[Senate Hearing 106-892] [From the U.S. Government Publishing Office] S. Hrg. 106-892 S. 798, THE PROMOTE RELIABLE ON-LINE TRANSACTIONS TO ENCOURAGE COMMERCE AND TRADE (PROTECT) ACT OF 1999 ======================================================================= HEARING before the COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE ONE HUNDRED SIXTH CONGRESS FIRST SESSION __________ JUNE 10, 1999 __________ Printed for the use of the Committee on Commerce, Science, and Transportation 69-984 U.S. GOVERNMENT PRINTING OFFICE WASHINGTON : 2002 ____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpr.gov Phone: toll free (866) 512-1800; (202) 512�091800 Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001 SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION ONE HUNDRED SIXTH CONGRESS FIRST SESSION JOHN McCAIN, Arizona, Chairman TED STEVENS, Alaska ERNEST F. HOLLINGS, South Carolina CONRAD BURNS, Montana DANIEL K. INOUYE, Hawaii SLADE GORTON, Washington JOHN D. ROCKEFELLER IV, West TRENT LOTT, Mississippi Virginia KAY BAILEY HUTCHISON, Texas JOHN F. KERRY, Massachusetts OLYMPIA J. SNOWE, Maine JOHN B. BREAUX, Louisiana JOHN ASHCROFT, Missouri RICHARD H. BRYAN, Nevada BILL FRIST, Tennessee BYRON L. DORGAN, North Dakota SPENCER ABRAHAM, Michigan RON WYDEN, Oregon SAM BROWNBACK, Kansas MAX CLELAND, Georgia Mark Buse, Staff Director Martha P. Allbright, General Counsel Ivan A. Schlager, Democratic Chief Counsel and Staff Director Kevin D. Kayes, Democratic General Counsel C O N T E N T S ---------- Page Hearing held June 10, 1999....................................... 1 Statement of Senator Ashcroft.................................... 6 Statement of Senator Burns....................................... 1 Prepared statement........................................... 2 Statement of Senator Cleland..................................... 39 Statement of Senator Dorgan...................................... 42 Statement of Senator Frist....................................... 42 Statement of Senator Kerry....................................... 3 Article from New York Times.................................. 4 Statement of Senator Snowe....................................... 16 Prepared statement........................................... 16 Witnesses Aucsmith, David, Chief Security Architect, Intel Corporation..... 45 Prepared statement........................................... 47 Bidzos, D. James, Vice Chair, Security Dynamics Technologies, Inc............................................................ 60 Prepared statement........................................... 62 Goodlatte, Bob, U.S. Representative from Virginia, along with added material for the record; China: Export of Technology Would be Liberating Force...................................... 9 Prepared statement........................................... 14 Hoffman, Lance, Ph.D., Professor, Department of Electrical Engineering and Computer Science, and Director of the School of Engineering and Applied Science, Cyberspace Policy Institute, The George Washington University,.............................. 71 Prepared statement........................................... 72 McNamara, Barbara A., Deputy Director, National Security Agency.. 30 Prepared statement........................................... 32 Reinsch, Hon. William A., Under Secretary of Export Administration, U.S. Department of Commerce.................... 17 Prepared statement........................................... 20 Robinson, Hon. James K., Assistant Attorney General, Criminal Division, U.S. Department of Justice........................... 24 Prepared statement........................................... 27 S. 798, THE PROMOTE RELIABLE ON-LINE TRANSACTIONS TO ENCOURAGE COMMERCE AND TRADE (PROTECT) ACT OF 1999 ---------- THURSDAY, JUNE 10, 1999 U.S. Senate, Committee on Commerce, Science, and Transportation, Washington, DC. The committee met, pursuant to notice, at 9:32 a.m. in room SR-253, Russell Senate Office Building, Hon. Conrad Burns presiding. Staff members assigned to this hearing: David Crane, Republican professional staff; and Gregg Elias, Democratic senior counsel. OPENING STATEMENT OF HON. CONRAD BURNS, U.S. SENATOR FROM MONTANA Senator Burns. We will call the committee to order this morning, and thank you for coming. We will try to get started on time here. Let me apologize for the chairman of the full committee, John McCain. He has a bill on the floor, the Y2K bill. I told him that he probably put the fox in charge of the henhouse here when he lets me chair this hearing, but it is something that I have been very much interested in for a long time. Today's hearing will focus specifically on the ``PROTECT Act of 1999.'' This bill reflects a number of discussions the full Committee chairman and I have had about the importance of encryption in the digital age. I would also like to thank Senator Wyden and Senator Abraham for their instrumental role in the creation of this pro-encryption legislation that I am confident will be supported by the large majority of this committee. Along with several other members of this committee, I have long advocated the enactment of legislation that would facilitate the use of strong encryption. Strong encryption is necessary if we are to promote electronic commerce, secure our confidential business and our sensitive personal information, to prevent crime and to protect our national security by protecting our commercial information systems. Beginning in the 104th Congress, I introduced legislation that would ensure the private sector continues to take the lead in developing innovative products to protect the security and confidentiality of electronic information, including the ability to export such American products, and I believe PROTECT accomplishes these important objectives. Specifically, the bill does the following: It permits the immediate exportability of strong encryption products whenever foreign products contain the same strength of encryption are generally available. It prohibits domestic controls on the use of products using strong encryption. It also guarantees that American industry will continue to be able to come up with new and innovative products. It immediately decontrols encryption products using key lengths of 64 bits or less. It permits the immediate exportability of 128-bit encryption in all encryption products to a broad group of users. Today we are in a world that nearly everyone has a computer and those computers are for the most part connected to one another. In light of that fact, it is becoming more and more important to ensure that our communications over these computer networks are conducted in a secure way. It is no longer possible to say that when we move into the information age we will secure these networks, because we are already there. We use computers in our homes and our businesses in ways that we could not imagine only 10 years ago. These computers are connected through networks, making it easier to communicate than ever before. This phenomenon holds promise for transforming life in a bunch of areas in our country and especially in Montana, where health care and state-of-the-art education can be delivered over networks to people located in remote population centers. These new technologies can improve the lives of real people, but only if the security of information that moves over these networks is safe and reliable. The problem today is that our computer networks are not as secure as they could be. It is fairly easy for amateur hackers to break into our networks. The newspaper has been full of those kind of activities for the last year. They can intercept information, steal trade secrets and intellectual property, or even alter medical records. The solution to this problem is to let individuals and businesses alike take steps to secure that information. Encryption is a vital tool which helps to protect the integrity of these electronic networks which have made so many modern wonders available in this age. I look forward to the testimony of our witnesses today because this is a critical issue. Now I would like to recognize the Senator from Massachusetts, Senator Kerry, and thank you for coming this morning. [The prepared statement of Senator Burns follows:] Prepared Statement of Hon. Conrad Burns, U.S. Senator from Montana I am pleased to chair today's hearing in the Full Committee, which is on a topic critical to the future of this country--reforming our country's severely outdated encryption policy. Today's hearing will focus specifically on the ``PROTECT Act of 1999.'' This bill reflects a number of discussions the Full Committee Chairman and I have had about the importance of encryption in the digital age. I would also like to thank Sen. Wyden and Sen. Abraham for their instrumental role in the creation of this pro-encryption legislation that I am confident will be supported by a large majority of this Committee. Along with several other members of this Committee, I have long advocated the enactment of legislation that would facilitate the use of strong encryption. Strong encryption is necessary to promote electronic commerce, secure our confidential business and sensitive personal information, prevent crime and protect our national security by protecting our commercial information systems. Beginning in the 104th Congress, I introduced legislation that would ensure that the private sector continues to take the lead in developing innovative products to protect the security and confidentiality of our electronic information including the ability to export such American products. I believe PROTECT accomplishes these important objectives. Specifically, the bill does the following:Permits the immediate exportability of strong encryption products whenever foreign products containing the same strength of encryption are generally available; Prohibits domestic controls on the use of products using strong encryption; Guarantees that American industry will continue to be able to come up with innovative products; Immediately decontrols encryption products using key lengths of 64 bits or less; and Permits the immediate exportability of 128 bit encryption in all encryption products to a broad group of users. Today, we are in a world where nearly everyone has a computer and that those computers are, for the most part, connected to one another. In light of that fact, it is becoming more and more important to ensure that our communications over these computer networks are conducted in a secure way. It is no longer possible to say that when we move into the information age, we'll secure these networks, because we are already there. We use computers in our homes and businesses in a way that couldn't have been imagined 10 years ago, and these computers are connected through networks, making it easier to communicate than ever before. This phenomenon holds the promise of transforming life in states like Montana, where health care and state-of-the-art education can be delivered over networks to people located far away from population centers. These new technologies can improve the lives of real people, but only if the security of information that moves over these networks is safe and reliable. The problem today is that our computer networks are not as secure as they could be. It is fairly easy for amateur hackers to break into our networks. Hackers can intercept information, steal trade secrets and intellectual property or even alter medical records. The solution to this problem is to let individuals and businesses alike to take steps to secure that information. Encryption is a vital tool which helps to protect the integrity of these electronic networks which have made so many wonders of the modern age possible. I look forward to the testimony of the witnesses on this critical issue. Thank you. STATEMENT OF HON. JOHN F. KERRY, U.S. SENATOR FROM MASSACHUSETTS Senator Kerry. Mr. Chairman, thank you very much for your continued efforts in this field. I want to say up front, I need to go from here to the export regime hearing in the Banking Committee, where we have Messrs. Cox and Dicks. So I apologize for not being able to stay throughout this, but my staff will. Let me begin by saying that last session the Commerce Committee became the first Senate committee to forge a consensus on this question of some kind, at least, and to report out comprehensive legislation. I am glad we are back here now and it is my hope that we can make real progress this year to develop a sensible encryption framework for the 21st century. We have been part of this debate for some time now. I serve on the Intelligence Committee, the Foreign Relations Committee, this committee, and the Banking Committee, all of which touch on it one way or the other. I am a former prosecutor, so I have been particularly sensitive to some of the warrant issues, eavesdropping issues, intelligence-gathering issues, and so forth. For the past several years, frankly, we have received relatively conflicting information from various interests in the debate, and I think, to our frustration, at least to my frustration, Mr. Chairman, we have been primarily debating the current state of export markets. We have debated whether there is a mature market abroad for export products and whether we can use regulatory controls to shape that market. I have adopted a relatively cautious approach, for a lot of very obvious reasons. I am sensitive to our national security needs and I have been very hopeful that the long and many discussions of the White House and various entities on this would retard the spread of encryption and actually shape market demand abroad. I have a change of mind at this point and I want to express that. I think it is time to reframe the debate on encryption. As time goes on and availability abroad of strong encryption products continues to grow, it becomes more and more difficult to accept that we alone can control the development of this marketplace. If we cannot shape the development of the marketplace and have not been able to reach an adequate consensus in this country to do so in the last few years, then we are forced to a point in time, which I think we are at now, where we have to examine in a responsible way how to adjust our regulatory regime. For a long time we have been debating, Mr. Chairman, whether to relax export controls to permit the export of stronger encryption products. I think that question has to change. It is now time to discuss how we go about creating a new scheme that recognizes the realities of the new marketplace. I ask unanimous consent that an article from today's New York Times, ``Encryption Products Found to Grow in Foreign Markets'' by John Markoff, be made part of the committee record. Senator Burns. Without objection. [The material referred to follows:] THE NEW YORK TIMES ENCRYPTION PRODUCTS FOUND TO GROW IN FOREIGN MARKETS BY JOHN MARKOFF Commercial data-scrambling technology that is made outside the United States has become significantly more available in the last 18 months, according to researchers at George Washington University. The researchers' report, which is to be presented today in testimony before the Senate Commerce Committee, is part of a growing body of evidence suggesting that the Government's efforts to restrict the spread of ``strong encryption'' technology for secret electronic communications have largely failed. ``The Government must acknowledge that there are foreign produces, and it must concede that they are of comparable quality to U.S. technology,'' said Bruce Heiman, legislative counsel for Americans for Computer Privacy, the Washington-based computer industry lobbying group that financed the study. The Government has long imposed export curbs on encryption tecnologies, invoking national security and crime prevention concerns. Officials have argued that scrambled messages would improve the ability of terrorists and other criminals to organize and plan illegal operations. The new data, though, indicate that 805 encryption products are now available in 35 countries outside the United States--a 22 percent increase since December 1997. Moreover, 167 products are based on encryption algorithms considered too strong to be cracked by even the most powerful computers. ``In addition to the absolute increase in the number of products, we've also found that six new countries have companies that are now selling encryption technology,'' said Lance Hoffman, director of the Cyberspace Policy Institute at George Washington University. He pointed to companies like Cybernetica in Estonia that use the United States export restrictions as a marketing tool. ``Cybernetica advertises: `Strong crypto. Long keys. No export restrictions,''' he said. The report also asserts that the United States has lost its monopoly on the basic mathematical technologies underlying data encryption. For example, of the 15 algorithms now being considered by the National Institute of Standards for a new American encryption standard, 10 have been developed outside the United States. The report does not offer evidence of actual use of encryption systems abroad. But Mr. Hoffman said researchers had compiled material suggesting that the most powerful encryption software was now readily accessible internationally. ``I'm holding in my hands a computer magazine we found on a French newsstand,'' he said in a phone interview yesterday. The publication, Magazine Dot Net, contained a CD-ROM with encryption programs including Pretty Good Privacy and a program called Scramdisk that features advanced encryption algorithms like DES, Triple DES, Blowfish and Idea--any of which would present formidable challenges to code breakers in the Federal Government. http://www.nytimes.com Senator Kerry. Let me just share very quickly. The new data indicates that 805 encryption products are now available in 35 countries outside the United States, a 22 percent increase since December 1997. Moreover, 167 products are based on encryption algorithms considered too strong to be cracked by even the most powerful computers. In addition to the absolute increase in the number of products, we have also found that six new countries have companies that are now selling encryption technology. One of them, Cybernetica in Estonia, uses the U.S. export restrictions as a marketing tool: ``Cybernetica advertises `Strong crypto, long keys, no export restrictions.' '' The article goes on, Mr. Chairman. I am pleased to join Chairman McCain as an original co- sponsor of the PROTECT Act of 1999. The bill is an important first step that recognizes that as the Internet becomes more of a presence in global commerce there have to be guarantees and assurances that business and personal information remains confidential. We have to also continue to recognize that U.S. companies are leaders in creating encryption technology and these companies are integral to our economy. We are debating a great deal now about the impact of China stealing secrets and where the long-term relationship may go. Mr. Chairman, I am persuaded, as I have been for several years, but I think for some time we have held out hope about our ability to control and shape the market. I am persuaded that the national security interest of the country is not only affected by the sort of law enforcement/security side of this, but it is also affected by the long-term economic side of it. It seems to me that it is important for U.S. technology to be out there, for people to be using it, and that there are certain security values inherent in that happening. The U.S. information technology companies have been deeply frustrated by what they perceive as excessive stringent controls on the export of their encryption products. Although the United States is the leader in producing high quality strong encryption products, other countries are increasingly doing so. We have to recognize that reality and understand that export controls are not going to stop the spread of encrypted products and, importantly, controls that do not recognize this reality put our software industry at a disadvantage as it tries to compete in the global marketplace and has the potential to put our security at risk. Encryption is essential to hundreds of billions of dollars of e-commerce. It is crucial to electronically transferred funds and to overall use of the Internet, including e-mail, and the United States must have a powerful presence in that future development. So I am open to arguments regarding whether we expand them even further than the PROTECT Act, but I believe that is an important first step and I am hopeful we can find a responsible approach that would allow us to balance some of the other interests. I would simply ask witnesses to perhaps--I am sure they will be asked this and address it: What happens with respect to foreign companies filling the gap and what the relationship of that is to our national security if foreign encryption is produced worldwide and we are outside of that loop?; and also whether it makes sense for our policy to work in a way that is increasingly putting the United States' interests within the field of commerce at a disadvantage. Also, there are other articles regarding other types, the Quantum code and other approaches to encryption, which raise a whole lot of issues about where we may be heading in the long run here and what we can control in terms of the market. So Mr. Chairman, I think we are at a very important juncture and I thank you for having this hearing today and proceeding forward. Senator Burns. Thank you. We always like conversions. Senator Kerry. Beware of the convert. The zeal of the convert is always the worst. Senator Burns. I know. Senator, I appreciate your words today and I think as far back as 1994 and 1995, where we had security questions. Before I recognize Senator Ashcroft, I want to make it pretty clear that we should be as policymakers giving our security people the funds and resources that their technology can stay maybe a quarter step ahead of the technology that is generally accepted around the world. I think there we have fallen down a little bit. But I think our security people can do the job that they are paid to do and do a great job of it, but we have got to give them the funds in order for them to adapt, to go into new technology, because Moore's Law has taken over here. Our technology is going to go. We have got to make sure that we take care of our security people and they can stay with it. That is where we should be focusing our attention, I think. Senator Ashcroft. STATEMENT OF HON. JOHN ASHCROFT, U.S. SENATOR FROM MISSOURI Senator Ashcroft. Thank you, Mr. Chairman. I want to thank the Senator from Montana for his leadership in this area. Leadership is not finding out where people already are and going and standing at the front of the line. Leadership is finding out where we need to go and helping people understand how to get there, and certainly you have done that, especially as it relates to this issue. I want to thank the chairman of this committee for having this hearing today to address an issue that I believe is central to the future of our country's ability to remain a worldwide leader in electronic technology. That is the development and the availability of data encryption technology. Encryption of sensitive electronic data is essential to our modern economy. State and national infrastructures, financial transactions, and of course the burgeoning field of Internet commerce all depend on the ability of companies, institutions, and individuals to securely transmit electronic data, and American products are at the forefront of this industry. I might add that if American products are not at the forefront of this industry, other products will be at the forefront of this industry. For years now, since before I first came to the Capitol, American manufacturers of encryption technology have been hamstrung in their efforts to compete in the global marketplace regarding these products by export controls that reflect a complete misunderstanding of the incredibly dynamic and fluid nature of encryption technology. We have tried for over 4 years to remedy that situation. I first introduced the E-PRIVACY bill in the last Congress and intend to reintroduce it shortly in this Congress. But unfortunately, nothing has been accomplished by way of assistance to law enforcement and to industry or, most importantly, to the users of encryption in this country. Unfortunately, a significant barrier to progress on this issue has been the Administration, which has taken an active and open position against permitting the export of encryption technology and indeed a fairly hostile view to the unregulated domestic use of encryption. The Administration bases its position on the grounds that robust encryption allegedly presents risks to law enforcement and national security, a view that I think will be shown to be mistaken by today's testimony. We certainly have endured national security risks, but it has not been from the industry's development of encryption. In addition, there has not always been agreement here in Congress about the need to free our technology industry from these export restrictions. I am happy to note that this appears to have changed. The chairman's PROTECT Act which we are here to discuss, demonstrates that there is a growing consensus that the Administration is mistaken and that deregulation of encryption is necessary in order for us to maintain our leadership position in this industry, and I want to commend the chairman for helping us to build that consensus. I think that the PROTECT Act is a big step in the right direction on encryption. In fact, it shares many of the same principles and provisions included in my E-PRIVACY bill. However, I do think that the PROTECT Act needs to go further in two ways. First, the PROTECT Act needs to reflect the lightning-fast nature of development in this industry and institute export relief that will not make the products eligible for decontrol obsolete by the time the approval process is complete. The Administration has long taken the route of regulating encryption exports based on the bit length of the product, with little regard to the current state of the technology. It began with permitting the export of 40-bit technology 7 years ago and only agreed last fall to increase the limit to 56-bit technology. Of course, the standard for generally available products worldwide is already 128-bit technology. That is where the competition is. So the Administration's position is already sorely outdated. In fact, months ago I came to a meeting of this committee with an advertisement from the Internet which was from the Siemens company in Germany advertising robust 128-bit encryption, saying that you cannot get this from a U.S. manufacturer, at least someone overseas could not. The advertisement also indicated, however, that if you buy this you can use it in the United States and you can use it overseas as well. So if you want to have robust encryption, buy it from the Germans, from Siemens. The Administration has decided to tie the hands of the U.S. encryption industry. To me that is a disaster. But it is also compounded by people beginning to develop relationships with foreign software providers as a result of the unavailability of 128-bit or robust encryption on the part of U.S. providers of software. To see the Germans eagerly promoting this potential and to have people from my own State of Missouri say to me, ``John, we have an office in Singapore''--this happened to me--we have not been able to speak with them confidentially and communicate with them and the government is making it impossible for us to send the encryption that we can use domestically. We cannot send it to our office in Singapore because we are ineligible to export it. I do not want that situation to be--well, I just do not want the situation to be such that I have to say, ``Well, go to Siemens in Germany, from Siemens you can buy the encryption that can be sent into the United States and from Siemens in Germany it can be sent to Singapore, so you can have your cake and eat it, too, by dealing with a non-domestic firm.'' For us to have a policy which provides for the slitting of our own throats in a technology arena that is developing at a rapid pace is simply unwise. I think it is foolhardy. If we are to mark the next century as an American century, or even to celebrate the next week as high technology week in the Senate, we must be forward- thinking and acting. The PROTECT Act deregulates products up to 64 bits. That is a good start. The problem is that the Act delays general decontrol of 128-bit technology until 2002, by which time it will almost certainly be as obsolete as 56-bit encryption is today. In the interim, PROTECT permits individual exceptions for higher bit technology export, but it creates a regulatory approval board and a process that can take up to 60 days to determine whether a product is already generally available, something that, quite frankly, can be determined by surfing the Internet for a little while, I mean moments. With all due respect, this process is too long, which is why in the E-PRIVACY bill we give the administration a one-time 15-day review of products that are generally available before they are permitted to export them. I urge my colleagues to press our panelists on the second panel for answers on whether they can remain competitive if we wait as long as the PROTECT Act provides. The second area where I think the PROTECT Act can go farther is the explicit delineation of the rights and procedural protections of Americans in their ability to use encryption and to be secure in their use of encrypted data. While the PROTECT Act clearly affirms this right, it is relatively silent on the balance of procedural protections between Americans' privacy interests and legitimate law enforcement efforts. I do not think we can afford to be silent on this issue. The administration and the FBI have over time indicated support for language that would mandate key recovery for all domestic encryption and alternatively support several suggested approaches that would make using domestic key escrow a practical, although not legal, necessity. Director Freeh has gone so far as to mention the need for a new fourth amendment that considers the ``realities'' of the digital age. I think we need a new and improved approach to domestic encryption, not a new updated version of the fourth amendment, and I for one am not eagerly awaiting the FBI's new release of the fourth amendment 2.0 or first amendment 98. I am, however, eager to hear what the Administration's current position is on key recovery and key escrow. My own E-PRIVACY bill sets out specific procedures for balancing the legitimate interests of law enforcement with the privacy rights of Americans, and I hope that any final legislation passed by the Senate would include such provisions. Those are my two observations. Again, I want to say that the PROTECT Act is a strong step in the right direction toward protecting American privacy rights and American industry, but I think it should go further. I look forward to hearing from our panelists today and engaging them in serious discussion on these issues, and I thank the gentleman from Montana, whose leadership in this area has been very valuable to America. Senator Burns. Thank you very much, Senator. It has been an issue that both of us have been around a day or two, so we are not complete strangers to it. Congressman Goodlatte is on his way. In the meantime--oh, he is here. Mr. Goodlatte. Hiding. Senator Burns. You are still on your way, right? Senator Ashcroft. On his way to the microphone. Senator Burns. That is right, that is right. Congressman, we thank you. You have been a great leader on this issue in the House and we appreciate your coming over this morning and offering your thoughts on this piece of legislation. STATEMENT OF HON. BOB GOODLATTE, U.S. REPRESENTATIVE FROM THE STATE OF VIRGINIA Mr. Goodlatte. Well, Senator, thank you for the opportunity to testify before the Senate Commerce Committee today. I want to commend you and Chairman McCain and Senator Ashcroft for your hard work in this area. I was delighted to hear the comments of Senator Kerry a little while ago. I had brought the same New York Times article with me, so I will not need to ask that it be made part of the record. But I do want to point out that one of the items in here that he did not mention is that the United States has lost its monopoly on the basic mathematical technologies underlying data encryption. For example, of the 15 algorithms now being considered by the National Institute of Standards for a new American Encryption Standard, 10 have been developed outside of the United States. If we do not act on this soon, we are going to be left behind in that regard. I also would ask that the committee consider making part of the record an article by Congressman Chris Cox, who is, as you know, the chairman of the committee that just released the Cox report and who is a strong supporter of changes in our export controls laws related to encryption and a co-sponsor of our legislation in the House, the SAFE Act. He has an article that was published in the San Jose Mercury News entitled ``China: Export of Technology Would be Liberating Force.'' I think it makes a very strong case for why, while export controls are appropriate in some sectors, liberalizing our export controls on encryption would be of great benefit to our nations. Senator Burns. That will be made part of the record. [The material referred to follows:] China: Export of technology Would be Liberating Force (By Christopher Cox) American Policy toward the People's Republic of China should proceed from this central premise: It is our sincere hope for the Chinese people that they will no longer live under a communist government. To this end, America's--and California's--world leadership in high- tech enterprise promises far more than economic benefits. The export of these products to the Chinese people can be a great democratizing and liberating force. In January, the People's Republic sentenced Lin Hai, a 30-year-old software executive and Web page designer, to prison for supposedly ``inciting subversion of state power.'' His so-called ``crime'' consisted of exchanging e-mail addresses with an anti-communist group in America. But if Lin Hai had been able to keep the contents of his computer messages away from the prying eyes of the Ministry of State Security-- using strong encryption in commercially available software--he would be a free man today. That is why America's companies, the leaders in encryption technology, must be able to export their products to China and around the world. Strong encryption is--as Beijing's communist leadership is well aware--a massive threat to totalitarian regimes and their government- maintained monopoly on information, because it permits individuals to communicate privately without fear of government eavesdropping or interception. In this and the previous Congress, I have sponsored the Security and Freedom through Encryption Act, together with a broad coalition of Republican and Democratic lawmakers, I disagree with the Clinton-Gore administration, and with Sen. Dianne Feinstein, that the current prohibition on American businesses exporting encryption software is necessary for our national security. Yet the Clinton-Gore administration would go beyond the current prohibition, endorsing not just restrictions on encryption exports, but also requiring every encryption program sold--even within the United States--to have a secret key to permit eavesdropping by law enforcement officials or foreign governments. The Clinton-Gore administration seems to place a higher priority on stopping the export of encryption software to the Chinese people than on preventing the theft of our nuclear weapons technology by the People's Liberation Army. This is exactly backward. Rather than control commercially available computers, software and technology, we should safeguard our most critical military secrets. TRANSFER OF TECHNOLOGY For the past nine months, I've chaired a congressional select committee investigating the transfer of militarily sensitive technology to the People's Republic of China. The committee's classified report, unanimously approved by all five Republicans and four Democrats, found overwhelming evidence that such transfers--including theft through espionage--have caused serious harm to U.S. national security, and continue to this day. But some have inferred that this should mean clamping down on commercial exports. To the contrary: The committee found that the current export-licensing process is riddled with errors and plagued by delays. It often does very little to protect our national security-- while frequently doing a great deal to damage America's competitiveness in world markets. The committee has therefore recommended streamlining export rules. The United States should provide a new ``fast track'' for most items, while focusing greater resources and expertise on the limited targets that we know from our intelligence are the subject of specific collection efforts by the People's Republic of China and others. Trade in innovative technologies, goods and services can help undermine inefficient state-run industries and bring hope of a better life to the Chinese people. In areas like transportation, telecommunications and financial services, it is the means by which communist China--whose economy is smaller on a per capita basis than Guatemala's--can become a developed nation. In fields such as medicine, biotechnology and farming, U.S. trade offers hope for the desperately poor millions who are still China's majority that they will be able to each and survive. Encouraging exports to China that promote individual freedom and well-being is in the United States' national security interest. For this reason, in addition to allowing the export of encryption software, U.S. policy should focus on unleashing the Internet as an engine of freedom in China. Among the 1.2 billion people in the People's Republic of China, only one in a thousand is an Internet user. But Internet use is growing at a rate that threatens the Communist Party's grip on China. As Chinese journalist Sang Ye has observed: ``New ways of thinking, of communicating, of organizing people and information--the Net takes aim squarely at things that since Mao's earliest days have been the state's exclusive domain.'' Today's China's communist dictatorship is working hard to re-route its citizens away from the information superhighway and onto the state- controlled ``Intranet.'' This new Intranet allows communication only among approved users who share communist-approved content. The Ministry of Post and Telecommunications supervises and approves all networks, and its screens virtually all news and even financial information that citizens may receive from foreign sources. While the Chinese Communist Party argues, on the Internet home page of the People's Daily, that the open flow of communications would be destabilizing, Americans know from our own experience that technology is best used as a means to an end: a promise of greater freedom. The United States should move aggressively to frustrate the Chinese government's censorship of the Internet by condemning it as a barrier to free trade, an impediment to joining the World Trade Organization, and a violation of the several human rights covenants it has signed. And we should encourage the construction of an expanded Internet architecture that frustrates censorship and control by repressive states. At the same time, the United States should work with all nations for the establishment of the Internet as a global free-trade zone, which not only will make it increasingly difficult for governments including China's to choke off access but also will pressure them further to reduce protectionist trade barriers. Finally, we should recognize that while our currently limited trade with China's protectionist government may be better than nothing, the object of U.S. policy must be a liberalization of trade that is fundamentally at odds with the nation's communist system. TRULY FREE TRADE Despite America's free-trade policy, we still sell less to the billion-plus People's Republic of China than to the 22 million people of Taiwan. Instead of business ventures being approved one at a time by the Communist Party's Politburo, truly free trade means a billion Chinese interacting independently with a quarter-billion Americans. A policy toward the People's Republic of China that frustrates this objective is both shortsighted and cruel. The recent public attention to espionage raises proper concerns about our lack of security, but it should not distract us from our objective of freedom for China's people--a result that American technology exports can help bring about. Today, we have the worst of both worlds: Military technology that the communist government can use to hold the Chinese people in terror is being stolen, while commercial technology that can liberate the Chinese people is delayed in the export- licensing bureaucracy. It's time to focus not on whether to engage--we should all be agreed on that--but rather on the terms of engagement. We should have no illusions about with whom we are dealing. We should have no doubt about where our policy is taking us. Freedom--not engagement and possibly marriage to a communist dictatorship--is what our policy toward China should be seeking to achieve. U.S. Rep. Christopher Cox, R-Newport Beach, is chair of the House Select Committee on U.S. National Security and Military-Commercial Concerns with the People's Republic of China. He wrote this article for the San Jose Mercury News Sunday Perspective section. Mr. Goodlatte. Thank you, Mr. Chairman. As you know, I have worked for many years on the encryption issue in the House. The legislation I have introduced in this Congress, H.R. 850, the Security and Freedom Through Encryption Act of 1999, currently has 257 co-sponsors, including a majority of both the Republicans and Democrats in the House and a majority of both the Republican and Democratic leadership. The SAFE Act has passed the House Judiciary Committee by voice vote and is now pending before the Committees on International Relations, Commerce, Armed Services, and Intelligence. Each of these additional committees is expected to act soon on the legislation and it is my hope that the SAFE Act will be considered by the House in the summer or early fall. Encryption has many benefits. First, it aids law enforcement by preventing piracy and white collar crime on the Internet. Several studies over the past few years have demonstrated that the theft of proprietary business information costs American industry hundreds of billions of dollars each year. The use of strong encryption to protect financial transactions and information would prevent this theft from occurring. With the speed of transactions and communications on the Internet, law enforcement cannot stop thieves and criminal hackers by waiting to react until after the fact. Only by allowing the use of strong encryption, not only domestically but internationally as well, can we hope to make the Internet a safe and secure environment. As the National Research Council's Committee on National Cryptography Policy concluded: If cryptography can protect the trade secrets and proprietary information of businesses and thereby reduce economic espionage, which it can, it also supports in a most important manner the job of law enforcement. If cryptography can help protect nationally critical information systems and networks against unauthorized penetration, which it can, it also supports the national security of the United States. Second, if the global information infrastructure is to reach its true potential, citizens and companies alike must have the confidence that their communications and transactions will be secure. Third, with the availability of strong encryption overseas and on the Internet, the Administration's export restrictions only serve to tie the hands of American business. Due in large part to these export controls, foreign companies are winning an increasing number of contracts by telling prospective clients that American encryption products are weak and inferior, which is robbing our economy of jobs and revenue. I understand you are going to hear testimony further in regard to the new report mentioned in the New York Times article, which Senator Kerry made a part of the record. In fact, one study, one noted study, found that failure to address the current export restrictions by the year 2000 will cost American industry $60 billion and 200,000 jobs. Under the current system, America is surrendering our dominance of the global marketplace. The SAFE Act remedies this situation by allowing the export of generally available American-made encryption products after a 15-day, one-time technical review. Additionally, the bill allows custom-designed encryption products to be exported after the same review period if they are commercially available overseas and will not be used for military or terrorist purposes. The SAFE Act enjoys the support of members, individuals, and organizations across the entire spectrum of ideological and political beliefs, not only because it is a common sense approach to solving a serious problem, but also because ordinary Americans' privacy and security is being assaulted by this Administration. Amazingly enough, some in the Administration want to mandate a back door into people's computer systems in order to access their private communications. In fact, some in the Administration have stated that if people do not voluntarily create this back door, they may seek legislation forcing them to give the Government access to their information by mandating a key recovery system requiring people to give the keys to decode their communications to a government-approved third party. This is the technological equivalent of mandating that the Government be given a key to every home in America. Mr. Chairman, I would also like to note that we will hear from Administration representatives who will say that they do not support a mandatory key recovery system. One of the problems we have had in addressing this is that the Administration has not been speaking with one voice and there has been an inconsistency with regard to their policy. I would like to note with great appreciation the position you and Chairman McCain have taken on this issue in the PROTECT Act. I could not agree more with the domestic-related provisions of your legislation which, like the SAFE Act, prevent the Administration from putting roadblocks on the information superhighway by prohibiting the Government from mandating a back door into the computer systems of private citizens and businesses. Additionally, both the PROTECT Act and the SAFE Act ensure that all Americans have the right to choose any security system to protect their confidential information. I would like to encourage you to consider further changes in this area with regard to export controls. Certainly the immediate decontrol of 64-bit encryption is helpful to our industry, as are the provisions allowing the export of strong encryption to, as you have called them, legitimate and responsible entities or organizations and their strategic partners, and the unlimited export of encryption once the new AES standard is developed and implemented. These are marked improvements over Chairman McCain's legislation contained in S. 909 from the last Congress. Our industry needs export relief now and I do not believe that it can afford to wait until the AES standard is adopted a few years from now. While the immediate decontrol of 64-bit encryption is better than the Administration's current 56-bit level, the industry standard is, as has been noted here today, 128 bits, which consumers and companies alike are demanding to protect their communications and transactions. So as the PROTECT Act moves through the Senate, I encourage you to continue to look for ways to provide further export relief to U.S. industry. I would also like to note that the SAFE Act does not completely eliminate export controls on encryption products. Like the PROTECT Act, the SAFE Act allows the President to prohibit encryption exports to terrorist states and impose embargoes and allows the Secretary of Commerce to stop the export of specific products to specific individuals or organizations in specific countries if there is substantial evidence that they will be used for military or terrorist purposes. As NSA Deputy Director Barbara McNamara recently testified before the House Commerce Committee, ``end uses and end users are what the Administration uses to determine whether a product should be exported. This is official government policy.'' With the millions of communications, transmissions, and transactions that occur on the Internet every day, American citizens and businesses must have the confidence that their private information and communications are safe and secure. I want to again thank you for allowing me to testify today and I look forward to working with you and Senator Ashcroft as you move forward on this legislation. We hope you can pass a good bill out of the Senate. We will try to do the same thing in the House and work together to resolve this problem. Thank you. [The prepared statement of Representative Goodlatte follows:] Prepared Statement of Hon. Bob Goodlatte, U.S. Representative from Virginia Mr. Chairman, I would like to thank you for inviting me to testify today on legislation you have introduced--S. 798, the PROTECT Act of 1999--to encourage the use of strong encryption. As you know, I have worked for many years on the encryption issue in the House. The legislation I have introduced this Congress, H.R. 850, the Security And Freedom through Encryption (SAFE) Act of 1999, currently has 257 cosponsors, including a majority of both the Republican and Democratic leadership. The SAFE Act has passed the House Judiciary Committee by voice vote, and is now pending before the committees on International Relations, Commerce, Armed Services, and Intelligence. Each of these additional committees is expected to act soon on the legislation, and it is my hope that the SAFE Act will be considered by the House in the summer or early fall. Encryption has many benefits. First, it aids law enforcement by preventing piracy and white-collar crime on the Internet. Several studies over the past few years have demonstrated that the theft of proprietary business information costs American industry hundreds of billions of dollars each year. The use of strong encryption to protect financial transactions and information would prevent this theft from occurring. With the speed of transactions and communications on the Internet, law enforcement cannot stop thieves and criminal hackers by waiting to react until after the fact. Only by allowing the use of strong encryption, not only domestically but internationally as well, can we hope to make the Internet a safe and secure environment. As the National Research Council's Committee on National Cryptography Policy concluded, ``If cryptography can protect the trade secrets and proprietary information of businesses and thereby reduce economic espionage (which it can), it also supports in a most important manner the job of law enforcement. If cryptography can help protect nationally critical information systems and networks against unauthorized penetration (which it can), it also supports the national security of the United States.'' Second, if the Global Information Infrastructure is to reach its true potential, citizens and companies alike must have the confidence that their communications and transactions will be secure. Third, with the availability of strong encryption overseas and on the Internet, the Administration's export restrictions only serve to tie the hands of American business. Due in large part to these export controls, foreign companies are winning an increasing number of contracts by telling prospective clients that American encryption products are weak and inferior, which is robbing our economy of jobs and revenue. In fact, one noted study found that failure to address the current export restrictions by the year 2000 will cost American industry $60 billion and 200,000 jobs. Under the current system, America is surrendering our dominance of the global marketplace. The SAFE Act remedies this situation by allowing the export of generally available American-made encryption products after a 15-day, one-time technical review. Additionally, the bill allows custom- designed encryption products to be exported, after the same review period, if they are commercially available overseas and will not be used for military or terrorist purposes. The SAFE Act enjoys the support of members, individuals and organizations across the entire spectrum of ideological and political beliefs, not only because it is a common-sense approach to solving a serious problem, but also because ordinary Americans' privacy and security is being assaulted by this Administration. Amazingly enough, the Administration wants to mandate a back door into peoples' computer systems in order to access their private communications. In fact, the Administration has stated that if people do not ``voluntarily'' create this back door, it may seek legislation forcing them to give the government access to their information, by mandating a ``key recovery'' system requiring people to give the keys to decode their communications to a government-approved third party. This is the technological equivalent of mandating that the government be given a key to every home in America. Mr. Chairman, I would like to note with great appreciation the position you have taken on this issue in the PROTECT Act. I couldn't agree more with the domestic-related provisions of your legislation, which--like the SAFE Act--prevent the Administration from placing roadblocks on the information superhighway by prohibiting the government from mandating a back door into the computer systems of private citizens and businesses. Additionally, both the PROTECT Act and the SAFE Act ensure that all Americans have the right to choose any security system to protect their confidential information. On the issue of export relief, I would also like to commend you for the changes you have made in this year's bill. Certainly the immediate decontrol of 64-bit encryption is helpful to our industry, as are the provisions allowing the export of stronger encryption to, as you have called them, ``legitimate and responsible entities or organizations and their strategic partners,'' and the unlimited export of encryption once the new AES standard is developed and implemented. These are marked improvements over the export restrictions contained in S. 909 from the last Congress. However, I would like to encourage you to consider further changes in this area, along the lines of those contained in the SAFE Act. Our industry needs export relief now--I do not believe that it can afford to wait until the AES standard is adopted a few years from now. And while the immediate decontrol of 64-bit encryption is better than the Administration's current 56-bit level, the industry standard is currently 128-bit encryption--which consumers and companies alike are demanding to protect their communications and transactions. So as the PROTECT Act moves through the Senate, I encourage you to continue to look for ways to provide further export relief to U.S. industry. I would also like to note that the SAFE Act does not completely eliminate export controls on encryption products. Like the PROTECT Act, the SAFE Act allows the President to prohibit encryption exports to terrorist states and impose embargoes, and allows the Secretary of Commerce to stop the export of specific products to specific individuals or organizations in specific countries if there is substantial evidence that they will be used for military or terrorist purposes. And as NSA Deputy Director Barbara McNamara recently testified before the House Commerce Committee, ``end uses and end users are what we use to determine whether a product should be exported--this is official government policy.'' With the millions of communications, transmissions, and transactions that occur on the Internet every day, American citizens and businesses must have the confidence that their private information and communications are safe and secure. Again, thank you for allowing me to testify today, and I look forward to working together with you as the PROTECT Act moves through the Senate and the SAFE Act moves through the House. Senator Burns. Thank you very much, Congressman. We appreciate your interest and leadership in this issue. I am going to call the panel. Any questions for the Congressman? Senator Ashcroft. May I just commend the Congressman. I have had the opportunity and good fortune to work with him, and his understanding of the issues related to encryption is unsurpassed in the Congress. I appreciate that, and I think, frankly, the American people and the data industry owes you a debt of gratitude. I know that I do, and I thank you for your leadership. Mr. Goodlatte. Thank you for your kind words. Senator Snowe. Mr. Chairman. Senator Burns. The Senator from Maine. STATEMENT OF HON. OLYMPIA J. SNOWE, U.S. SENATOR FROM MAINE Senator Snowe. Thank you, Mr. Chairman. I want to welcome my good friend and former colleague from the House here today, and commend you for your leadership on this issue and your presentation before the committee. Mr. Goodlatte. Thank you, Senator Snowe. I would like to tell you that I will be in your State, in fact in your home town, tomorrow and Saturday for my 25th reunion at Bates College. So I appreciate your kind words. Senator Snowe. I wish you good weather and great lobsters. Mr. Goodlatte. Thank you. Senator Burns. At least they have got a warning up there, right? Mr. Goodlatte. That is right. Senator Burns. We like these warnings. I will call the first panel to the table, and while they are coming up, Senator Snowe, do you have a statement that you would like to make? Senator Snowe. No, Mr. Chairman. I have a statement for the record. Senator Burns. It will be made part of the record. [The prepared statement of Senator Snowe follows:] Prepared Statement of Hon. Olympia J. Snowe, U.S. Senator from Maine Thank you, Mr. Chairman. Today's hearing is extremely important because it addresses an issue that will only grow in importance as the Global Information Infrastructure (GII) continues to develop and evolve: the availability of strong encryption technology. Without the knowledge that one's information is private and secure, the full potential of the Global Information Infrastructure--and the transmission and utilization of information on the Internet in particular--will never be realized. On the one hand, if one is certain that their proprietary or personal information can only be accessed by those for whom it is intended, one will be at ease putting business plans, personal medical records, and other confidential files ``on-line''. But if security is inadequate for the prevention of unauthorized ``browsing'' or outright ``piracy,'' one's willingness to utilize the countless benefits of on- line commerce will be severely hampered. The United States imposes limits on the export of encrypted products-- in part--to ensure that law enforcement and intelligence agencies have easier access to the information these products contain. Presumably, if the products exported by the United States do not allow for encryption beyond a certain level, the threat to national security will be lessened. While I believe we would all agree that national security is of the utmost importance--and any policy that protects American citizens from ``on-line crime'' is beneficial--it is also important that we be realistic in setting these policies. If our policies do not reflect the reality of the global marketplace, we will not only fail to accomplish the goals we are pursuing, but we may also risk harming businesses and consumers in the United States that we are seeking to protect. In addition, high-tech industries in the United States have a great deal at stake in the ongoing debate on encryption export restrictions. If our current export policies are ``behind the times,'' domestic producers of computer hardware and software risk being at a competitive disadvantage in the global marketplace. At the same time, other U.S. companies that rely on the use of these encrypted technologies to manufacture consumer products--such as cellular telephones--could also be adversely impacted by a poorly conceived export policy. Accordingly, today's hearing will give us a chance to review the need for, and impact of, S. 798, the PROTECT Act--legislation that would fundamentally alter the manner in which encryption export restrictions are established. Ultimately, it is my hope that this hearing will assist us in determining whether or not our current export restrictions are both practical and effective, and if changes such as those contained in S. 798 would be a step forward or a step back for the United States. I would like to thank our witnesses for being with us this morning, and look forward to the discussion this hearing will generate on a topic that is so fundamental to the development of the world's information infrastructure. Thank you, Mr. Chairman. Senator Burns. We have William Reinsch, who is the Under Secretary of Export Administration, Department of Commerce; James Robinson, Assistant Attorney General from the Criminal Division; and we have Barbara McNamara, Deputy Director of the National Security Agency. We appreciate all of you taking time in your busy days and your responsibilities and duties to come and visit with us today about this very important subject. We will just go in order, I guess. So Secretary Reinsch, we look forward to hearing from you and some of yours. I might add that your complete statement will be made part of the record. If you want to consolidate that and offer your views, that is perfectly OK, too. We appreciate you coming today. Mr. Secretary, good to see you again. STATEMENT OF HON. WILLIAM A. REINSCH, UNDER SECRETARY OF EXPORT ADMINISTRATION, U.S. DEPARTMENT OF COMMERCE Mr. Reinsch. Thank you, Mr. Chairman. It is good to be back. I do have a shorter statement. We have a lot to say about this bill, however, so it is not quite as short as it could be, I suppose. I want to thank you for the opportunity to be back to discuss this difficult subject. I think we made a lot of progress since I was here the last time, and that is one of the subjects I want to discuss with you. It should be obvious from the testimony today that encryption is a hotly debated issue. I want to make clear what the Administration's policy is. We support a balanced approach which considers privacy and commerce, as well as protecting important law enforcement and national security equities. We have been consulting closely with industry and its customers to develop a policy that provides that balance in a way that also reflects the evolving realities of the marketplace. There is no question about the evolving role of encryption in the marketplace and in e-commerce, and my full statement has a lot to say about that in terms of details, I will not pass that on to this committee at this time because you are already well familiar with it. But I do want to say that developing a balanced policy is complicated because we do not want to hinder encryption's legitimate use, but at the same time we do want to protect national security and law enforcement. Now, over the last several years as we have been studying this problem we have learned that there are many ways to assist lawful access beyond key escrow or key recovery and that there is no one-size-fits- all solution. We believe our policy reflects that, and I would like to describe it for you. We published a regulation in September 1998, which allows the export of unlimited strength encryption to banks and financial institutions. This allows U.S. companies new opportunities to sell encryption products to a key market for encryption products. Last September, the Vice President also unveiled an update to our policy, and we published regulations implementing it last December. It permits the free export of unlimited strength encryption products to several key sectors of the market. In addition to banks and financial institutions, we now allow health facilities and online merchants to purchase U.S. encryption to secure their sensitive financial, medical, and online transactions in digital form. U.S. companies can now export 128-bit or greater encryption products, including encryption technology, to subsidiaries located worldwide to protect proprietary information and to develop new products. Furthermore, this update allows the export of unlimited strength recovery-capable or recoverable products. These products do not require a third party to hold any key, are not key escrow, but allow for law enforcement access under proper court authority. They are readily available in the marketplace and include general purpose routers, firewalls, and virtual private networks. We have also made progress with other countries, Mr. Chairman, through the hard work of Ambassador David Aaron, the President's Special Envoy on Cryptography. We agreed in the Wassenaar arrangement last December on several changes relating to encryption controls. We removed multilateral controls on all encryption products at or below 56 bits and certain consumer items regardless of key length. We also agreed to amend the General Software Note on this issue. Drafted in 1991 when banks, governments, and militaries were the primary users of encryption, the General Software Note did not give countries the legal authority to require a license for the export of mass market encryption software. The note was created to release general purpose software used on PCs, but it inadvertently also released encryption. We believed it was essential to modernize the note and close the loophole. Under a new Cryptography Note adopted in December, a 64-bit key length threshold has been set for mass market encryption software and hardware. This enables governments to review export mass market products stronger than 64 bits. I want to be clear. This does not mean that encryption products of more than 64 bits cannot be exported. Our own policy permits that, as I just made clear, as does the policy of most other Wassenaar members. It does mean the products must be reviewed by governments consistent with their national policies before export. Now, let me comment in conclusion, Mr. Chairman, on the PROTECT Act. With respect to S. 798, the Administration opposes this legislation for a number of reasons. Overall, we believe it does not promote the balance that we worked so hard to achieve over the last several years and which I have just defined. Let me discuss several, but not all, of the more problematic sections. Under section 505, the removal of export controls on publicly or generally available encryption is left to an advisory board. We believe such a board would be unworkable. The broad definitions used in the bill would give the board wide latitude in making its findings on what is available. This could place the Secretary in the position of having to routinely object to the removal of export controls when important national security and law enforcement interests are at stake. The bill also makes this decision subject to judicial review. The Administration does not think it is wise public policy for the courts to adjudicate executive branch decisions on national security matters like the ones that would be rolled into these kinds of decisions. Section 501 of the bill removes the Department of Justice from the encryption export license consultation process. Since law enforcement interests are an important consideration in regard to encryption, we cannot support that provision. We do support the provisions that require a technical review for eligibility for export under a license exception. That is consistent with our current regulations. What we cannot support, however, is the portion of section 504 that would provide automatic eligibility after 15 days if there has been no decision from the government. That same section also proposes control parameters and export liberalizations beyond what we can entertain and which would be contrary to our international export control obligations. For example, Wassenaar agreed to decontrol products up to 56 bits. This bill would decontrol products using a key length of 64 bits or less. Section 504 also expands the products, end users, and countries eligible beyond what we are willing to consider at this point. Section 102 is also troubling, as it would permit a U.S. person located anywhere in the world to develop, manufacture, sell or use any type of encryption. This would in effect prevent the government from requiring a license for U.S. persons to develop and manufacture encryption abroad. As a result, U.S. companies would likely move all development and manufacture of encryption out of the United States in order to take advantage of this loophole. This is not in our country's economic or national security interests. Section 103 contains a provision that would prohibit the U.S. Government from conditioning any approval on the fact that a product is recoverable. A fundamental feature of our encryption policy is that we provide incentives for companies to develop products that provide strong security and also meet the needs of national security and law enforcement. The bill would eliminate this laudable feature of our policy that industry had asked us to include in last year's update. This provision is also inconsistent with section 504, which allows license exception treatment for recoverable products. Now, we have also some problems, Mr. Chairman, with other non-export control provisions of the bill. Section 202 requires that encryption products used by the Government must interoperate with other commercial encryption products. The extent to which interoperability is required is unclear in the bill as drafted, but we believe that the practical result of the bill would be that the Government could not use encryption because no single encryption product interoperates with all other products. It also appears that this provision could prohibit the use of encryption developed by the Government for its own internal use in closed systems that are purposefully designed not to interoperate with other systems, such as those used by the Department of Defense or the National Security Agency. I want to make clear we do not seek encryption export control legislation, nor do we believe that legislation is needed. We believe the current regulatory structure is sufficient for balanced oversight. As the Senators here today know, public debate on this issue has often been lively and on some occasions acrimonious, although certainly not in this room. We hope to find a middle ground that can meet all of our needs. Our dialog with industry has gone a long way toward bridging that gap and finding that middle ground. We will continue this policy of cooperative exchange, which is clearly the best way to pursue our policy objectives of balancing public safety, national security, and the competitive interests of our companies. Thank you, Mr. Chairman. [The prepared statement of Mr. Reinsch follows:] Prepared Statement of William A. Reinsch, Under Secretary for Export Administration, U.S. Department of Commerce Thank you, Mr. Chairman, for the opportunity to testify on the direction of the Administration's encryption policy. We have made a great deal of progress since my last testimony before this Committee on this subject. Even so, encryption remains a hotly debated issue. The Administration continues to support a balanced approach which considers privacy and commerce as well as protecting important law enforcement and national security equities. We have been consulting closely with industry and its customers to develop a policy that provides that balance in a way that also reflects the evolving realities of the market place. One of the many uses of the Internet which will have a significant affect on our everyday lives is electronic commerce. The Internet and other digital media are becoming increasingly important to the conduct of international business. There were 43.2 million Internet hosts worldwide last January compared to only 5.8 million in January 1995. According to a recent study, the value of e-commerce transactions in 1996 was $12 million. The projected value of e-commerce in 2000 is $2.16 billion. To cite one example, travel booked on Microsoft's Website has doubled every year since 1997, going from 500,000 to an estimated 2.2 million this year. Many service industries which traditionally required face-to-face interaction such as banks, financial institutions and retail merchants are now providing cyber service. Customers can now sit at their home computers and access their banking and investment accounts or buy a winter jacket with a few strokes of their keyboard. Furthermore, most businesses maintain their records and other proprietary information digitally. They now conduct many of their day- to-day communications and business transactions via the Internet and E- mail. An inevitable byproduct of this growth of electronic commerce is the need for strong encryption to provide the necessary secure infrastructure for digital communications, transactions and networks. The disturbing increase in computer crime and electronic espionage has made people and businesses wary of posting their private and company proprietary information on electronic networks if they believe the infrastructure may not be secure. A robust secure infrastructure can help allay these fears, and allow electronic commerce to continue its explosive growth. Developing an encryption policy has been complicated because we do not want to hinder its legitimate use--particularly for electronic commerce; yet at the same time we want to protect our vital national security, foreign policy and law enforcement interests. We have concluded that the best way to accomplish this is to continue a balanced approach: to promote the development of strong encryption products that would allow lawful government access to plain text under carefully defined circumstances; to promote the legitimate uses of strong encryption to protect confidentiality; and continue looking for additional ways to protect important law enforcement and national security interests. During the past three years, we have learned that there are many ways to assist lawful access. There is no one-size-fits-all solution. The plans for recovery encryption products we received from more than 60 companies showed that a number of different technical approaches to recovery exist. In licensing exports of encryption products under individual licenses, we also learned that, while some products may not meet the strict technical criteria of our regulations, they are nevertheless consistent with our policy goals. Additionally, we decided that the use of strong non-recovery encryption within certain trusted industry sectors is an important component of our policy to protect private consumer information and allow our U.S. high-tech industry to maintain its lead in the information security market. Taking into account all that we have learned and reviewing international market trends and realities, we made several changes in 1998 to our encryption policy that I will now summarize. In September 1998, we published a regulation allowing the export, under a license exception, of unlimited strength encryption to banks and financial institutions located in 46 countries which allows U.S. companies new opportunities to sell encryption products to the world's leading economy. This policy recognizes the need to secure our financial networks, and the history of cooperation which the banking and financial communities have with government authorities when information is required to combat financial and other crimes. More importantly, on September 16th, Vice President Gore unveiled an update to our encryption policy. This Policy Update was the result of a dialogue with U.S. industry, law enforcement, and privacy groups on how our policy might be improved to find technical solutions, in addition to key recovery, that can assist law enforcement in its efforts to combat crime. At the same time, we wanted to find ways to assure continued U.S. technology leadership, promote secure electronic commerce, and protect privacy concerns. We believed then and now that the best way to make progress on this issue is through a constructive, cooperative dialogue, rather than by legislative solutions. Through dialogue lasting more than a year, there has been increased understanding among the parties and we have made progress. On December 31, we published regulations implementing the Vice President's policy announcement. These regulations will not end the debate over encryption controls, but we believe the regulation addresses some private sector concerns by opening large markets and further streamlining exports. The Update permits the export of 128-bit encryption products and higher (with or without key recovery) to several important industry sectors. Now, banks, financial institutions, health facilities, and on- line merchants can secure their sensitive financial, medical, and on- line transactions in digital form. This update also allows U.S. companies to export 128-bit or greater encryption products, including technology to subsidiaries around the world, to protect its proprietary information and to develop new products. Further, this update allows the export of 128-bit or greater ``recovery capable'' or ``recoverable'' encryption products under an encryption licensing arrangement. Such products include those that are readily available in the marketplace such as general purpose routers, firewalls, and virtual private networks. These recoverable products are usually managed by a network or corporate security administrator without any involvement by a third party. Since the Update announcement, Industry has been taking advantage of this new liberalization and the streamlined process awarded to such products. Many of the updates permit the export of encryption to these end- users under a license exception. That is, after the product receives a technical review, it can be exported by manufacturers, resellers and distributors without the need for a license or other additional review. These license exceptions currently apply to a list of countries or a set of end users. We also have a general policy of approval for exports to those sectors through encryption licensing arrangements (ELA), a kind of bulk license, to allow unlimited shipments of strong encryption to the sectors worldwide. We also further streamlined exports of key recovery products by no longer requiring a review of foreign key recovery agents and no longer requiring companies to submit business plans. We recognize that the development of our policy is an evolutionary process, and we intend to continue our dialogue with industry. Our policy will continue to adapt to technology and market changes. We will review our policy again this year with a view toward making further changes. An important component of our review is input from industry, which we are receiving through our continuing dialogue. This past year, we also made progress on developing a common international approach to encryption controls through the Wassenaar Arrangement. Established in 1996 as the successor to COCOM, it is a multilateral export control arrangement among 33 countries whose purpose is to prevent destabilizing accumulations of arms and industrial equipment with military uses in countries or regions of concern. Wassenaar provides the basis for many of our export controls. In December, through the hard work of Ambassador David Aaron, the President's special envoy on encryption, the Wassenaar Arrangement members agreed on several changes relating to encryption controls. These changes go a long way toward increasing international security and public safety by providing countries with a stronger regulatory framework for managing the spread of robust encryption. Specific changes to multilateral encryption controls include removing multilateral controls on all encryption products at or below 56 bit and certain consumer items regardless of key length, such as entertainment TV systems, DVD products, and on cordless telephone systems designed for home or office use. Most importantly, the Wassenaar members agreed to remove encryption software from Wassenaar's General Software Note and replace it with a new cryptography note. Drafted in 1991, when banks, government and militaries were the primary users of encryption, the General Software Note allowed countries to export mass market encryption software without restriction. The GSN was created to release general purpose software used on personal computers, but it inadvertently also permitted countries to release encryption. It was essential to modernize the GSN and close the loophole that permitted the uncontrolled export of encryption with unlimited key length. Under the new cryptography note, mass market hardware has been added and a 64-bit key length or below has been set as an appropriate threshold. This will lead governments to review the dissemination of 64-bit and above encryption. I want to be clear that this does not mean encryption products of more than 64 bits cannot be exported. Our own policy permits that, as does the policy of most other Wassenaar members. It does mean, however, that such exports now can be reviewed by governments consistent with their national export control procedures. Export control policies without a multilateral approach have little chance of success. Agreement among the Wassenaar members on the treatment of mass market encryption products is a strong indication that other countries share our public safety and national security concerns. Contrary to what many people thought two years ago, we have found that most major encryption producing countries are interested in developing a common approach to encryption controls. THE PROTECT ACT With respect to S. 789, the Administration opposes this legislation for a number of reasons. Overall the bill does not promote the balance that this Administration has worked so hard to achieve over the past several years. Let me now discuss some of the more problematic sections. Under section 505, the removal of export controls on publicly or generally available encryption is in effect left to an advisory board composed of private sector and government representatives, with the concurrences of the Secretary. We believe such a board would be unworkable. Although availability is one of the factors we use to decide whether an encryption product may be exported, it is not the only factor and should not be elevated above the others. We need to be able to take all factors, including national security and public safety, into account when making export control decisions. Disallowing or downgrading important considerations will only serve to weaken our export control system. The broad definitions used in the bill would give the Board wide latitude in making its findings on what is available. This could place the Secretary in the position of having to routinely object to the removal of export controls when important national security and law enforcement interests are at stake. The bill makes this decision subject to judicial review. The Administration does not think it is wise public policy for the courts to adjudicate Executive Branch decisions on these matters. Section 501 removes the Department of Justice from the encryption export license consultation process. Since law enforcement interests are an important consideration in regard to encryption, we cannot support this provision. We support the provisions in the bill that require a technical review for eligibility to export encryption under a license exception. In fact, this is consistent with current regulations. What we cannot support, however, is the portion of section 504 that would provide automatic eligibility after 15 days if the exporter has not received a decision from the government. In all cases, a very careful technical review is completed in order to determine that a product is technically eligible for a particular license exception. Although we try to perform these reviews as quickly as possible, a 15-day automatic approval will severely limit our ability to do a careful review. Section 504 also proposes control parameters and export liberalizations beyond what the Administration can entertain and which would be contrary to our international export control obligations. For example, Wassenaar agreed to decontrol encryption products up to 56- bits whereas this bill would decontrol encryption products using a key length at 64-bits or less. Section 504 also expands the set of products, end users, and countries eligible to receive encryption under a license exception beyond what we believe is prudent. Another troubling part of this bill is section 102, which would permit a U.S. person located anywhere in the world to develop, manufacture, sell or use any type of encryption. If this provision were construed to permit U.S. citizens to develop, manufacture and sell encryption products overseas, even with the use of non-public controlled technology that they had acquired in the United States, it would, in effect, prevent the government from requiring a license for U.S. persons to develop and manufacture encryption abroad. As a result, U.S. companies would likely move all development and manufacture of encryption out of the United States in order to take advantage of this loophole. This is not in our country's economic or national security interest. Section 103 contains a provision that would prohibit the U.S. Government from conditioning any approval on the fact that a product is recoverable. A fundamental feature of our encryption policy is that we provide incentives for companies to develop products that provide strong security and also meet the needs of national security and law enforcement. The bill would eliminate this laudable feature of our policy that industry wanted us to include in last year's update. In addition, this provision of the bill is inconsistent with section 504 which allows license exception treatment for recoverable products. Section 506 would eliminate any export controls on products using the forthcoming Advanced Encryption Standard (AES). We oppose the removal of export controls on encryption products simply because they implement a government standard. Products incorporating the AES should be exportable to the same extent as any other product incorporating encryption of similar strength. Under our current policy, AES-based products could be exported to banks, large corporations, on-line merchants without restriction and to many other safe endusers depending on the nature of the product. We do not think it is wise to link development of the AES to export controls. Such a linkage might bring undue pressure on NIST to complete the AES process faster than planned, and may therefore not allow prudent study of the security features of the candidate algorithms before selection. With respect to the provisions of the bill that do not relate to export controls, we have a number of questions and concerns. One such provision in Section 202 requires that encryption products used by the Government must interoperate with other commercial encryption products. The extent to which interoperability is required is unclear in the bill, but we believe the practical result of this requirement is that the Government could not use encryption because no single encryption product interoperates with all other products. It also appears that this provision could prohibit the use of encryption developed by the government for its own internal use in ``closed'' systems that are purposefully designed not to interoperate with other systems. Section 202 also appears to prevent mandatory use of recoverable encryption when communicating with U.S. Federal, state and local governments. This would appear to preclude an agency from requiring key recovery or recoverable products for business purposes. We believe the effect of this provision may be much broader than simply preventing government from using recoverable encryption when dealing with the public. The practical effect would be that Government sites would have to be capable of supporting secure communications using all encryption methodologies on the market. This is absurd. We are concerned that section 302 of the bill may preclude NIST's work with voluntary standards organizations because it prohibits the Secretary of Commerce from carrying out any policy that establishes an encryption standard for use by businesses or other entities other than for computer systems operated by the United States Government. The Secretary of Commerce is prohibited from establishing standards for business; however, when invited by standards organizations to do so, NIST does, as a matter of policy, work together with those organizations. Cooperation between NIST and standards organizations is important for both NIST and industry, and it is consistent with government policy to use voluntary standards and to purchase commercial off-the-shelf products. If the government cannot have input to the standards process, we may end up with less secure products available for government agencies. We want to encourage, to the extent possible, the development of voluntary standards that meet the needs of the government. This reduces costs for both government and industry. In regard to section 401 dealing with the ``Information Technology Laboratory,'' we have two concerns. First, we do not think it is appropriate for NIST to undertake research and development of new technologies to facilitate lawful access to communications and electronic information. This activity is more appropriately done by the FBI. Second, we are concerned that the bill will provide NIST with new tasks but no new funding to carry out this work. We have similar concerns with section 402. The advisory board, whose correct statutory name is ``Computer System Security and Privacy Advisory Board,'' is made up of 13 volunteers. Again, any additional tasks assigned to this board would require necessary funding. The Administration does not seek encryption export control legislation, nor do we believe such legislation is needed. The current regulatory structure provides for balanced oversight of export controls and the flexibility needed to adjust to our economic, foreign policy and national security interests to advances in technology. This is the best approach to an encryption policy that promotes secure electronic commerce, maintains U.S. lead in information technology, protects privacy, and protects public safety and national security interests. As you know, public debate over encryption policy has been lively and often acrimonious. Some of those on both sides of the debate are not interested in searching for a middle ground that can meet all of our needs. Our dialogue with industry has gone a long way toward bridging that gap and finding common ground. We will continue this policy of cooperative exchange, which is clearly the best way to pursue our policy objectives of balancing public safety, national security, and the competitive interests of U.S. companies. Senator Burns. Thank you, Mr. Secretary. I want to also thank you for the dialog we have had. We are not new to this debate. We have been going through it. But we have learned, I think, from each other. It is enlightening to know how the evolution of the mind set changes as technology moves forward. We are pleased to welcome Jim Robinson, Assistant Attorney General for the Criminal Division. Thank you for coming this morning. STATEMENT OF HON. JAMES K. ROBINSON, ASSISTANT ATTORNEY GENERAL, CRIMINAL DIVISION, U.S. DEPARTMENT OF JUSTICE Mr. Robinson. Mr. Chairman, members of the committee: I appreciate the opportunity to appear to-- Senator Burns. Do you want to pull the microphone a little closer to you. Mr. Robinson. I will, Senator. Thank you. I appreciate the opportunity to present the views of the Justice Department on the issue of encryption and export controls. As you would expect, the Justice Department is particularly interested in the important public safety interests implicated in the encryption debate. I would like to emphasize some of the key points outlined in my written statement submitted to the committee and to place those thoughts in a more personal context. When I took office as the Assistant Attorney General for the Criminal Division about a year ago this month, I quickly learned how important the encryption debate is to law enforcement. I served as the U.S. Attorney for the eastern district of Michigan from 1977 to 1980. From a technological point of view, the world was a very different place in those days, both for our society in general and certainly for law enforcement. Technological advances have made important new tools available to law enforcement for the successful investigation and prosecution of criminal activity. These tools have enhanced law enforcement's ability to protect public safety and to achieve just results. The use of DNA evidence is a prime example. DNA evidence can not only provide strong evidence of guilt, it can be powerful evidence of innocence. Technology has also enhanced law enforcement's capacity for early detection and prevention of criminal acts. But technological progress has also had its costs. The potential dark side of this progress is that well-financed criminal elements are also using new technology to commit crimes, avoid detection, and to cover their tracks. Traditional highly- effective law enforcement techniques are threatened by these developments. The issue of encryption starkly presents both aspects of technological progress. Encryption supports public safety and law enforcement by protecting sensitive and personal information from unauthorized access. Encryption is therefore, as many have said here this morning, an absolutely essential tool for preventing crime in the information age. The Department is, however, deeply concerned about the other side of encryption, the threat to public safety posed by the widespread use of nonrecoverable encryption by criminals. Thus the Justice Department supports the spread of strong recoverable encryption both to protect the privacy and safety of American citizens and the security of our information infrastructure. Assessing the benefits versus the risks of encryption for law enforcement in today's world is complex enough, but the issue is made even more complex and problematic by the expanding use of global information networks like the Internet. Technological advances in electronic commerce and communication, as we all know, have led to the explosive growth of the Internet. This development has made the use of robust encryption essential for protecting the privacy and security of communications and stored electronic data. This new technology, however, has also made it possible for international criminals and terrorists to target America in an unprecedented number of ways, such as fraud over the Internet, computer hacking, economic and governmental espionage, and cyberterrorism. We are also seeing a dramatic growth of international crime with grave potential consequences for the Nation. Law enforcement must be concerned not only with the use of encryption by domestic criminals, but increasingly we must be concerned by the ability of foreign criminals and terrorists to target America and use robust encryption to hide their criminal activity. Law enforcement agencies in the United States and abroad have already begun to see cases where encryption has been used in an attempt to conceal criminal activity. The number and complexity of these cases will certainly increase as increasingly powerful encryption proliferates. As this committee considers the issue of encryption, we trust that it will consider also, as we know it will, the very real cost to public safety that the use of nonrecoverable encryption by terrorists, drug dealers, and other criminals will pose. Faced with the use of such encryption, agents frequently and increasingly will be unable to make effective use of search warrants, wiretap orders, and other legal processes authorized by Congress and sanctioned by the courts. Law enforcement will find it increasingly difficult to obtain important evidence of criminal activities. Critical evidence to support successful prosecution may simply be unavailable. In short, this will mean that fewer crimes will be prevented and fewer criminals will be caught, prosecuted, and taken off the streets. Despite these challenges to effective law enforcement, we cannot and must not ignore the significant benefits of encryption. That is why the Department supports a carefully balanced approach to export controls, an approach that seeks to encourage the favorable uses of encryption while minimizing its negative effects on public safety and national security. The Department believes that the rapid elimination of export controls as proposed in the PROTECT Act would upset this delicate balance. It is likely that the passage of this act would cause in the near term the easy acquisition of robust nonrecoverable encryption products, not only by people we want to have them, but by terrorist organizations and international criminals on a global scale. This development will substantially frustrate the ability of law enforcement to combat international criminal activity. Instead of encryption decontrol, we believe that a continuing dialogue offers the best hope of developing workable solutions to the encryption dilemma. Law enforcement has been engaging industry leaders in a continuing and cooperative dialogue in an attempt to work toward voluntary solutions that accommodate the needs of privacy, electronic commerce, national security, and public safety. We will continue to work hard to make sure that these productive discussions will continue to bear fruit. We are realists. We understand that no matter what solutions industry develops and no matter what policy is adopted by the Administration and by Congress, some criminals will obtain and use robust nonrecoverable encryption that will deny law enforcement the ability to obtain useable evidence. We cannot afford to stand still while technology passes us by. Therefore, in addition to an intensive dialogue with industry and continuing to work with the international community on this important topic, law enforcement must continue developing its own technical expertise to deal effectively with encrypted evidence of criminal activity. The Department has begun initiatives such as the funding of a centralized technical resource within the FBI which will support Federal, State and local law enforcement personnel in developing a broad range of expertise, technologies, and tools to respond directly to the threat to public safety posed by the use of encryption by criminals and terrorists. In conclusion, we believe that an approach that balances the need for secure private communications and data storage with the equally important need to protect the safety of the public against threats from terrorists and criminals is the best policy. We appreciate your willingness to consider these important public safety concerns and we look forward to working with you on this important issue. Thank you very much. [The prepared statement of Mr. Robinson follows:] Prepared Statement of James K. Robinson, Assistant Attorney General, Criminal Division, U.S. Department of Justice Mr. Chairman, thank you for the opportunity to testify about the Department of Justice's views on encryption, and particularly the proposed Promote Reliable On-Line Transactions to Encourage Commerce and Trade (PROTECT) Act, introduced by you as S. 798. As you are aware, encryption, and specifically export controls on encryption, presents complex and difficult issues that we are attempting to address with our colleagues throughout the Administration. In my testimony, I will first outline the basic perspective and recent initiatives of the Department of Justice on encryption issues, and will then discuss some specific concerns with the PROTECT Act. ENCRYPTION, THE LAW ENFORCEMENT PERSPECTIVE The Department of Justice supports the spread of strong, recoverable encryption. Law enforcement's responsibilities and concerns include protecting privacy and commerce over our nation's communications networks. For example, we prosecute under existing laws those who violate the privacy of others by illegal eavesdropping, computer hacking or theft of confidential information. Over the last few years, the Department has continually pressed for laws protecting confidential information and the privacy of citizens. Furthermore, we help protect commerce by enforcing the laws, including those that protect intellectual property rights, and that combat computer and communications fraud. (In particular, we help to protect the confidentiality of business data through enforcement of the recently enacted Economic Espionage Act.) Our support for robust encryption is a natural outgrowth of our commitment to protecting privacy for personal and commercial interests. As the head of the Criminal Division of the Department of Justice, I hold these values dear. But the Department of Justice protects more than just privacy. We also protect public safety and national security against the threats posed by terrorists, organized crime, foreign intelligence agents, and others. Moreover, we have the responsibility for preventing, investigating, and prosecuting serious criminal and terrorist acts when they are directed against the United States. We are gravely concerned that the proliferation and use of non-recoverable encryption by criminal elements would seriously undermine these duties to protect the American people. Therefore, we favor the spread of strong encryption products that permit timely and legal law enforcement access to plaintext. The most easily understood example is electronic surveillance. Court-authorized wiretaps have proven to be one of the most successful law enforcement tools in preventing and prosecuting serious crimes, including drug trafficking and terrorism. We have used legal wiretaps to bring down entire narcotics trafficking organizations, to rescue young children kidnaped and held hostage, and to assist in a variety of matters affecting our public safety and national security. In addition, as society becomes more proficient in its use of computers, evidence of crimes is increasingly found in stored computer data, which can be searched and seized pursuant to court-authorized warrants. But if non- recoverable encryption proliferates, these critical law enforcement tools would be nullified. Thus, for example, even if the government satisfies the rigorous legal and procedural requirements for obtaining a wiretap order, the wiretap would be worthless if the intercepted communications of the targeted criminals amount to an unintelligible jumble of noises or symbols. Or we might legally seize the computer of a terrorist and be unable to read the data identifying his or her targets, plans and co-conspirators. The potential harm to public safety, law enforcement, and to the nation's domestic security could be devastating. I want to emphasize that this concern is not theoretical, nor is it exaggerated. Although use of encryption is far from universal, we have already begun to encounter its harmful effects. For example, in an investigation of a multinational child pornography ring, investigators discovered sophisticated encryption used to conceal thousands of images of child pornography that were exchanged among members. Similarly, in several major computer hacker cases, the subjects have encrypted computer files, thereby concealing evidence of serious crimes. In one such case, the government was unable to determine the full scope of the hacker's activity because of the use of encryption. Finally, criminal use of encryption is becoming increasingly international--the United Kingdom recently reported that in 1996 it seized encrypted files from a Northern Irish terrorist group concerning terrorist targets such as police officers and politicians. In that case, law enforcement was able to read the data, but only after considerable effort. The lessons learned from these investigations are clear: criminals are beginning to learn that encryption is a powerful tool for keeping their crimes from coming to light. Moreover, as encryption proliferates and becomes an ordinary component of mass market items, and as the strength of encryption products increases, the threat to public safety will increase proportionately. Given both the benefits presented and risks posed by encryption, the Department believes that encouraging the use of recoverable encryption products--which protect business and personal data as well as public safety--is an important part of the Administration's balanced encryption policy. Recoverable products also fulfill business needs. Information technology companies have told us that their customers recognize the need to ensure recoverability of their data when using strong encryption; otherwise, they risk losing access to their data forever. For example, a company might find that one of its employees lost his encryption key, thus accidentally depriving the business of important and time-sensitive business data. We should point out that loss of an encryption key is not theoretical. One company told us that employees commonly lose or forget their passwords, which must then be restored by system administrators. The same capability must exist for encryption systems. Similarly, a business may find that a disgruntled employee has encrypted confidential information and then absconded with the key. In these cases, a plaintext recovery system promotes important private sector interests. Indeed, as the Government implements encryption in our own information technology systems, it also has a business need for plaintext recovery to assure that data and information that we are statutorily required to maintain are in fact available at all times. For these reasons, as well as to protect public safety, the Department has been affirmatively encouraging the voluntary development of ``plaintext'' recovery products, recognizing that only their ubiquitous use will provide both protection for data and protection of public safety. We also want to underscore that in most recoverable systems, businesses will manage their own keys. Because we remain concerned with the impact of encryption on the ability of law enforcement at all levels of government to protect the public safety, the Department and the FBI are engaged in continuing discussions with industry in a number of different fora. These ongoing, productive discussions seek to find creative solutions, in addition to key recovery, to the dual needs for strong encryption to protect privacy and plaintext recovery to protect public safety and business interests. While we still have work to do, these dialogues have been useful because we have discovered areas of agreement and consensus, and have found promising areas for seeking compromise solutions to these difficult issues. While we do not think that there is one magic technology or solution to all the needs of industry, private citizens, and law enforcement, we believe that by working with those in industry who create and market encryption products, we can benefit from the accumulated expertise of industry to gain a better understanding of technology trends and develop advanced tools that balance privacy and security. Furthermore, we believe that a constructive dialogue on these issues is the best way to make progress, rather than export control legislation. Although export controls on encryption products have been in place for years and exist primarily to protect national security and foreign policy interests, they are in no sense inflexible, and have been updated in recent years in a continuing effort to balance the needs of privacy, electronic commerce, public safety, and national security. Indeed, largely as a result of the dialogue the Administration has had with industry, significant progress has been made on export controls. Recent updates were announced by Vice President Gore on September 16, 1998, and implemented in an interim rule, which was issued on December 31, 1998. The Department of Justice supports these updates to export controls, which permit the export of products that have a bit length of 56-bits or less, and also permit the easy export of unlimited-strength encryption to certain industry sectors, including medical facilities and banks, financial institutions, and insurance companies in most jurisdictions. These changes allow these sectors, which possess large amounts of highly sensitive and personal information, to use products that will protect the privacy of their clients. The Administration also expanded its policy to permit recoverable exports, such as encryption systems managed by network administrators, to foreign commercial firms. We learned about these systems through our dialogue with industry. According to industry, such systems are demanded by the market today and are in use. They are also largely consistent with the needs of law enforcement. The Department, in conjunction with the rest of the Administration, intends to continue our dialogue with industry, and will evaluate the export control process on an ongoing basis in order to ensure that the balance of interests remains fair to all concerned. We agree that there are a wide range of national interests that must be supported, including U.S. industry competitiveness. Hence, we are committed to continued review and dialogue with industry. At the same time, we must recognize that market forces will only take us so far. To the extent that criminal activity, such as terrorism or child pornography, occurs outside the business environment, criminals would rather lose data than have it seized by law enforcement. Thus, more must be done. Therefore, the Department of Justice is also trying to address the threat to public safety from the widespread use of encryption by enhancing the ability of the Federal Bureau of Investigation and other law enforcement entities to obtain the plaintext of encrypted commu- nications. Among the initiatives is the funding of a centralized technical resource within the FBI. This resource, when fully established, will support federal, state, and local law enforcement in developing a broad range of expertise, technologies, tools, and techniques to respond directly to the threat to public safety posed by the widespread use of encryption by criminals and terrorists. It will also allow law enforcement to stay abreast of rapid changes in technology. Finally, it will enhance the ability of law enforcement to fully execute the wiretap orders, search warrants, and other lawful process issued by courts to obtain evidence in criminal investigations when encryption is encountered. However, we must recognize that these efforts--while critical--do not (like market forces) alone provide an adequate solution to the encryption problem, as the widespread use of non-recoverable encryption by criminals would quickly overwhelm any possible law enforcement technical response. THE PROTECT ACT In light of the above, the proposed Promote Reliable On-Line Transactions to Encourage Commerce and Trade Act raises several concerns from the perspective of the Department of Justice. First, the Act may impede the voluntary development of products that could assist law enforcement in obtaining access to plaintext. The Administration believes that the development of such products is important for a safe society. For example, the Act might preclude the United States government from utilizing useful and appropriate incentives to develop or use key recovery techniques, such as purchasing key recovery products for its own use and supporting pilot projects that demonstrate the viability of key recovery. Second, the Act also could impair the government's ability to engage in secure electronic commerce. We are concerned that the breadth of the language in subsection 202(c) may limit the ability of an agency to require a certain type of authentication mechanism for transactions between the public and the government. (For example, in the context of an electronic filing of a regulatory report, a tax return, or an application for benefits, authentication of the filer's identity is critical, including for any subsequent enforcement action.) This concern is raised because the definition of ``encryption'' includes the use of mathematical formulas to preserve not only confidentiality, but also integrity or authenticity. Third, the PROTECT Act places responsibility for developing techniques for obtaining lawful access to the plaintext of communications and data in the National Institute for Standards and Technology (NIST). As I noted above, the Department of Justice has already begun to create a centralized technical resource within the FBI to develop a broad range of expertise, technologies, tools, and techniques to respond to the use of encryption by criminals and terrorists. In my view, the responsibility for developing such tools and techniques should in this case lie with law enforcement, because it is law enforcement that has the operational expertise to understand the requirements for such tools and techniques to be effective. Moreover, it is law enforcement that will actually have to put the techniques into practice. Instead of conferring this new responsibility on NIST, I would request that Congress continue to support our efforts to develop technical expertise within the law enforcement community. Fourth, we share the deep concern of the National Security Agency that the proposed PROTECT Act would harm national security and public safety interests through the liberalization of export controls far beyond our current policy. Among other decontrols, the proposed Act provides that a product is to be exportable if a product of equivalent strength or key length will be available outside the United States in the next 12 months--even if the product of supposedly equivalent strength is intended for different uses, is not user-friendly or widely used, is not cost-competitive, or does not present the same threats to national security. We are concerned that this considerable decontrol of robust encryption will cause in the near term the easy acquisition of robust encryption products by terrorist organizations and international criminals and frustrate the ability of law enforcement to combat these problems internationally. Moreover, the structure and functions of the proposed Encryption Export Advisory Board raise concerns under separation of powers principles and the Appointments Clause. It is also important to consider that our allies concur that unrestricted export of encryption poses a significant risk to national security, especially to regions of concern. As recently as December 1998, the thirty-three members of the Wassenaar Arrangement reaffirmed the importance of export controls on encryption for national security and public safety purposes and adopted agreements to enable governments to review exports of hardware and software with a 56-bit key length and above and mass-market products above 64 bits, consistent with national export control procedures. Thus, the elimination of U.S. export controls, as provided by the proposed Act, would severely hamper the international community's efforts to combat such international public safety concerns as terrorism, narcotics trafficking, and organized crime. In light of these factors, we believe that the Administration's more cautious balanced approach is the best way to protect our commercial interests, including our interest in ensuring the success of U.S. industry and electronic commerce, while simultaneously protecting law enforcement and national security interests. We believe that legislation that eliminates or substantially reduces export controls on encryption could upset that delicate balance and is unwise. The recent decision of the United States Court of Appeals for the Ninth Circuit in Daniel Bernstein v. United States Department of Justice and United States Department of Commerce has not changed our view that legislation eliminating or substantially reducing export controls is contrary to our national interests. The Department of Commerce and the Department of Justice are currently reviewing the Ninth Circuit's decision in Daniel Bernstein v. United States Department of Justice and United States Department of Commerce, and we are considering possible avenues for further review, including seeking a rehearing of the appeal en banc in the Ninth Circuit. In the interim, the regulations controlling the export of encryption products remain in full effect, even as to Professor Bernstein's own software. In sum, we as government leaders should embark upon the course of action that best preserves the balance long ago set by the Framers of the Constitution, preserving both individual privacy and society's interest in effective law enforcement. We should promote encryption products which contain robust cryptography but that also provide for timely and legal law enforcement access to encrypted evidence of criminal activity. We should also find ways to support secure electronic commerce while minimizing risk to national security and public safety. This is the Administration's approach. We look forward to working with this Committee as it enters the markup phase of this bill. Senator Burns. Thank you very much. We will get into some questions this morning in a few moments. We welcome this morning Barbara McNamara, Deputy Director, National Security Agency. Thank you for coming this morning. STATEMENT OF BARBARA A. McNAMARA, DEPUTY DIRECTOR, NATIONAL SECURITY AGENCY Ms. McNamara. Thank you, Mr. Chairman, members. Senator Burns. Pull up that microphone a little. You have such a sweet, soft voice. Ms. McNamara. Thank you, Mr. Chairman. There are other people in this room who would probably take issue with that comment, but I am pleased to hear it. Senator Burns. They are not the chairman. Ms. McNamara. But thank you very much, and it is a pleasure to be here today to talk about this particular bill and its impact on national security from NSA's standpoint. NSA plays a critical role in our national security. We intercept and analyze the communications signals of foreign adversaries to produce critically unique and actionable intelligence reports for our national leaders and military commanders. Very often time is of the essence. Intelligence is perishable. It is worthless if we cannot get it to the decision-maker in time to make a difference. Signals intelligence proved its worth in World War II when the United States broke the Japanese naval code and learned of their plans to invade Midway Island. This significantly aided the U.S. defeat of the Japanese fleet and helped shorten the war. Today NSA is providing that same kind of intelligence support to our troops in the former Yugoslavia and other locations around the world wherever U.S. military forces are deployed. Demands on NSA for timely intelligence have only grown since the breakup of the Soviet Union and have expanded into national security areas of terrorism, weapons proliferation, and narcotics trafficking. Currently many of the world's communications are unencrypted. If not controlled, encryption will spread and be widely used by foreign adversaries that have traditionally relied upon unencrypted communications. As a result, much of the crucial information we are able to provide today could quickly become unavailable to U.S. decision-makers. As you review the PROTECT Act, it is very important that you understand the significant effect certain provisions of this bill will have on national security. In particular, NSA is concerned about the establishment of an Encryption Export Advisory Board heavily weighted to private sector representation. This effectively cedes control over U.S. export policy to the private sector. Furthermore, the board is to base its recommendation for export on the foreign availability or public availability of comparable products. In the interests of national security, encryption export policy should not and cannot be based solely on foreign availability. The PROTECT Act calls for the export of a product greater than 64 bits if it will generally be widely available from a foreign supplier within the next 12 months. Any policy based on the foreign or public availability of a comparable product, especially a year in advance of its actual appearance in the marketplace, will force administration policy to be driven by unfounded market trends without consideration of national security or foreign policy interests. Foreign products are often not as widely used as reported, as secure as advertised, or as easy to use for lack of an infrastructure as represented. In many cases, a foreign encryption product is subject to the export controls of the country in which it is manufactured. In the case of the other 32 Wassenaar nations, an encryption product is held to the same or similar standards as U.S. products. In addition, there are other important concerns that must be taken into consideration when deciding if a product should be exported, such as to whom the product is exported and for what purpose. In that regard, the PROTECT Act also eliminates the end user reporting that is so valuable to national security. The PROTECT Act permits strong encryption products to be approved under a license exception for export to so-called ``trustworthy entities and regions'' without prior government knowledge of intended end users. These include any foreign partners of U.S. companies, other governments, and almost any foreign commercial firm in any country. Some end users could in fact be targets of national security interests, such as narcotics traffickers. The PROTECT Act also automatically decontrols the export of strong encryption in the form of systems using the Advanced Encryption Standard to any destination upon adoption of AES, but at least by January 1, 2002. While current U.S. policy has opened up many sectors in many nations, it has done this in a thoughtful manner that miniminizes the risks to important national security interests. The PROTECT Act upsets this delicate balance by widely expanding exports without due consideration to national security. Finally, the PROTECT Act's 15-day technical review period is too rigid to permit a meaningful technical review. The government needs the opportunity to review a proposed export to assure it is compatible with U.S. national security interests and requires the ability to deny an export application if national security concerns are not adequately addressed. The ability to know what is being considered for export is a key part of U.S. export control policy. In some cases today, this process takes longer than 15 days because insufficient information is provided as part of the initial application. Let me make it clear. We want U.S. companies to effectively compete in world markets. In fact, it is something that we strongly support as long as it is consistent with national security needs. In summary, the PROTECT Act will harm national security. It will make NSA's job of providing critical actionable intelligence to our leaders and military commanders difficult, if not impossible, thus putting our Nation's security at considerable risk. The United States cannot have an effective decision-making process or a strong fighting force or a responsive law enforcement community or a strong counterterrorism capability unless the information required to support them is available in time to make that difference. Thank you, gentlemen. [The prepared statement of Ms. McNamara follows:] Prepared Statement of Barbara A. McNamara, Deputy Director, National Security Agency Mr. Chairman, thank you for giving me the opportunity today to discuss the important issue of encryption. I will be discussing the national security needs for export controls on encryption and why we oppose legislation that would effectively lift those controls. I will then address specific concerns NSA has with provisions of the PROTECT Act. However, I should like to begin by briefly introducing the National Security Agency (NSA) and its mission. The National Security Agency was founded in 1952 by President Truman. As a separately organized agency within the Department of Defense, NSA provides signals intelligence to a variety of users in the Federal Government and secures information systems for the Department of Defense and other U.S. Government agencies. NSA was designated a Combat Support Agency in 1988 by the Secretary of Defense in response to the Goldwater-Nichols Department of Defense Reorganization Act. The ability to understand the secret communications of our foreign adversaries while protecting our own communications--a capability in which the United States leads the world--gives our nation a unique advantage. The key to this accomplishment is cryptology, the fundamental mission and core competency of NSA. Cryptology is the study of making and deciphering codes, ciphers, and other forms of secret communications. NSA is charged with two complementary tasks in cryptology: first, exploiting foreign communications signals and second, protecting the information critical to U.S. national security. By ``exploitation,'' I am referring to signals intelligence, or the process of deriving important intelligence information from foreign communications signals; by ``protection'' I am referring to providing security for information systems. Maintaining this global advantage for the United States requires preservation of a healthy cryptologic capability in the face of unparalleled technical challenges. It is the signals intelligence (SIGINT) role that I want to address today. Our principal responsibility is to ensure a strong national security environment by providing timely information that is essential to critical military and policy decision making. NSA intercepts and analyzes the communications signals of our foreign adversaries, many of which are guarded by codes and other complex electronic countermeasures. From these signals, we produce vital intelligence reports for national deci- sion makers and military commanders. Very often, time is of the essence. Intelligence is perishable; it is worthless if we can not provide it in time to make a difference in rendering vital decisions. For example, SIGINT proved its worth in World War II when the United States broke the Japanese naval code and learned of their plans to invade Midway Island. This intelligence significantly aided the U.S. defeat of the Japanese fleet. Subsequent use of SIGINT helped shorten the war. NSA continues today to provide vital intelligence to the warfighter and the policy maker in time to make a difference for our nation's security. Demands on us in this arena have only gown since the break-up of the Soviet Union and have expanded to address other national security threats such as terrorism, weapons proliferation, and narcotic trafficking, to name a few. Because of these growing serious threats to our national security, care must be taken to protect our nation's intelligence equities. Passage of legislation that decontrols the export of strong encryption will significantly harm NSA's ability to carry out our mission and will ultimately result in the loss of essential intelligence reporting. This will greatly complicate our exploitation of foreign targets and the timely delivery of intelligence to decision makers because it will take too long to decrypt a message--if indeed we can decrypt it at all. Today, many of the worst's communications are unencrypted. Historically, encryption has been used primarily by governments and the military. It was employed for confidentiality in hardware-based systems and was often cumbersome to use. As encryption moves to software-based implementations and the infrastructure develops to provide a host of encryption-related security services, encryption will spread and be widely used by other foreign adversaries that have traditionally relied upon unencrypted communications. The decontrol of encryption exports would accelerate the use of encryption by many of these adversaries and as a result, much of the crucial information we are able to gather today could quickly become unavailable to us. National security must have an opportunity to conduct a meaningful review of encryption products prior to their export. In the past, this review process has provide us with valuable insight into what is being exported, to whom, and for what purpose. Without this review and the ability to deny an export application, it will be impossible to control exports of encryption to individuals and organizations that threaten the United States. For instance, decontrol will undermine international efforts to prevent terrorist attacks, and catch terrorists, drug traffickers, and proliferators of weapons of mass destruction. Please do not confuse the needs of national security with the needs of law enforcement. The two sets of interests and methods vary considerably and must be addressed separately. The law enforcement community is primarily concerned about the use of non-recoverable encryption by persons engaged in illegal activity. At NSA, we are primarily focused on preserving export controls on encryption to protect national security. While our mission is to provide intelligence to help protect the country's security, we also recognize that there must be a balanced approach to the encryption issue. The interests of industry and privacy groups, as well as of the Government, must be taken into account. Encryption is a technology that will allow our citizens to fully participate in the 21st Century world of electronic commerce. It will enhance the economic competitiveness of U.S industry. It will combat unauthorized access to private information and it will deny adversaries from gaining access to U.S. information wherever it may be in the world. To promote this balanced approach, we are engaged in an ongoing and productive dialogue with industry. The recent Administration update to the export control regulations addresses many industry concerns and has significantly advanced the ability of U.S. vendors to participate in overseas markets. Of equal significance, the Wassenaar nations, representing most major producers and users of encryption, agreed unanimously in December 1998 to control strong hardware and software encryption products. The Wassenaar Agreement clearly shows that other nations agree that a balanced approach is needed on encryption policy and export controls so that commercial and national security interests are addressed. Both are positive developments because they open new opportunities for U.S. industry while still protecting national security. These are examples of the kinds of advances possible under the current regulatory structure, which provides greater flexibility than a statutory structure to adjust export controls as circumstances warrant in order to meet the needs of Government and industry. We want U.S. companies to effectively compete in world markets. In fact, it is something we strongly support as long as it is done consistently with national security needs NSA supports the recent updates to the Administration's policy. The export provisions were carefully designed to open up large commercial markers while tying to minimize potential risk to national security. We believe significant progress was made. As you review the PROTECT Act, it is very important that you understand the significant effect certain provisions of this bill will have on national security. In particular, NSA is concerned about the establishment of an Encryption Export Advisory Board, heavily weighted to private sector representation. This effectively cedes control over U.S. encryption export policy to the private sector. Furthermore, the Board is to base its recommendation for export on the foreign availability or public availability of comparable products. In the interests of national security, encryption export policy should not be based solely on foreign availability or public availability. The PROTECT Act calls for the export of a product greater than 64-bits if it will be generally or widely available from a foreign supplier within the next twelve months. Any policy based on the foreign or public availability of a comparable product, especially a year in advance of its actual appearance in the marketplace, will force Administration policy to be driven by unfounded market trends without consideration of national security or foreign policy interests. Foreign products are often not as widely used as reported, as secure as advertised, or as easy use (for lack of an infrastructure) as represented. In many cases, a foreign encryption product is subject to the export controls of the country in which it is manufactured. In the case of the other 32 Wassenaar nations, an encryption product is held to the same, or similar, standards as U.S. products. In addition, there are other important concerns that must be taken into consideration when deciding if a product should be exported, such as to whom the product is exported, and for what purpose. In that regard, the PROTECT Act also eliminates the end-user reporting that is so valuable to national security. The PROTECT Act permits strong encryption products to be approved under a license exception or export to so-called ``trustworthy'' entities and regions without prior government knowledge of intended end-users. These include any foreign partners of U.S. companies, other governments, and almost any foreign commercial firm in any country. Some end-users could, in-fact, be targets of national security interest, such as narcotics traffickers. The PROTECT Act also automatically decontrols the export of strong encryption in the form of systems using the Advanced Encryption Standard (AES) systems to any destination, upon the adoption of AES, but at least by January 1, 2002. While current U.S. policy has opened up many sectors in many nations, it has done this in a thoughtful manner that minimizes the risk to important national security interests. The PROTECT Act could upset this delicate balance by widely expanding exports without due consideration to national security. Finally, the PROTECT Act's 15-day technical review period is too rigid and too short to permit a meaningful technical review. The Government needs the opportunity to review a proposed export to assure it is compatible with U.S. national security interests and requires the ability to deny an export application if national security concerns are not adequately addressed. The ability to know what is being considered for export is a key part of U S. export control policy. In some cases today, this process takes longer than 15 days because insufficient information is provided as part of the initial application. In summary, the PROTECT Act will harm national security by making NSA's job of providing vital intelligence to our leaders and military commanders difficult, if not impossible, thus putting our nation's security at some considerable risk. Our nation cannot have an effective decision-making process, a strong fighting force, a responsive law enforcement community, or a strong counterterrorism capability unless the intelligence information required to support them is available in time to make a difference. The nation needs a balanced encryption policy that allows U.S. industry to continue to be the world's technology leader, but that policy must also protect our national security interests. Thank you for the opportunity to address the Committee. Senator Burns. Thank you. I will start it off here. I just want to ask the Deputy Director, why is it that we have not been very successful in our negotiations with other countries to come up with some kind of international policy with regard to the use of or the export of robust encryption? In other words, we have been talking to our, I think he is related to an ambassador, Aaron, and we have been told that countries are moving to export controls, especially in the European Union and around the country, of which no agreement to my knowledge and we have drawn no conclusions to move in that direction in the last 4 or 5 years ever since we have been doing this. Ms. McNamara. I believe we have had success in that, Mr. Chairman last December--well, let me begin by saying, last September the U.S. Government, the U.S. administration, relaxed export controls substantially, to include the 128-bit encryption that Senator Ashcroft was addressing earlier and to cover the firms in his home State that actually have locations overseas, to allow them to be able to use very strong encryption, 128-bit, to protect theirs. Now, in December we took the U.S. policy to the Wassenaar countries. Those are 33 nations who are the principal producers of strong encryption around the world. That Arrangement--we took the U.S. relaxation strategy to that group of people and what we did at the time successfully was to close a loophole that the Wassenaar Arrangement had previously opened which was providing an unlevel playing field and disadvantaging U.S. software companies. So last December we sought and got agreement by 33 nations to close that loophole. The Arrangement allows for all 33 of those nations to put in place, those who already did not have in place, export controls that are essentially the same level as the controls that the U.S. administration relaxed to last September. With regard to what is going on in the European Union, we, the Administration--and I will turn this over to Secretary Reinsch to follow up on--but we are keeping our eye very closely on what is going on today in the European Union and what those foreign governments are thinking about in terms of encryption policies with regard to Europe. It is never our intent to allow anything to occur by foreign governments that would disadvantage U.S. industry. Senator Burns. Senator Ashcroft. Senator Ashcroft. Secretary Reinsch, would you say that 128-bit encryption is widely available and widely used today? Mr. Reinsch. No, I would say that it is available. Whether it is widely available is a judgment call. If it is not widely available today, it will be soon. It is becoming the state-of- the-art, if you will, so I think it is a matter of time, and I would not have a big argument with you over the adjective. Whether it is widely used or not is a more complicated question, and I think Ms. McNamara commented on that in her statement. We believe that, for the reasons she cited, use is significantly less than the existence of the products. Senator Ashcroft. Do you know of any case where there has been a prosecution or an enforcement action taken against people who have, or criminals who have used encryption outside the range of encryption that has been provided as acceptable? It would be an export, I guess, enforcement because the use would be a violation of the export regulations. Have you enforced this against anyone? Mr. Reinsch. Yes, sir. Senator Ashcroft. How many cases have there been? Mr. Reinsch. I will have to get you the number. We have a number of investigations ongoing, which of course we would not want to comment on. We have had a number of--we will have to get you the number. I would say single digits at this point. Senator Ashcroft. But it is only illegal to export the encryption? It is not illegal to import the encryption? Mr. Reinsch. That is correct, there are no restraints on domestic use or on imports. Senator Ashcroft. So that it is a one way? In other words, if terrorists conspire overseas to do something, like to effect a terrorist act here in the United States, they can send material in that is encrypted to the United States? Mr. Reinsch. Well, we do not control in any event messages or information that is encrypted. What is controlled is the encryption that one would employ. Senator Ashcroft. Is the sending of an encrypted message from the United States to another jurisdiction, does that qualify as an export of the encryption? Mr. Reinsch. No. Senator Ashcroft. It does not. So that-- Mr. Reinsch. Unless the message contains an encryption algorithm which is controlled. But if I sent--if you were in Bonn and I sent you an e-mail and it is encrypted, no. Senator Ashcroft. So it is true that the person or the terrorist organization which buys its encryption from Siemens in Germany can operate say in the Middle East and send messages back and forth to the United States, having imported the algorithm to the United States from Germany and have taken the German algorithm to the Middle East, and they can communicate back and forth without violating any of our laws currently? Mr. Reinsch. Yes. There is no--it was never the intent of our policy to try to deal with that. Senator Ashcroft. Well, it seems to me that that is the threat that you keep saying that we are avoiding by having this policy, and yet you just described that it is not our intent to stop that threat with our policy. To use that as the basis for not allowing our companies to compete, at a time when you say we do not care if other companies compete in that way, gets to the heart of what confounds me about our policy here. We have basically said every other country that wants to can go ahead and do this in the world and terrorists can use it and have complete access to the utilization of this encrypted for all the bad reasons, but American firms cannot be involved in exporting it. It just seems that is where the disconnect comes with this Senator and that is what I am struggling with. You said that section 102 incentives--provides an incentive to move the development of encryption offshore in this bill. Mr. Reinsch. Yes, sir. Senator Ashcroft. It seems to me that we have just described the Administration policy as a monumental incentive to move encryption offshore because we have indicated that offshore-produced encryption can be used both to send and receive robust encrypted material from the United States, to and from, without violating the policy or the law. Mr. Reinsch. Well, if I may comment, you have gone to one of the core issues, and I think it is an important dialogue to have. Let me make a small point first and then the larger point. On the small point, the difference between section 102 and our policy is that our policy now would not permit a company to transfer encryption technology or production technology or encryp- tion algorithm overseas for production purposes. Section 102 would, and that is the distinction we are making. But the larger point you are making is a more important one, and let me say two things about that, if I may. One is that I think that, as Director McNamara acknowledged in her testimony, this is not a policy and there probably is no policy that is going to be air-tight with respect to our ability to prevent the kinds of people you cited, terrorists in your example, from obtaining and using robust encryption. We do not believe that we can deal with every situation. The goal of our policy is to try to promote use in the marketplace of products that are law enforcement and national security-friendly, recognizing that a determined, committed terrorist who wants to use encryption can find ways around such a policy. But we believe by making, if we can, through market forces, the market standard, if you will, products that are more friendly to the interests of my two colleagues, what we will do over time is have more people, including some of the people that you are talking about, using this kind of encryption, which gives us some advantages. That is not going to happen in every case. We do not believe we can make it happen in every case. Now, the second point that relates to what you said is this question of foreign availability, and I would like to comment on that because you commented in your opening statement on this as well. I think what Director McNamara said was that we do not want foreign availability to be the sole criterion. Let me say that if it were the sole criterion for export control policy, we would not have controls on machine tools, we would not have controls on biotoxins, we would not have controls on chemical weapons precursors, semiconductor manufacturing technology, or computers at virtually any level. There are very few technologies over which the United States has a monopoly any longer, and you are quite right in saying that encryption is not one of them, but neither are the ones that I have mentioned. If we are going to say that foreign availability ought to be our single standard or it ought to be the dispositive standard, the net result of that is I am not going to have very much to do in my job. It is our belief that you need to balance foreign availability considerations, obviously, and we do weigh foreign availability in our judgments without question, and Director McNamara just commented on why this is a particular issue in the European Union case. But at the end of the day--and the Congress has been telling me this for 12 months with respect to satellites, with respect to computers, with respect to machine tools, that foreign availability is not the last word on the subject. Now, I think that it is ironic, to say the least, if the Congress is going to turn around on encryption and say that foreign availability is the last word on the subject. Ms. McNamara. May I follow up, please? The fact that one terrorist is using strong encryption that they either bought in the United States and took overseas with them or bought in Europe and is using it to communicate with people in this country is not what is of concern to us. On an individual basis, the U.S. Government I believe is smart enough to figure out a way to solve that particular problem or address that particular problem. What we are talking about here is the issue of putting in place legislation which would allow the ubiquitous use of encryption around the world, independent of individuals. We can always solve an individual problem with an individual solution. But the subject of ubiquitous encryption has dramatic impact on our ability to do our national security business, and let me offer, if the Senator wishes, a classified presentation on some of the subjects that I cannot address in this particular room. Thank you. Senator Ashcroft. Mr. Chairman, may I just clarify an item or two? Senator Burns. You may. Senator Ashcroft. Because these remarks have been extensive. Mr. Reinsch. Sorry about that. Senator Ashcroft. No, that is all right. I am pleased to have these remarks. Mr. Reinsch. You wind me up and get me started. These things happen. Senator Ashcroft. Well, thank you. Especially when I think you are supporting my position, I welcome your remarks. Mr. Reinsch. Then I misspoke. [Laughter.] Senator Ashcroft. The Director just indicated that a person could buy and take overseas robust encryption from the United States and use it overseas. Is that considered an export? Mr. Reinsch. Yes, that would not be permitted. Senator Ashcroft. Well then, you disagree with her that a person can do that legally? Ms. McNamara. I did not say it was legal. I do not think we will ever prevent everybody from committing a crime. Senator Ashcroft. OK. Well, I thought we were--I would just like to indicate that I did not raise the issue of terrorists. I am not interested in protecting terrorists here. I am interested in protecting our industry. But every time I want to protect the industry, one of you guys brings out the terrorist card and you throw it on the table and you say: ``We cannot protect America because there are these evil people out there that are going to encrypt messages.'' So I am interested in protecting U.S. companies, and I am also interested in protecting individuals. I guess some time I would like to have an answer why big companies and big business should have better, a greater right to privacy than individuals should in this country, and that commercial speech should be entitled to more integrity and privacy than individual speech. So the idea of ubiquitous encryption--which I am charmed by that phrase. I mean, I am going to try to use it as often as I can. Ms. McNamara. May I retract that from the record? Senator Ashcroft. I thought it might be a description of Senate speeches, but----[Laughter.] I think ubiquitous encryption is probably what we are headed toward in the marketplace of the world, and I think it is likely to be based on software developed outside the United States if we make it impossible for our software producers to have robust encryption here, because I think people are going to prefer to have privacy in their communications. I think most of us do. Very few of us like the idea of our calls or our communications being intercepted. We are aware of technology that makes heard those things which were not heard. A whisper is no longer a whisper; it can become a shout with the right listening device. What we once thought was a secure transmission is now available. We want, we yearn for security as individuals, and the idea somehow that big business is entitled to encryption and that individuals are not in their communication is one of the hurdles that we have to kind of come together on somehow to solve this problem. Thank you, Mr. Chairman. Senator Burns. Senator Cleland, do you have a statement? I am sorry. We have had some arrivals here. STATEMENT OF HON. MAX CLELAND, U.S. SENATOR FROM GEORGIA Senator Cleland. Mr. Chairman, I would just like my ubiquitous opening statement to be---- Ms. McNamara. I think I am going to regret I ever used that term. Senator Cleland [continuing]. Submitted, without objection. Senator Burns. I want somebody to spell it. Senator Ashcroft. The National Spelling Bee concluded last week. Senator Cleland. Thank you all very much. I am an old Army signal officer and I am a little bit familiar with encryption and the power of encryption, both for the good guys and the bad guys. Mr. Robinson, I would like for you to help me a little bit. I am just trying to learn some new terminology here about recovery. Apparently for law enforcement recovery is a key item, so nonrecoverable encryption becomes a problem. Recovery of what? How can you recover something that is encrypted, or is that the issue itself? Mr. Robinson. Well, I think it is, Senator, in a sense. What we are really interested in is maintaining our ability-- when we have probable cause and we go to court and get an order for electronic surveillance through a careful process that Congress has set out--to overhear communications. If what we get at the end of the road is encrypted, unrecoverable gibberish, we have a serious law enforcement problem. I think that is true also of stored electronic data. Increasingly, as people store their records in electronic form, on laptops and others, we can get a search warrant--and frankly, I agree with Senator Ashcroft. I think privacy interests are very, very important and I think people have a right to privacy. We are not looking for an opportunity to evade or invade individuals' or companies' rights to privacy, and that is why I said in my statement I think it is important to have robust encryption. But in those situations in which we have probable cause and we have procedures whereby we can go to court and get a wiretap order, a search warrant, we are going to be substantially handicapped if we do not try to contribute to an infrastructure that allows us to get plaintext out of these materials. That is our objective. The how is a technological question. As the chairman indicated, I think we need the resources to try to solve this problem of what do we do with encrypted evidence of criminal activity. We have got to solve that problem, and we hope that there will be an infrastructure, a contribution to an infrastructure, that will allow us to get plaintext when law enforcement needs to have it to prevent crimes from occurring, to investigate them, and then to put the evidence in. So that is essentially our equity, I think, in this debate. Senator Cleland. Help me out a little bit here. If we ease up on controls regarding exports of software, encryption software, that expands the bits, namely expands I guess the capability of data or information being encrypted, if we ease up on controls that allow for those software packages which allow for expansion of the bits or expansion of encryption to be sold abroad, then what you are saying is that we might get that back as a pie in the face. In other words, we might get that back in a greater difficulty for law enforcement to ``recover'' information; is that what I am hearing you say? Mr. Robinson. Yes, I think that is true. Senator Cleland. Ms. McNamara, in terms of the pie in the face for you, that would be the lesser ability to, shall we say, to use the terminology, recover, shall we say, intelligence to then pass on to our commanders in the field? That is what we are talking about? Ms. McNamara. That is an accurate characterization of the situation, Senator. Senator Cleland. Mr. Reinsch, it seems like to me that this dovetails somewhat into the issue that we are all struggling with. I am on the Governmental Affairs Committee and the Senate Armed Services Committee. We are struggling with the issue of American technology, sensitive American technology, winding up in the hands of others, the most recent example being the Chinese, not just the espionage of our nuclear secrets and missile technology, but some of the, shall we say, leaked technology on missile and satellite information that wound up in the hands of the Chinese. I would say that I was one of those who supported the licensing of this kind of technology to move from the Commerce Department to the State Department. I guess I am glad to see your bona fide concern, I think, in the Commerce Department about easing up on export controls on this sensitive information or this sensitive encryption capability. I gather that the Commerce Department is very sensitive to this, is that correct? Mr. Reinsch. Yes, and we would also say we were very sensitive in the satellite case as well, as I think I did say before your subcommittee when that first came up. But yes, the decisions we make--the export control system of the United States is based on, leaving aside short supply, which is not on the table, controlling exports for national security and foreign policy reasons. That is the filter through which every decision we make goes. One might agree or disagree with a particular decision, but clearly in this case national security is a paramount consideration for us. Senator Cleland. Mr. Robinson, could you share with me a little bit. Does the Justice Department have some role in being involved in improving the U.S. end user verification system for supercomputers and strong encryption products? Is that a role that you play? Mr. Robinson. Not directly, we do not. We are obviously concerned about the extent to which these issues interface with our ability to do our job. Mr. Reinsch. We do that, Senator. Senator Cleland. That is through you in the Commerce Department? Mr. Reinsch. Yes, end user visits, which are both pre- and post--that is, we do some in advance of making the decision about a license because we want to check out the bona fides of the end user, and post because we want to see if the item actually went where it was supposed to go and if it is being used as it was intended--has been an important enforcement tool for us for decades. It is not the only enforcement tool we use by any means, and it has its imperfections. It is also very expensive. I would say that in general Congress has been less than generous with the resources that it would take to do more. We have also been handicapped, frankly, on computers in specific, by a congressional requirement that we visit every one of them. This has forced us, for example, to visit subsidiaries of American companies who are using them, banks, companies that bought one computer and then 6 months later bought a second one; we have had to visit them twice. It has prevented our agents from doing what they do best, which is figuring out what the risks are and spending their investigatorial time and talent on the places that problems. We have had to check a lot that we think are not problems. When you see the report of our inspector general on this subject next week, I think that--I should not get into this in public, but I think that he will make a distinction between visits that are useful and visits that are not useful. We want to do more of the former. Senator Cleland. Thank you very much. In closing out my questions, Mr. Chairman--I know I am out of time here--Ms. McNamara, I gather that your message to us is that we should tread very softly on this issue of encryption and opening up or loosening up export controls because it does involve sensitive issues of national security? Ms. McNamara. Yes, sir. Senator Cleland. Thank you, Mr. Chairman. Senator Burns. Thank you. Senator Dorgan, you have just joined us. Do you have a small statement? I am going to turn the chairmanship over to Senator Frist--I have got an 11 o'clock that is sort of very important to me--if you would agree to do that. We have got one more panel to go, by the way. STATEMENT OF HON. BYRON L. DORGAN, U.S. SENATOR FROM NORTH DAKOTA Senator Dorgan. Mr. Chairman, I came late and I have to leave in a moment because of some other hearings, but I just want to make in 30 seconds a comment about all of this. I, as you know, worked with you in the last Congress to try to resolve some of these issues. These are very difficult issues. You raise questions that I think are very important questions. Yet the whole export control area is very difficult. What used to be a supercomputer is now a laptop, available to anybody, any time, anywhere in the world. So as we try to sift through all of these issues and consider national security concerns, we also have to deal with the reality of what is happening in the world. My hope is that we can find a resolution that is a thoughtful resolution, protecting our national security interests and at the same time recognizing what is happening in the rest of the world. I appreciate the attention Senator Burns has given to this over some long period of time, that this is not an easy issue, and he has spent a great deal of time on it. So thank you very much. Senator Burns. Thank you, Senator. Senator Frist, I am going to turn this over to you. I have an 11 o'clock. I have tried to wheedle out of that thing two or three times and I am not having any more luck now than I had yesterday. STATEMENT OF HON. BILL FRIST, U.S. SENATOR FROM TENNESSEE Senator Frist [presiding]. Thank you, Mr. Chairman. Mr. Chairman before you leave, I would like unanimous consent to have my opening statement made a part of the record. Senator Burns. You are the chairman. You can do anything you want to. Senator Frist [presiding]. Thank you very much. First of all, I thank all three of you for being here. I have got a couple of other questions that I would like to just run through. Director McNamara, do the continued export restrictions on U.S. encryption products make sense when Wassenaar partners such as the U.K., France and Germany have established new policies encouraging their citizens to use strong encryption? Ms. McNamara. In terms of the strong use--the use of strong encryption by individual nations' citizens, we support strong use of encryption by U.S. citizens. We do believe that U.S. citizens are entitled to privacy for their own purposes. In terms of the export controls, however, there are agreements and there is compatibility and comparability between those export conditions that the United States has with the European partners that you mentioned. Now, there are discussions going on in Europe today. We have our eye on that. But when we relaxed last September, the European nations along with other members of the Wassenaar nations aligned their overarching documentation that their export control processes should be in line with ours now both in hardware and software. Senator Frist. Is progress being made there, if you look out? Ms. McNamara. Yes, yes. In terms of what we are looking at, we still have our eye on Europe. The Administration said last year when we did relax to those sectors and encryption bit lengths that we would review those again in September, and one of the ingredients in that review will clearly be what other foreign governments are doing. Let me state, though, for the record again, earlier I think it was Senator Ashcroft who said that we had--or perhaps it was Congressman Goodlatte when he was talking--that we had relaxed, the relaxation included going from 40 bits to 56 bits. That is clearly true, but in all of the sector relief that was given last year there is no bit length, as Secretary Reinsch said. It is 128-bits for use in banking, finance, commerce--sorry, online commerce, because it was recognition that e-commerce was a very important thing for U.S. companies and individuals to be able to have access to. So there is a large portion of that which is covered by 128-bit encryption. Senator Frist. Fine. Mr. Robinson, OECD, European Community; could you elaborate on our global partners' positions on recoverable encryption products and their regulations, and specifically address OECD as well as the European Community? Mr. Robinson. I think I would defer to the Secretary to give you a better answer than I. Mr. Reinsch. I can do that. Senator Frist. Mr. Secretary. Mr. Reinsch. Ambassador Aaron, who is the President's special envoy on this subject, has spent a lot of time with OECD members, I believe virtually all of whom are also members of what is known as the Wassenaar Arrangement, which is a multilateral export control regime that controls encryption items multilaterally. There are 33 nations in that regime, including Russia, including the NATO members, including all of the EU members, and a number of others. As Director McNamara has said and as I testified, we have had a good bit of success in that group harmonizing the export control policies of all 33 of those members. At the same time, the individual countries are developing encryption policies domestically, and they have wrestled with the same issues domestically that everybody else has wrestled with: Do we want to control imports, do we want to control domestic use, what do we want to permit to happen in our countries? There is a trend, I think it is fair to say, within the EU, which is the first place it would begin after here, away from key recovery, certainly away from controls on domestic use and in favor of allowing people within each of these countries to use whatever they want. There is, then, a trend away from what I would refer to as key escrow or key recovery, the idea that people mandatorily would have to provide a spare key with some third party entity, government or nongovernment. We have also taken the position that we do not want to do that as a mandatory step. We do see an environment for stored data in which people may want to do that voluntarily, and we have taken exceptions to provisions in some of the bills that we think would discourage it voluntarily. Most of our trading partners, whether you say OECD or the Wassenaar members or NATO, however you define them, are moving away from that kind of government involvement in the domestic marketplace. But at the same time they are all, on the export front, as near as we can tell, acting in a way that is generally consistent both with Wassenaar and with what we are doing. Senator Frist. Good. When we talk about appropriate agencies or parties to serve as key recovery agents, help me. What sort of appropriate agents or parties would that be? Mr. Reinsch. Well, mostly private parties, in fact I think exclusively private parties now. You need to think about it from the standpoint of another piece of this issue that is not on the table and should not be, which is the question of authentication and reliability for authentication. This is not a spare key issue, but it is a question of a public key infrastructure issue--if I want to send you a message, you want to have some certainty that the message you receive with my name on it came from me rather than from him or someone else, and I want to have some assurance that your response came from you and not someone who has intercepted it and is masquerading as you. That demands some authenticity and some certification that your message came from you. What we envision and in fact what a number of States have already addressed in their legislation is regulating the private entities that will provide that authentication function. They will not keep spare keys, because the last thing you want for authentication purposes is a spare key. But what is happening is that private parties are springing up that will provide essentially trust services and authentication services to warrant that my messages come from me and that you can have some confidence in that. In fact, I think there are probably some people in that business on one of the next panels, and you might want to pursue the technology with them. Senator Frist. Right. Any other comment on that, Mr. Robinson? Mr. Robinson. No, Senator. Senator Frist. Mr. Secretary, on the issue of research and development on computer security, you are against NIST's doing that? Mr. Reinsch. Not necessarily. I think Justice is. Senator Frist. Mr. Robinson. Mr. Robinson. Well, we are concerned that law enforcement be able to try to develop the techniques necessary to get plaintext because, frankly, we are the ones who are going to have to use them and we need to have the capacity to do so. We think it is critical to public safety and effective law enforcement when we encounter encrypted evidence of criminal activities to be able to figure out a way to turn that into real information, whether it is an audible transmission or stored electronic data. Without that capacity, obviously encryption in the wrong hands, as many things, can be a powerful tool to prevent law enforcement from preventing crimes and successfully investigating and prosecuting them. So that is a concern that we obviously have. Senator Frist. I guess then my question, and feel free to comment, is as we look at standardization of an advanced encryption system, whoever is doing that, if it is NIST, needs to be up to date with state-of-the-art right where we are. I guess it is not clear to me how if you put the research and the development in computer security with law enforcement, with the FBI, and then have NIST looking at the standardization, how they are really on top of things. Or is it both? Mr. Reinsch. If I could comment, one of my regrets this morning, Dr. Frist, was that I did not have an opportunity to bring with me a full and complete statement of NIST's views on that question. If I may, I would like to have them--what I will suggest to them is they might get in touch with you directly, knowing of your interest in the issue. They do what you are describing. They have an extensive computer security laboratory now. They have a lot of interaction with the private sector. They validate products that they test as a service to the private sector. I believe their view is that if the Justice Department wants to take the activity on, provided for in this bill, that that would be all right. If the committee wants to assign it to them, I am sure they would defer to the committee's judgment. But what I would prefer is to have them communicate with you directly. Senator Frist. Fine. Mr. Reinsch. I will arrange that. Senator Frist. Good. Well, thank you. We do have another panel. Would any of you like to make any closing statements at all? [No response.] Senator Frist. Thank you very, very much. We appreciate your being with us, and we will ask the second panel to come forward. I thank all three panelists for being with us. I will go ahead and do the introductions and then we will go in alphabetical order, I believe: Mr. David Aucsmith, Chief Security Architect, Intel Corporation; Mr. Jim Bidzos, Vice Chairman of the Board, Security Dynamics Technologies; and Professor Lance Hoffman, School of Engineering and Applied Science, Cyberspace Policy Institute. Welcome to each of you, and let us begin with Doctor--Mr. Aucsmith. STATEMENT OF DAVID AUCSMITH, CHIEF SECURITY ARCHITECT, INTEL CORPORATION Mr. Aucsmith. Thank you, Mr. Chairman, for this opportunity to talk to you this morning about the need for fundamental reform of America's encryption policy. I am pleased to appear today on behalf of the Business Software Alliance, which together with ACP has been in the forefront of efforts to persuade the Government to adopt a new U.S. encryption policy. I am from Intel. Intel is the world's largest semiconductor manufacturer and a major supplier of information technology building blocks to the global computer and communications industry. We provide our customers with chips, printed circuit boards, assemblies, software--all the ingredients that you typically think of that go into a personal computer, servers, and workstations. Actually, my being here to speak on behalf of the Business Software Alliance should underscore the fact that encryption is both a software and a hardware issue. In fact, as a general note, 56-bit hardware products are currently excluded from the favorable treatment now given by the Administration. That applies only to software products. In 1998 we employed more than 40,000 people in the United States. We are headquartered in Santa Clara, CA, but have significant manufacturing facilities in a number of States, including Arizona, New Mexico, Oregon, California, and Massachusetts. We urge the committee to pass the PROTECT Act with further amendments that would make the bill more fully comport with technical and marketing realities. This morning I would like to briefly make five points which I believe should underpin our U.S. encryption policy. First: In an Internet economy, encryption is essential to all businesses, not just encryption business. I want to emphasize this point. While private sector interest in encryption export reform is generally characterized in terms of the competitiveness of American encryption products abroad, it has become a much larger issue for all American businesses. In this economy, every business is becoming an Internet business. It will affect all businesses. Cryptography has emerged as the essential building block for building trust in the open Internet. Without it, the hundreds of billions of dollars of e-commerce currently projected to occur by the year 2002 will be at risk. Second: Encryption is vital to securing America's critical infrastructures. I participated in the Defense Science Board evaluation of America's critical infrastructures. We focused on the vulnerability of five critical infrastructures and concluded that encryption is absolutely essential in their protection. The security of any network is only as good as its weakest link. All wires have two ends, if you will. America's infrastructures cannot be protected if they are networked, as they will be, with foreign infrastructures that use weak encryption. That is why permitting exports of strong encryption helps to promote the national security. Third: The availability of encryption cannot be reasonably controlled. Cryptography is just mathematics. Information about cryptography is widely available from many sources and in many forms. It is the subject of numerous academic conferences. It is taught in universities throughout the world. Moreover, while developing good algorithms is extremely difficult, if you will, rocket science, implementing them is relatively easy once someone has developed them. Fourth: Government-required or mandated plaintext access will not work. While mandated plaintext access offers at first glance a solution to the Government's problems, it is not technically possible in most circumstances. It does not let law enforcement verify compliance with access requirements a priori and it does not give national security interests access to stored information. There is practically no commercial reason for storing communications keys and I believe the need for key recovery of stored data is overstated. To be blunt, Intel as a corporation does not plan to sell products incorporating key recovery, nor does it expect to implement a key recovery system for its own use. Fifth: The Government needs to find technological alternatives to meet its requirements for access to information. Intel agrees that access to data communications and stored data by law enforcement and intelligence communities is both legitimate and extremely important. Clearly, Congress needs to adequately fund the technical efforts of these agencies so they can meet the challenges of the next century. Industry supports additional funding. Industry can also provide assistance and is willing to do so. BSA has advocated that the U.S. Government should work cooperatively with our Nation's hardware and software manufacturers to develop the technical know-how that they need. Technical innovation is predominantly centered in the private sector. Only a government-industry cooperative exchange can effectively address the challenge of continued technological change. In conclusion, let me say that we strongly believe the PROTECT Act should be passed, but with further improvements. The PROTECT Act does not--I mean, the PROTECT Act does begin to realize the realities of mass market products. It eliminates reporting requirements for such products and grants export relief to those products at all horizontal layers of the information technology sector. But the Act still does not grant widespread exportability of mass market and publicly available encryption products, and there is a complicated bureaucratic process which must be pursued. Not until 2002 will American industry be able to widely export products that are now using what is basically the worldwide standard of 128 bits in the form of the Advanced Encryption Standard or its equivalent. We believe that it is in our national interest to permit such exportability now and we urge the committee to amend the bill accordingly. Thank you very much. [The prepared statement of Mr. Aucsmith follows:] Prepared Statement of David Aucsmith, Chief Security Architect, Intel Corporation Thank you Mr. Chairman for the opportunity to talk to you this morning about the need for fundamental reform of America's encryption policy. I am pleased to appear today on behalf of the Business Software Alliance which, together with ACP, has been in the forefront of efforts to persuade the U.S. Government to adopt a new U.S. encryption policy. We urge the Committee to pass the PROTECT Act with further amendments that would make the bill more fully comport with technological and market realities. This morning I would like to briefly make five points that we believe should underpin U.S. encryption policy. First, encryption is essential to all business in an Internet economy. While private sector interest in encryption export reform is generally characterized in terms of the competitiveness of American encryption products in a worldwide market, it is becoming a much larger issue for all American business. The global economy, tied together with the Internet, is turning businesses into virtual enterprises, localized products into global products, and geographically limited networks into worldwide networks. In this environment, American businesses must be able to sell and support their products worldwide, must be able to securely coordinate with their business partners worldwide, and must be able to conduct safe electronic commerce worldwide. Quite simply, cryptography has emerged as the only possible solution to many of the requirements of commercial security. It is the essential building block for building trust onto the open Internet. Without it, the hundreds of billions of dollars of e-commerce currently projected to occur by the year 2002 will not happen. Second, encryption is vital to securing America's critical infrastructures. Much of the national economy is at risk from the decisions that are made today on the issues of infrastructure protection. Increasingly, these critical systems are driven by, and linked together with, computers making them vulnerable to disruption. The single best way, and sometimes the only way to affect effectively these critical networks and systems, is encryption. That's why the National Research Council found that encryption promotes the national security of the United States. However, the security of any network is only as good as its weakest link. America's infrastructures cannot be protected if they are networked with foreign infrastructures using weak encryption. Third, the availability of encryption cannot be reasonably controlled. Cryptography is a branch of mathematics. Cryptographic technology can be reduced to mathematical formulas and protocols. Information about cryptography is available from many sources in many forms. It is the subject of numerous academic conferences. It is taught in universities worldwide. Moreover, while developing good algorithms is tough, implementing them is relatively easy. Fourth, government promoted or required plaintext access will not work. While required plaintext access offers, at first glance, a solution to the government's problem: (1) it is not technically possible in most circumstances; (2) it does not let law enforcement verify compliance with access requirements; and (3) it does not give national security interests access to stored keys. There is simply no way that law enforcement can determine, in advance, that particular text had not been encrypted with more than one program or product. At the same time, targets of national security interests are unlikely to design or use a plaintext infrastructure which would allow the U.S. government to have secret access to plaintext. Moreover, there is practically no commercial reason for storing communications keys--if the communication is disrupted or compromised a new session will be established. At the same time, the need for key recovery of stored data also is overstated--the frequent example is an employee hit by a bus. With the exception of personal notes, information is not solely possessed by an individual. In addition, most mission-critical data is held by the corporate data management system that has its own control and protection mechanism. Finally, most personal data has a time value and rapidly becomes obsolete. If one factors in the additional costs and systemic vulnerabilities that result from building in access features, we conclude that there is no business or consumer need for key recovery or special plaintext access. To be blunt: Intel does not plan to implement a key recovery scheme for its own use. . Fifth, the government needs to find technological alternatives to meet its requirements for access to information. Intel agrees that access to data communications and stored data by law enforcement intelligence communities is both legitimate and extremely important. Clearly, Congress should adequately fund the technical efforts of these agencies so they can meet the challenges of the next century. Industry supports additional funding. Industry can also provide other assistance. For example, ACP proposed last year the creation of a ``NET center'' to help law enforcement officials understand how to deal with encryption and other technological advances. ACP also has advocated that the U.S. government should work cooperatively with our nation's hardware and software manufacturers to develop the technical tools and know-how that they need. Technical innovation is predominantly centered in the private sector--only a government/industry cooperative effort can address effectively the challenge of continued technological change. In conclusion, let me say that we strongly believe the Protect Act should be passed but with further improvements. The Protect Act does begin to realize the realities of mass market products, eliminates reporting requirements for such products, and grants export control relief to products at all horizontal layers in the information technology sector. But the Act still does not grant widespread exportability for mass market and publicly available encryption products. There is a complicated, bureaucratic process which must be pursued. Not until 2002 will American industry be able to widely export products using the 128-bit Advanced Encryption Standard or its equivalent. We believe it is in our national interest to permit such exportability now and urge the Committee to amend the bill accordingly. Once again, many thanks for this opportunity to testify. INTRODUCTION My name is David Aucsmith, and as Chief Security Architect for the Intel Corporation I am responsible for research, development and deployment of data and communications security technologies and products, both hardware and software. Currently, my work is focusing on developing industry standard architectures for the application and interoperability of data security technologies for communications, electronic commerce, and content protection. I previously worked on security matters for two computer companies and as a Lieutenant Commander in Naval Intelligence. Intel is the world's largest semiconductor manufacturer and a major supplier of information technology building blocks to the global computer and communications industries. We provide our customers with chips, printed circuit board assemblies and software that are the ``ingredients'' of PC's, servers and workstations. Our flagship business involves the mass production and sale of the Pentium family of processors and other microprocessors, which are frequently described as the ``brains'' of a computer because they control the central processing of data in computers. In 1998, our sales exceeded $26 billion, and we employed more than 40,000 people in the United States. Like most information technology companies, Intel's business model is global in scope. The bulk of our production takes place in the United States. Our products are sold worldwide to original equipment manufacturers of computer systems and peripherals, PC users who make purchases through various distribution channels including the Internet, and other manufacturers who produce a wide range of industrial and telecommunications equipment. Information security plays a prominent role in the conduct of our business. Intel is headquartered in Santa Clara, California, and we have significant manufacturing facilities in a number of states, including Arizona, New Mexico, Oregon, California and Massachusetts. Intel Corporation is a member of the Business Software Alliance (``BSA'') and Americans for Computer Privacy (``ACP''). Both associations have been in the forefront of efforts to persuade the government to adopt a new encryption policy. Since 1988, BSA has been the voice of the world's leading software developers before governments and with consumers in the international marketplace. BSA promotes the continued growth of the software industry through its international public policy, education and enforcement program in 65 countries throughout North America, Europe, Asia and Latin America. Its members represent the fastest growing industry in the world. BSA worldwide members include Adobe, Attachmate, Autodesk, Bentley Systems, Corel Corporation, Lotus Development, Macromedia, Microsoft, Network Associates, Novell, Symantec and Visio. Additional members of BSA's Policy Council include Apple Computer, Compaq, Intuit, Sybase and my company Intel. BSA websites: www.bsa.org; www.nopiracy.com. Intel Corporation takes, as a given, that access to data communications and stored data by the intelligence and law enforcement communities is both legitimate and extremely important. But, we also recognize that there is an inevitable tide of advancing technology that renders most conventional intercept methodologies obsolete. We also believe that all American businesses need access to strong cryptography to remain competitive in an ever increasing global economy. We believe that these varied objectives can be met if only government does not seek to force solutions on industry that are incompatible with the development of technology and market demands. It is our view that, given the breathtaking pace at which information technology (including cryptography) is developing around the globe, the only way to achieve these goals is to adopt policies that will ensure American industry leadership in the area of information technology. This morning I would like to discuss five points that we believe should underpin U.S. encryption policy: 1. Encryption is essential to conducting all business in an Internet economy; 2. Encryption is vital to securing America's critical infrastructures; 3. The availability of encryption cannot be reasonably controlled; 4. Government promoted or required plaintext access will not work; and 5. The government needs to find technological alternatives to meet its requirements for access to information. encryption is essential to conducting all business in an internet economy While the private sector interest in encryption export reform is generally characterized in terms of the competitiveness of American encryption products in world markets, it is, in reality, a much larger issue for American businesses. In an Internet economy, all American businesses are affected by encryption export constraints. The future of business is fundamentally changing. The Internet presents two distinctly different business opportunities. Moving existing business to the Internet. Taking our existing paper-based commerce models and moving them to the electronic world. Creating new businesses because of the Internet. The Internet provides a ubiquity, connectivity and speed that has never existed before. There are many hereto unimagined businesses that will arise to capitalize on these capabilities. The global economy, tied together with the Internet, is turning businesses into virtual enterprises, localized products into global products, and geographically limited networks into worldwide networks. Taking place on a massive scale, this phenomenon rests on the following business principles: American businesses must be able to sell and support their products worldwide. American businesses must be able to securely communicate and coordinate with their foreign subsidiaries and business partners worldwide. American businesses must be able to conduct safe electronic commerce worldwide. I will address each of these three principles in more detail. However, it should be obvious that they all depend on secure communications and financial infrastructures. Cryptography is an essential component of the security of these critical infrastructures, regardless of the nature of the company involved. It is easy to underestimate the magnitude of the information technology industry in the U.S. and the importance of Internet driven electronic commerce. The Department of Commerce reported that: Without information technology--and the electronic commerce it fosters-- overall inflation would have hit 3.1% last year, more than a full percentage point higher than the 2% it was . . . \1\ By the year 2002, Internet commerce is expected to be $327 billion \2\ annually. By the year 2001, the U.S. information technology industry will be directly responsible for 5% of the GNP.\3\ American businesses must be able to sell their products worldwide Much has been said about the need for American businesses to be able to sell their encryption products worldwide as will be discussed later in this testimony. What is not obvious is that encryption controls may make it difficult to sell non-encryption products on the world market as well. For example, a telecommunications application may need to have an integrated cryptographic component to meet an international standard. American businesses must be able to securely communicate and coordinate with their foreign subsidiaries and business partners worldwide Business practices demand tight coordination with both a companies overseas subsidiaries, their suppliers and their customers. It is essential that confidentiality and access control to business information be maintained. Frequently companies are suppliers or customers on one product and competitors on another. The tightly integrated networks required for coordination could rapidly become a source of competitive intelligence if not adequately protected. Only strong cryptography can offer the level of protection required. American businesses must be able to conduct safe electronic commerce worldwide In the near future, there will now longer be dedicated Internet companies--virtually every company will have to be an Internet company to survive. This requires that companies have the capability to securely sell products over the Internet to markets around the world. The ability to prevent fraud and protect intellectual property will depend heavily on the use of strong cryptography. Importantly, corporate participation in electronic commerce includes both business-to-business and business-to-consumer transactions. There is a need for commercial security There has always been some level of need for data security in commercial environments. However, the Internet has enabled the connected PC and, with it, created both new business opportunities and new security vulnerabilities. Both the value and volume of on-line information has sharply risen. This information includes organizational information such as financial data, manufacturing information, customer information, medical and legal records, and human resources data. Additionally, there is a growing amount of data which has intrinsic value, such as monetary instruments (e.g., credit cards, coupons, etc.) and intellectual property (e.g., movies, images, etc.). In the past, such data was protected by physical and procedural controls. The connected PC largely negates those conventional controls and requires new security mechanisms, thus creating a need for commercial security technology. After many years of false starts, commercial data security has become a viable business. The Internet has provided the driving force for this change. Physical barriers have all but disappeared, and security perimeters have become vague. The Internet has created needs for security that were not present in isolated security domains. This has, in turn, created opportunities for vendors of security technologies and has also created a need for standards so those technologies can interoperate. Cryptography is the only viable solution to most commercial security requirements Cryptography has emerged as the only possible solution to many of the requirements of commercial security. It is the essential building block for projecting trust onto the open Internet. The modern global commercial information infrastructure is characterized by more than 95 million Internet-connected computers,\4\ most of which are in open environments with little or no physical control. They use a wide variety of hardware and software and implement no common security policy. Only cryptographic technologies are capable of projecting security onto a completely open, arbitrary environment. Cryptography, by itself, does not guarantee any level of security. It is a necessary component but not a sufficient component. Privacy, also known as confidentiality, is the characteristic that information is protected from being viewed in transit during communications and/or when stored in an information system. With cryptographically-provided confidentiality, encrypted information can fall into the hands of someone not authorized to view it without being compromised. It is almost entirely the confidentiality aspect of cryptography that has posed public policy dilemmas. The commercial use of privacy (or confidentiality) encompasses not only the traditional view described above, but also the protection of intellectual property such as digital video and digital audio. The same technology used to keep communications private are required to ensure that a digital movie is not illegally copied. ENCRYPTION IS VITAL TO SECURING AMERICA'S CRITICAL INFRASTRUCTURES Governments also are recognizing that without encryption, the electronic networks that control such critical functions as airline flights, health care functions, electrical power and financial markets remain highly vulnerable. The U.S. General Accounting Office in its report issued in May of 1996 entitled ``Information Security: Computer Attacks at Department of Defense Pose Increasing Risks'' found that computer attacks are an increasing threat, particularly through connections on the Internet, such attacks are costly and damaging, and such attacks on Defense and other U.S. computer systems pose a serious threat to national security. There is an awareness within the government of the vulnerability of the national information infrastructure to potential attack. The Marsh Report \5\ highlighted the vulnerabilities very well. Much of the national economy is at risk from the decisions that are made today on the issues of infrastructure protection. Any action that degrades the security of Internet commerce or the viability of the industries involved must be viewed as a serious risk to the national security. As the President said on January 22, 1999, before the National Academy of Sciences, ``[w]e must be ready--ready if our adversaries try to use computers to disable-power grids, banking, communications and transportation networks, police, fire and health services--or military assets. More and more, these critical systems are driven by, and linked together with, computers, making them more vulnerable to disruption.'' The President has been so concerned that he established a Commission on Critical Infrastructure Protection to provide him with guidance and issued two Presidential Directives based on the Commission's recommendations. In the Report of the President's Commission on Critical Infrastructure Protection entitled Critical Foundations: Protecting America's Infrastructures (October 1997), the Commission emphasized that ``Strong encryption is an essential element for the security of the information on which critical infrastructures depend.'' In fact ``[p]rotection of the information our critical infrastructures are increasingly dependent upon is in the national interest and essential to their evolution and full use. A secure infrastructure requires the following: Secure and reliable telecommunications networks. Effective means for protecting the information systems attached to those networks . . . . Effective means of protecting data against unauthorized use or disclosure. Well-trained users who understand how to protect their systems and data.'' An earlier blue ribbon National Research Council (NRC) Committee similarly concluded in its (May 1996) CRISIS Report (``Cryptography's Role in Securing the Information Society'') that encryption promotes the national security of the United States by protecting ``nationally critical information systems and networks against unauthorized penetration.'' Thus, the NRC Committee found that on balance the advantages of widespread encryption use outweighed the disadvantages and that the U.S. Government has ``an important stake in assuring that its important and sensitive . . . information . . . is protected from foreign government or other parties whose interests are hostile to those of the United States.'' In recognition of the risks and threats to information, on January 15, 1999, the National Institute of Standards and Technology (NIST) established a new draft Federal Information Processing Standard (FIPS 46-3) to require the use of stronger encryption in government systems. NIST stated that it ``can no longer support the use of the DES for many applications'' and that all new systems must use the significantly stronger Triple DES ``to protect sensitive, unclassified data''. Under the FIPS, all existing systems are now expected to develop a strategy to transition to Triple DES, with critical systems receiving a priority. The vulnerability of national infrastructures has not been lost on other governments. Within the European Union, there is discussion on how to encourage companies to develop products to protect national infrastructures in their respective countries. Such mutual government encouragement will help to grow technical capabilities and fuel a viable world market. Already the Swiss government is providing 128-bit encryption plug- ins for download off the Internet. The SecureNet system is required for use in accessing Telegiro, an Internet payment system. The plug-ins support SSL connections using IDEA encryption. Several Swiss banks are now using on-line banking systems compatible with the Telegiro cryptosystem.\6\ Information security is critical to the integrity, stability and health of individuals, corporations and governments. While cryptography is but one element of security, it is the keystone of secure, distributed systems. Frankly, there is no substitute for good, widespread, strong cryptography when attempting to prevent crime and sabotage through these networks. The security of any network, however, is only as good as its weakest link. America's infrastructures cannot be protected if they are networked with foreign infrastructures using weak encryption. In the long-term, we believe it is in America's best interest to protect critical infrastructures and national security by relying on strong American encryption products. This will not happen if the U.S. Government limits the ability of U.S. companies to provide strong encryption to consumers. Indeed, the question is not whether critical infrastructures will be protected. Rather it is a question of who will protect them--U.S. or foreign companies. With individuals increasingly relying on critical infrastructures and governments increasingly desiring to safeguard these infrastructures, it is only a matter of time before strong encryption becomes a commodity feature of global networks and information systems. U.S. encryption export controls hurt our national security Our current export policy puts at risk America's global leadership in information security. U.S. export policy should, therefore, be changed so it no longer limits American participation in efforts to secure global e-commerce and related information infrastructures and no longer cedes the world market for encryption products to foreign competitors. Strong, high-quality encryption products already are widely available from foreign makers. Foreign producers of IT systems are finding that their ability to provide end-to-end systems incorporating stronger encryption than U.S. companies are permitted to export gives them a decided market advantage. We are concerned that as a result America will lose the critical encryption market to foreign companies. If that happens, it will be too late to change U.S. policy and too late to preserve U.S. leadership in this vital arena. What will the loss of that U.S. leadership position mean? It will mean that the national security agencies will be confronting ubiquitous encryption made not by U.S. companies, but by foreign companies. Where then will the national security agencies go for technical help on encryption? It also will mean that the protection of our critical national infrastructure may depend on foreign-made systems incorporating foreign-made encryption--and that's unacceptable. America must retain leadership in this vital technology if we are to meet our long-term national security objectives. That is why we must assess our encryption export policies from a long-term, not a short- term, perspective. In the long run, U.S. national security objectives are best served by an IT world in which U.S. companies are market leaders in all aspects, especially encryption. U.S. export controls have had the effect of creating an encryption expertise outside the United States that is gathering momentum. Unfortunately, every time research and development of an encryption technique or product moves off-shore, U.S. law enforcement and national security agencies lose. We believe that continuing down this path will be ultimately more harmful to our national security and law enforcement efforts as American companies will no longer be the world leaders in creating and developing encryption products. In fact, as long ago as 1996, the NRC Committee concluded that as demand for products with encryption capabilities grows worldwide, foreign competition could emerge at levels significant enough to damage the present U.S. world leadership in information technology products. The Committee felt it was important to ensure the continued economic growth and leadership of key U.S. industries and businesses in an increasingly global economy, including American computer, software and communications companies. Correspondingly, the Committee called for immediate and easy exportability of products meeting general commercial requirements--which is currently 128-bit level encryption! We recognize this is a difficult balance to strike, but we strongly believe that our long term national security objectives can only be achieved if the United States realistically acknowledges the inevitability of a world of ubiquitous, strong encryption. Trying to control the proliferation of encryption is like trying to control the proliferation of mathematics. For that is what we are talking about here. Encryption algorithms are nothing but sophisticated mathematics. And while the United States may realistically hope to remain the leader in such a field, it cannot realistically expect to monopolize it. We are joined in this view by the Center for Strategic and International Studies (``CSIS''). CSIS recently conducted a study of our nation's technical vulnerabilities; the study was chaired by William Webster, the former director of the FBI and Central Intelligence and former U.S. Circuit Judge. The subsequent report, entitled Cybercrime . . . Cyberterrorism . . . Cyberwarfare . . . Averting an Electronic Waterloo, calls for the ``intelligence gathering communities--law enforcement and foreign intelligence--to examine the implications of the emerging environment and alter their traditional sources and means to address the SIW (strategic information warfare) needs of the twenty-first century. Continued reliance on limited availability of strong encryption without the development of alternative sources and means will seriously harm law enforcement and national security.'' THE AVAILABILITY OF ENCRYPTION CANNOT BE REASONABLY CONTROLLED. Cryptography is a specialized branch of mathematics. Cryptographic technology can be reduced to mathematical formulas and protocols. Information about cryptography is available from many sources and in many forms. Implementation of cryptography is no more difficult than the implementation of any complicated mathematical technology such as digital video or digital signal processing. Ease of implementation Creation of good cryptographic algorithms that will withstand the test of time is amazingly difficult. Recent history is littered with failed attempts. Even so, many algorithms have survived and have become part of common usage. Inventing good cryptography is the mathematical equivalent of ``rocket science.'' Implementing those algorithms is comparably ``child's play.'' Information security is such an important part of information technology that it is rare for a graduate level computer science student to graduate without having implemented a cryptographic algorithm or protocol. Many of these students become competent systems- level programmers who could easily fashion a production-quality cryptographic application. Many of these students are non-U.S. residents. Open research Cryptography and cryptanalysis are legitimate academic research topics. There is a growing, worldwide academic community specializing in the subject. Last year alone there were over 30 international conferences focusing on cryptography or related topics and over 100 books and journals. Many of these books include detailed specifications and source code of cryptography algorithms and protocols.\7\ As an example, Bruce Schneier's popular cryptography text, Applied Cryptography, has sold over 100,000 copies world wide.\8\ Intangible software The intangible nature of cryptographic software defies any physical controls. In an instant, software, cryptographic or otherwise, can be shipped virtually anywhere in the world. As an example, within hours of the U.S. release of PGP 5.0, it was available from sites in Western Europe.\9\ Cryptography exists in many uncontrollable forms, such as general knowledge, academic research, and network deliverable software. Availability of strong encryption products abroad Having export controls assumes that they are at least marginally effective. Cryptography is basically mathematics. The knowledge is inherently uncontrollable. This has led to the worldwide availability of strong encryption products and technologies. One of the ironies of the U.S. cryptographic export regime is that it has fostered a growth in non-U.S. cryptographic technology providers who can sell strong cryptography worldwide without the constraints imposed by the U.S. government, while U.S. companies can not make the same claim. The belief that U.S. export regulations enable foreign cryptography businesses is held by the European Commission. The EC stated at the Copenhagen Hearing: The current U.S. export regulations can provide a chance for European companies to enter the market for cryptographic products. Nevertheless this would require a concentrated effort of European industry and governments to prepare the basis for this market.\10\ Some European companies and governments have turned this belief into practice. The following is quoted from a Siemens Nixdorf ad regarding a software product of theirs called TrustedWeb: By simply downloading the TrustedWeb software from the Internet, you can create a highly secure Intranet infrastructure in a matter of days. The organization itself can decide on the level of security and adapt it in stages in line with needs--Ranging from simple password protection to authentication using cryptographic procedures (Public Key/Private Key) with full 128-bit key length. TrustedWeb is an independent European product and hence is not subject to the export restriction imposed by the US government in relation to encryption software.\11\ Siemens Nixdorf runs similar ads covering their hardware products. Security products are available worldwide, in spite of, or perhaps because of, strong U.S. export controls. Wide deployment of strong encryption is inevitable There are huge commercial incentives for the spread of cryptography. There is a legitimate need for the technology and a sharp increase in the amount of money being spent on security technology.\12\ This has created a viable market for the technology, and there are many suppliers worldwide willing and able to meet the market demand. The recognition of the importance of security to data communications has lead to the inclusion of security protocols within international standards. Examples of such standards include the Secure Sockets Layer (SSL) and the Internet Packet Security (IPSEC) protocols. In most cases, the implementation of security components in international standards is optional. However, there is a strong trend to make many of these features mandatory. Thus, compliance with international communications standards will promote the diffusion of security technologies. GOVERNMENT PROMOTED OR REQUIRED PLAINTEXT ACCESS WILL NOT WORK As the spread of strong cryptography threatens traditional intelligence methods, the government has used export control relief as an incentive for companies to build plaintext access capability into every product. There have also been attempts in Congress to mandate plaintext access capability in such products. The overall approach has revolved largely, though not exclusively, around key recovery requirements. This section primarily addresses specific concerns about key recovery issues, but it is applicable to all plaintext access solutions that may be promoted or mandated by the U.S. Government (hereinafter referred to as ``required plaintext access''). The basic point is that non-market driven requirements to build any plaintext access mechanism into products will not work. Key recovery, as a concept, now applies not only to the initial purpose of assuring law enforcement access to encrypted materials, but also to possible end-user or organizational requirements for a mechanism to protect against lost, corrupted, or unavailable keys. It can also mean that some process, such as authority to decrypt a header containing a session key, is escrowed with a trusted party, or it can mean that a corporation or individual is ready to cooperate with law enforcement to access encrypted materials. It may also mean that some technical mechanism must be put in place to bypass the use of the key entirely (strict ``plaintext access''). While required plaintext access offers, at first glance, the promises of solving the technical problems of plaintext access, it is not technically possible for it to do so in most circumstances. It is unlikely to actually meet plaintext access requirements, and its deployment as a national strategy is fraught with technical challenges and dangers. Required plaintext access systems will not satisfy government access requirements Required plaintext access does not meet either law enforcement or national security requirements, but for slightly different reasons. Law enforcement can not verify compliance with key recovery requirements, and national security interests are unlikely to have access to stored keys. Compliance can not be verified by law enforcement Required plaintext access has a serious technical flaw in the area of a priori verification of compliance. Encryption, if applied, is likely to be applied at several different levels of the communications infrastructure. An example is having link-level encryption applied by IPSEC, having session-level encryption applied by SSL, and having application-level encryption applied by S/MIME. Assuming one could construct a protocol to allow for the monitoring of IPSEC key recovery compliance, there is no physical way to verify that the other two levels have complied with the required plaintext access requirements unless one actually decrypts the IPSEC-data packet. If it requires probable cause to get a court order to obtain the IPSEC recovered key or mechanism, it would only be after law enforcement has probable cause of criminal activity that they would be able to verify whether or not the upper-level protocols have complied with the required plaintext access requirements. Required plaintext access does not address national security requirements While law enforcement may serve a warrant on a key recovery agent or other access mechanism provider to obtain encryption keys or the plaintext, national security interests are likely to have that opportunity. Required plaintext access does not provide any benefit to lawful access unless one is able to actually recover the plaintext. Targets of national security interests are unlikely to design a plaintext access infrastructure which would allow the U.S. government to have surreptitious access to stored keys or stored plaintext. This view has been born out by National Security Agency testimony before Congress.\13\ Required plaintext access systems are of limited commercial value Product announcements of key recovery companies to the contrary, there is not a compelling market for commercial key recovery systems and no market for other plaintext access systems. There is no general reason to recover communications keys, and the use of key recovery for stored data ignores the fundamental properties of information. A market for key recovery technology will emerge only when it is artificially created by government regulations. Prior to the current law enforcement push for key recovery, there were no widespread deployments of key recovery mechanisms even though the basic technology had been in existence for some time. Not required for data communications While key recovery may, debatably, be important in certain stored data systems, in communications cryptography there is little or no user demand for this feature. In particular, there is hardly ever a reason for an encryption user to want to recover the key used to protect a communication session such as a telephone call, FAX transmission, or Internet link. If such a key is lost, corrupted, or otherwise becomes unavailable, the problem can be detected immediately and a new key negotiated.\14\ There is also no reason to trust another party with such a key. Ignores the nature of stored data Many of the proposed needs for key recovery of stored data operate under a false assumption about how data is actually stored and utilized. The frequent example is the assertion that a company will need to recover the encrypted files of an employee who has been hit by a bus. There are three problems with this assertion. First, with the exception of personal notes, information is not solely possessed by an individual. Information is shared among a team of employees or partners in order to be of any benefit. Second, most mission-critical data is held by corporate data management systems (e.g., data bases) that have their own access control and protection mechanisms, which are administered by the corporation. Third, most personal data has a time value and rapidly becomes obsolete. Given the observations above, we conclude that there is no business or consumer need for key recovery. Indeed, taking into account the observations and risks, Intel does not plan to implement a key recovery scheme. Key recovery introduces additional vulnerabilities Centralizing all of a user's secrets or access controls in a system with increased technological and procedural operational complexities can only increase the security vulnerabilities of the operation. Centralized attack point Regardless of the implementation, if key recovery systems must provide timely law enforcement access to a whole key or to plaintext, they present a new and fast path to the recovery of data that never existed before. The key recovery access path is completely out of the control of the user. In fact, this path to lawful access is specifically designed to be concealed from the encryption user, removing one of the fundamental safeguards against the mistaken or fraudulent release of keys. In contrast, non-recoverable systems can usually be designed securely without any alternative paths. Alternative paths to access are neither required for ordinary operation nor desirable in many applications for many users.\15\ Complexity of implementation Key recovery systems must be, in terms of functionally, a secure, distributed, open key management system. They have many of the properties of both large scale distributed databases and of command and control systems. Both types of systems have significant inherent complexity. As we have no practical experience, key recovery mechanisms represent a system of unknown and potentially daunting complexity.\16\ Commercial organizations would have to add the cost and risk of key recovery systems to their bottom line. Even government agencies participating in key recovery pilot programs have found the cost of centralized key recovery unacceptable.\17\ Key recovery mechanisms do not work in the horizontal information industry The information technology industry is characterized by an open, international, horizontal architecture. Microprocessors are sold to OEMs who build motherboards, who then contract to have BIOSs and operating systems installed. The final product is then sold to an end user who adds whatever applications they wish. New capabilities or requirements must have an active acceptance within each of the layers in order to be widely deployed. Key recovery discussion has focused only on the upper, application layer. Low-level layers have no visibility into higher-level layers The nature of the information technology industry is that it is made-up of distinct horizontal architectural layers, from the microprocessor up through application programs. The components in each of these layers are supplied by different companies, having different economic models and different diffusion channels. For valid security reasons, cryptography is migrating further ``down'' the layers toward the basic hardware. Key recovery, on the other hand, is a user-initiated protocol problem and can not be pushed down to the hardware. In short, cryptography implemented on hardware can not determine how it will ultimately be used. Key recovery is under the end user's control and is performed by communications protocols or applications programs. The original microprocessor could have no knowledge of how its cryptography would be used any more than it could know how its multiplication instructions will be used. Key recovery regulation is envisioned from the perspective of the end user. The end user ``sees'' a vertical single product, but the reality is that the PC is actually a collection of products from many different companies. Horizontal interfaces are international standards Within the horizontal architecture of the computer industry, the interfaces between horizontal layers are defined by established international industry standards. None of these interface standards currently support key recovery of keys stored in mass market hardware. To change these standards would be a slow and difficult process. Key recovery does not work in an international setting The information technology industry is based on international standards. No U.S.-only solution is commercially feasible. Most U.S. information technology companies derive a large share of their revenue from non-U.S. sources. To restrict their products to only U.S. markets would be devastating. Not all countries will adopt key recovery Very few countries have embraced key recovery to the extent that the U.S. government has done. In particular, countries with strong privacy laws have generally regarded key recovery schemes as being in violation of those laws. As an example, Lotus Notes, which includes a key recovery feature, specifically lost a major sale to the Government of Sweden when the Swedish press discovered the key recovery feature.\18\ The European Commission has not endorsed key recovery as a solution to lawful access problems. It is therefore unlikely that a European- wide agreement can be reached. Indeed, the European Committee on Banking Standards (ECBS)--a powerful consortium of financial institutions--has filed a submission with the European Commission arguing against key recovery.\19\ Requires modification to existing standards Data communications and architectural standards are internationally-negotiated standards. None of these standards include data recovery provisions. Products must be built to conform to these standards to become mass market products. Many of these standards are not controlled by any government, rather they are controlled by commercial or user communities (such as the IETF). Negotiating provisions for key recovery into these standards will require international--agreement on the form and procedures of key recovery technology. Given the current international climate, it is unlikely that such negotiations would succeed.\14\ Interoperability will require a non-recovery mode If there is even one major country which prohibits key recovery, then all developed systems will have to have a ``non-key recovery'' mode to facilitate interoperability. There is little that one could do to ensure that the ``non-key recovery'' mode was not used in normal communications. Mutual access to keys opens U.S. companies to industrial espionage There is no way to guarantee that other countries will have the same level of constitutional safeguards on access to their key recovery agents as guaranteed in the U.S. U.S. corporations would be at high risk of international economic espionage if forced to deposit encryption keys with foreign key recovery agents. According to the FBI, U.S. corporations are already targets of major industrial espionage efforts. The FBI says foreign spies have stepped up their attacks on American companies, and a new national survey estimates that intellectual property losses from foreign and domestic espionage may have exceeded $300 billion in 1997 alone.\20\ Governments of at least 23 countries, ranging from Germany to China, are targeting American companies, according to the FBI. More than 1,100 documented incidents of economic espionage and an additional 550 suspected incidents that could not be fully documented were reported last year by companies in a survey conducted by the American Society for Industrial Security.\21\ THE GOVERNMENT NEEDS TO FIND TECHNOLOGICAL ALTERNATIVES TO MEET ITS REQUIREMENTS FOR ACCESS TO INFORMATION Given the global availability of strong, non-recoverable encryption and the fast pace of technological advancement, it is clear that current U.S. policy is not working. An alternative means to gather lawful intelligence is needed by both national security and law enforcement interests. Clearly, Congress should adequately fund the technical efforts of our law enforcement and national security agencies so they can meet these challenges. And industry would support additional funding. For example, ACP, for example, has advocated that the U.S. Government should work cooperatively with our nation's hardware and software manufacturers to develop the technical tools and know-how to achieve a policy that effectively responds to society's needs for law enforcement, national security, critical infrastructure protection, privacy preservation, and economic well-being. NET center proposal Last year, ACP proposed the creation of a National Center for Secure Network Communications (``NET Center''). The NET Center (now called ``Tech Center'') concept is 15 aimed at helping law enforcement officials to understand how to deal with encryption and other technical advances when encountered in a criminal setting. The Tech Center should be a public-private entity operating within a national laboratory for information technology to perform research and act as a forum for further discussions on technology trends and vulnerabilities. Clearly a Tech Center must operate within a legal framework that provides reasonable safeguards. Attorney General Janet Reno announced plans for the Federal Bureau of Investigation to set up a new $64 million center to protect the nation's critical infrastructures, particularly computer networks, from both physical and cyber attack. Industry cooperation The national security is best secured by the American companies actively competing for and supplying the fundamental technologies of the national infrastructure. Only those companies directly involved in the research and development of information technology components can assess the security and vulnerabilities of the infrastructures created from those components. Technical innovation is predominantly centered in the private sector. Only a government/industry cooperation can effectively address the challenge of continued technological change. CONCLUSION: THE PROTECT ACT SHOULD BE PASSED WITH FURTHER IMPROVEMENTS The mass market model Mass-market hardware manufacturers and software publishers sell products through multiple distribution channels such as OEMs (i.e., hardware manufacturers that pre-load software onto computers), value- added resellers, retail stores and the emerging channel of on-line distribution. Thus, mass market products are available to the general public from a variety of sources. The mass-market distribution model presupposes that hardware manufacturers and software publishers will take full advantage of these multiple channels to ship identical or substantially similar products worldwide (allowing only for differences resulting from localization) irrespective of specific customer location or characteristics. As mass market products are uncontrollable, Intel believes U.S. companies should be able to export the current market standard of 128-bit encryption. Unfortunately, the Administration only permits easy exports of 56-bit encryption even if foreign products exist in the marketplace'. And the Administration continues to impose onerous controls on 56-bit toolkits and hardware encryption components, notably semiconductors. The PROTECT Act grants export control relief to products at all horizontal levels Intel believes that all distinct horizontal architectural layers, from the microprocessor up through application programs should be treated identically under any encryption export policy. However, contrary to the Administration's original announcement regarding export relief which included export relief for hardware, the new regulations still do not permit 56-bit encryption chips, integrated circuits, toolkits and executable or linkable modules to be easily exported except to subsidiaries of U.S. companies or otherwise relax export controls on stronger mass market hardware. We are pleased that the PROTECT Act remedies this problem and treats mass market hardware in the same manner as mass market software. The PROTECT Act eliminates reporting requirements for mass market products We are encouraged that the PROTECT Act recognizes the difficulties in complying with reporting requirements for mass market encryption products and eliminates such reporting requirements. It is virtually impossible for mass-market exporters to report the name and address of each end-user. Millions of these products are sold through multi-level distribution channels (e.g, VAR's and chain stores). Moreover, as registration of mass market products is customarily voluntary. This is a vast improvement over the Administration's proposed regulations which effectively require companies to develop a system to obtain the names and addresses for each health and medical end-user of stronger encryption products and all foreign online merchants. The PROTECT Act's export relief for mass market products and for products which face competition from comparable foreign products is too complicated and creates an unwieldy bureaucracy We are pleased that the PROTECT Act does recognize that mass market and publicly available encryption products, and encryption products for which comparable foreign products are available, should be treated differently under the U.S. export regime. The bill acknowledges the futility of trying to control a product that can be bought off of the Internet or easily purchased from commercial vendors such as CompUSA or from Circuit City by any individual in America regardless of nationality, or a comparable product can be easily purchased from similar stores in a foreign country. ``Bad guys'' certainly will have no problems obtaining the encryption products, and no concerns about ``exporting'' the products via telephone lines or the Internet or smuggled out on personally pressed CDs. The only impact of the export controls will be to stop American companies from selling American products to legitimate users. Unfortunately, the PROTECT Act establishes a complicated private/ public board structure for deciding after-the-fact whether or not a product is a mass market product or whether comparable foreign products are available. The Secretary of Commerce has thirty days to approve or disapprove the Board determination, subject to judicial review, and the President may override any determination. There is no guarantee of any consistency in the Board's decisions. Thus, while the Board procedure is an improvement, and the opportunity for judicial review provides a mechanism to ensure that exports are not denied in an arbitrary and capricious manner, it is not a predictable, clear process giving American companies certainty as to whether they can export their products. Such predictability is necessary so that American companies can have confidence designing and building security features into their products. The PROTECT Act should, but does not, afford complete and immediate export relief for mass market encryption without any complicated oversight. The Act also does not recognize that if a comparable foreign product is available, any delay in exports provides a significant advantage to the foreign product. The PROTECT Act supports development of AES, but delays full export control relief until 2002 The PROTECT Act also provides Congressional support for, and sets a 5-year limit on the selection of, the 128-bit Advanced Encryption Standard which is being developed under the auspices of the National Institute of Standards and Technology. The 2002 deadline will provide impetus for NIST to finish developing the standard in a timely manner while providing NIST with sufficient time to study the final standard's security features. This is an important process that will result in a new standard for government's sensitive, but unclassified, information and most likely will serve as the new worldwide standard for strong encryption similar to the Data Encryption Standard when it was introduced in the 1970's. Once the algorithm is selected, the PROTECT Act removes all export controls on encryption products using the 128- bit standard or its equivalent strength. Unfortunately, because the PROTECT Act limits easy exportability of mass market products until the AES is adopted, general distribution of these products will have to wait almost three years. Considering the current speed of technological change, where Internet products are now on three-month product cycle times, and the fact that 128-bit comparable foreign encryption is currently available, this is an eternity in Internet time. Law enforcement and national security interests have known for a long time that ubiquitous use of strong encryption by consumers worldwide is just around the corner. They cannot hope to continue to delay the world from using strong encryption according to their timeframe. A new approach The preceding has made the argument that: Encryption is essential to conducting all business in an Internet economy; Encryption is vital to securing America's critical infrastructures; The availability of encryption cannot be reasonably controlled; Government promoted or required plaintext access will not work; and The government needs to find technological alternatives to meet its requirements for access to information. If accepted, these arguments force one to the conclusion that a new approach to encryption policy is required. endnotes \1\ Wall Street Journal, Department of Commerce talks about Inflation, 16 April 1998. \2\ Forrester Research \3\ Dataquest \4\ Ibid., p. 8. \5\ Marsh, R., Chairman, Critical Foundations: Protecting America's Infrastructure, The President's Commission on Critical Infrastructure Protection, October 1997. \6\ See http://www.swisspost.ch/E/21.html \7\ Schneier, B., Applied Cryptography, John Wiley & Sons, Inc., New York, NY, 1996. \8\ Schneier, B., Private correspondence, June 1998. \9\ Hayward, D., Europeans Break Encryption Barriers, TechWire, 17 June 1997. \10\ Ministry of Research and Information Technology Denmark for the European Commission Directorate-General XIII Telecommunications, Information Market and Exploitation of Research, Report of Day 1 of the European Expert Hearing on Digital Signatures and Encryption (Copenhagen, April 23, 1998), Copenhagen, Denmark, 23-24 April 1998 \11\ Siemens Nixdorf, Press Release, http://www.trustedweb.com/ whats--new/pressrelease.html, Hanover, Germany. \12\ Burnahm, B., The Electronic Commerce Report, Piper Jaffray Research, p. 75, August 1997. \13\ Crowell, W., Deputy Director National Security Agency, Testimony before Senate Commerce Committee, 1997. \14\ Neumann, P., et.al., The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption, Final Report of The Cryptographers' Working Group, 27 May 1997. \15\ Ibid. \16\ Ibid. \17\ Wayner, P., Administration Gets Sour Taste From Own Encryption Medicine, New York Times, 1 July 1997. \18\ Laurin, F., and Froste, C., Secret Swedish E-Mail Can Be Read by the U.S.A., Svenska Dagbladet, 18 Nov 1997. \19\ Computing, Banks Slam Snoops, 26 March 1998. \20\ Nelson, J., FBI: Commercial Spying Rises, Los Angeles Times, 12 January 1998. \21\ Ibid. Senator Frist. Thank you very much. Mr. Bidzos. STATEMENT OF D. JAMES BIDZOS, VICE CHAIR, SECURITY DYNAMICS TECHNOLOGIES, INC. Mr. Bidzos. Thank you, Mr. Chairman. Let me also thank you and the committee for the opportunity to be here and testify this morning. At the outset, I want to say that the PROTECT Act definitely moves us in the right direction and is a real improvement over the current administration policy, but, as I will explain in a few moments, the bill could be further improved in several important respects. I am pleased to be here this morning and testify on behalf of Americans for Computer Privacy. ACP is a coalition of over 4,000 individuals, 40 trade associations, and over 100 companies representing financial services, manufacturing, high tech, transportation industries, as well as law enforcement, civil liberty, taxpayer, and privacy groups. Currently I am vice chairman of Security Dynamics Technologies, but during the last 13 years I served as president and chief executive officer of RSA Data Security. RSA Data Security is the leading American company producing encryption products. It was founded in 1982 and our encryption technology is embedded in virtually every mainstream product, from things such as Microsoft Windows to Netscape's Navigator, also Microsoft's browser Internet Explorer, Intuit's Quicken, and Lotus Notes. It is very widespread. Most of it is 128 bits. I am also the founder and chairman of a company called Verisign, which is the leader in Internet authentication and certification, and I am a director of several other security companies, including two in Japan and two in Europe. I think this has given me unique insight into the global encryption issue. I have been deeply involved in the debate over encryption policy during this time and hope my experience can benefit the committee. I testified for the first time about 10 years ago before the House Committee on Science, Space, and Technology, and made many of the arguments that we are hearing here today. I used to joke that encryption, the type of encryption that my company developed, was a solution in search of a problem. I do not say that any more because the problem is obvious and we have discovered it. Quite simply, it is e-commerce. E-commerce, however, is not going to reach its full potential unless it becomes secure. That would be a tremendous disappointment since electronic commerce between businesses alone is expected to reach over $300 billion per year by the year 2002. At least 60 percent of all Americans will be using the Internet and the number of worldwide online users is expected to reach 250 million by the year 2002. Without relaxation of export controls, U.S. manufacturers remain at a competitive disadvantage and foreign consumers will purchase encryption products from foreign suppliers. Just in reaction to a comment made on the other panel, I would welcome the opportunity after my statement to go into more detail, but I think that the Administration underestimates the determination and the capabilities of the companies that we compete with overseas. Foreign products are comparable in capabilities and quality, and do not let anyone tell you otherwise. When a foreign purchaser cannot obtain an American product, they simply purchase it from a foreign supplier. The Siemens example we heard about is a good one. There are numerous others. Indeed, foreign companies are even testifying against relaxation of U.S. export controls. Unfortunately, not only are American companies losing the sale of an encryption item, but they are also using a sale of the program or hardware, such as an Internet server or an application browser, that incorporates the encryption capability. In fact, companies risk losing sales of entire systems because of their inability to provide necessary security features. Over the last 13 years I have seen security move from literally out of nowhere to being No. 1, No. 2, or No. 3 on everybody's list of absolutely critical essential features in products and systems that they intend to purchase. Companies that cannot offer that essential feature are cut out of the entire business opportunity. Thus, the only impact of the Administration's export policy is widespread deployment of foreign-designed and manufactured software and hardware. But I think it is also essential to understand that full deployment of strong encryption is vital to America's national interest. ACP and its members are responsible citizens. We have no wish to facilitate the commission of crime or hurt national security. It is precisely because we hold these views that we believe it is in America's best interest to prevent crime and promote national security through widespread reliance on strong American encryption products both here and abroad. We also believe that our law enforcement and intelligence agencies must be given the additional resources and technical help they need to meet the challenge of the next century. But those challenges are far greater if these agencies are forced to face a world in which the majority of information and communications systems--communications pass over systems and networks that are foreign-designed, foreign-built, foreign- installed, and incorporate foreign encryption. That may well apply to systems here in the United States as well, based on the way things are going now. The PROTECT Act is an improvement over current administration policy. It affirms that Americans may use and sell any type of encryption domestically and ensures that the U.S. Government may not use its full powers and capabilities to compel Americans to use or sell a certain type of encryption. The PROTECT Act also provides a broader range of export relief for American encryption products and it provides a certain timeframe for export reviews. Also, the Act provides congressional support for and sets a 5-year limit on the selection of the 128-bit Advanced Encryption Standard. But even a good thing can be made better. The PROTECT Act should be further improved to reflect market and technological realities. The PROTECT Act does not permit individual foreign consumers to obtain strong non-recoverable encryption, making it impossible for them to securely purchase products from American companies. Also, the Act does not provide immediate export relief for encryption sales to small businesses, one of the fastest growing worldwide business sectors. Unfortunately, the PROTECT Act limits easy exportability of mass market products with strong 128-bit encryption until NIST adopts the Advanced Encryption Standard. Exportability in the mean time is dependent on an unwieldy complex bureaucracy that will determine whether American products are generally available or compete with comparable foreign products. We believe the evidence is already overwhelming regarding these facts. I would be happy to answer any questions about the significance of this 3-year delay in terms of how our competitors will exploit it and how that translates into Internet years and what it means for future opportunities. In conclusion, Mr. Chairman, ACP strongly urges the committee to move forward with the PROTECT Act and to adopt amendments to permit the immediate exportability of strong encryption to a broader range of businesses and individuals abroad. Thank you. [The prepared statement of Mr. Bidzos follows:] Prepared Statement of D. James Bidzos, Vice Chair, Security Dynamics Technologies, Inc. Congress must immediately relax export controls on software and hardware with encryption capabilities. Widespread deployment of American products with encryption capabilities will help to accelerate dramatically the growth of electronic commerce by protecting consumers' privacy and preventing electronic crime. Without relaxation of export controls, U.S. manufacturers remain at a competitive disadvantage, and foreign consumers will purchase encryption products from foreign suppliers. Foreign products are comparable in capabilities and quality. When a foreign purchaser cannot obtain an American product they simply purchase it from a foreign supplier. Unfortunately, not only are American companies losing a sale of an encryption item, but they are also losing the sale of the program or hardware such as an Internet server or an application browser that uses the encryption capability. In fact, companies risk losing sales of entire systems because of their inability to provide necessary security features. The only impact of the Administration's export policy is widespread deployment of foreign designed and manufactured software and hardware. The Administration took the first step towards developing a sensible long-term encryption policy by permitting exports of select products to select users, but they still have not gone far enough. The PROTECT Act is an improvement over current Administration policy. It affirms that Americans may use and sell any type of encryption domestically, and ensures that the U.S. Government may not use its full powers and capabilities to compel Americans to use or sell a certain type of encryption. The PROTECT Act also provides a broader range of export relief for American encryption products and provides a certain timeframe for the export review process. Also, the Act provides Congressional support for, and sets a 5-year limit on the selection of, the 128-bit Advanced Encryption Standard. The PROTECT Act should be further improved to reflect market and technological realities. The PROTECT Act does not permit individual foreign consumers to obtain strong, non-recoverable encryption, making it impossible for them to securely purchase products from American companies. Also, the Act does not provide immediate export relief for encryption sales to small businesses--one of the fastest growing worldwide business sectors. Unfortunately, the PROTECT Act limits easy exportability of mass market products with strong 128-bit encryption until NIST adopts the Advanced Encryption Standard. This means individual consumers and small businesses will have to wait three years to obtain strong American encryption, and foreign companies will have had three more years to market their products. Exportability in the meantime is dependent on an unwieldy complex bureaucracy that will determine whether American products are generally available or compete with comparable foreign products. We believe the evidence already is overwhelming regarding these facts. INTRODUCTION Good Morning. My name is Jim Bidzos, and I am Vice Chair of Security Dynamics Technologies, Inc., a Massachusetts-based security firm that is also the parent company of RSA Data Security, located in San Mateo, California. For over 13 years, until earlier this year, I was the President and CEO of RSA Data Security, the world's leading encryption company. RSA's technology is embedded in both Netscape and Microsoft browsers, and in over 500 other products, all used by hundreds of millions of people around the world to secure internet transactions and digital data of many types. Over many years, I have personally negotiated hundreds of licenses to RSA encryption technology, including licenses with companies such as IBM, Microsoft, ATT, Netscape, Oracle, and Motorola. These negotiations almost always involve discussions about encryption needs, end-user requirements, and export policy. I have thus gained unique insights into the needs and concerns of both industry and users with respect to encryption. I am also founder and chairman of Verisign, Inc., the leader in Internet authentication. Verisign is the world's largest Internet security products and services company as measured by both customers and market capitalization. I am a member of the board of directors of several other security companies. One specializes in virtual private networks. Another is a manufacturer of security tokens. Another offers cryptographically secure digital time stamping services. I am also a director of a UK- based encryption hardware company, a Dublin-based secure electronic payments company, and two Japanese security companies. I have been deeply involved in the debate over encryption, from many aspects, including US policy on the export of this technology. Over the last 13 years, I have testified many times before both the House and Senate on encryption policy, and I have participated in numerous US and international standards activities. I believe that my long and unique history in the encryption area allows me to offer testimony today that may help the committee better understand industry's concerns over US encryption policy. On behalf of Americans for Computer Privacy (``ACP''), thank you for the opportunity to testify on S.798, the PROTECT Act, sponsored by Chairman McCain and cosponsored by four other committee members Senators Bums, Wyden, Abraham, and Kerry. ACP is a coalition of over 3,500 individuals, 40 trade associations and over 100 companies representing financial services, manufacturing, high-tech, and transportation industries as well as law enforcement, civil-liberty, taxpayer and privacy groups. ACP supports policies that allow American citizens to continue using strong encryption without government intrusion, and advocates the lifting of export restrictions of U.S. made encryption products. But we really are here today to speak on behalf of the tens of millions of users of American software and hardware products. The American software and hardware industries have succeeded because we have listened and responded to the needs of computer users worldwide. We develop and sell products that users want and for which they are willing to pay. One of the most important features computer users are demanding is the ability to protect their electronic information and to interact securely worldwide. American companies have innovative products which can meet this demand and compete internationally. But there is one thing in our way--the continued application of overbroad, unilateral, export controls by the U.S. Government. At the outset, I want to say that the PROTECT Act definitely moves us in the right direction and is a significant improvement over the Administration's current policy--but it could be further improved in several important respects (along the lines of the SAFE Act). ACP recognizes a legitimate governmental need to obtain access to information and communications when authorized by proper legal authority. ACP and its members are responsible citizens. We have no wish to facilitate the commission of crime or the spread of terrorism. Similarly, we are committed to strengthening the nation's infrastructure and promoting national security, enhancing the privacy of American citizens and ensuring the security of electronic commerce. But we believe that the best way of meeting all these objectives is promote the widespread use of encryption! Ultimately, any truly successful, sensible encryption policy that has America's best interests at heart must be based on technological and market realities, and should not create winners and losers in the encryption marketplace on a sector-by-sector basis. It would recognize that: The worldwide encryption standard is 128-bit encryption; Mass market software and hardware is inherently uncontrollable; and It is in America's national and economic security interests to have American designed and manufactured encryption products deployed worldwide. We believe it is preferable for Congress to put encryption policy on a statutory basis rather than continuing to leave it up to inconsistent Administration regulations--sending a strong message around the world that encryption is important for protecting the privacy of citizens, for promoting e-commerce, preventing crime and protecting our critical infrastructures and national defense. THE AMERICAN COMPUTER SOFTWARE AND HARDWARE INDUSTRIES--AN AMERICAN SUCCESS STORY The computer software and hardware industries are American success stories, but they are being threatened. America's software and hardware industries are important contributors to U.S. economic security. Information technology industries now are directly responsible for over one-third of real growth of the U.S. economy, and both the computer and software industries are continuing to grow. From 1990 through 1996, the software industry grew at a rate of 12.5%, nearly 2.5 times faster than the overall U.S. economy. More than 7 million people work in IT industries. In 1996, the software industry provided a total of over 619,000 direct jobs and $7.2 billion in tax revenues for the U.S. economy. The software industry is expected to create an average of 45,700 new jobs each year through 2005. If piracy were to be eliminated in the United States, the number of new software jobs created would double to an average of 93,000 a year. Moreover, the computer software industry has achieved tremendous success in the international marketplace with global sales of packaged (i.e., non-custom) software reaching over $118.4 billion in 1996, and rising to $135.4 billion in 1997. American produced software accounts for 70% of the world market, with exports of U.S. programs constituting half of the industry's output. The incredible growth of the industry and its exporting success benefits America through the creation of jobs here in the United States. Many of these jobs are in highly skilled and highly paid areas such as research and development, manufacturing and production, sales, marketing, professional services, custom programming, technical support and administrative functions. In the U.S. software industry, workers enjoy more than twice the average level of wages across the entire economy--$57,319 versus $27,845 per person. All of these revenues and jobs are dependent upon American software and hardware producers remaining the market leaders around the world, especially as the major growth markets continue to be outside the United States. Strong export controls on products with encryption capabilities are crippling the ability of these companies to compete with foreign providers and are only ensuring that foreign products are securing worldwide critical infrastructures, not American products. SECURE NETWORKS AND CONFIDENTIAL INFORMATION IN THE INTERNET AGE ARE THE KEY TO PRIVACY AND COMMERCE American individuals and companies are rapidly becoming networked together through private local area networks (LANs), wide area networks (WANs) and public networks such as the Internet. Combined, these private and public networks are the economic engine driving electronic commerce, transactions and communications. This engine is sputtering and threatens to stall. Traffic on the Internet doubles every 100 days. Predictions of business-to-business Internet commerce for the year 2000 range from $66 billion to $171 billion, and by 2002, electronic commerce between businesses is expected to reach $300 billion. During 1997, one leading manufacturer of computer software and hardware sold $3 million per day online for a total of $ 1.1 billion for the year. More and more individual consumers also are going on line arid spending. Five years from today, we anticipate nearly 60 percent of all Americans to be using the Internet. More than 10 million people in North America alone have already purchased something over the Internet, and at least 40 million have obtained product and price information on the Internet only to make the final purchase off-line. Altogether last year, consumers spent nearly $8 billion online. Nearly 1.5 million Americans join the online population every month, and the number of worldwide online users is expected to reach 248 million by 2002. The incredible participation by American consumers in the Internet phenomenon clearly demonstrates that the need for strong encryption is no longer merely the purview of our national security agencies concerned about securing data and communications from interception by foreign governments. Today, every American even merely dabbling on the Internet requires access to strong encryption. Imagine the boost in volume of e-commerce if all of these consumers had enough confidence in the security of the Internet to purchase on-line. Yet in 1996 the Computer Security Institute/FBI Computer Crime Survey indicated that our worldwide corporations will be increasingly under siege: over half from within the corporation, and nearly half from outside of their internal networks. Network users must have confidence that their communications and data--whether personal letters, financial transactions or sensitive business information--are secure and private. Electronic commerce is transforming the marketplace--eliminating geographic boundaries and opening the world to buyers and sellers. Companies, governments and individuals now realize that they can no longer protect data and communications from others by relying on limiting physical access to computers and maintaining stand-alone centralized mainframes. Instead, users expect to be able to pick up their e-mail or modify a document from any computer anywhere in the world simply by using their Internet browsers. Thus, consumers worldwide are demanding to be able to protect their electronic information and interact securely worldwide, and access to products with strong encryption capabilities has become critical to providing them with confidence that they will have this ability. UNILATERAL U.S. EXPORT CONTROLS HARM AMERICAN INTERESTS Currently, there are no restrictions on the use of cryptography within the United States. However, the U.S. Government maintains strict unilateral export controls on computer products that offer strong encryption capabilities. American companies are forced to limit the strength of their encryption to the 56-bit key length level set late in 1998. The recently announced regulations will also permit companies to export stronger encryption on a sector-by-sector, user-by-user basis. However, this policy ignores the fact that: The minimum strength now required by new Internet applications is 128-bit encryption; American companies cannot export encryption products to a vast majority of non-U.S. commercial entities. Foreign manufacturers provide 128-bit encryption alternatives and add-ons--filling the market void created by U.S. export controls; Providing sector-by-sector relief is unworkable for mass market products and does not reflect commercial realities for sales of custom products; 56-bit encryption has been demonstrated to be vulnerable to commercial let alone governmental attack. (In the beginning of this year at the RSA Encryption Conference, a 56-bit DES encoded message was broken by private companies and individuals working together in 22 hours and 15 minutes--imagine what a hostile government with serious resources could do); and New developments in technology are introduced everyday that speed up decryption time. Adi Shamir, the Israeli computer scientist who is the ``S'' in RSA, recently announced ``Twinkle'', which is a proposed method for quickly unscrambling computer-generated codes that have until now been considered secure, at the International Association for Cryptographic Research's latest meeting in Prague. THE WASSENAAR ARRANGEMENT IS NOT A MULTILATERAL AGREEMENT TO CONTROL ENCRYPTION I want to take one minute to discuss the Wassenaar Arrangement at this point. Please do not be fooled by any claims from the Administration that the Wassenaar Arrangement is the multilateral agreement on encryption that they have been touting was just around the corner for the past several years. The Wassenaar Arrangement replaced the old COCOM regime with a non- binding agreement among 30 countries to report on their sensitive exports. The December 1998 Wassenaar Arrangement agreement actually decontrolled encryption products. Many countries, such as Israel and South Africa, who export strong encryption are not signatories to the Arrangement. The Wassenaar Arrangement eliminates controls of any sort on 56-bit encryption and permits exports of up to 64-bit encryption in mass-market software and hardware. It also removed any reporting requirements--the sole official means for actually monitoring what countries are doing. Although the Arrangement left open the possibility that countries might individually control 128-bit encryption, we are skeptical that they will do so. There is no penalty for failing to control 128-bit encryption, and most countries are actually moving towards encouraging the use of stronger encryption. Finally, a country could technically comply with the Arrangement, while still permitting easy exports of strong encryption. Ironically, the U.S. government is a good example of the lack of effect of the Wassenaar Arrangement. In its new encryption regulations, the Administration is still controlling encryption products with greater than 56, not 64, bit keys, and they have imposed reporting requirements on mass market products even if they are using 64-bit encryption. Recently, on June 2, 1999, the German government established a new encryption policy seeking to improve protection of German users of global information networks and clarifying that any encryption product may be developed, produced marketed and used without restrictions in Germany. The German government declared its intention to simplify their export review process and to strengthen the performance and ability of German manufacturers to compete internationally. The German government will monitor abuses of encryption for illegal purposes and attempt to further improve the technical capabilities of German law enforcement and security agencies to handle advances in encryption technology. Even France, traditionally the country which placed the greatest restrictions on its own citizens by limiting them to the easily broken 40-bit level of encryption, has recognized that technology has progressed. Near the end of 1998, France relaxed controls on the domestic use of encryption and is now permitting, and in fact encouraging, the use of 128-bit encryption by its citizens. WITHOUT EXPORT RELIEF, FOREIGN CONSUMERS WILL PURCHASE THEIR PRODUCTS FROM FOREIGN SUPPLIERS, KEEPING U.S. MANUFACTURERS AT A COMPETITIVE DISADVANTAGE Export controls also have made American companies less competitive and opened the door for foreign software and hardware developers to gain significant market share--decreasing our national and economic security. As a result of U.S. unilateral export controls, encryption expertise is being developed off-shore by foreign manufacturers who now provide hundreds of encryption alternatives and add-ons. The Administration's export controls are in no way preventing foreigners, let alone those with criminal intent, from obtaining access to encryption products. In fact, foreign software and hardware manufacturers have seized the opportunity to create sophisticated encryption products and to capture sales. As long ago as 1995, the General Accounting Office confirmed that sophisticated a encryption software is widely available to foreign users on foreign Internet sites. In 1996, a Department of Commerce study again confirmed the widespread availability of foreign manufactured encryption programs and products. Professor Hoffman today releases the results of his latest survey which shows the continuing growth in foreign encryption products in the face of U.S. export controls. If an encryption product is combined with other applications such as Internet browsers and application servers, U.S. companies generally will lose both sales. In fact, companies risk losing sales of entire systems because of inability to provide necessary security features. This permits foreign manufacturers to gain entry into companies as well as gain credibility--providing the foreign manufacturers with further opportunity to take away future sales in the same and other product lines. U.S. ENCRYPTION EXPORT CONTROLS HURT AMERICAN COMPANIES WITHOUT HELPING LAW ENFORCEMENT OR NATIONAL SECURITY U.S. export controls have had the effect of creating an encryption expertise outside the United States that is gathering momentum. Unfortunately, every time research and development of an encryption technique or product moves off-shore, U.S. law enforcement and national security agencies lose. We believe that continuing down this path will be ultimately more harmful to our national security and law enforcement efforts as American companies will no longer be the world leaders in creating and developing encryption products. In fact, as long ago as 1996, the NRC Committee concluded that as demand for products with encryption capabilities grows worldwide, foreign competition could emerge at levels significant enough to damage the present U.S. world leadership in information technology products. The Committee felt it was important to ensure the continued economic growth and leadership of key U.S. industries and businesses in an increasingly global economy, including American computer, software and communications companies. Correspondingly, the Committee called for an immediate and easy exportability of products meeting general commercial requirements--which is currently 128-bit level encryption! To summarize: Foreign competitors not subject to outdated U.S. export controls are ready to take sales and customers from U.S. companies today. Complex and cumbersome U.S. export controls make American companies less competitive. They significantly increase the costs of developing, marketing and selling products with encryption capabilities, delay the introduction of new products or features, and encourage foreign customers to purchase from foreign suppliers due to the uncertainty and delay in obtaining a comparable American product. Current export controls do not keep strong encryption out of the hands of foreign customers; they just keep U.S. products out of their hands. In the future, if export controls on encryption are not relaxed, both American and foreign infrastructures will be secured by foreign encryption products, creating a significant problem for American law enforcement and national security agencies. American companies do have exciting and innovative products that can meet the demand for 128-bit encryption and compete internationally. But unless the current unilateral U.S; export restrictions are changed to allow the use of strong encryption, American individuals and businesses will not be active participants in this new networked world of commerce--let alone continue to be the leaders in its development. Furthermore, American companies will no longer be providing the world, and its critical infrastructures, with the answers to their security problems. Instead foreign companies will. It is unclear how U.S. national security or law enforcement will be aided or how our critical infrastructures will be secure when foreign encryption products dominate the world market. THE BERNSTEIN CASE The absurdity of the existing export control regime is further highlighted by the recent decision of the 9th Circuit Court of Appeals in Bernstein v. DOJ. In that case, the court held that the existing restrictions on the export of source code, the language in which programmers communicate their ideas to one another, are an unconstitutional prior restraint on first amendment rights of free speech. So now we have a situation where it is permissible to export jobs (because one can export source code to teach foreign programmers), but not American products (because one cannot embody that source code in a product)! More generally, Judge Fletcher's opinion raises some very valid, more general questions and points out how important encryption is to the mainstream life of Americans rather than merely to obscure technologists. Judge Fletcher states: In this increasingly electronic age, we are all required in our everyday lives to rely on modern technology to communicate with one another. This reliance on electronic communication, however, has brought with it a dramatic diminution in our ability to communicate privately. Cellular phones are subject to monitoring, email is easily intercepted, and transactions over the internet are often less than secure. Something as commonplace as furnishing our credit card number, social security number, or bank account number puts each of us at risk. Moreover, when we employ electronic methods of communication, we often leave electronic ``fingerprints'' behind, fingerprints that can be traced back to us. Whether we are surveilled by our government, by criminals, or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty. Viewed from this perspective, the government's efforts to retard progress in cryptography may implicate the Fourth Amendment, as well as the right to speak anonymously, . . ., the right against compelled speech, . . ., and the right to informational privacy. While we leave for another day the resolution of these difficult issues, it is important to point out that Bernstein's is a suit not merely concerning a small group of scientists laboring in an esoteric field, but also touches on the public interest broadly defined. THE ADMINISTRATION TOOK A SMALL FIRST STEP TOWARDS DEVELOPING A SENSIBLE LONG-TERM ENCRYPTION POLICY, BUT THEY STILL HAVE NOT GONE FAR ENOUGH Progress was made last year in the new Administration policy announced by the Vice President in September and contained in the interim final regulations of December 31, 1998. ACP welcomed the Administration's efforts to relax export controls on select products used by select users. We especially appreciated the Administration's apparent abandonment of its key escrow policy that would have required all encryption exports (except for 40-bit and less encryption) to be capable of providing third parties with immediate access to the plaintext of stored data or communications without the knowledge of the user. Foreign companies and consumers simply would not purchase such products as a multitude of foreign products without key escrow are readily available. However, the Administration's actions are merely a first step. U.S. export controls still ignore the realities of mass-market software and hardware distribution. Mass-market software publishers and hardware manufacturers sell products through multiple distribution channels such as OEMs (ie., hardware manufacturers that pre-load software onto computers), value-added resellers, retail stores and the emerging channel of on-line distribution. Thus, mass market products are available to the general public from a variety of sources. (It also is why continued reporting requirements about end-uses and end-users make no sense.) The mass-market distribution model presupposes that software publishers and hardware manufacturers will take full advantage of these multiple channels to ship identical or substantially similar products worldwide (allowing only for differences resulting from localization) irrespective of specific customer location or characteristics. As mass market products are uncontrollable, ACP believes U.S. companies should be able to export the current market standard of 128-bit encryption. Unfortunately, the Administration has only proposed permitting easy exports of 56-bit encryption even if foreign products exist in the marketplace. ACP also believes that encryption hardware and software should be treated identically. However, contrary to the Administration's original announcement regarding export relief which included export relief for hardware, the new regulations still do not permit 56-bit encryption chips, integrated circuits, toolkits and executable or linkable modules to be easily exported except to subsidiaries of U.S. companies or otherwise relax export controls on stronger mass market hardware. In addition, ACP believes that the new regulations are so complex and contain unrealistic requirements that they undermine many of the benefits of the Administration's export relief for stronger encryption, especially for mass market hardware and software. U.S. companies are now required to meet a number of new, unilateral reporting requirements. For example, exporters now are required to report the name and address of end-users, a virtual impossibility for mass-market exporters because registration of end-users is customarily voluntary. A system to obtain the names and addresses of each of the millions of potential health care end-users, for example, would cost more than the profits yielded from many products. ACP also is disappointed that the Administration's regulations do not clearly provide online merchants with the level of export control relief originally envisioned as they do not permit ISPs to provide ``services'' as a permissible end-use. This could chill the use by ISPs located abroad of U.S.-origin encryption products for billing, payment, and delivery purposes, despite the widespread foreign availability of such products. THE PROTECT ACT IS AN IMPROVEMENT OVER CURRENT ADMINISTRATION POLICY The PROTECT Act Establishes The Correct Domestic Encryption Policy The PROTECT Act affirms that Americans may use and sell any type of encryption domestically. Even more importantly, the PROTECT Act ensures that the U.S. Government may not use its full powers and capabilities to compel, directly or indirectly, Americans to use or sell a certain type of encryption. This will prevent the U.S. Government from attempting to achieve domestic controls on encryption through regulations or ``incentives''. For example, the Act prohibits the U.S. Government from linking the ability to electronically sign a document to a requirement that the consumer use a particular encryption methodology for ensuring confidentiality. Thus, the U.S. Government cannot require Americans to use a certain type of encryption (such as key escrow) to engage in electronic commerce. Also, the PROTECT Act specifically restricts the government from requiring any American to use a particular encryption product or methodology to communicate with or transact business with the government. The U.S. Government may only specify technologies for its own internal uses. The PROTECT Act Provides Additional Export Relief For Encryption Products The PROTECT Act provides a broader range of export relief for American encryption products than the Administration. We are pleased that the PROTECT Act provides immediate export relief after a one-time review by the government for: All encryption products using key lengths of 64-bits or less rather than the less secure 56-bit key lengths proposed by the Administration; All recoverable encryption products regardless of key length, including telecommunications related products; and All encryption products using key lengths greater than 64- bits to certain legitimate and responsible commercial users, including publicly traded firms, firms subject to government regulation, U.S. companies' foreign subsidiaries, affiliates and strategic partners, on- line merchants who use encryption products to support electronic commerce, and foreign governments who are members of NATO, OECD and ASEAN. We are also pleased that the PROTECT Act recognizes the need for a quicker and more certain timeframe for the export review process. Businesses simply cannot live with the U.S. Government taking between 3 to 6 months to determine whether a product is exportable when many Internet products have 90 day product cycles and most businesses do not want to wait through one or two business quarters to update their computer systems. The PROTECT Act Begins To Recognize Mass Market Product Realities We also are encouraged that the PROTECT Act recognizes the difficulties in complying with reporting requirements for mass market encryption products and eliminates such reporting requirements. It is virtually impossible for mass-market exporters to report the name and address of each end-user. Millions of these products are sold through multi-level distribution channels (e.g., VAR's and chain stores). Moreover, as registration of mass market products is customarily voluntary. This is a vast improvement over the Administration's proposed regulations which effectively require companies to develop a system to obtain the names and addresses for each health and medical end-user of stronger encryption products and all foreign online merchants. The PROTECT Act also provides Congressional support for, and sets a 5-year limit on the selection of, the 128-bit Advanced Encryption Standard which is being developed under the auspices of the National Institute of Standards and Technology. The 2002 deadline will provide impetus for NIST to finish developing the standard in a timely manner while providing NIST with sufficient time to study the final standard's security features. This is an important process that will result in a new standard for government's sensitive, but unclassified, information and most likely will serve as the new worldwide standard for strong encryption simiiar to the Data Encryption Standard when it was introduced in the 1970's. Once the algorithm is selected, the PROTECT Act removes all export controls on encryption products using the 128- bit standard or its equivalent strength. THE PROTECT ACT SHOULD BE FURTHER IMPROVED TO REFLECT MARKET AND TECHNOLOGICAL REALITIES The PROTECT Act Does Not Provide Immediate Export Relief For Indi- vidual Consumers The PROTECT Act does not go far enough to protect the millions and millions of consumers that are now engaging in electronic commerce. Foreign consumers still will not be able to obtain an American Internet browser with strong, non-recoverable encryption, making it impossible for them to securely purchase products from American companies. Also, an everyday foreign consumer who wants to protect an on-line diary, copies of health care records or a business proposal, may not easily obtain strong encryption to do so from American sources if any portion of the encryption used by the product is non-recoverable. Under the bill, all these individuals must wait until 2002. The PROTECT Act Does Not Provide Immediate Export Relief For Small Businesses We believe the PROTECT Act provides greater export relief for larger corporate customers. However, until 2002, small and privately- owned businesses face significant difficulty in easily obtaining U.S. encryption under any of the License Exceptions established by the PROTECT Act. So, for example, if two doctors in private practice together in Brazil or a restaurant owner in France or a small shopping market in Germany wants to purchase non-recoverable encryption, these small businesses probably would purchase a comparable foreign product as an American company could not easily export it to them. Unfortunately, as companies install the security ``plumbing'' into their individual computers and company networks, it becomes increasingly difficult for American companies to replace the foreign software and hardware that already has been installed. Because the small business sector is, and most likely will continue to be, the fastest growing business sector, this puts American companies at a distinct disadvantage in selling encryption products at a later date. The PROTECT Act's Export Relief For Mass Market Products And For Products Which Face Competition From Comparable Foreign Products Is Too Complicated And Creates An Unwieldy Bureaucracy The PROTECT Act does recognize that mass market and publicly available encryption products, and encryption products for which comparable foreign products are available, should be treated differently under the U.S. export regime. The bill acknowledges the futility of trying to control a product that can be bought off of the Internet or easily purchased from commercial vendors such as CompUSA or from Circuit City by any individual in America regardless of nationality, or a comparable product can be easily purchased from similar stores in a foreign country. ``Bad guys'' certainly will have no problems obtaining the encryption products, and no concerns about ``exporting'' the products via telephone lines or the Internet or smuggled out on personally pressed CDs. The only impact of the export controls will be to stop American companies from selling American products to legitimate users. Unfortunately, the PROTECT Act establishes a complicated private/ public board structure for deciding after-the-fact whether or not a product is a mass market product or whether comparable foreign products are available. The Secretary of Commerce has thirty days to approve or disapprove the Board determination, subject to judicial review, and the President may override any determination. Unfortunately, there is no guarantee of any consistency in the Board's decisions. Thus, while the Board procedure is an improvement, and the opportunity for judicial review provides a mechanism to ensure that exports are not denied in an arbitrary and capricious manner, it is not a predictable, clear process giving American companies certainty as to whether they can export their products. Such predictability is necessary so that American companies can have confidence designing and building security features into their products. The PROTECT Act should, but does not, afford complete and immediate export relief for mass market encryption without any complicated oversight. The Act also does not recognize that if a comparable foreign product is available, any delay in exports provides a significant advantage to the foreign product. The PROTECT Act's Relief For 128-Bit AES Products Is Too Little, Too Late I want to make one final comment regarding the general exportability of mass market products. We support NIST's efforts to establish a new 128-bit Advanced Encryption Standard; however, under the bill, it will not be finalized until 2002. Because the PROTECT Act limits easy exportability of mass market products until the AES is adopted, general distribution of these products will have to wait almost three years. Considering the current speed of technological change, where Internet products are now on three-month product cycle times, and the fact that 128-bit comparable foreign encryption is currently available, this is an eternity in Internet time. Law enforcement and national security interests have known for a long time that ubiquitous use of strong encryption by consumers worldwide is just around the corner. They cannot hope to continue to delay the world from using strong encryption according to their timeframe. THE TIME FOR ACTION IS NOW To keep American vendors on a level international playing field and American computer users adequately protected, U.S. export controls must be immediately updated to reflect technological and international market realities. Thank you. Senator Frist. Thank you, Mr. Bidzos. Dr. Hoffman. STATEMENT OF LANCE J. HOFFMAN, PH.D., PROFESSOR, DEPARTMENT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE, AND DIRECTOR OF THE SCHOOL OF ENGINEERING AND APPLIED SCIENCE, CYBERSPACE POLICY INSTITUTE, THE GEORGE WASHINGTON UNIVERSITY Dr. Hoffman. Thank you, Mr. Chairman. I appreciate the opportunity to be here this morning. I will give an abridgment of my written statement which has been previously furnished to this committee. My name is Lance Hoffman. I am a professor in the Department of Electrical Engineering and Computer Science at The George Washington University here in Washington, DC. I am also director of the School of Engineering's Cyberspace Policy Institute and the author or editor of five books and numerous articles on computer security and privacy. My most recent book is a compendium of papers on the encryption policy problem entitled ``Building in Big Brother.'' Our Institute recently produced a report which we are releasing today, which I think you have been furnished, entitled ``Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations.'' This report is also available from the Institute and will be available later on this afternoon on our web site, where detailed tables and charts supporting the testimony I am giving are available. We did this work in cooperation with NAI Labs, the Security Research Division of Network Associates in Glenwood, MD. The project manager for NAI Labs, Dave Balenson, is with me today. We were assisted in this project by three students. In our work, we found that the development of cryptographic products outside the United States is not only continuing, but is expanding to additional countries. With the rapid growth of the Internet, communications-related cryptography especially has been experiencing high growth. We identified 805 hardware and/or software products which incorporate cryptography. These were manufactured in 35 countries outside the United States. Attachment 1 to the written testimony provides the details on the countries and products. These 805 foreign cryptographic products represent a 149- product increase, or 22 percent, over the most recent previous survey in December 1997. At least 167 of these use strong encryption, the kind that one cannot export from the United States without applying for and receiving export license approval. Cryptography product manufacturers have appeared in six new countries since December 1997: Estonia, Iceland, Isle of Man, Romania, South Korea, and Turkey. In established markets, there have been some large increases in the number of products offered. For example, the United Kingdom jumped by 20 products and Germany jumped by 28 products, going from 76 to 104. Mr. Chairman, in 70 countries outside the United States, foreign companies are manufacturing or distributing cryptographic products. We found 512 of these companies. On average, the quality of foreign and U.S. products is comparable and there are a number of very good foreign encryption products that are quite competitive in strength, standards compliance, and functionality. A significant number of foreign competitors to U.S. manufacturers are developing products with strong encryption and have as customers a number of large foreign or multinational corporations. Our report gives more detail on some of these companies and their offerings. We also found some examples of advertising used by non-U.S. companies that generally attempted to create the perception that purchasing American products may involve significant red tape and the encryption may not be strong due to export controls. Cited earlier this morning was material from Cybernetica's web site in Estonia, and that is also in the written testimony. Mr. Chairman, companies want to sell encryption products that meet certain accepted worldwide standards. To give you just two examples, in the case of IPsec, the Internet Protocol Security Standard, there are implementations from at least nine companies in five foreign countries. One of these is a joint effort of several Japanese companies, including Fujitsu, Hitachi, Toshiba, and NEC. Two years ago NIST solicited algorithms for the Advanced Encryption Standard to replace the Data Encryption Standard, DES, as the U.S. Government standard. The majority of the 15 candidate algorithms submitted came from foreign countries. So it is very possible that the next U.S. Government encryption standard will have been designed outside the United States. Finally, Mr. Chairman, our empirical product data could be combined with economic measures and economic theories to better explain why we are seeing this observed growth in the cryptography marketplace and to examine the effects of Internet growth, electronic commerce development, and regulatory actions on the market over time. With this knowledge, we would be able to more easily adjust our national laws for a global economy. Thank you. [The prepared statement of Dr. Hoffman follows:] Prepared Statement of Lance J. Hoffman, Ph.D. Professor, Department of Electrical Engineering and Computer Science, and Director of the School of Engineering and Applied Science, Cyberspace Policy Institute, The George Washington University My name is Lance J. Hoffman. I am a professor in the Department of Electrical Engineering and Computer Science at The George Washington University in Washington, D.C. I also am Director of the School of Engineering's Cyberspace Policy Institute and the author or editor of five books and numerous articles on computer security and privacy. My most recent book is a compendium of papers on the encryption policy problem entitled Building in Big Brother (Springer-Verlag, New York, 1995). Currently, I am the principal investigator for a project entitled ``Cryptography Products and Market Survey''. As part of that project, we have recently produced a report entitled ``Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations''. I am leaving you copies of that report, which is also available from the Institute or on our Web site at http://www.seas.gwu.edu/seas/ institutes/cpi/library/papers.html, where detailed tables and charts supporting this testimony are also available. We did this work in cooperation with NAI Labs, the Security Research Division of Network Associates, Inc., Glenwood, Md. The project manager for NAI Labs, Mr. David Balenson, is with me today. We were assisted in this project by three students. In the project, we surveyed encryption products developed outside the United States and found that the development of cryptographic products outside the United States is not only continuing but is expanding to additional countries; with rapid growth of the Internet, communications-related cryptography especially is experiencing high growth. As of June 8, 1999, we identified 805 hardware and/or software products incorporating cryptography manufactured in 35 countries outside the United States. As shown in Attachment 1, the greatest number of foreign cryptographic products are manufactured in the United Kingdom, followed by Germany, Canada, Australia, Switzerland, Sweden, the Netherlands, and Israel in that order. Other countries accounted for slightly more than a quarter of the world's total of encryption products. These 805 foreign cryptographic products represent a 149-product increase (22%) over the most recent previous survey in December 1997. At least 167 of them use strong encryption, the kind that one cannot export from the United States without applying for and receiving export license approval. The algorithms used in these are Triple DES, IDEA, BLOWFISH, CAST-128, or RC5. Cryptography product manufacturers have appeared in six new countries since December 1997: Estonia, Iceland, Isle of Man, Romania, South Korea, and Turkey. There has also been a large increase in the number of products produced by certain countries. The United Kingdom jumped by 20 products from 119 to 139, and Germany jumped from 76 products to 104. Also notable was Japan's increase, from 6 products to 18, and Mexico's, from a single product to six. There are now 512 foreign companies that either manufacture or distribute foreign cryptographic products in 70 countries outside the United States. Attachment 2 lists these countries. On average, the quality of foreign and U.S. products is comparable. We have encountered poor products both within and outside the U.S., and we have encountered good products both within and outside the U.S. There are a number of very good foreign encryption products that are quite competitive in strength, standards compliance, and functionality. A significant number of foreign competitors to U.S. manufacturers of software and hardware with encryption capabilities are developing products with strong encryption, and have as customers a number of large foreign or multinational corporations. The report gives thumbnail sketches of some of these companies and their offerings. We found some example of advertising used by non-U.S. companies that generally attempted to create the perception that purchasing American products may involve significant red tape and the encryption may not be strong due to export controls. As an example, we show in Attachment 3 material from Cybernetica's Web site in Estonia. We give several other examples of similar advertising in the report. Companies want to sell encryption products that meet certain accepted worldwide standards. Encryption experts from all over the world have contributed to two important international standards efforts, IPsec and the Advanced Encryption Standard. In the case of IPsec, there are currently implementations (complete or in the works) from at least nine companies in five foreign countries. One effort, the KAME Project, is a joint effort of several Japanese companies (Fujitsu, Hitachi, IIJ Research Laboratory, NEC, Toshiba, and Yokogawa). In 1997, the National Institute of Standards and Technology (NIST) solicited algorithms for the Advanced Encryption Standard (AES) to replace the Data Encryption Standard (DES) as a U.S. government encryption standard. Individuals and companies from eleven different foreign countries proposed 10 out of the 15 candidate algorithms submitted to NIST. So it is very possible that the next U.S. government encryption standard will have been designed outside the United States. Details on who submitted what algorithm are given in Attachment 4. Finally, our empirical product data could be combined with economic measures and economic theories to better explain why we are seeing the observed growth in the cryptography marketplace, and to examine the effects of Internet growth, e-commerce development, and regulatory actions on the international cryptographic market over time, thus getting better insights into the implications of various policy options. We should be able to combine previous work with studies already available on the information technology sector and the data in our study to better understand the changes we are seeing in the global marketplace, and thus be able to more easily adjust national laws for a global economy. [GRAPHIC] [TIFF OMITTED] T9984.001 [GRAPHIC] [TIFF OMITTED] T9984.002 [GRAPHIC] [TIFF OMITTED] T9984.003 [GRAPHIC] [TIFF OMITTED] T9984.004 Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations EXECUTIVE SUMMARY Development of cryptographic products outside the United States is not only continuing but is expanding to additional countries; with rapid growth of the Internet, communications-related cryptography especially is experiencing high growth, especially in electronic mail, virtual private network, and IPsec products. This report surveys encryption products developed outside the United States and provides some information on the effect of the United States export control regime on American and foreign manufacturers. We have identified 805 hardware and/or software products incorporating cryptography manufactured in 35 countries outside the United States. The most foreign cryptographic products are manufactured in the United Kingdom, followed by Germany, Canada, Australia, Switzerland, Sweden, the Netherlands, and Israel in that order. Other countries accounted for slightly more than a quarter of the world's total of encryption products. A full summary listing of the foreign cryptographic products can be found in an appendix to the report. The 805 foreign cryptographic products represent a 149-product increase (22%) over the most recent previous survey in December 1997. A majority of the new foreign cryptographic products are software rather than hardware. Also, a majority of these new products are communications-oriented rather than data storage oriented; they heavily tend towards secure electronic mail, IP security (IPsec), and Virtual Private Network applications. We identified at least 167 foreign cryptographic products that use strong encryption in the form of these algorithms: Triple DES, IDEA, BLOWFISH, RC5, or CAST-128. Despite the increasing use of these stronger alternatives to DES, there also continues to be a large number of foreign products offering the use of DES, though we expect to see a decrease in coming years. New cryptography product manufacturers have appeared in six new countries since December 1997, and there has been a large increase in the number of products produced by certain countries. The new countries are Estonia, Iceland, Isle of Man, Romania, South Korea, and Turkey. The United Kingdom jumped by 20 products from 119 to 139, and Germany jumped from 76 products to 104. Also notable was Japan's increase, from 6 products to 18, and Mexico's, from a single product to six at the present time. We identified a total of 512 foreign companies that either manufacture or distribute foreign cryptographic products in at least 67 countries outside the United States. A full summary listing of these is given in an appendix to the report. On average, the quality of foreign and U.S. products is comparable. There are a number of very good foreign encryption products that are quite competitive in strength, standards compliance, and functionality. We present sketches of some representative competitors to U.S. manufacturers of software and hardware with encryption capabilities; all are developing products with strong encryption and have as customers a number of large foreign or multinational corporations. The specific companies highlighted are Baltimore Technologies, Brokat, Check Point, Data Fellows, Entrust, Radguard, Seguridata Privada, Sophos, and Utimaco. We found some examples of advertising used by non-U.S. companies that generally attempted to create a perception that purchasing American products may involve significant red tape and the encryption may not be strong due to export controls. This almost always appeared on Web sites. We observed that companies vie to have encryption products that meet certain accepted worldwide standards. Encryption experts from all over the world have contributed to two important international standards efforts, IPsec and the Advanced Encryption Standard.. Finally, we suggested that our empirical product data could be combined with economic measures and economic theories to better explain why we are seeing the observed growth and to examine the effects of Internet growth, e-commerce development, and regulatory actions on the international cryptographic market over time, thus getting better insights into the implications of various policy options. 1. INTRODUCTION This project has three main goals: to provide a comprehensive survey of foreign encryption products available worldwide; to identify specific foreign competitors likely to present a significant economic threat to U.S. manufacturers of software and hardware with encryption capabilities; and to provide evidence, if found, of potential threats to U.S. leadership in information technology as a result of U.S. export regulations on encryption products. While this work was undertaken within a very short time frame, and with limited resources, it still provides much new evidence to support the conclusions in Section 7. This evidence can be augmented with additional information as time permits. We do not offer opinions or analysis of key escrow or recovery policies, do long-term technological forecasting, or offer detailed political/social analysis of export control policies. Our goal is to provide an accurate, up-to-date survey of encryption products developed outside the United States and to provide some information on the United States export control regime and its effect on American and foreign manufacturers. 2. PRIOR WORK One of our first tasks in this project was to examine prior relevant work. Several important documents were studied in this regard. 2.1 U.S. Department of Commerce/National Security Agency Study The U.S. Department of Commerce Bureau of Export Administration (BXA) and the National Security Agency (NSA) jointly issued a study [Commerce/NSA Study 1996] that assessed the then current and future market for software products containing encryption and the impact of export controls on the U.S. software industry. Quoting from the press release that accompanied the study, ``. . . The study found that the U.S. software industry still dominates world markets. In those markets not offering strong encryption, U.S. software encryption remains the dominant choice. However the existence of foreign products with labels indicating DES (Data Encryption Standard) or other strong algorithms, even if they are less secure than claimed, can nonetheless have a negative impact on U.S. competitiveness. The study also notes that the existence of strong U.S. export controls on encryption may have discouraged U.S. software producers from enhancing security features of general purpose software products to meet the anticipated growth in demand by foreign markets. All countries that are major producers of commercial encryption products were found to control exports to some extent. The study found that because customers lack a way to determine actual encryption strength, they sometimes choose foreign products over apparently weaker U.S. ones, giving those foreign products a competitive advantage.'' [U.S. DoC 1996] 2.2 National Research Council CRISIS Report A report [CRISIS 1996] was published in 1996 by the National Research Council's Committee to Study National Cryptography Policy. It examined a number of issues related to our study. Based on work by a committee chaired by former Deputy Secretary of State Kenneth Dam and populated by a number of professionals from the law, intelligence, and computer science communities, it concluded that the United States should promote widespread commercial use of technologies that can prevent unauthorized access to electronic information, that the export of the Data Encryption Standard (DES) should be allowed to provide (what was then considered)-an acceptable level of security, and that the United States should progressively relax but not eliminate export controls. The report also states ``widespread commercial and private use of cryptography in the U.S and abroad is inevitable in the long run and its advantages, on balance, outweigh the disadvantages''. The committee concludes by noting ``the interests of the government and the nation would be best served by a policy that fosters a judicious transition toward a broad use of cryptography''. 2.3 President's Export Council Subcommittee on Encryption Report The President's Export Council Subcommittee on Encryption (PECSENC) is chartered by the Secretary of Commerce to provide the private and public sector with the opportunity to advise the U.S. Government on the future of commercial encryption export policy. The members of the PECSENC consist of representatives from industry, academia, nonprofit foundations, state and local law enforcement, and elsewhere in the private sector. In Septemberl998, its Working Group on International Issues issued a report [PECSENC 1998, included as Appendix D] that found ``the difference between U.S. encryption controls and those of other nations is a serious--but not the only--factor determining success in the computer security market.'' It also concluded that, ``the adverse impact of controls on U.S. industry is palpable. For many software applications, business customers simply demand security and encryption; it is a checklist item, and its absence is a deal breaker.'' The report also highlighted an example of a non-U.S. company using the difference in export control regimes as ``leverage'' to ultimately attempt to dominate particular applications: ``. . . Brokat, a German company that scarcely existed four years ago, now has 250 employees and offices in several countries including the United States. Brokat's specialty is Internet banking and electronic commerce, but it broke into that business on the strength of being able to offer stronger encryption than German banks could obtain in Netscape or Microsoft browsers. It is now a major player in this niche, with 50% of the European Internet banking market and enough U.S. customers to justify a 20-person U.S. branch office. Meanwhile, encryption constitutes 10% or less of Brokat's revenue, and it has expanded its initial Internet banking offerings to include support for other forms of electronic commerce. Loss of U.S. competitiveness in the electronic commerce software market obviously raises concerns not just about encryption software but other software opportunities. Indeed, it foreshadows a weakening of the U.S. position as a leader in electronic commerce generally.'' The report also was concerned that ``the persistent emphasis in U.S. export control policy over the past two years on key recovery, or ``lawful access,'' has also taken a toll on the credibility of U.S. security products. . . . Foreign governments and competitors, particularly in Europe, have misinterpreted this U.S. policy, perhaps deliberately. In essence, foreign customers are told often by their governments as well as local security companies that all U.S. encryption products come with a back door allowing the U.S. government to read the contents. In part this is the result of outmoded `Recovery' supplements to U.S. export rules that demand an unrealistic level of U.S. government access to key recovery products.'' 3. SURVEY OF CRYPTOGRAPHIC PRODUCTS OUTSIDE THE U.S. 3.1 Overview The principal investigator and the subcontractor of this current project also studied the worldwide availability of cryptographic products since April 1993 as part of what has become known as the ``TIS Survey'' [TIS 1997]. The results of this earlier work have been presented to the Computer Systems Security and Privacy Advisory Board (CSSPAB) of the National Institute of Standards and Technology (NIST) and presented by Stephen T. Walker, President of Trusted Information Systems, to two Congressional subcommittees [Walker 1993, Walker 1994]. The survey was also provided to numerous government agencies and departments as part of their efforts to understand the availability of cryptographic products and its impact on U.S. export control policies. The TIS Survey continued until December 1997, at which time it identified 656 foreign cryptographic products from 29 countries. The survey also identified 963 domestic products, for a worldwide total of 1619 products produced and distributed by 949 companies (474 foreign and 475 domestic) in at least 68 countries. Our goal for this current study was to update the foreign product portion of the TIS Survey. We focused mainly on discovering new products from foreign manufacturers and also spent some time updating entries for the existing foreign products in the database. Information collected by the TIS Survey was assembled into an MS Access database. The database includes two tables, one for cryptographic products and a second table for companies that either produce or distribute cryptographic products. Each entry in the product table includes the following information: Name/Version, Manufacturer and Country, Platforms: PC, Mac, Workstation, Mainframe, DOS, Windows, UNIX, etc., Interfaces; RS232, X.21, X.25, V.21, V.24, RJ-11, etc., Type; HW, SW, HW/SW combo, What It Encrypts; Data, Files, Directories, Disks, Communications, Voice, Fax, Tape, Email, etc., Embodiment; Program, Kit, Chip, Board, Box, Tokens, PCMCIA, Smart Card, Phone, etc. Cryptographic Algorithms; DES, Triple DES (3DES), Blowfish, IDEA, CAST, Proprietary, RC2/4/5, SKIPJACK, Stream Ciphers, RSA, El Gamal, DH, DSA, ECC, MD2/4/ 5, SHA-1, etc., How Distributed; Mass-Market, Direct, Shareware, Internet, etc., Company Information; Name, Country, Address, Contact Information, etc. 3.2 Data Collection Methodology We used the following methods of data collection: issue a call for information and examine the results, plumb existing work available to us, and use the World Wide Web to conduct searches for new products and information. The call for information to elicit information from the computer cryptography community regarding new products (Appendix A) was posted in the following newsgroups and mailing lists (IETF is the Internet Engineering Task Force [IETF]): sci.crypt newsgroup: discussion of the science of cryptology, including cryptography, cryptanalysis, and related topics such as one-way hash functions. Risks mailing list: describes many of the technological risks that happen in today's environment. Cypherpunks mailing list: forum for discussing cryptography, privacy, and related social issues. Cryptography mailing list: mailing list devoted to cryptographic technology and its political impact. Firewalls mailing list: discussion of Internet ``firewall'' security systems and related issues. IETF Web Transaction Security (wts) Working Group mailing list: discussion of the development of requirements and a specification for the provision of security services to Web transaction. IETF Secure Shell (secsh) Working Group mailing list: discussion of efforts to update and standardize the SSH protocol. IETF IP Security Protocol (ipsec) Working Group mailing list: discussion of the standards efforts on IP Security. IETF An Open Specification for Pretty Good Privacy (openpgp) Working Group mailing list: discussion of extending the current PGP protocol. The Call and Survey were also posted on the Web site of the Cyberspace Policy Institute of The George Washington University [CPI 1999]. Additionally, project team members sent the survey out to individuals who they believed might know of foreign products. The existing work available to us included trade magazines, journals, buyers guides [CSI, ICSA Survey], and other print material. Most of our new information on foreign cryptography products was found by using Web search engines and gathering information from Web pages. 3.3 Results of Update to Cryptographic Products Survey Our effort to update the cryptographic products survey focused mainly on discovering new products from foreign producers, but also involved updating information on some of the existing foreign products in the database. Since we did not set out to update information on cryptographic products produced in the U.S., the number of domestic cryptographic products changed only slightly (when we came across something and thus updated the information). However, we expect that the number of cryptographic products produced in the U.S. has in fact also increased. NAI Labs plans to further update the domestic portion of the survey in the near future. The updated foreign cryptographic product survey (see summary table on following page) now identifies a total of 805 hardware and/or software products incorporating cryptography manufactured in 35 countries outside the United States. The most foreign cryptographic products are manufactured in theUnited Kingdom, followed by Germany, Canada, Australia, Switzerland, Sweden, the Netherlands, and Israel in that order. Other countries accounted for slightly more than a quarter of the world's total of encryption products. A full summary listing of the foreign cryptographic products can be found in Appendix B. The 805 foreign cryptographic products resulting from the current update represents a 149-product increase over the December 1997 survey. A majority of the new foreign cryptographic products are software rather than hardware. Another notable finding is that a majority of new foreign cryptographic products are oriented toward communications rather than data storage applications; and these heavily tended towards secure electronic mail, IP security (IPsec), and Virtual Private Network (VPN) applications. The results also showed a lot of activity in IPsec implementation, which is likely prompted by the recent emergence of new IPsec specifications from the IETF [IPSEC]. The updated foreign cryptographic product survey also identified a total of 512 foreign companies that either manufacture or distribute foreign cryptographic products in at least 67 countries outside the United States. A full summary listing of these is given in Appendix C. 3.3.1 More ``Strong'' Encryption is on the Market The updated foreign cryptographic products survey also showed increasing use of ``strong'' alternative cryptographic algorithms to DES, which uses a 56-bit key. Altogether, we identified at least 167 foreign cryptographic products that use Triple DES, IDEA, BLOWFISH, RC5, or CAST-128, which support larger key lengths. Despite the increasing use of these stronger altematives to DES, there also continues to be a large number of foreign products offering the use of DES, though we expect to see a decrease in coming years. We identified at least 123 foreign cryptographic products that use Triple DES, which employs either two traditional DES keys, for an effective key length of 112 bits, or three DES keys, for an effective key length of 168 bits. We identified at least 54 foreign cryptographic products that use the International Data Encryption Algorithm (IDEA), a Swiss-developed symmetric block cipher with a 128-bit key length [Lai 1990, Lai 1991]. We identified at least 36 foreign cryptographic products that use BLOWFISH, a symmetric block cipher developed by Bruce Schneier with a variable key length ranging from 32 to 448 bits [Schneier 1993, Schneier 1994]. Many of these products appear to use BLOWFISH with the full 448-bit key length. We identified at least 2 foreign cryptographic products that use RC5, a symmetric block cipher developed by Ron Rivest (one of the RSA inventors) with a variable length key up to 2040 bits [Rivest 1996]. We identified at least 12 foreign cryptographic products that use CAST-128, a symmetric block cipher developed by Carlisle Adams of Entrust Technologies in Canada with a variable length key up to 128 bits [Adams 1997]. [GRAPHIC] [TIFF OMITTED] T9984.005 3.3.2 New Countries and Growth Countries for Cryptographic Products The update identified six new countries producing cryptographic products. The countries that have started producing encryption products since December 1997 are Estonia, Iceland, Isle of Man, Romania, South Korea, and Turkey. We also noticed a large increase in the number of products produced by certain countries, such as the United Kingdom, which jumped by 20 products from 119 to 139, and Germany, which jumped from 76 products to 104. Japan also showed a large increase, jumping from 6 products in the December 1997 survey to 18 products in the updated survey. Most of the new products come from Mitsubishi Electronic Corporation, which has introduced a number of hardware and software cryptographic products that make use of a Japanese cryptographic algorithm known as MISTY, which uses a 128-bit key as well as Triple DES [Matsui 1996, MISTY]. Mexico also increased, from a single ``freeware'' product in the December 1997 survey to six products in the updated survey, due to the discovery of five new commercial cryptographic products from Seguridata Privada S.A de C.V., which is described in greater detail in Section 4. [GRAPHIC] [TIFF OMITTED] T9984.006 3.3.3 Growing Numbers of Foreign Products & Companies The TIS Survey was initiated in April 1993 and conducted on an ongoing basis through December 1997. Figure 2 depicts the evolution of the survey in terms of the increasing numbers of foreign cryptographic products and companies (manufacturers and distributors) identified each year of the survey effort and after the recent update. Overall, there clearly continues to be increasing and expanding development of foreign cryptographic Products. 3.3.4 Quality of Foreign Cryptographic Products NAI Labs has obtained a number of foreign cryptographic products over the life of the survey effort. The products were all purchased via routine channels, either directly from the foreign manufacturer, a foreign distributor, or an U.S. distributor. We have also downloaded a large number of foreign cryptographic products over the Internet via the World Wide Web. The quality of cryptographic products varies greatly both within and outside the U.S. We have encountered poor quality products both within and outside the U.S., and we have encountered good quality products both within and outside the U.S. On average, the quality of foreign and U.S. products is comparable. There are a number of very good foreign encryption products that are quite competitive in strength, standards compliance, and functionality. We highlight some of these in the next section. 4. some competitors to u.s. products employing cryptography After updating the cryptography product database, based on prior surveys and new information, we searched out information on the foreign manufacturers that were representative competitors to U.S. manufacturers of software and hardware with encryption capabilities. We did this by examining traditional sources such as business magazines, major newspapers, and trade publications; interviewing industry leaders and security professionals; and using various Web-based search methods [Lexis-Nexis, ABI/Inform, FirstSearch, Gale] to find appropriate combinations of keywords (encryption, U.S., US, United States, foreign, overseas, regulation, export, export controls). We identified a substantial number of foreign companies that are developing a number of products with strong encryption and have as customers a number of large foreign or multinational corporations. We sketch nine of these in this section to provide a representative sampling. All but one already provide strong encryption (as defined in Section 3.3.1). Some of the material below has references to cryptographic algorithms, protocols, and other computer science terms that may not be familiar to some readers. More information on these can generally be found in [Stallings 1999] and [Rivest 1978]. Baltimore Technologies Plc, IRELAND/UNITED KINGDOM/AUSTRALIA Baltimore Technologies plc. was formed by the merger in January 1999 of Zergo Holdings plc. (UK) and Baltimore Technologies Ltd. (Ireland). Its regional headquarters are located in Dublin (Ireland), Plano (Texas) and Sydney (Australia). Corporate headquarters are located in London, UK [Baltimore 1999a]. Baltimore develops and markets security products and services for a wide range of e-commerce and enterprise applications. Its products include Public Key infrastructure (PKI) systems, cryptographic toolkits, security applications and hardware cryptographic devices. Baltimore's security toolkits include PKI-Plus, ECS Desktop, C/SSL, J/SSL, SMT, CST, and J/CRYPTO. The PKI-Plus toolkit provides clients with the functionality to support a Public Key Infrastructure and provides encryption capabilities with full strength DES, Triple DES and IDEA. ECS Desktop is a high level GSS toolkit that supports 64-bit DES and 128-bit Triple DES. C/SSL and J/SSL are cryptographic toolkits for developing SSL 3.0 applications written in C and Java respectively. C/ SSL supports 56-bit DES and 128-bit Triple DES, IDEA and RC4. J/SSL supports 56-bit DES, and 128-bit Triple DES and RC4. SMT (Secure Messaging Toolkit) provides developers the ability to add security to messaging (email) applications. The encryption algorithms supported are 56-bit DES, 128-bit Triple DES, and 40-bit, 64 bit, and 128-bit RC2. CST (Crypto Systems Toolkit) is a set of cryptographic components enabling developers to build strong information security systems. It contains implementations of a variety of encryption algorithms including DES, Triple DES with up to 192 bits key length, IDEA, BSA4, BSA5, RC2, RC4, up to 2048-bit RSA, and DSA. J/CRYTPO is a cryptographic class library for Java applications that supports 56-bit DES, 112-bit Triple DES, and RC4 encryption, and 512-, 1024-, and 2048- bit RSA key exchange and digital signature. Security application solutions include FormSecure, MailSecure, MailSecure Enterprise, and WebSecure. Of its security applications, FormSecure which provides PKI security for Web browser forms uses DES and triple-DES encryption with 128-bit keys. MailSecure provides secure email for MS Outlook, Exchange and Eudora using 128-bit DES, Triple DES and RC2. MailSecure Enterprise, a centralized secure email product, provides encryption with 128-bit Triple DES. WebSecure enhances web server to browser communication in eases where export versions of specific browsers are limited to 40 bits of encryption by diverting all web traffic to its Java programs that use 128-bit RC4 encryption. Baltimore's hardware cryptographic device, HS4000-Assure provides a security kernel for high speed servers and workstations and features 56-bit DES and 112-bit Triple DES data encryption, and up to 4096-bit RSA key exchange and digital signatures. ``Baltimore has customers in over forty countries including some of the world's leading financial, e-commerce, telecommunications companies and government agencies. Customers include: ABN-AMRO Bank, Australian Tax Office, Bank of England, Bank of Ireland, Belgacom, Digital Equipment, European Commission, Home Office (UK), IBM, Lehman Brothers, Ministry of Defense (UK), NatWest, NIST (USA), PTT Post (Netherlands), S.W.I.F.T., Tradelink (Hong Kong), TradeVan (Malaysia) and VISA International'' [Baltimore 1999a] . ``Baltimore has also formed alliances with other major global providers of information security technology and services, including ActivCard, Axent Technologies, CDC, Certicom, Chrysalis, CISCO, Dascom, DataKey, GemPlus, Gradient, Hewlett-Paekard, ICL, Isocor, Kyberpass, Logica, Netseape, Oracle, Racal and Valicert'' [Baltimore l999a]. Brokat Infosystems AG, GERMANY BROKAT was founded in 1994. Its headquarters is in Stuttgart, Germany. Subsidiaries are located in Great Britain, Ireland, Luxembourg, Austria, Switzerland, Singapore, Australia, South Africa and the United States. Brokat develops secure solutions for Internet- banking, Internet-brokerage and Internet-payment by allowing companies through the use of its products to develop secure electronic banking and electronic commerce solutions [Brokat l999a]. Its main product, Brokat Twister, is a software package enabling secure electronic business solutions and provides Java-based 128-bit encryption. Brokat's X-PRESSO Security Gateway provides Twister with a secure Internet channel, using strong SSL encryption. It supports 128-bit IDEA and Triple DES for data encryption, and RSA up to 2048 bits for key exchange and digital signatures. In its press release of May 19, 1999 Brokat claims a sales increase of 125% in the third quarter of 1998/1999 compared to the same quarter in the previous year [Brokat 1999b]. More than 100 financial service companies use Twister. Brokat customers include Deutsche Bank, Bank 24, Allianz, Fortis Bank Luxembourg the Zurich Kantonalbank, Hypo Bank of Munich, and The Swiss National Telephone Company [Andrews 1997]. Brokat's ``Product Partners'' include AOL Bertelsmann Online, Corporate Interactive, Inc., Intershop Communications, Micrologica, Netscape Communications, Giesecke & Devrient, and Concord-Eracom. Check Point Software Technologies Ltd., ISRAEL ``Check Point provides secure enterprise networking solutions through an integrated architecture that includes network security, traffic control and IP address management. Check Point solutions are aimed at enabling customers to implement centralized policy-based management with enterprise-wide distributed deployment'' [Check Point 1999a]. ``The company's integrated architecture includes network security (FireWall-1, VPN-1, Open Security Manager and Provider-1), traffic control (FloodGate-1 and ConnectControl) and IP address management (Meta IP)'' [Check Point 1999b]. ``Check Point products protect and manage the corporate assets of the majority of Fortune 100 companies and other leading companies and government agencies across the globe. As of April 1999, the company had more than 30,000 registered customers with over 77,000 installations worldwide and 17,000+ networks worldwide using its VPN solution. The Meta IP and Meta DNS products had some 15,000 installations worldwide'' [Check Point 1999b]. The company's international headquarters are located in Ramat-Gan, Israel. International subsidiaries are located in the United Kingdom, France, Germany, Japan, Singapore, Australia, the Middle East and Canada. U.S. subsidiaries are located in northern and southern California, Colorado, Georgia, Illinois, Massachusetts, Michigan, New York, North Carolina, Philadelphia, Texas, Virginia and Washington. In an April 19, 1999 press release, Check Point announced that ``revenues for the first quarter ending March 31 were $43,772,000 compared to $31,956,000 for the same period in 1998, an increase of 37%. Net income for the quarter was $19,703,000, or $0.49 per share compared to net income of $15,149,000, or $0.39 per share in the same quarter in 1998, an increase of 30% in net income and 26% in net income per share. Check Point experienced growth across all geographic regions, particularly in Japan. Revenues from the U.S. accounted for 45% of revenues, Europe 34% and Rest of World 21%. In addition, revenues from Technical Services reached 17% in the first quarter. OEM revenues, including those from Nokia and Sun Microsystems, represented 11% of revenues'' [Check Point 1999c] . Based on figures from 1997, Check Point is the leading vendor of firewalls with a 23% share in the firewall market--a revenue of $83 million in firewall sales [Inter@ctive Week 1998]. Checkpoint's firewall solution, Firewall-1 provides a comprehensive set of security solutions which includes VPN through the support of encryption algorithms such as 40- and 56-bit DES, 168-bit Triple DES, 40-bit RC4, 40- and 128-bit CAST, and 48-bit FWZ-1 (FWZ-1 is Check Point's 48-bit exportable proprietary symmetric encryption algorithm). Check Point's VPN solution products include VPN-1 Gateway, VPN-1 SecuRemote, VPN-1 Accelorator Card, and VPN-1 Appliance. VPN-1 Gateway products are software solutions that provide encryption supporting the following algorithms: 40- and 56-bit DES, 168-bit Triple DES, 40-bit RC4, 40- and 128-bit CAST, and 48-bit FWZ-1. VPN-1 SecurRemote provides VPN support for remote and mobile users. It supports 40- and 56-bit DES, 168-bit Triple DES, 40-bit CAST, and 48-bit FWZ-1. VPN-1 Accelorator Card provides hardware-based data encryption using 56-bit DES and 168-bit Triple DES. VPN-1 Appliance uses 40-and 56-bit DES, 40- bit RC4, and 48-bit FWZ-1. Check Point's Open Platform for Secure Enterprise Connectivity (OPSEC) is an alliance that delivers the industry's first enterprise- wide security framework. OPSEC provides a single framework that integrates and manages all aspects of secure enterprise networking through an open, extensible management framework Via the OPSEC Alliance, Check Point Software's products seamlessly integrate with ``best-of-breed'' products from more than 200 leading industry partners. A complete listing of OPSEC partners can be found at http:// www.opsec.com/. Data Fellows Ltd., FINLAND ``Data Fellows develops, markets and supports data security products for corporate computer networks. Its products include anti- virus software, and data security and cryptography software. Its main offices are in San Jose, California and Espoo, Finland, and it has branch offices as well as corporate partners, VARs and other distributors in over 80 countries around the world. Its products have been translated into over 20 languages'' [Data Fellows 1999a]. Data Fellows' F-Secure cryptography products are a family of cryptography software to protect the integrity and confidentiality of sensitive information. Its family of products include F-Secure VPN+, F- Secure VPN, F-Secure SSH, F-Secure FileCrypto, and F-Secure Desktop. F- Secure VPN+ provides IPSec protocol based security for secure networking between remote offices, business partners and travelling salesmen using 56-bit DES, 168-bit Triple DES, 128-bit Blowfish, and 128-bit CAST. F-Secure VPN (Virtual Private Network) is an SSH security protocol based solution for pure LAN-to-LAN encryption using a variety of user selectable algorithms including Triple DES, Blowfish, RSA, and IDEA (optional). The symmetric algorithms all use at least 128 bits. F- Secure SSH Server provides users with secure login connections, file transfer, X11, and TCP/IP connections over untrusted networks using 128-bit Triple DES and 128-bit IDEA. F-Secure SSH Terminal&Tunnel provides the user with secure login connections over untrusted networks and to create local proxy servers for remote TCP/IP services. F-Secure SSH Tunnel&Terminal products support the following cryptographic algorithms: 56-bit DES, 168-bit Triple DES, 128-bit IDEA, 128-bit Blowfish, 256-bit Twofish, and 128-bit ARCFour (an RC4 compatible stream cipher). F-Secure FileCrypto is a product that encrypts and decrypts files using 256-bit Blowfish and 168-bit Triple DES. F-Secure Desktop provides encryption and decryption of files, directories, and Windows 95/NT 4.0 folders using 256-bit Blowfish and 168-bit DES. ``The Company's net sales have doubled annually since it was founded in 1988. Turnover has reached $3.3 million, $7.6 million and $14.1 million in the fiscal years 1995, 1996 and 1997, respectively'' [Data Fellows 1999a]. ``Data Fellows has customers in more than 100 countries. These include many of the world's largest industrial corporations and best- known telecommunications companies; major international airlines; several European governments, post offices and defense forces; and several of the world's largest banks. Customers include NASA, the US Air Force, the US Department of Defense Medical branch, the US Naval Warfare Center, the San Diego Supercomputer Center, Lawrence-Livermore National Laboratory, IBM, Unisys, Siemens-Nixdorf, EDS, Cisco, Nokia, Sonera (formerly Telecom Finland), UUNet Technologies, Boeing, Bell Atlantic, and MCI'' [Data Fellows 1999a]. Entrust Technologies, CANADA Entrust is a Canadian company that spun off from Northern Telecom (Nortel). It develops cryptographic products in Canada and exports them from there. It now has offices across the United States, Canada, the United Kingdom, Switzerland, Germany, and Japan. Entrust develops products for trusted electronic transactions. Its products include solutions for secure Internet transactions including digital certificate services and public-key infrastructures (PKI) products. Entrust File Toolkit delivers a set of application programming interfaces (APIs) to add encryption and digital signatures to store- and-forward (email, e-forms) applications. It Supports DES, Triple DES, RSA and RC2. Entrust Session Toolkit is designed for third-party applications that need to protect data communications in real-time. It supports DES, Triple DES, and RC2. Entrust/Solo is a product that provides data encryption, digital signature and data compression functionality for the desktop and e-mail using DES, Triple DES and CAST. The company's more than 800 corporate customers include J.P. Morgan, the Salomon Smith Barney unit of Citigroup, ScotiaBank, S.W.I.F.T, FedEx, the Canadian Government and several U.S. government agencies. Entrust's industry partners include development partners such as Hewlett-Packard, Network Associates, Oracle, Nortel Networks and others, 25 channel partners including Hewlett-Packard and Compaq OEM Partners: IBM, Tandem, Check Point and others, specifiers and referral partners such as PriceWaterhouse Coopers, Deloitte & Touche; KPMG Peat Marwick, Ernst & Young, and others, and service provider partners such as BCE Emergis, EDS, Scotiabank and others [Entrust 1999]. Radguard, ISRAEL RADGUARD was founded in 1994 as a member of the RAD Group of data communications companies. Privately held, the company is backed by American and foreign corporate investors. The company's international headquarters are located in Tel Aviv, Israel; its US headquarters are in Mahwah, NJ. Radguard is a pioneer and leader in the secure Virtual Private Network (VPN) market. Incorporating security technologies and industry standards into high-performance hardware architectures, Radguard provides solutions to Internet-based virtual private networking, secure non-Internet transmission, safe Internet connectivity and client encryption. Its VPN and network security products include cIPRO, CryptoWall, and NetCryptor. cIPRO is an Internet-working security system for VPNs. The cIPRO family uses DES and up to 168-bit Triple DES for encryption. CryptoWall is an encrypting firewall that supports subnet-to-subnet security in TCP/IP environments. It supports DES for data encryption and RSA for key exchange and digital signature. NetCryptor is a hardware-based encryption device that employs DES. Customers include NTT Data, a subsidiary of Japan's Nippon Telephone and Telegraph (NTT), Germany's major car makers and component suppliers including BMW, Bosch, BEHR, Drexlmaier, Audi, Freudenberg, DaimlerChrysler, Volkswagen and Hella. Seguridata Privada S.A de C.V., MEXlCO SeguriDATA is a Mexican company founded in 1996 with the purpose of participating actively in the construction of security standards in Mexico and Latin America by means of integration in committees, with products in electronic security. It has offices in Peru and Spain as well as Mexico. The company provides confidentiality and authenticity of electronic documents with applications to electronic commerce, financial transactions and confidential systems of communications. Its products include SeguriDOC, SeguriEDIFACT, SeguriLIB, SeguriPROXY, and SeguriTELNET. SeguriDOC offers Triple DES for confidentiality of archived data. SeguriEDIFACT provides security for EDI communications using Triple DES. SeguriPROXY provides security between web server and web browser sessions using 128-bit RC4. Sophos Plc., UK Sophos Plc was founded in 1980 and moved into data security in 1985, producing software and hardware for data encryption, authentication and secure erasure. Its virus detection product has positioned the company as a leading supplier of enterprise-wide virus protection tools. Subsidiaries include Sophos Pty Ltd, Australia, established in April 1999, Sophos Plc, France, established in May 1998, Sophos GmbH, Germany established in October 1997, and Sophos Inc, USA, a wholly-owned subsidiary of Sophos Plc based in Massachusetts, USA [Sophos 1999]. Sophos data security products include D-Fence 4 HMG, D- Fence 4 SPA, E-DES, and PUBLIC. D-FENCE HMG is a disk authorization and encryption system for HMG, providing encryption and authentication of floppy and hard disks using SEVERN BRIDGE, a U.K. Government standard algorithm. D-FENCE SPA is a data encryption system for PCs and laptops using SPA (Sophos Proprietary Algorithm) for encryption of floppy and hard disks. SPA is a 64-bit block cipher with 64-bit keys. E-DES and PUBLIC are products used for secure file storage and transmission. E- DES encrypts files using DES or SPA, while PUBLIC encrypts files using 512-bit RSA or MDH in combination with DES or SPA. Customers include government, financial institutions and multi- national corporations. Utimaco Safeware AG, GERMANY Utimaco Safeware AG has subsidiaries in Belgium, France, Finland, Great Britain, Austria, the Netherlands, Norway, Sweden and Switzerland and additional distribution partners (Value-Added-Resellers) in almost all European countries, in the USA, Australia, Asia and in South Africa. Utimaco also has strategic alliances with IBM Deutschland Informationssysteme GmbH, SIEMENS AG and Toshiba Europe. Utimaco develops IT security solutions for the areas of mobile/ desktop security (authentication, access control, encryption), network security (authentication, encryption), e-commerce security (digital signature, encryption) and security infrastructure (smart card reader). ``Utimaco has three development centres. The SafeGuard product line focussing on the ``Mobile/Desktop Security'' area is developed in Munich, Germany. The development of the SafeGuard product family for ``Network Security'' and the smart card technology and card reader family CardMan is done in Linz, Austria. The third development centre near Brussels (Holsbeck), Belgium, is responsible for the SafeGuard ``E-Commerce Security'' product line (digital signatures, e-mail security) and the CriptWare technology (high-performance implementations of standardized basis-crypto algorithms and interfaces)'' [Utimaco 1999a]. Products for mobile/desktop security include SafeGuard Easy, and SafeGuard Desktop. SafeGuard Easy is a security program for the online- encryption of hard disks and diskettes. It operates with the encryption algorithms Blowfish, STEALTH, 56-bit DES and 128-bit IDEA to guarantee the confidential storage of sensitive data. SafeGuard Desktop is a security solution for OS/2 operating systems offering boot and virus protection as well as user logon, and allows online encryption of hard disks and floppies with DES, IDEA, STEALTH, Blowfish, and XOR. Utimaco network security products include SafeGuard LAN Crypt and SafeGuard VPN. SafeGuard LAN Crypt provides protection of selected files against access by persons who are physically capable of accessing the data carrier. The solution guarantees the security of encrypted data through a key length of 128 bits and globally accepted, strong algorithms such as IDEA. SafeGuard VPN provides Virtual Private Networks with secure data transmission using 168-bit Triple DES and 128-bit IDEA. Utimaco's E-commerce security products include CryptWare Board, CryptWare Server, Cryptware Toolkit, and SafeWare Sign&Crypt. Cryptware Board comes with a DES chip, but allows any other encryption algorithm to be easily installed. The CryptWare Server is a cryptographic black box designed for applications with high security requirements and/or high-speed cryptographic capabilities. It employs DES and 1024-bit RSA. The CryptWare Toolkit is a library that provides all necessary cryptographic and administrative functions to build secure electronic messaging systems. It supports RSA, Triple DES, IDEA, RIPEMD160, MD5, and SHA-1. SafeWare Sign&Crypt offers signing and verification of electronic documents. It can provide encryption with 128-bit IDEA. The breakdown of Utimaco Group sales by industry in the last business year, 1997/98, is as follows: 29.7% for public institutions, 29.3% for banks, 26.8% for industry and commerce and 14.1% for insurance companies. In the last business year 57 percent of sales were made outside Germany. Its customers include Bertelsmann (Gutersloh) Colonia Nordstern Versicherungsmanagement AG (Cologne), Daimler-Benz Aerospace AG (Kiel), Dresdner Bank, Eduscho GmbH (Bremen), Frankfurter Sparkasse (Frankfurt), Goldwell GmbH (Darmstadt), Innenministerium Mecklenburg-Vorpommem (Schwerin), Landesamt fur Datenverarbeitung, (Potsdam), Motorola GmbH (Taunusstein), Otto Versand International GmbH (Hamburg), Oberverwaltungsgericht Thuringen (Weimar), Price Waterhouse (Frankfurt), Police Forces (Belgium), Isaserver (Belgium), State Police (Belgium), Unisys for Christelijke Mutualiteiten (Belgium), The European Commission (Belgium and Luxembourg), Danfoss A/S (Denmark), ICL Pathway Ltd. (Great Britain), Robert Fleming & Co. Ltd. (Great Britain), Standard Chartered Bank (Great Britain), Conseil de I Union Europeenne (Luxembourg), KPN Telecom (The Netherlands), ABN AMRO Bank N.V. (The Netherlands), Nycomed Amersham Group (Norway), Schweizer Post (Switzerland), DDJ, and Justizdirektion des Kantons Zurich (Switzerland). 5. foreign marketing use of u.s. export controls 5.1 Introduction As Under Secretary of Commerce William A. Reinsch noted in recent Congressional testimony, ``encryption remains a hotly debated issue. The Administration continues to support a balanced approach that considers privacy and commerce as well as protecting important law enforcement and national security equities. We have been consulting closely with industry and its customers to develop a policy that provides that balance in a way that also reflects the evolving realities of the market place'' [Reinsch 1999]. As the Commerce Department struggles to craft and finely tune export regulations to satisfy these objectives, many foreign cryptography manufacturers are citing these regulations as reasons for their prospects to not ``buy American''. Even foreign governments sometimes overtly use these regulations. For example, ``In a letter sent [in January 1999] to India's Central Vigilance Commission (CVC)--an intelligence agency comparable to the United States' National Security Agency--the Indian Defense Research and Development Organization said the limits the U.S. government places on exported encryption products render the products too weak for reliable use. The CVC responded that it might mandate that all Indian financial institutions buy security software from India'' [Dunlap 1999]. 5.2 Advertising Related to Cryptographic Controls Trade magazines, industry reports, and news articles were searched for consumer preference data, including checklists, ease of use'' and ``best buy'' ratings, etc., to try to find anecdotal justification or rebuttal of the claim that consumers strongly prefer U.S.-made encryption products and systems incorporating U.S.-made encryption, as asserted, for example, in [Ernst 1999]. We did find a reference to a U.S. government study that acknowledged that ``in many countries surveyed, exportable U.S. encryption products are perceived to be of unsatisfactory quality'' [Commerce/NSA 1996] (date given as June 1995, page ES-3, possibly a draft, in [Olbeter 1998]). We also found some information from companies that claimed or implied that their products are more secure and/or easier to use than American products burdened by U.S. export controls. Descriptions of the various export control regimes are found in [Baker 1998, Koops 1999, and GILC 1998]. Examples of the statements of foreign companies are given below. Brokat Infosystems AG (Germany) Brokat, on its web page [Brokat 1999c] discusses ``Secure Communication using 128-bit encryption'' and states that ``In comparison to other solutions, X-AGENT allows very secure communication. Highly sensitive information can be exchanged using this consultation tool. All data is encrypted with the 128-bit Twister security component. Even so-called 'weak' Internet browsers, which only use a 40-bit encryption due to US government export restrictions can be 'topped up' accordingly for the duration of the session.'' Baltimore Technologies plc. (Ireland/United Kingdom/ Australia) Baltimore Technologies states that WebSecure, a product designed to provide secure web server to browser communication is useful because ``US export restrictions dictate that most web servers and browsers cannot perform 128-bit encryption for security. Instead, export versions of browsers like Internet Explorer and Netscape Navigator and export versions of web servers like Netscape Enterprise Server and Microsoft Internet Information Server are limited to 40 bits of encryption, which is not secure enough for most applications'' [Baltimore 1999b]. Cybernetica (Estonia) Cybernetica advertises ``. . . full strength cryptographic security with long keys and no backdoors'' and its Web pages for their products prominently feature this selling point. [GRAPHIC] [TIFF OMITTED] T9984.007 In their Frequently Asked Questions list on the Web, they go on to celebrate the differences between their product and U.S. products: Strong crypto? What algorithms are supported? And what key lengths? IDEA. Triple DES. Blowfish. RSA. Diffie-Hellman. The end user has the opportunity of selecting the algorithms he trusts. And, if the user so requires, support for further algorithms may be added. You can use as long keys as the algorithms you have selected allow you to. There are no ``political'' restrictions on key lengths to be used in the Privador system. What about back doors, key recovery etc? There are no back doors built into the Privador system. We can--and will--prove It if so required. How come you don't care about export restrictions? Because there are none. The Privador System is entirely developed by Cybernetica, the first private-law R&D institution in Estonia. The laws of the Republic of Estonia allow us to export strong cryptographic technologies to almost any country in the world. Utimaco Safeware AG (Germany) On its web site, Utimaco states that [Utimaco 1999b] ``. . . As a German manufacturer, Utimaco guarantees that no national key depositing requirements (ESCROW) exist which could jeopardize the security of the solution . . .'' [GRAPHIC] [TIFF OMITTED] T9984.008 Note Utimaco's home page, illustrated in Figure 3. It is user- friendly for speakers of a number of languages. It makes the point that Utimaco has representatives in a number of European countries. If the user clicks on his or her country (either on the map or on the country abbreviation in the vertical list), he or she is transported to a page in their native language that further presents Utimaco and its products and services. As an example, Figure 4 shows the homepage of Utimaco Norway that the user is transported to when Norway is selected from the map. [GRAPHIC] [TIFF OMITTED] T9984.009 Data Fellows Corporation (Finland) Data Fellows makes the readers of its web page aware of U.S. export restrictions and states that its products are designed with ``much more security'' than U.S. products: ``. . . The encryption technology used in the F-Secure products has been developed in Europe and thus does not fall under the US ITAR export regulations. F-Secure products can be used in every country where encryption is legal, including the United States of America . . .'' [Data Fellows 1999b] ``. . . F-Secure FileCrypto uses well-known fast block cipher algorithms. You can choose either three-key 3DES or Blowfish. Both algorithms have been analyzed by the world's leading cryptographers. They are known to be strong and safe. These algorithms provide security with a minimum of 168-bit keys. They provide much more security than DES-based or U.S. products that fall under U.S. ITAR export restrictions.'' [Data Fellow 1999c]. JCP Computer Services (United Kingdom) JCP takes on U.S. products directly based on export controls [JCP 1999]: ``Many companies are using or considering using implementations of these algorithms which originate in the US. The US government prohibits export of strong cryptographic tools, and, except under specific conditions, only permits the export of weak implementations. These 'crippled' cryptographic tools do not provide sufficient protection to allow Internet e- commerce and communications to proceed securely. In an amateur attack on a US export-strength cryptographic routine, the key was broken in 56 hours. And such times will decrease markedly as computer processing power continues to improve. ``JCP has developed full strength implementations outside of the US using industry proven standard algorithms. JCP are the leading company outside the US producing high performance cryptographic tools in Java, which has become the Internet's standard programming language. The product provides a set of packages that implement specific cryptography algorithms for use within any Internet application.'' SSH Communications Security (Finland) SSH states on their web site [SSH 1999] that ``The software from SSH is free from strict US export restrictions'' as one of ``six good reasons why SSH IPSEC Express is the best choise (sic)''; it goes on ``IPSEC is supposed to be an international standard. However, because of export restrictions in different countries. (sic) SSH is one of the few to deliver full standards compliance and strong security virtually anywhere in the world.'' RPK Security, Inc. (New Zealand, Switzerland, United Kingdom) RPK advertises on its web site of its flagship RPK Encryptonite Engine [RPK 1999], ``Developed outside the U.S., the RPK Encryptonite Engine is not subject to US government regulations. It is available with strong encryption worldwide, with dramatically better performance at significantly lower implementation cost compared with competing technologies.'' Reading further on its web site, one finds that ``RPK's cryptographic research and product development is based in New Zealand, Switzerland and the U.K, with worldwide sales and marketing operations in San Francisco, CA.'' 6. standards and their influence 6.1 Pervasiveness of Standards From the material above, one can see that companies vie to have encryption products that meet certain accepted worldwide standards. If the products do not, they often will not interoperate successfully with other computer systems. This section highlights two important international standards efforts. Note the contribution of encryption expertise from all over the world to both. 6.1.1 IPsec Today's widespread and pervasive use of the Internet has accentuated the need for security for the underlying Internet Protocol (IP). The IETF has developed the IP Security (IPsec) protocol as an integral element of internet security. IPsec is a proposed standard Internet protocol designed to provide cryptographic-based security, including authentication, integrity, and (optional) confidentiality services. While the use of IPsec is currently optional, its use will be mandatory for the next version of the Internet Protocol, IPv6 [IPsec]. As a result of the dramatic impact IPsec will have on improving the security of the Internet, there has been enormous interest in developing implementations of IPsec. This interest has extended throughout the entire world, due to the global nature of the Internet and need for cryptographic-based security. Many freely available and commercial implementations of IPsec are available or are under development. Ted Ts'o of MIT, co-chair of the IETF IPsec Working Group, maintains a list of companies implementing (or planning to implement) IPsec. The list currently cites implementations from 49 companies around the world. At least nine of the companies are from outside the U.S. There is also one effort, the KAME Project, being conducted by a combination of several Japanese companies (Fujitsu, Hitachi, IIJ Research Laboratory, NEC, Toshiba, and Yokogawa) [KAME 1999]. Another important aspect of IPsec is that it supports encrypted ``tunnels'', whereby an IP packet is completely encrypted as it travels from one point of a network to another. Encrypted tunnels are one of the primary means for establishing Virtual Private Networks, or VPNs, which emulate private networks over public, shared IP networks, such as the Internet. IPsec is designed to be independent of any specific cryptographic algorithms; it can support several, but it will require one strong algorithm, Triple DES; the relatively weak DES will be permitted but not required. Specifications have also been developed for the use of the IDEA, BLOWFISH, RC5, and CAST strong cryptographic algorithms with long key lengths for IPsec [Stallings 1999]. 6.1.2 Advanced Encryption Standard (AES) In 1997, NIST solicited algorithms for the Advanced Encryption Standard (AES), to replace the Data Encryption Standard (DES) [FIPS PUB 46-2] as a government encryption standard. Individuals and companies from eleven different foreign countries proposed 10 out of the 15 candidate algorithms submitted to NIST [Smid 1998]: ------------------------------------------------------------------------ Candidate Country Algorithm Submittor(s) ------------------------------------------------------------------------ Australia....................... LOKI97............ Lawrie Brown, Josef Pieprzyk, Jennifer Seberry Belgium......................... RIJNDAEL.......... Joan Daemen, Vincent Rijmen Canada.......................... CAST-256.......... Entrust Technologies, Inc. DEAL.............. Outerbridge, Knudsen Costa Rica...................... FROG.............. TecApro Internacional S.A. France.......................... DFC............... Centre National pour la Recherche Scientifique (CNRS) German.......................... MAGENTA........... Deutsche Telekom AG Japan........................... E2................ Nippon Telegraph and Telephone Corporation (NTT) Korea........................... CRYPTON........... Future Systems, Inc. USA............................. HPC............... Rich Schroeppel MARS.............. IBM RC6............... RSA Laboratories SAFER+............ Cylink Corporation TWOFISH........... Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson UK/lsrael/Norway................ SERPENT........... Ross Anderson, Eli Biham, Lars Knudsen ------------------------------------------------------------------------ ``Of the five submissions likely to be chosen for the next round, about half will be from outside the U.S. It is very possible that the next U.S. government encryption standard will have been designed outside the U.S.'' [Schneier 1999]. 7. conclusions Based on the research described above, we arrive at two conclusions: 1. Foreign development of cryptographic products is not only continuing but is expanding to additional countries. 2. Communications-related cryptography is experiencing high growth, especially in electronic mail, VPN, and IPsec products. 7.1 Foreign Development of Cryptography Continues to Grow There are now 805 cryptography products produced in 35 countries outside the United States. In at least 67 countries, 512 foreign manufacturers and distributors are involved. In just three weeks, with limited resources, we identified 149 foreign cryptographic products new to market since the December 1997 TIS survey. It is difficult to gauge how many additional products would be identified, given sufficient time and resources, but it is safe to anticipate that we would identify many more products from the countries within the database, and possibly several additional countries. Development of cryptographic products in nations around the world is increasing. Moreover, as additional nations seize opportunities in e-commerce, nation-centric islands of competence develop, as do ultimately international markets. Often these islands of competence are developed by bright young entrepreneurs and computer scientists who have trained elsewhere (often the United States) and then play key roles in jump-starting their native countries' e-commerce. This fits nicely in the theory of technoglobalization, as espoused by Robert Reich, discussed more in Section 8. 7.2 Communications-Related Cryptography Leads Storage Cryptography Within the 149 new products we discovered, communications-related products, as opposed to data storage encryption, were predominant. It appears that the efforts of the Internet Engineering Task Force (IETF) to provide standardized protocols for the Internet has facilitated the development of solutions and products to communications related problems. We conjecture that this and the expansion of e-commerce have resulted in a high growth of communications related cryptographic products such as those for electronic mail, VPNs, and IPsec. Ipsec's support of encrypted tunnels will greatly improve security for private, enterprise-based networks. As the comfort level of users (and organizations) grows, and as the potential and actual gains of (consumer to business and business to business) e-commerce become apparent, there will be increased worldwide need for communications- related cryptography. 8. future research To date there have been only a few efforts to attempt to quantify the impact of regulatory measures on the international cryptographic market [Olbeter 1998, BSA 1998, CDT 1997]. The TIS survey and this effort to update the foreign products inventory of the database have been one of the few ways to quantitatively assess the state of the market over time. As noted in Section 7, we saw developments both in countries already producing cryptographic products and expansion into new countries that did not have cryptographic product development as of December 1997. We saw a number of firms become multinational. In the face of continuing U.S. export controls on encryption products, technology, and services, some American companies have financed the creation or growth of foreign cryptographic firms. We have seen some U.S. companies (e.g., PGP, RSA, Sun) buy some foreign expertise, leaving it in place (rather than bringing the talent back to the United States). With this expertise offshore, the relatively stringent U.S. export controls for cryptographic products can be avoided, since products can be shipped from countries with less stringent controls. All of these facts indicate that both nations and companies see opportunities in this rapidly changing technological market, and it could be argued that globalization plays a major role in future growth for this market. This is not a case of the technology slipping away from the United States. The technological expertise is already available in many places around the world. Indeed, we noted earlier that the majority of submissions for the Advanced Encryption Standard (AES) have been designed outside the United States. This may be simply an example of the general thesis of economists David Mowery and Nathan Rosenberg [Mowery 1989], who argue that, in general, foreign firms' technological sophistication has caught up with that of the United States in many cases. In those cases, they reason: ``Since foreign firms now are more technologically sophisticated and technology is more internationally mobile, however, the competitive advantages that accrued in the past from basic research and a strong knowledge base have been eroded. Faster international transfer of new technologies is undercutting a major source of America's postwar superiority in high-technology markets.'' (p. 218) Our empirical product data could be combined with economic measures and economic theories to better explain why we are seeing the observed growth in encryption products and companies around the world, and to examine the effects of Internet growth, e-commerce development, and regulatory actions on the international cryptographic market over time. Porter [1990], for example, tests his theses by using quantitative measures from several nations, by industrial sector. His national economic profiles include primary goods, machinery, and specialty inputs and services data for each industrial sector. Given appropriate quantitative measures, similar work could be done for the international cryptography market. As the global information-based economy continues to grow, and as the nature of industrial research and development continues to shift from nation-centric to international collaboration, we will continue to witness more rapid technological development and global economic growth. We should be able to put together previous economic work [Duysters 1996] with material already available on the information technology sector [Mowery 1996, Rosenberg [1992] and the data in this study to better understand the changes we are seeing in the global marketplace and thus be able to more easily adjust national laws for a global economy. 9. references [ABI/Inform]: ProQuest Direct, http://proquest.umi.com/pqdweb. [Acey 1999]: Acey, Madeleine, TechWeb, CMPNet, in New York Times Technology, http://www.nytimes.com/techweb/ TW__Key__Escrow__Bill__Slammed__By__Parliament__Inquiry.html, 5/19/99. [Adams 1997]: C. Adams, The CAST-128 Encryption Algorithm, RFC 2144, May 1997. [Andrews 1997]: Andrews, Edmund L., ``U.S. Restrictions of Exports Aid German Software Maker,'' New York Times, April 3, 1997. [Argentina 1999]: Description of PGP and links to download it, in Firma Digital y Documento Electronico, http://www.sfp.gov.ar/ firma.html, downloaded May 27, 1999. [Baker 1998]: Baker, S. and Hurst, P., The Limits of Trust. Cryptography, Governments, and Electronic Commerce, Kluwer Law International, 1998. [Baltimore 1999a]: Baltimore Company Profile, http:// www.baltimore.ie/corporate/profile.html. [Baltimore 1999b]: WebSecure, http://www.baltimore.ie/products/ websecure/index.html. [Brokat 1998]: Brokat Offering Prospectus, http://www.brokat.com/ int/ir/facts/annual__report.html. [Brokat 1999a]: Brokat Company, http://www.brokat.com/int/company/ index.html. [Brokat 1999b]: Brokat Continues Success in Third Quarter, http:// www.brokat.com/int/press/1999/pr19990519-01.html. [Brokat 1999c]: Consulting Via Internet With X Agent From Brokat, http://www.brokat.com/int/press/1999/pr1 9990318-02.html. [BSA 1998]: Business Software Alliance, The Cost of Government- Driven Key Escrow Encryption, 1998, http://www.bsa.org/ceoforum/pdfs/ key__escrow.pdf [CDT 1997]: Center for Democracy and Technology, The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption, a report by an ad hoc Group of Cryptographers and Computer Scientists, Washington, 1997. [Check Point 1999a]: Check Point Corporate Information and News, http://www.checkpoint.com/corporate/index.html. [Check Point 1999b]: Check Point Corporate Profile, http:// www.checkpoint.com/corporate/corporate.html. [Check Point 1999c]: Check Point Software Technologies Ltd Reports Financial Results for First Quarter 1999, http://www.checkpoint.com/press/1999/ q1earnings041999.html. [Commerce/NSA 1996]: A Study of The International Market for Computer Software with Encryption, Prepared by the U.S. Department of Commerce and the National Security Agency for the Interagency Working Group on Encryption and Telecommunications Policy, January 11, 1996. [CPI 1999]: Non-U.S. Cryptographic Product Survey Call-for- Information, http://www.seas.gwu.edu/seas/institutes/cpi/cryptosurvey/ call4info.html [CSI 1997]: Computer Security, Products Buyers Guide 1997, Computer Security Institute, San Francisco, 1997. [Cybernetica 1999a]: Cybernetica English Web Site, http:// www.cyber.ee/infosecurity/products/privador/intro.html. [Cybernetica 1999b]: Cybernetica Estonian Web site, http:// www.cyber.ee/infoturve/tooted/privador/index.html. [CRISIS 1996]: Cryptography's Role in Securing the Information Society, Kenneth W. Dam and Herbert S. Lin, Editors; Committee to Study National Cryptography Policy, National Research Council, 1996. [Data Fellows 1999a]: Data Fellows Company Fact Sheet, http:// www.datafellows.fi/df-info/. [Data Fellows 1999b]: F-Secure Cryptography Products, http:// www.datafellows. fi/f-secure/. [Data Fellows 1999c]: F-Secure FileCrypto__On-the-fly encryption, http://www.datafellows.fi/f-secure/filecrypto/on-the-fly.htm. [FIPS PUB 46-2]: National Institute of Standards and Technology. FIPS PUB 46-2: Data Encryption Standard. December 30, 1993. [Dunlap 1999]: ``All Tied Up: U.S. Trade Rules Hobble VARs, ISVs Alike Dealing With Encryption.'' by Charlotte Dunlap & Amy Rogers, Computer Reseller News, February 8, 1999. [Duysters 1996]: Duysters, Geert. The Dynamics of Technical Innovation: The Evolution and Development of Information Technology. Cheltenham, U.K.: Edward Elgar. [EDS 1996]: EDS, ``When governments hamper encryption, they hamper commerce'', advertisement, Washington Post, June 20, 1996. [Entrust 1999]: Products: Entrust/SOLO, http://www.entrust.com/ solo/index.htm. [Ernst 1999]: Ernst & Young, Retail and Consumer Products: Key Technologies, http://www.ey.com/industry/consumer/retailit/key.asp, April 22, 1999. [FirstSearch]: FirstSearch, http://gilligan.prod.oclc.org:3055/ html/fs__areas.htm. [Gale]: Gale Business Resources (integrated), http:// www.galenet.com/servlet/GBR. [Gibson 1998]: Paul Gibson, ``The $237 billion conundrum'', Electronic Business, Highlands Ranch, November 1998. [GILC 1998]: Global Internet Liberty Campaign, ``Online International Encryption Policy Survey, http://www.gilc.org/crypto/ crypto-survey.html. [Greenspan 1997]: Greenspan, Alan, Remarks at the Conference on Privacy in the Information Age, Salt Lake City, Utah, March 7, 1997, http://www.federalreserve.gov/boarddocs/speeches/19970307.htm [Grossman 1999]: Wendy Grossman, Connected--Analysis: Encryption proves a slithery beast to control, Daily Telegraph (London), January 21, 1999. [Hornstein 1999]: Testimony of Richard Hornstein before the Telecommunications, Trade and Consumer Protection Subcommittee of the Committee on Commerce, U.S. House of Representatives, Washington, DC, May 18, 1999. [ICSA Survey]: ICSA Certified Cryptography Products (``Buyer's Guide''), list is at http://www.icSa.net/services/consortia/ cryptography/certified__products.shtml. [IKE]: Harkins, D., and D. Carrel, D., The Internet Key Exchange (IKE), RFC 2409, November 1998. [IPSEC]: S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401, November 1998. [IPSECIPM]: Ted T'so, IPSEC/ISAKMP Company List, Companies which are Implementing (or Planning to Implement) IPSEC/ISAKMP, http:// web.mit.edu/tytso/www/ipsec/. [IPSECWG]: IPsec WG Charter, http://www.ietf.org/html.charters/ ipsec-charter.html. [JCP 1999]: JCP Computer Services, http://wwwjcp.co.uk/secProduct/ security__cdk__index.htm. [KAME 1999]: KAME Project, http://www.kame.net/. [Koops 1999a]: Koops, B-J, Crypto Law Survey, http://cwis.kub.nl/ ~frw/people/koops/lawsurvy.htm. [Koops 1999b]: Koops, B-J, The Crypto Controversy: A Key Conflict in the Information Society, Kluwer Law International, The Hague, 1999. [Lai 1990]: Lai, X., and Massey, J., A Proposal for a New Block Encryption Standard, Proceedings EUROCRYPT '90, Springer Verlag, 1990. [Lai 1991]: Lai, X., and Massey, J., Markov Ciphers and Differential Cryptanalysis, Proceedings of EUROCRYPT '91, Springer- Verlag, 1991. [Lexis Nexis]: Lexis-Nexis, http:/www.lexis-nexis.com. [Matsui 1996]: Mitsuru Matsui, New Block Encryption Algorithm MISTY, Mitsubishi Electric Corp., 1996. [MISTY]: MISTY__Mitsubishi Electronic's Encryption Algorithm, http://www.mitsubishi.com/ghp__japan/misty/200misty.htm. [Mowery 1989]: Mowery, David C. and Nathan Rosenberg. Technology and the Pursuit of Economic Growth. Cambridge UK: Cambridge University Press, 1989. [Mowery 1996]: Mowery, David C. (ed.). The International Computer Software Industry: A Comparative Study of Industry Evolution and Structure. New York: Oxford University Press. [Olbeter 1998]: Olbeter, Erik R. and Christopher Hamilton, Finding the Key: Reconciling National and Economic Security Interests in Cryptography Policy, Economic Strategy Institute, Washington, DC, March 1998. [PECSENC 1998]: Report of the president's Export Council Subcommittee on Encryption Working Group on International Affairs, September 1998, http://209.122.145.150/PresidentsExportCouncil/PECSENC/ iwgfind.htm. [Porter 1990]: Porter, Michael E., The Competitive Advantage of Nations, New York: The Free Press, 1990. [Randata 1999]: Media Release, ``Boost For Smart Aussie Company: SNS The First To Be Granted U.S. Export License For High Security Cryptography,'' Sept. 7, 1998. http://www.randata.com.au/infblx.htm. [Reich 1990]: Robert B. Reich, ``Does Corporate Nationality Matter?'', Issues in Science and Technology, Winter 1990-91, pp. 40-44. [Reinsch 1999]: Reinsch, William A., Testimony before the House Committee on Commerce, Subcommittee on Telecommunications, Trade and Consumer Protection, May 25, 1999. [Rivest 1978]: R. Rivest, A. Shamir, and L. Adleman, ``A Method for Obtaining Digital Signatures and Public-Key Cryptosystems'', Communications of the ACM, February 1978, Volume 21, Number 2, pp. 120- 126. [Rivest 1996]: [Rivest 1996] R. Rivest and R. Baldwin, The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms, RFC 2040, October 1996. [Rosenberg 1992]: Rosenberg, Nathan, Ralph Landau, and David C. Mowery (eds). Technology and the Wealth of Nations. Stanford, Calif.: Stanford University Press. [RPK 1999]: RPK Security, http:/www.rpk.com/. [RSA 1999]: ``RSA Provides Security Solutions to Worldwide Markets Through New Operation in Australia'', January 6, 1999 press release, http://www.aus.rsa.com/pressbox/990106-1.html. [Schneier 1993]: Schneier, B., Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish), Proceedings of Workshop on Fast Software Encryption, Springer Verlag, 1993. [Schneier 1994]: Schneier, B., The Blowfish Encryption Algorithm, Dr. Dobb's Journal, April 1994. [Schneier 1995]: Schneier, B., Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed., Wiley, 1995. [Schneier 1999]: Bruce Schneier, The Internationalization of Cryptography, CRYPTOGRAM Newsletter, May 15, 1999, http:// www.counterpane.com/crypto-gram-9905.html. [Smid 1998]: Smid, M., and M. Dworkin, Special Report on the First AES Conference, presented at Crypto '98 Conference, August 1998, http:/ /csrc.nist.gov/encryption/aes/round1/crypto98.pdf. [Sophos 1999]: Sophos Company Info, http://www.sophos.com/ companyinfo/profile/. [SSH 1999]: 6 Good Reasons Why SSH IPSEC Express is the Best Choice, http: //www.ipsec.com/6reasons.html. [Stallings 1999]: William Stallings, Cryptography and Network Security. Pinciples and Practice, Second Edition, Prentice Hall, 1999. [Thayer 1997]: Rodney Thayer, ``Bulletproof IP'' in Data Communications, November 21, 1997, http://data.com/tutorials/ bullet.html. [TIS 1997]: Worldwide Survey of Cryptographic Products, http:// www.nai.com/products/security/tis__research/crypto/crypt__surv.asp, December 1997. [United Nations 1986]: U.N. International Trade Statistics Yearbook, 1986. New York: United Nations. [U.S. DoC 1996]: U.S. Department of Commerce Press Release, ``Department of Commerce Releases Study on the International Market for Encryption Software'', January 11, 1996. [Utimaco 1999a]: Utimaco Safeware AG Facts and Figures, http:// www.utimaco.de/english/index1.htm. [Utimaco 1999b] SafeGuard VPN Product Description, http:// www.utimaco.com/english/products/sgvpn__e.htm. [Walker 1993] Testimony of Stephen Walker before the U.S. House of Representatives Foreign Affairs Subcommittee on Economic Policy, Trade and Environment, October 12, 1993. [Walker 1994] Testimony of Stephen Walker before the U.S. Senate Judiciary Subcommittee on Technology and the Law, Hearing on the Administration's ``Clipper Chip'' Key Escrow Encryption Program, May 13, 1994. __________ Appendices a. call for information Please forward this message to others who are interested on the topic. A WWW-version of this message can be found at http:// www.seas.gwu Xedu/seas/institutes/cpi/cryptosurveylcall4info.html Non-U.S. Cryptographic Product Survey Call for Information The George Washington University and NAI Labs, The Security Research Division of Network Associates (formerly the research division of Trusted Information Systems) are conducting a survey to identify cryptographic products manufactured outside the United States and are examining product specifications to assess their functionality and security. We are soliciting input from those with knowledge of cryptographic products through the use of this survey form. If you know of cryptographic products that are manufactured in countries other than the United States, please complete this form and submit it to the Cyberspace Policy Institute (CPI) NO LATER THAN TUESDAY MAY 18, 1999. You may submit this form via email to cpiWseas.gwu.edu or fax at (202) 994-5505 in Washington D.C. In addition, we ask you to send or post this survey to anyone or place that would have knowledge of cryptographic products. Inquiries about this survey may be made to the Cyberspace Policy Institute at cpi@seas.gwu.edu or (202) 994-5512. This survey may also be found on the CPI Web site at http://www.seas.gwu.edu/seas/institutes/cpi. Your cooperation is greatly appreciated. Professor Lance J. Hoffman, The George Washington University David Balenson, NAI Labs, The Security Research Division of Network Associates NON-U.S. CRYPTOGRAPHIC PRODUCT SURVEY DATE: COMPLETED BY: Your Name: Phone: E-mail: NAME AND ADDRESS OF MANUFACTURER Name: Address: City: State: Zip Code: Country: URL: MANUFACTURER CONTACT INFORMATION Name: Phone: E-mail: Title: FAX: 800#: PRODUCT DESCRIPTION Name (including model and version information): Product-specific URL: Is it software-only, hardware-only, or a software/hardware combination? What does it encrypt (e.g., disk, file, communications, FAX, voice, magnetic tape, electronic mail)? If embedded software or hardware, what platforms does it support (e.g., PC, Mac, UNIX workstation, IBM mainframe), else if standalone hardware, what interfaces does it support (RS-232, telephone, V.24, V.35)? If software, is it in the form of a kit or as an end-user program, else if hardware, what is the embodiment (e.g., chip, board, PCMCIA card, smart card, box, phone)? What algorithms does it employ for data encryption (including proprietary algorithms and key length)? If applicable, what algorithms does it employ for key management (including proprietary algorithms and key length)? If applicable, what algorithms does it employ for data authentication (including proprietary algorithms)? How is the product sold or distributed (e.g., store front, mail order, telephone order, World Wide Web, anonymous ftp over the Internet)? If applicable, what is the quantity one purchase price? (Optional) Approximate number of units sold or distributed? (Optional) Approximate date product was first available? Please provide a list of the names and relationships of any associated companies (e.g., parent company, sister company, distributors). Include full address and contact name, title, phone, FAX, and e-mail address.Other information: Please Provide a Copy of Any Relevant Product Literature. Send completed forms and product literature via e-mail to cpi@seas.gwu.edu or via fax to the Cyberspace Policy Institute at 202- 994-5505 in Washington D.C. Thank You! This survey is part of an ongoing worldwide study of cryptographic products started in April 1994 by Trusted Information Systems and Dr. Lance J. Hoffman of the George Washington University. The December 1997 summary results of the survey are available on the World Wide Web at http://www.nai.com/products/security/tis__research/ cryptolCrypt__surv.asp. B. SUMMARY LISTING OF FOREIGN CRYPTOGRAPHIC PRODUCTS The following table is a summary listing of the foreign products currently contained in the cryptographic product database. We cannot guarantee the accuracy and completeness of this information. In many cases, products may support additional platforms or interfaces, encrypt additional types of information, include additional embodiments, or support additional encryption algorithms. Additional information will be available on the NAI Labs Crypto Products Survey Web page at http:// www.nai.com/products/security/tis__research/crypto/crypt__surv.asp. [GRAPHIC] [TIFF OMITTED] T9984.010 [GRAPHIC] [TIFF OMITTED] T9984.011 [GRAPHIC] [TIFF OMITTED] T9984.012 [GRAPHIC] [TIFF OMITTED] T9984.013 [GRAPHIC] [TIFF OMITTED] T9984.014 [GRAPHIC] [TIFF OMITTED] T9984.015 [GRAPHIC] [TIFF OMITTED] T9984.016 [GRAPHIC] [TIFF OMITTED] T9984.017 [GRAPHIC] [TIFF OMITTED] T9984.018 [GRAPHIC] [TIFF OMITTED] T9984.019 [GRAPHIC] [TIFF OMITTED] T9984.020 C. FOREIGN ENCRYPTION MANUFACTURERS AND DISTRIBUTORS BY COUNTRY The following table is a summary listing of the foreign companies that manufacture or distribute cryptographic products. [GRAPHIC] [TIFF OMITTED] T9984.021 [GRAPHIC] [TIFF OMITTED] T9984.022 [GRAPHIC] [TIFF OMITTED] T9984.023 [GRAPHIC] [TIFF OMITTED] T9984.024 [GRAPHIC] [TIFF OMITTED] T9984.025 [GRAPHIC] [TIFF OMITTED] T9984.026 [GRAPHIC] [TIFF OMITTED] T9984.027 D. REPORT OF THE PRESIDENT'S EXPORT COUNCIL SUBCOMMITTEE ON ENCRYPTION, WORKING GROUP ON INTERNATIONAL ISSUES The following findings have been adopted by the PECSENC as a reflection of conditions of international competition prior to the U.S. Government's liberalization of encryption export controls announced on September 16, 1998. The liberalization may affect many of these findings, and the findings will be used as a baseline for a review of the effects of the liberalization in future sessions of the PECSENC. 1. The difference between U.S. encryption controls and those of other nations is a serious--but not the only--factor determining success in the computer security market. With or without controls, both U.S. and foreign products are likely to continue to coexist, and other factors are likely to continue to slow deployment of security products. Many foreign companies, for example, especially those influenced by governments, will continue to favor domestic security solutions, and many computer users will not deploy serious security technology until there have been major incidents with losses that can be attributed to lack of encryption. 2. Nonetheless, the adverse impact of controls on U.S. industry is palpable. For many software applications, business customers simply demand security and encryption; it is a checklist item, and its absence is a deal breaker. While simply counting the number of foreign encryption software products in the market is not an accurate measure of the impact of controls, one particularly serious risk is that non- U.S. companies will use their ability to export stronger encryption as ``leverage'' to dominate particular applications. This has happened in at least one field--Internet banking--and may occur in other areas of electronic commerce. Brokat, a German company that scarcely existed four years ago, now has 250 employees and offices in several countries including the United States. Brokat's specialty is Internet banking and electronic commerce, but it broke into that business on the strength of being able to offer stronger encryption than German banks could obtain in Netscape or Microsoft browsers. It is now a major player in this niche, with 50% of the European Internet banking market and enough U.S. customers to justify a 20-person U.S. branch office. Meanwhile, encryption constitutes 10% or less of Brokat's revenue, and it has expanded its initial Internet banking offerings to include support for other forms of electronic commerce. Loss of U.S. competitiveness in the electronic commerce software market obviously raises concerns not just about encryption software but other software opportunities. Indeed, it foreshadows a weakening of the U.S. position as a leader in electronic commerce generally. 3. The persistent emphasis in U.S. export control policy over the past two years on key recovery, or ``lawful access,'' has also taken a toll on the credibility of U.S. security products. Key recovery continues to find a market. Business wants to ensure that data are available for corporate purposes, including litigation. Key recovery is seen as an important feature for stored business data (though not for communicated data in transit). But the use of export controls to drive the key recovery market further than it would go by itself is hurting U.S. industry. Foreign governments and competitors, particularly in Europe, have misinterpreted this U.S. policy, perhaps deliberately. In essence, foreign customers are told often by their governments as well as local security companies that all U.S. encryption products come with a back door allowing the U.S. government to read the contents. In part this is the result of outmoded ``Recovery'' supplements to U.S. export rules that demand an unrealistic level of U.S. government access to key recovery products. In part it reflects the hostility of many foreign governments toward U.S. key recovery and access policies. It also reflects the fact that some countries will simply never rely on security products that are not home-grown, and misunderstanding U.S. key recovery policies may simply be a handy stick to beat U.S. products with. But it is unfortunate that the U.S. government has provided such a large and easily wielded stick. 4. U.S. controls are driving many U.S. companies into ``cooperative arrangements'' with foreign encryption suppliers. These cooperative arrangements allow U.S. companies to provide complete security solutions by encouraging their foreign partners to marry foreign-made crypto with U.S. commercial applications. These cooperative arrangements are highly risky under U.S. Iaw, but they are not unlawful per se. Given the stakes, many companies have been prepared to take risks under U.S. law, and it is expected that more will do the same. The result is that U.S. policy has fostered the development of cryptographic software and hardware skills outside the United States. German, Swiss, Canadian, Russian, and Israeli cryptography companies have all benefited from this unintended consequence of U.S. encryption policy. 5. The U.S. government has made efforts to ``level the field'' of disparate export controls for encryption through negotiations under the Wassenaar Agreement. The U.S. proposal that 56-bit encryption become a new ``floor'' for encryption exports under Wassenaar, while certainly better than current policy, is likely to be implemented at least a year and perhaps several years too late. In response to the U.S. KMI initiative, which conditionally decontrolled 56-bit encryption in December 1996, other countries also decontrolled 56-bit DES but more or less unconditionally. The countries include Canada and apparently the United Kingdom. And by 1996, other countries, such as Germany, already were approving the export of 56-bit DES to virtually any country for virtually any purpose. Most recently, the exhaustion of a 56-bit DES key using a machine built for a quarter million dollars has entirely discredited DES as a serious security tool for valuable secrets. Single DES remains a useful tool for assuring privacy against a wide variety of potential adversaries and snoops, but decontrolling 56-bit encryption will not provide a significant boost to the competitiveness of U.S. technology for serious security applications. 6. Process and timing: In 1995, the State Department approved routine license applications for the export of encryption in less than a week on average. This was when the State Department had jurisdiction over encryption and NSA staffed the State Department's office and handled all encryption license applications. This is no longer the case. The Commerce Department has staffed up heavily in the encryption field, but its processes now include parallel reviews by the FBI and NSA under a 30-day deadline that can be extended further with a simple ``no'' vote by either agency. For whatever reason, these agencies are now taking the full 30 days--and often 90 days. Against a backdrop of continued export liberalization over the past four years, this degradation in export control performance strikes a jarring note. The Commerce Department's performance in this area is not necessarily out of line with the performance of other countries. The German government often takes two to three months to approve a license for a new product and six weeks to approve a license for routine shipments. The difference is that German companies know with certainty that a license will be issued at the end of the process; and the German government imposes no key recovery requirement on exporters. Therefore, they can make commitments to deliver products that require a license even before they get the license. In the United States, both the FBI and NSA have at times cast votes intended to roll back existing policies, and they have at a minimum managed to stall licenses that seemed to fit existing policy. A key recovery policy, for example, has been applied sporadically to U.S. multinationals and with some inconsistency to other exports. For this reason, it is not prudent for exporters to assume that a license will be issued or to make commitments on the assumption that the license will be issued--even when existing policy makes it seem likely that a license will eventually be granted. Because an RFP by a foreign company may provide only 30 days for responsive proposals, and the proposals often must include an assurance that an export license will be obtained, some U.S. companies lose bidding opportunities simply because the U.S. government does not process licenses quickly enough. In other respects, of course, Commerce Department practice is a large improvement over State's performance. This is particularly true for controversial licenses, on which Commerce typically forces a decision over a course of months. In contrast, State Department licenses could be held up for months without any explanation and there were no deadlines for resolving interagency disputes. Nonetheless, it seems clear that the Commerce Department and the other participants in the encryption licensing process should adopt additional procedures to speed the granting of relatively non-controversial licenses. Senator Frist. Thank you very much, Mr. Hoffman. Let me begin with Mr. Bidzos. You mentioned that the Administration probably underestimates--you did not say ``probably''--underestimates companies overseas, and you mentioned the 3-year delay. Could you comment on both of those? Mr. Bidzos. Yes, Mr. Chairman, I would be happy to. When I testified almost 10 years ago I was predicting that we would do economic harm to ourselves if we continued to control encryption, and that turned out to be true. It took 9 years for us to really see it. In fact, we warned at the time that by the time we could point to the damage--because the Administration was saying, ``Show us where the harm is, show us how you are being hurt,'' and my response was: ``By the time I can show you lost market share, it is probably too late for you to help me get it back at that point.'' So let me now again, 9 years later, look out 3 years and see what might happen. First of all, I think the Administration underestimates the extent to which foreign competitors wish to emulate us. Look at the role that information technology plays in the growth of the U.S. economy. It is absolutely the driving force. It is the engine that is driving unprecedented economic growth, unprecedented in history. The amount of jobs created, the amount of revenue generated, the amount of innovation, the absolute dollars involved are absolutely unprecedented. Our foreign competitors are quite aware of this. They are starting to tap public markets for funds to grow. They are starting to target opportunities created by U.S. export policy. Two quick examples of how they are doing that and what the stakes involved are. First of all, they are actually starting to identify larger products of which encryption is a critical feature and they are starting to build products of those types. They are seeing an opportunity not only to get the encryption revenue, but to get 2, 3, 10, or 20 times the encryption revenues by making a complete product sale. They also, of course, just by virtue of coming into business as an encryption company because of the opportunity created by U.S. export law, exist and therefore they are able to take advantage of opportunities that they see. If not for export law, they would not even exist. There is a company in Germany called Brokat which now employs over a thousand people, has raised money in the public market with a very successful public offering, would not exist if it were not for the opportunities created by U.S. crypto. To go directly to your question, the 3-year timeframe before we can export encryption as strong as the AES, well, first of all, everybody knows that 3 years today is like 15 years was 10 years ago. We live in the Internet age and things happen very, very quickly. Three years is a lifetime. Those companies will exploit opportunities in ways that I mentioned and in other ways that we cannot imagine. But the real price that we will pay is this. They essentially--it is not a national information infrastructure we are talking about, as the Vice President used to call it. It is a global information infrastructure, there is no question whatsoever. If you look in today's papers, you will conclude very quickly that around the clock global trading of securities is just around the corner. That is not going to happen without a secure information infrastructure and that information infrastructure will be secured, it will be global. The only question is who is going to build it. The way things sit today, U.S. companies will not build it. U.S. companies will not play the role in building it that they might play. So these infrastructures that get built are I think critically important in ways we cannot appreciate right now. The company that gets in and builds the infrastructure will have the inside track in selling products and services for 2, 5, 10, and maybe even 20 years down the road because of that early position they stake out for themselves as the infrastructure provider. They set the standards, they have the relationship, etcetera, etcetera. So this 3 years I am afraid is going to cost us tremendously. Senator Frist. In S. 798 we streamline the procedure for receiving an export license by putting a maximum number of days in each step, and you argue that is not enough. Are you arguing for an alternative or are you saying that there should not be these export control policies? Mr. Bidzos. Well, maybe I can answer that question by referring to something that Secretary Reinsch said. Secretary Reinsch compared encryption in one respect to supercomputers, machine tools, biotech, and said that if foreign availability were the sole criteria we would have no export controls on all of those other products. I would submit that encryption does not belong in that category. If you want to build a supercomputer, if you want to build one and build a lot of them in particular, you need to have incredibly sophisticated technology to manufacture these computers. It is incredibly expensive. You need people with tremendous specialized skills. Just building the systems that can cool the operating supercomputer is incredibly sophisticated. The same is true of manufacturing machine tools. The same thing is true of biotech. You need sophisticated technology just to build the laboratories, the tools, the instruments. For encryption all you need is a high school textbook and a personal computer. I guess you need Internet access, too, so that brings it down to about 100 million people who are probably capable of doing it. All you need to get into business and duplicate and sell that software is a web site. That may bring it down to 80 million, but it does not get much smaller than that. You have got companies in South Africa, in Estonia and other places who advertise the fact that they can simply ship you strong encryption that is not subject to U.S. export controls. So we are really in a different situation, where the technology is available and we are not competitive. Senator Frist. Thank you. Professor Hoffman, you have been studying the growth of foreign encryption products for a long time and I appreciate your work very much and your written testimony as well. Do you believe that U.S. export controls have been effective in controlling the development of encryption overseas? Dr. Hoffman. Well, I think you can see from the results of our survey they have been, I would say, marginally effective. They have had some effect, but I think overall the market has had more effect than the U.S. legislation. Senator Frist. Mr. Aucsmith, do you have comments on anything that has been said? Mr. Aucsmith. I would make one slight addition to Jim's statement about our 3-year window. That has two parts to it. One thing is that the international Internet as we now know it exists because there are international standards. That is what allows everything to work together. It is the glue that holds things together. At this time there are two particular standards being defined worldwide that deal with the security. IPsec, the Internet Protocol Security Standard, the very thing that will secure point to point connections on the Internet, is being finalized, and already there are many, many countries producing technology that will go into that. If my company and others in the United States cannot participate for 3 years, we will be locked out forever. It is that simple. The second is, and this is particular to hardware, while we might think we move at an Internet speed, our development cycles mean that there is a long lead time on the piece of hardware, but in the microprocessor area I am working on a microprocessor design that you will not see until the year 2003. I have to make a billion dollar bet today on whether or not I can export that in 2003. It is very, very hard without some assurance of what the world will look like in terms of legislation at that particular time. So we will be held out. Every day that this is delayed is a day that we miss products a long time from now. Senator Frist. Mr. Aucsmith, could you comment on who should be the trusted parties for recoverable, key recoverable products? Mr. Aucsmith. Actually, as I stated before, I am not in favor of key recoverable products, for two primary reasons. One is I think that they fundamentally will not work well, for communications products I do not think that there is any market for that. There is no market need. One could be created artificially by government regulation, but there is no market need. For stored data, I think the majority of data--in order to be of any use, information has to be shared. It is a rare commodity in information that is valuable and not shared, meaning that if the proverbial person is hit by a bus it is unlikely that he or she is the only one that has access to that information. In fact, in most corporations mission-critical information is stored on databases and is kept in separate mechanisms that have separate access control. I submit that corporations have been dealing with this for quite some time already. So I would say that in general there should not be trusted third parties, at least not for the key recovery or access control point of view. Senator Frist. Mr. Bidzos, could you tell me a bit more, the committee a bit more, about the Internet standards in setting security requirements? Is the 128-bit encryption now the norm? Mr. Bidzos. Yes, it is, Mr. Chairman. There is absolutely no question about that. In fact, both in and outside the United States that is the case. Now, I know some of the other witnesses said that it is not used quite as widely as you might be led to believe. I think certainly in the past we have been guilty, as people in industry, of trying to look out into the future and saying, well, this is what is going to happen to us if these export control policies do not change and, sure, maybe we have tended to sort of look at the worst case scenario or closer to that maybe than the middle. But I think the Administration is guilty of some of the same. Let me give you a couple of specific examples. If you want to bank online with Wells Fargo in California or if you want to access your mutual fund account at Fidelity or any other of scores of financial services institutions, if you want to buy or sell stock online with E-trade, your browser must have 128- bit encryption or you cannot do it. Their servers are configured such that nothing but a browser enabled at 128 bits will work at all. So even in cases where some people are using the ``exportable'' lower key lengths in some of these browsers, the primary reason they are doing it is because they are not aware that they are doing it and they have not upgraded. But as soon as they try to use one of these services, they find out that they need to upgrade. This is in the United States. Only under certain conditions can those be sold outside the United States. So the standards that David alluded to are being developed. They are global standards. The participants in the standards- making process are from all over the world. And David is absolutely right that companies outside the United States are rapidly moving to build products that comply with those standards and, as we heard from the earlier panel, those foreign competitors of ours will be able to sell worldwide, including in the United States, and we will not. And that is a competitive disadvantage that we will find it very difficult to live with and that we will probably never recover from if we have to wait 3 years. Senator Frist. With key length clearly being a moving target even in one hearing, but also as we project ahead, and you are developing products for 3 years from now, and we know that technology is going to progress much faster and that is sort of the theme of this morning, we have advocates for the 128-bit encryption products rather than 64-bit products. How do you propose that we deal with these technological changes legislatively so that we do not have obsolete legislation within 6 months of the time we pass it, recognizing the changes that are under way? Anybody on the panel? Mr. Aucsmith. Mr. Aucsmith. There is a fallacy in trying to regulate technological advancement in general. If you tie it to specific technologies--and in this case, tieing it to specific bit lengths I think it is tieing it to specific technologies. We cannot anticipate necessarily what the market will want 3 years from now in terms of bit length. I would submit that the best way to deal with this in a legislative point of view is to deal with the effects of the technology rather than the technology itself, because I think there is a treadmill that you could get on, having to revisit this very issue every 3 years, which I do not think would be productive for anyone involved. I think if you have it welded to some specific value or some specific technology or specific implementation, you are rife with that. Dr. Hoffman. Mr. Chairman, I agree with the previous witness. It is ill-advised to legislate using bit length only or even some other technological mechanisms. What we have seen in the last several years on this is people focusing on specific things like bit length and avoiding the inevitable, which is what is going to happen when we do have, if you will, ubiquitous, strong, secure encryption. What kind of world is it going to be, how are we going to operate? We have seen a lot of government resources devoted towards this battle, rather than towards looking at the future and trying to shape it in a more reasonable way. Senator Frist. Could you, any of the panelists, comment on what efforts are being made by industry to address the law enforcement agencies' security concerns and develop viable schemes? What is being done? Where are we today? Mr. Aucsmith? Mr. Aucsmith. Obviously, the majority of industry is extremely sensitive to the realities of both law enforcement and national security issues. I would submit that I am personally scared of what the future could hold. I think we all should be along those lines. What we are doing to try to prevent a disaster, if you will, is if you believe that there is an inevitability of this technology being available and its widespread use is inevitable and I think that is about the main point that we tend to disagree with the Government on, is the speed and inevitability, if you will, of that happening the only way to deal with this issue is for a very close cooperation between the industry that is creating the change and innovating the change and the law enforcement and intelligence communities that need to be able to on occasion use that change to their advantage. I think things like the national technical center for FBI's competency, I think that is exactly the correct step in the right direction. I think closer cooperation between industry and the Government in terms of assessing vulnerabilities and assessing strengths and weaknesses of various technologies I think is also part of that. If you will, no commercial product will ever be 100 percent secure because it is not really economically feasible for us to squeeze that last couple of percent out of it. So there will always be vulnerabilities in almost anything that is put out there. Currently those vulnerabilities are exploited by what we would call hackers, if you will, to coin from recent movies, the dark side. What we should be able to do as a government and as responsible industry is, if you will, make the Government the better hackers. It is relatively that simple. Senator Frist. Comments, Mr. Bidzos? Mr. Bidzos. Yes, Mr. Chairman. Thank you. Well, I guess part of the problem is I think that industry has sort of been busy actively rebuffing a lot of proposals from government over the last dozen years. For example, in 1993 the so-called ``Clipper Chip,'' the first government solution to government access--take my product, embed it in all the products that you build, and that will give me the access--was rebuffed. It just was not something anybody wanted to use. Later came key recovery and I think government again failed to realize how industry would view key recovery. One simple analogy I can offer you from some of my experience in talking to people in the end user community in large end user organizations, financial companies. One of them described it very well to me, why they objected to some sort of government access to keys. They said: ``Well, darn it, the Government just does not understand how things work out here.'' They said: ``Look, if we are involved in some sort of litigation or some other form of legal dispute, perhaps even being sued by the Government, some sort of antitrust action for example, in all these cases the way the drill works is as follows: A subpoena is delivered, our lawyers review it, and we produce the documents that comply with the request.'' We do not give them a key and say: ``Look, the documents are stored in that building; here is the key; find what you need and take it, and we will see you later.'' Essentially, that is how they viewed the proposal for government access to encryption keys, and I think that analogy actually holds up very well. So you can understand why people resisted it. People do not give some third party a copy of all of the physical keys to their facilities. They have some small organization, a security organization, inside their own company that manages that. So again, some close cooperation I think would go a long way towards easing, bridging the gap. However, if, as is currently happening, all of the people developing this technology happen to be located in Israel, Singapore, Japan, Ireland, and Germany, it is going to be pretty tough for the U.S. Government to interact with them and learn and understand and develop products that meet the needs of worldwide industry and certainly U.S. industry. I think that helps. To me that sort of indicates one of the problems with the current policy. It is gambling heavily. I do not have a security clearance and I do not know what it was that Director McNamara might have been referring to when she said she would offer some testimony about the threats of ubiquitous encryption, she would offer that in a closed session. But after this many years in the business and spending a lot of time with people who are in that part of it--in fact, I have often awaken at night having dreamed that I was served with a clearance for some of the things I have probably heard I should not have--I think it is fair to say that more than likely it comes down to ubiquitous encryption increasing the cost and complexity of intelligence gathering. What we have to weigh against that additional cost is the cost to industry in the future. I think for the first time certainly since I have been in this business for 14 years, we are starting to actually be able to see and identify and quantify some of the costs to us of maintaining the current policies. So hopefully we can strike that better balance. I think the PROTECT Act with some additional amendments would strike a far better balance than we have now. Senator Frist. Thank you. Clearly, today's discussion centers on the security of our Nation, the wellbeing of our Nation, and it is clear that we cannot bind the hands of our American businesses in this new economy that we have all seen really flourish over the last 10, 15, 20 years, and especially over the last 3 to 4 years. We need to make sure that we can compete nationally, internationally. Otherwise we will surrender our global leadership position. As Federal lawmakers and policymakers, we need to be proactive and we need to be educated, and thus I thank all of our panelists today for participating in that process in this complex policy debate. A number of my colleagues, the chairman and Senator Burns and Kerry and Abraham and Wyden and a number of others, have worked very hard, and I thank them for their dedication to an issue that is incredibly important to business, to security, and to the national interest. I want to thank this final panel today, as well as the panels earlier. We will continue to work with you on this very complex but very important policy debate. With that, we stand adjourned. [Whereupon, at 11:45 a.m., the committee was adjourned.]