From: jseiger@cdt.org (Jonah Seiger)
Date: Wed, 2 Oct 1996 10:08:30 +0800
To: cypherpunks@toad.com
Subject: Sen. Leahy's Statement on Clipper 3.1.1
Message-ID: <v02140b10ae7734397c63@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


        STATEMENT OF SENATOR LEAHY ON THE
        ADMINISTRATION'S NEW ENCRYPTION INITIATIVE
                                October 1, 1996

        The timing of the Administration's announcement on encryption,
     within hours of the Congress' likely adjournment, is unfortunate.
     The Administration needs to work with Congress to develop a
     consensus on a national encryption policy that takes account of
     the privacy, law enforcement and competitiveness concerns of our
     Nation's citizens and businesses.

        Taking unilateral steps will not resolve this issue, but
     instead could delay building the consensus we so urgently need.
     This issue simply cannot by resolved by Executive fiat.

        While technology should not dictate policy, particularly when
     our public safety and national security interests are at issue,
     any policy we adopt must protect our privacy.  As the
     Administration and industry rush to find an alternative to
     unbreakable encryption, they should take heed that any solution
     which fails to protect the Fourth Amendment and privacy rights of
     our citizens will be unacceptable.

        That is why, with bipartisan support, Senator Burns and I
     introduced legislation in March that set out privacy safeguards
     to protect the decoding keys to encrypted communications and
     stringent legal procedures for law enforcement agencies to get
     access to those keys.

        In this plan, the Administration is directing the resources of
     our high-tech industry to develop breakable, rather than
     unbreakable, encryption. But no one is yet clear about who will
     be legally allowed to break into encrypted messages, and under
     what circumstances. These are questions that have to be answered
     not only with our own government but also with foreign
     governments.  The weakest link in a key recovery system may be
     the country with the weakest privacy protections. Internet users,
     who can send messages around the globe seamlessly, do not want
     the privacy of their encrypted communications to be at the mercy
     of a country that ignores the Fourth Amendment principles we
     enjoy here.

        These are significant privacy and security concerns not
     answered by the Administration's plan.

        Even without reading the fine print, the general outline of
     the Administration's plan smacks of the government trying to
     control the marketplace for high-tech products. Only those
     companies that agree to turn over their business plans to the
     government and show that they are developing key recovery
     systems, will be rewarded with permission to sell abroad products
     with DES encryption, which is the global encryption standard.

        Conditioning foreign sales of products with DES on development
     of key recovery systems puts enormous pressure on our computer
     industry to move forward with key recovery, whether their
     customers want it or not.

         Internet users themselves -- not the FBI, not the NSA, not
     any government regulator -- should decide what encryption method
     best serves their needs. Then the marketplace will be able to
     respond. The Administration is putting the proverbial cart before
     the horse, by putting law enforcement interests ahead of every
     one elses.

        But that is not the only catch in the Administration's plan.
     Permission to export DES will end in two years. Allowing American
     companies to sell DES overseas is a step long overdue. Given the
     fact that a Japanese company is already selling "triple DES", one
     might say this step is too little, too late. Threatening to pull
     the plug on DES in two years, when this genie is already out of
     the bottle, does not promote our high-tech industries overseas.
     Does this mean that U.S. companies selling sophisticated computer
     systems with DES encryption overseas must warn their customers
     that the supply may end in two years? Customers both here and
     abroad want stable suppliers, not those jerked around by their
     government.

        The most effective way to protect the privacy and security of
     our on-line communications is to use encryption technology. Every
     American should be concerned about our country's policy on
     encryption since the resolution of this debate will affect
     privacy, jobs and the competitiveness of our high-tech
     industries.