Daschle on Encryption Legislation

20 July 1998
Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html
See July 15 floor discussion cited: http://jya.com/cr071598.htm
[Congressional Record: July 16, 1998 (Senate)]
[Page S8376-S8377]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr16jy98-112]


                         ENCRYPTION LEGISLATION

  Mr. DASCHLE. Late yesterday several of my colleagues took to the
floor to discuss their views on the need for congressional action on
encryption legislation. I would like to take this opportunity to
briefly provide my thoughts on this important issue.
  As everyone who follows encryption policy knows, despite years of
discussion and debate, we still have not found a solution that is
acceptable to industry, consumers, law enforcement and national
security agencies. In this Congress alone, we have seen 7 competing
bills introduced--3 in the House and 4 in the Senate.
  The country is paying a price for this inability to produce a
consensus solution. That price is evident not only in loss of market
share and constraint on internet commerce, but also in the steady
erosion of the ability of law enforcement's and national security
agencies' to monitor criminal activity or activities that threaten our
national interest.
  We simply must find a comprehensive national policy that protects
both U.S. national security and U.S. international market share--sooner
rather than later. And I believe we can.
  After many months of participating in discussions on encryption
policy and hearing from all sides of this complex issue, I have reached
two conclusions. First, the Administration has and is continuing to
make good-faith efforts to reach agreement on the numerous complex
issues that underlie our encryption policy. And second, there is
already considerable agreement on a series of key issues. The challenge
is to pull together to forge a consensus encryption policy for the 21st
Century.
  Earlier this year, I sent a letter to Vice President Gore asking for
the Administration's goals and plans for encryption policy. In his
response to me, the Vice President indicated that he supports
``energizing an intensive discussion that will apply the unparalleled
expertise of U.S. industry leaders in developing innovative solutions
that support our national goals.'' Subsequent actions demonstrate that
the

[[Page S8377]]

Vice President and this Administration have been true to their word.
  In the last several months, the Administration has engaged in
intensive discussions with the Americans for Computer Privacy, an
important business-oriented interest group. These discussions have
focused on technical, policy, legal, and business issues associated
with encryption, and the impact of strong encryption on law enforcement
and national security. The Administration is also reviewing ACP's
proposals for export relaxation[*]. I have been assured by senior
Administration officials that, in making decisions on our encryption
policy, the Administration recognizes it must carefully consider
commercial needs as well as law enforcement and national security
interests.
  As a result of the Administration's statements and actions, I am more
convinced than ever that there is already agreement on a significant
number of issues and that a consensus on encryption policy is possible
in the not-to-distant future. First, all parties accept the need for
and reality of strong encryption products. Second, all parties agree
that strong encryption products are essential to the growth of
electronic commerce and the internet. Third, all parties agree that 40-
bit keys are inadequate to ensure privacy and security. Fourth, all
parties agree that doing nothing has a real and significant downside.
According to a recent study, maintaining existing encryption policies
will cost the U.S. economy as much as $96 billion over the next 5 years
in lost sales and slower growth in encryption-dependent industries.
Finally, all parties agree that doing nothing is unsustainable because
the relaxed restrictions the Administration placed on 56-bit encryption
products expire at the end of the year and must be addressed within the
next month or two.
  So where does this leave us? Unfortunately, while recent discussions
between industry and the Administration have been fruitful, they have
not gone far enough or proceeded fast enough to produce the kind of
agreement I believe the majority of the Congress would all like to see.
The time has come for the Administration to announce exactly where it
stands on several key issues--including how it intends to proceed when
the current relaxed restrictions on 56-bit encryption expire.
  Having urged the Administration to greater efforts, I must also ask
if it would not be constructive for those who are most frustrated with
the pace of change in this area to take a step back and closely examine
their own positions. For example, several of the bills introduced in
the Congress this session call for the Secretary of Commerce to have
exclusive jurisdiction over the export of encryption products. Despite
the widespread agreement that the sale of encryption products has
important ramifications for our national security and law enforcement,
these bills would give no role to officials from the Justice
Department, the FBI, or the intelligence community in the decision
process regarding which encryption products can be legally sold.
  This fact would be noteworthy even in isolation. It is even more
remarkable when one combines it with the observation that many of the
adherents to this laissez-faire approach to export controls for
encryption products are the most vocal critics of the Administration's
export policies for commercial satellites.
  The incongruity of these two positions is stunning. Trying to
reconcile them is impossible. There are only two conclusions to be
drawn from this inconsistency. Either the right hand does not know what
the left is doing, or at least part of the criticism directed at the
Administration is politically motivated.
  I will be working with the Administration and my colleagues in the
days ahead in the hope of reaching some consensus on national
encryption policy. I am hopeful that over the next few weeks we can
begin to resolve the numerous difficult issues that remain. Neither
industry nor government is likely to get 100 percent of what it wants.
However, if both sides are flexible and cognizant of the stakes
involved, I am hopeful we can reach an agreement that's good for
consumers, good for business, and good for law enforcement and national
security.

                          ____________________




*See the ACP encryption policy proposal of May 8, 1998. Thanks to RL.