[Congressional Record Volume 144, Number 95 (Thursday, July 16, 1998)]
[Senate]
[Pages S8376-S8377]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                         ENCRYPTION LEGISLATION

  Mr. DASCHLE. Late yesterday several of my colleagues took to the 
floor to discuss their views on the need for congressional action on 
encryption legislation. I would like to take this opportunity to 
briefly provide my thoughts on this important issue.
  As everyone who follows encryption policy knows, despite years of 
discussion and debate, we still have not found a solution that is 
acceptable to industry, consumers, law enforcement and national 
security agencies. In this Congress alone, we have seen 7 competing 
bills introduced--3 in the House and 4 in the Senate.
  The country is paying a price for this inability to produce a 
consensus solution. That price is evident not only in loss of market 
share and constraint on internet commerce, but also in the steady 
erosion of the ability of law enforcement's and national security 
agencies' to monitor criminal activity or activities that threaten our 
national interest.
  We simply must find a comprehensive national policy that protects 
both U.S. national security and U.S. international market share--sooner 
rather than later. And I believe we can.
  After many months of participating in discussions on encryption 
policy and hearing from all sides of this complex issue, I have reached 
two conclusions. First, the Administration has and is continuing to 
make good-faith efforts to reach agreement on the numerous complex 
issues that underlie our encryption policy. And second, there is 
already considerable agreement on a series of key issues. The challenge 
is to pull together to forge a consensus encryption policy for the 21st 
Century.
  Earlier this year, I sent a letter to Vice President Gore asking for 
the Administration's goals and plans for encryption policy. In his 
response to me, the Vice President indicated that he supports 
``energizing an intensive discussion that will apply the unparalleled 
expertise of U.S. industry leaders in developing innovative solutions 
that support our national goals.'' Subsequent actions demonstrate that 
the

[[Page S8377]]

Vice President and this Administration have been true to their word.
  In the last several months, the Administration has engaged in 
intensive discussions with the Americans for Computer Privacy, an 
important business-oriented interest group. These discussions have 
focused on technical, policy, legal, and business issues associated 
with encryption, and the impact of strong encryption on law enforcement 
and national security. The Administration is also reviewing ACP's 
proposals for export relaxation. I have been assured by senior 
Administration officials that, in making decisions on our encryption 
policy, the Administration recognizes it must carefully consider 
commercial needs as well as law enforcement and national security 
interests.
  As a result of the Administration's statements and actions, I am more 
convinced than ever that there is already agreement on a significant 
number of issues and that a consensus on encryption policy is possible 
in the not-to-distant future. First, all parties accept the need for 
and reality of strong encryption products. Second, all parties agree 
that strong encryption products are essential to the growth of 
electronic commerce and the internet. Third, all parties agree that 40-
bit keys are inadequate to ensure privacy and security. Fourth, all 
parties agree that doing nothing has a real and significant downside. 
According to a recent study, maintaining existing encryption policies 
will cost the U.S. economy as much as $96 billion over the next 5 years 
in lost sales and slower growth in encryption-dependent industries. 
Finally, all parties agree that doing nothing is unsustainable because 
the relaxed restrictions the Administration placed on 56-bit encryption 
products expire at the end of the year and must be addressed within the 
next month or two.
  So where does this leave us? Unfortunately, while recent discussions 
between industry and the Administration have been fruitful, they have 
not gone far enough or proceeded fast enough to produce the kind of 
agreement I believe the majority of the Congress would all like to see. 
The time has come for the Administration to announce exactly where it 
stands on several key issues--including how it intends to proceed when 
the current relaxed restrictions on 56-bit encryption expire.
  Having urged the Administration to greater efforts, I must also ask 
if it would not be constructive for those who are most frustrated with 
the pace of change in this area to take a step back and closely examine 
their own positions. For example, several of the bills introduced in 
the Congress this session call for the Secretary of Commerce to have 
exclusive jurisdiction over the export of encryption products. Despite 
the widespread agreement that the sale of encryption products has 
important ramifications for our national security and law enforcement, 
these bills would give no role to officials from the Justice 
Department, the FBI, or the intelligence community in the decision 
process regarding which encryption products can be legally sold.
  This fact would be noteworthy even in isolation. It is even more 
remarkable when one combines it with the observation that many of the 
adherents to this laissez-faire approach to export controls for 
encryption products are the most vocal critics of the Administration's 
export policies for commercial satellites.
  The incongruity of these two positions is stunning. Trying to 
reconcile them is impossible. There are only two conclusions to be 
drawn from this inconsistency. Either the right hand does not know what 
the left is doing, or at least part of the criticism directed at the 
Administration is politically motivated.
  I will be working with the Administration and my colleagues in the 
days ahead in the hope of reaching some consensus on national 
encryption policy. I am hopeful that over the next few weeks we can 
begin to resolve the numerous difficult issues that remain. Neither 
industry nor government is likely to get 100 percent of what it wants. 
However, if both sides are flexible and cognizant of the stakes 
involved, I am hopeful we can reach an agreement that's good for 
consumers, good for business, and good for law enforcement and national 
security.

                          ____________________