[Congressional Record Volume 143, Number 157 (Sunday, November 9, 1997)]
[Extensions of Remarks]
[Pages E2289-E2290]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




              CONCERN ABOUT EXPORTS AND DOMESTIC CONTROLS

                                 ______
                                 

                           HON. BRAD SHERMAN

                             of california

                    in the house of representatives

                       Saturday, November 8, 1997

  Mr. SHERMAN. Mr. Speaker, the Clinton administration policy on 
encryption makes no sense, is costing the United States critical export 
dollars, and threatens the fundamental privacy rights of all Americans 
in the information age.
  For an administration that claims it is sympathetic to and supportive 
of America's high tech practitioners, what is happening today 
demonstrates exactly the opposite. Because for all the complexity of 
designing top of the line computer products and programs with 
information security--encryption--features, the issues here are not 
complex at all.
  Encryption is both the first and the last line of defense against 
hackers who would like to get into bank accounts or pry loose credit 
card information that can cost consumers and businesses dearly. 
Encryption is crucial for protecting customers and companies from 
criminal intrusion into both their private lives and their businesses.
  Yet the administration says it is addressing the concerns of national 
security and law enforcement by refusing to permit the export of 
software with 56 bits or greater encryption protection, unless the 
company agrees to commit to build key recovery products. It also 
suggests that the war against criminals, such as pornographers, credit 
card thieves, terrorists and others too numerous and too diverse to 
mention, will be all for naught unless government eavesdroppers are 
handed the keys to unlock all the billions of electronic transmissions 
that are made every day in today's electronic information age.
  Now as ridiculous as it might seem that this administration wants the 
capacity to tune in on everything going through the airwaves; 
nevertheless, that is the tool they say they need to protect all of us 
from today's criminal elements. It is rather mind-boggling to 
contemplate how the Federal payroll might explode if the NSA and the 
FBI were given the opportunity to monitor the messenger traffic that 
goes on every day of the week. But it is also mind-boggling to 
contemplate the picture of Uncle Sam riding roughshod over privacy 
rights that have been guaranteed under our Constitution since the days 
of our Founding Fathers.
  If American firms had a monopoly on encryption skills, and if these 
products were not available from anyone on either side of the Atlantic 
or Pacific, perhaps an argument could be made for restricting exports 
of products with encryption that could not be reproduced elsewhere. But 
that is not the case. What in fact the administration has done, and is 
doing, is creating, in the words of the New York Times, ``a bonanza for 
alert entrepreneurs outside the United States.'' And even then I see no 
good reason for restricting the use of encryption within the United 
States.
  I call my colleagues attention to an article from the New York Times 
of April 7, 1997. It tells the story of how the German firm of Brokat 
Information Systems has carved out a booming business selling powerful 
encryption technology around the world that the United States 
Government prohibits American companies from exporting. This German 
company actually markets its products by telling potential purchasers 
that they shouldn't use American export-crippling products.
  This should serve as a reminder that even if Congress should pass and 
the President should sign Fast Track authority to negotiate new trade 
agreements with some of our Latin American neighbors, we are not going 
to turn our trade deficit around if we persist on handing on a silver 
platter to foreign competitors markets that should be dominated by 
American firms.
  At this point I would like to insert the article from the New York 
Times, of April 7, entitled ``U.S. Restrictions on Exports Aid German 
Software Maker.''

                [From the New York Times, Apr. 7, 1997]

         U.S. Restrictions on Exports Aid German Software Maker

                         (By Edmund L. Andrews)

       Boeblingen, Germany, April 3.--Boris Anderer and his four 
     partners have a message for the spy masters in America's 
     national security establishment; thank you very, very much.
       Mr. Anderer is the managing director for marketing at 
     Brokat Informationssystems G.m.b.H., a three-year-old 
     software company here that is growing about as fast as it can 
     hire computer programmers.
       When America Online wanted to offer online banking and 
     shopping services in Europe, it turned to Brokat for the 
     software that encodes transactions and protects them from 
     hackers and on-line bandits. When Netscape Communications and 
     Microsoft wanted to sell Internet software to Germany's 
     biggest banks, they had to team up with Brokat to deliver the 
     security guarantee that the banks demanded.
       But what is most remarkable is that Brokat's rapid growth 
     stems in large part from the Alice in Wonderland working of 
     American computer policy. Over the last two years, Brokat and 
     a handful of other European companies have carved out a 
     booming business selling powerful encryption technology 
     around the world that the United States Government prohibits 
     American companies from exporting.
       Mr. Anderer could not be happier. ``The biggest limitation 
     on our growth is finding enough qualified people,'' he said, 
     as he strode past rooms filled with programmers dressed in T-
     shirts and blue jeans.
       The company's work force has climbed to 110 from 30 in the 
     last year, and the company wants to add another 40 by the end 
     of the year.
       ``This company has grown so fast that I often don't know 
     whether the people I see here have just started working or 
     are just visitors,'' he said.
       Encryption technology has become a big battleground in the 
     evolution of electronic commerce and the Internet. As in the 
     United States, European banks and corporations are racing to 
     offer on-line financial services, and many of these services 
     are built around Internet programs sold by American companies 
     like Netscape and Microsoft.
       Cryptography is crucial because it provides the only means 
     for protecting customers and companies from electronic 
     eavesdroppers.
       Although the market for encryption software is in itself 
     tiny, it is a key to selling technology in the broader market 
     of electronic commerce. Encryption is the first line of 
     defense against hackers eager to pry loose credit card 
     information and raid bank accounts, so it plays a critical 
     role in the sale of Internet servers and transaction-
     processing systems.

[[Page E2290]]

       Brokat, which has revenues of about 10 million marks ($6 
     million), uses its cryptography as a door-opener to sell much 
     more complicated software that securely links conventional 
     bank computer systems to a bank's internet gateways and on-
     line services. Netscape, Microsoft and computer equipment 
     manufacturers all include encryption in the networking 
     systems they sell to corporations.
       But the United States Government blocks American companies 
     from exporting advanced encryption programs, because agencies 
     like the Federal Bureau of Investigation and the National 
     Security Agency fear that they will lose their ability to 
     monitor the communications of suspected terrorists and 
     criminals.
       Far from hindering the spread of powerful encryption 
     programs, however, American policy has created a bonanza for 
     alert entrepreneurs outside the United States. Brokat's 
     hottest product is the Xpresso Security Package, a set of 
     computer programs that bump up the relatively weak encryption 
     capability of Internet browsers from Netscape and Microsoft.
       Besides America Online, Brokat's customers include more 
     than 30 big banking and financial institutions around Europe. 
     Deutsche Bank A.G. Germany's biggest bank, uses Brokat's 
     software at its on-line subsidiary, Bank 24. Hypo Bank of 
     Munich uses Brokat in its on-line discount stock brokerage 
     operation. The Swiss national telephone company and the 
     Zurcher Kantonalbank are also customers.
       Among Brokat's competitors, UK Web Ltd, based in London, is 
     marketing an equally powerful encryption program in 
     conjunction with a Silicon Valley company C2Net Software. 
     Recently, UK Web and C2Net boasted of selling ``full-
     strength'' cryptography developed entirely outside the United 
     States.
       ``We don't believe in using codes so weak that foreign 
     governments, criminals or bored college students can break 
     them,'' the two companies said in a statement, in a stinging 
     swipe at the American export restrictions.
       Bigger companies are starting to jump into the fray as 
     well. Siemens-Nixdorf, the computer arm of Siemens A.G., 
     recently began marketing a high-security Internet server 
     program that competes with products from Netscape. Companies 
     can download the software from Siemens computers in Ireland.
       There is nothing illegal or even surprising about this. The 
     basic building blocks for advanced encryption technology, in 
     a series of mathematical algorithms or formulas, are all 
     publicly available over the Internet. American companies like 
     Netscape sell strong encryption programs within the United 
     States, and companies like Brokat are even allowed to export 
     their product to customers in the United States.
       For many computer executives, the real mystery is why the 
     United States Government continues to restrict the export of 
     encryption technology. ``The genie is out of the bottle,'' 
     said Peter Harter, global public policy counsel at Netscape, 
     who complained that American policy thwarts his company's 
     ability to compete.
       ``I have a good product, and I can sell it to Citibank, but 
     I can't sell it to Deutsche Bank,'' Mr. Harter said. ``It 
     doesn't make any sense. Why shouldn't they be able to buy the 
     same product at Citibank? It makes them mad, and it makes us 
     mad.''
       In response to industry complaints, American officials have 
     repeatedly relaxed the restrictions on encryption over the 
     last several years, and they did so again last November. But 
     because the speed of computers has increased so rapidly, 
     codes that seemed impenetrable just a few years ago can be 
     cracked within a few hours.
       In a policy announced last fall, the Clinton Administration 
     announced that it would allow American companies to freely 
     export cryptography that used ``keys'' up to 40 bits in 
     length. The longer the key, the more difficult a code is to 
     crack. But banking and computer executives say that 40-bit 
     codes are no longer safe and can be cracked in as little as a 
     few hours by skilled computer backers. The minimum acceptable 
     code, according to many bank executives, must have keys that 
     are 128 bits long.
       ``From our point of view, there is at least the possibility 
     that a 40-bit encryption program can be broken, and that 
     means there is a danger that our transaction processing could 
     be compromised,'' said Bernd Erlingheuser, a managing 
     director at the Bank 24 unit of Deutsche Bank. Bank 24 has 
     about 110,000 customers in Germany who gain access to banking 
     services over the Internet using either the Netscape 
     Navigator or Microsft's Internet Explorer.
       Anette Zinsser, a spokeswoman for Hypo Bank, concurred. 
     ``Forty bits is just too low,'' she said. Hypo Bank offers 
     Internet-based banking and discount brokerage services to 
     about 28,000 customers.
       In a country not known for high-technology start-ups, 
     Brokat jumped at the opportunity. Mr. Anderer, a former 
     consultant at McKinsey & Company in Germany teamed up three 
     years ago with two fraternity friends, Michael Janssen and 
     Stefan Roever, and two seasoned computer experts, Achim 
     Schlumpberger and Michael Schumacher.
       The group originally conceived of building a company around 
     modular software components that were designed for the 
     banking industry, and they financed the company for nearly 
     two years through the money they earned from consulting 
     projects. But they were quickly drawn in the area of 
     encryption, and developed a series of programs around the 
     Java technology of Sun Microsystems.
       The Xpresso encryption package is installed primarily on 
     the central ``server'' computers that on-line services use to 
     send material to individual personal computers. Customers who 
     want to connect to a bank's server download a miniature 
     program, or applet, that meshes with their Internet browser 
     program and allows the customer's computer to set up an 
     encrypted link with the server. The effect is to upgrade the 
     40-bit encryption program to a 128-bit program, which is 
     extremely difficult for outsiders to crack.
       Now, in another step through the looking glass of 
     encryption policy, Brokat is trying to export to the United 
     States. There is no law against that, but American laws would 
     theoretically prohibit a company that used Brokat's 
     technology from sending the applets to their online customers 
     overseas. So the company is now negotiating with the National 
     Security Agency for permission to let American companies send 
     their software overseas, which is where it started from in 
     the first place.
       It Brokat convinces the spy masters, the precedent could 
     help American software rivals. ``This could open a new 
     opportunity that would benefit American companies if they 
     understand the implications,'' Mr. Anderer said.

     

                          ____________________