March 24, 1999 The Honorable Robert Goodlatte Dear Representative Goodlatte: The Institute of Electrical and Electronics Engineers - United States of America (IEEE-USA) writes to support HR 850, The Security and Freedom Through Encryption (SAFE) Act of 1999, which would remove unnecessarily restrictive controls on the export of encryption technology. SAFE creates a more appropriate balance for encryption in the United States. We have one comment on the law as written. As products are frequently updated, it may be useful to add to the law a definition of new product which excludes routine upgrades and new versions in the cases that the upgrades or versions do not materially increase the encryption level. Otherwise, the bill may have the unintended effect of regulating the export of "patches" which are minute upgrades to software to address particular bugs. Possible misunderstanding of the definition of such a product could result in untimely delays. The encryption controversy will be resolved in one of two ways. One resolution is that the outdated restrictions will be removed by the resolve of the Congress or that the Administration will remove the burdensome controls. The other alternative is that research, development, and finally production of software is moved to jurisdictions which allow export. As security becomes integrated into applications, operating systems and integrated solutions the movement overseas of all these products will continue. In order to maintain affordable data surveillance for the Federal Bureau of Investigation, the engine of economic growth in the information age will be moved outside the United States. The IEEE - USA offers our services and our compliments with respect to this important legislation to remove export controls and promote the development of a robust, secure and reliable communications infrastructure for the 21st century. We write in concern for our economic futures, as well as a concern for the nation as whole. The passage of HR 850, The Security and Freedom Through Encryption (SAFE) Act of 1999 will enhance the professional opportunities of computing professionals. IEEE is the world’s largest technical professional association with approximately 334,000 members worldwide. IEEE-USA promotes the career and technology-policy interests of the nearly 225,000 electrical, electronics and computer engineers who are U.S. members of the IEEE. The IEEE-USA Committee on Communications Policy addresses issues of telecommunications and information technology. If you have any questions about these issues or would like to talk with our committee members about additional issues, please contact Deborah Rudolph at IEEE-USA, 202-785-0017 x 318. Again, our thanks for the opportunity to provide these comments. Sincerely, Paul J. Kostek Enc. (Seperate Letter to Rep. Zoe Loftgren) BACKGROUND STATEMENT There is an ever increasing amount of data which adds strength to the argument for the free export of strong cryptography. For example, the report, "Cryptography's Role in Securing the Information Society" from the National Academy Press includes strong arguments against the continued priorities in American cryptography policy. The burden of justifying the prohibition of export should be upon the government, as is the case in all other expensive and burdensome regulations. There has not been adequate justification for the policy of prohibition, considering all its costs, including the risks of decreased personal privacy, decreased information security, opportunity costs in the market for secure communications, and opportunity costs in related services and direct public expenditures. The consideration of decreased information security must include networks used for medical and financial transfers, telephone networks and Intranets. Limits on exports have failed in their stated goal to prevent the global availability of cryptography. Currently, hundreds of encryption products are available worldwide. Many of these products are implemented in software, making them extremely portable. Algorithms prohibited by American controls on cryptographic exports are readily available to anyone with a computer and modem at multiple overseas locations. Clearly, American limitations on the use of encryption cannot stop the development and transfer of encryption-based security products. While controls on exports have not been successful in obtaining the desired effect, there have been results. U.S. businesses have been successfully targeted in commercial espionage due to the practical prohibition on the use of encryption in international communications. U.S. software manufacturers have been curtailed in pursuing international markets. They are forced to place their facilities overseas to compete equally with international and foreign firms. This process is true for software developers as well as microelectronics producers, as was illustrated in a report that Nippon Telegraph and Telephone Corporation had quietly begun selling a powerful data-scrambling chip set. The number of overseas companies with advanced products has mushroomed since, confirming the technical community’s predictions that the production of encryption technology will move overseas if effective prohibition of profitable production of encryption technologies in the United States continues. IEEE-USA has previously stated that the sole effective result of the prohibition of export of encryption technologies would be to move leadership in the field overseas. In the years since IEEE-USA initially alerted policymakers to the potentially dire effects of prohibition of exports, electronic commerce has gone from promising experimental technology to becoming an active part of the mainstream. The next five years will see continued rise in the use of the Internet for communications and commerce. American industry had a head start of nearly two decades in the provision of Internet services. That head start already has been eroded significantly. The Internet began as Arpanet, a U.S. government project for connecting scientific research sites. Although the Internet began as a specialized U.S. government project, it is now global. The Internet domain survey has expanded to include over ninety countries. Its customer base grows as the number of countries and connections grows exponentially with time. It is this growth curve that so excites the providers of content and commerce services. These growth curves may become measures of lost opportunity rather than commercial potential. As stated, the United States had two decades of leadership in Internet technology and unparalleled expertise in the financial arena. Continued prohibition of export of secure technologies is the only certain way to continue to destroy this advantage. Without bulk encryption, transactional reliability is limited. There is no way to assure the equivalent of certified delivery of information goods over the Internet without exporting general-use software. The limits on export require that we either produce systems less secure than the market would prefer and technology would allow (as with the Secure Sockets Layer); require potential privacy-violating information to be transmitted in the clear (as with the Secure Electronic Transactions): or simply prohibit the export of commercial products and services with the highest level of security. None of these tradeoffs have been justified by law enforcement difficulties. The prohibition of cryptography export has caused only the export of the leadership in general-use encryption hardware. If the intent has been to slow down international development of cryptology, the policy has failed. IEEE-USA urges the removal of controls on export technology, recognizing that the only alternative is to watch the flight of the encryption software, encryption hardware, secure systems, and finally, the Internet financial services industry to countries other than the United States. The Institute of
Electrical and Electronics Engineers - United States of America | Top of Page | Policy Log | Public Policy Forum | IEEE-USA | Last Update: March. 24, 1999 Permission to copy IEEE-USA policy communications is granted for non-commercial uses with appropriate attribution, unless otherwise indicated. |
