[Congressional Record Volume 143, Number 91 (Wednesday, June 25, 1997)]
[Extensions of Remarks]
[Page E1320]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]


[[Page E1320]]
               ENCRYPTION BILL: AN EXERCISE IN DECEPTION

                                 ______
                                 

                            HON. ZOE LOFGREN

                             of california

                    in the house of representatives

                        Wednesday, June 25, 1997

  Ms. LOFGREN. Mr. Speaker, last week the Senate Commerce Committee 
reported a bill, S. 909, sponsored by Senators McCain and Kerrey, which 
largely embodies the latest administration proposals to deal with 
encryption technology. This misguided legislation (S. 909) would be a 
great leap backward in the effort to reform current American export 
restrictions on encryption and remove serious impediments to the 
competitiveness of our Nation's high-tech industry.
  In addition, by proposing unprecedented domestic controls on the use 
of encryption, the McCain-Kerrey bill also poses serious threats to 
fundamental civil liberties and privacy rights. I believe that the 
Senate effort is propelled largely by a lack of understanding of both 
the worldwide prevalence of strong encryption and the technical 
challenges posed by the massive key recovery-escrow infrastructure 
envisioned in the bill.
  Earlier this week, Mr. Dan Gillmore, columnist for the San Jose 
Mercury News discussed the problems with S. 909 and strongly urged a 
rejection of the McCain-Kerrey approach. I submit his column into the 
Congressional Record.

            [From the San Jose Mercury News, June 23, 1997]

          Encryption Bill: Federal Exercise in Self-Deception

                            (By Dan Gillmor)

       As a bill bearing his name zipped last week through the 
     Senate Commerce Committee he heads, Arizona Republican John 
     McCain said, ``This bill carefully seeks to balance the 
     concerns of law enforcement with individual privacy 
     concerns.''
       The legislation, co-sponsored by Nebraska Democrat Bob 
     Kerrey and two other Democrats, was the latest futile attempt 
     in Congress to achieve the impossible: compromise on an issue 
     that fundamentally has no middle ground.
       The issue is encryption, the scrambling of digital 
     information. Try as they might, lawmakers must eventually 
     understand the reality. When it comes to the privacy of 
     personal information in the digital age, we have two simple 
     choices. Either we allow people to encrypt their messages, 
     using scrambling and unscrambling ``keys'' to which only they 
     have access, or we do not.
       Governments are certain that bad people will use encryption 
     to help achieve bad ends. They're right. But their cure would 
     shred our basic liberties.
       So the Clinton administration and its allies--the McCain-
     Kerrey legislation is widely viewed as an administration-
     approved plan--are pushing a policy that would force us to 
     put descrambling keys in the hands of third parties. Then, 
     when law enforcement people wanted to see our communications, 
     they'd simply get the keys from that third party.
       The McCain-Kerrey bill pretends to stop short of that. It 
     would force government agencies to use only electronic 
     hardware and software that included this key-recovery scheme. 
     It would also require the same system for anyone using a 
     network that is funded in any way by federal funds, including 
     virtually all university networks.
       While one section calls the system ``voluntary'' for 
     private individuals, the rest of the legislation would make 
     it all but impossible to resist. Hardware and software 
     companies, which so far have resisted the government's moves, 
     will be much more likely to simply give in and build this 
     key-recovery method into all of their products if they have 
     to build it into ones bought by the government. Consumers 
     need options, not monolithic products.
       Another section of the bill would, in effect, require even 
     private citizens to use such software--and therefore give 
     their keys to the third parties--if they want to buy anything 
     online. People tend to use what they have in front of them.
       There's nothing wrong with the idea of letting a third 
     party hold onto a descrambling key in certain cases. As 
     former White House official Jock Gill noted recently on an 
     Internet mailing list, all government communications should 
     use such a system so the public can keep an eye on what the 
     government is doing in our name and with our money. We'll 
     need to create a system, of course, where such oversight 
     doesn't end up forcing the public to use exactly the same 
     technology for its own encryption needs--or at least keep 
     private keys out of the hands of centralized third parties.
       Companies, meanwhile, will need to hold onto the business-
     related keys of employees, so that vital records won't be 
     lost when someone leaves or dies. But I can't think of many 
     companies that will be happy about giving the vault keys to 
     third parties they can't control.
       Private citizens also should consider giving their keys to 
     trusted third parties, just as they give their house keys to 
     neighbors when on vacation trips. I intend to do just that--
     but it's none of the government's business who gets my 
     personal encryption key. I need strong encryption, as the 
     digital age arrives, because more and more of my life will 
     exist on these public networks.
       The practical difficulties of setting up a centralized key-
     recovery system are immense. Even if it could be done, I 
     would never trust such a government-run system to be even 
     remotely secure from corruption. I remember the Social 
     Security employees who sold personal information to 
     outsiders. I've also seen too much evidence that governments 
     tend to abuse liberties when they have too much power--and 
     the McCain-Kerrey bill would allow virtually anyone at any 
     level of law enforcement to have access to private 
     information on the flimsiest pretext, not even requiring a 
     court order.
       Kerrey's participation in this latest travesty is sad. He 
     needs no lessons in courage. He lost part of a leg in 
     Vietnam. Later, as he stood up to the know-nothings who would 
     ban flag-burning, he noted that our strength comes partly 
     from our ability to express ourselves even in ways that 
     offend many others.
       Now, however, Kerrey is aligning himself with a much more 
     dangerous crowd of know-nothings: those who'd ban our right 
     to keep private information private. He may believe this is 
     about finding common ground; if so, someone has fed him 
     falsehoods. His proposal, if enacted, would create the worst 
     invasion of our fundamental liberty in many decades.
       If you care even slightly about your privacy in the future, 
     pick up a pen today and write your Senators and member of the 
     House of Representatives. Tell them to reject the Clinton-
     McCain-Kerrey approach. Tell them you value your privacy and 
     won't give it up without a fight. And remind them that you 
     vote.

     

                          ____________________