[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Notes from House Hearing on Cryptography Export Controls



October 12, 1993
House Foreign Affairs Committee
Subcommittee on Economic Policy, Trade, and the Enviornment
Hearing on mass market cryptography and export controls
Rep. Sam Gejdenson (D-Conn.), Chair

[A hopefully informative and probably biased account of the hearing by EFF]

Committee Members present:

Gejdenson, Cantwell (D-Wash.), Fingerhut (D-Ohio), Rohrbacher (R-Calif.)
Manzullo (R-Ill.) 

Witnesses:

PANEL 1 (Open)

J. Hendren, Arkansas Systems (A data security firm that does a lot of
international banking work)

Ray Ozzie, IRIS Associates for Business Software Alliance (Lotus Notes
developer)

Stephen Walker, Trusted Information Systems for Software Publishers Association

Philip Zimmermann, PGP developer

Don Harbert, Digital Eqiupment Corp.

PANEL 2 (Secret Session)

NSA representative


Opening Statement of Gejdenson: 

"This hearing is about the well intentioned attempts of the National
Security Agency to try to control the uncontrollable....  The NSA itself
acknowledges that if you have a long distance telephone line and a modem,
you can send this software anywhere in the world.  If you have a computer
and a modem you can take this software off of the Internet anywhere in the
world....  I do not question the value of the information sought by the
National Security Agency.  But once it is determined that the dispersion of
this software cannot be controlled, then however much we might want to
protect our ability to obtain information, it is beyond our means to do so.
 Just as in the case of telecommunications, the National Security Agency is
attempting to put the genie back in the bottle.  It won't happen; and a
vibrant and productive sector of American indsutry may be sacrificed in the
process."

The main points raised by witnesses were these:

1. DES and other strong encryption which is barred by ITAR is in the public
domain and available on the global market from foreign software
manufacturers:

-Ray Ozzie used his laptop and a modem to show how to get a DES
implementation from ftp.germany.eu.net.  The committee loved it and most of
them seemed to understand what was going on on the screen, even though they
had never heard of ftp.

-Stephen Walker described the results of an SPA study which uncovered over
250 cryptography packages which offer DES-based or stronger algorithms.

-Phil Zimmermann testified that he designed PGP from publicly available
information.

2. Foreign DES implementations are just as good as US versions. 
Surprisingly enough, this is a contentious issue.  Some members of the
committee seemed to have been told by someone or another that foreign
versions of DES may not be as strong as those that are made in the USA.  If
this were true, then export controls might still be justified despite the
numerous foreign versions of DES on the market.  In my view, this is a
pretty desperate argument.

-Steve Walker demonstrated that all DES works the same way by encrypting a
passage from Mozart's Eine Kleine Nachtmusik with several different foreign
DES packages, and then decrypting them.  Surprise!  They all sounded just
the same.

3. Lots of money is being lost by US software/hardware vendors:

-Don Harbert from DEC told of loses of over $70 Million in just the last
few months.

-BSA estimates that export controls exclude access to a global market the
is $6-9 Billion.

4. People want their privacy

-Phil Zimmermann told the committee about his experience with PGP users and
how badly people need and want to protect their privacy in electronic
environments

Committee Responses:

Overall, the committee was quite sympathetic to the witnesses.  Chairman
Gejdenson seemed very supportive of changing export controls.  Rep. Dana
Rohrbacher, no flaming liberal, said, "the cold war is over.  I sympathize
with everything that has been said here."  



...................................................................

Daniel J. Weitzner, Senior Staff Counsel <[email protected]>
Electronic Frontier Foundation
1001 G St, NW
Suite 950 East
Washington, DC 20001
202-347-5400 (v) 
202-393-5509 (f)