Congressional Documents
43 310
1997
105 th Congress 1st Session
HOUSE OF REPRESENTATIVES
Rept. 105 108
Part 3
SECURITY AND FREEDOM THROUGH
ENCRYPTION (SAFE) ACT OF 1997
R E P O R T
OF THE
COMMITTEE ON NATIONAL SECURITY
HOUSE OF REPRESENTATIVES
ON
H.R. 695
together with
ADDITIONAL AND SUPPLEMENTAL VIEWS
[Including cost estimate of the Congressional Budget Office]
[Graphic Image Not Available]
September 12, 1997.--Ordered to be printed
HOUSE COMMITTEE ON NATIONAL SECURITY
ONE HUNDRED FIFTH CONGRESS
FLOYD D. SPENCE, South Carolina, Chairman
BOB STUMP, Arizona RONALD V. DELLUMS, California
DUNCAN HUNTER, California IKE SKELTON, Missouri
JOHN R. KASICH, Ohio NORMAN SISISKY, Virginia
HERBERT H. BATEMAN, Virginia JOHN M. SPRATT, Jr., South Carolina
JAMES V. HANSEN, Utah SOLOMON P. ORTIZ, Texas
CURT WELDON, Pennsylvania OWEN PICKETT, Virginia
JOEL HEFLEY, Colorado LANE EVANS, Illinois
JIM SAXTON, New Jersey GENE TAYLOR, Mississippi
STEVE BUYER, Indiana NEIL ABERCROMBIE, Hawaii
TILLIE K. FOWLER, Florida MARTIN T. MEEHAN, Massachusetts
JOHN M. McHUGH, New York ROBERT A. UNDERWOOD, Guam
JAMES TALENT, Missouri JANE HARMAN, California
TERRY EVERETT, Alabama PAUL McHALE, Pennsylvania
ROSCOE G. BARTLETT, Maryland PATRICK J. KENNEDY, Rhode Island
HOWARD ``BUCK'' McKEON, California ROD R. BLAGOJEVICH, Illinois
RON LEWIS, Kentucky SILVESTRE REYES, Texas
J.C. WATTS, Jr., Oklahoma TOM ALLEN, Maine
MAC THORNBERRY, Texas VIC SNYDER, Arkansas
JOHN N. HOSTETTLER, Indiana JIM TURNER, Texas
SAXBY CHAMBLISS, Georgia F. ALLEN BOYD, Jr., Florida
VAN HILLEARY, Tennessee ADAM SMITH, Washington
JOE SCARBOROUGH, Florida LORETTA SANCHEZ, California
WALTER B. JONES, Jr., North Carolina JAMES H. MALONEY, Connecticut
LINDSEY GRAHAM, South Carolina MIKE McINTYRE, North Carolina
SONNY BONO, California CIRO D. RODRIGUEZ, Texas
JIM RYUN, Kansas CYNTHIA A. McKINNEY, Georgia
MICHAEL PAPPAS, New Jersey
BOB RILEY, Alabama
JIM GIBBONS, Nevada
BILL REDMOND, New Mexico
Andrew K. Ellis, Staff Director
(II)
C O N T E N T S
Legislative History
6
Section-by-Section Analysis
6
Section 1--Short Title
6
Section 2--Sale and Use of Encryption
6
Section 3--Exports of Encryption
7
Committee Position
7
Fiscal Data
7
Congressional Budget Office Estimate
7
Congressional Budget Office Cost Estimate
8
Committee Cost Estimate
10
Inflation Impact Statement
10
Oversight Findings
10
Constitutional Authority Statement
10
Statement of Federal Mandates
10
Roll Call Vote
11
Changes in Existing Law Made by the Bill, as Reported
13
Additional views of Patrick J. Kennedy
14
Supplemental views of Jane Harman
16
Supplemental views of Loretta Sanchez
18
(III)
105 th Congress
Rept. 105 108
HOUSE OF REPRESENTATIVES
1st Session
Part 3
SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT OF 1997
September 12, 1997.--Ordered to be printed
Mr. Spence, from the Committee on National Security, submitted the
following
R E P O R T
together with
ADDITIONAL AND SUPPLEMENTAL VIEWS
[To accompany H.R. 695]
[Including cost estimate of the Congressional Budget Office]
The Committee on National Security, to whom was referred the bill
(H.R. 695) to amend title 18, United States Code, to affirm the rights
of United States persons to use and sell encryption and to relax export
controls on encryption, having considered the same, report favorably
thereon with amendments and recommend that the bill as amended do pass.
The amendments are as follows:
Strike section 3 and insert the following:
SEC. 3. EXPORTS OF ENCRYPTION.
(a) Export Control of Encryption Products Not Controlled on the
United States Munitions List.--The Secretary of Commerce, with the
concurrence of the Secretary of Defense, shall have the authority to
control the export of encryption products not controlled on the United
States Munitions List. Decisions made by the Secretary of Commerce with
the concurrence of the Secretary of Defense with respect to exports of
encryption products under this section shall not be subject to judicial
review.
(b) License Exception For Certain Encryption Products.--Encryption
products with encryption strength equal to or less than the level
identified in subsection (d) shall be eligible for export under a
license exception after a 1-time review, if the encryption product being
exported does not include features that would otherwise require
licensing under applicable regulations, is not destined for countries,
end-users, or end-uses that the Secretary of Commerce has determined by
regulation, with the concurrence of the Secretary of Defense, are
ineligible to receive such products, and is otherwise qualified for
export.
(c) One-Time Product Review.--The Secretary of Commerce, with the
concurrence of the Secretary of Defense, shall specify the information
that must be submitted for the 1-time review referred to in subsection
(b).
(d) Eligible Encryption Levels.--
(1) Initial eligibility level.--Not later than 30 days after the
date of the enactment of this Act, the President shall notify the
Congress of the maximum level of encryption strength that could be
exported from the United States under license exception pursuant to this
section without harm to the national security of the United States. Such
level shall not become effective until 60 days after such notification.
(2) Annual review of eligibility level.--Not later than 1 year after
notifying the Congress of the maximum level of encryption strength under
paragraph (1), and annually thereafter, the President shall notify the
Congress of the maximum level of encryption strength that could be
exported from the United States under license exception pursuant to this
section without harm to the national security of the United States. Such
level shall not become effective until 60 days after such notification.
(3) Calculation of 60-day period.--The 60-day period referred to in
paragraphs (1) and (2) shall be computed by excluding--
(A) the days on which either House is not in session because of an
adjournment of more than 3 days to a day certain or an adjournment of
the Congress sine die; and
(B) each Saturday and Sunday, not excluded under subparagraph (A),
when either House is not in session.
(e) Excercise of Existing Authorities.--The Secretary of Commerce and
the Secretary of Defense may exercise the authorities they have under
other provisions of law to carry out this section.
Amend the title so as to read:
A bill to amend title 18, United States Code, to affirm the rights of
United States persons to use and sell encryption.
PURPOSE AND BACKGROUND
The explosive growth of the internet and the rise in electronic
commerce in recent years have led to increased concerns over information
security. A growing number of individuals and businesses now have access
to the information superhighway and the capability to transmit volumes
of personal and proprietary data from one user to another nearly
instantaneously. As technology advances, the risk that the secure
transmission of this information may be compromised by computer
``hackers'' is increasing. Industry has responded to this risk by
developing products with greater encryption capabilities.
Encryption is a means of scrambling or encoding electronic data so
that its contents are protected from unauthorized interception or
disclosure. Many software application programs already feature
encryption capabilities to afford users a degree of privacy and security
when conducting electronic transactions. For example, Netscape
Communications Corporation's world wide web browser can transmit
information in a secure, encrypted mode that allows individuals to order
products and services by credit card over the internet with a reasonable
expectation that the personal information they send will be protected.
Currently, the domestic use of encryption products is unrestricted.
When used by law-abiding citizens and companies, encryption can increase
public confidence in the security of electronic transactions. However,
the export of encryption capabilities is controlled for important
national security and foreign policy reasons. In the hands of terrorists
or criminals, the capability to scramble communications or encode
information may hinder efforts to thwart planned terrorist acts or
apprehend international drug smugglers. Moreover, much of the U.S.
military's battlefield advantage relies on information dominance and the
ability to decipher enemy communications. Unrestricted export of
capabilities that make it more difficult for the United States to
comprehend the plans and activities of hostile military forces could
significantly degrade the technological advantage presently held by U.S.
combat forces.
In particular, the committee notes that the U.S. military has made
information warfare a key element of U.S. military strategy and tactics.
U.S. strategy requires that the United States be able to protect its own
communications from interception while exploiting the weaknesses in the
information systems and communications of potential adversaries. The
National Defense University Institute for National Strategic Studies has
identified seven areas of information warfare that could play decisive
roles in combat, including electronic warfare, cyber warfare, command
and control warfare, intelligence-based warfare, and so-called
``hacker'' warfare. The Institute's 1996 Strategic Assessment study
noted the growing importance of information warfare and the desirability
for U.S. exploitation of a potential adversary's vulnerabilities. The
study declared that ``if the United States could override an enemy's
military computers, it might achieve an advantage comparable to
neutralizing the enemy's command apparatus.'' In addition, it noted the
value of attacking an adversary's commercial computer systems, i.e.,
banking, power, telecommunications, and safety systems. The ability to
``wreak havoc'' on these systems, the study noted, ``would be a powerful
new instrument of power,'' potentially leading to the prompt termination
of conflict and a reduction in civilian and military casualties.
However, the committee is concerned that the proliferation of
sophisticated encryption capabilities overseas may make it more
difficult for the United States to maintain its military superiority and
achieve tactical battlefield advantages.
Because of national security implications, the United States has
traditionally considered encryption products to be sensitive
``munitions'' items and their export has been carefully controlled by
the Department of State. However, in October 1996, the Clinton
Administration decided to transfer jurisdiction over the export of
commercial encryption products from the Department of State to the
Department of Commerce, which is responsible for export controls on
``dual use'' items with military and civilian application. In addition,
the Administration agreed to allow the export of encryption products
with keys of up to 56 bits in length, beginning in January 1997,
provided that the exporting companies develop a ``key recovery'' plan
over the next two years that would allow access to the keys by
government law-enforcement agents or intelligence officials, if
necessary, in order to decode scrambled information.
The capabilities and security of encryption products generally depend
on the length of the encryption algorithm or electronic ``key'' required
to decrypt the data, as measured by the number of data ``bits'' in the
key. Generally speaking, the longer the key (or number of key bits) the
more secure the encryption program and the more difficult it is to
``break the code.'' Prior to this decision, U.S. policy allowed the
unrestricted export of encryption software with keys up to 40 bits in
length.
In announcing this liberalized export control policy, Vice President
Gore stated that it would ``support the growth of electronic commerce,
increase the security of the global information (sic.), and sustain the
economic competitiveness of U.S. encryption product manufacturers. * *
*'' However, an Administration talking points paper on the decision
noted that ``this export liberalization poses risks to public safety and
national security. The Administration is willing to tolerate that risk,
for a limited period, in order to accelerate the development of a global
key management infrastructure.'' In addition, in a letter to Congress in
November 1996, President Clinton acknowledged that ``the export of
encryption products transferred to Department of Commerce control could
harm national security and foreign policy interests of the United States
even where comparable products are or appear to be available from
foreign sources.''
As received by the committee, H.R. 695 and companion legislation in
the Senate represent a further attempt to significantly liberalize U.S.
encryption policy. In particular, H.R. 695, as introduced, would have
the following effect on encryption export controls:
(1) It would grant the Commerce Department exclusive authority to
control exports of all hardware, software, and technology for
information security, except that designed for military use, depriving
the Secretary of Defense of an appropriate level of involvement on
licensing decisions involving national security;
(2) It would prohibit requiring a government-validated license for
the export or re-export of commercially-available encryption-capable
software or computers using such software; and
(3) It would direct the Secretary of Commerce to allow the export or
re-export of encryption-capable software for non-military end-uses in
any country, or computers using such software based on considerations of
foreign availability.
Importantly, the committee notes that section 3 of H.R. 695 would
require the government to approve exports of high performance computers
(so-called ``supercomputers'') if those computers contain encryption
products or software that are commercially available. In the committee's
view, this is one of the most serious consequences and flaws of the
bill. Under this proposed arrangement, any company would be in a
position to force the government to allow the export of even the most
powerful supercomputer available in the United States, if they first
loaded a piece of foreign-available encryption software on the
supercomputer. As confirmed by Secretary Reinsch in his testimony before
the committee, this provision would overturn the Spence-Dellums
amendment to H.R. 1119, the National Defense Authorization Act for
Fiscal Year 1997, adopted by the House on June 19, 1997, by a vote of
332 88. That amendment would prevent the inadvertent export of
supercomputers to questionable end users in countries of proliferation
concern.
The committee believes that the provisions of H.R. 695, as
introduced, in particular those provisions regarding export controls on
encryption products, do not adequately address these significant
national security concerns. In testimony before the committee on July
30, 1997, Under Secretary of Commerce for Export Administration William
Reinsch stated that H.R. 695 ``proposes export liberalization far beyond
what the administration can entertain and which we believe would be
contrary to our international export control obligations and detrimental
to our national security.'' With respect to the bill's national security
implications, William Crowell, Deputy Director of the National Security
Agency (NSA), testified that ``the passage of H.R. 695 would negatively
impact NSA's missions. * * * the immediate decontrol of strong
encryption products without restriction would make our signals
intelligence mission much more difficult and ultimately result in the
loss of intelligence. * * * This would greatly complicate our
exploitation of foreign targets, including military targets.'' Mr.
Crowell concluded that H.R. 695 ``will do irreparable harm to national
security. * * *''
The Administration also has criticized H.R. 695 on broader grounds.
For example, the Federal Bureau of Investigation has declared that ``it
would be irresponsible for the U.S. to adopt a policy that consciously
unleashes widespread, unbreakable, non-key recovery encryption products
that undermine law enforcement in the United States and worldwide.''
According to the Department of Defense, H.R. 695 would ``have a negative
impact on national security, effective law enforcement and public
safety.'' The Director of the National Security Agency, Lieutenant
General Kenneth A. Minihan, has noted that the United States obtains ``a
substantial amount of significant intelligence information from
unencrypted sources'' and that this information is ``likely to become
encrypted with the relaxation of crypto export controls.'' In a recent
letter to Chairman Spence and Ranking Member Dellums, Secretary of
Defense Cohen stated, ``Passage of legislation which effectively
decontrols commercial encryption exports would undermine U.S. efforts''
to foster a key recovery infrastructure that will ``preserve
governments' abilities to counter worldwide terrorism, narcotics
trafficking and proliferation.''
In response to these concerns, the committee agreed to amend section
3 of H.R. 695, the section of the bill dealing with export controls.
Given the committee's jurisdictional focus on national security, the
committee exclusively limited its actions to this section of the bill
and did not address the effects of H.R. 695 on domestic law enforcement
capabilities. The committee amendment to section 3 would allow the
President, subject to 60 day congressional review, to determine the
maximum level of encryption strength that may be exported without a
license. Unlicensed export of these products could occur after a
one-time review. Products above the threshold could be exported under an
individually validated license, and the committee's amendment ensures
that the concurrence of the Secretary of Defense is obtained prior to
the export of such more sophisticated encryption software. The amendment
also ensures that the appropriateness of the threshold level would be
reviewed on an annual basis.
LEGISLATIVE HISTORY
H.R. 695, the ``Security and Freedom through Encryption (SAFE) Act of
1997,'' was introduced by Representative Robert Goodlatte (R VA) on
February 12, 1997. The bill was reported in May 1997 by the House
Committee on the Judiciary. The bill was also referred to the Committee
on International Relations, the Committee on Commerce, the Permanent
Select Committee on Intelligence, and the Committee on National
Security. On July 22, 1997, the House International Relations Committee
approved the bill with minor amendments.
On July 30, 1997, the Committee on National Security held a hearing
on H.R. 695. Testimony was taken from representatives of the Department
of Defense, Department of Commerce, and industry witnesses. The focus of
the hearing was to assess the bill's impact on U.S. national security.
On September 9, 1997, the committee held a mark-up session to
consider H.R. 695. The committee adopted one amendment to the bill
dealing with Section 3 on export controls by a rollcall vote of 45 to 1.
The amended version of the bill was reported favorably by a voice vote.
The individual rollcall result is placed at the end of this report.
SECTION-BY-SECTION ANALYSIS
Section 1--Short Title
This section would establish a short title of the bill as the
``Security and Freedom Through Encryption (SAFE) Act.''
Section 2--Sale and Use of Encryption
This section would amend Part I of title 18, United States Code by
adding a new chapter on ``Encrypted Wire and Electronic Communications''
consisting of five sections. This new chapter would define encryption
and related terms, legalize the use of any encryption method by U.S.
citizens domestically or abroad, and legalize the interstate sale by
U.S. citizens of any encryption, regardless of algorithm or key length.
The new chapter would also deny any person the right to control a key
that is in the lawful possession of another person, except for law
enforcement purposes, thereby nullifying the
government's key escrow plan. Finally, the new chapter would
establish penalties for the unlawful use of encryption in furtherance of
a criminal act.
Section 3--Exports of Encryption
As amended, this section would grant the Secretary of Commerce
authority, with the concurrence of the Secretary of Defense, to control
exports of encryption technology that is not controlled on the U.S.
Munitions List. The section also would allow for a license exception for
the export of encryption products with a strength at or below the
maximum threshold established by the President. Export of these products
would only occur after a one-time government review. The export of
encryption products with a strength above the threshold determined by
the President would be allowed subject to existing regulations and
procedures. The amendment would not impact the current ability of
financial institutions to export encryption products above the threshold
without limitation, for use exclusively for banking and financial
transactions. This section would also direct the President to notify
Congress on an annual basis of the appropriate threshold for the
strength of encryption products that may be exported without harm to
U.S. national security. Current civil and criminal penalties for
violation of U.S. export control restrictions would continue to apply,
and would cover the procedures established in the committee's amendment.
COMMITTEE POSITION
On September 9, 1997, the Committee on National Security, a quorum
being present, approved H.R. 695, as amended, by a voice vote.
FISCAL DATA
Pursuant to clause 7 of rule XIII of the Rules of the House of
Representatives, the committee attempted to ascertain annual outlays
resulting from the bill during fiscal year 1998 and the four following
fiscal years. The results of such efforts are reflected in the cost
estimate prepared by the Director of the Congressional Budget Office
under section 403 of the Congressional Budget Act of 1974, which is
included in this report pursuant to clause 2(l)(3)(C) of House rule XI.
CONGRESSIONAL BUDGET OFFICE ESTIMATE
In compliance with clause 2(l)(3)(C) of rule XI of the Rules of the
House of Representatives, the cost estimate prepared by the
Congressional Budget Office and submitted pursuant to section 403(a) of
the Congressional Budget Act of 1974 is as follows:
September 11, 1997.
Hon. Floyd Spence, Chairman, Committee on National Security,
House of Representatives, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has prepared the
enclosed cost estimate for H.R. 695, the Security and Freedom Through
Encryption (SAFE) Act.
If you wish further details on this estimate, we will be pleased to
provide them. The CBO staff contacts are Rachel Forward (for federal
costs); Alyssa Trzeszkowski (for revenues); and Pepper Santalucia (for
the state and local impact).
Sincerely,
June E. O'Neill, Director.
CONGRESSIONAL BUDGET COST OFFICE ESTIMATE
Summary: H.R. 695 would allow individuals in the United States to use
or sell any encryption product and would prohibit states or the federal
government from requiring individuals to relinquish the key to
encryption technologies to any third party. The bill also would
authorize the President to determine which encryption products could be
granted an export license exception and thus could be exported following
a one-time product review by the Department of Commerce's Bureau of
Export Administration (BXA). Other encryption products would be subject
to more stringent export controls imposed by the Secretary of Commerce
with the concurrence of the Secretary of Defense. H.R. 695 would
establish criminal penalties and fines for the use of encryption
technologies to conceal from law enforcement officials incriminating
information relating to a crime.
CBO estimates that implementing this bill would not add to BXA's
costs of reviewing encryption products intended for export. Both under
current policies and under the provisions of H.R. 695, CBO estimates
that spending by BXA for reviewing the export of nonmilitary encryption
products would total about $4.5 million over the 1998 2000 period.
The bill would affect direct spending and receipts beginning in
fiscal year 1998 through the imposition of criminal fines and the
resulting spending from the Crime Victims Fund. Therefore, pay-as-you-go
procedures would apply. CBO estimates, however, that the amounts of
additional direct spending and receipts would not be significant.
H.R. 695 contains no private-sector mandates as defined in the
Unfunded Mandates Reform Act of 1995 (UMRA), but it contains an
intergovernmental mandate on state governments. CBO estimates that
states would not incur any costs to comply with the mandate.
Estimated cost to the Federal Government
In November 1996, the Administration issued an executive order and
memorandum that authorized the export of encryption products up to 56
bits in length following a one-time product review by BXA, contingent on
the exporter's commitment to develop a key recovery system. H.R. 695
would maintain the President's discretion to determine which encryption
products could be exported following a one-time review by BXA and which
products would be subject to more stringent export controls by the
agency. Based on information from BXA, CBO expects that the
President would not modify the current policy of allowing license
exceptions for encryption products of up to 56 bits in length. Thus,
enacting this bill would not significantly change the scope of BXA's
activities. Assuming appropriation of the necessary amounts, CBO
estimates that implementing H.R. 695 would result in costs to BXA of
about $900,000 in each fiscal year, totaling about $4.5 million over the
1998 2002 period, about the same as would be expected under current law.
BXA was authorized to spend $850,000 in fiscal year 1997 to control
encryption exports.
Enacting H.R. 695 would affect direct spending and receipts through
the imposition of criminal fines for encrypting incriminating
information related to a felony. CBO estimates that collections from
such fines are likely to be negligible, however, because the federal
government would probably not pursue many cases under the bill. Any such
collections would be recorded in the budget as governmental receipts, or
revenues. They would be deposited in the Crime Victims Fund and spent
the following year. Because the increase in direct spending would be the
same as the amount of fines collected with a one-year lag, the
additional direct spending also would be negligible.
The costs of this legislation fall within budget functions 370
(commerce and housing credit) and 750 (administration of justice).
Pay-as-you-go considerations
Section 252 of the Balanced Budget and Emergency Deficit Control Act
of 1985 sets up pay-as-you-go procedures for legislation affecting
direct spending or receipts. H.R. 695 would affect direct spending and
receipts through the imposition of criminal fines and the resulting
spending from the Crime Victims Fund. CBO estimates, however, that any
collections and spending resulting from such fines would not be
significant.
Estimated impact on state, local, and tribal governments
H.R. 695 would prohibit states from requiring persons to make
encryption keys available to another person or entity. This prohibition
would be an intergovernmental mandate as defined in UMRA. However,
states would bear no costs as the result of the mandate because none
currently require the registration or availability of such keys.
Estimated impact on the private sector
The bill would impose no new private-sector mandates as defined in UMRA.
Previous CBO estimate
CBO provided cost estimates for H.R. 695 as ordered reported by the
House Committee on the Judiciary on May 14, 1997, and as ordered
reported by the House Committee on International Relations on July 22,
1997. Assuming appropriation of the necessary amounts, CBO estimates
that implementing the Judiciary Committee's version of the bill would
cost between $5 million and $7 million over the 1998 2002 period and
that implementing the International Relations Committee's version would
cost about $2.2 million over the same period. The estimated cost under
current policies and for the National Security Committee's version is
$4.5 million.
Estimate prepared by: Federal Costs: Rachel Forward, Revenues: Alyssa
Trzeszkowski, Impact on State, Local, and Tribal Governments: Pepper
Santalucia.
Estimate approved by: Robert A. Sunshine, Deputy Assistant Director
for Budget Analysis.
COMMITTEE COST ESTIMATE
Pursuant to Clause 7(a) of rule XIII of the Rules of the House of
Representatives, the committee generally concurs with the estimate
contained in the report of the Congressional Budget Office.
INFLATION IMPACT STATEMENT
Pursuant to clause 2(l)(4) of rule XI of the Rules of the House of
Representatives, the committee concludes that the bill would have no
significant inflationary impact.
OVERSIGHT FINDINGS
With respect to clause 2(l)(3)(A) of rule XI of the Rules of the
House of Representatives, this legislation results from hearings and
other oversight activities conducted by the committee pursuant to clause
2(b)(1) of rule X.
With respect to clause 2(l)(3)(B) of rule XI of the Rules of the
House of Representatives and section 308(a)(1) of the Congressional
Budget Act of 1974, this legislation does not include any new spending
or credit authority, nor does it provide for any increase or decrease in
tax revenues or expenditures. The fiscal features of this legislation
are addressed in the estimate prepared by the Director of the
Congressional Budget Office under section 403 of the Congressional
Budget Act of 1974.
With respect to clause 2(l)(3)(D) of rule XI of the Rules of the
House of Representatives, the committee has not received a report from
the Committee on Government Reform and Oversight pertaining to the
subject matter of H.R. 695.
CONSTITUTIONAL AUTHORITY STATEMENT
Pursuant to clause 2(l)(4) of rule XI of the Rules of the House of
Representatives, the committee finds the authority for this legislation
in Article I, section 8 of the United States Constitution.
STATEMENT OF FEDERAL MANDATES
Pursuant to section 423 of Public Law 104 4, this legislation
contains no federal mandates with respect to state, local, and tribal
governments, nor with respect to the private sector. Similarly, the bill
provides no unfunded federal intergovernmental mandates.
ROLLCALL VOTE
In accordance with clause 2(l)(2)(B) of rule XI of the Rules of the
House of Representatives, a rollcall vote was taken with respect to the
committee's consideration of H.R. 695. The record of this vote is
attached to this report.
The committee ordered H.R. 695, as amended, reported to the House
with a favorable recommendation by a voice vote, a quorum being present.
Offset Folio 15 Inserts Here
CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED
The bill was referred to this committee for consideration of such
provisions of the bill as fall within the jurisdiction of this committee
pursuant to clause 1(k) of rule X of the Rules of the House of
Representatives. The changes made to existing law by the amendment
reported by the Committee on the Judiciary are shown in the report filed
by that committee (Rept. 105 108, Part 1). The amendments made by this
committee do not make any changes in existing law.
ADDITIONAL VIEWS OF CONGRESSMAN PATRICK J. KENNEDY
Mr. Chairman, as a member of the House National Security Committee
for almost three years, I have voted in favor of research and
development of advanced technology, I have supported procurement of
state of the art weapons systems and I have advocated greater funding
for training and educating our armed forces. I am proud of the role our
committee plays in working to ensure our men and women in uniform are
properly equipped to meet the many challenges and missions our nation
asks of them. After having received a classified briefing by the
National Security Agency, I now believe that if we support H.R. 695, the
``Security and Freedom through Encryption Act'', as introduced, we would
effectively nullify the many important national security investments
made by this committee.
Let me be clear, I support providing American businesses the
opportunity to be competitive in the export of encryption products but I
also understand the importance of limited export controls to the
intelligence community and to our country's national security. Our
national security and our economic interests should not be interpreted
as mutually exclusive. I am convinced that any legislation we pass must
strike a balance between our national security concerns and our economic
interests. Unfortunately, H.R. 695, as introduced, fails to strike this
balance. Rather than providing a means to assess the impact of
encryption exports on our national security, this bill opens the
floodgates and threatens to overwhelm our intelligence infrastructure.
I do believe that if we make modifications to H.R. 695, it is
entirely possible to address some of the more important security and
economic concerns The amendment offered today by Mr. Weldon and Mr.
Dellums provides us that chance. The Weldon-Dellums amendment does not
prevent or stop the export of encryption products. Rather than the
immediate decontrol of strong encryption products which would come with
H.R. 695, the amendment proposes responsible limits for the export of
encryption technology, limits which are in part determined by a
product's threat to national security.
The limits are necessary given the fact that today, a significant
portion of the intelligence we collect is not encrypted. That
information we glean is vital to threat warning, attack assessment and
gaining tactical/information supremacy. Should our adversaries suddenly
have access to strong encryption products, our intelligence community
would be hampered and severely overwhelmed. Instantly we would put in
jeopardy our ability to decode and decipher information from the
predominant threats our country faces today: terrorist organizations,
rogue nations and drug traffickers.
It is important to keep in mind that the limits included in the
amendment are not permanent. The Administration would be forced to
re-evaluate threshold levels every year in order to keep pace with
technology. The Congress would then have the opportunity to review the
appropriateness of the level and enact legislation to respond should it
so choose. By ensuring that the threshold is reviewed on an annual
basis, a process is created whereby we can assess the impact of the
exports on our intelligence gathering and assessment capabilities while
also providing a mechanism to alter the limits when conditions permit.
Both Mr. Weldon and Mr. Dellums should be commended for their hard
work in crafting a bipartisan amendment to H.R. 695, an amendment which
seeks to find that delicate balance between our national security
requirements and ensuring our companies are provided the opportunity to
compete.
Patrick J. Kennedy.
SUPPLEMENTAL VIEWS OF HON. JANE HARMAN
The debate over H.R. 695 and encryption has shed invaluable light on
the difficult choices policy makers have to make in fashioning a policy
where national security concerns and U.S. international competitiveness
come into direct conflict. To be sure, our nation's security must be
preeminent, and I don't doubt from the committee's hearings on the bill
and from my conversations that the individuals and the companies which
comprise the computer software industry designing encryption agree with
this assessment.
At the same time, policy makers cannot let security concerns unduly
restrict the ability of a vibrant and growing segment of our economy to
compete on international markets--markets which they currently and
rightly dominate. In our zeal to protect technologies which have defense
and law enforcement implications, we should not adopt policies that
stifle our own domestic enterprises and hand the lead to foreign
entities beyond our own laws.
How we balance these competing goals, albeit not equally so, is the
objective of the amendment offered by my colleagues, Mr. Weldon and Mr.
Dellums, which the committee approved as a substitute to the original
title 3 of H.R. 695. I support their objective, but am not persuaded
that a revision in our export control policy is the best means of
achieving it. In voting for the substitute amendment during the
committee's mark-up, I outlined some reservations and would like at this
time to offer some suggestions that would in my view, improve the
approach the bill takes.
First, encourage, if not direct, the Administration to engage other
countries on this issue. Given the availability of this technology
abroad, and the ease of its dissemination, a unilateral export control
policy on encryption will not work. We must work out a multilateral
approach.
Second, drop the requirement that the Secretary of Commerce must have
the concurrence of the Secretary of Defense to grant a license
exception. Including this requirement is a step backwards from current
policy. Under current export control policy there is a mechanism by
which national security agencies like the Department of Defense can
raise specific concerns with the Commerce Department as it reviews
export license applications. No evidence has been presented to suggest
that the current mechanism is broken and it should be used for
encryption export licenses as well. Giving the DoD what is in effect a
veto may result in the denial of export licenses for otherwise eligible
encryption products.
Third, provide guidance or outline specific criteria for the
President to use in setting the maximum level of encryption below which
license exceptions would be granted. Encryption technology develops
rapidly and we need to ensure that advances made both domestically and
abroad are taken into consideration so that U.S. companies are not
penalized by the setting of an artificially low encryption strength
level. As such, the committee should at minimum specifically require the
President to conduct a rigorous assessment of the range and quality of
encryption products available in foreign markets and require he explain
why that should not be the maximum strength level.
Fourth, set forth a specific period of time within which companies
seeking license exceptions for their products can expect to have their
application reviewed and either approved or rejected. During this time
frame, the relevant federal agencies could examine the encryption
technology in question and have the applicant respond to any national
security concerns the technology raises. It is important that this
period of time be narrowly defined, in order to assure fairness and
predictability to U.S. companies seeking to market their technology in a
timely fashion.
Fifth, set forth specific penalties for companies that seek to
exploit loopholes or ambiguities or circumvent the limits and ensure
their enforcement.
I again commend Messrs. Weldon and Dellums for their leadership in
fashioning a much improved title 3 for the bill. The suggested changes
I've outlined above, and other changes I hope to offer during the course
of the bill's consideration in the House, will strike an even better
balance in this important policy debate.
Jane Harman.
SUPPLEMENTAL VIEWS OF HON. LORETTA SANCHEZ
Many of us when we think of encryption imagine the ``ENIGMA'' code
breaking machines of World War Two or the American Indian ``code
talkers'' that helped us anticipate and defeat Nazi and Imperial
Japanese attacks. Those methods were mechanical or human-based, and
often depended on simple arithmetical slight of hand to trick the enemy.
Today, encryption is complex mathematical algorithms that have become an
entirely new branch of mathematics involving intense academic study.
Until recently encryption was limited to governments and large
companies through U.S. export limitations and by the limitations of
existing hardware and software technologies. All that began to change as
the desktop computer became more prevalent and the computing power
available to the average user jumped by leaps and bounds every year.
When discussing the power of the PC observers of the information
technology industry often predict that the computing power of
microprocessors would double roughly every 18 months.
Because of this the rapidly developing speed and growth of computers,
the age of the ``unbreakable code'' has long since passed. Manufacturers
of encryption technology are engaged in a rapidly accelerating race to
develop the newest and strongest code that can withstand attacks from
the increasingly powerful computers of the day. And it isn't just big
companies and governments that have the technology to break codes. Last
January, a graduate student broke a 40-bit code in just three-and-a-half
hours, the toughest code form American companies at the time were
allowed to export.
Today, American companies are the world leaders in encryption
technology, but other companies and nations are catching up. Strong
encryption products and knowledge about the science of cryptography is
not limited to the United States. A savvy computer user anywhere in the
world can with just a few clicks of the mouse find U.S. export-embargoed
encryption. Many freelancing code hackers maintain off-shore Internet
meeting sites to discuss the newest holes in encryption products.
The proposed export controls which the Administration argues helps to
keep strong encryption out of the hands of foreign adversaries will have
little or no effect. Strong encryption is available abroad and US
companies are being put at a competitive disadvantage in the global
marketplace.
With this bleak and seemingly hopeless picture in mind how do we
protect ourselves from the threat of rogue nations and other adversaries
cloaking their communications from American National Security efforts?
The only viable solution is through supporting a robust and aggressively
competitive cryptography industry in the United States. We must ensure
that the United States continues to maintain the deepest pool of
cryptographic experts in the world. American export limitations will
only serve to create a brain drain of these precious resources as
leading scientists leave our shores for more lucrative and accommodating
surroundings.
All of us care about our national security and no one wants to make
it any easier for criminals and terrorists to commit criminal acts. But
we must also recognize encryption technologies as an increasingly sharp
double-edged sword. It can also aid law enforcement and protect national
security by limiting the threat of industrial espionage and foreign
spying, but only when Americans are able to produce the sharpest swords
and the strongest encryption.
I would also like to state for the record that for the reasons stated
above, I do not support the Dellums-Weldon Amendment to H.R. 695, and
would have voted against it.
Loretta Sanchez.
|
NEWSLETTER
|
| Join the GlobalSecurity.org mailing list |
|
|
|
