20 July 1998
See July 15 floor discussion cited: http://jya.com/cr071598.htm
[Congressional Record: July 16, 1998 (Senate)] [Page S8376-S8377] From the Congressional Record Online via GPO Access [wais.access.gpo.gov] [DOCID:cr16jy98-112] ENCRYPTION LEGISLATION Mr. DASCHLE. Late yesterday several of my colleagues took to the floor to discuss their views on the need for congressional action on encryption legislation. I would like to take this opportunity to briefly provide my thoughts on this important issue. As everyone who follows encryption policy knows, despite years of discussion and debate, we still have not found a solution that is acceptable to industry, consumers, law enforcement and national security agencies. In this Congress alone, we have seen 7 competing bills introduced--3 in the House and 4 in the Senate. The country is paying a price for this inability to produce a consensus solution. That price is evident not only in loss of market share and constraint on internet commerce, but also in the steady erosion of the ability of law enforcement's and national security agencies' to monitor criminal activity or activities that threaten our national interest. We simply must find a comprehensive national policy that protects both U.S. national security and U.S. international market share--sooner rather than later. And I believe we can. After many months of participating in discussions on encryption policy and hearing from all sides of this complex issue, I have reached two conclusions. First, the Administration has and is continuing to make good-faith efforts to reach agreement on the numerous complex issues that underlie our encryption policy. And second, there is already considerable agreement on a series of key issues. The challenge is to pull together to forge a consensus encryption policy for the 21st Century. Earlier this year, I sent a letter to Vice President Gore asking for the Administration's goals and plans for encryption policy. In his response to me, the Vice President indicated that he supports ``energizing an intensive discussion that will apply the unparalleled expertise of U.S. industry leaders in developing innovative solutions that support our national goals.'' Subsequent actions demonstrate that the [[Page S8377]] Vice President and this Administration have been true to their word. In the last several months, the Administration has engaged in intensive discussions with the Americans for Computer Privacy, an important business-oriented interest group. These discussions have focused on technical, policy, legal, and business issues associated with encryption, and the impact of strong encryption on law enforcement and national security. The Administration is also reviewing ACP's proposals for export relaxation[*]. I have been assured by senior Administration officials that, in making decisions on our encryption policy, the Administration recognizes it must carefully consider commercial needs as well as law enforcement and national security interests. As a result of the Administration's statements and actions, I am more convinced than ever that there is already agreement on a significant number of issues and that a consensus on encryption policy is possible in the not-to-distant future. First, all parties accept the need for and reality of strong encryption products. Second, all parties agree that strong encryption products are essential to the growth of electronic commerce and the internet. Third, all parties agree that 40- bit keys are inadequate to ensure privacy and security. Fourth, all parties agree that doing nothing has a real and significant downside. According to a recent study, maintaining existing encryption policies will cost the U.S. economy as much as $96 billion over the next 5 years in lost sales and slower growth in encryption-dependent industries. Finally, all parties agree that doing nothing is unsustainable because the relaxed restrictions the Administration placed on 56-bit encryption products expire at the end of the year and must be addressed within the next month or two. So where does this leave us? Unfortunately, while recent discussions between industry and the Administration have been fruitful, they have not gone far enough or proceeded fast enough to produce the kind of agreement I believe the majority of the Congress would all like to see. The time has come for the Administration to announce exactly where it stands on several key issues--including how it intends to proceed when the current relaxed restrictions on 56-bit encryption expire. Having urged the Administration to greater efforts, I must also ask if it would not be constructive for those who are most frustrated with the pace of change in this area to take a step back and closely examine their own positions. For example, several of the bills introduced in the Congress this session call for the Secretary of Commerce to have exclusive jurisdiction over the export of encryption products. Despite the widespread agreement that the sale of encryption products has important ramifications for our national security and law enforcement, these bills would give no role to officials from the Justice Department, the FBI, or the intelligence community in the decision process regarding which encryption products can be legally sold. This fact would be noteworthy even in isolation. It is even more remarkable when one combines it with the observation that many of the adherents to this laissez-faire approach to export controls for encryption products are the most vocal critics of the Administration's export policies for commercial satellites. The incongruity of these two positions is stunning. Trying to reconcile them is impossible. There are only two conclusions to be drawn from this inconsistency. Either the right hand does not know what the left is doing, or at least part of the criticism directed at the Administration is politically motivated. I will be working with the Administration and my colleagues in the days ahead in the hope of reaching some consensus on national encryption policy. I am hopeful that over the next few weeks we can begin to resolve the numerous difficult issues that remain. Neither industry nor government is likely to get 100 percent of what it wants. However, if both sides are flexible and cognizant of the stakes involved, I am hopeful we can reach an agreement that's good for consumers, good for business, and good for law enforcement and national security. ____________________
*See the ACP encryption policy proposal of May 8, 1998. Thanks to RL.