Return to Home PageContact Senator LeahySenator Leahy's Privacy PolicySearch Senator Leahy's Website
Vermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick Leahy
Vermont's US Senator, Patrick LeahyWelcome Audio MessageimageVideo MessageVideo Messageimage
Press Releases & Statements Senator Leahy's Biography Constituent Services Major Issues For Vermonters Senator Leahy's Office


Image


Statement at Hearing of Senate Judiciary Subcommittee on Technology, Terrorism, and Government Information on "The Encryption Debate: Criminals, Terrorists, And the Security Needs of Business and Industry"

September 3, 1997


I commend Chairman Kyl and Senator Feinstein for holding this hearing to focus on the "double-edged" sword of encryption.

As with other dual-use technologies, encryption has both good and bad uses. The challenge for policy-makers, both in Congress and the Administration, is to formulate an encryption policy that exploits the good uses and minimizes the risk of bad uses. That is no easy task. Indeed, the recent encryption report by Dorothy Denning and William Baugh, on behalf of the US Working Group on Organized Crime, concludes that: "No approach to encryption will be foolproof."

We are all acutely aware of, and concerned about, the "bad" uses of encryption by criminals, who want to thwart police surveillance of their criminal activities, and by spies, who engage in activities harmful to our national security. The Working Group report contains startling estimates of 50 to 100 percent in the future annual growth rates for criminal uses of encryption. Even if the impact on law enforcement is not great now, the potential future impact is alarming.

Nevertheless, maintaining export restrictions on strong encryption technology is not the answer. The Working Group report makes clear that "export controls do not keep unbreakable encryption out of the hands of criminals entirely." Export controls simply make the privacy and valuable proprietary information of Americans and American businesses more vulnerable to on-line theft, economic espionage and other crimes. That is why the National Research Council’s CRISIS report recommended relaxation of export controls because, on balance, "the benefits of relaxation - namely helping to promote better information security for U.S. companies operating internationally and to extend U.S. leadership in this critical industry - are worth the short-term risk that the greater availability of U.S. products with stronger encryption capabilities will further impede U.S. signals intelligence capability" (p. 310).

Furthermore, a quick-fix solution in the form of controlling the domestic use of, or even outlawing, strong encryption would be counter-productive, since this technology is a powerful crime prevention tool.

For example, encryption is an effective method for protecting intellectual property. Senator Kyl and I are both concerned about software piracy and are sponsoring legislation, the "Criminal Copyright Improvement Act", S. 1044, to address the problem of large-scale, willful copyright infringements on the Internet. Encrypting the copyrighted software so that only legitimate users get access is one way to combat such software piracy.

Mandating or even coercing the use of key recovery encryption is also not the solution. The Working Group report points out that "key recovery systems could potentially be abused, either by the government or by the people operating key recovery services." As the report discusses, users should not be forced to assume risks "they might consider unacceptable" and the additional costs of key recovery.

This is particularly the case when the Administration makes no secret of its efforts to promote adoption of a global key recovery system so that governments around the world will have access to decoding keys. The Working Group report warns about the security risks of this effort, stating: "it is hard to see how a global key recovery infrastructure can entirely avoid exploitation by organized crime, especially considering the integration of organized crime with governments such as Russia. If key recovery is adopted on a large scale, strong boundaries must be created between key recovery systems in the US and other countries" (p. 40-41).

I have sounded the same alarm. The Leahy-Burns "Encrypted Communications Privacy Act," S. 376, pending before the Judiciary Committee, contains stringent requirements for release of any decryption key to a foreign government. This will ensure that the United States does not facilitate the provision of decryption assistance to foreign governments that do not meet minimum international human rights standards or in cases that would violate American constitutional values.

The Administration has put the proverbial cart-before-the-horse by promoting key recovery without having in place privacy safeguards defining how and under what circumstances law enforcement and others may get access to decryption keys. Many users have legitimate concerns about investing in and using key recovery products without clear answers on how the law enforcement here, let alone other countries, including those with bad human rights records or a history of economic espionage, will get access to their keys.

There is a market for key recovery systems, and we can provide the legal framework to make such systems even more attractive to certain users. That is the thrust of the Leahy-Burns encryption bill. Encouraging natural market forces, rather than distorting the market with domestic controls, excessive government regulation and export restrictions, will in the long run promote the use of encryption which allows for recovery of data not just by the legitimate user, but with the appropriate lawful process, by law enforcement.

Back
U.S. Postal Address Please select a destination: