Testimony of Rep. Bob Goodlatte (R-VA).
Re: Senate Commerce Committee hearing on S 798, PROTECT Act.

Date: June 10, 1999.
Source: Office of Rep. Bob Goodlatte. This document was created by scanning a paper copy, and converting to HTML.
goodlatte.jpg (6788 bytes)


Thursday, June 10, 1999

Mr. Chairman, I would like to thank you for inviting me to testify today on legislation you have introduced -- S. 798, the PROTECT Act of 1999 -- to encourage the use of strong encryption.

As you know, I have worked for many years on the encryption issue in the House. The legislation I have introduced this Congress, H.R. 850, the Security And Freedom through Encryption (SAFE) Act of 1999, currently has 257 cosponsors, including a majority of both the Republican and Democratic leadership. The SAFE Act has passed the House Judiciary Committee by voice vote, and is now pending before the committees on International Relations, Commerce, Armed Services, and Intelligence. Each of these additional committees is expected to act soon on the legislation, and it is my hope that the SAFE Act will be considered by the House in the summer or early fall.

Encryption has many benefits. First, it aids law enforcement by preventing piracy and white-collar crime on the Internet. Several studies over the past few years have demonstrated that the theft of proprietary business information costs American industry hundreds of billions of dollars each year. The use of strong encryption to protect financial transactions and information would prevent this theft from occurring. With the speed of transactions and communications on the Internet, law enforcement cannot stop thieves and criminal hackers by waiting to react until after the fact.

Only by allowing the use of strong encryption, not only domestically but internationally as well, can we hope to make the Internet a safe and secure environment. As the National Research Council's Committee on National Cryptography Policy concluded, "If cryptography can protect the trade secrets and proprietary information of businesses and thereby reduce economic espionage (which it can), it also supports in a most important manner the job of law enforcement. If cryptography can help protect nationally critical information systems and networks against unauthorized penetration (which it can), it also supports the national security of the United States."

Second, if the Global Information Infrastructure is to reach its true potential, citizens and companies alike must have the confidence that their communications and transactions will be secure.

Third, with the availability of strong encryption overseas and on the Internet, the Administration's export restrictions only serve to tie the hands of American business. Due in large part to these export controls, foreign companies are winning an increasing number of contracts by telling prospective clients that American encryption products are weak and inferior, which is robbing our economy of jobs and revenue. In fact, one noted study found that failure to address the current export restrictions by the year 2000 will cost American industry $60 billion and 200,000 jobs. Under the current system, America is surrendering our dominance of the global marketplace.

The SAFE Act remedies this situation by allowing the export of generally available American-made encryption products after a 15-day, one-time technical review. Additionally, the bill allows custom-designed encryption products to be exported, after the same review period, if they are commercially available overseas and will not be used for military or terrorist purposes.

The SAFE Act enjoys the support of members, individuals and organizations across the entire spectrum of ideological and political beliefs, not only because it is a common-sense approach to solving a serious problem, but also because ordinary Americans' privacy and security is being assaulted by this Administration.

Amazingly enough, the Administration wants to mandate a back door into peoples' computer systems in order to access their private communications. In fact, the Administration has stated that if people do not "voluntarily" create this back door, it may seek legislation forcing them to give the government access to their information, by mandating a "key recovery" system requiring people to give the keys to decode their communications to a government-approved third party. This is the technological equivalent of mandating that the government be given a key to every home in America.

Mr. Chairman, I would like to note with great appreciation the position you have taken on this issue in the PROTECT Act. I couldn't agree more with the domestic-related provisions of your legislation, which -- like the SAFE Act -- prevent the Administration from placing roadblocks on the information superhighway by prohibiting the government from mandating a back door into the computer systems of private citizens and businesses. Additionally, both the PROTECT Act and the SAFE Act ensure that all Americans have the right to choose any security system to protect their confidential information.

On the issue of export relief, I would also like to commend you for the changes you have made in this year's bill. Certainly the immediate decontrol of 64-bit encryption is helpful to our industry, as are the provisions allowing the export of stronger encryption to, as you have called them, "legitimate and responsible entities or organizations and their strategic partners," and the unlimited export of encryption once the new AES standard is developed and implemented. These are marked improvements over the export restrictions contained in S. 909 from the last Congress.

However, I would like to encourage you to consider further changes in this area, along the lines of those contained in the SAFE Act. Our industry needs export relief now -- I do not believe that it can afford to wait until the AES standard is adopted a few years from now. And while the immediate decontrol of 64-bit encryption is better than the Administration's current 56-bit level, the industry standard is currently 128-bit encryption -- which consumers and companies alike are demanding to protect their communications and transactions. So as the PROTECT Act moves through the Senate, I encourage you to continue to look for ways to provide further export relief to U.S. industry.

I would also like to note that the SAFE Act does not completely eliminate export controls on encryption products. Like the PROTECT Act, the SAFE Act allows the President to prohibit encryption exports to terrorist states and impose embargoes, and allows the Secretary of Commerce to stop the export of specific products to specific individuals or organizations in specific countries if there is substantial evidence that they will be used for military or terrorist purposes. And as NSA Deputy Director Barbara McNamara recently testified before the House Commerce Committee, "end uses and end users are what we use to determine whether a product should be exported -- this is official government policy."

With the millions of communications, transmissions, and transactions that occur on the Internet every day, American citizens and businesses must have the confidence that their private information and communications are safe and secure. Again, thank you for allowing me to testify today, and I look forward to working together with you as the PROTECT Act moves through the Senate and the SAFE Act moves through the House.