recently, he served on the Expert Panel on Cryptography Policy for the OECD.
Our third witness is Mr. Jerry Berman, executive director of the Center for Democracy and Technology. Mr. Berman holds three degrees from the University of California. For many years, he served as the chief legislative counsel of the American Civil Liberties Union, working on a number of laws that relate to privacy rights. In 1994, he founded the Center for Democracy and Technology, and since then, he has been its executive director.
Page 154 PREV PAGE TOP OF DOC Our final witness is Mr. Grover Norquist, the president of Americans for Tax Reform. Mr. Norquist holds both a bachelor's and master's degree from Harvard University. In addition to his duties at Americans for Tax Reform, Mr. Norquist also serves on the National Commission on Restructuring the Internal Revenue Service, and he writes the monthly column ''Politics'' for the American Spectator magazine.
Gentlemen, you all are welcome. We're glad to have you with us. Your full statements will be made a part of the record, and we would like to begin with Mr. Karn.
STATEMENT OF PHILIP R. KARN, JR., STAFF ENGINEER, QUALCOMM, INC.
Mr. KARN. Thank you, Mr. Chairman, and good afternoon. Thank you very much for this invitation. This is the second time I've had a chance to testify to Congress to put some common sense into our crypto export policy.
I am a staff engineer with Qualcomm, Inc., in San Diego. We develop and manufacture digital cellular telephone systems, and in the last 10 years or so I've also been very heavily involved in the development of the technology of the Internet. And I have seen firsthand in both of those worlds the drastic effect that outmoded export controls have on the security, integrity, and competitiveness of these technologies.
Encryption is only one of many elements of network computer security, but it is a vital one. Strong, modern encryption algorithms have been published worldwide since the 1970's. Where we're behind is in their application to real systems to protect the public, and the main reason for this is, of course, export controls.
Page 155 PREV PAGE TOP OF DOC
If you ask the administration why their rules exist, they'll say, if they say anything at all, ''Well, that's classified, but if we could tell you what we know, you would agree with us.'' That's what they'll say.
Three years ago this book came out. It's a book by Bruce Schneier titled ''Applied Cryptography.'' This is the first edition, and Mr. Schneier has contributed a dozen copies of the second edition for the members of the committee. I highly recommend the book. I have no connection with the author, no financial interest. I think it's just a very good reference on this subject.
The back of this book contains extensive listings of source code software for very strong encryption algorithms. My understanding of the export laws when this book came out made this book a weapon, a munition, under the U.S. export laws. So I asked the State Department, ''Is it OK for me to export this book? Is this a book for export or is it a munition?'' They responded by saying that, because the item was in the public domain, it was OK to export it. But they went out of their way to say that any source code diskettes would not be; they would have to be separately handled.
So I wrote them again. This was in early 1994. I said, ''How about a floppy disk containing exactly the same source code, line by line, character by character, that's in the back of this book?'' Incredibly, they came back and said that this floppy disk is a munition; this is a weapon. Somehow I was able to smuggle this in through the security out front; I felt a little nervous doing it, you know, carrying a ''dangerous weapon'' into Congress here, but somehow they consider this thing to be a weapon. And they have stuck by that determination ever since.
Page 156 PREV PAGE TOP OF DOC So if it's on paper, it's OK; if it's on a floppy disk, it's not. Apparently, they must believe that only Americans know how to type. Of course, not that anyone would really have to; this exact same code has been on the Internet for years, and the Government is well aware of that fact. Nevertheless, they maintain that this is a controlled item.
Now I ask you, What could they possibly know that could justify a position like this? I have been unsuccessful so far in getting relief either through the executive branch or in the courts, and now, in fact, the administration claims in their most recent rules that they could ban even the export of books like ''Applied Cryptography'' and other journal papers that have source code listings. They just choose not to do so, but they insist that they have the authority to do so. And they maintain that no one, no one outside the executive branch, not the courts, not Congress, and certainly not a private citizen like myself, has the wisdom or the knowledge to challenge such a policy.
The chilling effect of export controls extends deep into the cellular industry. Instead of using widely available and trusted ciphers like those documented in ''Applied Cryptography,'' the export concerns prompted the U.S. cellular industry to adopt dumbed-down ciphers for the new generation of digital cell phones that are now being deployed. And now it seems that these ciphers are even weaker than we thought.
In my written testimony is an abstract of a new paper being released today by David Wagner, a grad student at the University of California at Berkeley, Bruce Schneier the author of ''Applied Cryptography,'' and his associate Kelsey, describing how to break the cellular message encryption algorithm in only minutes to hours on a single computer. I want to point out that digital cell phones are still much harder to intercept than the existing analog phones, but they are not nearly as secure as they could have been or as we thought they were. So we really missed an opportunity on this one.
Page 157 PREV PAGE TOP OF DOC
I'm personally convinced it's only a matter of time before the criminals break the new digital systems, and that didn't have to happen. To be fair, some industry politics and public apathy were also factors here, but I'm personally convinced export controls were the major factor in the dumbing-down of these algorithms.
And I would also like to include in the record the complete copy of the final paper when I get it.
[The information follows:]
INSERT OFFSET RING FOLIOS 19 TO 27 HERE
Mr. KARN. I've included in my written testimony further information on my case and on the widespread availability of encryption software on the Internet, and of course I'm happy to answer any questions you may have. Thank you.
[The prepared statement of Mr. Karn follows:]
PREPARED STATEMENT OF PHILIP R. KARN, JR., STAFF ENGINEER, QUALCOMM, INC.
Dear Mr. Chairman, thank you for the opportunity to appear before your Committee in support of H.R. 695, the Security and Freedom through Encryption (SAFE) Act. I am pleased to submit this written testimony with additional details about my case and pointers to more information on encryption, its worldwide availability, and the effects that the current export control regime have on the security and privacy of US citizens. This document is available on the Internet as http://www.qualcomm.com/people/pkarn/export/housewritten.html.
Page 158 PREV PAGE TOP OF DOC In that form it contains many links to related information on the Internet.
I maintain a comprehensive Internet archive of the Applied Cryptography case, including all my correspondence with the State Department and the briefs of both sides in our lawsuit. The URL is http://www.qualcomm.com/people/pkarn/exportl.
THE ''APPLIED CRYPTOGRAPHY'' CASE
The book Applied Cryptography by Bruce Schneier that is the subject of my case was first published in early 1994. Mr. Schneier estimates that the first edition sold 30,800 copies. The second edition, published in 1996, has sold 34,300 copies in the US. Another 15% have been sold internationally; there are translations into French (3,000 copies), German (2,000) and Polish. It is now being translated into Japanese and Spanish.
Mr. Schneier's publisher, John Wiley and Sons, has kindly contributed a dozen copies of his book to the Committee. I consider it an excellent reference on modern cryptography and I hope the Members and their staffs will find it useful in understanding the subject. I should state that I have no connection to Mr. Schneier other than as a satisfied reader. Although I did contribute minor material to the book, I have no financial interest in its sales.
Applied Cryptography is a comprehensive book, but it is by no means unique in having source code listings of strong encryption algorithms (ciphers). Many other textbooks on cryptography describe ciphers such as the US Data Encryption Standard (DES) in complete detail, and some include source code. Computer magazines with worldwide circulation such as Byte and Dr. Dobbs Journal (DDJ) have featured source code listings of ciphers such as DES, IDEA (used in Pretty Good Privacy) and the like. DDJ specializes in articles for programmers that contain source code; Mr. Schneier is a frequent contributor to that magazine. They have long made all of their source code listings available on CDROM and over the Internet.
Computer books and magazines frequently print source code to illuminate the discussion of an algorithm in the accompanying text. The English language, or any natural language for that matter, is notoriously ill-suited to describe computer algorithms. Computer programming languages are designed not only for compilation by a computer into machine code for eventual execution, but also to communicate an algorithm in a concise, unambiguous way to a skilled human reader. As the preface to a computer science textbook stated:
Page 159 PREV PAGE TOP OF DOC
Our design of this introductory computer-science subject reflects two major concerns. First, we want to establish the idea that a computer language is not just a way of getting a computer to perform operations but rather that it is a novel formal medium for expressing ideas about methodology. Thus, programs must be written for people to read, and only incidentally for machines to execute. (H. Abelson and G. Sussman, Structure and Interpretation of Computer Programs, MIT Press 1985.)
The source code in Applied Cryptography follows that philosophy. In a ruling in the related case of Bernstein vs. Department of State US District Judge Marilyn Hall Patel specifically held that source code is protected speech under the First Amendment:
Defendants appear to insist that the higher the utility value of speech the less like speech it is. An extension of that argument assumes that once language allows one to actually do something, like play music or make lasagne, the language is no longer speech. The logic of this proposition is dubious at best. Its support in First Amendment law is nonexistent.
For the purposes of First Amendment analysis, this court finds that source code is speech. (Opinion, Docket C950582 MHP, April 15, 1996).
Yet the government totally ignored this and Judge Patel's subsequent ruling on December 6, 1996 holding that the 1TAR as applied to encryption source code was a violation of the First Amendment. They continue to treat this information as a dangerous weapon. Indeed, on December 30, 1996 they dug their heels in deeper:
A printed book or other printed material setting forth encryption source code is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, notwithstanding Sec. 734.3(b)(2), encryption source code in electronic form or media (e.g., computer diskette or CD ROM) remains subject to the EAR (see Sec. 734.3(b)(3)). The administration continues to review whether and to what extent scannable encryption source or object code in printed form should be subject to the EAR and reserves the option to impose export controls on such software for national security and foreign policy reasons. (Department of Commerce, Bureau of Export Regulation, Encryption Items Transferred From the U.S. Munitions List to the Commerce Control List, Federal Register, December 30, 1996, pp. 6857268587).
Page 160 PREV PAGE TOP OF DOC This is from an ''interim rule'' transferring jurisdiction over civilian encryption items from the International Traffic in Arms Regulations (ITARs) administered by the State Department to the Commerce Control List (CCL) administered by the Bureau of Export Administration (BXA) in the Commerce Department. The new rules provide no substantive relief over the old rules. Indeed it is hard to understand why the Administration went to the trouble of making the change except as a cynical attempt to ''respond'' to the sustained public protests against US encryption policy by injecting further uncertainty and confusion. Perhaps they just got tired of us holding up our floppy disks and proclaiming that the US Government considers them ''munitions.'' Now they're merely ''encryption items,'' but I could still go to jail for exporting one.
One effect of the transfer was an additional delay in processing licensing applications. Our export department at Qualcomm reports that one license application had been pending at State for 42 days when the new rules were issued. State then returned the application without action. It took another 42 days to finally obtain approval from Commerce. Our export administrator does report that the paperwork requirements with Commerce are somewhat less onerous than with State.
The lengths to which the government appears willing to go to suppress readily available cryptographic software are truly remarkable. Indeed, it seems to be an even bigger threat than nuclear weapons information. Consider the 1979 case of US vs. The Progressive, where the government tried to suppress an article on the principles of nuclear weapons based wholly on public information. The government predicted all sorts of dire consequences should this information be published. But the article appeared anyway in the US press. Once this happened, the government dropped its case. It did not then try to stop it at the borders because that was obviously impossible, even without a global Internet. Yet that is precisely what they are trying to do with encryption software. As the Los Angeles Times said recently in an editorial, the encryption horse has not only left the barn, it has been on a worldwide tour.
Page 161 PREV PAGE TOP OF DOCTHE AVAILABILITY OF ENCRYPTION SOFTWARE ON THE INTERNET
The Applied Cryptography source code is readily available on the Internet from a site in Italy (ftp://idea.dsi.unimi.it//pub/security/crypt/applied-crypto/). Countless other Internet sites around the world also have encryption software. Some are subroutine libraries like those in Applied Cryptography that are only of use to programmers who can incorporate them into complete applications.
Others packages are complete applications that can be installed and run by the end user. The well-known Pretty Good Privacy (PGP) package is only one example. Another more recent package with which I am familiar is the Secure Shell (SSH) by Tatu Ylonen of Finland. While PGP is primarily suited to electronic mail, SSH provides highly secure remote access, file transfer and command execution between Unix, Windows-95 and Macintosh operating systems. SSH provides a choice of strong ciphers, including ''triple DES.'' Several years ago, the American National Standards Institute (ANSI) standardized triple DES at the request of the banking industryover the strenuous objections of the National Security Agency. Needless to say, SSH does not provide key escrow.
Mr. Ylonen has made the full source code of his software freely available on the Internet where in just two years it has become a de-facto standard. This shows how the foreign competition to the US software industry is not limited to large companies. One suitably motivated and talented individual, living in a country without export controls, can produce strong, unescrowed encryption software and have it rapidly adopted by the Internet community. Because Mr. Ylonen has encouraged free copying of his software he does not know precisely how many use it. He estimates that several tens of thousands of organizations and hundreds of thousands of individualsperhaps as many as a millionuse SSH.
THE EFFECT OF EXPORT CONTROLS ON CELLULAR TELEPHONY
Page 162 PREV PAGE TOP OF DOC As I stated in my prepared remarks, export controls on cryptography have prevented the use of strong, well-studied ciphers in the new crop of digital cellular telephone systems now being deployed in the US. The industry has instead pursued weak ciphers that can pass export muster. At first the industry tried to keep their designs confidential, out of concerns over export law and also to hide their weaknesses.
Now it turns out that these weaknesses are even worse than was thought. The new paper Cryptanalysis of the Cellular Message Encryption Algorithm by David Wagner, a graduate student at the University of California, Berkeley, and Bruce Schneier and John Kelsey of Counterpane Systems describes how to break this cipher:
This paper analyzes the Telecommunications Industry Association's Cellular Message Encryption Algorithm (CMEA), which is used for confidentiality of the control channel in the most recent American digital cellular telephony systems. We describe an attack on CMEA which requires 4080 known plaintexts, has time complexity about 224232, and finishes in minutes or hours of computation on a standard workstation. This demonstrates that CMEA is deeply flawed.
The paper concludes as follows:
Our cryptanalysts of CMEA underscores the need for an open cryptographic review process. Betting on new algorithms is always dangerous, and closed-door design and proprietary standards are not conducive to the best odds.
The attack described in this paper is practical, and can be used against existing cellphones that use CMEA for security. CMEA is deeply flawed, and should be carefully reconsidered.
Page 163 PREV PAGE TOP OF DOC
Again, the closed-door design process was largely the result of concerns over export controls. The industry was concerned that even publishing their ciphers for review might violate the law. This deprived them of the benefits of free and open scientific inquiry.
I wish to emphasize that the new digital cellular systems are still much harder to intercept than the sting analog (AMPS) systems like that used by Speaker Gingrich in his now-famous phone call. But they are not nearly as secure as they could have been. While industry politics and public apathy were also to blame, export controls were clearly the major culprit.
COMMENTS ON THE PROPOSED LEGISLATION
The proposed legislation, H.R. 695, the Security and Freedom through Encryption (SAFE) Act, is a big step toward restoring common sense and reason to our encryption policy. I am especially gratified that it would completely deregulate the export of publicly available encryption software such as the Applied Cryptography code so that it can be used as easily by the ''good guys'' as well as the bad guys who already have it.
My main concern with the legislation as written deals with the provisions that allow the Secretary of Commerce to determine whether there is ''substantial evidence'' that encryption software will be diverted to terrorist or hostile military use, or whether ''comparable'' cryptographic hardware is available from foreign suppliers. Past experience with the existing export laws shows that such provisions are ripe for abuse by the Executive branch. They should be backed up with explicit provisions for judicial review, and the full provisions of the Administrative Procedures Act (APA) should apply.
I am also concerned with the provisions that would create a new federal crime of using encryption in the commission of a crime. This may well have the effect of making a federal case out of even a minor criminal offense because of the incidental use of a device that happens to include encryption-like functions, such as a digital cordless phone. I believe this provision, if it is retained at all, should be more carefully tailored to the deliberate use of encryption to substantially impair the investigation of a major federal crime. The states would still be free to establish similar statutes for state offenses.
Page 164 PREV PAGE TOP OF DOC
Dear Mr. Chairman, I offer these supplemental remarks for the record following my appearance before your committee on March 20, 1997 in support of H.R. 695, the Security and Freedom through Encryption (SAFE) Act.
I would like to respond to the Government witnesses on the first panel. Their testimony included numerous inaccurate and/or misleading statements. I have heard and rebutted many of these claims in my court case, and I would like to do the same in this forum.
CONTRARY TO THE GOVERNMENT'S CLAIMS, A THRIVING CIVILIAN KEY MANAGEMENT INFRASTRUCTURE ALREADY EXISTS
The government witnesses go on at great length about the need for what they call a ''key management infrastructure'' (KMI) to authenticate public encryption keys. See, for example, pages 37 of Mr. Crowell's written statement.
This much is true. But on page 7 Mr. Crowell claims, incredibly,
An encryption support infrastructure does not exist today, other than in the KMI used by the Defense Department and other specialized areas....
See also Mr. Litt's statement on page 13:
... there is not yet an infrastructure to support the distribution of keys among users ... Such an infrastructure will have to be created ....
These statements are simply false. It is particularly difficult to understand how Mr. Crowell, whose agency's mission certainly includes staying abreast of civilian developments in cryptography, could be so misinformed.
Page 165 PREV PAGE TOP OF DOC The civilian crypto community is well aware of the need to authenticate public keys. The basic principles are documented at length in Applied Cryptography. Much of the code in a typical encryption software package (e.g., Pretty Good Privacy, PGP) is devoted to this one issue. And a viable and rapidly growing commercial Key Management Infrastructure now exists. Two complementary KMIs, in fact: the hierarchical KMI used for secure World Wide Web transactions, among other things, and the distributed ''KMI'' introduced by PGP. Each has its advantages.
The government may quibble that these KMIs don't ''count'' because they don't meet their precise definition of a KMI. For example, contrary to the second item of the list on page 5 of Mr. Crowell's statement, a KMI need not (and should not) generate or store user private keys. Such practices constitute an unnecessary security risk. Key pairs are best generated by the end user's device, and only the public component of the key pair need ever leave the device.
If the DoD's KMIs for classified information do generate and store all their private keys in a central location where they can be stolen en masse by some future Aldrich Ames, then I submit that Mr. Crowell's agency is seriously remiss in its duty to provide the best possible protection for secret US Government data. Also keep in mind that several spy scandals, such as the Walker/Whitworth case of the mid 1980s, involved the compromise of cryptographic keys for remarkably small sums.
True, Mr. Crowell did not actually say that the DoD KMI he mentions is used to secure classified data, though he might have meant us to make that inference. Indeed, other NSA employees have reportedly said that key recovery is not incorporated into encryption systems approved for classified data ''because of the obvious risks.'' Such statements speak volumes about the government's sincerity in supporting strong encryption for the law-abiding.
What counts about the civilian KMIs is that individuals and commercial entities do trust them for sensitive communications and commerce. For the government to say otherwise, to imply that only they have the expertise to make encryption safe for commerce, and to imply that a KMI must also generate and escrow secret keys so that public keys can be trustworthy, seems like a deliberate and cynical attempt to mislead Congress.
Page 166 PREV PAGE TOP OF DOC For example, several banks already rely on the encryption in web browsers such as Netscape Navigator and Microsoft Internet Explorer to protect transactions with their customers. Each bank has a public key certified by a ''certificate authority'' (CA) that attests to its authenticity. When the customer connects to the bank's web site, the user's web browser automatically verifies the bank's certificate. The customer can then conduct business knowing that he or she is actually talking to the bank's computer and not to some hacker's computer impersonating the bank.
The CAs follow strict safeguards including secured rooms and tamper-resistant hardware. There are already ten commercial CAs listed in the Security Options page of the Netscape Navigator browser. Some are established companies, such as BBN, AT&T, GTE and MCI; others, such as Verisign, are small entities that specialize in this service. One is even a governmental entity: the United States Postal Service.
Internet banks include Bank of America and Wells Fargo. The latter even lets customers write checks to arbitrary recipients, provided that the customer use the non-exportable (strong encryption) version of Netscape Navigator for this particularly sensitive function. Clearly they have more trust in this ''nonexistent'' KMI than in the strongest encryption software the government will allow to be exported.
The other type of KMI is the distributed scheme embodied in PGP, where there are no formal CAs. Everyone can sign a key, but no one is required to honor the signature. One may trust only those keys he or she has personally signed, or one may also rely on signatures made by other persons whose competence and integrity in key signing he trusts. The important thing is that the user sets his own policy on key acceptance, while in the hierarchical scheme everyone is forced to trust the CA.
PGP ''key signing parties'' are now common at large physical gatherings of Internet users. Each attendee identifies him or herself to the others' satisfaction, usually by exchanging drivers licenses, passports and personal introductions. The attendee then reads his or her public key (actually a ''fingerprint'' of this key) so that the others may verify its correctness and later sign that particular key.
Page 167 PREV PAGE TOP OF DOCCONTRARY TO THE GOVERNMENT'S CLAIMS, SOFTWARE ON THE INTERNET IS NOT INHERENTLY UNTRUSTWORTHY
This specious claim has been made in my case against the State Department. Mr. Litt makes it again on page 13 of his statement:
Finally, the vast majority of businesses and individuals with a serious need for strong encryption do not and will not rely on encryption downloaded from the Internet from untested sources, but prefer to deal with known and reliable suppliers.
Mr. Litt is apparently unaware that Internet downloading is already the preferred way to obtain PGP, SSH, Netscape Navigator and other popular encryption software packages.
Aside from this fact, his argument does not withstand scrutiny for two reasons:
First, much encryption software is posted to the Internet in source code form. It can be verified by anyone who cares to read it. For example, the source code to Applied Cryptography on the Internet site in Italy can be visually compared against the listings printed in the book. The same is true for the PGP source, which has also been published in book form.
The user can write a test program to compare the results of encrypting a given ''test vector'' with a result known in advance, and so forth. Even if most users lack the skill or the time to perform these tests themselves, experience shows that if a problem exists in a widely used piece of software, sooner or later someone will discover it and announce it widely on the Internet.
Open publication of encryption software not only makes it very difficult to conceal a deliberate flaw, it also facilitates the discovery of accidental flaws. The flaws in the Cellular Message Encryption Algorithm that were described by Wagner et al certainly would have come to light sooner had it been openly published on the Internet. Clearly the cellular industry didn't do very well by relying on a ''known and reliable supplier'' that wasn't willing to openly publish its work.
Page 168 PREV PAGE TOP OF DOC Security flaws in software available on the Internet are often discovered by the public even when the relevant source code is not generally available. The best examples are the various security-related Web browser bugs that are occasionally discovered and announced, usually by college students. In these cases the discoverers were not deterred by having to reverse engineer enough of the program to detect the flaw.
Second, it is already common practice to cryptographically ''sign'' software distributions on the Internet to guard against malicious creation and/or modification. PGP is widely used for this purpose, not only for cryptographic software such as SSH (from Finland) and PGP itself, but for other software such as operating system patches and updates, particularly those with security implications. While this practice does not guarantee that the software is completely secure, it does eliminate an entire class of potential attacks.
While no one can ever say that a particular piece of software is absolutely secure just as no one can say with certainty that it has no bugs, open publication and cryptographic authentication have made the distribution of software on the Internet in practice no more risky than its distribution by other means, such as floppy disks in retail stores (which are also not invulnerable to tampering.)
LAW ENFORCEMENT HAS MANY ALTERNATIVES
The government would have us believe that strong encryption will completely thwart the prosecution of many serious crimes. When pressed, they will cite a few anecdotes. For example, on page 4 of his statement Mr. Litt mentions the Aldrich Ames and Ramzi Yousef cases, asserting that both subjects used encryption to hide evidence of their crimes. He didn't say that both were easily convicted on the basis of other overwhelming evidence. Indeed, Mr. Ames pleaded guilty.
Mr. Ames' case is especially illustrative, as much of the evidence against him apparently came from microphones physically planted in his house that picked up many incriminating telephone conversations. Even if Mr. Ames had been using an unbreakable encrypting telephone for these conversations the bugs would have heard his side of the conversation just fine.
Page 169 PREV PAGE TOP OF DOC One would not know it from Mr. Litt's dire warnings, but wiretaps are not their sole investigative tool. The alternatives include audio bugs (as in the Ames case), visual surveillance, undercover infiltration, informants (''moles''), testimony of collaborators compelled through grants of immunity, information from cooperating witnesses and institutions (e.g., bank records), physical and forensic evidence, and the like. Strong encryption has no effect whatsoever on these methods. In fact, its widespread use could actually enhance them, e.g., by allowing an undercover officer or informant to communicate securely with law enforcement without raising the suspicions of the subjects of the investigation.
Perhaps they do not discuss these alternatives out of fear of compromising their effectiveness. Personally, I think they simply don't want to say anything that might weaken their argument.
Mr. Litt's citation on page 5 of a computer hacker who used encryption is particularly vexing. While encryption is only one tool for keeping hackers out of computers, it is a vital one. It is ironic that he would complain about a hacker using encryption to hide the evidence of his exploits while supporting export controls that limit our ability to stop these attacks in the first place.
THE FOURTH AMENDMENT DOES NOT ''GUARANTEE'' GOVERNMENT ACCESS
The government would have us believe that the Fourth Amendment to the Constitution somehow entitles them to a successful search. Nothing could be further from the truth.
This is a classic example of the danger Alexander Hamilton warned us about in Federalist No. 84:
I go further, and affirm that bills of rights, in the sense and to the extent in which they are contended for, are not only unnecessary in the proposed Constitution, but would even be dangerous. They would contain various exceptions to powers not granted; and, on this very account, would afford a colorable pretext to claim more than were granted. For why declare that things shall not be done which there is no power to do?
Page 170 PREV PAGE TOP OF DOC
This is precisely what has happened here. Over Hamilton's objections, the Bill of Rights was added to the Constitution solely to limit the power of government. Now the government perversely reads the Fourth Amendment as guaranteeing a successful search.
Indeed, if one also looks at the Fifth Amendment, the Founding Fathers were adamant that a suspect could not be compelled to give information that aids his own prosecution, no matter how useful that information may be. Yet that is precisely what the government wants through ''key recovery''they want everyone, by their Hobson's choice of a key recovery system, to aid in their possible prosecution at a future date. Perhaps even the government recognizes the clear Constitutional implications of this philosophy, which is why they have not yet dared to propose mandatory domestic key recovery.
Mr. GOODLATTE. Thank you, Mr. Karn.
Mr. Rotenberg. Am I pronouncing your name correctly?
STATEMENT OF MARC ROTENBERG, DIRECTOR, ELECTRONIC PRIVACY INFORMATION CENTER
Mr. ROTENBERG. Yes, Mr. Chairman. Thank you.
Mr. GOODLATTE. OK, thank you.
Mr. ROTENBERG. Thank you for the invitation to be here this morning.
Page 171 PREV PAGE TOP OF DOC Mr. GOODLATTE. You may want to turn on your microphone, the little switch at the bottom there.
Mr. ROTENBERG. I have four points to make. The first point is that the role of cryptography has fundamentally changed over the last 20 years. It has changed in terms of its public use, its commercial application, its critical role in the development of our information infrastructure, and it is the failure to understand this change that I think largely explains the administration's difficulty in coming to terms with the current reality. In fact, it could well be said that the administration's current export control policy is more virtual than reality.
As Phil Karn was giving testimony, I was linked to the Internet to a Web site in Norway, where I was able in the last few minutes to download a strong version of the PGP program. This is exactly the type of encryption that the administration is trying to control the use of through export control policy. Mr. Crowell said this morning in his testimony, ''If all the personal computers in the world were put to work on a single PGP-encrypted message, it will still take an estimated 12 million times the age of the universe to break just this one message.'' And I submit if that's the case and it is this easy to download such strong software, something about the current policy has to change.
My second point is that, indeed, the current policy is unworkable and impractical. Its impact on scientific development, on commercial application, on personal privacy has been extraordinary and the consequences severe.
But the two areas which I wish to focus on during my brief time this afternoon, where I think I can be of greatest assistance to the committee, concerns the current developments around the world, particularly in the policymaking process. Then if I may just say a few words about specific provisions of the SAFE Act.
Page 172 PREV PAGE TOP OF DOC
Now in the last few months you've heard many references to the positions of other governments on cryptography. I cannot speak to the availability of encryption in these other countries, but I can provide for the committee a firsthand account of how the Organization for Economic Cooperation and Development, the OECD, the one international organization that has truly studied and wrestled with these issues, resolved the claims of government for lawful access.
During the past year I attended the expert meetings of the OECD Panel on Cryptography Policy in Washington, in Paris, in Canberra. I participated in the development and drafting of the guidelines, and I can tell you, based on my firsthand participation of these guidelines, there is no consensus within the OECD to support the type of government access to private keys that the administration is now seeking. In fact, when the administration delegate specifically asked the OECD member countries whether they wished to endorse the key escrow concept, only one country, a country that currently has a legal regime requiring the creation of escrow agents, supported the motion. Every other country that spoke made clear its objection to the key escrow proposal. The OECD simply recognized that some governments may choose to promote lawful access, but beyond this acknowledgment, there was no support for the key escrow effort.
And I see my light has gone off. I would just like to say in my written testimony I raise some concerns about the proposal to criminalize the use of encryption. I hope you will have a chance to look at this. My primary concern is I actually believe that provision will undercut the other laudable provisions that are within the bill, and for this reason, I think it may be narrowed or taken out ofsome other course should be taken with that section.
Page 173 PREV PAGE TOP OF DOC
[The prepared statement of Mr. Rotenberg follows:]
PREPARED STATEMENT OF MARC ROTENBERG, DIRECTOR, ELECTRONIC PRIVACY INFORMATION CENTER
My name is Marc Rotenberg. I am director of the Electronic Privacy Information Center in Washington, DC. I recently served as the privacy expert for the Organization for Economic Cooperation and Development's panel on Cryptography Guidelines. I have also taught information privacy law at Georgetown University Law Center since 1991.
I am grateful for the opportunity to appear before the House Subcommittee today. I thank Representative Goodlatte and the other sponsors of the SAFE legislation for their willingness to tackle a complex but enormously important issue for users of the Internet both in the United States and around the world.
I. THE CHANGING ROLE OF CRYPTOGRAPHY
Across the Internet community, I believe that there is one message that users, experts, and associations wish to convey to this committee as it considers cryptography policy and that is that the current policy is in crisis and the time to for reform is now. Cryptographers from Whitfield Diffie to Bruce Schneier, Matt Blaze and Phil Zimmermann, associations such as the Internet Society and the Global Internet Liberty Campaign, and distinguished research groups such as the National Research Council have all said that the present attempt to control the development of cryptography by export control policy is mistaken and should end.
Page 174 PREV PAGE TOP OF DOC The reason is not hard to understand. The current system is a relic of a different era, a time when cryptography was controlled by the military and there was little practical commercial use and little public interest in the use of encryption. Our policies were developed in an era when encryption was largely the province of spies and soldiers. The policies of our government, which emphasized secrecy and control, were appropriate in their day. But the world has changed.
Today cryptography is used for everything from communication to commerce, from electronic publishing to new payment systems. It protects not only the confidentiality of communications, but also provides for authentication and verification. Encryption can even provide techniques for anonymous transactions that may one day promote commerce and protect privacy.
The electronic communications infrastructure is clearly no longer the exclusive domain of governments. Today's network carries not only diplomatic communique's and military plans as in an earlier dayit is the conduit for global electronic commerce, private correspondence and the most sensitive bits of personal information, including medical and financial records.
We also know that government attempts to force technological outcomes in this rapidly evolving area are invariably flawed. This is not surprising. When the government sacrifices the workings of the marketplace and consumer demand for its own best guess about what will work it gambles with our security. Even if we agreed with the Administration's goal, there is little reason to believe that the Administration's encryption strategy would succeed. Security technology is no longer the monopoly of the U.S. governmentif, in fact, it ever was. The technological know-how is now global, and if the U.S. computer industry is not permitted to deliver these crucial products to the marketplace, other providers will quickly fill the void.
Page 175 PREV PAGE TOP OF DOC In such a world, the best policies are those that seek to adapt to changing circumstance. It would be foolhardy for our government not to anticipate that strong, unbreakable encryption will be widely available on the Internet. And it would be equally wrong to prevent American citizens and American businesses from making use of the best tools available to protect their sensitive information from potential criminal threats.
We are therefore in a period of transition when law must be updated to reflect new realities. Reforming the export control regime so that it reflects the need for good encryption in commercial products and to protect personal privacy is a sensible first step. Further delay is likely only to increase the risks to users and businesses.
II. THE PROBLEM WITH THE CURRENT POLICY
At the heart of our current debate over encryption policy is a simple question whether it is wise to encourage the development of techniques to permit access by third parties to encrypted communications. The Administration thought this was a good idea when it initially recommended the Clipper scheme in 1993 and supported the proposal with a Presidential directive. Subsequently, the White House has conceded that Clipper was not a workable solution and dropped an elaborate experiment within the federal government after considerable cost to taxpayers.
Next came the key escrow proposal with the belief that third parties could take the place of the government and hold private keys. But concerns were raised about cost and implementation so a revised proposal called ''key recovery'' was recommended but that proposal also has problems. Now, the Administration is reluctant to say clearly whether it supports either key escrow or key recovery. It simply knows that it does not want good cryptography widely available.
The search for law enforcement's holy grail is an endless quest. New techniques to protect privacy on the Internet will in some circumstances make criminal investigations more difficult, just as the introduction of any new technology has posed challenges to law enforcement. But the benefits of the widespread adoption of encryption are significant and efforts to curtail development will impose great cost.
Page 176 PREV PAGE TOP OF DOC Much of the problem with the White House position is that it continues to place the interests of crime detection ahead of crime prevention and in this course has also sacrificed, privacy security, business development, and ultimately user confidence. As a result it has increasingly undermined the necessary trust that must be developed if the public is to make widespread use of these new system.
You cannot have ''escrow'' in Key Escrow where the keys will be disclosed without the knowledge of the user who deposited the keys.
You cannot have ''trust'' in Trusted Third Parties whose obligations to disclose your confidential information to the government may exceed their obligation to protect the privacy of your information.
You cannot have legitimate escrow ''Agents'' where the agent acts at the behest of the government and not the company in which the agent is employed.
Each one of these new proposals that seeks to hide the government's interest in monitoring private communication behind an ill-defined or ambiguous policy goal has only increased the level of public concern. And there is still more reason for concern. EPIC's Freedom of Information Act litigation produced FBI documents last year which show that key federal agencies concluded more than three years ago that the Clipper Chip key-escrow initiative will only succeed if alternative security techniques are outlawed and key-escrow is made mandatory.
The conclusions contained in the documents conflict with frequent Administration claims that use of Clipper technology will remain ''voluntary.'' Critics of the government's initiative, including EPIC, have long maintained that the Clipper key-escrow technique would only serve its stated purpose if made mandatory. According to the FBI documents, that view is shared by the Bureau, the National Security Agency (NSA) and the Department of Justice (DOJ).
Page 177 PREV PAGE TOP OF DOC
In a briefing document titled ''Encryption: The Threat, Applications and Potential Solutions,'' and sent to the National Security Council in February 1993, the FBI, NSA and DOJ concluded that:
Technical solutions, such as they are, will only work if they are incorporated into all encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required.
Likewise, an undated FBI report titled ''Impact of Emerging Telecommunications Technologies on Law Enforcement'' observes that ''[a]lthough the export of encryption products by the United States is controlled, domestic use is not regulated.'' The report concludes that ''a national policy embodied in legislation is needed.'' Such a policy, according to the FBI, must ensure ''real-time decryption by law enforcement'' and ''prohibit cryptography that cannot meet the Government standard.''
These documents demonstrate that the architects of the Administration's cryptography policy have always recognized that key-escrow must eventually be mandated. As privacy advocates and industry representatives have always said, Clipper does little for law enforcement unless the alternatives are outlawed. But the impact of such a law would be sweeping as to be untenable. For this reason, we are particularly pleased with the provisions in SAFE that affirm the right to use and to sell any form of encryption.
There is no question that law enforcement has legitimate concerns. There will be lawful criminal investigations frustrated because some data was encrypted. But, as the distinguished National Research Council panel found, the widespread availability of strong encryption will also prevent crime.
Page 178 PREV PAGE TOP OF DOC
The current policy of the Administration seeks by every conceivable means to establish a technique for government access private messages, whether stored in data files or sent in data transmission. Such a proposal is both unworkable and undesirable.
III. THE OECD
In the last few months you may have heard references to the positions of other government on cryptography. I cannot speak to the availability of encryption in other countries, but I can provide for the committee a first-hand account of how the OECD, the one international organization that has truly studied and wrestled with these issues, resolved the claims of government for lawful access.
During the past year I attended meetings of the OECD Expert Panel on Cryptography in Washington, in Paris, and in Canberra. I participated in the drafting and development of the Guidelines. I provided technical assistance to member governments that had questions regarding privacy matters and also helped make available many of the worlds leading experts in cryptography to the OECD for its deliberations.
Based on direct first-hand participation in the development of the OECD Guidelines as well as familiarity with the final document that will be presented to the Council of the OECD for adoption later this month, I can tell you that there is no consensus within the OECD to support the type of government access to private keys that the Administration is seeking.
In fact, the Administration delegate specifically asked the OECD member countries whether they wished to endorse the key escrow concept. Only one country, a country that already has a legal regime requiring the creation of key escrow agents, supported the motion. Every other country that spoke made clear its objection to the endorsement of key escrow.
Page 179 PREV PAGE TOP OF DOC
It is not simply that the OECD has rejected the key escrow proposal, the OECD went much further in the opposite direction and adopted one of the strongest statements in support of privacy that can be found anywhere in international law or policy. That principle says clearly:
The fundamental rights of individuals to privacy, including secrecy of communication and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.
The OECD recognized that some government ''may'' choose to promote lawful access to encrypted communications, indeed that is the policy that the Administration is currently pursuing, but beyond this acknowledgment there was little support for the key escrow effort.
I was particularly gratified that the OECD gave such a strong endorsement of privacy and chose not to endorse key escrow. I believe that promoting key escrow around the world may have a severe impact on the work of human rights organizations and threaten to shift a delicate balance between the rights of citizens and the authority of government in the wrong direction. Our own Department of State has reported each year on the growing use of electronic surveillance by governments against dissidents, journalists and human rights organizations. It is particularly important that democratic governments, and the United States in particular, send a clear message that the technologies of the emerging information infrastructure should not be designed to facilitate government surveillance of private communications.
IV. THE SAFE LEGISLATION
The SAFE legislation responds to the growing recognition that the current encryption policy is not workable and should be changed. For this reason, we believe it is an important step in a process that will eventually make available the strong privacy tools and techniques necessary for the growth of commerce and the protection of freedom in the twenty-first century.
Page 180 PREV PAGE TOP OF DOC
In particular, we support that the proposed sections 2802, 2803, 2803 to title 18 which would make clear that the freedom to use encryption, to sell encryption, and to avoid mandatory key escrow will be protected by the law of this country. Taken together, these three provisions establish the foundation of a new cryptography policy that could truly carry this country into the next century and provide the tools for privacy and security that are critical for users and businesses on the Internet.
The administration has said on numerous occasions, that there is no intent to regulate the domestic use of cryptography. If that is the case, then there can be no objection to enactment of these three critical provisions. Much of the current confusion that clouds US policy could be quickly resolved if the Administration would express its support for these changes.
At the same time, while we favor these three provision, we are very much concerned about section 2805 and ask the Subcommittee to carefully review this provision with the goal of narrowing it significantly or dropping it all together. Section 2805. which would make it a criminal act for ''Any person who willfully uses encryption in furtherance of the commission of a criminal offense,'' could have a series of unintended consequences that would easily undermine the other laudable provisions of the bill.
First, as I said during the hearings on the Computer Fraud and Abuse Act in 1989, I believe it is a mistake to create criminal penalties for the use of a particular technique or device. Such a provision tends to draw attention away from the underlying criminal act and casts a shadow over a technology that should rarely be feared. It may be the case that a ransom note from a typewriter poses a more difficult challenge for forensic investigators than a handwriting sample. But it would be a mistake to criminalize the use of a typewriter simply because it makes it more difficult to investigate crime in some circumstances.
Page 181 PREV PAGE TOP OF DOC
Second, a provision which criminalizes the use of encryption, even in furtherance of a crime, would give prosecutors wide latitude to investigate activity where the only indicia of criminal conduct may be the mere presence of cryptography. In the digital age we can no more view cryptography as the instrumentality of a crime, then we could the use of a pen or a paper clip in the current era.
Third, the provision could also operate as a substantial disincentive to the widespread adoption of strong cryptographic techniques. Recognizing as the National Research Council has, that the availability of strong encryption is one of the best ways to reduce the risk of crime and to promote public safety, the retention of this provision in the bill will send a mixed message to users and businesses that we want people to be free to use cryptography but we will be suspicious when it used.
If the concern is that cryptographic techniques may be used to obstruct access to evidence relevant to a criminal investigation, then the better approach may be to rely on other provisions in the criminal code, including sections relating to obstruction of justice, to address this problem.
Regarding Section 3, which would amend the Export Administration Act, we have doubts about the constitutionality of any form of export control on encryption. We have joined with Phil Karn in support of his litigation in the federal courts because we believe that the right to use cryptography is protected by the First Amendment. And, as you may be aware, Dr. Dan Bernstein has made substantial progress with a similar claim brought in federal court in California.
It is our belief that over time, as the courts will come to understand the public and commercial significance of cryptography and related techniques and that the President's authority to regulate this technology in the name of national security will become increasingly suspect.
Page 182 PREV PAGE TOP OF DOC Therefore, we are not prepared to concede that the Secretary of Commerce shall have ''exclusive authority to control the export of hardware, software, and technology for information security (including encryption)'' as the bill proposes. But we do believe that these changes will move encryption policy in the right direction by ensuring that strong cryptography will be more widely available.
In summary, we support the legislation and applaud the sponsors and the committee for your work on this matter, but we urge you to look carefully at the proposed section 2805 and see whether there may be a more limited way to address this problem.
Mr. GOODLATTE. Thank you.
STATEMENT OF JERRY BERMAN, EXECUTIVE DIRECTOR, CENTER FOR DEMOCRACY AND TECHNOLOGY
Mr. BERMAN. Thank you.
Mr. GOODLATTE. You may want to turn your microphone on as well. Thank you.
Mr. BERMAN. Mr. Chairman, Mr. Goodlatte, Representative Lofgren, I appreciate the opportunity to testify here and also your strong leadership for sponsoring and supporting the SAFE bill. I also appreciate your strong leadership in the Internet Caucus, which is attempting to educate Members and all of us about the potential of the Internet.
Page 183 PREV PAGE TOP OF DOC
Yesterday the Supreme Court for the first time was wrestling with the Internet, and what they were wrestling with is a wholly new environment. Twenty-five million Americans are on the Internet now, according to the latest Nielsen poll. Soon the whole country will be on the Internet. It's a new medium; it's global, it's decentralized and it's very open.
And there's a growing consensus that the future of commerce, of medical research, of education, of community, and of politics is on this Information Highway. If we are going to use it for commerce and all of these applications, we need security. That is the key element here. A recent Nielsen polland I'll make this article part of the recordfound that the No. 1 reason for people not using the Internet for commercial transactions is lack of privacy or fear of transactions not being protected.
[The information follows:]
INSERT OFFSET RING FOLIO 28 HERE
Mr. BERMAN. What is interesting is that over time a growing segments of the business community that does commerce on the Internet is coming to Congress and saying, ''Please get us out of these export controls. We need strong encryption.'' There is no great call, either from the privacy community or the business community, for more law enforcement. Everyone recognizes that the enforcement of law in this new global environment cannot be left to government. Government is not going to be the main guarantor in a worldwide network for security. So, point No. 1, to protect commerce and to prevent crime, we need encryption more than we need law enforcement.
No. 2, the key escrow system, which is the administration's proposal to balance law enforcement and privacy and security needs, will not work. Ms. Katz from Netscape said it this morning. We have a number of cryptographers doing a study of the legal, technical, and privacy problems posed by an ubiquitous key escrow infrastructure. It is one thing to say that there is a market for key recovery systems, and that I may want to have a spare key to my encryption in my office. But it is another thing to say that to meet the test of government access, you have to have an ubiquitous, readily-accessible system which can give instantaneous access to law enforcement for millions of keys and for millions of transactions. No one knows how to build that system. And when the Government says we need a cheap, widely-acceptable, trusted system, it's an oxymoron; it will not happen, and our study, which we will present to the public very shortly, will lay out the problems with such a system.
Page 184 PREV PAGE TOP OF DOC No. 3, what the key escrow system does do, however, is cause real privacy problems. As we move all of our transactions into this communications network, it becomes more than a telephone system. We are doing commerce and medical transactions on this network. Telephone wiretapping has been governed by secret searches. We do not want to put all of the fourth amendment standards governing this much broader portion of our lives into a secret search regime. And that's what the key escrow system would do.
And, finally, we need to pass Pro-Code and we need to pass SAFE, and we need to get on with it because commerce will not wait; privacy is not being protected, and law enforcement is not being served. Thank you very much.
[The prepared statement of Mr. Berman follows:]
PREPARED STATEMENT OF JERRY BERMAN, EXECUTIVE DIRECTOR, CENTER FOR DEMOCRACY AND TECHNOLOGY
INTRODUCTION AND SUMMARY
The Center for Democracy and Technology (CDT) is pleased to have this opportunity once again to testify about encryption policy before the House Judiciary Committee. The Center wishes to make four basic points in its testimony:
U.S. encryption policy continues to deny computer users the essential technologies they need to prevent crime and protect themselves online. The Commerce Department regulations released since the last Judiciary Committee encryption hearing do very little to change the fundamental export control and key escrow-oriented policy that has limited the use of strong encryption to date.
Govemment-driven escrowed encryption is not a solution. Government-driven escrow systems are not trusted in the global marketplace, would impose significant new costs and risks on computer users, and would dramatically increase the surveillance capabilities of law enforcement at the expense of individual privacy and security.
Page 185 PREV PAGE TOP OF DOC
Administration policy imposes tremendous costs with little benefit. U.S. policy will not stop criminals from using encryption to evade law enforcement surveillance. The Administration is imposing a costly new system on users with very limited clear benefits.
CDT supports the Security and Freedom through Encryption (SAFE) Act of 1997: The Administration has proven unwilling to change its basic approach to encryption policy. Congressional action is needed. The SAFE Act will liberalize export controls and help provide Americans with the strong security and privacy products they so badly need.
The Internet has vast potential to reinvigorate democracy, provide open access to information, and promote electronic commerce. The new interactive media can empower people to speak, be heard, participate in society, and share information. But the full promise of the Internet will not be met without a secure and trusted information infrastructure. Widespread use of encryption provides this needed security. CDT commends Representatives Robert Goodlatte, Zoe Lofgren, and the other co-sponsors of the SAFE Act for their continued commitment to this essential debate about the electronic privacy and security of Americans.
U.S. ENCRYPTION POLICY DENIES COMPUTER USERS ESSENTIAL CRIME-PREVENTING TECHNOLOGY
A. Encryption prevents crime and benefits law enforcement
The widespread use of encryption is of critical importance for public safety, national security, and law enforcement in the Information Age. As the FBI noted in its most recent Budget Request to Congress, ''the Cyberspace Achilles' heel is the NII [National Information Infrastructure].''(see footnote 2) The flow of sensitive information over the Internet leaves Americans increasingly vulnerable to the prying eyes of potential criminals, terrorists, or even foreign governments. Encryption addresses this problem by giving its users an easy and inexpensive means to protect sensitive information.
Page 186 PREV PAGE TOP OF DOC
Encryption is particularly important because of the inherent difficulties of ensuring security in the new digital media. The open, decentralized architecture that is the Internet's greatest strength also makes it harder to secure. Internet communications often travel in the clear over many different computers in an unpredictable path, leaving them open for interception. An small message from Washington to Geneva might pass through New York one day or Nairobi the nextleaving it susceptible to interception in any country where lax privacy standards leave it unprotected. Encryption provides one of the only ways for computer users to guarantee that their sensitive data remains secure regardless of what networkor what countryit might pass through.
The need for encryption is becoming even more acute as sensitive information is increasingly finding its way into electronic form:
Individuals need encryption in order to trust the NII with private data such as home banking transactions, medical records, or personal communications.
Businesses need encryption to protect their own proprietary information as it flows across vulnerable global networks. As FBI Director Louis Freeh noted in Senate testimony last year, it is estimated that nearly $100 billion annually is lost to economic espionageespionage that is increasingly taking the form of information theft through electronic means.
The country needs encryption to secure the vulnerable information infrastructure governing such sensitive applications as our utilities, financial markets, or air traffic control networks.
If broad participation in electronic commerce and the information society is to become a reality, the adoption of encryption in most phases of electronic existence will be required.(see footnote 3) Despite concerns about the use of encryption to evade law enforcement surveillance, the National Research Council found in its 1996 encryption study, ''On balance, the advantages of more widespread use of cryptography outweigh the disadvantages.''(see footnote 4)
Page 187 PREV PAGE TOP OF DOC
B. Current U.S. policy prevents users from getting the encryption tools they need to protect security online
U.S. encryption policies continue to limit the availability of strong encryption products, both domestically and abroad. While the Administration has shifted jurisdiction of cryptographic exports to the Commerce Department, from the viewpoint of encryption users the policy remains essentially the same. Cold War-era export controls and unattractive key escrow proposals remain the centerpiece of Administration encryption policy. It is also notable that established Commerce Department rules for exemption to export control, such as the foreign availability of similar products, have been denied to encryption products.
As a whole, U.S. policy still exercises a coercive influence on the strength and availability of encryption. As a result of these policies, computer users have been unable to settle on an adequate encryption security standard.
Exportable 40-bit encryption is widely viewed as insecure; just last month a University of California graduate student 'broke' a forty-bit key using readily available campus resources within 3.5 hours.
Moderately stronger 56-bit encryption is only exportable, temporarily, for those willing to commit to development of escrow systems that have limited market demand. Moreover, even 56-bit systems are viewed as inadequate; a panel of expert cryptographers last year recommended that secure encryption systems use keys of 90-bits or more.(see footnote 5)
Stronger escrowed encryption systems are exportable, but there is limited market demand for escrow. Moreover, the escrow infrastructure needed to support these systems does not exist today and will take some time to develop.
Page 188 PREV PAGE TOP OF DOC Computer users remain at risk, awaiting the widespread deployment of encryption and facing increasing threats to their unprotected information.
GOVERNMENT-DRIVEN ESCROWED ENCRYPTION IS NOT A SOLUTION
The Administration has endorsed key escrow, ''key recovery,'' and other forms of escrowed encryption as its favored approach to encryption policy.(see footnote 6) While there is much debate about how much market interest there will eventually be for some form of escrowed encryption, the government continues to endorse key escrow that put the needs of law enforcement above the needs of computer users.
Escrowed encryption systems work in a variety of ways. Early forms relied on the storage of private keys by the government, or more recently by other trusted entities. Other systemscalled ''key recovery'' by somehave escrow agents simply maintain the ability to recover the encryption keys for a particular encrypted communication session or stored file, requiring that such ''session keys'' be encrypted with the public key of the agent and included with the data. Still other systems rely on the splitting of keys between several agents, or on a combination of these techniques.
Key recovery systems share the essential elements of escrowed encryption: They provide a mechanism (external to the primary means of encryption and decryption) by which law enforcement or a third party can access the plain text of encrypted data.
There are serious differences between the types of escrow the market might demand and the government escrow requirements being imposed through U.S. regulations, including:
Government access without notice or consentLaw enforcement wants access to decrypted information without notice to, or consent of, the user.
Ubiquitous global adoption of escrowed encryptionKey escrow only meets law enforcement needs if it is widely usedboth domestically and internationallyfor the bulk of stored information and communications.
Page 189 PREV PAGE TOP OF DOCAccess to communications as well as stored dataWhile there may be some market demand for access to stored data, there is virtually no market demand for recovery of communications.
High-speed, round-the-clock accessFor example, the Commerce regulations require data recovery around the clock, within two hours of a request.
These requirements ultimately make government-driven escrowed encryption an unattractive and costly system for users.
A. Government-driven escrowed encryption is not a trusted global approach
The last several years have shown that escrowed encryption is not a trusted global approach to encryption. Since the introduction of the Clipper Chip in 1993, and continuing through the ''Clipper 2'' commercial key escrow and ''Clipper 3'' public key infrastructure proposals, computer users and the information industry have consistently rejected escrowed encryption.
Despite the Administration's best efforts, national governments have not globally endorsed key escrow solutions. In testimony before the Senate last summer, FBI Director Freeh argued that ''there is now an emerging opinion throughout the world that there is only one solution to this national and international public safety threat posed by conventional encryptionthat is, key escrow encryption.'' In fact, there is evidence that no such opinion has emerged. The recently released OECD Cryptography Policy Guidelines specifically do not endorse key escrow; rather, they cautiously propose that ''national cryptography policies may allow lawful access to plaintext or cryptographic keys.'' (Emphasis added.) Without a significant consensus among national governments, there is no viable key escrow policy for law enforcement.
There is limited consumer demand for escrowed encryption. Major potential suppliers of encryption products have consistently maintained that the market does not want or trust the government's brand of escrowed encryption. Escrow providers have argued that encryption users will want escrow products to recover the keys to stored information in emergency situationsfor example, the death of a key holder. While it is likely that there will be some demand for escrow for stored information, there is virtually no consumer interest in escrow for encrypted communications.(see footnote 7) Users will always have a plaintext copy of their communications; the only reason to escrow communications is to provide law enforcement or other third party access.
Page 190 PREV PAGE TOP OF DOC
Escrowed encryption faces even greater burdens to acceptance internationally. Few international users can be expected to feel comfortable with key storage in the United States, which is required under U.S. export regulations until suitable multilateral agreements can be worked out. Since there are no Fourth Amendment protections outside of the U.S., escrowed encryption introduces new privacy concerns about what standards will govern access to encryption.
Finally, there are some application for which escrow will never be appropriate. For example, the AAAS has commented on the sensitive and increasingly important use of encryption by human rights advocates worldwide. ''if keys can be recovered by the U.S. government, why should human rights organizations whose entire function is defined by abusive governments trust that their information will remain secure?''(see footnote 8)
B. Escrowed encryption imposes substantial new costs and risks on computer users
Govemment-driven escrowed encryption will be expensive and less secure for users. Escrow will create new risks; for example, the large collections of key information stored by escrow agents will be an enticing new target for attack or espionage. Escrowed encryption will require a massive government infrastructure to approve products, monitor escrow agents, and provide law enforcement access. This high cost of maintaining a complex and highly secure escrow system will be shared by both users and the public, and will no doubt increase the cost of using encryption.
Page 191 PREV PAGE TOP OF DOC Escrowed encryption raises numerous unanswered privacy questions. What privacy standards will apply to the release of decryption keys among countries? Will the U.S. government honor requests from foreign governments for the keys of human rights workers or dissidents? How will the U.S. government guarantee the privacy of Americans communicating abroad with keys held in foreign countries? Without the answers to these questions, the Internet community will not and should not place its faith in an escrowed encryption infrastructure.
An escrow system of the sort contemplated by the Administration is orders of magnitude beyond the scale and scope of any similar secure system today. Far more information and experience is needed before the privacy and security of the information infrastructure is entrusted to an untested escrow infrastructure. As the NRC noted in its report, ''aggressive government promotion of escrowed encryption is not appropriate at this time.''
C. Guaranteed law enforcement access to all stored information and communications is a dramatic expansion of current surveillance capability
Congress and the courts have worked hard to strike a delicate balance between government surveillance and individual privacy. Key escrow would dramatically upset that balance. The federal government is currently granted the ability to monitor a specific telephone line. It has never been prospectively guaranteed the ability to access all stored information and intercept all communicationsas escrowed encryption would.
More importantly, the ability to hear a specific phone conversation is not nearly as invasive as the ability to intercept, without notice or consent, the full panoply of life online including health records, financial transactions, online entertainment, intimate letters and conversations. Law enforcement has been unable to justify this new, unwarranted expansion of surveillance capabilities sought through the control of encryption technologies.
Page 192 PREV PAGE TOP OF DOCADMINISTRATION POLICY IMPOSES TREMENDOUS COSTS WITH LITTLE BENEFIT
A. Current U.S. policy will not stop criminals from using encryption to evade law enforcement
Even if the marketplace were to adopt escrowed encryption as the Administration hopes, criminals will still be able to use strong encryption to evade law enforcement.
Strong, non-escrowed encryption is already available both inside and outside of the United States today. Foreign governments, terrorist, and criminals have access to these powerful tools and will be able to encrypt data despite continued export controls or escrowed encryption. Moreover, criminals within the United States will continue to have unfettered access to strong encryption under current regulations. Unless the Administration is planning to impose some form of domestic controls, criminals within the U.S. will always be able to use strong encryption.
Furthemmore, nothing in the Administration policies prevents users from ''superencrypting'' communications even within a key escrow framework. By encrypting information and then encrypting again using an escrow system, users will appear to have complied with escrow requirements while still storing data or communicating in a manner that cannot be intercepted, thwarting the entire law enforcement interest in imposing escrow.
B. The law enforcement problems with encryption are important but more limited than claimed
Law enforcement faces a real, but narrowly focused, problem with encryption. Congress should demand a full description of the law enforcement problems caused by encryption to date. Based on available information, however, it appears that the vast majority of encrypted information will be accessible to law enforcement by legal process. For example, businesses will still be required to produce the plaintext of encrypted business records under proper legal process. Stored information, corporate and business information, and even a great deal of electronic communication will most likely be largely available to law enforcement through legal process similar to that available today.
Page 193 PREV PAGE TOP OF DOC The remaining problem for law enforcement can be narrowed to the real-time interception of communications without any notice to the party under surveillance. While this represents a problem for law enforcement, it is a narrow problem. There are currently only on the order of 1100 wiretaps conducted by law enforcement in the U.S. each year.
Moreover, the information economy presents new and powerful tools and opportunities for law enforcement. Online interaction leaves a detailed trail of electronic transactions, credit card purchases, online communications, and Web-based clickstream data presenting new traffic analysis opportunities. This information offers law enforcement unprecedented new tools to obtain evidence of criminal activity.
In the current policy standoff between eroding law enforcement arguments and the emerging and acute privacy and security needs of the Information Age, Congressional action is needed. Only Congress is in the position today to change U.S. encryption policy and get Americans the privacy and security tools they need. The private sector cannot do it. The Administration will not do it. The courts may do it, but not without a protracted struggle. Congress must act. CDT believes that immediate liberalization of export controls in the SAFE Act will help provide Americans on the Internet with the strong security and privacy they so badly need.
Mr. GOODLATTE. Thank you, Mr. Berman.
Our fourth panelist hasn't arrived yet. We'll go ahead with some questions and perhaps come back to him when he arrives.
Mr. Karn, would you comment on the district court's finding in your case that exporting a book containing cryptographic source code is permissible, but exporting a diskette containing the same source code is not?
Page 194 PREV PAGE TOP OF DOC
Mr. KARN. Mr. Chairman, obviously, I disagree with that. We took that to the D.C. circuit, which held oral arguments on January 10, and they have since returned the case to the district court to reconsider under the light of the new rules that the Commerce Department came out with December 30. So our case is alive again. We believe that we will be able to overturn Judge Ritchey's original ruling.
Mr. GOODLATTE. Thank you.
Would you respond to the administration's assertion that strong encryption may be widely available, but it is not widely used because there is no key management infrastructure in place?
Mr. KARN. OK, yes, I'd be happy to. In fact, I was going over the testimony from Mr. Crowell this morning, and on page 7, he says, ''Encryption support infrastructure does not exist today other than in the KMI used by the Defense Department.'' That is simply a wrong statement. I submit that if he's following what's happening in the real world, he's about 10 years behind. There is a very viable key management infrastructurein fact, there's two of them, two different kinds. We have here an example of a thousand technical flowers blooming, I believe was the expression used this morning.
We have key management infrastructure right now in Netscape and Microsoft Internet Explorer Web browsers. I do all of my banking, for example, with Bank of America, knowing that I'm really talking to Bank of America because their key has been signed by this key management infrastructure that supposedly doesn't exist. So it does exist right now. It is rapidly changing as more and more sites come onto the Web with secure servers.
Page 195 PREV PAGE TOP OF DOC
Another approach to the key management infrastructure is the PGP approach, which is a more decentralized grassroots approach.
The key management infrastructure problem that the Government claims exists simply does not exist. The real reason is, as the previous panel stated, the applications need to be made easier to use, and that's happening as we speak.
Mr. GOODLATTE. Thank you.
Mr. Berman, would you briefly describe your objections to a key escrow system? If every other nation in the world implemented a mandatory key escrow system, should the United States do likewise?
Mr. BERMAN. No, and I don't think other countries are going to do it.
Mr. GOODLATTE. I agree.
Mr. BERMAN. Our major problem is that the Government has pointed out that they have law enforcement problems, but they have not come forward with any proposal about how this key escrow system is going to work internationally. We don't know who's going to hold the keys to U.S. citizens' communications, or to anyone else's communications. We don't know what kind of arrangement we're going to make for Iran and China to get a hold of communications when they want them. Are we going to have fourth amendment standards? The fourth amendment stops at our border.
I think one of the reasons why all of these countries are not agreeing to a key escrow system is that they fear U.S. intelligence agency domination or law enforcement domination of that system. They don't want to give away their sovereignty. So I think we essentially have a balkanized world.
Page 196 PREV PAGE TOP OF DOC
Mr. GOODLATTE. Law enforcement argues that the widespread use of strong encryption would eviscerate the ability to perform legitimate wiretaps. Mr. Rotenberg, could you respond to that contention?
Mr. ROTENBERG. Mr. Chairman, the National Research Council looked at this issue when it put together the crisis report and concluded, on balance, that it was better to make strong encryption widely available to protect public safety and to protect against crime. And I think that the critical point here is what law enforcement does in this proposal is put the interest of crime detection ahead of the interest in crime prevention. You see, by building in this capability for listening into private communication, you may in some circumstances be able to get access to information that you couldn't otherwise obtain, with the consequences that you make systems more vulnerable to attack.
Mr. BERMAN. May I add to that point?
Mr. GOODLATTE. Sure.
Mr. BERMAN. There is a great law enforcement and privacy cost to dumbing-down these systems. What Mr. Karn pointed out, from the New York Times this morning, is that it took a few minutes to break the PCS encryption system that's in our cellular communications network.
I testified before the House Commerce Committee hearing on cellular phone security just a month ago. Experts were saying that the PCS encryption system is going to really be our privacy tool. Well, they dumbed-it-down to meet the export control requirements and also under pressure from the National Security Agency and the FBI. So now our communications system is more vulnerable going into the future, and that includes much of our private communications and our ability to use computer and data communications. I could go on; you get the point.
Page 197 PREV PAGE TOP OF DOC
Mr. GOODLATTE. Do you agree with James Dempsey, the senior staff counsel for the Center for Democracy and Technology? I bet you do
Mr. BERMAN. Most of the time. [Laughter.]
Mr. GOODLATTE [continuing]. Who reportedly said in today's story that this shows, and I quote, ''that the Government's effort to control encryption technology is now hindering the voice communications industry as well as the data and electronic communications realm.''
Mr. BERMAN. I think so, yes. I'm being facetious. I absolutely agree with that statement, and I think it's also going to be a wake-up message to the telephone companies, who think, ''Well, this is a software/computer issue, and it's not a communications issue.'' I think that you will see more common cause. You will see America Online and some of the online companies coming in here and saying they can't make their networks secure; what are we going to do about this encryption problem? So there's going to be a growing demand from the business community, and everyone who wants to do commerce on the Net, for strong encryption. So I think it's an uphill fight, but I think you will prevail; we will prevail.
Mr. GOODLATTE. And there will be a marketplace supply for a key recovery system for those who desire that?
Mr. BERMAN. Absolutely.
Mr. GOODLATTE. And it will apply to cellular communications as well as to
Page 198 PREV PAGE TOP OF DOC
Mr. BERMAN. I don't understand the law enforcement argument. The law enforcement argument that they will lose real-time wiretaps may be true. But there is no market for key recovery systems for real-time communication. No one wants it for wiretapping. It's for data. Well, data is encrypted, but it's also decrypted because somebody has to read it. Once decrypted, it can be obtained by law enforcement through grant of immunity, subpoenas, legal processes. In fact, one of our problems is that we don't know what the legal process is going to be for that, and that needs to be addressed.
But the Government is arguing that the most restrictive and last-resort investigative technique is now their first line of defense for all law enforcement, and that's hooey. If it is, we're in very serious trouble because there are only 1,100 wiretaps in the country nationally. That can't be what law enforcement's relying on to enforce the laws of this country.
Mr. GOODLATTE. Thank you.
The gentlewoman from California.
Ms. LOFGREN. Thank you very much, Mr. Chairman, and thanks to the panel for being here today. And I wanted to specifically thank Mr. Karn for his efforts to bring this issue to the attention of the third branch of government, which is often overlooked. We have the administration policy; we've got proposals in Congress, and it may be that, if all is right in the world, the Congress will address this issue promptly, but it's possible that we may be beaten by the third branch, which will save the day for the country. Who knows? And being involved in litigation isn't a lot of fun, and it's an expense, and so I do thank you for doing this in a very public-spirited manner.
Page 199 PREV PAGE TOP OF DOC
You know, I was reading in today's New York Times about the digital telephone, issue, and I was reminded of a hearing we recently had in the Science Committee, which I also serve on. During the hearing, Tsutomu Shimomura had his little system set up and had up on a large screen several digitalwell, in analog, but all of the cell phone numbers, and we could have listened to them. So I didn't think that the article in the Times was a complete news story, but it may be news to those who think that their communication is secure on a cell phone, and they, some very sadly, have discovered that that's not always the case.
I'm just wondering, Mr. Karn, if you could talk about encryption on a technical basis, how it works, so that Members who are in their offices watching this hearing can understand how encryption works in digital telephony right now, how it could work, and in a very basic way explain the digital world to them, would you?
Mr. KARN. In five words or less? [Laughter.]
Ms. LOFGREN. In five words or less.
Mr. KARN. I listened to the previous panel answer that question, and I think they were on the right track. The analogies that are made to the postcards and the mail are very good ones. Encryption is like an envelope.
A point I would like to add to that, although encryption has been around for a very long timeit's been used mostly by the military and diplomats, and so forthwe are now moving so much of our lives into the electronic world. In the past we have been able to count on privacy simply because of the nature of these transactions being private. Now that we're moving to the electronic world, we're simply extending the privacy safeguards that we had in the past. Two hundred years ago, it wasn't possible to wiretap because phones didn't exist. It's only an accident of technology, that we are trying to undo now with encryption. It's an accident that it is even possible to tap a phone in the first place.
Page 200 PREV PAGE TOP OF DOC
So I see this as a way of extending sort of a shield of privacy out over these electronic links, as we extend them out into cyberspace. So that we can now do things that we now do in the privacy of our homes or in our bank offices, or whatever, over the network with the same level of privacy that we used to have.
Ms. LOFGREN. Can I just follow up a bit. As I was coming back from the last vote, several Members on both sides of the aisle asked me where I was rushing off to. And I told them, and several of them said, ''Well, what is it?'' I mentioned earlier this morning there are many Americans who, when they hear ''ATM,'' they're thinking about getting cash from the bank instead of how we distribute data today.
Explain that very basically I know this is like kindergarten to you, but explain digital technology, so that people watching can understand the issues here.
Mr. KARN. OK, digital comes from the word ''digits,'' which means fingers, from counting. In digital systems everything is done with 1's and 0's. There's really only two fingers, so to speak, in the digital world, a 1 or a 0. And that very, very simple concept can encode any kind of information we wish. It can be voice; it can be text; it can be pictures; it can beanything that you can express as information can be encoded as very, very large amounts of 1's and 0's. And, of course, anyone who knows how those 1's and 0's are encoded, without cryptography, can very easily figure out what those 1's and 0's mean. That's what computers do; they're very, very good at that.
So what's made the digital revolution possible is the fact that we now have technology to handle real large numbers of 1's and 0's. The basic concepts are not new, but we have the technology to do it.
Page 201 PREV PAGE TOP OF DOC
Ms. LOFGREN. OK, so when I'm talking to my father in California, what is actually happening between the east coast and west coast?
Mr. KARN. OK, if you're talking on an ordinary telephone line, your signal goes in analog format over what's called a local loop. That's the pair of wires that goes from your house to the telephone central office, and in almost every telephone office in the United States now your signal, once it reaches that office, is converted into 1's and 0's, in digital form. It travels the majority of its path in digital form, mixed-in with many, many other conversations that are sharing these superhighways, these very, very high-speed digital links. And then when it reaches the office at the other end, it is then in most cases converted back to analog, and then sent as analog signals over a wire to a telephone at the person you're calling.
Ms. LOFGREN. And so we've got these little packets of photons moving. How does encryption deal with these little packets of data that are really our conversation?
Mr. KARN. Encryption does exist in analog forms, but it's generally not very secure. Where encryption is very, very effective is in the digital world. So if it's possible to take those 1's and 0's and scramble them by mixing them with another series of 1's and 0's which is only known to the two parties that are communicating, then anyone who sees that stream of 1's and 0's will only see what appears to be random garbage. It will be random 1's and 0's. They won't be able to make any sense of them. But the party at the other end, who has the proper key, can turn thosecan convert that pattern back into a pattern that can be understood.
Ms. LOFGREN. Thank you. I think this is going to help a lot of people who just listened to you.
Page 202 PREV PAGE TOP OF DOC
Mr. Berman, I think you wanted to add
Mr. BERMAN. I just have a comment on that. We all face this problem of trying to explain what we're talking about. People's eyes glaze-over. But I think it's really going to be just a matter of time before encryption becomes synonymous with locks and keys or envelopes. On the Information Highway, that's what encryption means.
Just like today if I say, ''AM versus FM,'' we don't get into a discussion of those technologies. We just say, well, that's better sound and more range, and I think that encryption will be the same way.
Ms. LOFGREN. If I may just follow up, though, and then I'll let Mr. Goodlatte continueI do think it's important, however, because we are receiving different types of informationMr. Karn indicated earlier that, in his judgment, there was some incorrect information that had been conveyed or at least as commonly understood.
Mr. BERMAN. Absolutely.
Ms. LOFGREN. I, from what I know, would agree with him. But as Members of Congress try to sort through what is the right thing to do, having at least a layperson's understanding to be able to weigh the information is going to be enormously helpful. And you're right, this is all very new to many people. I was able to listen to the Communications Decency Act arguments before the Supreme Court yesterday morning. It was really a marvelous experience to listen to, and I think Justice Scalia had many of the right questions, and I hope that he concludes with the right answers. But we learned that he has a 16-year-old son who's on the Internet and he has used it, and I think that did obviously have an impact on his understanding of the arguments made to him, and we have much same issue here in the House.
Page 203 PREV PAGE TOP OF DOC
So, with that, Mr. Chairman, I would, if I have any time, yield it back.
Mr. GOODLATTE. I thank the gentlewoman.
Does the chairman have any questions?
Mr. COBLE. As the gentlewoman from California reminded us earlier today, today is our last day, hopefully, before the Easter work period, and chaos has prevailed up here. I want to thank all the panelists for having appeared today, and I think it's appropriate that the hearing was chaired by the gentleman from the Roanoke Valley in Virginia because I think he is the recognized lead congressional dog, if you will, on this issue, and I'll get with him and the lady from California as well, and we'll hash this out. I'm sure it was a good hearing, and I thank you, Bob, for having chaired it.
Mr. GOODLATTE. I thank you for letting me chair it.
We now have our final panelist. We've been joined by Mr. Grover Norquist.
Grover, you were introduced in absentia.
Mr. NORQUIST. Oh, OK.
Mr. GOODLATTE. So we welcome you, and you can proceed with your testimony. Of course, the full statement will be made a part of the record.
Page 204 PREV PAGE TOP OF DOC
STATEMENT OF GROVER G. NORQUIST, PRESIDENT, AMERICANS FOR TAX REFORM
Mr. NORQUIST. Thank you. I'll just submit the full statement for the record. It is ably drafted by my staff. It's brilliantly written. Everybody should read it at great length.
But I'll just briefly say that we've interested at Americans for Tax Reform in this issue for 10 years, in the whole question of how to make communications and computers safe. We think it's increasingly important to extend privacy to those communications, as we do to phones and others.
And I want to commend Congressman Goodlatte for his bill. I think it's extremely important, and those of us in the taxpayer movement are extremely supportive of that and appreciate his leadership on the issue. I certainly want to associate myself with the comments of Phyllis Schlafly where she, I think, laid out the case on privacy grounds quite well.
[The prepared statement of Mr. Norquist follows:]
PREPARED STATEMENT OF GROVER G. NORQUIST, PRESIDENT, AMERICANS FOR TAX REFORM
Page 205 PREV PAGE TOP OF DOC Mr. Chairman, my name is Grover G. Norquist and I am President of Americans for Tax Reform. I am here to strongly support the Security and Freedom through Encryption (SAFE) Act, H.R. 695, introduced by the gentleman from Virginia, my good friend Mr. Bob Goodlatte. I am also here to thank Mr. Goodlatte and all those who have co-sponsored this bill in the House of Representatives, including John Boehner and Tom DeLay.
The irony is, I shouldn't have to be here. The SAFE Act essentially affirms traditional Constitutional principles that Americans should be free ''their persons and possessions from unreasonable searches and seizures,'' and that they should be allowed to conduct their lawful business with a minimum of interference from the state. These are indeed truths we should hold self-evident.
Instead, the alternative to the SAFE Act, championed by the Clinton Administration and almost no one else on the planet, is the biggest government power grab since income-tax withholding and a sweeping expansion of state power that threatens to put life, property, and personal information at risk. Bill Clinton's inexplicable fixation with the Clipper Chip represents not only a sweeping expansion of state power but also reckless endangerment of the public infrastructure.
The Clipper Chip was an issue even George Bush got right bad idea, wouldn't be prudent. You didn't see it come from his Administration. The Clipper Chip, as you recall, was a government plan to strongarm private industry into building a backdoor for government eavesdropping into every communications device. Companies which wouldn't cooperate wouldn't get government contracts, might have their taxes audited, and might be embarrassed in front of Congressional Committees. Yet the initial public relations fiasco of Clipper Proposal Number One somehow didn't register with this Administration. They keep coming back with new names and new proposals''key escrow, key recovery, key management infrastructure,'' and what have you. But it's still the same thing. The single most important message I want to leave you with today is that all these new proposals are variations on the Clipper theme. They are categorically unacceptable. The reason we need the SAFE Act is not, unfortunately, to make any positive changes but rather to put a nail in the Clipper coffin once and for all.
Page 206 PREV PAGE TOP OF DOC There are three basic questions to deal with: First, what is our basic model of economic development in this country is it free markets or ham-fisted industrial policy? Second, who makes the laws in this countryis it Congress or the President? And third, do we still give a hoot in this country about civil liberties protections and Fourth Amendment guarantees against searches and seizures, particularly when these apply to taxpayers?
If you as Members of Congress think this is a free market country where Congress makes laws and the Constitution still means something, then you will unanimously support Mr. Goodlatte's bill.
Let me present a few words about my background as I launch into the body of my testimony. I am President of Americans for Tax Reform, which serves as the clearinghouse for a national coalition of taxpayer groups. We lobby for lower taxes, less government spending, less government regulation, and less information about taxpayers in the hands of high school-educated Internal Revenue Service computer clerks. We think the government has more than adequate opportunities to spy on taxpayers, take their money, and otherwise run their lives.
I am also a member of the National Commission on Restructuring the Internal Revenue Service, which is chaired by Senator Robert Kerrey and Representative Rob Portman. Both have done an excellent job in guiding the Commission's useful work. I come here having spent a fair amount of time studying prosecutorial abuse by the IRS, failures in IRS technology management, sloppy handling of taxpayer records, failure by the IRS to maintain its own records, and worse. Even so, the prospect of an IRS playing with Clipper Chip spinoffs makes almost anything else I have seen pale by comparison.
SAFE ACT COUNTERS NEEDLESS REGULATION
As noted earlier, in a sensible world I shouldn't have to be testifying in support of the SAFE Act.. The bill has little positive content other than saying the U.S. Government should not do anything stupid. My primary reasons for supporting the SAFE Act is that what the Administration wants to do and has been doing is so bad. The Administrations Clipper, son of Clipper, key escrow, and other various proposals constitute the following serious problems: A regulatory mandated. Abuse of the regulatory process. It is an attempt to end-run Congress by seeking international agreements which not even the statists in Europe want. An attack on the property rights needed to develop markets in cyberspace and new products in digital media. A threat to U.S. National Security. A threat to U.S. domination of world financial markets and dollarization of the world economy. A threat to the security of Americans doing business on the domestic public infrastructure. A threat to the security of Americans and U.S. businesses doing business in places like Russia, China, France, and countries which don't have the Fourth Amendment. An open prospect to government abuse of personal information. A very troubling development in the context of various proposals floating around for a national ID card, a national worker registry, and federal and state databases of all kinds.
Page 207 PREV PAGE TOP OF DOC The overall effect of Administration policy, if uncorrected by the SAFE Act, would be to fundamentally change the evolving nature of public networks in the digital economy. The networks which now promise to be an unprecedented infrastructure for knowledge, commerce and communication would instead become an infrastructure for government surveillance, regulation, taxation, and control of citizen. This is not a very prosperous way to begin a 21st century.
The only good news about this development is that it probably won't work in the long run. Lack of encryption, which means lack of adequate property rights, privacy, and enforceable contracts, will turn the Internet into one vast collective farm. Sooner or later it will collapse and freedom will reign. We just may have to endure 50 years of misery the way the Russians had to endure 50 years of collective farms.
CIVIL LIBERTIES AND TAXPAYER RIGHTS
Now, I am talking mostly in terms of a long term perspective here, but let me explain how Clipper Chip nonsense comprises a vast expansion of state power.
Right now, if the government wants to read your mail, it has to sort through trillions of physical pieces of paper that might be anywhere in the country. This is difficult, time-consuming, and expensive.
If the government wants to listen to your phone calls, they have to pay people to listen, and listening takes a long time. Even though you can electronically sort out telephone calls and only listen to those calls that go from numbers you want to monitor to numbers you monitor, technology is such that you still have to hire people to listen, and this again is expensive.
The government can't easily monitor what you do in groups of people that meet in three dimensional space like your church, your business, or your local bar;
The government can't easily track what you do with physical currency.
I might also mention that the government can't easily track the trillions of tax documents that exist on paper, but that's another story.
Page 208 PREV PAGE TOP OF DOC Now, consider the world of the future, when everything you do, you do on-line, on a digital network of some sort:
Your phones, cell e-mail, pager, laptop computer, personal digital assistant, and other communications will rely on digital networks that don't distinguish between ''wired'' and ''wireless'' channels;
You will do your shopping over the Internet or its successor;
Your videos and all your other information will come in over the phone lines or the Internet;
Your car will plug into digital networks that guide and steer it for you when you travel on computercontrolled highways;
Even purchases you make in person will use some sort of electronic cash and electronic payment system that might involve simply pointing your wallet at what you want;
When you go to the airport and get out of your cab, or out of your car which can drive itself home, the airport will know who you are and where you are going;
Almost any type of activity generates a ''transaction stream'' that can be audited, monitored, or interfered with.
You get my drift. Everything you do, you do on-line. In these circumstances, giving the government easy capabilities to snoop is like letting the government put a TV camera in every room of your house. Key-escrow means the government just promises not to turn the cameras on unless you have been bad.
The result is just like the 19th century, when the federal tax collector used to walk into your house, see what you had, and hand you a bill. This is actually not too far removed from things the IRS still does and wants to do on a wider scale, such as the Taxpayer Compliance Monitoring Program and the so-called lifestyle or ''Jockey Shorts'' audit.
The bottom line is that the citizen as taxpayer has fewer civil liberties and Fourth Amendment protections than the citizen in almost any other role. The taxpayer does not even necessarily have the presumption of innocence in tax proceedings. If civil liberties abuse begins under a key escrow system, it will probably begin with routine monitoring of transactions for ''tax compliance.''
Page 209 PREV PAGE TOP OF DOCPUBLIC SAFETY AND COMMERCE
To look at this from another perspective, consider the following:
Would you let the government have a key to your house? Of course not.
Would you trust the government to put a lock on your door? No, because if everyone has the same lock and the same key, every teenager with a hacksaw will know how to break in.
The Marx Brothers once built a whole move around the idea of what happens when a bunch of lunatics get hold of the passkey in a fancy hotel. And this is the Administration's view of law and order? I think not.
The U.S. economy is fast approaching a point of development when both products and payments move electronically over the public networks. If you are a writer, a teacher, an architect, an engineer, a consultant, a lawyer, a graphic designer, or even a doctor practicing tale-medicine, you will work with your colleagues and customers using what we now think of as computers on the Internet. Most of the leading U.S. multinational companies already work over computer networks in this fashion with teams of employees that span the entire globe.
So, how do we conduct business on the Internet? When everything is digits on the phone line, you still need the equivalent of signed contracts, sealed packages, property rights, indelible marks, verifiable signatures, dollar bills, unforgeable checks, and the like.
Now, it happens that ''encryption'' is not just a way of hiding things. The term encryption encompasses a huge range of mathematical techniques that put the equivalent of signs, signatures, seals, and marks on streams of digits. If you can't use encryption, you can't do these things. If you put unreasonable and arbitrary controls on encryption, as President Clinton wants to do, you drastically limit the possibilities for growth and commerce in the digital economy. This constitutes an enormous regulatory burden. To the extent Clinton's policy stalls business on the Internet, Clinton is imposing a pre-emptive 100 percent tax on the information age.
This gets to my point about recklessly endangering public infrastructure and denying citizens the ability to use infrastructure safely. If you deny citizens tools for doing business in a normal way, you deny them the ability to do any business at all.
Page 210 PREV PAGE TOP OF DOC Let's compare on the Internet to settling the frontier. What would have happened in the 19th century if Congress had said: No paving roads; no fence on your farm; and no lock on your front door.
Certainly, most of you who represent the Western states today would not be here at all. There would be very little business in the West. And the West would still be lawless, as the Internet is still in some respects lawless or at least dangerous to people whose identities may be forged and whose information may be stolen. People who did live in the West would have to worry constantly about someone breaking into their house, or worse.
SAFETY AND SECURITY ON THE INTERNET
On the Internet, there are two aspects of safety and security. One is keeping people from stealing your things and invading your privacy. Obviously encryption is key to this. The other problem is keeping those teenagers with hacksaws that I mentioned or other bad guys from crashing the network.
For preventing theft, you need to make it difficult to steal things. Difficult means very expensive. How expensive would cracking the Congressional Record have to keep this material secure? Probably not very. But suppose a major auto company just spent five billion dollars to develop a new car, which is what new cars cost. Then clearly you need encryption that is tough enough to protect five billion dollars. There are reports that a major auto company actually did have plans for a new model stolen through economic espionage in the last few years, so this is a very real threat. Yet right now, Bill Clinton is trying to force Americans to use encryption no stronger than a French graduate student recently cracked using the machines in a few hours using the machines in his French computer lab for free.
For preventing sabotage, you need a system that does not have well-known limits and vulnerabilities. If everybody uses the same type of encryption, sooner or later someone will find a vulnerability and figure out how to break it. Therefore, to be safe, you need a proliferation of different system so no one passkey opens all the locks.
Page 211 PREV PAGE TOP OF DOC America already relies on critical infrastructure. This includes: the public telephone system, on which much U.S. military communication travels; the financial and banking infrastructure; the power grid; the air traffic control system; and more.
Soon the highways themselves will be a computer network as well as a roadway network. For the American people to be safe from terrorists, enemies, and vandals in the future, we need to most robust encryption possible to keep these networks safe and secure.
Finally, a word on international problems.
President Clinton is trying to make the other industrial nations go along with an international key escrow system with key sharing agreements so that countries doing international police work could share their cases and pool information. Unfortunately, only the U.S. has a Fourth Amendment that is somewhat enforceable in U.S. courts. Outside the US, anything goes.
This is silly. These agreements amount to telling foreign governments everything there is to know about how Americans and U.S. companies attempt to protect themselves in foreign markets. It says, here is the outline of what U.S. companies do, their techniques of encryption, and the legal limits on how secure their communications can be. And we hope you nice governments and intelligence services in Europe that work hand-in-glove with state-owned companies will reciprocate and let us spy on you as well. This is ridiculous. It just won't work.
The really disturbing aspect, however, is the way the Clinton Administration abusing international export controls to attempt to make U.S. companies follow regulations that were never approved or considered by Congress, and the way the Administration tried to make international Clipper Chipping a done deal by international agreements before Congress could legislate otherwise. Fortunately, a draft document recently leaked from the OECD suggests the Europeans rejected this. It is not often I am thankful to Europeans, but there it is.
Page 212 PREV PAGE TOP OF DOC As a taxpayer activist, I favor policies that will cause the economy to grow and make the relative size of the state shrink while freedom is expanded. I therefore support freedom of encryption and look forward to the growth of digital commerce.
As a taxpayer and a citizen, I also worry about civil liberties and tax and regulatory policy that could cause the size of the state sector to balloon. I do not think the government should be able to sweep my e-mails and read what it wants without great difficulty, though I recognize the government is much bigger than I am and has rooms the size of football fields filled with computers that even the wildest science fiction writer couldn't dream of 20 years ago. The issue is not whether the government should not be able to crack codes. The issue is whether it should be sufficiently challenging to spy on individual people so that systematic surveillance is impractical, as it is know.
I worry about an America in which the White House can ask for and receive 900 FBI files with sensitive taxpayer information. I worry about an America in which the FBI Director lies to Congress and has to be corrected by his own Inspector General. These guys want to assign me my digital signature and keep my key on file with them or someone they designate?
The government has tremendous information resources at its disposals in database centers like the Financial Crimes Enforcement Network (FinCEN) which might be called ''the mother of all Government databases.'' FinCEN has literally everything there is to know about you tax records, postal addresses, credit records, banking information, you name it and if more taxpayers knew about it they would be outraged. They would also recognize encryption as the last little bit of protection individuals have against the totalitarian state.
The government has enough power already. It doesn't need more. I thank you for the opportunity to testify and look forward to your questions.
Mr. GOODLATTE. Well, thank you, Mr. Norquist. I wonder if you want to add your point of view on this new set of administration regulations regarding the export of encryption. Is this a real change in the administration's overall encryption policy?
Page 213 PREV PAGE TOP OF DOC
Mr. NORQUIST. I don't know that it's a change. I don't think it's particularly useful or helpful, and we would support passage of your legislation, and are not happy with the administration's constant efforts to, in effect, make us all sleep with unlocked doors and with keys in our car ignitions.
Mr. GOODLATTE. Do you think they have evolved at all from their clipper chip policy that was put forward about 3 or so years ago?
Mr. NORQUIST. I don't see a significant difference. I think it's a continuation of the same attempt at trying to have everybody live in glass houses so the constable can see what everybody's doing at all times, and that's unnecessary.
Mr. GOODLATTE. Do you have any feel for how quickly you think this issue needs to be addressed before American industry loses it's technological advantage?
Mr. NORQUIST. Several weeks ago. [Laughter.]
Mr. GOODLATTE. Several weeks agogood, very good.
Ms. Lofgren, do you have any additional questions of Mr. Norquist or any other panel members?
Ms. LOFGREN. Actually, I do very quickly have one invitation, and it would be to all of the panelists, but specifically to Mr. Karn because I had a chance to ask him this question and discuss it with him just before we sat down to begin, which is: Are there items that were addressed to us in testimony this morning by the administration that, in your judgment, need correction, that you think might be inaccurate to some degree or in entirety, that we ought to know about?
Page 214 PREV PAGE TOP OF DOC
Mr. KARN. Yes, thank you. I've been, of course, watching the statements that have been coming out of the executive branch now for some years, and it's been interesting to watch the evolution of the statements they make. For example, they keep changing the terminology. When one set of keywords such as ''key escrow'' gets known, they change it and it becomes ''key recovery,'' and then it becomes ''key management infrastructure,'' and so forth.
And the main point that I wish to make is the point I've already made, which is that the key management infrastructure they claim doesn't exist does exist. The private sector is solving this exact problem of making keys trustworthy for commerce. They're doing a very good job of it. This is not at all an unsolved problem. It's happening right now.
In fact, while I was waiting for the previous panel, I turned on my laptop and brought up my browser and found a total of 10 different certification agents that are basically top-level entities of this key management infrastructure for the World Wide Web, and one of them is the U.S. Postal Service. So the U.S. Government is already in this business as one of many entities that are providing credibility to the public key infrastructure. So the statements made by the first panel that the key management infrastructure is necessary is true; the claim that it doesn't exist is false. That's, I think, a very important point to make. The private sector is doing a very good job of solving that problem right now.
They frequently will say one thing and then, quietly, behind the scenes do another. They keep saying that ''we support robust encryption;'' I think the story in the paper this morning about the cell phone standards, on which I have some personal knowledge, belies that claim.
Page 215 PREV PAGE TOP OF DOC
They claim that encryption will make it impossible to prosecute crimes, and then they list a number of examples of how in real life criminals used encryption, but I noticed that they seemed to quote a lot of cases of people that had already been convicted, which doesn't quite add up. I mean, if these people were using encryption, but they were still convicted, then why was the encrypted information so essential? People like those involved in the World Trade Center bombing.
There are, of course, many other ways to gather intelligence. They don't like to talk about them. They never like to. I don't think they really want people to know that there are other ways. They can, for example, plant bugs. I believe those were prominent in the Aldrich Ames case. If you plant a bug in somebody's house and he's talking on the phone, you can still understand what they're saying whether or not the phone is encrypted; it doesn't matter. They can, of course, plant informers, and so forth. So I think they're greatly overstating the threat to their intelligence-collection procedures that encryption represents. Encryption is simply one of many, many countermeasures, and it doesn't do anything at all against things like bugs.
So those are the main points I wanted to make. They also mentioned that key recovery is being demanded by industry, and, again, they keep trying to muddle the waters between encryption used for communications and encryption used for file storage. The only place where there's any interest whatsoever in the commercial world for key recovery is for stored files, because if somebody gets run over by a truck, and is the only one who knows the key, of course, that has to be addressed. And, in fact, there's already methods that are well-knownthey're called secret-sharing techniquesthat are designed to answer this exact problem. You can actually have right nowand they're all documented in this bookways of setting up access to keys within a bank so that, for example, three of five bank officers would be necessary to unlock a particular encrypted message three out of the five. These techniques are well-understood. We don't need anything new; we just need to let the private sector go and do them.
Page 216 PREV PAGE TOP OF DOC
And, as I believe the other panelists said earlier, for key recovery for communications, on the other hand, there's no commercial demand whatsoever because the only use for that would be for wiretapping.
Mr. ROTENBERG. Congressman, if I may, just to follow on your question, I would like to submit, when it is released publicly, the OECD Cryptography Guidelines because I think these guidelines give the clearest indication today of the state of the world on cryptography policy. And since key escrow, and its acceptance by other countries, is so critical to the workings of the administration policy, the fact that the OECD has rejected this approach I think is very important in this discussion.
Ms. LOFGREN. OK, thank you very much. Thank you, Mr. Chairman.
Mr. GOODLATTE. Thank you.
If I can follow up on that, Mr. Rotenberg, do you have any idea when you expect these guidelines to come out?
Mr. ROTENBERG. Next week, on the 27th, the Council of Ministers of the OECD are expected to endorse the guidelines. They will be publicly available. We'd be happy to provide them to you and brief you on the content.
Mr. GOODLATTE. We would very much appreciate that. Thank you.
Page 217 PREV PAGE TOP OF DOC [The information follows:]
INSERT OFFSET RING FOLIOS 29 TO 36 HERE
Mr. GOODLATTE. Mr. Norquist, something we really haven't discussed here that I find very problematic in this whole situation is the fact that the use of encryption in the United States is not limited. We can use whatever level of encryption we want to, and I wonder if you want to comment on the proper role of Government in using regulations to prod or encourageand I think those are polite termsthe marketplace to move in one direction or another. Essentially, the word I would use rather than ''prod'' or ''encourage'' is to ''hold hostage'' an entire industry in order to force what is something that the law does not provide for right now, and that is a domestic key escrow system.
Mr. NORQUIST. Well, we have, not in the United States but in the world, a 2,000-year history of the Government trying to decide it's going to make an economy and an industry or a new technology go in one direction rather than in the direction that the free market would take you. There are always unintended consequences. You end up slowing down technology, and in this case it costs jobs; it costs exports. In the case when the Food and Drug Administration makes similar efforts to try and control an industry, you end up with people dying because things don't get onto the market soon enough. I don't know that people will die because encryption isn't moving forward faster, but certainly it has hurt the industry and will continue to constrict the industry. And I think that the benefits that the administration posits are far outweighed by the damage that they've already done, never mind the damage that they will do if they continue.
Mr. GOODLATTE. I could speculate about some life-threatening circumstances under which encryption could protect and prevent terrorist acts of manipulating the controls of a nuclear power plant or intercepting engineering specifications between the design office and the manufacturing plant and changing those specifications in ways that no one would detect until a defective product was on the market, and so on.
Page 218 PREV PAGE TOP OF DOC
Mr. ROTENBERG. Mr. Chairman, actually, to give a very concrete example, encryption today is being used in the process of arms verification because it is so essential to be able to verify activity at a particular site. With any type of corruption or tampering, it turns out that the use of encryption in something as serious as arms control becomes a matter of national security. So I absolutely support your point; it's critical to make strong systems available.
Mr. NORQUIST. I stand corrected. The administration's position is even more destructive than I had posited. [Laughter.]
Mr. GOODLATTE. All right, thank you. Well, I don't believe anybody else has any other questions. We do thank you all for your participation today. It's been exceedingly helpful. I think this has been a good hearing.
And if the administration's regulations and legislation would catch up with their rhetoric, we would continue to move forward on this, and we hope to be able to do that, and will continue to push for expanded use of encryption because I think, as I stated at the outset, that it is very important for the protection of jobs in this country, for the protection of people's privacy in this country, and for the prevention of crime in this country.
So, again, thank you all for your contribution.
Without objection, the record will remain open for the submission of any additional statements for a period of 10 days. And I don't hear any objection.
Page 219 PREV PAGE TOP OF DOC This hearing's adjourned. Thank you.
[Whereupon, at 1:40 p.m., the subcommittee adjourned.]
A P P E N D I X
Material Submitted for the Hearing
INSERT OFFSET RING FOLIOS 37 TO 54 HERE
SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT
COURTS AND INTELLECTUAL PROPERTY
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
Page 220 PREV PAGE TOP OF DOCONE HUNDRED FIFTH CONGRESS
SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT
MARCH 20, 1997
Serial No. 9
Printed for the use of the Committee on the Judiciary
Superintendent of Documents, Congressional Sales Office, Washington, DC 20402
COMMITTEE ON THE JUDICIARY
HENRY J. HYDE, Illinois, Chairman
F. JAMES SENSENBRENNER, Jr., Wisconsin
BILL McCOLLUM, Florida
GEORGE W. GEKAS, Pennsylvania
Page 221 PREV PAGE TOP OF DOCHOWARD COBLE, North Carolina
LAMAR SMITH, Texas
STEVEN SCHIFF, New Mexico
ELTON GALLEGLY, California
CHARLES T. CANADY, Florida
BOB INGLIS, South Carolina
BOB GOODLATTE, Virginia
STEPHEN E. BUYER, Indiana
SONNY BONO, California
ED BRYANT, Tennessee
STEVE CHABOT, Ohio
BOB BARR, Georgia
WILLIAM L. JENKINS, Tennessee
ASA HUTCHINSON, Arkansas
EDWARD A. PEASE, Indiana
CHRISTOPHER B. CANNON, Utah
JOHN CONYERS, Jr., Michigan
BARNEY FRANK, Massachusetts
CHARLES E. SCHUMER, New York
HOWARD L. BERMAN, California
RICK BOUCHER, Virginia
JERROLD NADLER, New York
ROBERT C. SCOTT, Virginia
MELVIN L. WATT, North Carolina
Page 222 PREV PAGE TOP OF DOCZOE LOFGREN, California
SHEILA JACKSON LEE, Texas
MAXINE WATERS, California
MARTIN T. MEEHAN, Massachusetts
WILLIAM D. DELAHUNT, Massachusetts
ROBERT WEXLER, Florida
STEVEN R. ROTHMAN, New Jersey
THOMAS E. MOONEY, Chief of Staff-General Counsel
JULIAN EPSTEIN, Minority Staff Director
Subcommittee on Courts and Intellectual Property
HOWARD COBLE, North Carolina, Chairman
F. JAMES SENSENBRENNER, Jr., Wisconsin
ELTON GALLEGLY, California
BOB GOODLATTE, Virginia
SONNY BONO, California
EDWARD A. PEASE, Indiana
CHRISTOPHER B. CANNON, Utah
BILL McCOLLUM, Florida
CHARLES T. CANADY, Florida
BARNEY FRANK, Massachusetts
JOHN CONYERS, Jr., Michigan
HOWARD L. BERMAN, California
Page 223 PREV PAGE TOP OF DOCRICK BOUCHER, Virginia
ZOE LOFGREN, California
WILLIAM D. DELAHUNT, Massachusetts
MITCH GLAZIER, Chief Counsel
BLAINE MERRITT, Counsel
VINCE GARLOCK, Counsel
DEBBIE LAMAN, Counsel
ROBERT RABEN, Minority Counsel
C O N T E N T S
March 20, 1997
TEXT OF BILL
Coble, Hon. Howard, a Representative in Congress from the State of North Carolina, and chairman, Subcommittee on Courts and Intellectual Property
Berman, Jerry, executive director, Center for Democracy and Technology
Crowell, William P., Deputy Director, National Security Agency
Karn, Philip R., Jr., staff engineer, Qualcomm, Inc.
Katz, Roberta, senior vice president, general counsel, and secretary, Netscape Communications Corp., on behalf of Information Technology Association and Software Publishers Association
Page 224 PREV PAGE TOP OF DOC Litt, Robert S., Deputy Assistant Attorney General, Criminal Division, Department of Justice
Morehouse, Thomas R., president and CEO, SourceFile
Norquist, Grover G., president, Americans for Tax Reform
Reinsch, William A., Under Secretary, Bureau of Export Administration, Department of Commerce
Rotenberg, Marc, director, Electronic Privacy Information Center
Rubinstein, Ira, senior corporate attorney, Microscoft Corp., on behalf of the Business Software Alliance
Schlafly, Phyllis, president, Eagle Forum
Seybold, Jonathan, chairman, executive committee, and director, Pretty Good Privacy, Inc.
LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING
Berman, Jerry, executive director, Center for Democracy and Technology:
Article from the Richmond Times-Dispatch dated March 14, 1997, entitled, ''Internet Use Doubles Since 1995''
Conyers, Hon. John, Jr., a Representative in Congress from the State of Michigan: Prepared statement
Crowell, William P., Deputy Director, National Security Agency: Prepared statement
Karn, Philip R., Jr., staff engineer, Qualcomm, Inc.:
Paper by David Wagner, Bruce Schneier, and John Kelsey entitled, ''Cryptanalysis of the Cellular Message Encryption Algorithm''
Page 225 PREV PAGE TOP OF DOCKatz, Roberta, senior vice president, general counsel, and secretary, Netscape Communications Corp., on behalf of Information Technology Association and Software Publishers Association:
Article entitled, ''Curb on Encryption Cracked''
Litt, Robert S., Deputy Assistant Attorney General, Criminal Division, Department of Justice: Prepared statement
Lofgren, Hon. Zoe, a Representative in Congress from the State of California:
TIS worldwide survey of cryptographic products
Morehouse, Thomas R., president and CEO, SourceFile: Prepared statement
Norquist, Grover G., president, Americans for Tax Reform: Prepared statement
Reinsch, William A., Under Secretary, Bureau of Export Administration, Department of Commerce: Prepared statement
Rotenberg, Marc, director, Electronic Privacy Information Center:
OECD guidelines for cryptology policy
Rubinstein, Ira, senior corporate attorney, Microscoft Corp., on behalf of the Business Software Alliance: Prepared statement
Schlafly, Phyllis, president, Eagle Forum: Prepared statement
Seybold, Jonathan, chairman, executive committee, and director, Pretty Good Privacy, Inc.: Prepared statement
Material submitted for the hearing
Page 226 PREV PAGE TOP OF DOC
(Footnote 1 return)
Transcript of Hearing on Economic Espionage conducted by the Subcommittee on Crime, House of Representatives, May 9, 1996, pp. 1 and 59.
(Footnote 2 return)
Department of Justice, Federal Bureau of Investigation, FY 1998 Authorization and Budget Request to Congress, at A72 (1997).
(Footnote 3 return)
The National Research Council's comprehensive 1996 report on cryptography includes a detailed examination of the rising importance of encryption. National Research Council, Cryptography's Role in Securing the Information Society (1996) (hereinafter, ''NRC Report'').
(Footnote 4 return)
NRC Report at 86.
(Footnote 5 return)
Matt Blaze, et al., Minimal key lengths for Symmetric Ciphers to provide Adequate Commercial Security; A report by an ad hoc group of cryptographers and computer scientists, at 7 (1996).
(Footnote 6 return)
Many Interested parties have sought to draw sharp distinctions between Key recovery. and other forms of escrowed encryption. CDT believes that key recovery is a form of escrowed encryption.
(Footnote 7 return)
See, e.g., Microsoft Corporation, Comments on Bureau of Export Administration Interim Rule on Encryption Controls (Feb. 1997).
(Footnote 8 return)
American Association for the Advancement of Science, Comments on Bureau of Export Administration Interim Rule on Encryption Controls (Feb. 7, 1997).