[Congressional Record Volume 143, Number 18 (Wednesday, February 12, 1997)]
[Extensions of Remarks]
[Pages E245-E247]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




THE INTRODUCTION OF THE SECURITY AND FREEDOM THROUGH ENCRYPTION [SAFE] 
                                  ACT

                                 ______
                                 

                           HON. BOB GOODLATTE

                              of virginia

                    in the house of representatives

                      Wednesday, February 12, 1997

  Mr. GOODLATTE. Mr. Speaker, today I am pleased, along with 54 of my 
colleagues, to introduce the Security And Freedom through Encryption 
[SAFE] Act of 1997.
  This much-needed, bipartisan legislation accomplishes several 
important goals. First, it aids law enforcement by preventing piracy 
and white-collar crime on the Internet. It an ounce of prevention is 
worth a pound of cure, then an ounce of encryption is worth a pound of 
subpoenas. With the speed of transactions and communications on the 
Internet, law enforcement cannot possibly deal with pirates and 
criminal hackers by waiting to react until after the fact.
  Only by allowing the use of strong encryption, not only domestically 
but internationally as well, can we hope to make the Internet a safe 
and secure environment. As the National Research Council's Committee on 
National Cryptography Policy concluded:

       If cryptography can protect the trade secrets and 
     proprietary information of businesses and thereby reduce 
     economic espionage (which it can), it also supports in a

[[Page E246]]

     most important manner the job of law enforcement. If 
     cryptography can help protect national critical information 
     systems and networks against unauthorized penetration (which 
     it can), it also supports the national security of the United 
     States.

  Second, if the Global Information Infrastructure is to reach its true 
potential, citizens and companies alike must have the confidence that 
their communications and transactions will be secure. The SAFE Act, by 
allowing all Americans to use the highest technology and strongest 
security available, will provide them with that confidence.
  Third, with the availability of strong encryption overseas and on the 
Internet, our current export controls only serve to tie the hands of 
American business. According to an economic study released in December 
1995 by the Computer Systems Policy Project, failure to remove these 
export controls by the year 2000--just 3 short years from now--will 
cost our economy $60 billion and 200,000 jobs.
  The SAFE Act remedies this situation by allowing the unencumbered 
export of generally available software and hardware if a product with 
comparable security features is commercially available from foreign 
suppliers. Removing these export barriers will free U.S. industry to 
remain the world leader in software, hardware, and Internet 
development. And by allowing the U.S. computer industry to use and 
export the highest technology available with the strongest security 
features available, America will be leading the way into the 21st 
century information age and beyond.
  This bipartisan legislation enjoys the support of members and 
organizations across the spectrum of all ideological and political 
beliefs. Groups as varied as the American Civil Liberties Union, 
National Rifle Association, Americans for Tax Reform, Netscape, 
Microsoft, Novell, Lotus, Adobe, Software Publishers Association, 
Information Technology Association of America, Citizens for a Sound 
Economy, Competitive Enterprise Institute, Business Leadership Council, 
IBM, Small Business Survival Committee, Sybase, RSA Data Security, 
Semiconductor Industry Association, Telecommunications Industry 
Association, and National Association of Manufacturers strongly support 
this legislation, to name just a few.

  The SAFE Act enjoys this support not only because it is a commonsense 
approach to solving a very immediate problem, but also because ordinary 
Americans' personal privacy and computer security is being assaulted by 
this administration. Amazingly enough, the administration wants to 
mandate a back door into peoples' computer systems in order to access 
their private information and confidential communications. In fact the 
administration has said that if private citizens and companies do not 
voluntarily create this back door, it will seek legislation forcing 
Americans to give the Government access to their information by means 
of a key escrow system requiring computer users to put the keys to 
decode their encrypted communications into a central data bank. This is 
the technological equivalent of mandating that the Federal Government 
be given a key to every home in America.
  The SAFE Act, on the other hand, will prevent the administration from 
placing roadblocks on the information superhighway by prohibiting the 
Government from mandating a back door into the computer systems of 
private citizens and businesses. Additionally, the SAFE Act ensures 
that all Americans have the right to choose any security system to 
protect their confidential information.
  Mr. Speaker, with the millions of communications, transmissions, and 
transactions that occur on the Internet every day, American citizens 
and businesses must have the confidence that their private information 
and communications are safe and secure. That is precisely what the SAFE 
Act will ensure. I urge each of my colleagues to join and support this 
bipartisan effort.
  The original cosponsors are Representatives Lofgren, DeLay, Boehner, 
Coble, Sensenbrenner, Bono, Pease, Cannon, Conyers, Boucher, Gekas, 
Smith (TX), Inglis, Bryant (TN), Chabot, Barr, Jackson-Lee, Waters, 
Ackerman, Baker (NC), Bartlett, Campbell, Chambliss, Cunningham, Davis 
(VA), Dickey, Doolittle, Ehlers, Engel, Eshoo, Everett, Ewing, Farr, 
Gejdenson, Gillmor, Goode, Delegate Holmes-Norton, Representatives 
Horn, Mrs. Eddie Bernice Johnson (TX), Mr. Sam Johnson (TX), Kolbe, 
McIntosh, McKeon, Manzullo, Matsui, Mica, Minge, Moakley, Nethercutt, 
Packard, Sessions, Upton, White, and Woolsey.
  Mr. Speaker, I would like the text of this legislation reprinted in 
the Record.

                                 H.R.--

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Security and Freedom Through 
     Encryption (SAFE) Act''.

     SEC. 2. SALE AND USE OF ENCRYPTION.

       (a) In General.--Part I of title 18, United States Code, is 
     amended by inserting after chapter 121 the following new 
     chapter:

        ``CHAPTER 122--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

``2801. Definitions.
``2802. Freedom to use encryption.
``2803. Freedom to sell encryption.
``2804. Prohibition on mandatory key escrow.
``2805. Unlawful use of encryption in furtherance of a criminal act.

     Sec. 2801. Definitions

       ``As used in this chapter--
       ``(1) the terms `person', `State', `wire communication', 
     `electronic communication', `investigative or law enforcement 
     officer', `judge of competent jurisdiction', and `electronic 
     storage' have the meanings given those terms in section 2510 
     of this title;
       ``(2) the terms `encrypt' and `encryption' refer to the 
     scrambling of wire or electronic information using 
     mathematical formulas or algorithms in order to preserve the 
     confidentiality, integrity, or authenticity of, and prevent 
     unauthorized recipients from accessing or altering, such 
     information;
       ``(3) the term `key' means the variable information used in 
     a mathematical formula, code, or algorithm, or any component 
     thereof, used to decrypt wire or electronic information that 
     has been encrypted; and
       ``(4) the term `United States person' means--
       ``(A) any United States citizen;
       ``(B) any other person organized under the laws of any 
     State, the District of Columbia, or any commonwealth, 
     territory, or possession of the United States; and
       ``(C) any person organized under the laws of any foreign 
     country who is owned or controlled by individuals or persons 
     described in subparagraphs (A) and (B).

     ``Sec. 2802. Freedom to use encryption

       ``Subject to section 2805, it shall be lawful for any 
     person within any State, and for any United States person in 
     a foreign country, to use any encryption, regardless of the 
     encryption algorithm selected, encryption key length chosen, 
     or implementation technique or medium used.

     ``Sec. 2803. Freedom to sell encryption

       ``Subject to section 2805, it shall be lawful for any 
     person within any State to sell in interstate commerce any 
     encryption, regardless of the encryption algorithm selected, 
     encryption key length chosen, or implementation technique or 
     medium used.

     ``Sec. 2804. Prohibition on mandatory key escrow

       ``(a) Prohibition.--No person in lawful possession of a key 
     to encrypted information may be required by Federal or State 
     law to relinquish to another person control of that key.
       ``(B) Exception for Access for Law Enforcement Purposes.--
     Subsection (a) shall not affect the authority of any 
     investigative or law enforcement officer, acting under any 
     law in effect on the effective date of this chapter, to gain 
     access to encrypted information.

     ``Sec. 2805. Unlawful use of encryption in furtherance of a 
       criminal act

       ``Any person who willfully uses encryption in furtherance 
     of the commission of a criminal offense for which the person 
     may be prosecuted in a court of competent jurisdiction--
       ``(1) in the case of a first offense under this section, 
     shall be imprisoned for not more than 5 years, or fined in 
     the amount set forth in this title, or both; and
       ``(2) in the case of a second or subsequent offense under 
     this section, shall be imprisoned for not more than 10 years, 
     or fined in the amount set forth in this title, or both.''.
       (b) Conforming Amendment.--The table of chapters for part I 
     of title 18, United States Code, is amended by inserting 
     after the item relating to chapter 33 of the following new 
     item:

``122. Encrypted wire and electronic information............2801''.....

     SEC. 3. EXPORTS OF ENCRYPTION.

       (a) Amendment to Export Administration Act of 1979.--
     Section 17 of the Export Administration Act of 1979 (50 
     U.S.C. App. 2416) is amended by adding at the end thereof the 
     following new subsection:
       ``(g) Computers and Related Equipment.--
       ``(1) General rule.--Subject to paragraphs (2), (3), and 
     (4), the Secretary shall have exclusive authority to control 
     exports of all computer hardware, software, and technology 
     for information security (including encryption), except that 
     which is specifically designed or modified for military use, 
     including command, control, and intelligence applications.
       ``(2) Items not requiring licenses.--No validated license 
     may be required, except pursuant to the Trading With the 
     Enemy Act or the International Emergency Economic Powers Act 
     (but only to the extent that the authority of such Act is not 
     exercised to extend controls imposed under this Act), for the 
     export or reexport of--
       ``(A) any software, including software with encryption 
     capabilities--
       ``(i) that is generally available, as is, and is designed 
     for installation by the purchaser; or
       ``(ii) that is in the public domain for which copyright or 
     other protection is not available under title 17, United 
     States Code, or that is available to the public because it is 
     generally accessible to the interested public in any form; or
       ``(B) any computing device solely because it incorporates 
     or employs in any form software (including software with 
     encryption capabilities) exempted from any requirement

[[Page E247]]

     for a validated license under subparagraph (A).
       ``(3) Software with encryption capabilities.--The Secretary 
     shall authorize the export or reexport of software with 
     encryption capabilities for nonmilitary end uses in any 
     country to which exports of software of similar capability 
     are permitted for use by financial institutions not 
     controlled in fact by United States persons, unless there is 
     substantial evidence that such software will be--
       ``(A) diverted to a military end use or an end use 
     supporting international terrorism;
       ``(B) modified for military or terrorist end use; or
       ``(C) reexported without any authorization by the United 
     States that may be required under this Act.
       ``(4) Hardware with encryption capabilities.--The Secretary 
     shall authorize the export or reexport of computer hardware 
     with encryption capabilities if the Secretary determines that 
     a product offering comparable security is commercially 
     available outside the United States from a foreign supplier, 
     without effective restrictions.
       ``(5) Definitions.--As used in this subsection--
       ``(A) the term `encryption' means the scrambling of wire or 
     electronic information using mathematical formulas or 
     algorithms in order to preserve the confidentiality, 
     integrity, or authenticity of, and prevent unauthorized 
     recipients from accessing or altering, such information;
       ``(B) the term `generally available' means, in the case of 
     software (including software with encryption capabilities), 
     software that is offered for sale, license, or transfer to 
     any person without restriction, whether or not for 
     consideration, including, but not limited to, over-the-
     counter retail sales, mail order transactions, phone order 
     transactions, electronic distribution, or sale on approval;
       ``(C) the term `as is' means, in the case of software 
     (including software with encryption capabilities), a software 
     program that is not designed, developed, or tailored by the 
     software publisher for specific purchasers, except that such 
     purchasers may supply certain installation parameters needed 
     by the software program to function properly with the 
     purchaser's system and may customize the software program by 
     choosing among options contained in the software program;
       ``(D) the term `is designed for installation by the 
     purchaser' means, in the case of software (including software 
     with encryption capabilities) that--
       ``(i) the software publisher intends for the purchaser 
     (including any licensee or transferee), who may not be the 
     actual program user, to install the software program on a 
     computing device and has supplied the necessary instructions 
     to do so, except that the publisher may also provide 
     telephone help line services for software installation, 
     electronic transmission, or basic operations; and
       ``(ii) the software program is designed for installation by 
     the purchaser without further substantial support by the 
     supplier;
       ``(E) the term `computing device' means a device which 
     incorporates one or more microprocessor-based central 
     processing units that can accept, store, process, or provide 
     output of data; and
       ``(F) the term `computer hardware', when used in 
     conjunction with information security, includes, but is not 
     limited to, computer systems, equipment, application-specific 
     assemblies, modules, and integrated circuits.''.
       (b) Continuation of Export Administration Act.--For 
     purposes of carrying out the amendment made by subsection 
     (a), the Export Administration Act of 1979 shall be deemed to 
     be in effect.

                          ____________________