10 November 1997
Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html

-------------------------------------------------------------------------

[Congressional Record: November 9, 1997 (Extensions)]
[Page E2276]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr09no97-17]


         STRONG ENCRYPTION NEEDED TO PROTECT NATIONAL SECURITY

                                 ______


                           HON. DAVID DREIER

                             of california

                    in the house of representatives

                       Saturday, November 8, 1997

  Mr. DREIER. Mr. Speaker, computers not only make virtually every
aspect of our lives easier, we depend on their efficient operation to
help safeguard our national security, economy, and way of life. Yet all
it takes is a determined criminal with a personal computer and an
Internet connection to cause a great deal of harm. That's why it's
crucial that America protects sensitive information in computers with
the best technology available.
  Ensuring the security of information stored in computers, and
preventing criminals from breaking into critical systems requires
encryption software, which uses mathematical formulas to scramble
sensitive information so it can only be accessed by authorized users,
who have the `key' to decode the material. The more complex the
formula, the tougher it is for an unauthorized user to decipher the
scrambled material. While American companies generally hold an edge
over their foreign competitors in the development of advanced
encryption software, export controls allow them to export only
relatively simple encryption products. Over 400 companies outside the
United States produce encryption software, and most are not subject to
the same restrictions as U.S. companies. These companies are increasing
their share of the rapidly expanding world market for encryption
software at the expense of U.S. firms, which are not allowed to
compete.
  The Clinton administration has proposed a radical change in
encryption policy, one that would impose a mandatory key recovery
system on encryption software used in the United States and exported
abroad. Key recovery would require the maintenance of a centralized
databank with all the Nation's encryption keys, and is primarily
intended to help law-enforcement and increase national security. If
police or other law-enforcement officials believe criminals have
encrypted information that would help prevent a crime or catch a
lawbreaker, they would obtain a court order, then retrieve the key from
the centralized database. They could then convert the encrypted
information back into its original form. Not only does this proposal
raise concerns about how to prevent criminals from breaking into the
key database, and about the privacy of law-abiding users of electronic
commerce and Internet communications, it probably won't work.
  While the Clinton administration is working to require that U.S.
companies only export advanced encryption software that uses a key
recovery system, many other nations will impose no similar requirement
on their firms. Because criminals will find it easy to import that
software over the Internet, by electronic mail, on compact discs, or in
some other way, they will continue to use encryption programs that U.S.
law enforcement agencies don't have keys to. The people most affected
by the mandatory key recovery system will be lawful Internet users, not
the criminals and terrorists it is intended to combat.
  Furthermore, prohibiting the export of encryption programs that don't
include a key recovery system will make it impossible for American
companies to compete with foreign firms that are not similarly limited.
American companies will stop competing in a key technology in which
they now hold a lead. It will cost U.S. jobs, and prevent advances in a
technology that is critical to defending the United States from
terrorists, criminals, and even simple hackers. Instead, Congress
should lift the controls on encryption software, encourage development
of this promising technology, and focus resources on helping police
develop better tools to catch criminals who use encryption in the
commission of a crime.

                          ____________________
