TESTIMONY




STEPHEN T. WALKER
PRESIDENT
TRUSTED INFORMATION SYSTEMS, INC.

FOR

COMMITTEE ON THE JUDICIARY
SUBCOMMITTEE ON TECHNOLOGY AND THE LAW
UNITED STATES SENATE

May 3, 1994


I am pleased to testify today about the concerns I share with many 
Americans about the Administration's Clipper Initiative and the negative 
impact that U.S. export control regulations on cryptography are having 
on U.S. national economic interests.

My name is Stephen T. Walker. I am the founder and President of Trusted 
Information Systems (TIS), Inc., an eleven year old firm with over 100 
employees. With offices in Maryland, California, and England, TIS 
specializes in research, product development, and consulting in the 
fields of computer and communications security.

My background includes twenty-two years as an employee of the Department 
of Defense, the National Security Agency (NSA), the Advanced Research 
Projects Agency, and the Office of the Secretary of Defense. During my 
final three years in government, I was the Director of Information 
Systems for the Assistant Secretary of Defense for Communications, 
Command, Control, and Intelligence (C31).

For the past three years, I have been a member of the Computer System 
Security and Privacy Advisory Board, chartered by Congress in the 
Computer Security Act of 198* to advise the Executive and Legislative 
Branches on matters of national concern in computer security. In March 
1992, the Board first called for a national review of the balance 
between the interests of law enforcement/national security and those of 
the public regarding the use of cryptography in the United States. The 
Board has been heavily involved in this review, receiving public input 
on the Administration's Clipper Initiative, announced by the President 
on April 16, 1993, and reaffirmed on February 4, 1994. I am also a 
member of the National Institute of Standards and Technology's (NIST) 
Software Escrowed Encryption Working Group, which is examining the 
possibilities for alternatives to the Clipper key escrow system.



OVERVIEW

My testimony today will include my concerns with the Administration's 
Clipper key escrow program and U.S. Government's rigid control of the 
export of products containing cryptography in the face of growing 
worldwide availability and easy export of such products by other 
countries. In summary:

I am opposed to key escrow cryptography as proposed in the 
Administration's Clipper Initiative.

I believe that any government procedure that is as potentially invasive 
of the privacy rights of American citizens as key escrow is should only 
be imposed after careful Congressional consideration and passage of 
legislation by the Congress, which is signed into law by the President 
and determined to be Constitutional by the Supreme Court. In 1968, 
properly authorized government wiretaps of private citizens were 
legalized through this process. Government imposition of key escrow 
procedures deserves no less careful consideration.

I believe that most Americans would accept government-imposed key escrow 
if it was established by law and if the key escrow center was located in 
the Judicial Branch of government.

I am concerned that there is not a sound "business" case to support the 
Administration's assertion that key escrow will maintain law 
enforcement's ability to wiretap the communications of criminals. I fear 
that as presently being pursued, the Clipper Initiative will be an 
expensive program that will yield few if any results.

I am angered that the government's fixation on law enforcement and 
national security interests has delayed establishment of a Digital 
Signature Standard (DSS) for over twelve years and done considerable 
harm to the economic interests of the United States.

I am also opposed to the continued imposition by the U.S. Government of 
export controls on products and technologies employing cryptography that 
are routinely available throughout the world. The only effects these 
controls have are to deny U.S. citizens and businesses protection for 
their sensitive information from foreign and domestic industrial 
espionage and to place U.S. information system products at a 
disadvantage in the rapidly growing international marketplace.



A Pattern of Administration Initiatives

A number of recent Administration initiatives have heightened the 
concerns of many Americans:

´ The digital telephony initiative, in which the government wants to 
ensure that it can always tap everyone's phone when it has the legal 
authority to do so,

´ The Clipper key escrow initiative, in which the Administration wants 
to be sure that it can easily break the cryptography of American 
citizens when it has the legal authority to do so,

The Digital Signature Standard non-initiative, in which the government 
has repeatedly, for twelve years, failed to achieve a basic 
technological capability that is widely acknowledged as being essential 
to electronic commerce, and

The continued imposition of controls on the export of cryptographic 
products in spite of clear evidence of foreign availability of similar 
products and foreign governments' failure to impose similar export 
controls, and in contrast to the massive relaxation of export controls 
in other areas of high technology.

All of these activities, taken together, lead one to the ominous 
conclusion that the Administration's goal is to severely restrict the 
average American's ability to protect his or her sensitive information 
with the hope that in so doing, it will also restrict such capabilities 
of criminals, terrorists, and those opposed to the United States.

All of these initiatives are symptoms of the fundamental national 
dilemma we face of finding a proper balance between:

´ The rights of private individuals and organizations to protect their 
own sensitive information and, in effect, our national economic 
interests and

The needs of law enforcement and national security interests to be able 
to monitor the communications of our adversaries.

Until we can strike a reasonable balance between these basic needs, this 
debate will continue. Unfortunately, the Administration's position is 
focused solely on the interests of law enforcement and national security 
to the exclusion of the rights of private citizens and the nation's 
economic interests.

I believe that only the Congress can determine where a reasonable 
balance lies between Americans' right to privacy and our national 
security interests.

We can no longer afford to have this determination being made 
exclusively by the Executive Branch.



CLIPPER KEY ESCROW

I would like to begin by summarizing my concerns with the 
Administration's key escrow initiatives.

Law enforcement and national security communications interceptions are 
vital functions of a modem government. I support these functions and 
encourage their continuation.

But the sky will not fall if we do not have Clipper key escrow or if 
cryptographic export controls are relaxed to levels consistent with 
worldwide availability. Law enforcement as we know it will not end if a 
few wiretaps encounter encrypted communications. And the nation's 
ability to listen in to the communications of its adversaries will not 
end if some of those intercepts encounter increased use of cryptography.

They had better not end, because both law enforcement wiretaps and 
national security intercepts are going to encounter ever-increasing 
amounts of encrypted communications no matter what the Administration 
does or does not do.

We must understand and accept the growing availability of cryptography 
worldwide as a basic fact of life. The ever-widening availability of 
cryptographic technology in the U.S. and overseas will make it harder 
day by day to monitor the communications of our adversaries, no matter 
*hat measures the Administration may attempt to take. There are no magic 
solutions to this issue, which originates in the very same technological 
advances that we are all taking advantage of in our daily lives.

We must also understand that those same technological advances are 
creating greatly improved techniques for exhaustively checking the key 
space of cryptographic algorithms such as DES and for factoring large 
prime numbers. A design for a system that could exhaustively check the 
key space of DES in 3 1/2 hours was described at a public conference on 
cryptography last summer. A group at Bellcore recently announced they 
had factored a 129 digit number, a new high.

The concept put forward by some in government that if we do not have key 
escrow or if we allow export of DES products, all our intelligence 
operations will suddenly fail, is false. On the contrary, key escrow 
will never be more than a small side show in the world of cryptography 
and DES cryptography will continue its rapid growth worldwide whether 
the US allows its export or not. Our government will be much better 
served by focusing on techniques to defeat known algorithms rather than 
promoting new techniques that are highly unpopular in the US and abroad.



Technology Shifts Threaten the Wiretap Balance

Since 1968, when the wiretap provisions of the Omnibus Crime Control and 
Safe Streets Act went into effect, we seem as a nation to have found a 
constructive balance between the needs of law enforcement to intercept 
communications of suspected criminals and the desire of the public for 
the perception of privacy in its communications. The apparent successes 
that law enforcement has achieved through legally authorized wiretaps 
against organized crime, coupled with the difficulties cited by law 
enforcement officials in obtaining them, and the steady rate of 800 or 
so per year over the past decade all indicate that we probably have 
achieved about as good a balance on this issue as we can ever get.

But now technological advances threaten to upset this balance. The ready 
availability of good quality cryptography in inexpensive phone devices 
threatens to make it easy for those criminals who recognize that they 
may be tapped to protect themselves. The AT&T announcement in September 
1992 of a relatively cheap Telephone Security Device (TSD) that uses the 
Data Encryption Standard (DES) cryptographic algorithm to protect phone 
conversations apparently threw NSA and the FBI into high gear to find an 
alternative.



And Bring On Clipper

What emerged from this was the Clipper initiative, the goal of which is 
to give the American public very good cryptography that could, if 
necessary, be readily decrypted by authorized law enforcement officials. 
A firestorm of protests then followed from virtually all segments of the 
American public and many of our friends overseas that government-imposed 
key escrow is not something that they want.

In the midst of the flood of protests over violations of civil liberties 
and infringements of Bill of Rights that key escrow will cause and 
complaints about the use of a secret algorithm to protect unclassified 
information, several basic "laws" of the marketplace seem to have been 
overlooked. The Administration has never presented a "business plan" 
describing how Clipper will succeed in maintaining the ability of law 
enforcement to wiretap the phones of criminals. The lack of a 
fundamental understanding of how things work in a competitive 
marketplace shows up conspicuously throughout this story.

One of the first principles of business is to have your product ready 
for the market when the market is ready for it. In January 1993, 
following their September 1992 announcement, AT&T began shipping TSDs 
with DES. But pressure from the government apparently convinced AT&T to 
endorse the as yet unannounced Clipper program. So AT&T "loaned" the DES 
devices to their first customers with a promise that something "better" 
would be available in "April." And sure enough, on April 16, 1993, as 
the Administration announced Clipper, AT&T pledged its support.

Unfortunately, Clipper chips were not ready. So AT&T cooled its heels 
waiting for something to sell. Finally, in August 1993, AT&T quietly 
introduced another TSD that uses proprietary cryptographic algorithms, 
thus creating a major competitor for Clipper.

In effect, we have come full circle. In September 1992, the initial AT&T 
announcement was perceived by the government as a major threat to law 
enforcement. In August 1993, while waiting for Clipper chips, AT&T 
introduced a similar product that must represent a similar threat. AT&T 
is now selling both Clipper and non-Clipper TSDs in order to let the 
market decide which it wants.



What Is the Market for Clipper?

In any business venture, it is important to understand the potential 
market for a product and to determine if one's market penetration will 
be sufficient to achieve one's goals.

For it to maintain law enforcement's ability to wiretap, the Clipper 
initiative must achieve a reasonably high market penetration. The 
problem is that very few people today will want to buy a telephone 
security device, even if it costs $50 instead of over $ 1,000. Very few 
residential users will bother, and those who do will find few people to 
talk to. Businesses will buy telephone security devices for their 
executives to protect strategic business communications, but the vast 
bulk of routine business communications will go unprotected.

Today there are estimated to be over 500 million phones in residential 
and business use in the U.S. When asked how many TSDs AT&T expected to 
sell, one estimate was at least as many as the popular STU-III secure 
phones for use with classified information. There are approximately 
250,000 STU-IIIs installed today.

Numbers like these represent a very reasonable business case for AT&T, 
but will they allow the Clipper program to achieve its goal of solving 
the law enforcement wiretap problem?

If the above estimates are correct, in a few years roughly five one-
hundredths of one percent (0.05%) of America's phones will be protected 
by TSDs (250,000/500,000,000). Of course many of these will use the 
proprietary algorithm rather than Clipper. But we will optimistically 
assume that this percentage represents the situation with Clipper TSDs 
in five years.

Now if one analyzes the average number of court-authorized wiretaps over 
the past fifteen years, one can reasonably conclude that 1,000 such 
wiretaps per year would be a reasonable projection for the near future. 
One could further assume that each court-ordered wiretap results in as 
many as five actual phone taps. This leads to an estimate of 5,000 
physical wiretaps per year. A typical cost for a wiretap operation not 
involving cryptography has been estimated at $50,000 to $60,000.

In the Administration's proposed key escrow plan, there will be two key 
escrow centers, one at NIST and one at Treasury, that, when fully 
operational, will be available 24 hours a day, seven days a week, year 
round. These will each require a staff of at least ten people at a labor 
cost of $ 1.5M per year. The non-labor costs of each center will be 
another $ 1.5M leading to a total annual cost for both centers of $6.0M.

No estimate exists for how much it has cost to develop and promote the 
Clipper initiative. In a business analysis, it would be important to 
amortize these costs over the expected value of the "product," but for 
now all we have to use is the estimated cost of operating the centers.

If Clipper TSDs represent 0.05% of the phones in America and there are 
5,000 taps per year, then law enforcement officials can reasonably 
expect to encounter on average 2.5 Clipper keyescrowed phone taps per 
year, or one every 145 days. If the cost of the key escrow center 
operations is amortized over 2.5 calls per year, each key-escrowed 
wiretap will cost $2.45M ($50K for wiretap and $2.4M for escrow center 
expenses) . At $ I ,000 per TSD, 250,000 will cost the consumer $250M.

But suppose the STU-III equivalent estimate is far too conservative for 
sales of TSDs. If sales are 2.5 million devices (0.5% of all phones), 
this will lead to interception of approximately 25 key-escrowed phone 
calls per year, about one every fifteen days. If the key escrow centers' 
costs are amortized over 25 calls per year, each key-escrowed wiretap 
will cost $290,000 ($50K for wiretap and $240K for escrow center 
expenses). If TSD prices fall in an expanded market to $500 per TSD, 
2.5M devices will cost the consumer $1.25B.

If the demand for TSDs is truly enormous, reaching 5% of all phones in 
the U.S., one could expect about one key-escrowed wiretap every day and 
a half. In this case, the cost of a keyescrowed wiretap will rise to 
$74,000 ($50K for wiretap and $24,000 for escrow center expenses). Only 
in this last case does any form of cost benefit tradeoff for the cost of 
a wiretap make sense. Even if prices were to fall to $100 per TSD, 25M 
will cost the consumer $2.5B.

Number of Clipper Telephone Security Devices:

Percent of U.S. phones:

Number of Key Escrow taps/yr:

One call to key escrow center every:

Cost per escrowed key call:

250,000	2,500,000	25,000,000
00.05%	00.5%	5%
2.5	25	250;


145 days	15 days	1.5 days
$2.4M	$240,000	$24,000


This scenario assumes that the population of phones likely to be tapped 
is roughly the same as that of the general population. Unfortunately, 
this is unlikely to be true since, on one hand, the average criminal who 
doesn't realize he is likely to be tapped is unlikely to bother with any 
form of TSDs and so can be wiretapped using conventional means and, on 
the other hand, the "sophisticated" criminal, who understands what he 
may be up against, will almost certainly buy non-key escrowed TSDs. 
Under these circumstances, 2.5 key-escrowed calls per year is probably 
very optimistic.

Now there are those who say, "If only one of those calls is a World 
Trade Center bomb plot, it will all be worth it!" But the World Trade 
Center bombers went back for a deposit on the rental truck they blew up. 
If they are the types we are up against, they will not have enough sense 
to use a TSD. And as pointed out above, the sophisticated criminal will 
surely know enough to not buy a key-escrowed TSD.

A contradictory story has also been put forth that claims that the 
Administration never intended to catch criminals using key escrow . In 
this version, the intent was to introduce cryptographic capabilities 
that are substantially better than what is available now and to include 
key escrow to deny their use to criminals. If this is the "real" reason 
for Clipper, then the Administration must understand that they will 
never get any wiretap calls for key escrow. If so, one must anticipate 
that the extensive protections now being planned for the escrowed keys 
will diminish over time from disuse. If this happens, all those who 
bought the "stronger" encryption capability will then become vulnerable 
to trivial decryption.

The Administration has stated that its plan is to buy enough TSDs to 
flood the market, thus making them so cheap that everyone will buy them. 
Their plan for "flooding" the market is to buy 9,000 devices using funds 
confiscated from criminals. Such a purchase will have little effect 
either in achieving the installed base necessary for key escrow to work 
properly or in reducing the price to a level where the devices are 
pervasive.

Even if every factor in this analysis is slanted in favor of Clipper, it 
is difficult to see how this program is going to help law enforcement 
maintain its ability to wiretap criminals. Clipper is an expensive 
program for both the government and the consumer that shows little if 
any promise of achieving its goal.



International Aspects of Key Escrow

The Administration has stated that Clipper systems with key escrow will 
be exportable. The question remaining to be answered is will anyone 
outside the U.S. be interested. In July 1992, NSA agreed that certain 
encryption algorithms that were limited to 40-bit key lengths could be 
exportable. But 40-bit key lengths are so weak that no one inside or 
outside the U.S. would want them. It is clear that foreign governments 
may want key escrow systems to allow them to monitor communications, but 
their citizens will generally share the concerns of most Americans.

It may be possible for governments to work out bilateral agreements to 
share escrowed keys (though little progress has been reported to date), 
but this will do nothing for the growing need of multinational companies 
to communicate with others across international boundaries. The 
international aspects of key escrow remain a thorny problem, which will 
defy solution for a long time.



The Capstone/Tessera Program

Apparently when AT&T announced its DES TSD in late 1992, NSA had already 
been working on a program called Capstone which was to provide good 
quality cryptography and key escrow for computer communications. 
Applying these techniques to telephones required only a stripped down 
Capstone, which carne to be called Clipper.

Capstone is a key ingredient in a program to provide information 
security for the Defense Message System and other programs within the 
Department of Defense. It is also being pushed for a wide variety of 
other programs within the government including the IRS, Social Security, 
and even Congressional systems.

Providing good cryptographic protection in a computer communications 
environment is much more difficult than in a telephone context. The ease 
with which a user can manipulate his or her text either before passing 
it to the Capstone process or after it has been encrypted makes it very 
difficult to ensure the effectiveness of the result. Also, the 
technologies involved in the present implementations of the Skipjack 
algorithm, while sufficient for telephone and low speed computer 
communications, will not easily scale to meet the needs of high speed 
computer communications.

Because it uses a secret algorithm, Capstone and the products that use 
it will only be available in hardware implementations such as the NSA 
Tessera PCMCIA card. It has been suggested that if the interfaces that 
Tessera uses could be generalized so that other cryptographic algorithms 
could be implemented in compatible packages, the Tessera program could 
have a much greater market penetration.

The Government has stated that Tessera will be exportable. If such 
common cryptographic interfaces existed, mass market software vendors 
who support Tessera could integrate cryptographic functions into their 
applications without concern for export controls on their products and 
vendors within individual countries could build Tessera equivalent 
PCMCIA cards using alternative cryptographic algorithms. Such a 
development would provide a fundamental increase in the market for 
cryptographic products and thus increase the chances for market 
penetration of products such as Tessera. At this time, it is unclear 
whether NSA will choose to generalize the Tessera interfaces to allow 
cards with other algorithms to coexist.



Strengths of Clipper

I am convinced that Skipjack, the cryptographic algorithm in Clipper, is 
a very good algorithm. I also believe that procedures can be developed 
for protecting escrowed keys that will provide reasonable assurance that 
the keys will not be compromised under normal circumstances. I have 
known many of the people at NIST and NSA who have worked on this program 
for many years. I believe they are honest, well-intentioned people who 
are doing the best job they can to protect the interests of the law 
enforcement and national security communities.

My concerns are not with the strengths of this program or the integrity 
of the people who have put it together but with whether there is any 
practical chance that it will achieve its goals and whether the American 
people are ready for key escrow.


What Should Congress Do?

For any form of key escrow system to work, it must have the confidence 
of the American people. The Administration claims that it does not need 
legislation to impose key escrow, that it is operating entirely within 
the provisions of the wiretap statutes. This may be legally correct, but 
we should take lessons from the past on how to convince people to accept 
ideas that do not immediately seem to be in their best interests.

At least once before in modern times, the government was faced with 
convincing the American public to allow something that did not seem in 
the best interests of the average citizen, that is, to allow the 
government to wiretap phones. But in 1968, Congress passed and the 
President signed a law that established a balance on the wiretap issue 
that appears reasonable to most of us.



10

If key escrow is the vital answer to encrypted wiretaps as the 
Administration claims, we should follow the same process we did for 
authorizing wiretaps:

     Congressional debate,

     Passage of legislation,

     Presidential signature, and

Judicial review.

This full process is necessary before the American people will accept 
key escrow. The only excuse for not doing this seems to be that the 
process will take too long. But the reaction to date indicates that by 
not taking the time for the legislative process, the Clipper program 
will be little more than a program the government imposes on itself.

I strongly recomrnend that the Administration propose legislation that 
would give key escrow the same legal standing as court-ordered wiretaps. 
If the Administration does not take this action soon, I believe the 
Congress should act on its own to review this concept and determine if 
keyescrowed communications should be imposed on the American people.



THE DIGITAL SIGNATURE NON-INITIATIVE

Key escrow is not the only instance in which the Administration has 
focused almost exclusively on the law enforcement and national security 
side of an important issue. In almost total contrast to the haste with 
which the Clipper initiative has proceeded, the government's efforts 
over the past decade to establish a digital signature standard, an 
essential tool in any form of electronic commerce, have failed 
miserably. The background of this incredible failure should be very 
embarrassing to someone, but it appears there are so many participants 
that no one needs to take the blame.

According to a recent GAO report, this odyssey began in the early 1980s 
when the National Bureau of Standards (NBS, now NIST) sought a public 
key encryption standard to complement the DES. No progress was made even 
though nearly everyone acknowledged the essential need for such a 
capability and that the technology necessary for it already existed in 
the RSA public key encryption algorithm among others.

In the 1988 hearings on the progress of the Computer Security Act, the 
Directors of NSA and NBS were pressured to get on with establishing a 
public key encryption standard. In the recently released, highly 
censored proceedings of the joint NSA-NBS Technical Working Group, the 
tortuous deliberations toward a DSS are evident. Despite the ready 
availability of technology



11

impact of this on the marketplace was apparent. Another long period of 
silence by the government extended from late summer 1993 until early 
1994.

Then on February 4, 1994, as part of the Clipper approval announcement, 
NIST stated that the exclusive licensing of DSA to PKP would not take 
place, and it was the government's intention that the DSA would be 
available to anyone free of royalties. When asked what the government 
would do now to make this possible, the response was they would either 
(1) continue trying to negotiate a deal with PKP, (2) take the process 
to courts to prove that DSA did not infringe upon PKP's patents, or (3) 
develop a new algorithm. There was, of course, no timetable for 
resolving these alternatives.

So now we are no better off than we were in mid-1991 or perhaps even 
1982. But today there are major commercial activities that are using RSA 
as the basis for digital signatures and there are major government 
programs, such as the IRS modernization effort, that must have a digital 
signature capability to succeed. NIST's present advice to government 
programs in need of a digital signature capability is to do whatever 
they want.

Recalling Mr. McNulty's testimony from above, we have another example of 
the government's insistence that law enforcement and national security 
interests totally dominate those of the public and civilian government. 
The result is that a capability that could have been available as a 
government standard in 1982 and is now a defacto commercial world 
standard has been held back for twelve years, and there remains no real 
prospect for when this issue will be resolved.



What Should Congress Do?

Unfortunately, in this case it is difficult to suggest what the Congress 
can do.

It would be unusual but not out of the realm of possibilities for the 
Congress to mandate the use of an existing industry standard for digital 
signatures for all government programs involving electronic commerce. 
The clear failure of the Executive Branch to find a suitable alternative 
after twelve years of searching and the urgent needs of government and 
commercial interests to have a readily available means for signing 
electronic documents would justify such a step by the Congress.



 EXPORT CONTROL OF CRYPTOGRAPHY'

And there are other examples of how the government's dominant concern 
for national security and law enforcement capabilities has driven the 
U.S. down paths that harm our national economic interests.




13


Since the publication of the DES as a U.S. Federal Information 
Processing Standard (FIPS) in 1977, cryptography has shifted from the 
exclusive domain of governments to that of individuals and businesses. 
DES in both hardware and software implementations is a defacto 
international standard against which all other cryptographic algorithms 
are measured.

The controversy that arose as soon as DES was published concerning 
whether it had weaknesses that intelligence organizations could exploit 
fostered the highly fruitful academic research into public key 
cryptography in the late 1 970s. Public key algorithms have the main 
advantage that the sender does not need to have established a previous 
secret key with the recipient for communications to begin. Public key 
algorithms, such as RSA, have become as popular and widely used as DES 
throughout the world for integrity, confidentiality, and key management.



Software Publishers Association Study

The Administration has asserted that export controls are not harming 
U.S. economic interests because there are no foreign cryptographic 
products and programs commercially available. Implementations of DES, 
RSA, and newer algorithms, such as the International Data Encryption 
Algorithm (IDEA), are available routinely on the Internet from sites all 
over the world. But according to the Administration, these do not count 
as commercial products.

In order to understand just how widespread cryptography is in the world, 
in May of 1993, the Software Publishers Association (SPA) commissioned a 
study of products employing cryptography within and outside the U.S. 
There was a significant amount of knowledge about specific products here 
and there, but no one had ever tried to assemble a comprehensive 
database with, where possible, verification of product availability. I 
reported the results of this survey in hearings before the Subcommittee 
on Economic Policy, Trade and Environment, Committee on Foreign Affairs, 
U.S. House of Representatives last October.

Information on new products continues to flow in daily. As of today:

´ We have identified 340 foreign hardware, software, and combination 
products for text, file, and data encryption from 22 foreign countries: 
Argentina, Australia, Belgium, Canada* Denmark, Finland, France, 
Germany, Hong Kong, India, Ireland, Israel, Japan, the Netherlands, New 
Zealand, Norway, Russia, South Africa, Spain, Sweden, Switzerland, and 
the United Kingdom.

´ Of these, 155 employ DES either in hardware of software.

´ We have confirmed the availability of 70 foreign encryption software 
programs and kits that employ the DES algorithm. These are published by 
companies in Australia, Belgium, Canada, Denmark, Finland, Germany, 
Israel, the Netherlands, Russia, Sweden, Switzerland, and the United 
Kingdom.

14

Some of these companies have distributors throughout the world, 
including in the U.S. One German company has distributors in 14 
countries. One U.K. company has distributors in at least 13 countries.

´ The programs for these DES software products are installed by the 
users inserting a floppy diskette; the kits enable encryption 
capabilities to be easily programmed into a variety of applications.

A complete listing of all confirmed products in the database is 
identified in Attachment 1.

As part of this survey, we have ordered and taken delivery on products 
containing DES software from the following countries: Australia, 
Denmark, Finland, Germany, Israel, Russia, and the
United Kingdom.

Foreign customers increasingly recognize and are responding to the need 
to provide software-only encryption solutions. Although the foreign 
encryption market is still heavily weighted towards encryption hardware 
and hardware/software combinations, the market trend is towards software 
for reasons of cost, convenience, and space.

On the domestic front, we have identified 423 products, of which 245 
employ DES. Thus, at least 245 products are unable to be exported, 
except in very limited circumstances, to compete with the many available 
foreign products.

In total, we have identified to date 763 cryptographic products, 
developed or distributed by a total of 366 companies (21 1 foreign, 155 
domestic) in at least 33 countries.

DES is also widely available on the Internet, and the recently 
popularized Pretty Good Privacy encryption software program, which 
implements the IDEA encryption algorithm, also is widely available 
throughout the world.

The ineffectiveness of export controls is also evident in their 
inability to stop the spread of technology through piracy. The software 
industry has a multibillion dollar worldwide problem with software 
piracy. Mass market software is easy to duplicate and easy to ship via 
modem, suitcase, laptop, etc. Accordingly, domestic software products 
with encryption are easily available for export--through illegal but 
pervasive software piracy--to anyone who desires them.

Foreign customers who need data security now turn to foreign rather than 
U.S. sources to fulfill that need. As a result, the U.S. Government is 
succeeding only in crippling a vital American industry's exporting 
ability.





15

Frequently Heard Arguments

There are a series of arguments frequently heard to justify continued 
export control of cryptographic products.

The first argument is that such products are not available outside the 
U.S., so U.S. software and hardware developers are not hurt by export 
controls.

The statistics from the SPA survey prove that this argument is false!

A second argument is that even if products are available, they cannot be 
purchased worldwide.

Our experience with purchasing products indicates that this also is not 
true. We have found 462 companies in 33 foreign countries and the U.S. 
that are manufacturing, marketing, and/or distributing cryptographic 
products, most on a worldwide basis. The names of these companies are 
listed in Attachment 2.

All the products we ordered were shipped to us in the U.S. within a few 
days. The German products were sent to us directly from their U.S. 
distributors in Virginia and Connecticut, respectively. Our experience 
has been that if there is paperwork required by the governments in which 
these companies operate to approve cryptographic exports, it is minimal 
and results in essentially immediate approval for shipping to friendly 
countries.

A third argument frequently heard is that the products sold in other 
parts of the world are inferior to those available in the U.S.

We have purchased products from several sources throughout the world. We 
ordered DES-based PC file encryption programs for shipment using routine 
channels from:

Algorithmic Research Limited (ARL), Israel

Sophos Ltd., UK

Cryptomathic A/S, Denmark

CEInfosys GmbH, Germany

uti-maco, Germany

Elias Ltd., Russia (distributed through EngRus Software International, 
UK)



1 6

The products we obtained from these manufacturers and distributors were 
in every case first-rate implementations of DES. To better understand if 
foreign products are somehow inferior, we have examined several of these 
products to see if we can detect flaws or inherent weaknesses.

What we have found in our limited examination is that while these 
products generally use fully compliant DES implementations, they 
sometimes do not make use of all the facilities that might be available 
to them. The result is a full-strength DES product that is fully 
adequate for protecting commercial sensitive information but would not 
meet the strict requirements of a full national security product review.

Two examples of facilities that these products do not fully utilize are:

Initialization Vector (IV) (data added to the beginning of text to be 
encrypted to ensure synchronization with the decryption process)

Frequently, these simple file encryption products use the same IV every 
time. A product designed for protecting national security information 
would vary the IV each time.

            Key Generation

Frequently, these products use an encryption key derived from a string 
of text that is typed in by the user. Users may tend to use the same 
simple alphanumeric text strings to encrypt multiple files. A product 
designed for protecting national security information would generate a 
truly random encryption key, usually with each use.

It is important to note that there appears to be no difference between 
foreign and U.S. commercial products in the use of these 
simplifications.

A fourth frequently heard argument is that many countries have import 
restrictions that would prevent U.S. exports even if the U.S. relaxed 
its export controls.

While our survey has focused on the ease of importing products into the 
U.S., we have noted that many of the companies in our survey have 
distributors throughout the world. There may be countries that restrict 
imports of cryptography just as there may be those that restrict 
internal use of cryptography. But we are unaware of any countries in 
this category.

Other Countries Have Relaxed Export Controls

Our survey results also point to a much more ominous finding! Apparently 
the controls imposed by the U.S. Government on export of cryptographic 
products from the U.S. are far more restrictive than those imposed by 
most other countries, including our major allies. The effect of this 
most unfortunate situation is to cripple U.S. industry while our friends 
overseas appear to be free to export as they wish.

The U.S. imposes very strict rules on the export of cryptographic 
products. In general, applications for the export of products that use 
DES will be denied even to friendly countries unless they are for 
financial uses or for U.S. subsidiaries. We have been told repeatedly by 
the U.S. Government that other countries such as the United Kingdom and 
Germany have the same export restrictions that the U.S. does.

But our experiences with the actual purchases of cryptographic products 
show a very different picture.

We know that companies in Australia, Denmark, Germany, Israel, South 
Africa, Sweden, Switzerland, and the United Kingdom are freely shipping 
DES products to the U.S. and presumably elsewhere in the world with no 
more then a few days of government export control delay, if any. 
Sometimes the claim is that they have to "fill out some papers," but 
it's no big problem. In Australia, we are told, the exporting company 
must get a certificate that the destination country does not repress its 
citizens. Many countries allow shipment so long as it is not to former 
CoCom restricted countries (the former Soviet block and countries that 
support terrorism).

Our experience with these purchases has demonstrated conclusively that 
U.S. business is at a severe disadvantage in attempting to sell products 
to the world market. If our competitors overseas can routinely ship to 
most places in the world within days and we must go though time-
consuming and onerous procedures with the most likely outcome being 
denial of the export request, we might as well not even try. And that is 
exactly what many U.S. companies have decided.

And please be certain to understand that we are not talking about a few 
isolated products involving encryption. More and more we are talking 
about major information processing applications like word processors, 
databases, electronic mail packages, and integrated software systems 
that must use cryptography to provide even the most basic level of 
security being demanded by multinational companies.





1 8

Demonstrations of Available Cryptographic Products

We have before us today several examples of cryptographic products that 
were lawfully obtained in the United States from foreign vendors:

´ AR DISKrete: produced by Algorithmic Research Limited (ARL), Israel.
Uses DES disk/file encryption to provide PC security and access control.

´ EDS: produced by Sophos Ltd., UK.
DES-based PC file encryption package.

´ F2F (File-to-File): produced by Cryptomathic A/S, Denrnark.
DES-based PC file encryption utility.

´ Softcrypt: produced by CEInfosys GmbH, Germany.
DES-based PC file encryption utility.

´ SAFE-GUARD Easy: produced by uti-maco, Gerrnany.
DES-based PC file encryption utility.

´ EXCELLENCE for DOS: produced by Elias Ltd., Russia; distributed 
through EngRus Software International, UK.
GOST-based (Russian DES equivalent) PC file encryption utilitv.

In addition to these products, we have the complete set of notebooks of 
product literature we have gathered to confirm the inforrnation in our 
worldwide survey of cryptographic products.

We also have a demonstration of the power of the digital revolution and 
the impact it will have on all our communications in the future. 
Traditionally, when we think of voice communications, we think of the 
telephone in its many forms (desk, cordless, cellular, car). However, 
many modem computer workstations now have the ability to carry voice as 
well as other multimedia communications. Routinely today on the 
Internet, voice conferences are held over packet switched communications 
networks.

Today we have a demonstration using two off-the-shelf Apple Macintosh 
PowerBooks that come with both speakers and microphones that enable 
software programs such as Talker from 2 Way Computing, Inc., of San 
Diego, CA, to transform a laptop computer into a telephone.

With this laptop computer telephone, it is easy to protect phone 
conversations from eavesdroppers. Since all the telephone functions are 
performed in software, it is trivial to add an encryption algorithm, 
such as the DES, to the software and provide good quality encryption to 
the digitized speech.

Export Control of Information in the Public Domain

The U.S. International Trade in Arms Regulations (ITAR) govern what 
products can and cannot be subjected to export controls. These 
regulations clearly define a set of conditions in which information 
considered to be in the "public domain" can not be subject to controls. 
In the ITAR itself, public domain is defined as information that is 
published and that is generally accessible or available to the public: 
through sales at bookstores,                        ? at libraries, 
through patents available at the patent office, and

through public release in any form after approval by the cognizant U.S. 
Government department or agency.

The Data Encryption Standard has been openly published as a Federal 
Information Processing Standard by the U.S. Government since 1977. 
Implementations of it in hardware and software are routinely available 
in the U.S. and throughout the world. Publication of software programs 
containing DES in paper form are permitted because of the First 
Amendment in the Bill of Rights. But the export of DES as hardware or 
software remains subject to export control despite its clearly being in 
the public domain.

One frustrating and somewhat humorous result of this situation occurred 
recently when NIST published a FIPS that contained source code for DES. 
In paper form, the Automated Password Generation Standard, FIPS 181, is 
acceptable for worldwide dissemination. But when NIST made the FIPS 
available over the Internet without an export restriction notice, it was 
immediately copied by computers in Denmark, the UK, and Taiwan. When it 
was pointed out that NIST's actions were in apparent violation of the 
ITARs, they quickly moved the file to a new directory with an 
appropriate export prohibition notice. Now FIPS 181 is available from 
hosts throughout the world along with the notice that export from the 
U.S. is in violation of U.S. export control laws.

NIST "exported" source code for DES with apparent immunity. Phil 
Zimmerman is still being investigated by the U.S. government and facing 
a four year imprisonment for allegedly doing nothing more.

Unfortunately, U.S. companies are not allowed to treat the export of DES 
in quite so simple a manner. As discussed earlier, DES is routinely 
available anywhere in the world. It meets the definition of "in the 
public domain" on numerous levels. And yet U.S. companies are prevented 
from exporting it other than to Canada. This situation is yet another 
example of the inconsistencies of U.S. export control policies.
20

Industry wide Experience

Some companies do try to compete and offer excellent DES-based products 
in the U.S. But because of the export restrictions, they must develop 
weaker versions for export if they wish to pursue foreign markets. Many 
companies forgo the business rather than spend extra money to develop 
another inferior product that cannot compete with products widely 
available in the market.

The government already has a measure of lost sales and dissatisfied 
customers in the number of State Department/NSA export license 
applications denied, modified, or withdrawn. However, it is impossible 
to estimate accurately the full extent of lost sales. Many potential 
customers know that U.S. companies cannot meet their demand and thus no 
longer inquire. Conversely, most major companies have given up even 
trying to get export approvals for DES to meet customer demand.

One U.S. company, Semaphore Communications Corporation, that makes 
products using DES encryption has provided the following comments on 
their recent experiences (quoted from a letter dated 4/20/94 to Stephen 
T. Walker from William Ferguson of Semaphore):

As a small company with limited resources, we have chosen to get an 
assessment directly from the NSA prior to investing too many resources 
in pursuing the situations, as the NSA Export Office is the ultimate 
authority on whether any export license will be granted; or the U.S. 
companies with familiarity of the export regulations have advised us of 
their position before we invested too many resources.

The recent short list of opportunities include:

1. NATO: order placed by SHAPE Technical Centre in 11/93 as precursor of 
NATO-wide security plan; pre order query to State Dept. gave verbal 
approval as shipment was to an APO address: on submitting license 
application, NSA denied permission to ship. NATO officials are currently 
trying to get permission from NSA but have thus far been denied.

2. Hong Kong Immigration Department: project to secure network 
communications for all department sites with fully redundant scheme: 
sought ruling before bidding in partnership with AT&T; denied 4/93. All 
competitors bid Racal; as a British company they had no restrictions.

3. Norway Telecom: planning secure network for government and financial 
users using single solution: sought ruling before

21

4.

bidding; told use sounded too general and export office would have 
difficulty approving, 10/93.

Dutch National Police computer network: application to secure entire 
national data network: advised would not be granted permission when 
seeking pre-bid ruling, 11/93. Attempted to have our application viewed 
in same context as open license granted to DEC and IBM for similar 
equipment, but advised would need letters from all Dutch government 
agency department heads for any consideration. This effort would have 
required more than three months of effort by company executive located 
in Holland. Deemed too expensive for only one project.

5. Michelin: seeking solution to secure global network including all US-
based, ex-Firestone facilities: when advised of export restrictions, 
Michelin rejected US-based technology to seek other solution; 4/93.





8.

Volkswagen: in planning of security strategy for global networks; 
solicited bid: rejected US-based technology when informed of export 
regulations, 2/93.

Boeing: one of largest global users of secure communications: advised 
Boeing didn't want to have to deal with export regulations for meeting 
needs: continues to buy Racal products to avoid U.S. regulations. 
Continue to try to sell, but have met with resistance for procurements 
10/92, 4/93, 11/93. Volume would be very high as Boeing took delivery of 
800 routers in 1993. and our equipment would have 1:1 relationship. 
Boeing now in another review cycle.

GE: has major program in planning to secure global networks: diverse 
ownership in many locations has GE seeking foreign solutions for global 
uniformity.

9. Swiss National Justice and Police Department: project to connect all 
police and court locations in country: advised by NSA that approval 
would be hard to justify based on fact that it was Switzerland, 4/94.

10. Thomsen CSF: seeking technology partner for next generation of 
Thomsen products: sought out Semaphore as Thomsen technology group finds 
our technology to be far ahead of any other global

22

options, and wanted to have fast time-to-market: NSA suggested we 
discontinue further discussions, 4/94.

11. Sikorsky: advised permission would not be granted for equipment at 
foreign joint-venture partners for new commercial helicopter venture, 
3/94. Revisited with another NSA export official in 4/94, and advised 
that license might be granted if use was to principal benefit of a USA 
company. No firm commitment until license application is submitted as 
one location is in Japan.

Glaxo Pharmaceutical: world's largest pharmaceutical company has global 
requirement to secure testing and development data: will seek other 
solutions as Semaphore cannot deliver to other global locations, 2/94.

13. Pillsbury: has strategy to secure global networks: as owned by UK-
based Grand Metropolitan, will seek other solutions which can be shipped 
to all global locations, 11/93.

The total value for all of these opportunities are estimated to be in 
the range of $30 to S50 million based on the preliminary estimates of 
the projects.

You have Semaphore's permission to submit this information with your 
testimony before the Congress.

Gauging the extent of economic harm industrywide is what is an 
inherently difficult task because most companies do not want to reveal 
that sort of information. Consequently what exists, with the exception 
of statements like that from Semaphore, is mostly anecdotal information. 
But the accumulation of anecdotal information collected by the SPA 
paints a picture of three ways in which the export controls on 
cryptographic products are hurting American high-tech industry.

( l ) Loss of business directly related to cryptographic products: 
First, for many data security companies, every sale is vital, and the 
loss of contracts smaller than $1 million can often mean the difference 
between life and death for these companies. The confusion and 
uncertainty associated with export controls on encryption generate 
severe problems for small firms, but not as severe as the loss of 
business they suffer from anti-competitive export controls. Examples 
abound:

One U.S. company reported loss of revenues equal to a third of its 
current total revenues because export controls on DES-based encryption 
closed off a market when its customer, a foreign government, privatized 
the function for which the encryption was used, and the U.S. company was 
not permitted to sell to the

private foreign firm. The company estimates it loses millions of dollars 
a year because it receives substantial orders every month from various 
European customers but cannot fill them because of export controls.

One small firm could not sell to a European company because that company 
sold to clients other than financial institutions (for which export 
controls grant an exception). Later, the software firm received reports 
of sales of pirated copies of its software. This constituted the loss of 
a $400,000 contract for the small U.S. software firm.

Because of existing export restrictions, an American company recently 
found itself unable to export a mass market software program that 
provided encryption using Canadian technology based on a Japanese 
algorithm. Yet other European and Japanese companies are selling 
competing products worldwide using the same Canadian technology.

An SPA member's product manager in Europe reported the likely loss of at 
least 50% of its business among European financial institutions, defense 
industries, telecommunications companies, and government agencies if 
present restrictions on key size are not lifted.

Yet another SPA member company reported the potential loss of a 
substantial portion of its international business if it cannot commit to 
provide DES in its programs.

A German firm that opened a subsidiary in the U.S. sought a single 
source encryption software product for both its German and U.S. sites. A 
U.S. data security firm that bid for the contract lost the business 
because U.S. export controls required that the German firm would have to 
wait approximately six months while a license was processed to sell them 
software with encryption for foreign application. The license could only 
be for one to three years, the three year license being more expensive. 
Consequently, the German firm ended up purchasing a DES-based system 
from another German company, and the U.S. firm lost the business.

A foreign government selected one software company's data security 
product as that government's security standard. The company's 
application to export the DES version was denied, and as a consequence 
the order was lost. This cost the company a $400,000 order and untold 
millions in future business.

(2) Loss of business from U.S. companies with international concerns: 
Second, multinational corporations (MNCs) are a prime source of business 
in the expanding international market for encryption products. Many 
U.S.-based firms have foreign subsidiaries or operations that do not

24

meet export requirements. While U.S. products may be competitive in the 
U.S., many MNCs obtain from foreign sources encryption systems that will 
be compatible with the company's worldwide operations. Moreover, foreign 
MNCs cannot rely on the availability of U.S. products and have been 
known to import foreign cryptography for use in their U.S. operations.

One U.S. firm reports the loss of business from foreign MNCs that will 
not integrate the company's products into their U.S. operations because 
of the export restrictions that would prevent them from being compatible 
with their domestic operations.

The Computer Business Equipment Manufacturers Association reports that 
one of its members was denied an export license and lost a $60 million 
sale of network controllers and software for encryption of financial 
transactions when the Western European customer could not ensure that 
encryption would be limited to financial transactions.

(3) Loss of business where cryptography is part of a system: Third, 
encryption systems are frequently sold as a component of a larger 
system. These "leveraged" sales offer encryption as a vital component of 
a broad system. Yet the encryption feature is the primary feature for 
determining exportability. Because of the export restrictions, U.S. 
firms are losing the business not just for the encryption product but 
for the entire system because of the restrictions on one component of 
it.

One data security firm has estimated that export restrictions constrain 
its market opportunities by two-thirds. Despite its superior system, it 
has been unable to respond to requests from NATO, the Swedish PTT, and 
British telecommunications companies because it cannot export the 
encryption they demand. This has cost the company millions in foregone 
business.

One major computer company lost two sales in Western Europe within the 
last 12 months totaling approximately $80 million because the file and 
data encryption in the integrated system was not exportable.

One possible solution to the problem of export controls may be for U.S. 
companies to relocate overseas. Some U.S. firms have considered moving 
their operations overseas and developing their technology there to avoid 
U.S. export restrictions. Thus, when a U.S. company with technology that 
is clearly in demand is kept from exporting that technology, it may be 
forced to export jobs instead.

How Are U.S. Citizens and Businesses Being Affected by All This?

The answer to this question is painfully simple. When U.S. industry 
forgoes the opportunity to produce products that integrate good security 
practices, such as cryptography, into their products because they cannot 
export those products to their overseas markets, U.S. users 
(individuals, companies, and government agencies) are denied access to 
the basic tools they need to protect their own sensitive information.

The U.S. Government does not have the authority to regulate the use of 
cryptography within this country. But if through strict control of 
exports they can deter industry from building products that effectively 
employ cryptography, then they have achieved a very effective form of 
internal use control. You and I do not have good cryptography available 
to us in the word processors and data base management and spreadsheet 
systems even though there is no law against our use of cryptography. If 
we want to encrypt our sensitive information, we must search out special 
products that usually must be used separately from our main workstation 
applications. This is a very effective form of internal use control, and 
it makes all levels of U.S. industry vulnerable to foreign and domestic 
industrial espionage.

And Clipper, as presently being implemented, does nothing to help this 
problem.


What Should Congress Do?

In this case, Congress is already doing something! Last November, 
Representative Maria Cantwell introduced HR3627, a bill that would shift 
export control of mass market software products including those with 
cryptography, for the Department of State to the Department of Commerce, 
thus allowing them to be treated as normal commodities instead of 
munitions. This bill should be considered as part of Chairman 
Gejdenson's overall bill to reform export controls. In the Senate, the 
Murray-Bennett initiative, S 1846, to reform export controls has a 
similar objective.

Legislation such as HR3627 and S1846 must be passed as soon as possible 
to balance the national economic interests against those of law 
enforcement and national security.



SUMMARY



On Clipper Key Escrow

In addition to all the concerns about civil liberties and the use of 
classified cryptography to protect unclassified information, there are 
very real concerns about whether Clipper will really help law 
enforcement deal with the emergence of encrypted phone and data traffic. 
The

26

Administration needs to come forth with some form of business plan for 
how it expects this program to succeed in the marketplace.

The imposition of a technology as potentially invasive of Americans' 
right to privacy should not occur merely by executive edict but rather 
as the result of careful consideration and passage of legislation by the 
Congress and by being signed into law by the President and determined to 
be Constitutional by the Supreme Court. Only when this has been 
completed will most Americans accept key escrow. Only then will Clipper 
key escrow have a chance of succeeding.

If the Administration does not take immediate steps to introduce 
legislation defining the role of key escrow in the U.S., Congress must 
take decisive steps to do so itself.



On the Digital Signature Standard

The continuing failure of the U.S. Government to promulgate a Digital 
Signature Standard after twelve years of trying is a national economic 
tragedy. The world of electronic commerce could have been well along by 
now instead of just getting started had a standard been established even 
a few years ago. Those in government who think they are making great 
strides with the National Performance Review and the National 
Information Infrastructure will soon realize that until there is an 
effective DSS, their efforts will be of very limited success.

Make no mistake about it, the reason we have no DSS is because the 
national security and law enforcement interests in the U.S. have stymied 
all attempts to approve the logical worldwide defacto standard, and they 
have not been able to come up with an alternative. And it does not 
appear that they will succeed in identifying one any time in the near 
future.

Congress is well justified in taking the extraordinary step of naming a 
Digital Signature Standard based on the world-wide commercial choice. 
Congress has an obligation to the American people to allow the U.S. to 
enter the world of electronic commerce before the 21st century. It truly 
appears that we may never have a DSS otherwise.


On Export Control of Cryptography

The widespread availability of cryptography throughout the world and the 
ease with which other countries, including our closest allies, allow the 
export of cryptography to the U.S. and elsewhere make it imperative that 
our U.S. Government's regulation of cryptographic exports move out of 
the Cold War. Export controls have been relaxed on every other form of 
high tech computer and communications technology. Continuation of 
cryptography export controls is only hurting Arnerican citizens and 
businesses.




27

Law enforcement and national security interests will continue to 
encounter ever-growing amounts of encrypted communications no matter how 
many restrictive steps the Administration attempts to take. We must 
realize this basic fact of technology advancement and stop hamstringing 
U.S. national economic interests in the hope that we are helping our 
national security interests.

It is evident from the Administration's refusal to relax cryptographic 
export policies during the Clipper Interagency Review that the Executive 
Branch is going to continue to emphasize the interests of national 
security and law enforcement over our national economic interests until 
we become a third-rate economic power.

Only the Congress can take the steps to balance the interests of 
American citizens and businesses against that immovable force. I 
strongly support the Cantwell Bill, HR 3627, and the MurrayBennett 
initiative, S 1846.



On a National Policy on Cryptography

All of these concerns reflect the dilemma between the interests of 
private citizens and businesses in the U.S. to protect their sensitive 
information and the interests of law enforcement and national security 
to be able to monitor the communications of our adversaries.

We need a national statement of policy in this country defining what 
"rights" individuals and the government can expect in the use of 
cryptography. Such a policy might ban the use of cryptography by private 
citizens or remove all restrictions on cryptography exports. More 
likely, it will seek a compromise to balance our national economic and 
security interests. One example of such policy is:

"Good cryptography" shall be available to U.S. citizens and businesses 
without government restriction.

"Good cryptography" is defined as that which is commonly available 
throughout the world, presently the Data Encryption Standard and RSA 
public key cryptography with a 1024-bit modulus.

"Without government restriction" means without export control or other 
government regulation.

The Administration must understand that until a fair and open review of 
such a national policy is completed, the struggle over the control of 
cryptography will not go away.

The Congress can and must play a pivotal role in resolving this dilemma. 
I strongly urge

members of Congress to find a resolution of this issue before our 
economic interests are surrendered in the interests of law enforcement 
and national security.





29

ATTACHMENT 2
COMPANIES MANUFACTURING AND/OR DISTRIBUTING
CRYPTOGRAPHIC PRODUCTS WORLDWIDE



From the Software Publishers Association survey of cryptographic 
products as of April 25, 1994.



ARGENTINA
Newnet S.A.

AUSTRALIA
Cybanim Pty Ltd.
Datamatic Pty Ltd.
Eracom Pty Ltd.
Eric Young
Loadplan Australasia Pty Ltd.
LUCENT
News Datacom
Randata
Robust Software
Ross Williams
Sagem Australasia Pty Ltd.
TRAC Systems
Tracom


AUSTRIA
Schrack-Dat

BAHRAIN
International Information Systems


BELGIUM
Cryptech NV/SA
GSA Ran Data Europe
Highware, Inc.
Unina SA
Vector

CANADA
A.B. Data Sales, Inc.
Concord-Eracom Computer Ltd. 
Isolation Systems
Mobius Encryption Technologies
Newbridge Microsystems
Northern Telecom Canada Limited
Okiok Data
Paradyne Canada Ltd.
Secured Communication Canada 93, Inc.

DENMARK
Aarhus University, Computer Science D*n*Pnt
CryptoMathic
GN Datacom
Iversen & Martens A/S
LSI Logic/Dataco AS
Swanholm Computing A/S

FINLAND
Antti Louko
Ascom Fintel OY
Instrumentoiti OY

FRANCE
Atlantis
CCETT
CSEE - Division Communication et Informatique
CSIL
Cryptech France
Dassault Automatismes et Telecommunications
Digital Equipment Corporation (DEC), Paris
Research Lab
Incaa France S.A.R.L.
LAAS
Philips Communication Systems
Rast Electronics
S.A. Gretag
Sagem
Smart Diskette
Societe Sagem

GERMANY
AR Datensicherungssysteme GmbH
CCI
CE Infosys GmbH
Concord-Eracom Computer GmbH
Controlware GmbH
Data Safe
Dynatech-Gesellschaft fur Datenverarbeitung
GmbH
EuroCom EDV
FAST Electronic
Gliss & Herweg
GMD
Gretag Elektronik GmbH
KryptoKom
Markt & Technik Software Partners Intl. GmbH
Paradyne GmbH
Siemens
Smart Diskette GmbH
Tela Versicherung
Tele Security Timmann
Telenet Kommunication
The Compatibility Box GmbH
Tulip Computers
UTI-MACO GmbH

GREECE
G.J.Messaritis & Co. Ltd.
ORCO Ltd.

HONG KONG	
News Datacom
Triple D Ltd.

INDIA
Chenab Info Technology

IRELAND		
Eurologic Systems, Ltd.
Renaissance Contingency Services, Ltd.
Shamus Software Ltd.

ISRAEL
Algorithmic Research Ltd.
ELYASIM
News Datacom
TADIRAN
ITALY
Incaa SRL
Olivetti
Ratio Srl
Telvox s.a.s.
Uniautomation

JAPAN
Fujitsu Labs Ltd.
Japan's National Defense Academy
Paradyne Japan, KK
Yokohama National University

LUXEMBORG
Telindus SA


MALTA
Shireburn Co. Ltd.

NETHERLANDS
Ad Infinitum Programs (AIP-NL)
CRYPSYS Data Security
Concord Eracom Nederland BV
Cryptech Nederland
DigiCash
DSP Intemational
Geveke Electronics BV
Incaa Datacom BV
Incaa Nederland BV
Repko BV Datacomms
Verspeck & Soeters BV

NEW ZEALAND
LUC Encryption Technology, Ltd. (LUCENT)
Peter Gutmann
Peter Smith and Michael Lennon

NORWAY
BDC Bergen Data Consulting A/S
Ericcson Semafor
PDI
Scand PC Sys/Sectra
Skanditek AIS
UMI SA

POLAND
SOFT-u. I .

PORTUGAL
Infomova
Redislogar SA

RUSSIA
Askri
DKL Ltd.
Elias Ltd.
LAN Crypto
RESCrypto
ScanTech
TELECRYPT, Ltd.

SAUDI ARABIA
Info Guard Saudi Arabia


SINGAPORE
Cornmunications Systems Engineering Pty. Ltd.
Digitus Computer Systems

SOUTH AFRICA
BSS (Pty) Ltd.
Computer Security Associates
EFT
InfoPlan - Division of Denel PIL
Intelligent
Nanoteq
Net One
Siemens Ltd.
Spescom
Technetics

SPAIN
Asociacion Espanola de Empresas de Infomnatica
Asociacion Nacional de Industrias Electronicas
Redislogar Comrninicaciones SA
SECARTYS
Sinutec
Tecnitrade Int. SA


SWEDEN
AV System Infocard
Ardy Elektronics
Au-System Infocard AB
COST Computer Security Technologies
Intemational
DynaSoft
QA Infommatik AB
SONOR Crypto AB
SecuriCrypto AB
Stig Ostholm
Tomas Tesch AB

SWITZERLAND
ASCOM Tech AG
Brown-Boveri
Crypto AG
ETH Zurich
Ete-Hager AG
Gretag AG
Incaa Datacom AG
Info Guard AG
Omnisec AG
Organa
Safeware

UK
Airtech Computer Security
British Telecom
Business Simulations
Cambridge Electric Industries
Codepoint Systems Ltd.
Compserve Ltd. Compserve Ltd.
Computer Associates
Computer Security Ltd.
Cylink Ltd.
Data Innovation Ltd.
DataSoft Intemational Ltd.
Datamedia Corporation, Ltd.
Digital Crypto
Dynatech Communcations Ltd.-(Northem office)
Dynatech Communication Ltd.
EngRus Fulcrum Communications
GEC-Marconi Secure Systems
Gelosia
Global CIS Ltd.
Gretag Ltd.
Honeywell
IT Security Intemational
ITV
Incaa UK
Interconnections
Intemational Data Security
Intemational Software Management
J.R.Ward Computers Ltd.
JPY Associates
Jaguar Communications Ltd.
Janus Sovereign
Loadplan
Logica
Marconi
Microft Technology Inc.
Micronyx UK Ltd.
Micronyx UK Ltd.
Network Systems
News Datacom
Northern Telecom Europe Limited
PC Security Ltd.
PPCP
Paradyne European Headquarters
Plessy Crypto
Plus 5 Engineering Ltd.
Prosoft Ltd.
Protection Systems Ltd.
Racal
Racal Milgo
Radius
S&S Intemational
Shareware plc
Sington Associates
Smart Diskette UK
Smith's Associates
Softdiskette
Sophos Ltd.
Stralfors Data
Sygnus Data Cornrnunications
The Software Forge Ltd.
Time & Data Systems
Tricom University College London
Widney Ash
Zergo
Zeta Communications Ltd.

USA
3COM Corp.
ADT Security Systems
AO Electronics
AOS
ASC Systems 
ASD SoRware Inc. 
ASP 
AST Research 
AT&T 
AT&T Bell Laboratories 
AT&T Datotek Inc. 
Access Data Recovery 
Advanced Computer Security Concepts 
Advanced Encryption Systems 
Advanced Information Systems 
Advanced Micro Devices, Inc. (AMD) 
Aladdin Software Security 
American Computer Security 
Anagram Laboratories 
Applied Software Inc. 
Arkansas Systems, Inc.
Ashton Tate
BCC
BLOC Development Corporation
Banyan
Bi-Hex Co.
Borland
Braintree Technology
Burroughs
CE Infosys of America, Inc.
Casady and Greene
Centel Federal Systems Inc.
Central Point Software
Certus International
Cettlan Corp.
Chase Manhattan Bank, N.A.
Clarion
Codex Corp.
Collins Telecommunications Products Division
Command SW Systems
Commcrypt
Comrnunication Devices Inc.
Complan
Computer Associates International, Inc.
Contemporary Cybernetics
Cryptall
Cryptech
Cryptex/Gretag Ltd.
Cylink Corp.
Cypher Comms Technology
DSC Communications
DataEase International
Datakey Inc.
Datamedia Corporation
Datamedia Corp. (DC Area)
Datawatch, Triangle Software Division
Datotek, Inc.
Dell Computer
Digital Delivery, Inc.
Digital Enterprises Inc.
Digital Equipment Corporation (DEC)
Digital Pathways
Docutel/Olivetti Corp.
Dolphin Software
Dowty Network Systems
ELIASHIM Microcomputers Inc.
EMUCOM
Enigma Logic, Inc.
Enterprise Solutions Ltd.
Fairchild Seminconductor
Fifth Generation Systems, Inc.
Fischer International
Front Line Software
GN Telematic Inc.
GTE Sylvania
Gemplus Card Intemational
General Electric Company
Glenco Engineering
HYDELCO, Inc.
Hawk Technologies Inc.
Hawkeye Grafix, Inc.
Hilgraeve, Inc.
Hughes Aircraft Company
Hughes Data Systems Inc.
Hughes Network Systems - California
Hughes Network Systems - Maryland
Hybrid Communications
INFOSAFE
Incaa Inc.
Info Resource Engineering
Info Security Systems
Information Conversion Sevices
Information Security Associates, Inc.
Information Security Corp.
Innovative Communications Technologies. Inc.
Intel
International Business Machines (IBM)
Inter-Tech Corp.
Isolation Systems, Inc.
Isolation Systems, Inc.
John E. Holt and Associates
Jones Futurex, Inc.
Kensington Microware Ltd.
Kent Marsh Ltd.
Key Concepts
Kinetic Corp.
LUCENT
Lassen Software, Inc.
Lattice Inc.
Lexicon, ICOT Corporation 
Litronic Industries (Information Systems Division) 
Litronic Industries (Virginia) 
Lotus 
MCTel 
Maedae Enterprises 
Magna 
Mark Riordan 
Massachusetts Institute of Technology 
Matsushita Electronic Components Co. 
Mergent International 
Micanopy MicroSystems Inc. 
Micro Card Technologies, Inc. 
Micro Security Systems Inc. 
MicroFrame Inc. 
Microcom Inc. (Utilities Product Group) 
MicroLink Technologies Inc. 
Micronyx 
Microrim 
Microsoft Mika, L.P. 
Mike Ingle 
Morning Star Technologies 
Morse Security Group, Inc. 
Motorola 
NEC Technologies 
National Semiconductor Network, Inc. 
Networking Dynamics Corp. 
Nixdorf Computer Corporation 
Northern Telecom Inc. 
Norton 
Novell OnLine SW International 
Ontrak Computer Systems Inc. 
Optimum Electronics, Inc. Otocom Systems Inc. 
PC Access Control Inc. 
PC Dynamics Inc. 
PC Guardian 
PC Plus Inc.
Paradyne Caribbean, Inc. 
Paradyne Corporation 
Paralon Technologies 
Personal Computer Card Corp. 
Pinon Engineering, Inc. 
Prime Factors 
RSA Data Security, Inc. 
RSA Laboratories 
Racal Datacom 
Racal-Guardata 
Racal-Milgo USA 
Rainbow Technology 
Raxco 
Rothenbuhler Engineerin 
S Squared Electronics 
SCO 
SVC 
Safetynet 
Samna Corp 
Scrambler Systems Corp. 
Sector Technology 
Secur-Data Systems, Inc. 
Secura Technologies 
Secure Systems Group Internationl, Inc. 
Security Dynamics 
Security Microsystems Inc. 
Semaphore Communications 
Sentry Systems, Inc. 
Silver Oak Systems 
SmartDisk Security Corp. 
Software Directions, Inc. 
Solid Oak Software 
SophCo, Inc. 
Sota Miltope 
Stellar Systems Inc. 
Sterling Software Inc. (Dylakor Division) 
Sterling Software Inc. (System SW Marketing 			
	Division) 
SunSoft 
Symantec 
TRW, Electronic Product Ltd. 
Techmar Computer Products, Inc. 
Techmatics, Inc.
Technical Communications Corp. (TCC) 
Telequip Corp. 
Terry Ritter 
Texas Instruments, Inc. 
The Exchange 
Thumbscan, Inc. 
Tracor Ultron 
Trigram Systems 
Tritron Sytems 
Trusted Infommation Systems, Inc. 
UNIVAC 
UTI-MACO Safeguard Systems 
UUNet Technologies, Inc. 
United Software Security 
Uptronics, Inc. 
VLSI Technology, Inc. 
Verdix Corp. (Secure Products Division) 
ViaCrypt 
Visionary Electronics 
Wang Laboratories 
Wells Fargo Security Products 
Westem DataCom Co. Inc. 
Westem Digital Corporation 
Westinghouse Electric Corp. 
WordPerfect 
XTree 
Xetron Corp. 
Yeargin Engineering 
Zenith Data Systems 
hDC 
usrESZ Software, Inc.

YUGOSLAVIA
Sophos Yu d.o.o.





         12