House Telecom Subcommittee Holds Hearing on Encryption Bill

(May 26, 1999) The House Telecommunications Subcommittee held a hearing on May 25 on HR 850, the SAFE Act. The Clinton-Gore administration sent representatives to testify against the bill. The software and e-commerce industry sent representatives to testify in favor of the bill.

See, Summary of Encryption Bills in the 106th Congress.

HR 850 IH, the Security and Freedom Through Encryption (SAFE) Act, is sponsored by Rep. Bob Goodlatte (R-VA) (web site | bio). It provides that people in the United States can use any kind of encryption. It also provides that any person in the U.S. may sell in interstate commerce any encryption product. Moreover, the government cannot mandate any kind of key escrow or recovery. Finally, it eases the existing restraints on export of encryption products. The hearing was held by the House Commerce Committee's Subcommittee on Telecommunications.

Several members of the Subcommittee offered qualified support for the bill. Others declined to endorse the bill, or opposed it. Clinton-Gore administration representatives came to testify against the bill. The administration supports recoverable encryption domestically, and restraints on exports of encryption products. Representatives of the software and e-commerce industries all testified strongly in support of the bill.

Opening Statements

Rep. Tom Bliley (R-VA).
Rep. John Dingell (D-MI).
Rep. Billy Tauzin (R-LA).
Rep. Ed Markey (D-MA).

Rep. Tom Bliley (R-VA) stated that "the Administration's policy of today is unworkable and an impediment to U.S. encryption producers and users. We need the policy to change."

However, Rep. Bliley stopped far short of endorsing HR 850 in his opening statement. "I am always interested in trying to find a compromise if possible. If there is room for agreement that can help law enforcement or protect national security without codifying the current policy, I want to know about it," said Rep. Bliley. "We will move encryption legislation soon in this Committee. Is HR 850 the best approach to do this? Should changes be made to the bill? Should we consider another approach -- like the one introduced by Senator McCain in the Senate?"

tauzin.gif (22896 bytes)

Rep. Tauzin

Rep. Billy Tauzin (R-LA) (web site | bio), the Chairman of the Telecommunications Subcommittee, criticized the administration's policies. "The current policy, based on good and proper intentions, is a failure. I believe that it is impossible to contain the use of encryption products. In fact, the only encryption products we are containing are American products from being used internationally."

He continued in his opening statement that "We are unsuccessfully hamstringing U.S. encryption producers and those that want to incorporate encryption into their products, based on false pretenses. Two. The only way that current policy is going to change is for Congress to take action."

However, Rep. Tauzin did not endorse HR 850 in its current form. He said that "while H 850 is a step in the right direction, the bill is missing certain concepts." He offered two proposals.

First, he advocated changing the bill to assist the "development of encryption high-tech laboratories to promote cooperation and the sharing of knowledge between law enforcement and the encryption producing communities." Second, he suggested changes pertaining to encryption in telecommunications networks. He stated: "In addition, when encryption products have the ability to protect and secure today's communications networks, telecommunications network and the Internet, in ways that are necessary, especially as the dependency of these networks on foreign networks increases. With our jurisdiction over commerce generally, and our expertise in communications policy specifically, I hope that we will take the necessary time to improve this bill, before, to reflect this aspect of the debate."

Rep. John Dingell, the Ranking Minority Member of the full committee, took no position in his opening statement. He acknowledged the importance of law enforcement and defense interests, and stated that the Commerce Committee should "redouble its efforts to find a sensible rational middle ground that balances the crucial interests at stake."

markey.gif (8642 bytes)
Rep. Ed
Markey

Rep. Ed Markey (D-MA), the Ranking Minority Member of the Telecommunications Subcommittee, did not express support for or opposition to HR 850. However, he did use his opening statement to chastise the software and electronic commerce industry for not adequately protecting consumer privacy online.

"I only wish that the industry would be equally zealous in protecting the privacy of consumers," said Rep. Markey. "Whether it is the Intel Pentium III chip, or unique identifiers in Windows software, or other e-commerce yet to come, with respect to transactional online privacy, the industry has been less attentive to balancing securities interests with personal privacy or consumers online."

Rep. Markey stated that he hopes to see progress on both the encryption and privacy issues. "It is the flip side of the same coin, and I believe that the industry has the same obligation to consumers in protecting them against companies compromising personal information, as they do protecting them from the government compromising their personal information. From the consumer's perspective there is no difference."

Rep. Mike Oxley (R-OH), the Vice Chairman of the Telecommunications Subcommittee, opposed the bill. "I would support the legislation before us if it were needed," said Rep. Oxley. "We do not need this legislation. It is unnecessary, given the administration's regular review and modernization of U.S. encryption policy." He continued that the bill "represents a real threat to national security and public safety in the United States."

The Clinton-Gore administration opposes HR 850. It was represented at this hearing, as well as at other recent hearings, by William Reinsch, Ronald Lee, and Barbara McNamara.

Ronald Lee, who is an Assistant Associate Attorney General, stated that the administration's domestic policy is "recoverable encryption". He argued that "the widespread use of unbreakable encryption by criminal elements presents a tremendous threat to both public safety and national security."

He also addressed the Justice Department's lose in the case Daniel Bernstein v. Department of Justice. The Ninth Circuit Court of Appeals ruled on May 6 that U.S. encryption export regulations violate First Amendment free speech rights. Lee is remains obdurate. The Bernstein ruling "has not changed our view that legislation eliminating export controls is contrary to our national interests." Moreover, said Lee, "the regulations controlling the export of encryption products remain in full effect." The Department of Justice has not yet decided whether to seek an en banc review.

William Reinsch, of the Commerce Department, stated that the administration's policy is "encryption products that would allow lawful government access to plaintext." He added that "with respect to H.R.850, the Administration opposes this legislation as we did its predecessor in the last Congress. The bill proposes export liberalization far beyond what the Administration can entertain ..."

Ed Gillespie, the Executive Director of Americans for Computer Privacy (ACP), testified that the "ACP supports policies that allow American citizens to continue using strong encryption without government intrusion, and advocates the lifting of export restrictions of U.S. made encryption products." ACP is a coalition of over 3,500 individuals, 40 trade associations and over 100 companies representing financial services, manufacturing, high-tech, and transportation industries as well as law enforcement, civil-liberty, taxpayer and privacy groups.

"The Clinton Administration, however, has yet to allow U.S. encryption manufacturers to compete on a level playing field in the global marketplace," said Gillespie. He was critical of the Wassenaar Arrangement.

"First, the Administration has entered into an agreement with 32 other countries -- the Wassenaar Arrangement -- containing certain export controls on encryption. Unfortunately, the Administration's encryption export regulations impose greater restrictions on American companies than those called for under the arrangement."

"We also believe that the Administration's efforts to develop a global approach to this issue through the Wassenaar Arrangement are doomed to failure. We recognize that this is a global problem and if it were truly possible to achieve universal agreement that was fairly enforced, industry would no doubt be supportive. But Wassenaar only has 33 members and does not include encryption-producing countries such as China, India, South Africa, or Israel. Further, the Administration should recognize that the Wassenaar Arrangement is only as effective as the implementing regulations adopted by the member countries. Some of the member nations will promulgate regulations that are less restrictive than those of the United States, thereby providing those nations with a competitive advantage over domestic encryption manufacturers. In short, the Wassenaar Arrangement is a toothless tiger."

Gillespie also argued that export restraints will harm U.S. national security. "If we do lose that U.S. leadership position, what will that mean? It will mean that the national security agencies will be confronting ubiquitous encryption made not by U.S. companies, but by foreign companies. Where then will the national security agencies go for technical help on encryption, if the most sophisticated encryption experts and product-makers reside abroad?"

Gillespie also pointed out that "foreign encryption manufacturers are marketing their products by using U.S. encryption regulations against American companies." He cited the example of Baltimore Technologies, an Irish encryption manufacturer. He stated that in marketing their product, WebSecure, the company advertises that "the export versions of U.S. browsers 'are limited to 40 bits of encryption, which is not secure enough for most applications.' In contrast, WebSecure provides 128-bit encryption for 'real security.'"

Baltimore Technologies was represented at the hearing too. Paddy Holohan asserted that "We believe that a very small percentage of our business comes as a direct result of American export restrictions."

However, he also testified against encryption use and export restraints.

Tom Arnold, the Chief Technical Officer and Vice President of CyberSource Corp., testified on behalf of the Software & Information Industry Association (SIIA). The SIIA was recently formed by merging the Software Publishers Association and the Information Industry Association. Arnold testified that the SIIA "strongly supports H.R. 850."

Richard Hornstein, Vice President of Legal Affairs for Network Associates, testified on behalf of the Business Software Alliance. He stated that "without relaxation of export controls, U.S. manufacturers remain at a competitive disadvantage, and foreign consumers will purchase encryption products from foreign suppliers."

"Foreign products are comparable in capabilities and quality," said Hornstein. "When a foreign purchaser cannot obtain an American product they simply purchase it from a foreign supplier. Unfortunately, not only are American companies losing a sale of an encryption item, but they are also losing the sale of the program or hardware such as an Internet server or an application browser that uses the encryption capability. In fact, companies risk losing sales of entire systems because of their inability to provide necessary security features."

Prepared Testimony of Witnesses
(links to the Commerce Committee web site)

William Reinsch (Department of Commerce)
Ronald Lee (Department of Justice)
Barbara McNamara (National Security Agency)

Paddy Holohan (Baltimore Technologies)

Ed Gillespie (Americans for Computer Privacy)
Richard Hornstein (Network Associates and BSA)
Tom Arnold (CyberSource Corp. and SIIA)
Gene Schultz (Global Integrity Corp.)
David Dawson (V-One Corp.)