Förderverein Informationstechnik und Gesellschaft
William A. Reinsch Under Secretary for Export Administration Department of Commerce
Before the House Committee on the Judiciary Subcommittee on Courts and Intellectual Property
On The Security and Freedom through Encryption Act
March 4, 1999
Thank you, Mr Chairman, for the opportunity to testify on the direction of the Administration's encryption policy. We have made a great deal of progress since my last testimony on this subject in September 1997.
Even so, encryption remains a hotly debated issue. The Administration continues to support a balanced approach which considers privacy and commerce as well as protecting important law enforcement and national security equities. We have been consulting closely with industry and its customers to develop a policy that provides that balance in a way that also reflects the evolving realities of the market place.
The Internet and other electronic media are becoming increasingly important to the conduct of international business. One of the many uses of the Internet which will have a significant affect on our everyday lives is electronic commerce. According to a recent study, the value of e-commerce transactions in 1996 was $12 million. The projected value of e-commerce in 2000 is $2.16 billion. Many service industries which traditionally required face to face interaction such as banks, financial institutions, and retail merchants are now providing cyber service. Customers can now sit at their home computers and access their banking and investment accounts or buy a winter jacket with a few strokes of their keyboard.
Furthermore, most businesses maintain their records and other proprietary information, such as health records or sales strategies, electronically. They now conduct many of their day-to-day communications and business transactions via the Internet and E-mail. An inevitable byproduct of this growth of electronic commerce is the need for strong encryption to provide the necessary secure infrastructure for electronic communications, transactions and networks. The disturbing increase in computer crime and electronic espionage has made people and businesses wary of posting their private and company proprietary information on electronic networks if they believe the infrastructure may not be secure. A robust secure infrastructure can help allay these fears, and allow electronic commerce to continue its explosive growth.
Developing a new encryption policy has been complicated because we do not want to hinder its legitimate use -- particularly for electronic commerce; yet at the same time we want to protect our vital national security, foreign policy and law enforcement interests. We have concluded that the best way to accomplish this was to continue a balanced approach: to promote the development of strong encryption products that would allow lawful government access to plaintext under carefully defined circumstances; to promote the legitimate uses of strong encryption to protect confidentiality; and continue looking for additional ways to protect important law enforcement and national security interests.
With respect to H.R.850, the Administration opposes this legislation as we did its predecessor in the last Congress. The bill proposes export liberalization far beyond what the Administration can entertain and which would be contrary to our international export control obligations. Despite some cosmetic changes the authors have made, the bill in letter and spirit would destroy the balance we have worked so hard to achieve and would jeopardize our law enforcement and national security interests. I defer to other witnesses to describe the impact of the bill on their equities, but let me describe two of its other problems
First, I want to reiterate that this Administration is not seeking controls or restraints on domestic manufacture or use of encryption. We continue to believe the best way to make progress on ways to assist law enforcement is through a constructive dialogue. As a result, we see no need for the statutory prohibitions contained in the bill.
Second, once again we must take exception to the bill's export control provisions. In particular, the references to IEEPA as I understand them would preclude controls under current circumstances and in any future situation where the EAA had expired, and the definition of general availability, as in the past, would preclude export controls over most software.
In addition, whether intended or not, we believe the bill as drafted could inhibit the development of key recovery even as a viable commercial option for those corporations and end users that want it in order to guarantee access to their data. The Administration has repeatedly stated that it does not support mandatory key recovery, but we endorse and encourage development of voluntary key recovery systems, and, based on industry input, we see growing demand for them, especially corporate key recovery, that we do not want to cut off.
As this Committee knows better than most, public debate over encryption policy has been spirited. Many on both sides of the debate have had difficulty grasping their counterparts' views or realizing that there is a middle ground. Our dialogue with industry has gone a long way toward bridging that gap and finding common ground. We will continue this policy of cooperative exchange as it is clearly the best way to pursue our policy objectives of balancing public safety, national security, and the competitive interests of US companies.