Representatives Caution Clinton About Encryption Export Regulations

(November 12, 1999) The bipartisan cosponsors of HR 850, the SAFE Act, and House Republican leaders wrote letters to President Clinton this week warning him that the administration's encryption export regulations to be announced on December 15 should live up to the administration's policy announcements of September 16.

Related Pages
Goodlatte-Lofgren letter, 11/9/99.
Republican leadership letter, 11/8/99.
Tech Law Journal Summary of Encryption Bills.
HR 850 IH (SAFE Act).

House Republican leaders wrote a letter to President Clinton on November 8 that said "we are concerned about recent reports that the Administration may be considering regulations that are inconsistent with the new stated policy."

"If the regulations in December fail to meet the rhetoric from September, the confidence of U.S. industry, American computer users, or Congress in the Administration's ability to establish a balanced and reasonable encryption policy would be severely shaken. We sincerely hope that this does not prove to be the case."

Then, on November 9, Rep. Bob Goodlatte (R-VA) and Rep. Zoe Lofgren (D-CA) wrote a more detailed letter to Clinton listing specific matters that should be included in the regulations.

Key Export Provisions of HR 850
Section 3 of the bill would amend the Export Administration Act of 1979 in many ways. It would place all encryption products, except those specifically designed or modified for military use, under the jurisdiction of the Secretary of Commerce.

It would also provide that after a one-time, 15-day technical review by the Secretary, no export license may be required for generally available encryption software and hardware products, generally available products containing encryption, generally available products with encryption capabilities, technical assistance and data used to install or maintain generally available encryption products, products containing encryption, and products with encryption capabilities, and encryption products not used for confidentiality purposes.

It would also provide that after a one-time, 15-day technical review by the Secretary, the Secretary shall allow the export of custom-designed encryption products and custom-designed products with encryption capabilities if those products are permitted for use by banks or if comparable products are commercially available outside the U.S.

Rep. Goodlatte and Rep. Lofgren are the lead sponsors of HR 850 IH, the Security and Freedom through Encryption (SAFE) Act. The bill is consponsored by well over one half of the members of the House.

It has completed the committee review process. It might have been brought to the House floor for a vote if the Clinton administration had not announced that it would change its export policy.

HR 850 IH provides that people in the United States can use any kind of encryption. It also provides that any person in the U.S. may sell in interstate commerce any encryption product. Moreover, the government cannot mandate any kind of key escrow.

However, the bulk of the bill deals with liberalizing the current encryption export regime.

On September 15 the Clinton administration announced that it would enact new regulations that would liberalize U.S. encryption export policy.

The administration's proposal does not include any of the non export provisions of HR 850. Moreover, the administration remains opposed to passage of HR 850.

The letter from House Republican leaders also states that "Congress remains committed to enacting an encryption policy that prevents economic crime, promotes electronic commerce, protects personal privacy, and preserves our national and economic security. We look forward to seeing the upcoming encryption regulations, and hope that they will embrace these principles."

What is the Administration's New Policy?

On September 16 administration officials announced that changes would be made in encryption export policies, and that the changes would be embodied in regulations to be released on or before December 15. The announcements were short on details. However, the White House press office released a statement to the Congress and two fact sheets. Also, William Reinsch, the Administration's point man on encryption export policy at the Department of Commerce, has given several presentations on Capitol Hill on the new policy. See, transcripts of his Internet Caucus briefing and ITAA briefing.

This letter was signed by House Majority Leader Dick Armey, Majority Whip Tom DeLay, Rep. J.C. Watts, Rep. Tom Davis, Rep. Christopher Cox, and Rep. Bob Goodlatte.

The second letter from Rep. Goodlatte and Rep. Lofgren provides details regarding the regulations.

They wrote that "Rumors circulating in high-tech circles indicate that the upcoming encryption regulations may define critical terms such as "retail", "technical review", and "government" in such a way as to substantially undermine the goals of the new policy.  We hope such fears are unfounded."

The letter covers six topics: the definition of retail products, the definition of government, reporting requirements, technical reviews, treatment of toolkits, and treatment of open source products.

Rep. Bob

Regarding retail products, the two wrote that "the regulations should reflect market realities by adopting a "mass-market" approach for exports. ... The regulations should allow mass-market encryption products to be exported regardless of the means of distribution." They also wrote that the "classification of encryption products as "mass-market" must be made independently of the means by which those products are distributed."

Regarding the technical review, they wrote that the "regulations should limit the technical review of products prior to export to no more than 30 days, and should allow companies to export their products at the end of that period regardless of whether the review has been completed."

Rep. Zoe

"Additionally, the government should not make the determination of whether a product qualifies for retail/mass-market status in the technical review process.  Doing so would unacceptably transform the technical review process into a de facto licensing program."

Goodlatte and Lofgren also wrote the the term "government" should be used narrowly. "The regulations must limit the definition of "government" to governmental agencies performing core governmental functions.  In many countries, especially in Europe and Asia, governments often hold a percentage stake in private sector corporations.  This partial government ownership, however, does not transform those private companies into government agencies."

They also wrote that "open and community source code products should be exportable under the new policy.  Products such as UNIX, Linux, and Netscape's Internet Browser" should be released from encryption controls.

Related Stories, 1999
Boucher and Goodlatte Criticize British Key Escrow Proposals, 2/18/99.
Encryption Bill Reintroduced in the House, 2/25/99.
House Judiciary Committee Approves SAFE Act, 3/25/99.
Sen. McCain Announces Plans to Introduce Encryption Bill, 4/1/99.
Sen. McCain Introduces Encryption Bill, 4/15/99.
9th Circuit Rules Encryption Export Regs Violate 1st Amendment, 5/10/99.
Subcommittee Criticizes Administration Opposition to SAFE Act, 5//99.
House Telecom Subcommittee Holds Hearing on SAFE Act, 5/26/99.
Goodlatte Promotes SAFE Act at Network Associates Conference, 6/2/99.
House Intelligence Committee Holds Hearing on SAFE Act, 6/10/99.
Group Releases International Survey of Encryption Policies, 6/10/99.
Senate Commerce Committee Holds Hearing on PROTECT Act, 6/11/99.
House Telecom Subcommittee Approves SAFE Act, 6/17/99.
DOJ Files Petition for Rehearing En Banc in Bernstein Case, 6/22/99.
Rush Limbaugh Criticizes Administration Encryption Policy, 6/23/99.
Gephardt, Lofgren and Eshoo Write Clinton on Encryption Bill, 9/14/99.
PM Tony Blair Promises No Government Mandated Key Escrow, 9/13/99.
Clinton Administration Talks Encryption, 9/17/99.
Reaction to the Clinton Administration Encryption Proposals, 9/17/99
Administration Addresses Encryption Reform Proposal, 9/29/99.
Rep. Weldon Criticizes Administration's Encryption Proposal, 9/29/99.
Rep. Lofgren Calls for SAFE Act to be Held in Abeyance, 10/6/99.