通过加密(安全)行动保障安全和自由 - 金博宝网站,金博宝正规网址,金博宝更改账户

43 673 105大会留下了。105 108众议院第1届会议第5部分通过加密（安全）法律公告（安全）ACT 1997年9月29日.--致力于联盟的全部房屋委员会，并命令被打印到Bliley先生Committee on Commerce, submitted the following R E P O R T together with DISSENTING AND ADDITIONAL VIEWS [To accompany H.R. 695] [Including cost estimate of the Congressional Budget Office] The Committee on Commerce, to whom was referred the bill (H.R. 695) to amend title 18, United States Code, to affirm the rights of United States persons to use and sell encryption and to relax export controls on encryption, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Amendment 2 Purpose and Summary 6 Background and Need for Legislation 7 Hearings 10 Committee Consideration 11 Rollcall Votes 11 Committee Oversight Findings 15 Committee on Government Reform and Oversight 15 New Budget Authority and Tax Expenditures 15 Committee Cost Estimate 15 Congressional Budget Office Estimate 15 Federal Mandates Statement 19 Advisory Committee Statement 19 Constitutional Authority Statement 19 Applicability to Legislative Branch 19 Section-by-Section Analysis of the Legislation 19 Changes in Existing Law Made by the Bill, As Reported 23 Dissenting and Additional Views 29, 42 AMENDMENT The amendment is as follows: Strike out all after the enacting clause and insert in lieu thereof the following: SECTION 1. SHORT TITLE. This Act may be cited as the ``Security and Freedom Through Encryption (SAFE) Act''. SEC. 2. SALE AND USE OF ENCRYPTION. (a) In General.--Part I of title 18, United States Code, is amended by inserting after chapter 123 the following new chapter: ``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION ``2801. Definitions. ``2802. Assistance for law enforcement. ``2803. Freedom to sell encryption. ``2804. Prohibition on mandatory key escrow. ``2805. Unlawful use of encryption in furtherance of a criminal act. ``2806. Liability limitations. ``2801. Definitions ``As used in this chapter-- ``(1) the terms `person', `State', `wire communication', `electronic communication', and `investigative or law enforcement officer' have the meanings given those terms in section 2510 of this title; ``(2) the terms `encrypt' and `encryption' refer to the scrambling of wire communications, electronic communications, or electronically stored information, using mathematical formulas or algorithms in order to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering, such communications or information; ``(3) the term `key' means the variable information used in a mathematical formula, code, or algorithm, or any component thereof, used to decrypt wire communications, electronic communications, or electronically stored information, that has been encrypted; and ``(4) the term `United States person' means-- ``(A) any United States citizen; ``(B) any other person organized under the laws of any State; and ``(C) any person organized under the laws of any foreign country who is owned or controlled by individuals or persons described in subparagraphs (A) and (B). ``2802. Assistance for law enforcement ``(a) National Electronic Technologies Center.-- ``(1) Establishment.--There is established in the Department of Justice a National Electronic Technologies Center (in this subsection referred to as the `NET Center'). ``(2) Director.--The NET Center shall have a Director, who shall be appointed by the Attorney General. ``(3) Duties.--The duties of the NET Center shall be-- ``(A) to serve as a center for Federal, State, and local law enforcement authorities for information and assistance regarding decryption and other access requirements; ``(B) to serve as a center for industry and government entities to exchange information and methodology regarding information security techniques and technologies; ``(C) to examine encryption techniques and methods to facilitate the ability of law enforcement to gain efficient access to plaintext of communications and electronic information; ``(D) to conduct research to develop efficient methods, and improve the efficiency of existing methods, of accessing plaintext of communications and electronic information; ``(E) to investigate and research new and emerging techniques and technologies to facilitate access to communications and electronic information, including-- ``(i) reverse-steganography; ``(ii) decompression of information that previously has been compressed for transmission; and ``(iii) de-multiplexing; and ``(F) to obtain information regarding the most current hardware, software, telecommunications, and other capabilities to understand how to access information transmitted across networks. ``(4) Equal access.--State and local law enforcement agencies and authorities shall have access to information, services, resources, and assistance provided by the NET Center to the same extent that Federal law enforcement agencies and authorities have such access. ``(5) Personnel.--The Director may appoint such personnel as the Director considers appropriate to carry out the duties of the NET Center. ``(6) Assistance of other federal agencies.--Upon the request of the Director of the NET Center, the head of any department or agency of the Federal Government may, to assist the NET Center in carrying out its duties under this subsection-- ``(A) detail, on a reimbursable basis, any of the personnel of such department or agency to the NET Center; and ``(B) provide to the NET Center facilities, information, and other non-personnel resources. ``(7) Private industry assistance.--The NET Center may accept, use, and dispose of gifts, bequests, or devises of money, services, or property, both real and personal, for the purpose of aiding or facilitating the work of the Center. Gifts, bequests, or devises of money and proceeds from sales of other property received as gifts, bequests, or devises shall be deposited in the Treasury and shall be available for disbursement upon order of the Director of the NET Center. ``(8) Advisory board.-- ``(A) Establishment.--There is established the Advisory Board of the Strategic NET Center for Excellence in Information Security (in this paragraph referred to as the `Advisory Board'), which shall be comprised of members who have the qualifications described in subparagraph (B) and who are appointed by the Attorney General. The Attorney General shall appoint a chairman of the Advisory Board. ``(B) Qualifications.--Each member of the Advisory Board shall have experience or expertise in the field of encryption, decryption, electronic communication, information security, electronic commerce, or law enforcement. ``(C) Duties.--The duty of the Advisory Board shall be to advise the NET Center and the Federal Government regarding new and emerging technologies relating to encryption and decryption of communications and electronic information. ``(9) Implementation plan.--Within 2 months after the date of the enactment of the Security and Freedom Through Encryption (SAFE) Act, the Attorney General shall, in consultation and cooperation with other appropriate Federal agencies and appropriate industry participants, develop and cause to be published in the Federal Register a plan for establishing the NET Center. The plan shall-- ``(A) specify the physical location of the NET Center and the equipment, software, and personnel resources necessary to carry out the duties of the NET Center under this subsection; ``(B) assess the amount of funding necessary to establish and operate the NET Center; and ``(C) identify sources of probable funding for the NET Center, including any sources of in-kind contributions from private industry. ``(b) Freedom of Use.--Subject to section 2805, it shall be lawful for any person within any State, and for any United States person in a foreign country, to use any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used. No Federal or State law or regulation may condition the issuance of certificates of authentication or certificates of authority for any encryption product upon any escrowing or other sharing of private encryption keys, whether with private agents or government entities, or establish a licensing, labeling, or other regulatory scheme for any encryption product that requires key escrow as a condition of licensing or regulatory approval. ``2803. Freedom to sell encryption ``Subject to section 2805, it shall be lawful for any person within any State to sell in interstate commerce any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used. ``2804. Prohibition on mandatory key escrow ``(a) Prohibition.--No person in lawful possession of a key to encrypted communications or information may be required by Federal or State law to relinquish to another person control of that key. ``(b) Exception for Access for Law Enforcement Purposes.--Subsection (a) shall not affect the authority of any investigative or law enforcement officer, or any member of the intelligence community as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 401a), acting under any law in effect on the effective date of this chapter, to gain access to encrypted communications or information. ``2805. Unlawful use of encryption in furtherance of a criminal act ``Any person who, in the commission of a felony under a criminal statute of the United States, knowingly and willfully encrypts incriminating communications or information relating to that felony with the intent to conceal such communications or information for the purpose of avoiding detection by law enforcement agencies or prosecution-- ``(1) in the case of a first offense under this section, shall be imprisoned for not more than 10 years, or fined in the amount set forth in this title, or both; and ``(2) in the case of a second or subsequent offense under this section, shall be imprisoned for not more than 20 years, or fined in the amount set forth in this title, or both. ``2806. Liability limitations ``No person shall be subject to civil or criminal liability for providing access to the plaintext of encrypted communications or electronic information to any law enforcement official or authorized government entity, pursuant to judicial process.''. (b) Study.--Within 6 months after the date of the enactment of this Act, the National Telecommunications and Information Administration shall conduct a study, and prepare and submit to the Congress and the President a report regarding such study, that-- (1) assesses the effect that establishment of a mandatory system for recovery of encryption keys for encrypted communications and information would have on-- (A) electronic commerce; (B) data security; (C) privacy in interstate commerce; and (D) law enforcement authorities and activities; and (2) assesses other possible methods for providing access to encrypted communications and information to further law enforcement activities. (c) Conforming Amendment.--The table of chapters for part I of title 18, United States Code, is amended by inserting after the item relating to chapter 123 the following new item: ``125. Encrypted wire and electronic information 2801''. SEC. 3. EXPORTS OF ENCRYPTION. (a) Amendment To Export Administration Act of 1979.--Section 17 of the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended by adding at the end thereof the following new subsection: ``(g) Computers and Related Equipment.-- ``(1) General rule.--Subject to paragraphs (2), (3), and (4), the Secretary shall have exclusive authority to control exports of all computer hardware, software, and technology for information security (including encryption), except that which is specifically designed or modified for military use, including command, control, and intelligence applications. ``(2) Items not requiring licenses.--No validated license may be required, except pursuant to the Trading With The Enemy Act or the International Emergency Economic Powers Act (but only to the extent that the authority of such Act is not exercised to extend controls imposed under this Act), for the export or reexport of-- ``(A) any software, including software with encryption capabilities-- ``(i) that is generally available, as is, and is designed for installation by the purchaser; or ``(ii) that is in the public domain for which copyright or other protection is not available under title 17, United States Code, or that is available to the public because it is generally accessible to the interested public in any form; or ``(B) any computing device solely because it incorporates or employs in any form software (including software with encryption capabilities) exempted from any requirement for a validated license under subparagraph (A). ``(3) Software with encryption capabilities.--The Secretary shall authorize the export or reexport of software with encryption capabilities for nonmilitary end uses in any country to which exports of software of similar capability are permitted for use by financial institutions not controlled in fact by United States persons, unless there is substantial evidence that such software will be-- ``(A) diverted to a military end use or an end use supporting international terrorism; ``(B) modified for military or terrorist end use; or ``(C) reexported without any authorization by the United States that may be required under this Act. ``(4) Hardware with encryption capabilities.--The Secretary shall authorize the export or reexport of computer hardware with encryption capabilities if the Secretary determines that a product offering comparable security is commercially available outside the United States from a foreign supplier, without effective restrictions. ``(5) Definitions.--As used in this subsection-- ``(A) the term `encryption' means the scrambling of wire or electronic information using mathematical formulas or algorithms in order to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering, such information; ``(B) the term `generally available' means, in the case of software (including software with encryption capabilities), software that is offered for sale, license, or transfer to any person without restriction, whether or not for consideration, including, but not limited to, over-the-counter retail sales, mail order transactions, phone order transactions, electronic distribution, or sale on approval; ``(C) the term `as is' means, in the case of software (including software with encryption capabilities), a software program that is not designed, developed, or tailored by the software publisher for specific purchasers, except that such purchasers may supply certain installation parameters needed by the software program to function properly with the purchaser's system and may customize the software program by choosing among options contained in the software program; ``(D) the term `is designed for installation by the purchaser' means, in the case of software (including software with encryption capabilities) that-- ``(i) the software publisher intends for the purchaser (including any licensee or transferee), who may not be the actual program user, to install the software program on a computing device and has supplied the necessary instructions to do so, except that the publisher may also provide telephone help line services for software installation, electronic transmission, or basic operations; and ``(ii) the software program is designed for installation by the purchaser without further substantial support by the supplier; ``(E) the term `computing device' means a device which incorporates one or more microprocessor-based central processing units that can accept, store, process, or provide output of data; and ``(F) the term `computer hardware', when used in conjunction with information security, includes, but is not limited to, computer systems, equipment, application-specific assemblies, modules, and integrated circuits.''. (b) Continuation of Export Administration Act.--For purposes of carrying out the amendment made by subsection (a), the Export Administration Act of 1979 shall be deemed to be in effect. SEC. 4. TREATMENT OF ENCRYPTION IN INTERSTATE AND FOREIGN COMMERCE. (a) Inquiry Regarding Impediments to Trade.--Within 180 days after the date of the enactment of this Act, the Secretary of Commerce shall complete an inquiry to-- (1) identify any domestic and foreign impediments to trade in encryption products and services and the manners in which and extent to which such impediments inhibit the development of interstate and foreign commerce; and (2) identify import restrictions imposed by foreign nations that constitute unfair trade barriers to providers of encryption products or services. The Secretary shall submit a report to the Congress regarding the results of such inquiry by such date. (b) Removal of Impediments to Trade.--Within 1 year after such date of enactment, the Secretary of Commerce, in consultation with the Attorney General, shall prescribe such regulations as may be necessary to reduce the impediments to trade in encryption products and services identified in the inquiry pursuant to subsection (a) for the purpose of facilitating the development of interstate and foreign commerce. Such regulations shall be designed to-- (1) promote the sale and distribution in foreign commerce of encryption products and services manufactured in the United States; and (2) strengthen the competitiveness of domestic providers of encryption products and services in foreign commerce. (c) International Agreements.-- (1) Report to president.--Upon the completion of the inquiry under subsection (a), the Secretary of Commerce shall submit a report to the President regarding reducing any impediments to trade in encryption products and services that are identified by the inquiry and could, in the determination of the Secretary, require international negotiations for such reduction. (2) Negotiations.--The President shall take all actions necessary to conduct negotiations with other countries for the purposes of (A) concluding international agreements on the promotion of encryption products and services, and (B) achieving mutual recognition of countries' export controls, in order to meet the needs of countries to preserve national security, safeguard privacy, and prevent commercial espionage. The President may consider a country's refusal to negotiate such international export and mutual recognition agreements when considering the participation of the United States in any cooperation or assistance program with that country. The President shall submit a report to the Congress regarding the status of international efforts regarding cryptography not later than December 31, 2000. (d) Definitions.--For purposes of this section, the following definitions shall apply: (1) Communication.--The term ``communication'' includes wire communication and electronic communication. (2) Decrypt; decryption.--The terms ``decrypt'' and ``decryption'' refer to the electronic retransformation of communications or electronically stored information that has been encrypted into the original form of the communication or information. (3) Electronic communication.--The term ``electronic communication'' has the meaning given such term in section 2510 of title 18, United States Code. (4) Encrypt; encryption.--The terms ``encrypt'' and ``encryption'' have the meanings given such terms in section 2801 of title 18, United States Code (as added by section 2 of this Act). (5) Encryption product.--The term ``encryption product'' means any product, software, or technology that can be used to encrypt and decrypt communications or electronic information and any product, software, or technology with encryption capabilities; (6) Wire communication.--The term ``wire communication'' has the meaning given such term in section 3 of the Communications Act of 1934 (47 U.S.C. 153). SEC. 5. EFFECT ON LAW ENFORCEMENT ACTIVITIES. (a) Collection of Information by Attorney General.--The Attorney General shall compile, and maintain in classified form, data on the instances in which encryption (as defined in section 2801 of title 18, United States Code) has interfered with, impeded, or obstructed the ability of the Department of Justice to enforce the criminal laws of the United States. (b) Availability of Information to the Congress.--The information compiled under subsection (a), including an unclassified summary thereof, shall be made available, upon request, to any Member of Congress. PURPOSE AND SUMMARY The growth of electronic commerce, electronic transactions, and interstate and foreign communications depends ultimately upon the security and privacy of the information or data being transmitted. Encryption and the prolific use of encryption products are essential to facilitate this growth. Accordingly, the Committee on Commerce has an obligation and responsibility to ensure that the use of encryption technologies will have a positive impact on all electronic mediums, including the Internet, and all forms of existing and future electronic commerce. H.R. 695, the Security and Freedom Through Encryption (SAFE) Act, is intended to modernize the encryption policy of the United States. It is also intended to address law enforcement's and national security's needs as strong encryption products become more widely used. In summary, H.R. 695, as amended by the Committee on Commerce, establishes a National Electronic Technologies Center (NET Center) to help Federal, State, and local law enforcement agencies obtain access to encrypted communications. H.R. 695 also states that it is lawful to use encryption products within the United States and requires a study assessing the impact that a mandatory key recovery system would have on, inter alia, electronic commerce. In addition, H.R. 695 prohibits any person from relinquishing an encryption key and provides penalties for using encryption products to conceal incriminating evidence. With respect to export law, H.R. 695 relaxes U.S. export policies by permitting mass-market encryption products to be exported under a general license exception. It also permits other computer hardware and software products to be exported subject to approval by the Secretary of Commerce. Finally, H.R. 695 requires the Secretary of Commerce to study domestic and foreign impediments to trade with respect to encryption products and requires the President to undertake negotiations with other countries as necessary to reduce impediments to U.S. encryption exports, as well as requiring the Attorney General to compile information regarding instances when law enforcement's efforts have been stymied because of the use of strong encryption products. BACKGROUND AND NEED FOR LEGISLATION Encryption is the commonly-used term to describe the use of cryptography to ensure the confidentiality of messages. Encryption products may be computer software, computer hardware, or another piece of equipment that has the capability to encode or decode messages. These products could be used over any electronic medium (e.g., the public switched telephone network or the Internet). The strength of an encryption product, and thus the likelihood that a message will remain confidential as it travels through a network, is measured in terms of bits. For example, a two-bit code results in four possible combinations of messages (00, 01, 10, 11), whereas a 56-bit code results in quadrillions of possible combinations. While encrypting messages was historically the province of the military, the growing use of computers on both public and private networks has led to development of new products designed for non-military purposes. As commercially-available encryption products have increased in strength over the years, the law enforcement community, led by the Federal Bureau of Investigations (FBI) and National Security Agency, has become increasingly concerned with the ability of criminals, international terrorists, and certain countries to gain access to encryption products. Consequently, the Reagan, Bush, and Clinton Administrations have prohibited the export of encryption products with strengths greater than 40-bit key length to limit the proliferation of advanced encryption products that would affect their ability to protect the public safety. In general, a ``key'' is a form of information that is used in a mathematical formula, code, or algorithm to decrypt wire communications, electronic communications, or electronically stored information that has been encrypted. The Federal Government has never limited the use of encryption products domestically. In 1996, the Administration eased the export restrictions and transferred control of export products from the Department of State to the Department of Commerce. The Department of Commerce's new regulations, which embody the Administration's current encryption export policies, can be summarized as follows: There are no restrictions on the ability to buy, sell, manufacture, or distribute encryption products within the United States; Encryption items up to 56-bit key length strength without a ``key recovery system'' will be permitted for export and re-export after a one-time review, if the exporter makes satisfactory commitments to build and/or market a key recovery system. This relaxation of controls expires on December 31, 1998. A key recovery system permits a person to hold and maintain sufficient decryption information to allow for the immediate decryption of the encrypted data or communications of another person for whom that information is held; Weaker encryption products (40-bit key strength or less) or company proprietary software may be exported after a one-time review; Controlled encryption items (such as those items with strengths greater than 56-bit length) may be exported after a one-time review if the items contain key-recovery technology; Controlled encryption items used by banks and financial institutions are generally available for export regardless of whether key recovery is used; and In general, there is a prohibition on exporting encryption items to Cuba, Iran, Iraq, Libya, North Korea, Syria, and Sudan. The Committee on Commerce has been actively following and involved in the encryption debate this Congress. For example, in March 1997, Chairman Bliley and Representative White wrote letters to government leaders and the business community asking a series of questions on the Administration's current policies and on pending legislation. The letters and responses highlighted the two fundamental issues regarding encryption debate: (1) should domestic companies be permitted to export encryption products of any strength, thus increasing the availability of such products in the global market; and (2) should the United States impose any domestic restrictions on the use of encryption products to assist law enforcement's access to encrypted communications. In general, sound encryption policy must balance privacy interests with society's interest to protect the public. To the greatest extent possible, it must also be based on free-market principles. Regarding the arguments in the debate, the business community argues that current U.S. encryption policy harms domestic businesses abroad because they are forced to export weak encryption products that compete with stronger foreign encryption products. Many representatives of the business community also argue that the security of a strong encryption product is jeopardized if it contains a key-recoverable feature. In addition, the business community generally argues that the current policy may impose excessive costs on the industry to the extent they may be forced to develop costly, new key recovery products; manufacture two different products (one for the U.S. (strong) and one for abroad (weaker)); and/or be subject to a burdensome licensing process. Instead, they maintain that a key-recovery system should be developed only if there is market demand for such products. Alternatively, government officials, which include Federal, State, and local law enforcement officials, argue that permitting the export of stronger encryption products without a clear mechanism to decrypt a communication or stored information, when necessary and lawful, will jeopardize public safety and national security. They believe that key-recovery systems must be developed, not only to facilitate lawful searches and seizures, but to help users or employers in the event they lose the ``key'' to decrypt a message. They also argue that widespread use of strong encryption without key recovery would end the use of wiretapping as a tool for fighting crime and that lifting the export restrictions will undermine the Administration's effort to develop a global key-management infrastructure. In addition, they counter that most foreign countries view lifting the export restrictions as America's attempt to dominate world markets at the expense of other nation's national security, thereby forcing these countries to adopt import restrictions to keep American products out of their countries. The existing encryption policy is premised upon the belief that minimizing the proliferation of U.S. manufactured encryption products worldwide will minimize the use of encryption products overall. Thus, current U.S. encryption policy is based upon the theory of containment rather than access. The Committee is not convinced that reliance on export restrictions provides adequate assistance to law enforcement in their ever increasing need to keep up with the latest technologies. In fact, the Committee finds that the current export rules place our domestic manufacturers of encryption products at a competitive disadvantage with our foreign counterparts without addressing the needs of law enforcement. Thus, at a minimum, current export law is not sustainable and potentially harmful to our domestic manufacturers. At the same time, the needs of law enforcement are not being met by changes in technology. The Fourth Amendment and Title III of the Omnibus Crime Control and Safe Streets Act of 1968 permit law enforcement agencies to search, seize, and intercept electronic communications and stored data. With the development of strong encryption technologies, however, law enforcement's efforts are being thwarted because even though they can search, seize, or intercept the information, they cannot understand it because it is encoded. Without the necessary tools, law enforcement does not have the ability to prevent and solve crimes. Consequently, legislation is needed to address the needs of law enforcement to access encrypted communications and to ease existing export restrictions that hamper domestic manufacturers of encryption products. As reported by the Committee on Commerce, H.R. 695 takes a significant step towards addressing the concerns of law enforcement. The legislation creates a ``National Electronic Technologies Center'' (NET Center) that will assemble experts on encryption technology to develop and advise law enforcement officials on how to access encrypted electronic communications or information. The NET Center also will look to the future and assist law enforcement with decryption techniques as new technologies are introduced. The Committee concludes that a partnership between the industry and law enforcement is the best way to help law enforcement protect public safety. The bill, as reported by the Committee, also addresses the needs of domestic manufacturers of encryption products by granting export relief for certain encryption products. This change in export policy should place the U.S. computer industry in a position where domestic companies can compete on a level playing field with their competitors in a global market. Moreover, H.R. 695 seeks to push for further relief for our manufacturers by directing the Department of Commerce to reduce foreign impediments to trade. The Committee has an obligation, through its jurisdiction over export promotion, to ensure that U.S. companies are not harmed in any way by unnecessary or unjust trade barriers. Overall, the Committee finds that H.R. 695, as reported, strikes the appropriate balance between the needs of law enforcement and those of industry. HEARINGS The Subcommittee on Telecommunications, Trade, and Consumer Protection held a hearing on H.R. 695, the Security and Freedom Through Encryption (SAFE) Act, on September 4, 1997. The Subcommittee received testimony from the following witnesses: The Honorable Bob Goodlatte, U.S. Representative, Sixth District, Commonwealth of Virginia; The Honorable Zoe Lofgren, U.S. Representative, Sixteenth District, State of California; The Honorable William A. Reinsch, Under Secretary of Commerce for Export Administration, U.S. Department of Commerce; The Honorable Robert S. Litt, Deputy Assistant Attorney General, Criminal Division, U.S. Department of Justice; Mr. Stephen T. Walker, President and CEO, Trusted Information Systems, Inc.; Mr. Tom Parenty, Director, Data/Communications Security, Sybase, Inc.; Mr. Jerry Berman, Executive Director, Center for Democracy and Technology; and Mr. George A. Keyworth, Chairman, Progress and Freedom Foundation. Prior to hearing from the witnesses, The Honorable William P. Crowell, Deputy Director of the National Security Agency, provided an overview on encryption and described some of the common terms used in the encryption debate. COMMITTEE CONSIDERATION On September 24, 1997, the Committee on Commerce met in an open markup session to consider H.R. 695, the Security and Freedom Through Encryption (SAFE) Act. A unanimous consent request by Mr. Bliley to discharge the Subcommittee on Telecommunications, Trade, and Consumer Protection from further consideration and proceed to the immediate consideration of H.R. 695, as reported to the House by the Committee on the Judiciary, was agreed to without objection. The Committee ordered H.R. 695 reported to the House, amended, by a rollcall vote of 44 yeas to 6 nays. ROLLCALL VOTES Clause 2(l)(2)(B) of rule XI of the Rules of the House requires the Committee to list the recorded votes on the motion to report legislation and amendments thereto. The following are the recorded votes on the motion to report H.R. 695 and on amendments offered to the measure, including the names of those Members voting for and against. Offset Folios 14 to 16 insert here COMMITTEE ON COMMERCE--105TH CONGRESS VOICE VOTES Bill: H.R. 695, Security and Freedom Through Encryption (SAFE) Act Amendment: Amendment in the Nature of a Substitute by Mr. Tauzin. (A unanimous consent request by Mr. Tauzin to have the Amendment in the Nature of a Substitute considered as base text for purposes of further amendment was agreed to without objection.) Disposition: Agreed to, amended, by a voice vote. Amendment: Amendment to the Tauzin Amendment in the Nature of a Substitute by Mr. Tauzin re: add a new section to direct the Secretary of Commerce to reduce interstate and foreign impediments to trade of encryption products and services. Disposition: Agreed to, by a voice vote. COMMITTEE OVERSIGHT FINDINGS Pursuant to clause 2(l)(3)(a) of rule XI of the Rules of the House of Representatives, the Committee held a legislative hearing and made findings that are reflected in this report. COMMITTEE ON GOVERNMENT REFORM AND OVERSIGHT Pursuant to clause 2(l)(3)(D) of rule XI of the Rules of the House of Representatives, no oversight findings have been submitted to the Committee by the Committee on Government Reform and Oversight. NEW BUDGET AUTHORITY AND TAX EXPENDITURES In compliance with clause 2(l)(3)(B) of rule XI of the Rules of the House of Representatives, the Committee finds that H.R. 695, the Security and Freedom Through Encryption (SAFE) Act, would result in no new or increased budget authority or tax expenditures or revenues. COMMITTEE COST ESTIMATE The Committee adopts as its own the cost estimate prepared by the Director of the Congressional Budget Office pursuant to section 403 of the Congressional Budget Act of 1974. CONGRESSIONAL BUDGET OFFICE ESTIMATE Pursuant to clause 2(l)(3)(C) of rule XI of the Rules of the House of Representatives, the following is the cost estimate provided by the Congressional Budget Office pursuant to section 403 of the Congressional Budget Act of 1974: U.S. Congress, Congressional Budget Office, Washington, DC, September 29, 1997. Hon. Tom Bliley, Chairman, Committee on Commerce, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 695, the Security and Freedom Through Encryption (SAFE) Act. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contacts are Rachel Forward and Mark Grabowicz (for Federal costs), Alyssa Trzeszkowski (for revenues), and Pepper Santalucia (for the impact on State, local, and tribal governments. Sincerely, June E. O'Neill, Director. Enclosure. H.R. 695--Security and Freedom Through Encryption (SAFE) Act Summary: H.R. 695 would allow individuals in the United States to use and sell any form of encryption and would prohibit states or the Federal Government from requiring individuals to relinquish the key to encryption products. The bill also would prevent the Bureau of Export Administration (BXA) in the Department of Commerce (DOC) from restricting the export of most nonmilitary encryption products. H.R. 695 would establish a National Electronic Technologies (NET) Center in the Department of Justice (DOJ) to provide assistance and information on encryption products to law enforcement officials and would require the Attorney General to maintain data on the instances in which encryption impedes or obstructs the ability of DOJ to enforce criminal laws. Finally, the bill would establish criminal penalties and fines for the use of encryption technologies to conceal incriminating information related to a felony. Assuming the appropriation of the necessary amounts, CBO estimates that enacting this bill would result in additional discretionary spending by DOC and DOJ of at least $28 million over the 1998 2002 period. Spending by DOC and DOJ for activities required by H.R. 695 would total at least $33 million over the next five years. By comparison, CBO estimates that--under current policies--spending by BXA for reviewing the export of nonmilitary encryption products would total about $4.5 million over the same period. (Spending related to encryption exports by DOJ is negligible under current law.) Enacting H.R. 695 also would affect direct spending and receipts. Therefore, pay-as-you-go procedures would apply. CBO estimates, however, that the amounts of additional direct spending or receipts would not be significant. H.R. 695 contains no private-section mandates as defined in the Unfunded Mandates Reform Act of 1995 (UMRA). The bill contains intergovernmental mandates on state governments. CBO estimates, however, that states would not incur any costs to comply with the mandates. Estimated cost to the Federal Government: Spending Subject to Appropriation--Under current policy, BXA would likely spend about $900,000 a year reviewing exports of encryption products. Assuming appropriation of the necessary amounts, CBO estimates that enacting H.R. 695 would lower BXA's encryption-related costs to about $500,000 a year. In November 1996, the Administration issued an executive order and memorandum that authorized BXA to control the export of all nonmilitary encryption products. If H.R. 695 were enacted, BXA would still be required to review requests to export most computer hardware with encryption capabilities but would not be required to review most requests to export computer software with encryption capabilities. Thus, enacting H.R. 695 would reduce the costs to BXA to control the exports of nonmilitary encryption products. H.R. 695 would require the Secretary of Commerce to conduct a number of studies on electronic commerce and domestic and foreign impediments to trade in encryption products. Based on information from the Department of Commerce, CBO estimates that completing the required studies would cost about $1 million in fiscal year 1998, assuming appropriation of the necessary amount. H.R. 695 would establish within DOJ the NET Center, which generally would assist Federal, State, and local law enforcement agencies with issues involving encryption and information security. The bill would assign the NET Center a broad range of duties, including providing information and assistance, serving as an information clearinghouse, and conducting research. The costs to establish and operate the NET Center could depend on the extent to which service would be provided to the law enforcement community nationwide. Based on information from DOJ, we estimate that the minimum costs to fulfill the bill's requirements would be roughly $5 million annually, but the costs could be much greater. Any spending relating to the NET Center would be subject to the availability of appropriations. DOJ would also be required to collect and maintain data on the instances in which encryption impedes or obstructs the ability of the agency to enforce criminal laws. CBO projects that collecting and maintaining the data would cost DOJ between $500,000 and $1 million a year, assuming appropriation of the necessary amounts. Direct Spending and Revenues--Enacting H.R. 695 would affect direct spending and receipts by imposing criminal fines for encrypting incriminating information related to a felony. CBO estimates that collections from such fines are likely to be negligible, however, because the federal government would probably not pursue many cases under the bill. Any such collections would be recorded in the budget as governmental receipts, or revenues. They would be deposited in the Crime Victims Fund and spent the following year. Because the increase in direct spending would be the same as the amount of fines collected with a one-year lag, the additional direct spending also would be negligible. Direct spending and revenues also could result from the provision that would allow the NET Center to accept donations to further the work of the office. CBO expects that any contributions (recorded in the budget as revenues) would be used in the same year as they were received. Therefore, we estimate that the net budgetary impact of the gift authority granted to the NET Center would be negligible for all years. The costs of this legislation fall within budget function 370 (commerce and housing credit) and 750 (administration of justice). Pay-as-you-go-considerations: Section 252 of the Balanced Budget and Emergency Control Act of 1985 sets up pay-as-you-go procedures for legislation affecting direct spending or receipts. H.R. 695 would affect direct spending and receipts by imposing criminal fines and by allowing the new NET Center to accept donations. CBO estimates that the amounts of additional direct spending and receipts would not be significant. Estimated Impact on State, local, and tribal Governments: H.R. 695 would prohibit states from requiring anyone in lawful possession of an encryption key to make that key available to another person or entity. The bill would also prohibit states from conditioning the issuance of certificates of authenticity or certificates of authority for encryption products on the sharing of encryption keys Finally, the bill would prohibit states from establishing licensing, labeling, or other regulatory schemes for encryption products that would require the sharing of encryption keys. These prohibitions would be intergovernmental mandates as defined in UMRA. However, states would bear no costs as a result of these mandates, because none currently have laws that would violate these provisions of the bill. H.R. 695 would also establish a center in the Justice Department that would provide information and assistance regarding decryption techniques to federal, state, and local law enforcement authorities. Estimated impact on the private sector: The bill would impose no new private-sector mandates as defined in UMRA. Previous CBO estimates: CBO provided cost estimates for H.R. 695 as ordered reported by the House Committee on the Judiciary on May 14, 1997, by the House Committee on International Relations on July 22, 1997, by the House Committee on National Security on September 9, 1997, and by the House Committee on Intelligence on September 11, 1997. Assuming appropriation of the necessary amounts, CBO estimates that costs over the 1998 2002 period would total between $5 million and $7 million for the Judiciary Committee's version, about $2.2 million for the International Relations Committee's version, about $4.5 million for the National Security Committee's version, and between $9 million and $11.6 million for the Intelligence Committee's version. In comparison, CBO estimates that enacting this version of the bill would cost at least $33 million over the 1998 2002 period and that spending under current policies would total $44.5 million over the same period. Estimate prepared by: Federal costs: Rachel Forward and Mark Grabowicz; Revenues: Alyssa Trzeszkowski; Impact on State, local, and tribal governments: Pepper Santalucia. Estimate approved by: Robert A. Sunshine, Deputy Assistant Director for Budget Analysis. FEDERAL MANDATES STATEMENT The Committee adopts as its own the estimate of Federal mandates prepared by the Director of the Congressional Budget Office pursuant to section 423 of the Unfunded Mandates Reform Act. ADVISORY COMMITTEE STATEMENT H.R. 695 creates an Advisory Board of the Strategic NET Center for Excellence in Information Security, which is intended to advise the Federal Government on new technologies relating to encryption. CONSTITUTIONAL AUTHORITY STATEMENT Pursuant to clause 2(l)(4) of rule XI of the Rules of the House of Representatives, the Committee finds that the Constitutional authority for this legislation is provided in Article I, section 8, clause 3, which grants Congress the power to regulate commerce with foreign nations, among the several States, and with the Indian tribes. APPLICABILITY TO LEGISLATIVE BRANCH The Committee finds that the legislation does not relate to the terms and conditions of employment or access to public services or accommodations within the meaning of section 102(b)(3) of the Congressional Accountability Act. SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION SECTION 1. SHORT TITLE Section 1 provides that H.R. 695 may be cited as the ``Security and Freedom Through Encryption (SAFE) Act.'' SECTION 2. SALE AND USE OF ENCRYPTION Subsection 2(a) of H.R. 695 creates a new chapter 125 in title 18 of the United States Code. This chapter 125 would include new sections 2801 012. Section 2801. Definitions New section 2801 provides for definitions of terms to be used in the chapter. Many of the definitions used are explicitly taken from the definitions in the existing Federal wiretap statute, 18 U.S.C. Sec. 2510 et seq. Several new definitions are added, however, including ``encrypt'' and ``encryption,'' which generally refer to the encoding of a communication using mathematical formulas in order to preserve the confidentiality of such communication. Section 2802. Assistance for law enforcement New section 2802 contains several subsections regarding domestic encryption issues. Subsection 2802(a) establishes within the Department of Justice a National Electronic Technologies Center (referred to as the ``NET Center''). The primary purpose of the NET Center is to provide technical assistance to law enforcement agencies so that they may cope with new technology challenges. Specifically, the NET Center will be responsible for serving as a national center for Federal, State, and local law enforcement authorities for information and assistance regarding decryption. It will also serve as a national center where industry and government can gather to exchange information regarding data security. In addition, the NET Center will be required to: (1) examine encryption techniques and methods to facilitate the ability of law enforcement to gain access to plaintext of communications and electronic information; (2) conduct research to improve law enforcement's means of access to encrypted communications; (3) determine whether other techniques can be used to help law enforcement access communications and electronic information; and (4) obtain information regarding the most current computer hardware, computer software, and telecommunications equipment to understand how best to access communications. Administratively, the Attorney General will appoint the Director of the NET Center and the Director will be responsible for hiring personnel that he or she determines is necessary to carry out the duties of the NET Center. Other Federal Government agencies may also ``loan'' personnel to the NET Center or provide facilities, information, and other non-personnel resources. In addition, the NET Center may accept donations in the form of money, services, or property from the private sector to help it function. Such donations shall be deposited in the Treasury and shall be available for disbursement upon order of the Director. Within two months after the date of enactment of this Act, the Attorney General will be required to develop a plan for the establishment of the NET Center. The plan must be published in the Federal Register and must identify: the physical location of the NET Center; equipment, software, and personnel necessary for the NET Center to function; the amount of funding necessary to establish and operate the NET Center; and sources of probable funding for the NET Center. In addition, subsection 2802(a) creates an Advisory Board of the Strategic NET Center for Excellence in Information Security, which is intended to advise the government on new technologies relating to encryption. The Attorney General is required to appoint a chairman of the Advisory Board and members of the Advisory Board must have technical expertise in the field of encryption, decryption, electronic communication, information security, electronic commerce, or law enforcement. More specifically, the purpose of the Advisory Board is to advise the NET Center and the Federal Government regarding new and emerging technologies relating to encryption and decryption of communications and electronic information. Subsection 2802(b) clarifies that it is lawful for any person in the United States to use any encryption product, regardless of the encryption algorithm selected, key length chosen, implementation technique used, or medium used. This subsection also prohibits the adoption of Federal or State law or regulation that would condition the issuance of certificates of authentication for any encryption product upon any escrowing or other sharing of private encryption keys, whether the escrowing is done with private agents or government entities. Domestic laws or regulations also could not establish a licensing, labeling, or other regulatory scheme for any encryption product that requires key escrow as a condition of licensing or regulatory approval. Section 2803. Freedom to sell encryption New section 2803 states that it is legal for any person in the United States to sell in interstate commerce encryption products using any form of encryption regardless of the algorithm, key length, or technique used. The Committee intends that sections 2802 and 2803 should be read as limitations on government power. They should not be read as overriding otherwise lawful employer policies concerning employee use of the employer's computer system, nor as limiting the employer's otherwise lawful means for remedying violations of those policies. Section 2804. Prohibition on mandatory key escrow New section 2804 states that no person in lawful possession of a key used to encrypt or decrypt a communication or information can be required by Federal or State law to relinquish control of that key to another person. This section is meant to be consistent with subsection 2802(b) regarding limitations on the escrowing of keys. An exception is provided, however, for law enforcement. That is, a law enforcement officer or any member of the intelligence community acting pursuant to lawful authority may require a party to release a key in order to gain access to encrypted communications or information. Section 2805. Unlawful use of encryption in furtherance of a criminal act New section 2805 makes it a crime to encrypt incriminating communications with the intent to conceal information in order to avoid detection by law enforcement agencies or prosecution. A person found guilty of this offense may be fined, imprisoned for not more than 10 years, or both. Second and subsequent offenses may result in a fine, imprisonment of not more than 20 years, or both. Section 2806. Liability limitations New section 2806 protects persons from being subject to criminal or civil liability if they provide access to the plaintext of an encrypted communications or electronic information for the benefit of any law enforcement official or authorized government entity, so long as these entities operate through the appropriate judicial process. Subsection 2(b) requires the National Telecommunications and Information Administration of the Department of Commerce to conduct a study and prepare and submit an encryption report to the Congress and the President. The report must determine what effect a mandatory key recovery system would have on electronic commerce, data security, privacy, and law enforcement activities. The report must also assess other possible methods for providing access to encrypted communications and information to further law enforcement activities. Subsection 2(c) of H.R. 695 provides for a conforming amendment to the table of chapters in title 18, United States Code. SECTION 3. EXPORTS OF ENCRYPTION Subsection 3(a) of H.R. 695 amends the Export Administration Act of 1979 by creating a new subsection (g) to 50 U.S.C. App. Sec. 2416. New subsection (g)(1) would place all encryption products, except those specifically designed or modified for military use, under the exclusive jurisdiction of the Secretary of Commerce (the Secretary). New subsection (g)(2) allows encryption products, such as encryption software and computing devices that include encryption software, that are generally available or in the public domain, such as mass-market products, to be exported pursuant to a general license exception. New subsections (g)(3) and (g)(4) permit the export of encryption products that are not generally considered mass-market products and consequently, require a license for export. The Secretary retains the authority to disapprove a license request for the export of software if there is substantial evidence that it will be put to military or terrorist uses or that it will be re-exported without U.S. authorization. New subsection (g)(5) provides definitions. Subsection 3(b) of H.R. 695 provides that for purposes of carrying out the amendment made by subsection 3(a), the Export Administration Act shall be deemed to be in effect. This statement is necessary because Congress allowed the Export Administration Act to lapse in 1994. To date, it has not been renewed, and its policies have been continued by Executive Order. SECTION 4. TREATMENT OF ENCRYPTION IN INTERSTATE AND FOREIGN COMMERCE Section 4 requires the Secretary of Commerce to undertake certain activities in order to promote the export of U.S. encryption products in the global market. Through such instruction to the Secretary of Commerce, the Committee on Commerce intends to promote robust participation by U.S. firms in the development of global electronic commerce. Subsection 4(a) requires the Secretary to complete an inquiry within 180 days of the enactment of this Act to identity both domestic and foreign impediments to trade in encryption products and services. Such an inquiry would include the identification of import restrictions maintained by other countries that constitute unfair barriers. The inquiry would also include an examination of U.S. regulations, such as export restrictions, that may actually impede trade in encryption products and services. Subsection 4(b) requires the Secretary to adopt regulations within one year of the Act's enactment that are intended to reduce foreign and domestic impediments to encryption products and services. The regulations must be designed to promote the sale in foreign markets of U.S. encryption products and services, including through strengthening the competitiveness of U.S. providers of such products and services. Subsection 4(c)(1) requires that upon completion of the six-month inquiry into foreign and domestic impediments to trade in encryption products and services, the Secretary shall submit a report to the President on his or her findings. The report must include a determination by the Secretary on what impediments may require international negotiation to reduce. Subsection 4(c)(2) requires the President to negotiate with other countries for agreements designed to promote encryption products and services and to achieve mutual recognition of export controls. Export controls may be designed to preserve countries' national security, safeguard privacy interests, and prevent commercial espionage. Mutual recognition of export controls will promote the sale in foreign commerce of U.S. encryption products and services by facilitating a common approach by the U.S. and our trading partners. Subsection 4(c)(2) also enables the President to consider a country's refusal to negotiate such agreements when considering U.S. participation in an assistance or cooperation program with that country. Finally, the subsection requires the President to submit a report to the Congress regarding the status of his efforts on encryption not later than December 31, 2000. Subsection 4(d) provides definitions. SECTION 5. EFFECT ON LAW ENFORCEMENT ACTIVITIES Subsection 5(a) requires the Attorney General to compile information on instances in which encryption has interfered with, impeded, or obstructed the ability of the Department of Justice to enforce Federal criminal law and to maintain that information in classified form. Subsection 5(b) requires that the Attorney General shall make the information compiled under subsection 5(a), including an unclassified summary, available to Members of Congress upon request. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED In compliance with clause 3 of rule XIII of the Rules of the House of Representatives, changes in existing law made by the bill, as reported, are shown as follows (new matter is printed in italics and existing law in which no change is proposed is shown in roman): TITLE 18, UNITED STATES CODE * * * * * * * PART I--CRIMES Chap. Sec. 1. General provisions 1 2. Aircraft and motor vehicles 31 * * * * * * * 125. Encrypted wire and electronic information 2801 * * * * * * * CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION 2801. Definitions. 2802. Assistance for law enforcement. 2803. Freedom to sell encryption. 2804. Prohibition on mandatory key escrow. 2805. Unlawful use of encryption in furtherance of a criminal act. 2806. Liability limitations. 2801. Definitions As used in this chapter-- (1) the terms ``person'', ``State'', ``wire communication'', ``electronic communication'', and ``investigative or law enforcement officer'' have the meanings given those terms in section 2510 of this title; (2) the terms ``encrypt'' and ``encryption'' refer to the scrambling of wire communications, electronic communications, or electronically stored information, using mathematical formulas or algorithms in order to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering, such communications or information; (3) the term ``key'' means the variable information used in a mathematical formula, code, or algorithm, or any component thereof, used to decrypt wire communications, electronic communications, or electronically stored information, that has been encrypted; and (4) the term ``United States person'' means-- (A) any United States citizen; (B) any other person organized under the laws of any State; and (C) any person organized under the laws of any foreign country who is owned or controlled by individuals or persons described in subparagraphs (A) and (B). 2802. Assistance for law enforcement (a) National Electronic Technologies Center.-- (1) Establishment.--There is established in the Department of Justice a National Electronic Technologies Center (in this subsection referred to as the ``NET Center''). (2) Director.--The NET Center shall have a Director, who shall be appointed by the Attorney General. (3) Duties.--The duties of the NET Center shall be-- (A) to serve as a center for Federal, State, and local law enforcement authorities for information and assistance regarding decryption and other access requirements; (B) to serve as a center for industry and government entities to exchange information and methodology regarding information security techniques and technologies; (C) to examine encryption techniques and methods to facilitate the ability of law enforcement to gain efficient access to plaintext of communications and electronic information; (D) to conduct research to develop efficient methods, and improve the efficiency of existing methods, of accessing plaintext of communications and electronic information; (E) to investigate and research new and emerging techniques and technologies to facilitate access to communications and electronic information, including-- (i) reverse-steganography; (ii) decompression of information that previously has been compressed for transmission; and (iii) de-multiplexing; and (F) to obtain information regarding the most current hardware, software, telecommunications, and other capabilities to understand how to access information transmitted across networks. (4) Equal access.--State and local law enforcement agencies and authorities shall have access to information, services, resources, and assistance provided by the NET Center to the same extent that Federal law enforcement agencies and authorities have such access. (5) Personnel.--The Director may appoint such personnel as the Director considers appropriate to carry out the duties of the NET Center. (6) Assistance of other federal agencies.--Upon the request of the Director of the NET Center, the head of any department or agency of the Federal Government may, to assist the NET Center in carrying out its duties under this subsection-- (A) detail, on a reimbursable basis, any of the personnel of such department or agency to the NET Center; and (B) provide to the NET Center facilities, information, and other non-personnel resources. (7) Private industry assistance.--The NET Center may accept, use, and dispose of gifts, bequests, or devises of money, services, or property, both real and personal, for the purpose of aiding or facilitating the work of the Center. Gifts, bequests, or devises of money and proceeds from sales of other property received as gifts, bequests, or devises shall be deposited in the Treasury and shall be available for disbursement upon order of the Director of the NET Center. (8) Advisory board.-- (A) Establishment.--There is established the Advisory Board of the Strategic NET Center for Excellence in Information Security (in this paragraph referred to as the ``Advisory Board''), which shall be comprised of members who have the qualifications described in subparagraph (B) and who are appointed by the Attorney General. The Attorney General shall appoint a chairman of the Advisory Board. (B) Qualifications.--Each member of the Advisory Board shall have experience or expertise in the field of encryption, decryption, electronic communication, information security, electronic commerce, or law enforcement. (C) Duties.--The duty of the Advisory Board shall be to advise the NET Center and the Federal Government regarding new and emerging technologies relating to encryption and decryption of communications and electronic information. (9) Implementation plan.--Within 2 months after the date of the enactment of the Security and Freedom Through Encryption (SAFE) Act, the Attorney General shall, in consultation and cooperation with other appropriate Federal agencies and appropriate industry participants, develop and cause to be published in the Federal Register a plan for establishing the NET Center. The plan shall-- (A) specify the physical location of the NET Center and the equipment, software, and personnel resources necessary to carry out the duties of the NET Center under this subsection; (B) assess the amount of funding necessary to establish and operate the NET Center; and (C) identify sources of probable funding for the NET Center, including any sources of in-kind contributions from private industry. (b) Freedom of Use.--Subject to section 2805, it shall be lawful for any person within any State, and for any United States person in a foreign country, to use any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used. No Federal or State law or regulation may condition the issuance of certificates of authentication or certificates of authority for any encryption product upon any escrowing or other sharing of private encryption keys, whether with private agents or government entities, or establish a licensing, labeling, or other regulatory scheme for any encryption product that requires key escrow as a condition of licensing or regulatory approval. 2803. Freedom to sell encryption Subject to section 2805, it shall be lawful for any person within any State to sell in interstate commerce any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used. 2804. Prohibition on mandatory key escrow (a) Prohibition.--No person in lawful possession of a key to encrypted communications or information may be required by Federal or State law to relinquish to another person control of that key. (b) Exception for Access for Law Enforcement Purposes.--Subsection (a) shall not affect the authority of any investigative or law enforcement officer, or any member of the intelligence community as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 401a), acting under any law in effect on the effective date of this chapter, to gain access to encrypted communications or information. 2805. Unlawful use of encryption in furtherance of a criminal act Any person who, in the commission of a felony under a criminal statute of the United States, knowingly and willfully encrypts incriminating communications or information relating to that felony with the intent to conceal such communications or information for the purpose of avoiding detection by law enforcement agencies or prosecution-- (1) in the case of a first offense under this section, shall be imprisoned for not more than 10 years, or fined in the amount set forth in this title, or both; and (2) in the case of a second or subsequent offense under this section, shall be imprisoned for not more than 20 years, or fined in the amount set forth in this title, or both. 2806. Liability limitations No person shall be subject to civil or criminal liability for providing access to the plaintext of encrypted communications or electronic information to any law enforcement official or authorized government entity, pursuant to judicial process. * * * * * * * SECTION 17 OF THE EXPORT ADMINISTRATION ACT OF 1979 EFFECT ON OTHER ACTS Sec. 17. (a) * * * * * * * * * * (g) Computers and Related Equipment.-- (1) General rule.--Subject to paragraphs (2), (3), and (4), the Secretary shall have exclusive authority to control exports of all computer hardware, software, and technology for information security (including encryption), except that which is specifically designed or modified for military use, including command, control, and intelligence applications. (2) Items not requiring licenses.--No validated license may be required, except pursuant to the Trading With The Enemy Act or the International Emergency Economic Powers Act (but only to the extent that the authority of such Act is not exercised to extend controls imposed under this Act), for the export or reexport of-- (A) any software, including software with encryption capabilities-- (i) that is generally available, as is, and is designed for installation by the purchaser; or (ii) that is in the public domain for which copyright or other protection is not available under title 17, United States Code, or that is available to the public because it is generally accessible to the interested public in any form; or (B) any computing device solely because it incorporates or employs in any form software (including software with encryption capabilities) exempted from any requirement for a validated license under subparagraph (A). (3) Software with encryption capabilities.--The Secretary shall authorize the export or reexport of software with encryption capabilities for nonmilitary end uses in any country to which exports of software of similar capability are permitted for use by financial institutions not controlled in fact by United States persons, unless there is substantial evidence that such software will be-- (A) diverted to a military end use or an end use supporting international terrorism; (B) modified for military or terrorist end use; or (C) reexported without any authorization by the United States that may be required under this Act. (4) Hardware with encryption capabilities.--The Secretary shall authorize the export or reexport of computer hardware with encryption capabilities if the Secretary determines that a product offering comparable security is commercially available outside the United States from a foreign supplier, without effective restrictions. (5) Definitions.--As used in this subsection-- (A) the term ``encryption'' means the scrambling of wire or electronic information using mathematical formulas or algorithms in order to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering, such information; (B) the term ``generally available'' means, in the case of software (including software with encryption capabilities), software that is offered for sale, license, or transfer to any person without restriction, whether or not for consideration, including, but not limited to, over-the-counter retail sales, mail order transactions, phone order transactions, electronic distribution, or sale on approval; (C) the term ``as is'' means, in the case of software (including software with encryption capabilities), a software program that is not designed, developed, or tailored by the software publisher for specific purchasers, except that such purchasers may supply certain installation parameters needed by the software program to function properly with the purchaser's system and may customize the software program by choosing among options contained in the software program; (D) the term ``is designed for installation by the purchaser'' means, in the case of software (including software with encryption capabilities) that-- (i) the software publisher intends for the purchaser (including any licensee or transferee), who may not be the actual program user, to install the software program on a computing device and has supplied the necessary instructions to do so, except that the publisher may also provide telephone help line services for software installation, electronic transmission, or basic operations; and (ii) the software program is designed for installation by the purchaser without further substantial support by the supplier; (E) the term ``computing device'' means a device which incorporates one or more microprocessor-based central processing units that can accept, store, process, or provide output of data; and (F) the term ``computer hardware'', when used in conjunction with information security, includes, but is not limited to, computer systems, equipment, application-specific assemblies, modules, and integrated circuits. DISSENTING VIEWS While we are supportive of the stated goals of H.R. 695, particularly with respect to the promotion of U.S. technology exports, we have serious reservations about the bill as reported. It is our view that the provisions ultimately agreed to by the Committee with regard to the technological requirements of law enforcement and national security agencies are thoroughly inadequate to the missions at hand. We do not question the importance of encryption technology for purposes of protecting electronic commerce, consumer privacy, and proprietary information, nor do we doubt the value of enhancing U.S. access to foreign markets for these products and services. We have great confidence in the ability of American firms to develop the most impenetrable encryption products in the world and market them globally. Indeed, it is our very faith in the technological prowess of U.S. companies which leads us to conclude that authentic law enforcement and national security safeguards must be included in this legislation. It must be recognized that the proliferation of advanced encryption technology poses a dire threat to U.S. anti-crime, anti-terrorism, and counter-espionage efforts. To fail to address this reality is to fail in or solemn responsibility to protect the lives and safety of the citizens of this country. Powerful encryption, in criminal hands or in the hands of enemies of the United States, can be turned to ill purposes with devastating consequences for members of a free society. An outlaw organization with the ability to communicate and store data without fear of detection is a significantly more dangerous entity. Organized crime syndicates, drug cartels, pedophile rings and terrorist organizations have already begun to utilize encryption technology to conceal their activities from investigatory agencies. It is our opinion that an updated U.S. encryption policy must allow for law enforcement and security agency access to the unscrambled text of encrypted communications and data, pursuant to legal authorization. We wish to clarify that we do not seek any additional authority for government agencies. We merely seek to ensure that police departments and security agencies will continue to have intelligible access to evidence to which they are legally entitled. In the context of H.R. 695, this means that encryption products and services must be made recoverable. There is no other way to ensure timely access to encrypted evidence. Timely recovery is crucial in the investigation and prevention of crime and acts of terror; the bill as reported will not achieve this. Claims to the contrary, unfortunately, are false. Included with these views are letters submitted by organizations and individuals whose sentiments on these matters comport with our own. Thomas J. Manton. J. Dennis Hastert. Michael G. Oxley. Greg Ganske. U.S. Department of Justice, Federal Bureau of Investigation, Washington, DC, September 24, 1997. Hon. Thomas J. Bliley, Jr. Chairman, Committee on Commerce, Rayburn House Office Building, Washington, DC. Dear Mr. Chairman: We are writing you today on behalf of the entire law enforcement community to continue to urge you and the Members of the House Commerce Committee to support the Oxley/Manton Amendment to H.R. 695 during your Committee's mark-up of the bill today. In addition, we are aware that Congressmen Markey and White plan to offer an alternative amendment to the Oxley/Manton Amendment during the mark-up that has been represented to meet law enforcement's decryption needs by creating a ``National Electronic Technologies Center'' to foster the ``exchange of information and expertise'' between government and industry. Let us assure you that the adoption of the Markey/White Amendment in lieu of the Oxley/Manton Amendment will not address the law enforcement and public safety issues we have raised and would serve to provide an illusion and false sense of security to the American people that law enforcement's public safety needs in this area have been effectively addressed. In reality the adoption of the Markey/White Amendment will actually continue to allow for the proliferation of unbreakable encryption products for use by the general public regardless of their adverse impact on public safety and national security. The exchange of ideas between government and industry, which is the purpose of the center, is already occurring and has been for some time. The problem remains that absent an approach like Oxley/Manton, no technical solution for law enforcement is foreseeable. NSA agrees with our assessment. Having a central point of information and expertise might be helpful for sharing what is known but it will not solve the problem. Neither will enhanced criminal penalties. Law enforcement continues to support the adoption of a balanced encryption policy, one that meets the needs of industry for robust encryption to protect sensitive information and the privacy of communications while at the same time meeting law enforcement's immediate decryption needs to protect public safety when such robust encryption products are used to protect serious criminal activity. Law enforcement is in unanimous agreement that the widespread availability and use of unbreakable robust encryption products for use in the United States will ultimately devastate our ability to protect American citizens from violent criminals, international drug lords and prevent acts of terrorism directed at innocent Americans. It is for this reason that we are calling for a balanced solution to this problem. We believe that the provisions of the Oxley/Manton Amendment strike that balance and we urge your support for its adoption during today's mark-up. Sincerely yours, Thomas Constantine, Administrator, Drug Enforcement Administration. Raymond W. Kelly, Undersecretary for Enforcement, U.S. Department of the Treasury. Louis J. Freeh, Director. National Sheriffs' Association, Alexandria, VA, September 23, 1997. Hon. Thomas J. Bliley, Jr. Chairman, Committee on Commerce, Rayburn House Office Building, Washington, DC. Dear Mr. Chairman: I am writing to you today to urge you to support the Oxley Amendment to H.R. 695, the Security and Freedom Through Encryption Act. Without this amendment, H.R. 695 fails to protect the needs of law enforcement. As you know, the access to intercepted communications or data when lawful authority exists is a fundamental tool that law enforcement employs in the fight against crime. Representative Oxley's amendment preserves that tool and enables law enforcement to thwart sophisticated criminal intentions. Criminals working with encryption technology can render traditional electronic surveillance methods obsolete and investigations are crippled without the ability to break the code. Meaningful encryption legislation has to ensure that law enforcement can gain timely access to the plaintext of encrypted conversations and information by established legal procedures. The National Sheriffs' Association supports the actions taken by the Committee on National Security and the Permanent Select Committee on Intelligence to give authorities a tool to use against terrorists and other criminals who want to hide information. Without adequate safeguards, H.R. 695 will allow the use of powerful encryption, which will deprive law enforcement of the ability to ensure public safety and create a haven for the computer literate criminal. Thank you for your consideration and we look forward to working with you to develop sound national policy on encryption. If I can provide you with any additional information, please do not hesitate to call on me at the National Sheriffs' Association at 1 800 424 7827. Sincerely, Fred W. Scoralick, President. National District Attorneys Association, Alexandria, VA, September 19, 1997. Hon. Michael G. Oxley, Rayburn House Office Building, Washington, DC. Dear Congressman Oxley: The National District Attorneys Association has, and continues to oppose H.R. 695, the ``Security and Freedom Through Encryption (SAFE) Act,'' as introduced and now before the Committee for review. As local prosecutors, we are extremely concerned about the serious threat posed by the use of robust encryption products that do not allow for court approved law enforcement access and timely decryption that has been encrypted to carry out criminal activity (court authorized wiretaps or court authorized search and seizure). We do support a balanced encryption policy that satisfies both the commercial needs of industry for robust encryption while at the same time satisfying law enforcement's public safety needs. The Amendment offered by you and Mr. Manton achieves this balance. At the onset, we need to make perfectly clear, both to the Congress and to the American people that we seek no new authorities to intrude on Constitutionally protected rights of privacy nor do we seek any new authority to search for and seize evidence. Supporters of an unfettered encryption policy have made much of a fear for abuse of police powers and have lead many to believe that a decryption requirement will lead to random eavesdropping by police on our communications. This is far from the truth. Law enforcement does not seek any new authorities; we only seek the technological capability to preserve the current authority. At Federal, State and local levels of law enforcement there are strictly observed sets of judicial and administrative requirements that must be adhered to obtain a judicial authorization to intercept a communication and to continue such interceptions. Among these requirements must be a showing that there is probable cause to believe that criminal enterprise is on going and that all other means of obtaining evidence are to no avail. When a judge does authorize an interception there is frequently a requirement that the authorization must be reviewed periodically by the judge and there is always the mandate that any communications pertaining to criminal activity may not be monitored. We all recognize that encryption technology can be extremely beneficial when used legitimately to protect commercially sensitive information and private communications. The potential use, however, of such encryption products by criminals and terrorists to conceal their criminal communications and information from law enforcement poses an extremely serious threat to the public safety of our country. The introduction of digitally-based telecommunications technologies, as well as the widespread use of computers and computer networks having encryption capabilities, is facilitating the development and production of affordable and robust encryption products for the private sector. American industrial concerns are not misplaced in desiring to enhance markets for their products, but this must never be accomplished at the expense of the lives and safety of the American people. We are obligated, in the interests of our communities to oppose any efforts that endanger the people we have sworn to protect. Your amendment is an appropriate legislative solution to this complex problem in addressing both the needs of industry while at the same time satisfying the requirements of law enforcement as they pertain to protecting the American people. We most strongly urge the members of the Commerce Committee to support the Oxley/Manton Amendment. Sincerely, William L. Murphy, President. NATIONAL DISTRICT ATTORNEYS ASSOCIATION resolution--encryption Whereas, the introduction of digitally-based telecommunications technologies as well as the widespread use of computers and computer networks having encryption capabilities are facilitating the development and production of strong, affordable encryption products and services from private sector use; and Whereas, on one hand the use of strong encryption products and services are extremely beneficial when used legitimately to protect commercially sensitive information and communications. On the other hand, the potential use of strong encryption products and services that do not allow for timely law enforcement decryption by a vast array of criminals and terrorist to conceal their criminal communications and information from law enforcement poses an extremely serious threat to public safety; and Whereas, the law enforcement community is extremely concerned about the serious threat posed by the use of these strong encryption products and services that do not allow for authorization (court-authorized wiretaps or court-authorized search and seizure); and Whereas, law enforcement fully supports a balanced encryption policy that satisfies both the commercial needs of industry for strong encryption while at the same tie satisfying law enforcement's public safety needs for the timely decryption of encrypted criminal communications and information; and Whereas, law enforcement has found that strong, key recovery encryption products and services are clearly the best way, and perhaps the only way, to achieve both the goals of industry and law enforcement; and Whereas, government representatives have been working with industry to encourage the voluntary development, sale, and use of key recovery encryption products and services in its pursuit of a balanced encryption policy; Be it resolved, that the National District Attorneys Association supports and encourages the development and adoption of a balanced encryption policy that encourages the development, sale, and use of key recovery encryption products and services, both domestically and abroad. We believe that this approach represents a policy that appropriately addresses both the commercial needs of industry while at the same time satisfying law enforcement's public safety needs. Adopted by the Board of Directors, November 16, 1996, Naples, Florida. International Association of Chiefs of Police, Alexandria, VA, September 22, 1997. Hon. Michael G. Oxley, Rayburn House Office Building, House of Representatives, Washington, DC. Dear Representative Oxley: On behalf of the International Association of Chiefs of Police (IACP), I am writing to express our strong support for your amendment to H.R. 695, the Security and Freedom though Encryption (SAFE) Act. Your amendment, by requiring that no encryption technology be sold unless it contains features that would provide for immediate access no encrypted information, protects the ability of law enforcement agencies to perform court authorized electronic surveillance and the search and seizure of information stored in computers. Throughout the debate on encryption legislation, IACP has stressed that need for provisions that would provide law enforcement with the ability to gain timely access to encrypted conversations and information. In its current form, II.R. 695 does not meet this standard. The passage of H.R. 695, without the adoption of the Oxley/Manton amendment, would severely weaken the ability of law enforcement to combat society's most dangerous criminals. Thank you for your leadership on this issue of vital importance to law enforcement. If IACP can be of further assistance on this issue, please call IACP's Legislative Department at 703/836 6767 ext. 211. Sincerely, Darrell L. Sanders, President. International Association of Chiefs of Police, Alexandria, VA, September 24, 1997. Dear Commerce Committee Member: It is the understanding of the International Association of Chiefs of Police (IACP) that an amendment may be offered at today's mark-up of H.R. 695 that would call for the establishment of a commission to study the issue of law enforcement access to encrypted information. IACP is strongly opposed to any amendment that would delay providing law enforcement with access to encrypted criminal information. Any delay is a victory for those elements in society who wish to use encryption technology for criminal purposes. IACP believes that action must be taken immediately to prevent the further proliferation of inaccessible encryption technology. The establishment of a commission will serve no purpose other than to exacerbate an already troubling situation facing law enforcement. IACP strongly supports the Oxley/Manton Amendment. The Oxley/Manton Amendment, by requiring that no encryption technology be sold unless it contains features that provide for immediate access to information encrypted in the furtherance of criminal activity, protects the ability of law enforcement agencies to perform court authorized electronic surveillance and the search and seizure of information stored in computers. Throughout the debate on encryption legislation, IACP has stressed that need for provisions that would provide law enforcement with the ability to gain timely access to encrypted conversations and information that threaten public safety. In its current form, H.R. 695 does not meet this standard. The passage of H.R. 695, without the adoption of the Oxley/Manton amendment would severely weaken the ability of law enforcement to combat society's most dangerous criminals. Therefore, IACP urges you to support the Oxley/Manton amendment when H.R. 695 is considered by the House Commerce Committee. Once again, IACP urges you to oppose any attempt to delay law enforcement access to encrypted information and to support the Oxley/Manton Amendment Thank you for your support. Sincerely, Darrell L. Sanders, President. Major Cities Chiefs, September 23, 1997. Hon. Michael G. Oxley, House of Representatives, Rayburn House Office Building, Washington, DC. Dear Congressman Oxley: The Major Cities Chiefs, an association of police executives representing 48 of the nation's largest jurisdictions, strongly supports the proposed Oxley/Manton amendments to H.R. 695. These amendments, which are scheduled to be considered by the Commerce Committee this week, would require both manufacturers of encryption devices and purveyors of encryption services to include features that would allow law enforcement access to encrypted information being used for illegal purposes. Essentially, these amendments are intended to protect the limited, judicially sanctioned wiretap privileges already in effect for law enforcement agencies. They are not intended to enlarge in any way the scope of these privileges. Without these amendments, a criminal suspect could avoid an otherwise-legal wiretap merely by using an encrypted form of communication. The legality of a wiretap should be based on the evidence against a suspect, not on the form of communication the suspect uses. Pursuant to these amendments, the Attorney General of the United States would be required to establish a rulemaking procedure within one year of their enactment. This would allow due consideration for he many legitimate uses of encryption. However, we must not compromise a law enforcement tool which has proved invaluable against major drug trafficking operations and other forms of organized crime. Sincerely, Matt L. Rodriguez, Chairman. September 23, 1997. Hon. Michael G. Oxley, Committee on Commerce, Rayburn H.O.B., Washington, DC. Dear Mike: As your committee considers the Goodlatte encryption bill I would request that you support the Oxley/Manton Amendment. The Goodlatte bill (H.R. 695) was drafted by and for the software industry at the expense of the national security and public safety needs of the American people. In order to protect national security and public safety, I would ask that you support the Manton/Oxley amendment which would require the crucial key recovery language similar to the provisions adopted by the Intelligence Committee. If this language is not incorporated into the bill, as the Chairman of the House Rules Committee I will not move the bill to the House floor! Thank your for your time and courtesy. Please contact me if you have any questions regarding this matter. Sincerely, Gerald B.H. Solomon, Member of Congress. Illinois Association of Chiefs of Police, Springfield, IL, September 23, 1997. Hon. J. Dennis Hastert, U.S. Representative, 14th District--Yorkville, IL, Rayburn House Office Building, Washington, DC. Dear Congressman Hastert: On Thursday, September 25, 1997, the Committee on Commerce will hear legislation regarding encryption of electronically stored information. The Illinois Association of Chiefs of Police membership strongly urges you to vote for the Oxley/Manton Amendment which would allow for the manufacture of encryption products that include features accessible by lawful court ordered interceptions of wire and electronic communications. Such ability is absolutely necessary in this day of international and domestic terrorism, espionage and kidnapping. On behalf of the membership, I thank you in advance for your support. Very truly yours, George F. Koertge, Executive Director. California Peace Officers' Association, Sacramento, CA, September 19, 1997. Hon. Michael G. Oxley, Member, House of Representatives, Rayburn House Office Building, Washington, DC. Re H.R. 695. Dear Congressman Oxley: The House Commerce Committee is scheduled to soon hold a mark-up concerning Congressman Goodlatte's Encryption Bill (H.R. 695). As currently drafted, this bill does not address law enforcement's public safety concerns and needs regarding encryption. Your plan to propose an amendment requiring manufacturers of encryption procedures in the United States to include features that would allow for immediate access to the plaintext of encrypted data should these products be used for illegal purposes is sincerely appreciated. The Federal Bureau of Investigation needs such a provision to fulfill their criminal investigative mission. Law enforcement agencies can not afford to allow modern technology to outdistance their ability to combat sophisticated criminal enterprises. The California Peace Officers' Association supports your proposed amendment. Please feel free to include this letter in any official record of support that you may deem appropriate. Very truly yours, Greg Cowart, President. Florida Department of Law Enforcement, Tallahassee, FL, September 24, 1997. Congressman Michael Oxley, Rayburn House Office Building, Washington, DC. Re H.R. 695 (``Security and Freedom Through Encryption {SAFE} Act'') Dear Congressman Oxley: Attached is a copy of a letter I have sent this morning to Congressman Tom Bliley, Chairman of the House Committee on Commerce supporting your proposed amendment to H.R. 695. The ability of law enforcement to decrypt encrypted communications must be assured in order to help law enforcement remain effective as we deal with the ``age of encryption.'' Your position statement found at your Internet site does an excellent job of identifying the problem and stressing law enforcement's need for decryption. Given the pending 3:30 p.m. ``markup'' on H.R. 695 this afternoon, I will not expand upon my comments as noted on the attached letter. Suffice it to say that if Congress does not provide for the decryption as needed, the scales of justice will be tilted significantly in favor of the criminal element. Please do not hesitate to contact me at (850) 488 8771 should you desire additional comment or information from this Department. Sincerely, James T. Moore, Commissioner. Florida Department of Law Enforcement, Tallahassee, FL, September 24, 1997. Congressman Tom Bliley, Chairman, Committee on Commerce, Rayburn House Office Building, Washington, DC. Re ``Markup'' at 3:30 p.m. today and H.R. 695 Dear Chairman Bliley: As Executive Director of the Florida Department of Law Enforcement, I am responsible for assuring that our investigations of organized criminal activity, be it drug-trafficking, money laundering, domestic terrorism, or predatory sexual conduct, be conducted legally and with effort focused upon bringing those involved in such conduct to justice. Congress, and the legislature of the State of Florida, have both recognized that law enforcement must have the ability to intercept communications of criminals in order to penetrate their criminal enterprises and develop the evidence essential to obtaining a conviction. Both federal and Florida state law currently authorize court-ordered interceptions of wire, oral or electronic communications. The process to obtain such court orders establishes a high level of law enforcement justification, including probable cause to believe a crime has been committed and that the communications will be evidence of the crime, as well as requiring a showing that other less-intrusive investigative techniques have been exhausted or will not produce the necessary evidence. Indeed, the current law has reached a good balance between privacy protections and the need for law enforcement to have the tools it must use to effectively fight crime. Unless the H.R. 695 (the ``Security and Freedom Through Encryption (SAFE) Act'') is modified to provide law enforcement access to encrypted materials when law enforcement has obtained court authorization to do so, the ability of law enforcement at the federal and state level to effectively investigate organized criminal enterprises and activity will be severely damaged. Encryption is readily available today. Our Department's own experience with encrypted computer evidence is that, absent having access to encryption codes to ``break'' encrypted material, we can decypher only a very small portion of encrypted material. That which remains encrypted cannot be used as evidence against the criminals utilizing the encryption. Congressmen Oxley and Manton have offered an amendment to H.R. 695 that will be considered by your Committee today which will allow real time decryption of encrypted conversations when authorized by a court order and would require at all encryption products manufactured, sold, or imported into the United States be capable of providing decryption of communications upon the court-ordered request of law enforcement, while also limiting the release of the seized communications, much like present law provides when a wire, oral or electronic intercept has been made. The proposed amendment makes no change of Federal (or State) policy. Congress has wisely authorized the interception of communications by court order. The proposed amendment will simply assure that law enforcement may continue to do so in this age of electronic encryption. I urge you and the Committee to support this amendment. To allow law enforcement the real and effective access to decryption of encrypted communications is absolutely essential to the continued effectiveness of investigative efforts. Let me be clear, if decryption is not provided for, Federal and State law enforcement agencies will be unable to effectively develop the crucial evidence of conspiracies and other violations of law that have been instrumental in addressing organized crime in its various forms. I trust that the importance and the value of the proposed amendment will be recognized by you and the Committee members. Should you desire additional information from me, please do not hesitate to call me at (850) 488 8771. I ask that you share this letter with the Committee as it meets in ``markup'' this afternoon and whenever you consider H.R. 695. Sincerely, James T. Moore, Commissioner. City of Cincinnati, Division of Police, September 23, 1997. Congressman Michael G. Oxley, Committee on Commerce, Rayburn House Office Bldg., Washington, DC. Dear Congressman: I urge you to strongly consider the needs of law enforcement with respect to H.R. 695 when it comes before your committee on September 26, 1997. As it is written, H.R. 695 would permit the marketing of encryption products that would severely impair law enforcement's ability to lawfully gain access to criminal telephone conversations and electronically stored evidence. Law enforcement recognizes that encryption is necessary for communications security and privacy. We also understand that commercial interests are at stake in marketing of these products. Adequate legislation is the key to satisfying these needs and maintain the ability of law enforcement to combat serious crime. The use of non-key recovery encryption would severely hamper our efforts. The amended version of H.R. 695, offered by Congressman Oxley, Ohio and Congressman Manton, New York, requires manufacturers to include some form of recovery feature in encryption products sold in the United States. This would allow law enforcement the opportunity to gather criminal information when legally authorized to do so. Your consideration in this matter is of the utmost importance to the continued effort of maintaining public safety. Sincerely, Michael C. Snowden, Police Chief. City of Phoenix, Office of the Police Chief, September 24, 1997. Hon. Michael G. Oxley, Committee on Commerce, Rayburn House Office Building, Washington, DC. Dear Mr. Oxley: I am aware that you are presently considering a variety of legislative proposals concerning the encryption of electronic information. While I recognize the need to encrypt communications for reasons of personal security, privacy, and safe electronic commerce, it is imperative that law enforcement be provided a feature that allows us, upon presentation of a court order, to gain timely access to plain text data through decryption. It is an undeniable fact that unrestricted use of strong encryption will cripple law enforcement's ability to use wiretaps and other measures to catch criminals and terrorists. Loss of this essential ability at a time when international drug trafficking, white collar crime, and terrorist activities are on the rise, would be disastrous. It should be noted that law enforcement's current judicially controlled wiretap capabilities have not resulted in misuse because adequate checks and balances prevail. I believe that any attempt to adopt a voluntary key recovery system is unacceptable. If only one vendor of a strong encryption product opts not to participate, or if unrestricted foreign products are imported, it will take time for these products to become the products of choice for criminal activities. Other countries have, and will continue to, develop strong encryption software that does not allow for key recovery. Little will be gained from restricting U.S. vendors from marketing competitive products to these countries. If however, any country establishes a key recovery requirement, as we should in the U.S., a ban with accompanying legal penalties should apply to the use and import of all non-compliant products. Clearly, law enforcement must have the ability to collect and decipher evidence of criminal and terrorist activities. We solicit your support in preserving law enforcement's ability to protect the public from serious crime. Sincerely, Dennis A. Garrett, Police Chief. The Secretary of Defense, Washington, DC, July 21, 1997. Dear Members of Congress: Recently you received a letter from the nation's senior law enforcement officials regarding U.S. encryption policies. I am writing today to express my strong support for their views on this important issue. As you know, the Department of Defense is involved on a daily basis in countering international terrorism, narcotics trafficking, and the proliferation of weapons of mass destruction. The spread of unbreakable encryption, as a standard feature of mass market communication products, presents a significant threat to the ability of the U.S. and its allies to monitor the dangerous groups and individuals involved in these activities. Passage of legislation which effectively decontrols commercial encryption exports would undermine U.S. efforts to foster the use of strong key recovery encryption domestically and abroad. Key recovery products will preserve governments' abilities to counter worldwide terrorism, narcotics trafficking and proliferation. It is also important to note that the Department of Defense relies on the Federal Bureau of Investigation for the apprehension and prosecution of spies. Sadly, there have been over 60 espionage convictions of federal employees over the last decade. While these individuals represent a tiny minority of government employees, the impact of espionage activities on our nation's security can be enormous. As the recent arrests of Nicholson, Pitts and Kim clearly indicate, espionage remains a very serious problem. Any policies that detract from the FBI's ability to perform its vital counterintelligence function, including the ability to perform wiretaps, inevitably detract from the security of the Department of Defense and the nation. Encryption legislation must also address the nation's domestic information security needs. Today, approximately 95% of DoD communications rely on public networks; other parts of government, and industry, are even more dependent on the trustworthiness of such networks. Clearly, we must ensure that encryption legislation addresses these needs. An approach such as the one contained in S. 909 can go a long way toward balancing the need for strong encryption with the need to preserve national security and public safety. I hope that you will work with the Administration to enact legislation that addresses these national security concerns as well as the rights of the American people. I appreciate your consideration of these views. Sincerely, Bill Cohen. ADDITIONAL VIEWS The stated intent of H.R. 695, the removal of barriers to the competitiveness of U.S. high technology exports, is a goal with which few Members of Congress, the business community, or our law enforcement organizations could disagree. As reported by the Committee on Commerce, however, H.R. 695 inadequately addresses the legitimate public safety concerns surrounding the proliferation of strong encryption technology within our own borders. The bombings this decade alone at the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma and at New York's World Trade Center attest to the present dangers terrorist attacks pose to our citizens. The high tech world increasing presents the committed men and women who keep our nation safe with new and more daunting challenges in their fight against domestic and foreign criminals. The decisions Congress makes at the doorstep of the digital age will have serious repercussions lasting long past our own tenures in Congress and must be guided by more than economics. New encryption technologies have the potential to provide Americans with a level of security in telecommunications and electronic commerce never before available. At the same time, however, the widespread availability of such technology could render sophisticated criminals invisible to the lawful surveillance efforts of federal, state and local law enforcement. Congress need not provide government agencies with an increased ability to access the communications of suspected criminals to overcome the challenges posed by encryption. Congress need only ensure that the thoughtful and painstaking procedures law enforcement officials must presently abide by before commencing any surveillance operation continue to yield an ability to monitor the activities of those who threaten the safety of the American people. In our opinion, Congress must balance the needs of American's technological entrepreneurs with its fundamental duty to ensure public safety. We believe the goal of further promoting U.S. technology exports can be achieved in a version of H.R. 695 that does not threaten the safety of the American people. Though not entirely satisfied with H.R. 695 as reported out of the Commerce Committee, we look forward to addressing the bill's deficiencies on the House floor this Congress. Edolphus Towns. Frank Pallone, Jr. Rick C. Lazio. Bart Stupak. ADDITIONAL VIEWS OF HON. JOHN D. DINGELL Historically, encryption was used almost exclusively by the military and intelligence communities to protect secrets of defense and national security. But in the Information Age, businesses and consumers need a way to secure valuable trade and financial information that increasingly flows through wires and over the air. H.R. 695 attempts to accomplish these important goals by bringing export law in line with current domestic encryption policy. Unfortunately, such a change in the law does not come without a cost. While strong encryption can make interstate and foreign commerce more secure, its unrestricted use can make national security and law enforcement less so. It is clear that widespread use of unbreakable encryption poses serious problems for law enforcement in carrying out its duty to protect the public. Even in the post-cold war era, the wars against international terrorism, drug cartels, and violations of human rights continue. The law enforcement community advocates the use of key recovery systems on strong encryption products. Unfortunately, these system will work only if everybody uses them, including sophisticated criminals. And we know that there will continue to be a proliferation of encryption products available around the would without key recovery systems, regardless of U.S. Government law or policy. I am not convinced that the law enforcement approach will solve the problem the authorities correctly identify. But until a better solution is proposed that both protects the public against terrorism and removes barriers to the growth of electronic commerce around the world, I strongly believe it is in the public interest to err on the side of caution. This bill adopts the approach preferred by business and privacy advocates which, unfortunately, also contains flaws. Removing all government controls over encryption is tantamount to sending our troops to war without necessary arms or protective gear. The committee attempted to balance the important competing interests at stake, but failed to find the elusive middle ground. H.R. 695, as amended by this committee, simply adds window dressing in the form of a technology lab. This begs more questions than it answers. The American public has no assurance that a technology lab will be effective in providing law enforcement with the tools necessary to protect them. Without possessing a key to encrypted messages, the only way to unlock the door is through brute force. A brute force attack on today's encryption products requires both enormous computing power and a good deal of time. Law enforcement authorities possess neither luxury when confronted with an imminent, real-time threat to public safety. A technology lab will not change that reality. Some producers of encryption products have offered informally to provide the lab with technical assistance and perhaps some amount of private funding. But we have no specific commitment with regard to either offer, nor can we be sure that any such contribution would be sufficient to achieve the lab's purpose. The industry has specifically rejected the notion of providing source code for its encryption products to the lab, which is arguably the best hope for giving law enforcement a leg up on cracking these codes without a key. I appreciate that these issues have been the subject of intense debate for more than four years of government, industry, individual citizens, and academia alike. To date, no effective solution has been found. But the difficulty of the task does not mean that we should conduct the legislative equivalent of a coin toss. The simple fact that four other committees have reported this bill in such radically different forms should be evidence enough that while this issue may be ripe, the solution certainly is not. In my judgment, this bill is not ready for prime time. More work needs to be done. I urge all committees that have reported versions of this bill and the bipartisan leadership to continue working with industry and law enforcement to find an effective and balanced solution before this bill reaches the floor for consideration. John D. Dingell.