29 August 1997 Source: C4I News ----------------------------------------------------------------------------------- Weldon Says Encryption Bill `Dead on Arrival' A key member of the House National Security Committee (HNSC) said that a bill loosening export controls on U.S. encryption technology is "dead on arrival." "I'm not going to support something being ramrodded down our throats, " Rep. Curt Weldon (R-Pa.) told C4I NEWS in a recent telephone interview. The HNSC has until Sept. 12 to issue recommendations on the bill. Introduced by Rep. Bob Goodlatte (R-Va.), the bill passed muster with the House Judiciary Committee in May and the House International Relations Committee on July 25. The National Security Agency (NSA) is opposed to the bill. Currently, the House Commerce, National Security and Intelligence committees are considering it. "It is important to understand that the Goodlatte bill would directly threaten National Security," William Crowell, deputy director of the NSA, said in a July 30 HNSC hearing. Crowell told the committee the bill will harm the intelligence community's analysis of foreign communications needed to avert wars and will hinder the arrest of terrorists, spies and drug traffickers. Goodlatte's bill, the Security and Freedom through Encryption (SAFE) Act (H.R. 695) had about 250 representatives as cosponsors, but some have dropped their advocacy after learning the bill loosened export restrictions, not tightened them, Weldon said. Ironically, more than half of the cosponsors of the Goodlatte bill voted for the Spence/Dellums amendment to the defense bill, which nixed the sale of Cray supercomputers to Russia, Weldon said. In a "Dear Colleague" letter in June, Rep. Gerald Solomon (R- N.Y.), chairman of the House Rules Committee, wrote, "The Goodlatte bill does not represent a compromise between the needs of industry and the legitimate law enforcement and international security needs of the American people." In a similar letter in May, Solomon and Rep. Benjamin Gilman (R-N.Y.), chairman of the Foreign Affairs Committee, wrote, "Rep. Goodlatte's bill will effectively decontrol all exports of commercial software encryption and make it extremely difficult to maintain controls on encryption hardware without revealing sensitive national security information. The uncontrolled spread of encryption will seriously undermine key recovery initiative designed to help law enforcement and national security." Weldon said Goodlatte's bill will not reach the House floor because of Solomon's opposition. But supporters say the bill will allow U.S. software companies to compete with foreign companies in developing strong encryption technology. At the July 30 hearing, Thomas Parenty, director of data/communications for Sybase, Inc. [SYBS], testified that the bill would help America's "national and economic security." "Unless the current unilateral U.S. export restrictions are changed to allow the use of strong encryption, American individuals and businesses will not be active participants in this new networked world of commerce--let alone continue to be the leaders in its development," Parenty said. " Furthermore, American companies will no longer be providing the world with answers to their security problems. Instead foreign nations will." Parenty appeared on behalf of Sybase and the Business Software Alliance, which promotes the growth of the software industry. U.S. law now allows companies to apply for export licenses for products with up to 56-bit encryption capabilities. The companies must prove, however, that they will build "key recovery" into future products and such 56-bit licenses are hard to receive, he said. Crowell, the NSA deputy director, testified that "key recovery," a feature allowing users to regain access to their encrypted data when encryption keys are lost or damaged or destroyed, is necessary in any "key management infrastructure." Parenty testified that the 56-bit U.S. export standard ignores the reality of stronger encryption being used across the world, including encryption using 112 and 128-bit keys. Six foreign companies in Germany, Switzerland, Belgium, the United Kingdom, Ireland and Australia have developed "add-on" products that allow any U.S. user with a Web browser to download the companies' 128-bit encryption technology, Parenty testified. But Crowell testified that "serious users of security products don't use free security products from the Internet." Unlike Crowell, Weldon is unsure whether "key recovery" is an answer to the security issue posed by loosening export restrictions on encryption. "I don't like the idea of government controlling business," Weldon said. "You don't want government breathing down the backs of every company. I do agree there needs to be a process." ----------