Goodlatte
Representatives Caution Clinton About Encryption Export
Regulations
(November 12, 1999) The bipartisan cosponsors of HR 850, the SAFE Act, and House Republican leaders wrote letters to President Clinton this week warning him that the administration's encryption export regulations to be announced on December 15 should live up to the administration's policy announcements of September 16.
| Related Pages |
| Goodlatte-Lofgren letter, 11/9/99. |
| Republican leadership letter, 11/8/99. |
| Tech Law Journal Summary of Encryption Bills. |
| HR 850 IH (SAFE Act). |
House Republican leaders wrote a letter to President Clinton on November 8 that said "we are concerned about recent reports that the Administration may be considering regulations that are inconsistent with the new stated policy."
"If the regulations in December fail to meet the rhetoric from September, the confidence of U.S. industry, American computer users, or Congress in the Administration's ability to establish a balanced and reasonable encryption policy would be severely shaken. We sincerely hope that this does not prove to be the case."
Then, on November 9, Rep. Bob Goodlatte (R-VA) and Rep. Zoe Lofgren (D-CA) wrote a more detailed letter to Clinton listing specific matters that should be included in the regulations.
| Key Export Provisions of HR 850 |
| Section 3 of the bill would amend the Export Administration Act of 1979
in many ways. It would place all encryption products, except those
specifically designed or modified for military use, under the jurisdiction
of the Secretary of Commerce.
It would also provide that after a one-time, 15-day technical review by the Secretary, no export license may be required for generally available encryption software and hardware products, generally available products containing encryption, generally available products with encryption capabilities, technical assistance and data used to install or maintain generally available encryption products, products containing encryption, and products with encryption capabilities, and encryption products not used for confidentiality purposes. It would also provide that after a one-time, 15-day technical review by the Secretary, the Secretary shall allow the export of custom-designed encryption products and custom-designed products with encryption capabilities if those products are permitted for use by banks or if comparable products are commercially available outside the U.S. |
Rep. Goodlatte and Rep. Lofgren are the lead sponsors of HR 850 IH, the Security and Freedom through Encryption (SAFE) Act. The bill is consponsored by well over one half of the members of the House.
It has completed the committee review process. It might have been brought to the House floor for a vote if the Clinton administration had not announced that it would change its export policy.
HR 850 IH provides that people in the United States can use any kind of encryption. It also provides that any person in the U.S. may sell in interstate commerce any encryption product. Moreover, the government cannot mandate any kind of key escrow.
However, the bulk of the bill deals with liberalizing the current encryption export regime.
On September 15 the Clinton administration announced that it would enact new regulations that would liberalize U.S. encryption export policy.
The administration's proposal does not include any of the non export provisions of HR 850. Moreover, the administration remains opposed to passage of HR 850.
The letter from House Republican leaders also states that "Congress remains committed to enacting an encryption policy that prevents economic crime, promotes electronic commerce, protects personal privacy, and preserves our national and economic security. We look forward to seeing the upcoming encryption regulations, and hope that they will embrace these principles."
|
What is the Administration's New Policy? |
| On September 16 administration officials announced that changes would be made in encryption export policies, and that the changes would be embodied in regulations to be released on or before December 15. The announcements were short on details. However, the White House press office released a statement to the Congress and two fact sheets. Also, William Reinsch, the Administration's point man on encryption export policy at the Department of Commerce, has given several presentations on Capitol Hill on the new policy. See, transcripts of his Internet Caucus briefing and ITAA briefing. |
This letter was signed by House Majority Leader Dick Armey, Majority Whip Tom DeLay, Rep. J.C. Watts, Rep. Tom Davis, Rep. Christopher Cox, and Rep. Bob Goodlatte.
The second letter from Rep. Goodlatte and Rep. Lofgren provides details regarding the regulations.
They wrote that "Rumors circulating in high-tech circles indicate that the upcoming encryption regulations may define critical terms such as "retail", "technical review", and "government" in such a way as to substantially undermine the goals of the new policy. We hope such fears are unfounded."
The letter covers six topics: the definition of retail products, the definition of government, reporting requirements, technical reviews, treatment of toolkits, and treatment of open source products.
|
|
| Rep. Bob Goodlatte |
Regarding retail products, the two wrote that "the regulations should reflect market realities by adopting a "mass-market" approach for exports. ... The regulations should allow mass-market encryption products to be exported regardless of the means of distribution." They also wrote that the "classification of encryption products as "mass-market" must be made independently of the means by which those products are distributed."
Regarding the technical review, they wrote that the "regulations should limit the technical review of products prior to export to no more than 30 days, and should allow companies to export their products at the end of that period regardless of whether the review has been completed."
 |
|
| Rep. Zoe Lofgren |
"Additionally, the government should not make the determination of whether a product qualifies for retail/mass-market status in the technical review process. Doing so would unacceptably transform the technical review process into a de facto licensing program."
Goodlatte and Lofgren also wrote the the term "government" should be used narrowly. "The regulations must limit the definition of "government" to governmental agencies performing core governmental functions. In many countries, especially in Europe and Asia, governments often hold a percentage stake in private sector corporations. This partial government ownership, however, does not transform those private companies into government agencies."
They also wrote that "open and community source code products should be
exportable under the new policy. Products such as UNIX, Linux, and
Netscape's Internet Browser" should be released from encryption controls.