[Congressional Record Volume 142, Number 105 (Wednesday, July 17, 1996)]
[Extensions of Remarks]
[Page E1295]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

[[Page E1295]]



                     OUR FLAWED ENCRYPTION POLICIES

                                 ______
                                 

                           HON. ANNA G. ESHOO

                             of california

                    in the house of representatives

                         Tuesday, July 16, 1996

  Ms. ESHOO. Mr. Speaker, today we are considering the Export Control 
Act, which governs the export of dual use technologies. Ironically, it 
does not govern the export of encryption software, which is considered 
a munition, and is regulated under the Arms Export Control Act. In 
fact, encryption software is absolutely vital in national security, 
electronic commerce, and personal privacy applications. I can't imagine 
a technology that has more civilian as well as defense applications--
the very definition of dual use.
  I am very concerned that current Federal controls are holding 
American high tech companies back from developing and marketing 
superior encryption products. While I understand that these controls 
are aimed at keeping powerful encryption out of the hands of terrorists 
and hostile nations, they are succeeding only in keeping foreign 
customers away from American products.
  As you know, current U.S. policy only allows export of software with 
40-bit encryption, while most encryption users prefer stronger 56-bit 
products that are already available on the Internet and from foreign 
manufacturers. In fact, over 200 foreign encryption programs are now 
available in 21 countries.
  This imbalance between what the market wants and U.S. law allows is 
creating a major economic problem for American companies. An industry 
study found that current export restrictions could cost U.S. businesses 
$30 billion to $60 billion by the year 2000.
  Further, current restrictions on U.S. encryption exports limit the 
types of products available here at home. It can be prohibitively 
expensive for companies to make two versions of the same software--a 
weak package for export and a strong package for domestic consumption. 
As a result, Americans often only have access to weaker encryption 
products.
  The administration has responded to this situation with a proposal 
that is inadequate at best. It would let U.S. companies export software 
with stronger encryption--up to 64-bits--but only if a key escrow 
system is attached. This key escrow system would require a third party 
located in the United States (or where we have bilateral escrow 
agreements) to have the key to encrypted material so the American 
Government could gain access to it if the United States determines that 
our national security is at stake.
  This plan is flawed for several reasons. Few foreign consumers are 
going to buy American encryption software that's compromised by our 
Government. Further, without stringent safeguards, the administration 
plan opens the door to potential Government violations of personal 
privacy. And it ignores the fact that foreign encryption programs 
without key escrow requirements are already widely available.
  I support a stronger, bipartisan effort to relax U.S. export 
restrictions while protecting our national security interests. The 
Security and Freedom Through Encryption Act [SAFE] would ensure that 
Americans are free to use any encryption package anywhere, prohibit 
mandatory key escrow schemes, guarantee companies the ability to sell 
any encryption package within the United States, and make it unlawful 
to use encryption to commit a crime.
  Most important, it would allow U.S. businesses to export encryption 
software if products with comparable security capabilities are 
commercially available from a foreign supplier. In effect, American 
encryption exports would be stronger, but offer no greater threat to 
the United States than other products already being used abroad.
  Reforming America's encryption export policy is important for high 
tech companies hoping to increase their sales, businesses that want 
better security for their computers, online entrepreneurs looking to 
tap a global market for their services, and e-mail users who desire 
more privacy for their electronic messages. SAFE offers a way to 
achieve all these goals and protect our national security interests at 
the same time.

                          ____________________