10 November 1997 Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html ------------------------------------------------------------------------- [Congressional Record: November 9, 1997 (Extensions)] [Page E2276] From the Congressional Record Online via GPO Access [wais.access.gpo.gov] [DOCID:cr09no97-17] STRONG ENCRYPTION NEEDED TO PROTECT NATIONAL SECURITY ______ HON. DAVID DREIER of california in the house of representatives Saturday, November 8, 1997 Mr. DREIER. Mr. Speaker, computers not only make virtually every aspect of our lives easier, we depend on their efficient operation to help safeguard our national security, economy, and way of life. Yet all it takes is a determined criminal with a personal computer and an Internet connection to cause a great deal of harm. That's why it's crucial that America protects sensitive information in computers with the best technology available. Ensuring the security of information stored in computers, and preventing criminals from breaking into critical systems requires encryption software, which uses mathematical formulas to scramble sensitive information so it can only be accessed by authorized users, who have the `key' to decode the material. The more complex the formula, the tougher it is for an unauthorized user to decipher the scrambled material. While American companies generally hold an edge over their foreign competitors in the development of advanced encryption software, export controls allow them to export only relatively simple encryption products. Over 400 companies outside the United States produce encryption software, and most are not subject to the same restrictions as U.S. companies. These companies are increasing their share of the rapidly expanding world market for encryption software at the expense of U.S. firms, which are not allowed to compete. The Clinton administration has proposed a radical change in encryption policy, one that would impose a mandatory key recovery system on encryption software used in the United States and exported abroad. Key recovery would require the maintenance of a centralized databank with all the Nation's encryption keys, and is primarily intended to help law-enforcement and increase national security. If police or other law-enforcement officials believe criminals have encrypted information that would help prevent a crime or catch a lawbreaker, they would obtain a court order, then retrieve the key from the centralized database. They could then convert the encrypted information back into its original form. Not only does this proposal raise concerns about how to prevent criminals from breaking into the key database, and about the privacy of law-abiding users of electronic commerce and Internet communications, it probably won't work. While the Clinton administration is working to require that U.S. companies only export advanced encryption software that uses a key recovery system, many other nations will impose no similar requirement on their firms. Because criminals will find it easy to import that software over the Internet, by electronic mail, on compact discs, or in some other way, they will continue to use encryption programs that U.S. law enforcement agencies don't have keys to. The people most affected by the mandatory key recovery system will be lawful Internet users, not the criminals and terrorists it is intended to combat. Furthermore, prohibiting the export of encryption programs that don't include a key recovery system will make it impossible for American companies to compete with foreign firms that are not similarly limited. American companies will stop competing in a key technology in which they now hold a lead. It will cost U.S. jobs, and prevent advances in a technology that is critical to defending the United States from terrorists, criminals, and even simple hackers. Instead, Congress should lift the controls on encryption software, encourage development of this promising technology, and focus resources on helping police develop better tools to catch criminals who use encryption in the commission of a crime. ____________________