Opening Statement of Rep. Ed Markey (D-MA).
Hearing of the House Telecommunications Subcommittee.
Re: HR 850, SAFE Act.
Date: May 25, 1999.
Source: This document was created by Tech Law Journal by transcribing from an audio recording of the hearing. The audio recording was of poor quality, and hence, there may be errors in this transcription.		 markey.gif (8642 bytes)

Thank you Mr. Chairman. Thank you so much for having this hearing today.

This issue is a very difficult one from a public policy perspective. Policy makers are asked to balance personal security and freedom with national security and freedom, to enable better privacy protection, but to also help law enforcement fight crime, and to simultaneously salute our clear economic interest in promoting commercial exporting opportunities of encrypted products and services.

During Committee deliberations on this encryption legislation in the last session of Congress, I successfully offered an amendment which tries to strike a balance. There is no member of this Committee who is unsympathetic to the plight of law enforcement during this time of profound and rapid technological change. There is no member of this Committee who is unwilling to place certain restrictions on the most highly sophisticated encryption that could pose national security risks. The problem is that our export controls today have not fully kept up with advances in technology, or with the general availability of that technology in commercial products.

Last session, I suggested that if headlong pursuit of trying to help law enforcement officials by _____, we ought not rush into adopting rules, regulations, or instigating government intrusion into the high-tech marketplace, unless we are sure that the proposed solution solves the problem. I am convinced that proposals from the law enforcement community need additional work and further analysis. I understand their frustration. And last session I remember trying to get law enforcement the additional tools they need to fight crime. I suggested that the high-tech industry should assist law enforcement and create a national electronic technology center, at net center, to serve local, state, and federal, law enforcement authorities by providing information, and assistance regarding decryption technologies and techniques. I still believe that this policy is preferable to a policy that would place, for the first time, controls on the domestic use of encryption by American citizens, and thereby mandate how every American citizen protects his or her electronic security. I pledge to continue to try to work with the national security and law enforcement communities in trying to fashion a common sense encryption policy.

The high-tech industry has been highly organized in its efforts to liberalize and update U.S. policy towards the export of encryption software and related policies. It has correctly identified the commercial imperative, by opening up opportunities for U.S. companies to compete overseas in these critical knowledge based industries. The industry has also been quick to point out that strong encryption can help thwart crime. Moreover, the high-tech industry has noted that strong encryption can also avail customers of greater privacy protection. And the industry has been eager to assist consumers by creating products that permit people to safeguard their personal conversations or data files. For all of these efforts I wholeheartedly commend the high-tech industry.

I only wish that the industry would be equally zealous in protecting the privacy of consumers when its commercial interests are more complicated. Whether it is the Intel Pentium III chip, or unique identifiers in Windows software, or other e-commerce yet to come, with respect to transactional online privacy, the industry has been less attentive to balancing securities interests with personal privacy or consumers online. A recent survey conducted by the Georgetown Business School of online web sites found that upwards of 90% of the sites collected personal information from consumers. However, for the privacy criteria generally perceived as embodying fair information practices, such as consumer notice, consumer choice, access, security, and contract information, the raw numbers from the survey are sobering. Only 9.5% of the entire survey sample contained these basic privacy criteria. Even of the top 100 most visited web sites, only 19% had privacy policies consisting of accepted fair information practice criteria. It is one thing to post your privacy policy. But, it is an entirely different, separate issue as to whether or not that posted policy is anything more than a grudging acknowledgment that a web site collects and discloses personal information without any consumer control over such collection or disclosure. I hope that we can make progress on that issue, as well as making progress on the encryption policy. It is the flip side of the same coin, and I believe that the industry has the same obligation to consumers in protecting them against companies compromising personal information, as they do protecting them from the government compromising their personal information. From the consumer's perspective there is no difference, and I going to ask the witnesses today how they stand on this issue.

I thank you, Mr. Chairman.