The Center for Democracy and Technology (CDT) is pleased to have this opportunity to testify once again about U.S. encryption policy before the House Committee on International Relations. CDT is a non-profit public interest group dedicated to promoting civil liberties and democratic values on the Internet. CDT testified two years ago before this subcommittee in support of the Security and Freedom through Encryption (SAFE) Act, and developments since have made the need for encryption policy reform even more acute.

The last two years have made it more clear than ever that Congress should enact SAFE:

• Developments of the last two years have confirmed the need for fundamental revision of U.S. encryption policy. Since this Subcommittee's last encryption hearing in May 1997, 56-bit products (the highest strength freely exportable from the U.S. today) have been cracked, key recovery has failed in the marketplace, and overseas the trend continues toward liberalization and away from further controls.

• Over the last two years the Administration has made only incremental changes to a U.S. encryption policy that jeopardizes privacy online. The Commerce Department regulations released in December 1998 did little to change the fundamental approach of export controls and incentives for key recovery.

• Two years have shown that "key recovery" and "plaintext access" systems are not the solution. Government-driven recovery systems requiring backdoor access to encrypted data would impose significant new costs and risks on computer users and would dramatically increase the surveillance capabilities of law enforcement at the expense of Constitutional liberties.

• Today it is clear that national security and law enforcement are best served by policies supporting the widespread use of strong, unescrowed encryption. Current U.S. policy dangerously impedes the deployment of accessible, easy-to-use, global security systems for the Internet that are needed to protect our privacy and our critical infrastructures.

Two years ago, there were about 50 million people on the Internet. Today that number has nearly tripled to 140 million people worldwide. Surveys indicate that the number one issue for people as they move online and begin to participate in electronic commerce is privacy and security. The Internet has vast potential to reinvigorate democracy, provide access to information, create new forms of community, and promote economic growth. But the promise of the Internet will not be met unless people can trust it. Widespread availability of strong encryption without backdoors is needed to provide that trust. The export control relief in SAFE is essential to protecting privacy online around the world and at home.

Several points about encryption export controls are central to this Subcommittee's inquiry into encryption:

• Encryption export controls hurt privacy at home and abroad -- Export controls limit the availability of encryption both internationally and domestically. That is their purpose and their effect. By limiting the spread of U.S. encryption outside the U.S., they make it harder for people in the U.S. to communicate securely with colleagues, business partners, family members, and others abroad. By "dumbing down" the security standards being built into the common products, they slow the use of encryption by law-abiding citizens in the U.S. By limiting the technical means of protecting information online, they leave our privacy unprotected in a world where Fourth Amendment protections stop at the border and information is not legally protected worldwide.

• Good encryption is increasingly available from foreign suppliers -- Some of the best encryption is now produced abroad, and world-class strong cryptography is now widely available outside the United States. The result is that criminals, terrorist organizations, and rogue governments all have access to the strongest encryption, while law-abiding individuals around the world still do not have strong encryption in the mass-market products they use.

• International agreements, such as the Wassenaar Arrangement, do not preclude export relief -- Recent extensions to the Wassenaar agreement still allow export of strong products and do little to change the international availability of strong encryption. Many Wassenaar signatories, such as Ireland and Canada, continue to allow export of the strongest products. Many other important encryption producers are not Wassenaar signers. Ultimately, Wassenaar is unlikely to significantly bolster global export control.

• The courts continue to find encryption export controls unconstitutional -- Earlier this month, the Ninth Circuit Court of Appeals ruled that current export controls on encryption source code violated the First Amendment. While the decision is likely to be appealed -- leaving many still in need of immediate relief -- it is highly significant that yet another court has now found that the Administration's urgent national security claims do not override the constitutional infirmity of such regulations vesting "boundless discretion in government officials."

The Administration's basic approach to encryption has failed. Congressional action is needed. While CDT remains concerned with the criminal provisions in the SAFE Act, overall the SAFE Act of 1999 improves on previous versions of the bill and would help provide Americans with the strong security and privacy products they so badly need. CDT commends Chairwoman Ros-Lehtinen, Representative Gejdenson, and the other cosponsors of the SAFE Act for their continued commitment to the protection of privacy online.

Developments of the Last Two Years Have Confirmed the Need for
Fundamental Revision of U.S. Encryption Policy

Two years ago, this committee held a hearing on encryption strikingly similar to the one being held today. Privacy advocates and industry representatives testified about the need for new encryption policies, and Administration officials argued that new regulations would allow U.S. policy to satisfy the competing interests at hand. In retrospect, the rapid pace of technical and marketplace developments over the last two years has made it clearer than ever before that the U.S. approach to encryption policy remains fundamentally flawed.

C. The world is not adopting U.S. encryption control policies.

D. The Administration has proven unable to engage in comprehensive reform.

Today's export controls continue to limit the availability of strong encryption products both domestically and abroad. Such controls directly limit the availability of strong encryption products outside of the U.S., of particular concern to human rights groups and other organizations abroad. Export controls affect people in the U.S. when they communicate abroad, since they may be forced to use the lower levels of encryption available to parties worldwide. Most importantly, export controls have slowed the deployment of strong encryption standards. While some strong encryption products are available to consumers, export controls have largely slowed the seamless integration of good security systems into operating systems, network protocols, and many applications. Encryption should be easy for consumers; because of federal regulations, it is not.

The most recent December 1998 encryption regulations, while a welcome step forward by the Administration, do not change the fundamental premise of U.S. policy: export controls on all but the weakest encryption for mass market consumers, and strong incentives for the use of key recovery and plaintext access systems. The sectoral relief provided for foreign subsidiaries of U.S. companies, certain industries, and online merchants does little to provide regular consumers with strong encryption. Export controls remain a powerful incentive to adopt key recovery and plaintext access systems. The piecemeal relief offered by the regulations raises the question: When do regular people get to protect their privacy online?

Computer users remain at risk, awaiting the widespread deployment of encryption and facing increasing threats to their unprotected information.

Ideas cannot be stopped at the border, and so it is no surprise that strong encryption products are increasingly being produced abroad. Surveys have documented literally hundreds of encryption products produced outside of the United States, many of them stronger than the limits imposed on U.S. exports. [ 8 ] The open, global, decentralized nature of the Internet makes transfer of encryption software around the world a simple matter. For example, a short online search reveals a sample of Web sites from around the world (see Figure 1 below) distributing free versions of the popular 128-bit encryption software "Pretty Good Privacy" (PGP). PGP is distributed on Web sites around the world ranging from those run by well-known organizations, to those provided by Internet Service Providers, to individual home pages.

While some have argued that foreign encryption is easily broken, there is much reason to believe that much of the internationally-produced encryption is just as secure as American encryption. Cryptography has become a global science. Many cryptography researchers live outside of the U.S. Many of the important cryptography conferences are held outside of the U.S. each year. Some of the most important advances in cryptography have been made by researchers outside of the U.S. For example, just this month an important new method for attacking encryption systems was released by Israeli cryptographer Adi Shamir.

Other examples of high quality foreign cryptography can be found in the ongoing efforts of the National Institute for Standards and Technology (NIST) to create a new Advanced Encryption Standard (AES), due to be completed by 2002. NIST solicited submissions for the AES algorithms, expected to become the world-class standard for the strongest (128-bit and higher) encryption products. Of the 15 submissions NIST received, ten were from industry and university researchers based in countries outside of the United States -- including Australia, Belgium, Canada, Costa Rica, England, France, Germany, Israel, Japan, and Korea.

The Clinton Administration has long argued that the world community would imminently agree to limit the spread of encryption. In December 1998, the Administration claimed victory when 32 other nations agreed under the Wassenaar Arrangement to create a separate category for encryption products, removing encryption of 64 bits or greater from the General Software Note, a license exception for software products that are generally available and in the public domain. [ 9 ] Administration officials claimed that the amendments to Wassenaar "closed a loophole" by creating an international ceiling on bit-length. [ 10 ] However, the Wassenaar Arrangement does not impose multilateral controls on encryption products as the Administration claims.

Administration officials have argued that the export liberalization provisions in SAFE would violate the Wassenaar Arrangement. [ 11 ] However, Wassenaar does not impose multilateral export controls, but rather provides a set of non-binding guidelines for participating countries to follow in the spirit of international stabilization. Compliance with standards set by Wassenaar is entirely at the discretion of each participating country: "All measures undertaken with respect to the arrangement will be in accordance with national legislation and policies will be implemented on the basis of national discretion." [ 12 ] The member countries are not required to adopt Wassenaar standards, and there are no penalties for exercising national discretion. Several Wassenaar signatories such as Canada, Finland, and Ireland readily allow the export of strong encryption products.

Moreover, several important countries that are not members of Wassenaar — Israel, China, and India — allow export of strong encryption.

The SAFE Act is completely consistent with the letter, and the spirit, of Wassenaar. It eases export controls on encryption products that are already generally available on the international market. The bill also prohibits mandatory key escrow, a system that is being rejected by the international community because it imposes serious privacy risks on the encryption user. SAFE also includes provisions that allow the Secretary of Commerce to prohibit export of specific encryption products to specific countries if "such encryption products will be used for military or terrorist end-use."

The law enforcement community in general has variously endorsed "key escrow," "key recovery," and other forms of "plaintext access" as its favored approach to encryption policy. These variations on the failed "Clipper Chip" policy seek to guarantee third-party access to the keys for all encrypted communications and stored data without the notice or consent of the key owners. Such proposals have been greeted with much skepticism and concern from the global Internet community.

The attempt to institutionalize key recovery worldwide is a fundamental threat to privacy and security both domestically and abroad:

• Global key access systems are vulnerable and unproven -- Centralized "back-door" access to the billions of keys used by millions of computer users will introduce new vulnerabilities into a medium that is already difficult to secure. In 1997, eleven renowned computer security experts issued a report on key recovery concluding that, "Building the secure infrastructure of the breathtaking scale and complexity demanded . . . is far beyond the experience and current competency of the field. Even if such an infrastructure could be built, the risks and costs of such a system may ultimately prove unacceptable." In 1998 these experts revisited the question and confirmed that their conclusions remained essentially unchallenged.
[ 13 ]

• The Fourth Amendment does not adequately protect key recovery systems both outside and inside of the U.S. -- The Administration has been unable to explain what legal standards will internationally protect the communications and data of U.S. individuals and businesses. Moreover, the Administration has indicated that the full Fourth Amendment standards of probable cause and notice would not apply to encryption keys held by third parties, even within the U.S. In a world where personal data is increasingly legally unprotected in the hands of third parties, key recovery systems further erode a person's ability to protect their privacy.

• Recovery does not address national security needs -- The recovery of a key, under lawful authority and with the assistance of a third party, can be of value to domestic law enforcement. It is of little use for national security signals intelligence purposes, where eavesdropping often occurs abroad without seeking local legal authority and where the assistance of third parties may not be possible.

• Recovery will never be appropriate for some applications -- For example, the American Association for the Advancement of Science has commented on the sensitive and increasingly important use of encryption by human rights advocates worldwide. "If keys can be recovered by the U.S. government, why should human rights organizations whose entire function is defined by abusive governments trust that their information will remain secure?"
[ 14 ]

Despite these concerns, current encryption regulations continue to give many encryption producers a Hobbesian choice: accept key recovery or be forced to export lower strength encryption. Moreover, proposals backed by the FBI in the past have sought to further force U.S. encryption users to adopt key recovery through a number of coercive regulations, including outright domestic mandates. While we are encouraged that the Administration appears to have backed away from mandatory domestic controls, we are wary that it has not denounced this approach. And even the current U.S. encryption policy based on key recovery and export controls threatens to leave global Internet users without the technical means to secure their communications or the international legal standards needed to protect their privacy.

It is increasingly clear that the benefits of widespread encryption far outweigh the costs. The last two years have seen Americans moving their lives online in unprecedented numbers. A Presidential Commission has highlighted the vulnerability of our nation's critical information infrastructure. Together these developments have underscored the importance of securing the Internet, and deploying strong encryption to do so.

Two years ago the national security community seemed to speak with one voice about the danger of strong encryption. Today there has been an increasing recognition of the cost of U.S. encryption policy. As Sam Nunn, Co-Chair of the Advisory Committee to the President’s Commission on Critical Infrastructure Protection, noted in 1998 Senate testimony, "I do think we are in a different era of technology now and I do not think the nostalgia for the old-fashioned wiretap by law enforcement is going to be realistic in this age we are in now. [ 15 ] " Senator Bob Kerrey, an early proponent of encryption controls, argued in an October 1998 speech that "the encryption debate has hobbled our efforts to write laws that enable our law enforcement and national security agencies to carry out their mission" and argued that it was time to "remove export restrictions on encryption products of any strength." [ 16 ]

The benefits of current U.S. policy to law enforcement are uncertain. U.S. policy will not stop sophisticated criminals from using encryption to evade law enforcement. Strong, non-escrowed encryption is already available both inside and outside of the United States today. Foreign governments and criminals have access to these powerful tools and will be able to encrypt data despite continued export controls or key recovery. Furthermore, nothing in the Administration policies prevents users from "super-encrypting" communications even within a key recovery framework.

The law enforcement problems with encryption are important but more limited than claimed. Law enforcement faces a real, but narrowly focused, problem with encryption. Most encrypted information will still be accessible to law enforcement by legal process even in an encrypted world. For example, businesses will be still be required to produce the plaintext of encrypted business records under proper legal process. Stored information, corporate and business information, and even a great deal of electronic communication will most likely be largely available to law enforcement through legal process similar to that available today.

Important challenges remain for law enforcement interceptions of communications or seizures of data without notice to the party under surveillance. This narrower problem must be put into the context of the benefits provided by encryption and the costs associated with key recovery systems. The information economy presents new and powerful tools and opportunities for law enforcement surveillance. Online interaction leaves a detailed trail of electronic transactions, credit card purchases, online communications, and Web-based clickstream data presenting new traffic analysis opportunities. In fact, law enforcement is operating today in a Golden Age of surveillance, with online collections of personal data offering unprecedented new tools to obtain evidence of criminal activity (and raising important privacy concerns that must be dealt with.)

U.S. policy is creating a deficit of trust around important issues we could all be working on together. U.S. policy stands in the way of a growing urgent need for strong encryption products and better computer security in general. As Sam Nunn testified before the Senate last year, "[I]f the deadlock continues as it is today, building the trust required between the public and private sectors in the broad area of infrastructure protection will be even more difficult." [ 17 ] Nunn went on to note that "limiting the power of encryption over the long-haul is simply not going to be feasible." Current U.S. policy dangerously impedes the deployment of accessible, easy-to-use, global security systems for the Internet that are needed to protect our privacy and our critical infrastructure.

On balance, national security demands strong encryption. CDT agrees with the conclusion of the National Research Council's major study of encryption, which argued in its 1996 encryption study, "On balance, the advantages of more widespread use of cryptography outweigh the disadvantages." [ 18 ]