[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Reinsch on U.S. Crypto Policy

------------------------------- CUT -------------------------------

                     Bureau of Export Administration
                     U. S. Department of Commerce

                                Testimony of William A. Reinsch
                                Under Secretary for Export
                                        Department of Commerce

                                                Before the
                        House Committee on International Relations
                              Subcommittee on International Economic
                                                and Trade

                          Encryption: Security in a High Tech Era 

                                               May 18, 1999

                     Thank you, Madam Chairman, for the opportunity to
                     testify on the direction of the Administration's
                     encryption policy. We have made a great deal of
                     progress since my last testimony before this
                     Committee on this subject.

                     Even so, encryption remains a hotly debated
                     issue. The Administration continues to support a
                     balanced approach which considers privacy and
                     commerce as well as protecting important law
                     enforcement and national security equities. We
                     have been consulting closely with industry and
                     its customers to develop a policy that provides
                     that balance in a way that also reflects the
                     evolving realities of the market place.

                     The Internet and other digital media are becoming
                     increasingly important to the conduct of
                     international business. There were 43.2 million
                     Internet hosts worldwide last January compared to
                     only 5.8 million in January 1995. One of the many
                     uses of the Internet which will have a
                     significant effect on our everyday lives is
                     electronic commerce. According to a recent study,
                     the value of e-commerce transactions in 1996 was
                     $12 million. The projected value of e-commerce in
                     2000 is $2.16 billion. To cite one example,
                     travel booked on Microsoft's Website has doubled
                     every year since 1997, going from 500,000 to an
                     estimated 2.2 million this year. Many service
                     industries which traditionally required
                     face-to-face interaction such as banks, financial
                     institutions and retail merchants are now
                     providing cyber service. Customers can now sit at
                     their home computers and access their banking and
                     investment accounts or buy a winter jacket with a
                     few strokes of their keyboard.

                     Furthermore, most businesses maintain their
                     records and other proprietary information
                     electronically. They now conduct many of their
                     day-to-day communications and business
                     transactions via the Internet and E-mail. An
                     inevitable byproduct of this growth of electronic
                     commerce is the need for strong encryption to
                     provide the necessary secure infrastructure for
                     digital communications, transactions and
                     networks. The disturbing increase in computer
                     crime and electronic espionage has made people
                     and businesses wary of posting their private and
                     company proprietary information on electronic
                     networks if they believe the infrastructure may
                     not be secure. A robust secure infrastructure can
                     help allay these fears, and allow electronic
                     commerce to continue its explosive growth.


                     This past year, we also made progress on
                     developing a common international approach to
                     encryption controls through the Wassenaar
                     Arrangement. Established in 1996 as the successor
                     to COCOM, it is a multilateral export control
                     arrangement among 33 countries whose purpose is
                     to prevent destabilizing accumulations of arms
                     and civilian items with military uses in
                     countries or regions of concern. Wassenaar
                     provides the basis for many of our export

                     In December, through the hard work of Ambassador
                     David Aaron, the President's special envoy on
                     encryption, the Wassenaar Arrangement members
                     agreed on several changes relating to encryption
                     controls. These changes go a long way toward
                     increasing international security and public
                     safety by providing countries with a stronger
                     regulatory framework for managing the spread of
                     robust encryption.

                     Specific changes to multilateral encryption
                     controls include removing multilateral controls
                     on all encryption products at or below 56 bit and
                     certain consumer items regardless of key length,
                     such as entertainment TV systems, DVD products,
                     and on cordless telephone systems designed for
                     home or office use.

                     Most importantly, the Wassenaar members agreed to
                     remove encryption software from Wassenaar's
                     General Software Note and replace it with a new
                     cryptography note. Drafted in 1991, when banks,
                     government and militaries were the primary users
                     of encryption, the General Software Note allowed
                     countries to permit the export of mass market
                     encryption software without restriction. The GSN
                     was created to release general purpose software
                     used on personal computers, but it inadvertently
                     encouraged some signatory countries to permit the
                     unrestricted export of encryption software. It
                     was essential to modernize the GSN and close the
                     loophole that permitted the uncontrolled export
                     of encryption with unlimited key length. Under
                     the new cryptography note, mass market hardware
                     has been added and a 64-bit key length or below
                     has been set as an appropriate threshold. This
                     will result in government review of the
                     dissemination of mass market software of up to 64

                     I want to be clear that this does not mean
                     encryption products of more than 64 bits cannot
                     be exported. Our own policy permits that, as does
                     the policy of most other Wassenaar members. It
                     does mean, however, that such exports must be
                     reviewed by governments consistent with their
                     national export control procedures.

                     Export control policies without a multilateral
                     approach have little chance of success.
                     Agreement, by the Wassenaar members, to close the
                     loophole for mass market encryption products is a
                     strong indication that other countries are
                     beginning to share our public safety and national
                     security concerns. Contrary to what many people
                     thought two years ago, we have found that most
                     major encryption producing countries are
                     interested in developing a harmonized
                     international approach to encryption controls.

                     At the same time, we recognize that this is an
                     evolutionary process, and we intend to continue
                     our dialogue with industry. Our policy should
                     continue to adapt to technology and market
                     changes. We will review our policy again this
                     year with a view toward making further changes.
                     An important component of our review is input
                     from industry, which we are receiving through our
                     continuing dialogue.


------------------------------- CUT -------------------------------