[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CDT Policy Post 2.34 - House Committee Holds Hearing on Crypto Bill

    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 34
      A briefing on public policy issues affecting civil liberties online
 CDT POLICY POST Volume 2, Number 34                    September 26, 1996

 CONTENTS: (1) House Judiciary Committee Holds Hearing on Encryption Bill;
               NSA, DOJ Oppose Efforts to Promote Privacy Online
           (2) How to Subscribe/Unsubscribe to the Policy Post list
           (3) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <[email protected]>
         ** This document looks best when viewed in COURIER font **


At a hearing before the House Judiciary Committee on Wednesday September
25, Deputy Attorney General Jamie Gorelick laid to rest any lingering
suspicion that the Administration would agree to change current export
controls on strong non-escrowed encryption. Equally troubling to Internet
users, Administration witnesses confirmed that the Government is seeking to
compel domestic Internet users towards a "voluntary" key-escrow encryption

The hearing was called to consider the "Security and Freedom through
Encryption (SAFE) Act of 1996," (H.R. 3011) sponsored by Representatives
Bob Goodlatte (R-VA), Anna Eshoo (D-CA), and a bi-partisan group of more
than 43 other Representatives. The bill is designed to encourage the
widespread availability of strong, easy to use encryption technology by
relaxing current encryption export controls.

The hearing -- the first before the House in nearly 3 years -- marked the
first time the House Judiciary Committee has formally considered the
encryption issue, and marks an important step along the path towards
passage of real encryption policy reforms.

Witnesses testifying before the Committee Wednesday:

* Rep. Bob Goodlatte (R-VA), chief Sponsor of the HR 3011
* Jamie Gorelick, Deputy Attorney General
* William Crowell, Deputy Director, National Security Agency
* William Reinsch, Under Secretary of Commerce, Export Administration
* Melinda Brown, VP and General Counsel, Lotus Development Corp.
* Roberta Katz, VP and General Counsel, Netscape Communications Corp.
* Patricia Rippley, Managing Director, Bear Stearns & Company
* Dr. Charles Deneka, Senior VP and CTO, Corning, Inc (on behalf of the
  National Association of Manufacturers).


Although some press reports had suggested that the Administration was
poised to announce a new compromise encryption policy in testimony before
the Committee, these reports proved to be premature.

In response to rumors that the administration would relax export controls
on 56 bit DES encryption (encryption exports are currently limited to 40
bit keys) Gorelick stated that the Administration does not support the
unrestricted export of 56 bit DES.

However, Gorelick did confirm that the Administration plans to propose
legislation soon, and suggested such a proposal would specify the process
for law enforcement to access encryption keys held by third-parties.  The
proposal would include new civil penalties for the unauthorized disclosure
of keys.

Additionally, credible sources have told CDT that the Administration's new
proposal will transfer jurisdiction for encryption exports from the State
Department to the Commerce Department, and that domestic law enforcement
will have a role in evaluating export applications.  It is also likely that
the Administration will again offer to raise the export limit from 40 to 64
bit key-lengths with law enforcement access.


Both Gorelick and NSA Deputy Director William Crowell stressed that the
Administration is not seeking to mandate the domestic use of key-escrow
encryption. However, both admitted that they would like to see the
widespread adoption of key-escrow systems and have initiated a broad effort
to encourage industry to develop such systems.

In her prepared statement, Gorelick acknowledged that criminals will at
times use non-escrowed encryption to communicate with themselves, but,

 "we believe that if strong key recovery encryption products that will
  not interoperate -- at least in the long term -- with non-key recovery
  products are made available overseas and domestically and become part
  of a global KMI (Key Management Infrastructure), such products will
  become the worldwide standard.  Under those circumstances, even
  criminals will be compelled to use key recovery products, because even
  criminals need to communicate with legitimate organizations like
  banks, both nationally and internationally."

The administration continues to insist that their policy is "voluntary",
despite the fact that their policy is clearly designed to compel the use of
key-escrow domestically through continued controls on encryption exports
and negotiations with foreign governments through the OECD.  This apparent
double-talk from the Administration cannot be the basis for sound
encryption policy reform.


Led by Representatives Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA), members
of the Judiciary Committee expressed a great deal of skepticism about the
Administration's proposal.

Rep. Goodlatte (a chief sponsor of the SAFE bill) testified that in his
view, "the chief roadblock to electronic commerce on the Internet is
government regulation of encryption."  Goodlatte added, "The arguments that
the FBI, CIA, and NSA have given me to justify the need for a massive
'key-escrow' or as it's now called 'key-recovery' plan just don't ring true
in 1996."

Representative Zoe Lofgren (D-CA), expressed concern that current US
encryption policy is endangering the future of the US high-technology
industry.  Lofgren was also highly critical of the Administrations efforts
to push for a global key-escrow standards through the OECD. Lofgren said:

 "The Deputy Attorney General also argues that the United States,
  combined with its allies, can control the world encryption market and
  can coordinate the implementation of an international 'key-escrow'
  regime.  Notwithstanding the absence of any demonstrable progress
  towards such an agreement, the aspirations for a comprehensive global
  key escrow scheme ignore the undeniable power of market demand for
  cryptographic products that do not incorporate any form of escrow. The
  customers that purchase encryption products DO NOT WANT products with
  escrowed keys, and if use suppliers are forbidden to supply these
  products, then someone undoubtedly will.  Whatever hopes we may have
  for an international system of key escrow, we will never achieve 100
  percent participation, and those who do not participate will profit
  heavily at our expense." (emphasis in original)

Several other members of the Committee, including Reps. Sonny Bono (R-CA),
John Conyers (D-MI), Robert Scott (D-VA), and John Bryant (D-TX) echoed
these concerns in their questions of the Administration witnesses.  The
fact that Committee members from both parties expressed deep skepticism of
the Administration's proposal is an extremely encouraging preview of the
debate when Congress resumes in January.

Finally, witnesses testifying on behalf of the software industry, the
securities industry and users of encryption technology all expressed
support for the SAFE bill, and argued that current policy threatens the
competitiveness of US businesses and Internet users.


Time is running out in a busy election year Congressional calendar, and
chances of passage of encryption reform legislation in either the House or
Senate before the end of the current term are slim. However, the stage is
clearly set for an all out battle when Congress returns in January, and
support for encryption policy is clearly growing in Congress.

Forty-five Republican and Democratic members of the House have signed on
as co-sponsors of the Security and Freedom through Encryption Act (SAFE).
The Burns/Leahy "Promotion of Commerce Online in the Digital Era (ProCODE)
Act also enjoys broad bi-partisan support in the Senate.  Meanwhile, the
Administration continues to offer more of the same -- continued reliance on
export controls while pushing for a global key-escrow standard.

The stage is set, but the battle over U.S. encryption policy reform is only
just beginning.  CDT will continue to work to educate policy makers and the
public on the importance of encryption policy reform. Over the next several
months, stay tuned for more information on what you can do to help protect
privacy and security on the Internet.



Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     [email protected]

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts



The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications

Contacting us:

General information:  [email protected]
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

End Policy Post 2.34                                            9/26/96