1997 Congressional Hearings
Intelligence and Security
Page 1 TOP OF DOC
44–880 CC
1998
H.R. 695: SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT
MARKUP
BEFORE THE
SUBCOMMITTEE ON INTERNATIONAL ECONOMIC POLICY AND TRADE
OF THE
COMMITTEE ON
INTERNATIONAL RELATIONS
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTH CONGRESS
FIRST SESSION
JUNE 24, 1997
Printed for the use of the Committee on International Relations
Page 2 PREV PAGE TOP OF DOC
COMMITTEE ON INTERNATIONAL RELATIONS
BENJAMIN A. GILMAN, New York, Chairman
WILLIAM GOODLING, Pennsylvania
JAMES A. LEACH, Iowa
HENRY J. HYDE, Illinois
DOUG BEREUTER, Nebraska
CHRISTOPHER SMITH, New Jersey
DAN BURTON, Indiana
ELTON GALLEGLY, California
ILEANA ROS-LEHTINEN, Florida
CASS BALLENGER, North Carolina
DANA ROHRABACHER, California
DONALD A. MANZULLO, Illinois
EDWARD R. ROYCE, California
PETER T. KING, New York
JAY KIM, California
STEVEN J. CHABOT, Ohio
MARSHALL ''MARK'' SANFORD, South Carolina
MATT SALMON, Arizona
AMO HOUGHTON, New York
TOM CAMPBELL, California
JON FOX, Pennsylvania
JOHN McHUGH, New York
LINDSEY GRAHAM, South Carolina
Page 3 PREV PAGE TOP OF DOC
ROY BLUNT, Missouri
JERRY MORAN, Kansas
KEVIN BRADY, Texas
LEE HAMILTON, Indiana
SAM GEJDENSON, Connecticut
TOM LANTOS, California
HOWARD BERMAN, California
GARY ACKERMAN, New York
ENI F.H. FALEOMAVAEGA, American Samoa
MATTHEW G. MARTINEZ, California
DONALD M. PAYNE, New Jersey
ROBERT ANDREWS, New Jersey
ROBERT MENENDEZ, New Jersey
SHERROD BROWN, Ohio
CYNTHIA A. McKINNEY, Georgia
ALCEE L. HASTINGS, Florida
PAT DANNER, Missouri
EARL HILLIARD, Alabama
WALTER CAPPS, California
BRAD SHERMAN, California
ROBERT WEXLER, Florida
STEVE ROTHMAN, New Jersey
BOB CLEMENT, Tennessee
BILL LUTHER, Minnesota
JIM DAVIS, Florida
Page 4 PREV PAGE TOP OF DOC
RICHARD J. GARON, Chief of Staff
MICHAEL H. VAN DUSEN, Democratic Chief of Staff
Subcommittee on International Economic Policy and Trade
ILEANA ROS-LEHTINEN, Florida, Chairperson
DONALD A. MANZULLO, Illinois
STEVEN J. CHABOT, Ohio
TOM CAMPBELL, California
LINDSEY O. GRAHAM, South Carolina
ROY BLUNT, Missouri
JERRY MORAN, Kansas
KEVIN BRADY, Texas
DOUG BEREUTER, Nebraska
DANA ROHRABACHER, California
SAM GEJDENSON, Connecticut
PAT DANNER, Missouri
EARL F. HILLIARD, Alabama
BRAD SHERMAN, California
STEVEN R. ROTHMAN, New Jersey
BOB CLEMENT, Tennessee
TOM LANTOS, California
BILL LUTHER, Minnesota
MAURICIO TAMARGO, Chief of Staff
YLEEM D.S. POBLETE, Professional Staff Member
AMOS HOCHSTEIN, Democratic Professional Staff Member
Page 5 PREV PAGE TOP OF DOC
JOSE A. FUENTES, Staff Associate
C O N T E N T S
WITNESSES
Text of H.R. 695
En bloc amendment offered by Ms. Ros-Lehtinen, Mr.
Gejdenson, Mr. Campbell, and Mr. Sherman
H.R. 695: SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT
TUESDAY, JUNE 24, 1997
House of Representatives,
Subcommittee on International Economic Policy and Trade,
Committee on International Relations,
Washington, DC.
The Subcommittee met, pursuant to notice, at 4:08
p.m. in room 2172, Rayburn House Office Building, Hon. Ileana Ros-Lehtinen,
chair of the Subcommittee, presiding.
Ms. ROS-LEHTINEN. The Subcommittee will
come to order. The Committee meets in open session to consider House
Resolution 695, the Security and Freedom Through Encryption Act, known as
the SAFE Act. House Resolution 695 was introduced by our colleague, the
distinguished gentleman from Virginia, Mr. Goodlatte, on February 12 of
this year. It was referred to the Committee on Judiciary and to the
Committee on International Relations for appropriate action. It has already
been reported out of the Committee of Judiciary, and thus, the onus is now
upon us to consider this legislation.
Meetings and hearings have been held on the issue
of encryption and on this bill specifically throughout the last several
months. We have listened to the concerns that are raised by all sides,
including from those who argue about a potential negative impact on
national security and law enforcement. However, the facts presented and
arguments raised overwhelmingly support the liberalization of export
controls on generally available encryption products.
Page 6 PREV PAGE TOP OF DOC
The data clearly substantiates the need for
the SAFE Act, if the United States is going to be able to effectively
compete in the global arena and not only actively participate, but assume a
leadership role in the formulation of international cryptology.
Current law regulates the export of encryption
technology in a manner similar to military technology. The SAFE Act brings
the U.S. law into the present and the future by looking at today's
realities, not at myths, but at the actual technological developments
taking place on the world stage.
The SAFE Act already has over 120 co-sponsors,
many of whom are Members of this Subcommittee. It enjoys the enthusiastic
support of related industries and industry groups, civil liberties
organizations and privacy advocates. I commend the author of this
legislation, Mr. Goodlatte, for his ongoing commitment and for his
foresight in bringing this issue to the forefront.
Now, if I may, I would like to recognize the
sponsor of this bill, Mr. Goodlatte, to speak briefly on his
legislation.
Mr. GOODLATTE. Thank you, Madame Chairman,
and first, I would like to thank you for your leadership on this issue and
for holding this markup today to help move this legislation forward, which
has been reported by voice vote from the Judiciary Committee.
I would also like to thank Congressman Gejdenson
for his long support and involvement in this very important issue as
well.
This is a vitally important piece of legislation,
if we are going to continue to promote the U.S. dominance of the software
industry worldwide. Nearly 75 percent of all the software created and
published worldwide is created in the United States. But, we are at risk of
losing that standing if we allow our current Administration policy of using
our export control laws to restrict the export of heavily encrypted
software to foreign competition, which has been gearing up very rapidly in
many countries around the world.
Page 7 PREV PAGE TOP OF DOC
This legislation is also very important from
the standpoint of promoting the safety and security of American citizens
and others in the use of the Internet. People are aware that right now
their credit card numbers, their medical records, their industrial trade
secrets, are not secure on the Internet and the reason is that government
policy inhibits the use of strong encryption, not only internationally, but
also domestically, because the Internet is an international communication
system, and you cannot use something effectively if you can only use it
domestically.
The legislation now has 133 co-sponsors. We keep
adding new co-sponsors by the hour. It is supported by a wide array of
Members on both sides of the aisle. It is also endorsed by a wide array of
privacy groups, everyone from the American Civil Liberties Union to
Americans for Tax Reform and the Center for Democracy and Technology.
It is not only supported by the computer industry,
both software and hardware, but also by major business groups, including
the U.S. Chamber of Commerce, the National Association of Manufacturers,
the National Retail Federation, the On-Line Bankers Association and the
Direct Marketing Association.
So, I again thank you for moving this legislation
forward and look forward to working with you as we move it through the
House of Representatives.
Ms. ROS-LEHTINEN. Thank you so much. Are
there any Members who wish to speak before we turn to the markup?
Mr. BEREUTER. Madam Chairman?
Ms. ROS-LEHTINEN. Mr. Bereuter.
Mr. BEREUTER. Thank you, Madam Chairman. I
will speak in opposition to H.R. 695 for a narrow but important reason. Let
me say at the outset that my objections to this legislation concern only
U.S. export control policy and the part of H.R. 695 which is in the
jurisdiction of this Committee. I am not commenting about the domestic use
and availability of encryption.
Page 8 PREV PAGE TOP OF DOC
This legislation is, of course, well
intended. In every aspect of U.S. export controls, a goal must be the
balance between the competitiveness of U.S. companies and U.S. national
security goals. However, this bill fails that balance, because it
significantly relaxes U.S. export control of encryption, without requiring
a key recovery policy appended to those exports.
This legislation would, thus, hinder our law
enforcement, public safety and national security efforts, while undermining
the ability of the Administration to forge international consensus on the
use and implementation of national key recovery policies.
A June 23 letter from the Deputy Director of the
Federal Bureau of Investigation, the Administrator of the Drug Enforcement
Administration, bluntly states why H.R. 695 upsets the delicate balance
between export competitiveness and our national security.
That letter states, ''Bills now being considered
would have the effect of largely removing these existing export controls on
encryption products, and would promote the widespread availability and uses
of any type of encryption product, regardless of the impact on national
security and public safety.''
Enactment would, in our view, have a significant
negative impact on national security, effective law enforcement, public
safety and on ongoing efforts to establish a balanced encryption
policy.
Madam Chairman, U.S. export control restrictions
on encryption are still necessary to encourage other nations to develop
their own national key recovery policies. The development of key recovery
policies is crucial, not because law enforcement believes it can keep
strong encryption out of the hands of terrorists, but because the
ubiquitous use of strong encryption in the near future will make it
virtually impossible to determine which encrypted communications to focus
on for law enforcement and national security purposes. Brute force to crack
encryption algorithms in that type of environment is not useful. Access for
law enforcement to decrypt certain communications will be essential for
even routine law enforcement and national security purposes.
Page 9 PREV PAGE TOP OF DOC
This Member believes that the use of strong
encryption is essential for the security and privacy concerns of U.S.
nationals and U.S. businesses. Moreover, there can be no doubt that the
U.S. Government's export controls on encryption have become outdated, prior
to the Administration's recent regulatory changes. Our export control
policies risked undermining the competitiveness of U.S. hardware and
software encryption exporters, by driving the encryption industry offshore
to countries that do not have export controls.
Recognizing that the United States cannot forever
maintain its technological lead in the development and mass marketing of
strong hardware and software encryption products without permitting the
export of strong encryption, the Administration relaxed controls on
encryption exports with a requirement that companies wishing to export
those products submit a key recovery plan.
Will the Administration's key recovery policy
work? Nobody yet knows, but it certainly is our best chance, it seems to
me, to work out a balanced, workable policy. It certainly is being utilized
by some of America's encryption exporters. For example, a small but fast
growing company in my home State is exporting wireless telecommunication
devices with strong encryption under the Administration's current
regulations. That company is working with the government to preserve the
delicate balance between our competitiveness and law enforcement. We should
give that policy a chance to work.
Madam Chairman, this legislation, H.R. 695, is
only one small piece of the entire encryption issue. The Administration's
current key recovery policy requires congressional approval of legislation
for key management infrastructure, and it is not clear that the
Administration sufficiently has its act together to get such legislation
enacted.
Although progress in this regard has been made in
the Senate with the passage of the Kerry-McKain-Hollings legislation, S.
909, out of the Senate Commerce Committee, I am not yet convinced that the
Administration sufficiently understands the gravity of the current
situation. While strong encryption is currently being exported, the FBI
seems stuck on the issue of the domestic use of strong encryption, which
the Senate legislation pledges will not be curtailed.
Page 10 PREV PAGE TOP OF DOC
Moreover, our national security agencies do
not have sufficient answers yet on the issues of foreign availability on
strong encryption, like the Sun Russian joint venture, which is on plan to
export 128 encryption.
I strongly regret that this Committee will not be
able to wait until Thursday's briefing by the Administration's law
enforcement and national security officials. I intend to ask very tough
questions of the Administration, along some of the lines that I have
outlined here today. Frankly speaking, the Administration must provide
better answers to these questions and show leadership at the very highest
levels, if it wishes to get Congress to give it authority for a key
management infrastructure.
Madam Chairman, if the Administration fails to get
Congress to support a key management infrastructure plan, then strong
encryption will be available throughout the world without a recovery
system. The current policy Administration assures that. Therefore, it is
very likely that within a short period of time, both the Administration's
current policy and H.R. 695 will be overtaken by the forces of the
market.
Until then, however, we should not unilaterally
undermine the Administration's ability to strike the appropriate balance
between our hardware and software exporter's competitiveness and our
national security. We must not cripple them from negotiating reasonable
measures with foreign governments.
For these reasons, I cannot support H.R. 695 in
its current form. I thank you for the time.
Ms. ROS-LEHTINEN. Thank you so much, Mr.
Bereuter.
Mr. Gejdenson.
Mr. GEJDENSON. Thank you. First, I would
like to commend Mr. Goodlatte, whom I have worked with on this issue and
say what a pleasure it has been to work with him, and how it saddens me
that I am not on the same side as my good friend, Mr. Bereuter, whom I have
the greatest—no, I want to be on this side. And, frankly, having
looked at your caucus lately, you would do much better on my side than you
would over there. But, we will not go into that today.
Page 11 PREV PAGE TOP OF DOC
[Laughter.]
Mr. GEJDENSON. I think that my friend, Mr.
Bereuter, and I am very serious about how much respect I have for him and
my friendship for him, that frankly, he ignores recent history in a
bipartisan manner, that both Republican and Democratic Administrations have
intentionally refused to come to grips with this issue, because they have
come to the conclusion that it is better to let history pass them by than
to come up with a responsible policy.
This predates this Administration, which I have
great respect for, and frankly, it entails the entire information age, not
just the issue of encryption. We remember Secretary Mosbacher decontrolling
286 computers and Secretary of Defense Cheney saying the world would
immediately come to an end. Shortly, a world did come to an end after we
decontrolled 286 computers. It was the Soviet world that came to an
end.
We are now in a situation where there is no
practical way to control the use of this encryption. We clearly see other
countries thanking us for our controls, because it is creating significant
industries in their countries. So, what is happening here? Capital, in an
economic sense, capital in an intelligence sense, will continue to move
from the United States, which will endanger us in two ways.
One, economically, it will endanger us and that is
an inconvenience. We have lost other fields of technology before. We have
lost the machine tool industry, we have lost the electronics industry, and
Lord, we have survived all that. So, I guess the economic consequences may
not frighten us.
But, the security consequences here should,
because if we continue to push people who are involved in encryption
offshore, then all the talent will be offshore and, indeed, our
intelligence agencies will lose out in that as well.
So, we have today a situation where an American
company, to follow the law, sends its product to Russia. They add the
encryption. It is then sold worldwide. That company then brings in the
Russian encryption here and adds it so they have the same system operating
worldwide.
Page 12 PREV PAGE TOP OF DOC
If a company wanted to, of course, it just
sells the encryption here in this country and anybody with the most
outmoded computer and modem in the world can send any of the encryption we
have discussed worldwide in a matter of seconds, without compromise.
Now, we have had Clipper chip, we now have son of
Clipper chip. The reality is that none of this has worked. Administration
after Administration has kind of dropped an anchor in the sand and said to
the Congress and the economy of the world, please drag us forward, we are
not going to participate.
I think the only way to get an Administration,
this one that I have good friends in and I admire in many ways or any other
to move forward, is us to start a bus or a train heading for the floor.
Even then, I am not sure that they are capable of getting their act
together in this field. But, we have to send this to the floor. We need to
do it today, and maybe that will be the first message to the Administration
to seriously engage in a rational encryption policy.
I have spent more trips to more secret meetings to
more people involved in this, and never gotten serious answers about what
they are trying to achieve or how they are trying to achieve it. I do not
think they have an argument for their position. This is not large,
sophisticated, cumbersome systems that you can control in the old manner.
Yes, we caught Saddam Hussein moving large pieces of pipe through England.
This is the information age technology. We need to get out in front of it.
We need to try to make sure we control it, but we cannot continue to ignore
it, as this and previous Administrations have done.
So, I would hope we pass the legislation and pass
it expeditiously.
Ms. ROS-LEHTINEN. Thank you. I would like
to ask the other Members to hold their comments for awhile so we can get to
the markup, because other Members do have to go for other commitments, and
I am afraid to lose our quorum.
So, pursuant to notice, the Subcommittee will now
turn to the consideration of H.R. 695, which the clerk will report.
Page 13 PREV PAGE TOP OF DOC
The CLERK. To amend title 18, United
States Code, to affirm the rights of United States persons to use and sell
encryption and to relax export controls——
Ms. ROS-LEHTINEN. Without objection, the
clerk will read the text of the bill for amendment. Without objection, the
bill is considered as having been read and is open to amendment at this
point.
I have an amendment, and I would like to ask the
clerk to report the amendment.
The CLERK. Page 5, line 14, strike
''COMPUTERS'' and insert——
Ms. ROS-LEHTINEN. I ask unanimous consent
that further reading of the amendment be dispensed with and the gentleman
from Connecticut, Mr. Gejdenson, is recognized for 5 minutes in support of
our amendment.
Mr. GEJDENSON. Madam Chairman, this
amendment is primarily technical, consistent with the original draft
language of the bill, provides basically some additions and perfections by
a number of our colleagues here, Mr. Sherman and others, and I
would——
Ms. ROS-LEHTINEN. Thank you, Mr.
Gejdenson.
Mr. BEREUTER. Will the gentleman yield?
Ms. ROS-LEHTINEN. Mr. Bereuter.
Mr. BEREUTER. Will the gentleman yield?
Mr. GEJDENSON. Yes, I would be happy
to.
Mr. BEREUTER. Thank you. I am not trying to
stall for any reason. I am ready to vote and cast mine soon, but I would
like to know what is in the amendment. This is the first time we have seen
the amendment. As you know, it was not available, so would you be willing
to go over it, subsection by subsection, and tell us what is happening
here?
Page 14 PREV PAGE TOP OF DOC
Ms. ROS-LEHTINEN. Mr. Gejdenson.
Mr. GEJDENSON. I would be happy to go
through a brief review of the amendment and then I would be happy to go
through it line by line, if my friend is interested.
This amendment provides for technical changes
only, and does not affect the substance or intent of objective of the
legislation. There have been consultations with the author of H.R. 695, Mr.
Goodlatte, on all sections of the amendment.
One section of the amendment serves to remove the
distinction between mass market and customized software, helps ensure the
customized software is also the subject of liberalized export. Expand
section three of H.R. 695 by extending the exemption from licensing to
customized software.
Other language in the amendment serves to ensure
that no inequities in the marketplace result from passage of H.R. 695 by
providing the inclusion of consumer products. Manufacturers, in responding
to the demands for movie studios, record labels and others, are beginning
to incorporate more encryptive capability in products that do not
necessarily fall under the umbrella of computing products. These are
products such as small dish satellites, receivers, digital video disks,
small cards, etc., which require encryption in some cases, such as new WEB
TV, products now being sold in the United States that may fall under
multiple munitions control, when they are clearly and purely for consumer
end users and not primarily for military purpose.
Another section of the amendment is Congress
regarding the international cooperation, which goes to the very core of the
debate over encryption and the need for a multilateral agreement on trade
of this technology and mutual security.
Ms. ROS-LEHTINEN. Are there additional
Members seeking recognition on this amendment?
Mr. CAMPBELL. Madam Chair.
Ms. ROS-LEHTINEN. Mr. Campbell.
Page 15 PREV PAGE TOP OF DOC
Mr. CAMPBELL. To amplify my
colleague's response to Mr. Bereuter's question, I am also part of this en
bloc and my purpose was to deal with what is called encryption-ready
software, that might inadvertently be swept up under the restrictions on
software encryption itself, simply because it has an interface that could
fit with the software, that then does the encrypting. Inadvertent, in my
sense, inadvertent sweeping, and to prevent that, whatever the executive
branch does with the software itself, we should not be restricting our
exports of encryption ready, which itself has no technological or, in my
judgment, national security risk.
Mr. BEREUTER. Will the gentleman yield?
Mr. CAMPBELL. I would be pleased to
yield.
Ms. ROS-LEHTINEN. Mr. Bereuter.
Mr. BEREUTER. On the bottom of page 2, to
which you are referring, is that the part which you produced?
Mr. CAMPBELL. I am the author of the
changes on page 8 and page 6 and the specific references, here, I will show
it to you, ''any computing device solely because it incorporates or employs
in any form——interface mechanisms for interaction with other
hardware and software, including hardware and software, with encryption
capabilities,'' which would be page 6, line 21.
Mr. BEREUTER. Bottom of page 2 on the
amendment. Thank you.
Mr. CAMPBELL. That seems to me correct.
Thank you.
Ms. ROS-LEHTINEN. Thank you. The Chair will
put the question on the Ros-Lehtinen and Gejdenson-Campbell-Rothman
Amendment. As many as are in favor of the amendment, say aye.
[Chorus of ayes.]
Ms. ROS-LEHTINEN. As many as are opposed to
the amendment, say no.
Page 16 PREV PAGE TOP OF DOC
[Chorus of noes.]
Ms. ROS-LEHTINEN. The ayes appear to have
it. The ayes do have it, and the amendment is agreed to.
Are there further amendments? If there are no
further amendments, the Chair will put the question on favorable, reporting
the bill as amended to the Full Committee. So many as are in favor to the
question say aye.
[Chorus of ayes.]
Ms. ROS-LEHTINEN. So many as are opposed,
say no.
[Chorus of noes.]
Ms. ROS-LEHTINEN. The ayes appear to have
it.
Mr. GEJDENSON. Madam Chair, I ask for a
recorded vote.
Ms. ROS-LEHTINEN. A recorded vote is
requested. Those in favor of taking the vote by recorded vote shall raise
their hands. Evidently a sufficient number. The clerk will call the
roll.
The CLERK. Ms. Ros-Lehtinen?
Ms. ROS-LEHTINEN. Aye.
The CLERK. Ms. Ros-Lehtinen votes aye.
Mr. Manzullo?
Mr. MANZULLO. Aye.
The CLERK. Mr. Manzullo votes aye.
Mr. Chabot?
Mr. CHABOT. Aye.
The CLERK. Mr. Chabot votes aye.
Mr. Campbell?
Mr. CAMPBELL. Aye.
Page 17 PREV PAGE TOP OF DOC
The CLERK. Mr. Campbell votes aye.
Mr. Graham?
[No response.]
The CLERK. Mr. Blunt?
Mr. BLUNT. Aye.
The CLERK. Mr. Blunt votes aye.
Mr. Moran?
[No response.]
The CLERK. Mr. Brady?
Mr. BRADY. Aye.
The CLERK. Mr. Brady votes aye.
Mr. Bereuter?
Mr. BEREUTER. No.
The CLERK. Mr. Bereuter votes no.
Mr. Rohrabacher?
Mr. ROHRABACHER. Aye.
The CLERK. Mr. Rohrabacher votes aye.
Mr. Gejdenson?
Mr. GEJDENSON. Aye.
The CLERK. Mr. Gejdenson votes aye.
Mrs. Danner?
Ms. DANNER. Aye.
The CLERK. Mrs. Danner votes aye.
Mr. Hilliard?
Mr. HILLIARD. Aye.
Page 18 PREV PAGE TOP OF DOC
The CLERK. Mr. Hilliard votes aye.
Mr. Sherman?
Mr. SHERMAN. Aye.
The CLERK. Mr. Sherman votes aye.
Mr. Rothman?
Mr. ROTHMAN. Aye.
The CLERK. Mr. Rothman votes aye.
Mr. Clement?
Mr. CLEMENT. Aye.
The CLERK. Mr. Clement votes aye.
Mr. Lantos?
[No response.]
The CLERK. Mr. Luther?
Mr. LUTHER. Aye.
The CLERK. Mr. Luther votes aye.
Mr. Graham?
[No response.]
Mr. Moran?
[No response.]
Mr. Lantos?
[No response.]
The CLERK. Madam Chairman, on this vote,
there are 14 ayes and one no.
Ms. ROS-LEHTINEN. The motion is agreed to.
I thank all the Members for their cooperation. We will be in touch with Mr.
Gilman about prompt consideration of this measure in Full Committee before
the July 11 deadline. The Subcommittee stands in recess, subject to the
call of the Chair. Thank you.
Page 19 PREV PAGE TOP OF DOC
[Whereupon, at 4:28 p.m., the Subcommittee
adjourned subject to the call of the Chair.]
A P P E N D I X
Insert "The Official Committee record contains
additional material here."
|
NEWSLETTER
|
|
Join the GlobalSecurity.org mailing list
|
|
|
