Reaction to Clinton Encryption Proposals

(September 17, 1999) The Clinton administration's encryption policy proposals of September 16 won guarded praise from many encryption rights proponents, including Rep. Bob Goodlatte and Rep. Zoe Lofgren, the sponsor and lead co-sponsor of HR 850, the SAFE Act, and Sen. John McCain and Sen. Conrad Burns, sponsor and cosponsor of the PROTECT Act.

The Clinton administration announced on September 16 a shift in its policy regarding encryption. The proposals, while short on details and still requiring implementation through promulgation of regulations and passage of a bill, would relax encryption export controls and terminate the administration's key escrow proposal.

Members of Congress and representatives of industry applauded the principles set forth in the administration's announcements, but cautioned they wanted to see more details, and implementation. Some questioned whether the administration would actually carry through on its proposals.

Rep. Bob Goodlatte (R-VA), the leading advocate of encryption reform legislation in the House, stated that "Today's announcement from the Administration represents a major shift in U.S. encryption policy -- changes that are long overdue. I am pleased that the Administration has finally listened to Congress, industry and privacy organizations, and the American people in proposing an encryption export policy that will prevent economic crime, promote our national security, and allow U.S. companies to fully compete in the global marketplace."

Rep. Bob Goodlatte

"There can be no doubt that today's announcement is a direct result of the 258 bipartisan cosponsors of the Security And Freedom through Encryption (SAFE) Act, and the commitment of the Republican leadership to move this legislation through the House of Representatives."

"Today's encryption export policy announcement includes most of the principles expressed in the SAFE Act, including a one-time technical review of products prior to export, the denial of exports to terrorist nations and military end-users, and most importantly, the ability of U.S. companies to export mass-market encryption products without significant restriction. Additionally, the Administration is no longer proposing to link key escrow or key recovery encryption to export relief, which is expressly prohibited by the SAFE Act."

"Finally, it remains to be seen whether the Administration will follow through on the implementation of today's encryption export policy announcement," said Rep. Goodlatte. "This announcement is long on potential but short on detail, and Congress will be watching carefully to make sure that the regulations issued in December match the policy announced today."

Rep. Goodlatte is the sponsor of the SAFE Act. Rep. Zoe Lofgren (D-CA) is the lead cosponsor.

Rep. Lofgren said, "Obviously all of us will want to review the details of these proposals, but the broad outline revealed today by the Administration seems to be very much in keeping with the goals we have had for American encryption policy. Congressman Goodlatte and I have been strong supporters of a technical center for law enforcement, and I especially welcome the Attorney General's recognition that additional technical expertise for federal law enforcement officials will be positive for our country."

Lofgren added, "I'm not saying that our work is over. There may always be some difficulty in the details. However, I hope that this policy pronouncement reflects the fact that we now share a common goal."

House Democratic Leader Richard Gephardt (D-MO) stated: "This proposal appears to fairly balance the requirements of the high-tech industry with the strong national interest in ensuring criminals and terrorists can't use the tools of strong encryption to avoid prosecution for their unlawful acts. I hope that Congress will move quickly to hold hearings on the Administration's proposal on third-party key retrieval."

Sen. John McCain (R-AZ), who is sponsoring an encryption bill in the Senate, said, "I applaud the Administration on its new proposal on the export of encryption technology that would improve our current policy."

"However, in the past, the Administration has not followed through with their promises to relax encryption export laws," said Sen. McCain. "Though the Administration's proposals represent a significant step forward, we must pass comprehensive legislation."

Sen. McCain introduced the Promote Reliable On Line Transactions to Encourage Commerce and Trade (PROTECT) Act on April 14, 1999. Representatives of the Clinton administration opposed and criticized the bill at a hearing on June 10, 1999.

Sen. McCain, who is running for President, is a recent convert to the encryption rights camp. Sen. Conrad Burns (R-MT), who is a cosponsor of the PROTECT Act, has long been an encryption rights advocate in the Senate.

Sen. Burns had this to say. "After years of fighting an ill-conceived encryption policy that has left American businesses and consumers in the cold, I am happy that the Clinton administration seems to be pulling its head from the sand." Burns added: "That is not to say that the war is won yet. I want to see the new regulations before I say I'm satisfied.

"As I understand it, the administration will not tie the encryption plan to their misguided and scary proposal to give the FBI a key to everyone's encrypted software," Burns said. "If they do tie the two together, it will sink an otherwise promising step in the right direction. Americans should not have to give up their privacy to federal law enforcement officers in order to use software engineered to protect their privacy. That just does not make sense."

The Electronic Privacy Information Center (EPIC), a Washington based advocacy group, also quickly weighed in with its comments.  EPIC released a statement that "more details of new policy must be released before its impact on user privacy can be assessed."

David Sobel, General Counsel of EPIC, stated, "It remains unclear whether the new rules -- due later this year -- will result in a meaningful liberalization of the export process."

"It appears that the FBI and large computer companies have reached an agreement on encryption, but that is not necessarily in the interest of the average computer user." Sobel added the result of the proposal could be "less security than advertised, with hidden vulnerabilities the government can exploit."

Industry groups offered prompt praise for the administration's action.

"Forcing US companies to do business under tight export controls was like asking them to use a black rotary telephone in a cellular, call-waiting world," said Harris Miller, President of the Information Technology Association of America. "We're pleased that the Clinton Administration has joined with Congress in acting to move the entire marketplace forward."

Miller continued: "The export control changes announced today will allow e-commerce buyers and sellers alike to feel their transactions will remain private and secure and that their intellectual property will be protected."

Robert Holleyman, President of the Business Software Alliance (BSA) said that the BSA "is encouraged by the Administration's announcement today of a new policy relaxing export controls on encryption technology. We applaud Vice President Gore for leading the Administration's efforts that represent progress towards a more sensible long-term policy where consumers around the globe will be provided the opportunity to purchase the most secure and private mass market encryption technology available."

"The Business Software Alliance applauds Congressional champions of the SAFE Act who diligently and enthusiastically worked to bring the encryption issue to the point we have reached today," said Holleyman. "The hard work of Representatives Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA) was instrumental in bringing this long debate to a successful conclusion."

David Peyton, of the National Association of Manufacturers, stated that, "Now, finally, manufacturers can get global security solutions from U.S. suppliers, and not just our foreign competitors."

"If this announcement means that the Administration’s performance will now match up to the seriousness of its policy directives, that’s great news," said Peyton. "It took years, but the Administration has finally distinguished between the doable and the undoable with regard to terrorism."