Report text available as:

  • TXT
  • PDF   (PDF provides a complete and accurate display of this text.) Tip ?
                                                                       
105th Congress                                            Rept. 105-108
                        HOUSE OF REPRESENTATIVES

 1st Session                                                     Part 5
_______________________________________________________________________


 
           SECURITY AND FREEDOM THROUGH ENCRYPTION (SAFE) ACT

_______________________________________________________________________


 September 29, 1997.--Committed to the Committee of the Whole House on 
            the State of the Union and ordered to be printed

                                _______
                                

  Mr. Bliley, from the Committee on Commerce,  submitted the following

                              R E P O R T

                             together with

                    DISSENTING AND ADDITIONAL VIEWS

                        [To accompany H.R. 695]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Commerce, to whom was referred the bill 
(H.R. 695) to amend title 18, United States Code, to affirm the 
rights of United States persons to use and sell encryption and 
to relax export controls on encryption, having considered the 
same, report favorably thereon with an amendment and recommend 
that the bill as amended do pass.

                                CONTENTS

                                                                   Page
Amendment........................................................     2
Purpose and Summary..............................................     6
Background and Need for Legislation..............................     7
Hearings.........................................................    10
Committee Consideration..........................................    11
Rollcall Votes...................................................    11
Committee Oversight Findings.....................................    15
Committee on Government Reform and Oversight.....................    15
New Budget Authority and Tax Expenditures........................    15
Committee Cost Estimate..........................................    15
Congressional Budget Office Estimate.............................    15
Federal Mandates Statement.......................................    19
Advisory Committee Statement.....................................    19
Constitutional Authority Statement...............................    19
Applicability to Legislative Branch..............................    19
Section-by-Section Analysis of the Legislation...................    19
Changes in Existing Law Made by the Bill, As Reported............    23
Dissenting and Additional Views..................................29, 42

                               Amendment

    The amendment is as follows:
    Strike out all after the enacting clause and insert in lieu 
thereof the following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``Security and Freedom Through 
Encryption (SAFE) Act''.

SEC. 2. SALE AND USE OF ENCRYPTION.

  (a) In General.--Part I of title 18, United States Code, is amended 
by inserting after chapter 123 the following new chapter:

        ``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

``2801. Definitions.
``2802. Assistance for law enforcement.
``2803. Freedom to sell encryption.
``2804. Prohibition on mandatory key escrow.
``2805. Unlawful use of encryption in furtherance of a criminal act.
``2806. Liability limitations.

``Sec. 2801. Definitions

  ``As used in this chapter--
          ``(1) the terms `person', `State', `wire communication', 
        `electronic communication', and `investigative or law 
        enforcement officer' have the meanings given those terms in 
        section 2510 of this title;
          ``(2) the terms `encrypt' and `encryption' refer to the 
        scrambling of wire communications, electronic communications, 
        or electronically stored information, using mathematical 
        formulas or algorithms in order to preserve the 
        confidentiality, integrity, or authenticity of, and prevent 
        unauthorized recipients from accessing or altering, such 
        communications or information;
          ``(3) the term `key' means the variable information used in a 
        mathematical formula, code, or algorithm, or any component 
        thereof, used to decrypt wire communications, electronic 
        communications, or electronically stored information, that has 
        been encrypted; and
          ``(4) the term `United States person' means--
                  ``(A) any United States citizen;
                  ``(B) any other person organized under the laws of 
                any State; and
                  ``(C) any person organized under the laws of any 
                foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).

``Sec. 2802. Assistance for law enforcement

  ``(a) National Electronic Technologies Center.--
          ``(1) Establishment.--There is established in the Department 
        of Justice a National Electronic Technologies Center (in this 
        subsection referred to as the `NET Center').
          ``(2) Director.--The NET Center shall have a Director, who 
        shall be appointed by the Attorney General.
          ``(3) Duties.--The duties of the NET Center shall be--
                  ``(A) to serve as a center for Federal, State, and 
                local law enforcement authorities for information and 
                assistance regarding decryption and other access 
                requirements;
                  ``(B) to serve as a center for industry and 
                government entities to exchange information and 
                methodology regarding information security techniques 
                and technologies;
                  ``(C) to examine encryption techniques and methods to 
                facilitate the ability of law enforcement to gain 
                efficient access to plaintext of communications and 
                electronic information;
                  ``(D) to conduct research to develop efficient 
                methods, and improve the efficiency of existing 
                methods, of accessing plaintext of communications and 
                electronic information;
                  ``(E) to investigate and research new and emerging 
                techniques and technologies to facilitate access to 
                communications and electronic information, including--
                          ``(i) reverse-steganography;
                          ``(ii) decompression of information that 
                        previously has been compressed for 
                        transmission; and
                          ``(iii) de-multiplexing; and
                  ``(F) to obtain information regarding the most 
                current hardware, software, telecommunications, and 
                other capabilities to understand how to access 
                information transmitted across networks.
          ``(4) Equal access.--State and local law enforcement agencies 
        and authorities shall have access to information, services, 
        resources, and assistance provided by the NET Center to the 
        same extent that Federal law enforcement agencies and 
        authorities have such access.
          ``(5) Personnel.--The Director may appoint such personnel as 
        the Director considers appropriate to carry out the duties of 
        the NET Center.
          ``(6) Assistance of other federal agencies.--Upon the request 
        of the Director of the NET Center, the head of any department 
        or agency of the Federal Government may, to assist the NET 
        Center in carrying out its duties under this subsection--
                  ``(A) detail, on a reimbursable basis, any of the 
                personnel of such department or agency to the NET 
                Center; and
                  ``(B) provide to the NET Center facilities, 
                information, and other non-personnel resources.
          ``(7) Private industry assistance.--The NET Center may 
        accept, use, and dispose of gifts, bequests, or devises of 
        money, services, or property, both real and personal, for the 
        purpose of aiding or facilitating the work of the Center.Gifts, 
bequests, or devises of money and proceeds from sales of other property 
received as gifts, bequests, or devises shall be deposited in the 
Treasury and shall be available for disbursement upon order of the 
Director of the NET Center.
          ``(8) Advisory board.--
                  ``(A) Establishment.--There is established the 
                Advisory Board of the Strategic NET Center for 
                Excellence in Information Security (in this paragraph 
                referred to as the `Advisory Board'), which shall be 
                comprised of members who have the qualifications 
                described in subparagraph (B) and who are appointed by 
                the Attorney General. The Attorney General shall 
                appoint a chairman of the Advisory Board.
                  ``(B) Qualifications.--Each member of the Advisory 
                Board shall have experience or expertise in the field 
                of encryption, decryption, electronic communication, 
                information security, electronic commerce, or law 
                enforcement.
                  ``(C) Duties.--The duty of the Advisory Board shall 
                be to advise the NET Center and the Federal Government 
                regarding new and emerging technologies relating to 
                encryption and decryption of communications and 
                electronic information.
          ``(9) Implementation plan.--Within 2 months after the date of 
        the enactment of the Security and Freedom Through Encryption 
        (SAFE) Act, the Attorney General shall, in consultation and 
        cooperation with other appropriate Federal agencies and 
        appropriate industry participants, develop and cause to be 
        published in the Federal Register a plan for establishing the 
        NET Center. The plan shall--
                  ``(A) specify the physical location of the NET Center 
                and the equipment, software, and personnel resources 
                necessary to carry out the duties of the NET Center 
                under this subsection;
                  ``(B) assess the amount of funding necessary to 
                establish and operate the NET Center; and
                  ``(C) identify sources of probable funding for the 
                NET Center, including any sources of in-kind 
                contributions from private industry.
  ``(b) Freedom of Use.--Subject to section 2805, it shall be lawful 
for any person within any State, and for any United States person in a 
foreign country, to use any encryption, regardless of the encryption 
algorithm selected, encryption key length chosen, or implementation 
technique or medium used. No Federal or State law or regulation may 
condition the issuance of certificates of authentication or 
certificates of authority for any encryption product upon any escrowing 
or other sharing of private encryption keys, whether with private 
agents or government entities, or establish a licensing, labeling, or 
other regulatory scheme for any encryption product that requires key 
escrow as a condition of licensing or regulatory approval.

``Sec. 2803. Freedom to sell encryption

  ``Subject to section 2805, it shall be lawful for any person within 
any State to sell in interstate commerce any encryption, regardless of 
the encryption algorithm selected, encryption key length chosen, or 
implementation technique or medium used.

``Sec. 2804. Prohibition on mandatory key escrow

  ``(a) Prohibition.--No person in lawful possession of a key to 
encrypted communications or information may be required by Federal or 
State law to relinquish to another person control of that key.
  ``(b) Exception for Access for Law Enforcement Purposes.--Subsection 
(a) shall not affect the authority of any investigative or law 
enforcement officer, or any member of the intelligence community as 
defined in section 3 of the National Security Act of 1947 (50 U.S.C. 
401a), acting under any law in effect on the effective date of this 
chapter, to gain access to encrypted communications or information.

``Sec. 2805. Unlawful use of encryption in furtherance of a criminal 
                    act

  ``Any person who, in the commission of a felony under a criminal 
statute of the United States, knowingly and willfully encrypts 
incriminating communications or information relating to that felony 
with the intent to conceal such communications or information for the 
purpose of avoiding detection by law enforcement agencies or 
prosecution--
          ``(1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 10 years, or fined in the 
        amount set forth in this title, or both; and
          ``(2) in the case of a second or subsequent offense under 
        this section, shall be imprisoned for not more than 20 years, 
        or fined in the amount set forth in this title, or both.

``Sec. 2806. Liability limitations

  ``No person shall be subject to civil or criminal liability for 
providing access to the plaintext of encrypted communications or 
electronic information to any law enforcement official or authorized 
government entity, pursuant to judicial process.''.
  (b) Study.--Within 6 months after the date of the enactment of this 
Act, the National Telecommunications and Information Administration 
shall conduct a study, and prepare and submit to the Congress and the 
President a report regarding such study, that--
          (1) assesses the effect that establishment of a mandatory 
        system for recovery of encryption keys for encrypted 
        communications and information would have on--
                  (A) electronic commerce;
                  (B) data security;
                  (C) privacy in interstate commerce; and
                  (D) law enforcement authorities and activities; and
          (2) assesses other possible methods for providing access to 
        encrypted communications and information to further law 
        enforcement activities.
  (c) Conforming Amendment.--The table of chapters for part I of title 
18, United States Code, is amended by inserting after the item relating 
to chapter 123 the following new item:

``125. Encrypted wire and electronic information............    2801''.

SEC. 3. EXPORTS OF ENCRYPTION.

  (a) Amendment To Export Administration Act of 1979.--Section 17 of 
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended 
by adding at the end thereof the following new subsection:
  ``(g) Computers and Related Equipment.--
          ``(1) General rule.--Subject to paragraphs (2), (3), and (4), 
        the Secretary shall have exclusive authority to control exports 
        of all computer hardware, software, and technology for 
        information security (including encryption), except that which 
        is specifically designed or modified for military use, 
        including command, control, and intelligence applications.
          ``(2) Items not requiring licenses.--No validated license may 
        be required, except pursuant to the Trading With The Enemy Act 
        or the International Emergency Economic Powers Act (but only to 
        the extent that the authority of such Act is not exercised to 
        extend controls imposed under this Act), for the export or 
        reexport of--
                  ``(A) any software, including software with 
                encryption capabilities--
                          ``(i) that is generally available, as is, and 
                        is designed for installation by the purchaser; 
                        or
                          ``(ii) that is in the public domain for which 
                        copyright or other protection is not available 
                        under title 17, United States Code, or that is 
                        available to the public because it is generally 
                        accessible to the interested public in any 
                        form; or
                  ``(B) any computing device solely because it 
                incorporates or employs in any form software (including 
                software with encryption capabilities) exempted from 
                any requirement for a validated license under 
                subparagraph (A).
          ``(3) Software with encryption capabilities.--The Secretary 
        shall authorize the export or reexport of software with 
        encryption capabilities for nonmilitary end uses in any country 
        to which exports of software of similar capability are 
        permitted for use by financial institutions not controlled in 
        fact by United States persons, unless there is substantial 
        evidence that such software will be--
                  ``(A) diverted to a military end use or an end use 
                supporting international terrorism;
                  ``(B) modified for military or terrorist end use; or
                  ``(C) reexported without any authorization by the 
                United States that may be required under this Act.
          ``(4) Hardware with encryption capabilities.--The Secretary 
        shall authorize the export or reexport of computer hardware 
        with encryption capabilities if the Secretary determines that a 
        product offering comparable security is commercially available 
        outside the United States from a foreign supplier, without 
        effective restrictions.
          ``(5) Definitions.--As used in this subsection--
                  ``(A) the term `encryption' means the scrambling of 
                wire or electronic information using mathematical 
                formulas or algorithms in order to preservethe 
confidentiality, integrity, or authenticity of, and prevent 
unauthorized recipients from accessing or altering, such information;
                  ``(B) the term `generally available' means, in the 
                case of software (including software with encryption 
                capabilities), software that is offered for sale, 
                license, or transfer to any person without restriction, 
                whether or not for consideration, including, but not 
                limited to, over-the-counter retail sales, mail order 
                transactions, phone order transactions, electronic 
                distribution, or sale on approval;
                  ``(C) the term `as is' means, in the case of software 
                (including software with encryption capabilities), a 
                software program that is not designed, developed, or 
                tailored by the software publisher for specific 
                purchasers, except that such purchasers may supply 
                certain installation parameters needed by the software 
                program to function properly with the purchaser's 
                system and may customize the software program by 
                choosing among options contained in the software 
                program;
                  ``(D) the term `is designed for installation by the 
                purchaser' means, in the case of software (including 
                software with encryption capabilities) that--
                          ``(i) the software publisher intends for the 
                        purchaser (including any licensee or 
                        transferee), who may not be the actual program 
                        user, to install the software program on a 
                        computing device and has supplied the necessary 
                        instructions to do so, except that the 
                        publisher may also provide telephone help line 
                        services for software installation, electronic 
                        transmission, or basic operations; and
                          ``(ii) the software program is designed for 
                        installation by the purchaser without further 
                        substantial support by the supplier;
                  ``(E) the term `computing device' means a device 
                which incorporates one or more microprocessor-based 
                central processing units that can accept, store, 
                process, or provide output of data; and
                  ``(F) the term `computer hardware', when used in 
                conjunction with information security, includes, but is 
                not limited to, computer systems, equipment, 
                application-specific assemblies, modules, and 
                integrated circuits.''.
  (b) Continuation of Export Administration Act.--For purposes of 
carrying out the amendment made by subsection (a), the Export 
Administration Act of 1979 shall be deemed to be in effect.

SEC. 4. TREATMENT OF ENCRYPTION IN INTERSTATE AND FOREIGN COMMERCE.

  (a) Inquiry Regarding Impediments to Trade.--Within 180 days after 
the date of the enactment of this Act, the Secretary of Commerce shall 
complete an inquiry to--
          (1) identify any domestic and foreign impediments to trade in 
        encryption products and services and the manners in which and 
        extent to which such impediments inhibit the development of 
        interstate and foreign commerce; and
          (2) identify import restrictions imposed by foreign nations 
        that constitute unfair trade barriers to providers of 
        encryption products or services.
The Secretary shall submit a report to the Congress regarding the 
results of such inquiry by such date.
  (b) Removal of Impediments to Trade.--Within 1 year after such date 
of enactment, the Secretary of Commerce, in consultation with the 
Attorney General, shall prescribe such regulations as may be necessary 
to reduce the impediments to trade in encryption products and services 
identified in the inquiry pursuant to subsection (a) for the purpose of 
facilitating the development of interstate and foreign commerce. Such 
regulations shall be designed to--
          (1) promote the sale and distribution in foreign commerce of 
        encryption products and services manufactured in the United 
        States; and
          (2) strengthen the competitiveness of domestic providers of 
        encryption products and services in foreign commerce.
  (c) International Agreements.--
          (1) Report to president.--Upon the completion of the inquiry 
        under subsection (a), the Secretary of Commerce shall submit a 
        report to the President regarding reducing any impediments to 
        trade in encryption products and services that are identified 
        by the inquiry and could, in the determination of the 
        Secretary, require international negotiations for such 
        reduction.
          (2) Negotiations.--The President shall take all actions 
        necessary to conduct negotiations with other countries for the 
        purposes of (A) concluding international agreements on the 
        promotion of encryption products and services, and (B) 
        achieving mutual recognition of countries' export controls, in 
        order to meet the needs of countries to preserve national 
        security, safeguard privacy, and prevent commercial espionage. 
        The President may consider a country's refusal to negotiate 
        such international export and mutual recognition agreements 
        when considering the participation of the United States in any 
        cooperation or assistance program with that country. The 
        President shall submit a report to the Congress regarding the 
        status of international efforts regarding cryptography not 
        later than December 31, 2000.
  (d) Definitions.--For purposes of this section, the following 
definitions shall apply:
          (1) Communication.--The term ``communication'' includes wire 
        communication and electronic communication.
          (2) Decrypt; decryption.--The terms ``decrypt'' and 
        ``decryption'' refer to the electronic retransformation of 
        communications or electronically stored information that has 
        been encrypted into the original form of the communication or 
        information.
          (3) Electronic communication.--The term ``electronic 
        communication'' has the meaning given such term in section 2510 
        of title 18, United States Code.
          (4) Encrypt; encryption.--The terms ``encrypt'' and 
        ``encryption'' have the meanings given such terms in section 
        2801 of title 18, United States Code (as added by section 2 of 
        this Act).
          (5) Encryption product.--The term ``encryption product'' 
        means any product, software, or technology that can be used to 
        encrypt and decrypt communications or electronic information 
        and any product, software, or technology with encryption 
        capabilities;
          (6) Wire communication.--The term ``wire communication'' has 
        the meaning given such term in section 3 of the Communications 
        Act of 1934 (47 U.S.C. 153).

SEC. 5. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

  (a) Collection of Information by Attorney General.--The Attorney 
General shall compile, and maintain in classified form, data on the 
instances in which encryption (as defined in section 2801 of title 18, 
United States Code) has interfered with, impeded, or obstructed the 
ability of the Department of Justice to enforce the criminal laws of 
the United States.
  (b) Availability of Information to the Congress.--The information 
compiled under subsection (a), including an unclassified summary 
thereof, shall be made available, upon request, to any Member of 
Congress.

                          Purpose and Summary

    The growth of electronic commerce, electronic transactions, 
and interstate and foreign communications depends ultimately 
upon the security and privacy of the information or data being 
transmitted. Encryption and the prolific use of encryption 
products are essential to facilitate this growth. Accordingly, 
the Committee on Commerce has an obligation and responsibility 
to ensure that the use of encryption technologies will have a 
positive impact on all electronic mediums, including the 
Internet, and all forms of existing and future electronic 
commerce. H.R. 695, the Security and Freedom Through Encryption 
(SAFE) Act, is intended to modernize the encryption policy of 
the United States. It is also intended to address law 
enforcement's and national security's needs as strong 
encryption products become more widely used.
    In summary, H.R. 695, as amended by the Committee on 
Commerce, establishes a National Electronic Technologies Center 
(NET Center) to help Federal, State, and local law enforcement 
agencies obtain access to encrypted communications. H.R. 695 
also states that it is lawful to use encryption products within 
the United States and requires a study assessing the impact 
that a mandatory key recovery system would have on, inter alia, 
electronic commerce. In addition, H.R. 695 prohibits any person 
from relinquishing an encryption key and provides penalties for 
using encryption products to conceal incriminating evidence. 
With respect to export law, H.R. 695 relaxes U.S. export 
policies by permitting mass-market encryption products to be 
exported under a general license exception. It also permits 
other computer hardware and software products to be exported 
subject to approval by the Secretary of Commerce. Finally, H.R. 
695 requires the Secretary of Commerce to study domestic and 
foreign impediments to trade with respect to encryption 
products and requires the President to undertake negotiations 
with other countries as necessary to reduce impediments to U.S. 
encryption exports, as well as requiring the Attorney General 
to compile information regarding instances when law 
enforcement's efforts have been stymied because of the use of 
strong encryption products.

                  Background and Need for Legislation

    Encryption is the commonly-used term to describe the use of 
cryptography to ensure the confidentiality of messages. 
Encryption products may be computer software, computer 
hardware, or another piece of equipment that has the capability 
to encode or decode messages. These products could be used over 
any electronic medium (e.g., the public switched telephone 
network or the Internet). The strength of an encryption 
product, and thus the likelihood that a message will remain 
confidential as it travels through a network, is measured in 
terms of bits. For example, a two-bit code results in four 
possible combinations of messages (00, 01, 10, 11), whereas a 
56-bit code results in quadrillions of possible combinations. 
While encrypting messages was historically the province of the 
military, the growing use of computers on both public and 
private networks has led to development of new products 
designed for non-military purposes.
    As commercially-available encryption products have 
increased in strength over the years, the law enforcement 
community, led by the Federal Bureau of Investigations (FBI) 
and National Security Agency, has become increasingly concerned 
with the ability of criminals, international terrorists, and 
certain countries to gain access to encryption products. 
Consequently, the Reagan, Bush, and Clinton Administrations 
have prohibited the export of encryption products with 
strengths greater than 40-bit key length to limit the 
proliferation of advanced encryption products that would affect 
their ability to protect the public safety. In general, a 
``key'' is a form of information that is used in a mathematical 
formula, code, or algorithm to decrypt wire communications, 
electronic communications, or electronically stored information 
that has been encrypted. The Federal Government has never 
limited the use of encryption products domestically.
    In 1996, the Administration eased the export restrictions 
and transferred control of export products from the Department 
of State to the Department of Commerce. The Department of 
Commerce's new regulations, which embody the Administration's 
current encryption export policies, can be summarized as 
follows:
          There are no restrictions on the ability to buy, 
        sell, manufacture, or distribute encryption products 
        within the United States;
          Encryption items up to 56-bit key length strength 
        without a ``key recovery system'' will be permitted for 
        export and re-export after a one-time review, if the 
        exporter makes satisfactory commitments to build and/or 
        market a key recovery system. This relaxation of 
        controls expires on December 31, 1998. A key recovery 
        system permits a person to hold and maintain sufficient 
        decryption information to allow for the immediate 
        decryption of the encrypted data or communications of 
        another person for whom that information is held;
          Weaker encryption products (40-bit key strength or 
        less) or company proprietary software may be exported 
        after a one-time review;
          Controlled encryption items (such as those items with 
        strengths greater than 56-bit length) may be exported 
        after a one-time review if the items contain key-
        recovery technology;
          Controlled encryption items used by banks and 
        financial institutions are generally available for 
        export regardless of whether key recovery is used; and
          In general, there is a prohibition on exporting 
        encryption items to Cuba, Iran, Iraq, Libya, North 
        Korea, Syria, and Sudan.
    The Committee on Commerce has been actively following and 
involved in the encryption debate this Congress. For example, 
in March 1997, Chairman Bliley and Representative White wrote 
letters to government leaders and the business community asking 
a series of questions on the Administration's current policies 
and on pending legislation. The letters and responses 
highlighted the two fundamental issues regarding encryption 
debate: (1) should domestic companies be permitted to export 
encryption products of any strength, thus increasing the 
availability of such products in the global market; and (2) 
should the United States impose any domestic restrictions on 
the use of encryption products to assist law enforcement's 
access to encrypted communications. In general, sound 
encryption policy must balance privacy interests with society's 
interest to protect the public. To the greatest extent 
possible, it must also be based on free-market principles.
    Regarding the arguments in the debate, the business 
community argues that current U.S. encryption policy harms 
domestic businesses abroad because they are forced to export 
weak encryption products that compete with stronger foreign 
encryption products. Many representatives of the business 
community also argue that the security of a strong encryption 
product is jeopardized if it contains a key-recoverable 
feature. In addition, the business community generally argues 
that the current policy may impose excessive costs on the 
industry to the extent they may be forced to develop costly, 
new key recovery products; manufacture two different products 
(one for the U.S. (strong) and one for abroad (weaker)); and/or 
be subject to a burdensome licensing process. Instead, they 
maintain that a key-recovery system should be developed only if 
there is market demand for such products.
    Alternatively, government officials, which include Federal, 
State, and local law enforcement officials, argue that 
permitting the export of stronger encryption products without a 
clear mechanism to decrypt a communication or stored 
information, when necessary and lawful, will jeopardize public 
safety and national security. They believe that key-recovery 
systems must be developed, not only to facilitate lawful 
searches and seizures, but to help users or employers in the 
event they lose the ``key'' to decrypt a message. They also 
argue that widespread use of strong encryption without key 
recovery would end the use of wiretapping as a tool for 
fighting crime and that lifting the export restrictions will 
undermine the Administration's effort to develop a global key-
management infrastructure. In addition, they counter that most 
foreign countries view lifting the export restrictions as 
America's attempt to dominate world markets at the expense of 
other nation's national security, thereby forcing these 
countries to adopt import restrictions to keep American 
products out of their countries.
    The existing encryption policy is premised upon the belief 
that minimizing the proliferation of U.S. manufactured 
encryption products worldwide will minimize the use of 
encryption products overall. Thus, current U.S. encryption 
policy is based upon the theory of containment rather than 
access. The Committee is not convinced that reliance on export 
restrictions provides adequate assistance to law enforcement in 
their ever increasing need to keep up with the latest 
technologies. In fact, the Committee finds that the current 
export rules place our domestic manufacturers of encryption 
products at a competitive disadvantage with our foreign 
counterparts without addressing the needs of law enforcement. 
Thus, at a minimum, current export law is not sustainable and 
potentially harmful to our domestic manufacturers.
    At the same time, the needs of law enforcement are not 
being met by changes in technology. The Fourth Amendment and 
Title III of the Omnibus Crime Control and Safe Streets Act of 
1968 permit law enforcement agencies to search, seize, and 
intercept electronic communications and stored data. With the 
development of strong encryption technologies, however, law 
enforcement's efforts are being thwarted because even though 
they can search, seize, or intercept the information, they 
cannot understand it because it is encoded. Without the 
necessary tools, law enforcement does not have the ability to 
prevent and solve crimes.
    Consequently, legislation is needed to address the needs of 
law enforcement to access encrypted communications and to ease 
existing export restrictions that hamper domestic manufacturers 
of encryption products.
    As reported by the Committee on Commerce, H.R. 695 takes a 
significant step towards addressing the concerns of law 
enforcement. The legislation creates a ``National Electronic 
Technologies Center'' (NET Center) that will assemble experts 
on encryption technology to develop and advise law enforcement 
officials on how to access encrypted electronic communications 
or information. The NET Center also will look to the future and 
assist law enforcement with decryption techniques as new 
technologies are introduced. The Committeeconcludes that a 
partnership between the industry and law enforcement is the best way to 
help law enforcement protect public safety.
    The bill, as reported by the Committee, also addresses the 
needs of domestic manufacturers of encryption products by 
granting export relief for certain encryption products. This 
change in export policy should place the U.S. computer industry 
in a position where domestic companies can compete on a level 
playing field with their competitors in a global market. 
Moreover, H.R. 695 seeks to push for further relief for our 
manufacturers by directing the Department of Commerce to reduce 
foreign impediments to trade. The Committee has an obligation, 
through its jurisdiction over export promotion, to ensure that 
U.S. companies are not harmed in any way by unnecessary or 
unjust trade barriers.
    Overall, the Committee finds that H.R. 695, as reported, 
strikes the appropriate balance between the needs of law 
enforcement and those of industry.

                                Hearings

    The Subcommittee on Telecommunications, Trade, and Consumer 
Protection held a hearing on H.R. 695, the Security and Freedom 
Through Encryption (SAFE) Act, on September 4, 1997. The 
Subcommittee received testimony from the following witnesses: 
The Honorable Bob Goodlatte, U.S. Representative, Sixth 
District, Commonwealth of Virginia; The Honorable Zoe Lofgren, 
U.S. Representative, Sixteenth District, State of California; 
The Honorable William A. Reinsch, Under Secretary of Commerce 
for Export Administration, U.S. Department of Commerce; The 
Honorable Robert S. Litt, Deputy Assistant Attorney General, 
Criminal Division, U.S. Department of Justice; Mr. Stephen T. 
Walker, President and CEO, Trusted Information Systems, Inc.; 
Mr. Tom Parenty, Director, Data/Communications Security, 
Sybase, Inc.; Mr. Jerry Berman, Executive Director, Center for 
Democracy and Technology; and Mr. George A. Keyworth, Chairman, 
Progress and Freedom Foundation. Prior to hearing from the 
witnesses, The Honorable William P. Crowell, Deputy Director of 
the National Security Agency, provided an overview on 
encryption and described some of the common terms used in the 
encryption debate.

                        Committee Consideration

    On September 24, 1997, the Committee on Commerce met in an 
open markup session to consider H.R. 695, the Security and 
Freedom Through Encryption (SAFE) Act. A unanimous consent 
request by Mr. Bliley to discharge the Subcommittee on 
Telecommunications, Trade, and Consumer Protection from further 
consideration and proceed to the immediate consideration of 
H.R. 695, as reported to the House by the Committee on the 
Judiciary, was agreed to without objection. The Committee 
ordered H.R. 695 reported to the House, amended, by a rollcall 
vote of 44 yeas to 6 nays.

                             Rollcall votes

    Clause 2(l)(2)(B) of rule XI of the Rules of the House 
requires the Committee to list the recorded votes on the motion 
to report legislation and amendments thereto. The following are 
the recorded votes on the motion to report H.R. 695 and on 
amendments offered to the measure, including the names of those 
Members voting for and against.



           committee on commerce--105th congress voice votes

    Bill: H.R. 695, Security and Freedom Through Encryption 
(SAFE) Act
    Amendment: Amendment in the Nature of a Substitute by Mr. 
Tauzin. (A unanimous consent request by Mr. Tauzin to have the 
Amendment in the Nature of a Substitute considered as base text 
for purposes of further amendment was agreed to without 
objection.)
    Disposition: Agreed to, amended, by a voice vote.
    Amendment: Amendment to the Tauzin Amendment in the Nature 
of a Substitute by Mr. Tauzin re: add a new section to direct 
the Secretary of Commerce to reduce interstate and foreign 
impediments to trade of encryption products and services.
    Disposition: Agreed to, by a voice vote.

                      Committee Oversight Findings

    Pursuant to clause 2(l)(3)(a) of rule XI of the Rules of 
the House of Representatives, the Committee held a legislative 
hearing and made findings that are reflected in this report.

              Committee on Government Reform and Oversight

    Pursuant to clause 2(l)(3)(D) of rule XI of the Rules of 
the House of Representatives, no oversight findings have been 
submitted to the Committee by the Committee on Government 
Reform and Oversight.

               New Budget Authority and Tax Expenditures

    In compliance with clause 2(l)(3)(B) of rule XI of the 
Rules of the House of Representatives, the Committee finds that 
H.R. 695, the Security and Freedom Through Encryption (SAFE) 
Act, would result in no new or increased budget authority or 
tax expenditures or revenues.

                        Committee Cost Estimate

    The Committee adopts as its own the cost estimate prepared 
by the Director of the Congressional Budget Office pursuant to 
section 403 of the Congressional Budget Act of 1974.

                  Congressional Budget Office Estimate

    Pursuant to clause 2(l)(3)(C) of rule XI of the Rules of 
the House of Representatives, the following is the cost 
estimate provided by the Congressional Budget Office pursuant 
to section 403 of the Congressional Budget Act of 1974:

                                     U.S. Congress,
                               Congressional Budget Office,
                                Washington, DC, September 29, 1997.
Hon. Tom Bliley,
Chairman, Committee on Commerce,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 695, the Security 
and Freedom Through Encryption (SAFE) Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contacts are Rachel 
Forward and Mark Grabowicz (for Federal costs), Alyssa 
Trzeszkowski (for revenues), and Pepper Santalucia (for the 
impact on State, local, and tribal governments.
            Sincerely,
                                         June E. O'Neill, Director.
    Enclosure.

H.R. 695--Security and Freedom Through Encryption (SAFE) Act

    Summary: H.R. 695 would allow individuals in the United 
States to use and sell any form of encryption and would 
prohibit states or the Federal Government from requiring 
individuals to relinquish the key to encryption products. The 
bill also would prevent the Bureau of Export Administration 
(BXA) in the Department of Commerce (DOC) from restricting the 
export of most nonmilitary encryption products. H.R. 695 would 
establish a National Electronic Technologies (NET) Center in 
the Department of Justice (DOJ) to provide assistance and 
information on encryption products to law enforcement officials 
and would require the Attorney General to maintain data on the 
instances in which encryption impedes or obstructs the ability 
of DOJ to enforce criminal laws. Finally, the bill would 
establish criminal penalties and fines for the use of 
encryption technologies to conceal incriminating information 
related to a felony.
    Assuming the appropriation of the necessary amounts, CBO 
estimates that enacting this bill would result in additional 
discretionary spending by DOC and DOJ of at least $28 million 
over the 1998-2002 period. Spending by DOC and DOJ for 
activities required by H.R. 695 would total at least $33 
million over the next five years. By comparison, CBO estimates 
that--under current policies--spending by BXA for reviewing the 
export of nonmilitary encryption products would total about 
$4.5 million over the same period. (Spending related to 
encryption exports by DOJ is negligible under current law.)
    Enacting H.R. 695 also would affect direct spending and 
receipts. Therefore, pay-as-you-go procedures would apply. CBO 
estimates, however, that the amounts of additional direct 
spending or receipts would not be significant.
    H.R. 695 contains no private-section mandates as defined in 
the Unfunded Mandates Reform Act of 1995 (UMRA). The bill 
contains intergovernmental mandates on state governments. CBO 
estimates, however, that states would not incur any costs to 
comply with the mandates.
    Estimated cost to the Federal Government: Spending Subject 
to Appropriation--Under current policy, BXA would likely spend 
about $900,000 a year reviewing exports of encryption products. 
Assuming appropriation of the necessary amounts, CBO estimates 
that enacting H.R. 695 would lower BXA's encryption-related 
costs to about $500,000 a year. In November 1996, the 
Administration issued an executive order and memorandum that 
authorized BXA to control the export of all nonmilitary 
encryption products. If H.R. 695 were enacted, BXA would still 
be required to review requests to export most computer hardware 
with encryption capabilities but would not be required to 
review most requests to export computer software with 
encryption capabilities. Thus, enacting H.R. 695 would reduce 
the costs to BXA to control the exports of nonmilitary 
encryption products.
    H.R. 695 would require the Secretary of Commerce to conduct 
a number of studies on electronic commerce and domestic and 
foreign impediments to trade in encryption products. Based on 
information from the Department of Commerce, CBO estimates that 
completing the required studies would cost about $1 million in 
fiscal year 1998, assuming appropriation of the necessary 
amount.
    H.R. 695 would establish within DOJ the NET Center, which 
generally would assist Federal, State, and local law 
enforcement agencies with issues involving encryption and 
information security. The bill would assign the NET Center a 
broad range of duties, including providing information and 
assistance, serving as an information clearinghouse, and 
conducting research. The costs to establish and operate the NET 
Center could depend on the extent to which service would be 
provided to the law enforcement community nationwide. Based on 
information from DOJ, we estimate that the minimum costs to 
fulfill the bill's requirements would be roughly $5 million 
annually, but the costs could be much greater. Any spending 
relating to the NET Center would be subject to the availability 
of appropriations.
    DOJ would also be required to collect and maintain data on 
the instances in which encryption impedes or obstructs the 
ability of the agency to enforce criminal laws. CBO projects 
that collecting and maintaining the data would cost DOJ between 
$500,000 and $1 million a year, assuming appropriation of the 
necessary amounts.
    Direct Spending and Revenues--Enacting H.R. 695 would 
affect direct spending and receipts by imposing criminal fines 
for encrypting incriminating information related to a felony. 
CBO estimates that collectionsfrom such fines are likely to be 
negligible, however, because the federal government would probably not 
pursue many cases under the bill. Any such collections would be 
recorded in the budget as governmental receipts, or revenues. They 
would be deposited in the Crime Victims Fund and spent the following 
year. Because the increase in direct spending would be the same as the 
amount of fines collected with a one-year lag, the additional direct 
spending also would be negligible.
    Direct spending and revenues also could result from the 
provision that would allow the NET Center to accept donations 
to further the work of the office. CBO expects that any 
contributions (recorded in the budget as revenues) would be 
used in the same year as they were received. Therefore, we 
estimate that the net budgetary impact of the gift authority 
granted to the NET Center would be negligible for all years.
    The costs of this legislation fall within budget function 
370 (commerce and housing credit) and 750 (administration of 
justice).
    Pay-as-you-go-considerations: Section 252 of the Balanced 
Budget and Emergency Control Act of 1985 sets up pay-as-you-go 
procedures for legislation affecting direct spending or 
receipts. H.R. 695 would affect direct spending and receipts by 
imposing criminal fines and by allowing the new NET Center to 
accept donations. CBO estimates that the amounts of additional 
direct spending and receipts would not be significant.
    Estimated Impact on State, local, and tribal Governments: 
H.R. 695 would prohibit states from requiring anyone in lawful 
possession of an encryption key to make that key available to 
another person or entity. The bill would also prohibit states 
from conditioning the issuance of certificates of authenticity 
or certificates of authority for encryption products on the 
sharing of encryption keys Finally, the bill would prohibit 
states from establishing licensing, labeling, or other 
regulatory schemes for encryption products that would require 
the sharing of encryption keys. These prohibitions would be 
intergovernmental mandates as defined in UMRA. However, states 
would bear no costs as a result of these mandates, because none 
currently have laws that would violate these provisions of the 
bill.
    H.R. 695 would also establish a center in the Justice 
Department that would provide information and assistance 
regarding decryption techniques to federal, state, and local 
law enforcement authorities.
    Estimated impact on the private sector: The bill would 
impose no new private-sector mandates as defined in UMRA.
    Previous CBO estimates: CBO provided cost estimates for 
H.R. 695 as ordered reported by the House Committee on the 
Judiciary on May 14, 1997, by the House Committee on 
International Relations on July 22, 1997, by the House 
Committee on National Security on September 9, 1997, and by the 
House Committee on Intelligence on September 11, 1997. Assuming 
appropriation of the necessary amounts, CBO estimates that 
costs over the 1998-2002 period would total between $5 million 
and $7 million for the Judiciary Committee's version, about 
$2.2 million for the International Relations Committee's 
version, about $4.5 million for the National Security 
Committee's version, and between $9 million and $11.6 million 
for the Intelligence Committee's version. In comparison, CBO 
estimates that enacting this version of the bill would cost at 
least $33 million over the 1998-2002 period and that spending 
under current policies would total $44.5 million over the same 
period.
    Estimate prepared by: Federal costs: Rachel Forward and 
Mark Grabowicz; Revenues: Alyssa Trzeszkowski; Impact on State, 
local, and tribal governments: Pepper Santalucia.
    Estimate approved by: Robert A. Sunshine, Deputy Assistant 
Director for Budget Analysis.

                       Federal Mandates Statement

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

                      Advisory Committee Statement

    H.R. 695 creates an Advisory Board of the Strategic NET 
Center for Excellence in Information Security, which is 
intended to advise the Federal Government on new technologies 
relating to encryption.

                   Constitutional Authority Statement

    Pursuant to clause 2(l)(4) of rule XI of the Rules of the 
House of Representatives, the Committee finds that the 
Constitutional authority for this legislation is provided in 
Article I, section 8, clause 3, which grants Congress the power 
to regulate commerce with foreign nations, among the several 
States, and with the Indian tribes.

                  Applicability to Legislative Branch

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

             Section-by-Section Analysis of the Legislation

                         SECTION 1. SHORT TITLE

    Section 1 provides that H.R. 695 may be cited as the 
``Security and Freedom Through Encryption (SAFE) Act.''

                 SECTION 2. SALE AND USE OF ENCRYPTION

    Subsection 2(a) of H.R. 695 creates a new chapter 125 in 
title 18 of the United States Code. This chapter 125 would 
include new sections 2801-012.

Section 2801. Definitions

    New section 2801 provides for definitions of terms to be 
used in the chapter. Many of the definitions used are 
explicitly taken from the definitions in the existing Federal 
wiretap statute, 18 U.S.C. Sec. 2510 et seq. Several new 
definitions are added, however, including ``encrypt'' and 
``encryption,'' which generally refer to the encoding of a 
communication using mathematical formulas in order to preserve 
the confidentiality of such communication.

Section 2802. Assistance for law enforcement

    New section 2802 contains several subsections regarding 
domestic encryption issues. Subsection 2802(a) establishes 
within the Department of Justice a National Electronic 
Technologies Center (referred to as the ``NET Center''). The 
primary purpose of the NET Center is to provide technical 
assistance to law enforcement agencies so that they may cope 
with new technology challenges. Specifically, the NET Center 
will be responsible for serving as a national center for 
Federal, State, and local law enforcement authorities for 
information and assistance regarding decryption. It will also 
serve as a national center where industry and government can 
gather to exchange information regarding data security. In 
addition, the NET Center will be required to: (1) examine 
encryption techniques and methods to facilitate the ability of 
law enforcement to gain access to plaintext of communications 
and electronic information; (2) conduct research to improve law 
enforcement's means of access to encrypted communications; (3) 
determine whether other techniques can be used to help law 
enforcement access communications and electronic information; 
and (4) obtain information regarding the most current computer 
hardware, computer software, and telecommunications equipment 
to understand how best to access communications.
    Administratively, the Attorney General will appoint the 
Director of the NET Center and the Director will be responsible 
for hiring personnel that he or she determines is necessary to 
carry out the duties of the NET Center. Other Federal 
Government agencies may also ``loan'' personnel to the NET 
Center or provide facilities, information, and other non-
personnel resources. In addition, the NET Center may accept 
donations in the form of money, services, or property from the 
private sector to help it function. Such donations shall be 
deposited in the Treasury and shall be available for 
disbursement upon order of the Director.
    Within two months after the date of enactment of this Act, 
the Attorney General will be required to develop a plan for the 
establishment of the NET Center. The plan must be published in 
the Federal Register and must identify: the physical location 
of the NET Center; equipment, software, and personnel necessary 
for the NET Center to function; the amount of funding necessary 
to establish and operate the NET Center; and sources of 
probable funding for the NET Center.
    In addition, subsection 2802(a) creates an Advisory Board 
of the Strategic NET Center for Excellence in Information 
Security, which is intended to advise the government on new 
technologies relating to encryption. The Attorney General is 
required to appoint a chairman of the Advisory Board and 
members of the Advisory Board must have technical expertise in 
the field of encryption, decryption, electronic communication, 
information security, electronic commerce, or law enforcement. 
More specifically, the purpose of the Advisory Board is to 
advise the NET Center and the Federal Government regarding new 
and emerging technologies relating to encryption and decryption 
of communications and electronic information.
    Subsection 2802(b) clarifies that it is lawful for any 
person in the United States to use any encryption product, 
regardless of the encryption algorithm selected, key length 
chosen, implementation technique used, or medium used. This 
subsection also prohibits the adoption of Federal or State law 
or regulation that would condition the issuance of certificates 
of authentication for any encryption product upon any escrowing 
or other sharing of private encryption keys, whether the 
escrowing is done with private agents or government entities. 
Domestic laws or regulations also could not establish a 
licensing, labeling, or other regulatory scheme for any 
encryption product that requires key escrow as a condition of 
licensing or regulatory approval.

Section 2803. Freedom to sell encryption

    New section 2803 states that it is legal for any person in 
the United States to sell in interstate commerce encryption 
products using any form of encryption regardless of the 
algorithm, key length, or technique used. The Committee intends 
that sections 2802 and 2803 should be read as limitations on 
government power. They should not be read as overriding 
otherwise lawful employer policies concerning employee use of 
the employer's computer system, nor as limiting the employer's 
otherwise lawful means for remedying violations of those 
policies.

Section 2804. Prohibition on mandatory key escrow

    New section 2804 states that no person in lawful possession 
of a key used to encrypt or decrypt a communication or 
information can be required by Federal or State law to 
relinquish control of that key to another person. This section 
is meant to be consistent with subsection 2802(b) regarding 
limitations on the escrowing of keys. An exception is provided, 
however, for law enforcement. That is, a law enforcement 
officer or any member of the intelligence community acting 
pursuant to lawful authority may require a party to release a 
key in order to gain access to encrypted communications or 
information.

Section 2805. Unlawful use of encryption in furtherance of a criminal 
        act

    New section 2805 makes it a crime to encrypt incriminating 
communications with the intent to conceal information in order 
to avoid detection by law enforcement agencies or prosecution. 
A person found guilty of this offense may be fined, imprisoned 
for not more than 10 years, or both. Second and subsequent 
offenses may result in a fine, imprisonment of not more than 20 
years, or both.

Section 2806. Liability limitations

    New section 2806 protects persons from being subject to 
criminal or civil liability if they provide access to the 
plaintext of an encrypted communications or electronic 
information for the benefit of any law enforcement official or 
authorized government entity, so long as these entities operate 
through the appropriate judicial process.
    Subsection 2(b) requires the National Telecommunications 
and Information Administration of the Department of Commerce to 
conduct a study and prepare and submit an encryption report to 
the Congress and the President. The report must determine what 
effect a mandatory key recovery system would have on electronic 
commerce, data security, privacy, and law enforcement 
activities. The report must also assess other possible methods 
for providing access to encrypted communications and 
information to further law enforcement activities.
    Subsection 2(c) of H.R. 695 provides for a conforming 
amendment to the table of chapters in title 18, United States 
Code.

                    section 3. exports of encryption

    Subsection 3(a) of H.R. 695 amends the Export 
Administration Act of 1979 by creating a new subsection (g) to 
50 U.S.C. App. Sec. 2416. New subsection (g)(1) would place all 
encryption products, except those specifically designed or 
modified for military use, under the exclusive jurisdiction of 
the Secretary of Commerce (the Secretary).
    New subsection (g)(2) allows encryption products, such as 
encryption software and computing devices that include 
encryption software, that are generally available or in the 
public domain, such as mass-market products, to be exported 
pursuant to a general license exception. New subsections (g)(3) 
and (g)(4) permit the export of encryption products that are 
not generally considered mass-market products and consequently, 
require a license for export. The Secretary retains the 
authority to disapprove a license request for the export of 
software if there is substantial evidence that it will be put 
to military or terrorist uses or that it will be re-exported 
without U.S. authorization. New subsection (g)(5) provides 
definitions.
    Subsection 3(b) of H.R. 695 provides that for purposes of 
carrying out the amendment made by subsection 3(a), the Export 
Administration Act shall be deemed to be in effect. This 
statement is necessary because Congress allowed the Export 
Administration Act to lapse in 1994. To date, it has not been 
renewed, and its policies have been continued by Executive 
Order.

 section 4. treatment of encryption in interstate and foreign commerce

    Section 4 requires the Secretary of Commerce to undertake 
certain activities in order to promote the export of U.S. 
encryption products in the global market. Through such 
instruction to the Secretary of Commerce, the Committee on 
Commerce intends to promote robust participation by U.S. firms 
in the development of global electronic commerce.
    Subsection 4(a) requires the Secretary to complete an 
inquiry within 180 days of the enactment of this Act to 
identity both domestic and foreign impediments to trade in 
encryption products and services. Such an inquiry would include 
the identification of import restrictions maintained by other 
countries that constitute unfair barriers. The inquiry would 
also include an examination of U.S. regulations, such as export 
restrictions, that may actually impede trade in encryption 
products and services.
    Subsection 4(b) requires the Secretary to adopt regulations 
within one year of the Act's enactment that are intended to 
reduce foreign and domestic impediments to encryption products 
and services. The regulations must be designed to promote the 
sale in foreign markets of U.S. encryption products and 
services, including through strengthening the competitiveness 
of U.S. providers of such products and services.
    Subsection 4(c)(1) requires that upon completion of the 
six-month inquiry into foreign and domestic impediments to 
trade in encryption products and services, the Secretary shall 
submit a report to the President on his or her findings. The 
report must include a determination by the Secretary on what 
impediments may require international negotiation to reduce.
    Subsection 4(c)(2) requires the President to negotiate with 
other countries for agreements designed to promote encryption 
products and services and to achieve mutual recognition of 
export controls. Export controls may be designed to preserve 
countries' national security, safeguard privacy interests, and 
prevent commercial espionage. Mutual recognition of export 
controls will promote the sale in foreign commerce of U.S. 
encryption products and services by facilitating a common 
approach by the U.S. and our trading partners. Subsection 
4(c)(2) also enables the President to consider a country's 
refusal to negotiate such agreements when considering U.S. 
participation in an assistance or cooperation program with that 
country. Finally, the subsection requires the President to 
submit a report to the Congress regarding the status of his 
efforts on encryption not later than December 31, 2000.
    Subsection 4(d) provides definitions.

            section 5. effect on law enforcement activities

    Subsection 5(a) requires the Attorney General to compile 
information on instances in which encryption has interfered 
with, impeded, or obstructed the ability of the Department of 
Justice to enforce Federal criminal law and to maintain that 
information in classified form. Subsection 5(b) requires that 
the Attorney General shall make the information compiled under 
subsection 5(a), including an unclassified summary, available 
to Members of Congress upon request.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3 of rule XIII of the Rules of the 
House of Representatives, changes in existing law made by the 
bill, as reported, are shown as follows (new matter is printed 
in italics and existing law in which no change is proposed is 
shown in roman):

                      TITLE 18, UNITED STATES CODE

                             * * * * * * *

                             PART I--CRIMES

Chap.                                                               Sec.
1.     General provisions.........................................     1
2.     Aircraft and motor vehicles................................    31
                              * * * * * * *
125.   Encrypted wire and electronic information..................  2801
                              * * * * * * *

         CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

2801. Definitions.
2802. Assistance for law enforcement.
2803. Freedom to sell encryption.
2804. Prohibition on mandatory key escrow.
2805. Unlawful use of encryption in furtherance of a criminal act.
2806. Liability limitations.

Sec. 2801. Definitions

  As used in this chapter--
          (1) the terms ``person'', ``State'', ``wire 
        communication'', ``electronic communication'', and 
        ``investigative or law enforcement officer'' have the 
        meanings given those terms in section 2510 of this 
        title;
          (2) the terms ``encrypt'' and ``encryption'' refer to 
        the scrambling of wire communications, electronic 
        communications, or electronically stored information, 
        using mathematical formulas or algorithms in order to 
        preserve the confidentiality, integrity, or 
        authenticity of, and prevent unauthorized recipients 
        from accessing or altering, such communications or 
        information;
          (3) the term ``key'' means the variable information 
        used in a mathematical formula, code, or algorithm, or 
        any component thereof, used to decrypt wire 
        communications, electronic communications, or 
        electronically stored information, that has been 
        encrypted; and
          (4) the term ``United States person'' means--
                  (A) any United States citizen;
                  (B) any other person organized under the laws 
                of any State; and
                  (C) any person organized under the laws of 
                any foreign country who is owned or controlled 
                by individuals or persons described in 
                subparagraphs (A) and (B).

Sec. 2802. Assistance for law enforcement

  (a) National Electronic Technologies Center.--
          (1) Establishment.--There is established in the 
        Department of Justice a National Electronic 
        Technologies Center (in this subsection referred to as 
        the ``NET Center'').
          (2) Director.--The NET Center shall have a Director, 
        who shall be appointed by the Attorney General.
          (3) Duties.--The duties of the NET Center shall be--
                  (A) to serve as a center for Federal, State, 
                and local law enforcement authorities for 
                information and assistance regarding decryption 
                and other access requirements;
                  (B) to serve as a center for industry and 
                government entities to exchange information and 
                methodology regarding information security 
                techniques and technologies;
                  (C) to examine encryption techniques and 
                methods to facilitate the ability of law 
                enforcement to gain efficient access to 
                plaintext of communications and electronic 
                information;
                  (D) to conduct research to develop efficient 
                methods, and improve the efficiency of existing 
                methods, of accessing plaintext of 
                communications and electronic information;
                  (E) to investigate and research new and 
                emerging techniques and technologies to 
                facilitate access to communications and 
                electronic information, including--
                          (i) reverse-steganography;
                          (ii) decompression of information 
                        that previously has been compressed for 
                        transmission; and
                          (iii) de-multiplexing; and
                  (F) to obtain information regarding the most 
                current hardware, software, telecommunications, 
                and other capabilities to understand how to 
                access information transmitted across networks.
          (4) Equal access.--State and local law enforcement 
        agencies and authorities shall have access to 
        information, services, resources, and assistance 
        provided by the NET Center to the same extent that 
        Federal law enforcement agencies and authorities have 
        such access.
          (5) Personnel.--The Director may appoint such 
        personnel as the Director considers appropriate to 
        carry out the duties of the NET Center.
          (6) Assistance of other federal agencies.--Upon the 
        request of the Director of the NET Center, the head of 
        any department or agency of the Federal Government may, 
        to assist the NET Center in carrying out its duties 
        under this subsection--
                  (A) detail, on a reimbursable basis, any of 
                the personnel of such department or agency to 
                the NET Center; and
                  (B) provide to the NET Center facilities, 
                information, and other non-personnel resources.
          (7) Private industry assistance.--The NET Center may 
        accept, use, and dispose of gifts, bequests, or devises 
        of money, services, or property, both real and 
        personal, for the purpose of aiding or facilitating the 
        work of the Center. Gifts, bequests, or devises of 
        money and proceeds from sales of other property 
        received as gifts, bequests, or devises shall be 
        deposited in the Treasury and shall be available for 
        disbursement upon order of the Director of the NET 
        Center.
          (8) Advisory board.--
                  (A) Establishment.--There is established the 
                Advisory Board of the Strategic NET Center for 
                Excellence in Information Security (in this 
                paragraph referred to as the ``Advisory 
                Board''), which shall be comprised of members 
                who have the qualifications described in 
                subparagraph (B) and who are appointed by the 
                Attorney General. The Attorney General shall 
                appoint a chairman of the Advisory Board.
                  (B) Qualifications.--Each member of the 
                Advisory Board shall have experience or 
                expertise in the field of encryption, 
                decryption, electronic communication, 
                information security, electronic commerce, or 
                law enforcement.
                  (C) Duties.--The duty of the Advisory Board 
                shall be to advise the NET Center and the 
                Federal Government regarding new and emerging 
                technologies relating to encryption and 
                decryption of communications and electronic 
                information.
          (9) Implementation plan.--Within 2 months after the 
        date of the enactment of the Security and Freedom 
        Through Encryption (SAFE) Act, the Attorney General 
        shall, in consultation and cooperation with other 
        appropriate Federal agencies and appropriate industry 
        participants, develop and cause to be published in the 
        Federal Register a plan for establishing the NET 
        Center. The plan shall--
                  (A) specify the physical location of the NET 
                Center and the equipment, software, and 
                personnel resources necessary to carry out the 
                duties of the NET Center under this subsection;
                  (B) assess the amount of funding necessary to 
                establish and operate the NET Center; and
                  (C) identify sources of probable funding for 
                the NET Center, including any sources of in-
                kind contributions from private industry.
  (b) Freedom of Use.--Subject to section 2805, it shall be 
lawful for any person within any State, and for any United 
States person in a foreign country, to use any encryption, 
regardless of the encryption algorithm selected, encryption key 
length chosen, or implementation technique or medium used. No 
Federal or State law or regulation may condition the issuance 
of certificates of authentication or certificates of authority 
for any encryption product upon any escrowing or other sharing 
of private encryption keys, whether with private agents or 
government entities, or establish a licensing, labeling, or 
other regulatory scheme for any encryption product that 
requires key escrow as a condition of licensing or regulatory 
approval.

Sec. 2803. Freedom to sell encryption

  Subject to section 2805, it shall be lawful for any person 
within any State to sell in interstate commerce any encryption, 
regardless of the encryption algorithm selected, encryption key 
length chosen, or implementation technique or medium used.

Sec. 2804. Prohibition on mandatory key escrow

  (a) Prohibition.--No person in lawful possession of a key to 
encrypted communications or information may be required by 
Federal or State law to relinquish to another person control of 
that key.
  (b) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any 
investigative or law enforcement officer, or any member of the 
intelligence community as defined in section 3 of the National 
Security Act of 1947 (50 U.S.C. 401a), acting under any law in 
effect on the effective date of this chapter, to gain access to 
encrypted communications or information.

Sec. 2805. Unlawful use of encryption in furtherance of a criminal act

  Any person who, in the commission of a felony under a 
criminal statute of the United States, knowingly and willfully 
encrypts incriminating communications or information relating 
to that felony with the intent to conceal such communications 
or information for the purpose of avoiding detection by law 
enforcement agencies or prosecution--
          (1) in the case of a first offense under this 
        section, shall be imprisoned for not more than 10 
        years, or fined in the amount set forth in this title, 
        or both; and
          (2) in the case of a second or subsequent offense 
        under this section, shall be imprisoned for not more 
        than 20 years, or fined in the amount set forth in this 
        title, or both.

Sec. 2806. Liability limitations

  No person shall be subject to civil or criminal liability for 
providing access to the plaintext of encrypted communications 
or electronic information to any law enforcement official or 
authorized government entity, pursuant to judicial process.
          * * * * * * *
                              ----------                              


          SECTION 17 OF THE EXPORT ADMINISTRATION ACT OF 1979

                          effect on other acts

  Sec. 17. (a) * * *
                             * * * * * * *
  (g) Computers and Related Equipment.--
          (1) General rule.--Subject to paragraphs (2), (3), 
        and (4), the Secretary shall have exclusive authority 
        to control exports of all computer hardware, software, 
        and technology for information security (including 
        encryption), except that which is specifically designed 
        or modified for military use, including command, 
        control, and intelligence applications.
          (2) Items not requiring licenses.--No validated 
        license may be required, except pursuant to the Trading 
        With The Enemy Act or the International Emergency 
        Economic Powers Act (but only to the extent that the 
        authority of such Act is not exercised to extend 
        controls imposed under this Act), for the export or 
        reexport of--
                  (A) any software, including software with 
                encryption capabilities--
                          (i) that is generally available, as 
                        is, and is designed for installation by 
                        the purchaser; or
                          (ii) that is in the public domain for 
                        which copyright or other protection is 
                        not available under title 17, United 
                        States Code, or that is available to 
                        the public because it is generally 
                        accessible to the interested public in 
                        any form; or
                  (B) any computing device solely because it 
                incorporates or employs in any form software 
                (including software with encryption 
                capabilities) exempted from any requirement for 
                a validated license under subparagraph (A).
          (3) Software with encryption capabilities.--The 
        Secretary shall authorize the export or reexport of 
        software with encryption capabilities for nonmilitary 
        end uses in any country to which exports of software of 
        similar capability are permitted for use by financial 
        institutions not controlled in fact by United States 
        persons, unless there is substantial evidence that such 
        software will be--
                  (A) diverted to a military end use or an end 
                use supporting international terrorism;
                  (B) modified for military or terrorist end 
                use; or
                  (C) reexported without any authorization by 
                the United States that may be required under 
                this Act.
          (4) Hardware with encryption capabilities.--The 
        Secretary shall authorize the export or reexport of 
        computer hardware with encryption capabilities if the 
        Secretary determines that a product offering comparable 
        security is commercially available outside the United 
        States from a foreign supplier, without effective 
        restrictions.
          (5) Definitions.--As used in this subsection--
                  (A) the term ``encryption'' means the 
                scrambling of wire or electronic information 
                using mathematical formulas or algorithms in 
                order to preserve the confidentiality, 
                integrity, or authenticity of, and prevent 
                unauthorized recipients from accessing or 
                altering, such information;
                  (B) the term ``generally available'' means, 
                in the case of software (including software 
                with encryption capabilities), software that is 
                offered for sale, license, or transfer to any 
                person without restriction, whether or not for 
                consideration, including, but not limited to, 
                over-the-counter retail sales, mail order 
                transactions, phone order transactions, 
                electronic distribution, or sale on approval;
                  (C) the term ``as is'' means, in the case of 
                software (including software with encryption 
                capabilities), a software program that is not 
                designed, developed, or tailored by the 
                software publisher for specific purchasers, 
                except that such purchasers may supply certain 
                installation parameters needed by the software 
                program to function properly with the 
                purchaser's system and may customize the 
                software program by choosing among options 
                contained in the software program;
                  (D) the term ``is designed for installation 
                by the purchaser'' means, in the case of 
                software (including software with encryption 
                capabilities) that--
                          (i) the software publisher intends 
                        for the purchaser (including any 
                        licensee or transferee), who may not be 
                        the actual program user, to install the 
                        software program on a computing device 
                        and has supplied the necessary 
                        instructions to do so, except that the 
                        publisher may also provide telephone 
                        help line services for software 
                        installation, electronic transmission, 
                        or basic operations; and
                          (ii) the software program is designed 
                        for installation by the purchaser 
                        without further substantial support by 
                        the supplier;
                  (E) the term ``computing device'' means a 
                device which incorporates one or more 
                microprocessor-based central processing units 
                that can accept, store, process, or provide 
                output of data; and
                  (F) the term ``computer hardware'', when used 
                in conjunction with information security, 
                includes, but is not limited to, computer 
                systems, equipment, application-specific 
                assemblies, modules, and integrated circuits.

                            DISSENTING VIEWS

    While we are supportive of the stated goals of H.R. 695, 
particularly with respect to the promotion of U.S. technology 
exports, we have serious reservations about the bill as 
reported. It is our view that the provisions ultimately agreed 
to by the Committee with regard to the technological 
requirements of law enforcement and national security agencies 
are thoroughly inadequate to the missions at hand.
    We do not question the importance of encryption technology 
for purposes of protecting electronic commerce, consumer 
privacy, and proprietary information, nor do we doubt the value 
of enhancing U.S. access to foreign markets for these products 
and services. We have great confidence in the ability of 
American firms to develop the most impenetrable encryption 
products in the world and market them globally.
    Indeed, it is our very faith in the technological prowess 
of U.S. companies which leads us to conclude that authentic law 
enforcement and national security safeguards must be included 
in this legislation. It must be recognized that the 
proliferation of advanced encryption technology poses a dire 
threat to U.S. anti-crime, anti-terrorism, and counter-
espionage efforts. To fail to address this reality is to fail 
in or solemn responsibility to protect the lives and safety of 
the citizens of this country.
    Powerful encryption, in criminal hands or in the hands of 
enemies of the United States, can be turned to ill purposes 
with devastating consequences for members of a free society. An 
outlaw organization with the ability to communicate and store 
data without fear of detection is a significantly more 
dangerous entity. Organized crime syndicates, drug cartels, 
pedophile rings and terrorist organizations have already begun 
to utilize encryption technology to conceal their activities 
from investigatory agencies.
    It is our opinion that an updated U.S. encryption policy 
must allow for law enforcement and security agency access to 
the unscrambled text of encrypted communications and data, 
pursuant to legal authorization. We wish to clarify that we do 
not seek any additional authority for government agencies. We 
merely seek to ensure that police departments and security 
agencies will continue to have intelligible access to evidence 
to which they are legally entitled.
    In the context of H.R. 695, this means that encryption 
products and services must be made recoverable. There is no 
other way to ensure timely access to encrypted evidence. Timely 
recovery is crucial in the investigation and prevention of 
crime and acts of terror; the bill as reported will not achieve 
this. Claims to the contrary, unfortunately, are false.
    Included with these views are letters submitted by 
organizations and individuals whose sentiments on these matters 
comport with our own.

                                   Thomas J. Manton.
                                   J. Dennis Hastert.
                                   Michael G. Oxley.
                                   Greg Ganske.
                                ------                                

                        U.S. Department of Justice,
                           Federal Bureau of Investigation,
                                Washington, DC, September 24, 1997.
Hon. Thomas J. Bliley, Jr.
Chairman, Committee on Commerce,
Rayburn House Office Building, Washington, DC.
    Dear Mr. Chairman: We are writing you today on behalf of 
the entire law enforcement community to continue to urge you 
and the Members of the House Commerce Committee to support the 
Oxley/Manton Amendment to H.R. 695 during your Committee's 
mark-up of the bill today.
    In addition, we are aware that Congressmen Markey and White 
plan to offer an alternative amendment to the Oxley/Manton 
Amendment during the mark-up that has been represented to meet 
law enforcement's decryption needs by creating a ``National 
Electronic Technologies Center'' to foster the ``exchange of 
information and expertise'' between government and industry. 
Let us assure you that the adoption of the Markey/White 
Amendment in lieu of the Oxley/Manton Amendment will not 
address the law enforcement and public safety issues we have 
raised and would serve to provide an illusion and false sense 
of security to the American people that law enforcement's 
public safety needs in this area have been effectively 
addressed. In reality the adoption of the Markey/White 
Amendment will actually continue to allow for the proliferation 
of unbreakable encryption products for use by the general 
public regardless of their adverse impact on public safety and 
national security.
    The exchange of ideas between government and industry, 
which is the purpose of the center, is already occurring and 
has been for some time. The problem remains that absent an 
approach like Oxley/Manton, no technical solution for law 
enforcement is foreseeable. NSA agrees with our assessment. 
Having a central point of information and expertise might be 
helpful for sharing what is known but it will not solve the 
problem. Neither will enhanced criminal penalties.
    Law enforcement continues to support the adoption of a 
balanced encryption policy, one that meets the needs of 
industry for robust encryption to protect sensitive information 
and the privacy of communications while at the same time 
meeting law enforcement's immediate decryption needs to protect 
public safety when such robust encryption products are used to 
protect serious criminal activity. Law enforcement is in 
unanimous agreement that the widespread availability and use of 
unbreakable robust encryption products for use in the United 
States will ultimately devastate our ability to protect 
American citizens from violent criminals, international drug 
lords and prevent acts of terrorism directed at innocent 
Americans. It is for this reason that we are calling for a 
balanced solution to this problem. We believe that the 
provisions of the Oxley/Manton Amendment strike that balance 
and we urge your support for its adoption during today's mark-
up.
            Sincerely yours,
                                   Thomas Constantine,
                                           Administrator, Drug 
                                               Enforcement 
                                               Administration.
                                   Raymond W. Kelly,
                                           Undersecretary for 
                                               Enforcement, U.S. 
                                               Department of the 
                                               Treasury.
                                   Louis J. Freeh,
                                           Director.
                                ------                                

                            National Sheriffs' Association,
                                Alexandria, VA, September 23, 1997.
Hon. Thomas J. Bliley, Jr.
Chairman, Committee on Commerce,
Rayburn House Office Building, Washington, DC.
    Dear Mr. Chairman: I am writing to you today to urge you to 
support the Oxley Amendment to H.R. 695, the Security and 
Freedom Through Encryption Act. Without this amendment, H.R. 
695 fails to protect the needs of law enforcement.
    As you know, the access to intercepted communications or 
data when lawful authority exists is a fundamental tool that 
law enforcement employs in the fight against crime. 
Representative Oxley's amendment preserves that tool and 
enables law enforcement to thwart sophisticated criminal 
intentions. Criminals working with encryption technology can 
render traditional electronic surveillance methods obsolete and 
investigations are crippled without the ability to break the 
code. Meaningful encryption legislation has to ensure that law 
enforcement can gain timely access to the plaintext of 
encrypted conversations and information by established legal 
procedures.
    The National Sheriffs' Association supports the actions 
taken by the Committee on National Security and the Permanent 
Select Committee on Intelligence to give authorities a tool to 
use against terrorists and other criminals who want to hide 
information. Without adequate safeguards, H.R. 695 will allow 
the use of powerful encryption, which will deprive law 
enforcement of the ability to ensure public safety and create a 
haven for the computer literate criminal.
    Thank you for your consideration and we look forward to 
working with you to develop sound national policy on 
encryption. If I can provide you with any additional 
information, please do not hesitate to call on me at the 
National Sheriffs' Association at 1-800-424-7827.
            Sincerely,
                                      Fred W. Scoralick, President.
                                ------                                

                   National District Attorneys Association,
                                Alexandria, VA, September 19, 1997.
Hon. Michael G. Oxley,
Rayburn House Office Building,
Washington, DC.
    Dear Congressman Oxley: The National District Attorneys 
Association has, and continues to oppose H.R. 695, the 
``Security and Freedom Through Encryption (SAFE) Act,'' as 
introduced and now before the Committee for review. As local 
prosecutors, we are extremely concerned about the serious 
threat posed by the use of robust encryption products that do 
not allow for court approved law enforcement access and timely 
decryption that has been encrypted to carry out criminal 
activity (court authorized wiretaps or court authorized search 
and seizure). We do support a balanced encryption policy that 
satisfies both the commercial needs of industry for robust 
encryption while at the same time satisfying law enforcement's 
public safety needs. The Amendment offered by you and Mr. 
Manton achieves this balance.
    At the onset, we need to make perfectly clear, both to the 
Congress and to the American people that we seek no new 
authorities to intrude on Constitutionally protected rights of 
privacy nor do we seek any new authority to search for and 
seize evidence. Supporters of an unfettered encryption policy 
have made much of a fear for abuse of police powers and have 
lead many to believe that a decryption requirement will lead to 
random eavesdropping by police on our communications. This is 
far from the truth. Law enforcement does not seek any new 
authorities; we only seek the technological capability to 
preserve the current authority.
    At Federal, State and local levels of law enforcement there 
are strictly observed sets of judicial and administrative 
requirements that must be adhered to obtain a judicial 
authorization to intercept a communication and to continue such 
interceptions. Among these requirements must be a showing that 
there is probable cause to believe that criminal enterprise is 
on going and that all other means of obtaining evidence are to 
no avail. When a judge does authorize an interception there is 
frequently a requirement that the authorization must be 
reviewed periodically by the judge and there is always the 
mandate that any communications pertaining to criminal activity 
may not be monitored.
    We all recognize that encryption technology can be 
extremely beneficial when used legitimately to protect 
commercially sensitive information and private communications. 
The potential use, however, of such encryption products by 
criminals and terrorists to conceal their criminal 
communications and information from law enforcement poses an 
extremely serious threat to the public safety of our country.
    The introduction of digitally-based telecommunications 
technologies, as well as the widespread use of computers and 
computer networks having encryption capabilities, is 
facilitating the development and production of affordable and 
robust encryption products for the private sector. American 
industrial concerns are not misplaced in desiring to enhance 
markets for their products, but this must never be accomplished 
at the expense of the lives and safety of the American people.
    We are obligated, in the interests of our communities to 
oppose any efforts that endanger the people we have sworn to 
protect. Your amendment is an appropriate legislative solution 
to this complex problem in addressing both the needs of 
industry while at the same time satisfying the requirements of 
law enforcement as they pertain to protecting the American 
people. We most strongly urge the members of the Commerce 
Committee to support the Oxley/Manton Amendment.
            Sincerely,
                                      William L. Murphy, President.
                                ------                                


                National District Attorneys Association

                         resolution--encryption

Whereas, the introduction of digitally-based telecommunications 
        technologies as well as the widespread use of computers 
        and computer networks having encryption capabilities 
        are facilitating the development and production of 
        strong, affordable encryption products and services 
        from private sector use; and
Whereas, on one hand the use of strong encryption products and 
        services are extremely beneficial when used 
        legitimately to protect commercially sensitive 
        information and communications. On the other hand, the 
        potential use of strong encryption products and 
        services that do not allow for timely law enforcement 
        decryption by a vast array of criminals and terrorist 
        to conceal their criminal communications and 
        information from law enforcement poses an extremely 
        serious threat to public safety; and
Whereas, the law enforcement community is extremely concerned 
        about the serious threat posed by the use of these 
        strong encryption products and services that do not 
        allow for authorization (court-authorized wiretaps or 
        court-authorized search and seizure); and
Whereas, law enforcement fully supports a balanced encryption 
        policy that satisfies both the commercial needs of 
        industry for strong encryption while at the same tie 
        satisfying law enforcement's public safety needs for 
        the timely decryption of encrypted criminal 
        communications and information; and
Whereas, law enforcement has found that strong, key recovery 
        encryption products and services are clearly the best 
        way, and perhaps the only way, to achieve both the 
        goals of industry and law enforcement; and
Whereas, government representatives have been working with 
        industry to encourage the voluntary development, sale, 
        and use of key recovery encryption products and 
        services in its pursuit of a balanced encryption 
        policy;

    Be it resolved, that the National District Attorneys 
Association supports and encourages the development and 
adoption of a balanced encryption policy that encourages the 
development, sale, and use of key recovery encryption products 
and services, both domestically and abroad. We believe that 
this approach represents a policy that appropriately addresses 
both the commercial needs of industry while at the same time 
satisfying law enforcement's public safety needs.
    Adopted by the Board of Directors, November 16, 1996, 
Naples, Florida.
                                ------                                

             International Association of Chiefs of Police,
                                Alexandria, VA, September 22, 1997.
Hon. Michael G. Oxley,
Rayburn House Office Building, House of Representatives,
Washington, DC.
    Dear Representative Oxley: On behalf of the International 
Association of Chiefs of Police (IACP), I am writing to express 
our strong support for your amendment to H.R. 695, the Security 
and Freedom though Encryption (SAFE) Act. Your amendment, by 
requiring that no encryption technology be sold unless it 
contains features that would provide for immediate access no 
encrypted information, protects the ability of law enforcement 
agencies to perform court authorized electronic surveillance 
and the search and seizure of information stored in computers.
    Throughout the debate on encryption legislation, IACP has 
stressed that need for provisions that would provide law 
enforcement with the ability to gain timely access to encrypted 
conversations and information. In its current form, II.R. 695 
does not meet this standard. The passage of H.R. 695, without 
the adoption of the Oxley/Manton amendment, would severely 
weaken the ability of law enforcement to combat society's most 
dangerous criminals.
    Thank you for your leadership on this issue of vital 
importance to law enforcement. If IACP can be of further 
assistance on this issue, please call IACP's Legislative 
Department at 703/836-6767 ext. 211.
            Sincerely,
                                     Darrell L. Sanders, President.
                                ------                                

             International Association of Chiefs of Police,
                                Alexandria, VA, September 24, 1997.
    Dear Commerce Committee Member: It is the understanding of 
the International Association of Chiefs of Police (IACP) that 
an amendment may be offered at today's mark-up of H.R. 695 that 
would call for the establishment of a commission to study the 
issue of law enforcement access to encrypted information. IACP 
is strongly opposed to any amendment that would delay providing 
law enforcement with access to encrypted criminal information. 
Any delay is a victory for those elements in society who wish 
to use encryption technology for criminal purposes.
    IACP believes that action must be taken immediately to 
prevent the further proliferation of inaccessible encryption 
technology. The establishment of a commission will serve no 
purpose other than to exacerbate an already troubling situation 
facing law enforcement.
    IACP strongly supports the Oxley/Manton Amendment. The 
Oxley/Manton Amendment, by requiring that no encryption 
technology be sold unless it contains features that provide for 
immediate access to information encrypted in the furtherance of 
criminal activity, protects the ability of law enforcement 
agencies to perform court authorized electronic surveillance 
and the search and seizure of information stored in computers.
    Throughout the debate on encryption legislation, IACP has 
stressed that need for provisions that would provide law 
enforcement with the ability to gain timely access to encrypted 
conversations and information that threaten public safety. In 
its current form, H.R. 695 does not meet this standard. The 
passage of H.R. 695, without the adoption of the Oxley/Manton 
amendment would severely weaken the ability of law enforcement 
to combat society's most dangerous criminals. Therefore, IACP 
urges you to support the Oxley/Manton amendment when H.R. 695 
is considered by the House Commerce Committee.
    Once again, IACP urges you to oppose any attempt to delay 
law enforcement access to encrypted information and to support 
the Oxley/Manton Amendment
    Thank you for your support.
            Sincerely,
                                     Darrell L. Sanders, President.
                                ------                                

                                       Major Cities Chiefs,
                                                September 23, 1997.
Hon. Michael G. Oxley,
House of Representatives, Rayburn House Office Building,
Washington, DC.
    Dear Congressman Oxley: The Major Cities Chiefs, an 
association of police executives representing 48 of the 
nation's largest jurisdictions, strongly supports the proposed 
Oxley/Manton amendments to H.R. 695. These amendments, which 
are scheduled to be considered by the Commerce Committee this 
week, would require both manufacturers of encryption devices 
and purveyors of encryption services to include features that 
would allow law enforcement access to encrypted information 
being used for illegal purposes.
    Essentially, these amendments are intended to protect the 
limited, judicially sanctioned wiretap privileges already in 
effect for law enforcement agencies. They are not intended to 
enlarge in any way the scope of these privileges. Without these 
amendments, a criminal suspect could avoid an otherwise-legal 
wiretap merely by using an encrypted form of communication. The 
legality of a wiretap should be based on the evidence against a 
suspect, not on the form of communication the suspect uses.
    Pursuant to these amendments, the Attorney General of the 
United States would be required to establish a rulemaking 
procedure within one year of their enactment. This would allow 
due consideration for he many legitimate uses of encryption. 
However, we must not compromise a law enforcement tool which 
has proved invaluable against major drug trafficking operations 
and other forms of organized crime.
            Sincerely,
                                       Matt L. Rodriguez, Chairman.
                                ------                                

                                                September 23, 1997.
Hon. Michael G. Oxley,
Committee on Commerce, Rayburn H.O.B.,
Washington, DC.
    Dear Mike: As your committee considers the Goodlatte 
encryption bill I would request that you support the Oxley/
Manton Amendment.
    The Goodlatte bill (H.R. 695) was drafted by and for the 
software industry at the expense of the national security and 
public safety needs of the American people.
    In order to protect national security and public safety, I 
would ask that you support the Manton/Oxley amendment which 
would require the crucial key recovery language similar to the 
provisions adopted by the Intelligence Committee. If this 
language is not incorporated into the bill, as the Chairman of 
the House Rules Committee I will not move the bill to the House 
floor!
    Thank your for your time and courtesy. Please contact me if 
you have any questions regarding this matter.
            Sincerely,
                           Gerald B.H. Solomon, Member of Congress.
                                ------                                

                  Illinois Association of Chiefs of Police,
                               Springfield, IL, September 23, 1997.
Hon. J. Dennis Hastert,
U.S. Representative, 14th District--Yorkville, IL,
Rayburn House Office Building, Washington, DC.
    Dear Congressman Hastert: On Thursday, September 25, 1997, 
the Committee on Commerce will hear legislation regarding 
encryption of electronically stored information. The Illinois 
Association of Chiefs of Police membership strongly urges you 
to vote for the Oxley/Manton Amendment which would allow for 
the manufacture of encryption products that include features 
accessible by lawful court ordered interceptions of wire and 
electronic communications. Such ability is absolutely necessary 
in this day of international and domestic terrorism, espionage 
and kidnapping.
    On behalf of the membership, I thank you in advance for 
your support.
            Very truly yours,
                             George F. Koertge, Executive Director.
                                ------                                

                    California Peace Officers' Association,
                                Sacramento, CA, September 19, 1997.
Hon. Michael G. Oxley,
Member, House of Representatives,
Rayburn House Office Building, Washington, DC.

Re H.R. 695.

    Dear Congressman Oxley: The House Commerce Committee is 
scheduled to soon hold a mark-up concerning Congressman 
Goodlatte's Encryption Bill (H.R. 695). As currently drafted, 
this bill does not address law enforcement's public safety 
concerns and needs regarding encryption. Your plan to propose 
an amendment requiring manufacturers of encryption procedures 
in the United States to include features that would allow for 
immediate access to the plaintext of encrypted data should 
these products be used for illegal purposes is sincerely 
appreciated. The Federal Bureau of Investigation needs such a 
provision to fulfill their criminal investigative mission. Law 
enforcement agencies can not afford to allow modern technology 
to outdistance their ability to combat sophisticated criminal 
enterprises.
    The California Peace Officers' Association supports your 
proposed amendment. Please feel free to include this letter in 
any official record of support that you may deem appropriate.
            Very truly yours,
                                            Greg Cowart, President.
                                ------                                

                     Florida Department of Law Enforcement,
                               Tallahassee, FL, September 24, 1997.
Congressman Michael Oxley,
Rayburn House Office Building,
Washington, DC.

Re H.R. 695 (``Security and Freedom Through Encryption (SAFE) Act'')

    Dear Congressman Oxley: Attached is a copy of a letter I 
have sent this morning to Congressman Tom Bliley, Chairman of 
the House Committee on Commerce supporting your proposed 
amendment to H.R. 695. The ability of law enforcement to 
decrypt encrypted communications must be assured in order to 
help law enforcement remain effective as we deal with the ``age 
of encryption.''
    Your position statement found at your Internet site does an 
excellent job of identifying the problem and stressing law 
enforcement's need for decryption. Given the pending 3:30 p.m. 
``markup'' on H.R. 695 this afternoon, I will not expand upon 
my comments as noted on the attached letter. Suffice it to say 
that if Congress does not provide for the decryption as needed, 
the scales of justice will be tilted significantly in favor of 
the criminal element.
    Please do not hesitate to contact me at (850) 488-8771 
should you desire additional comment or information from this 
Department.
            Sincerely,
                                      James T. Moore, Commissioner.
                                ------                                

                     Florida Department of Law Enforcement,
                               Tallahassee, FL, September 24, 1997.
Congressman Tom Bliley,
Chairman, Committee on Commerce, Rayburn House Office Building, 
        Washington, DC.

Re ``Markup'' at 3:30 p.m. today and H.R. 695

    Dear Chairman Bliley: As Executive Director of the Florida 
Department of Law Enforcement, I am responsible for assuring 
that our investigations of organized criminal activity, be it 
drug-trafficking, money laundering, domestic terrorism, or 
predatory sexual conduct, be conducted legally and with effort 
focused upon bringing those involved in such conduct to 
justice.
    Congress, and the legislature of the State of Florida, have 
both recognized that law enforcement must have the ability to 
intercept communications of criminals in order to penetrate 
their criminal enterprises and develop the evidence essential 
to obtaining a conviction. Both federal and Florida state law 
currently authorize court-ordered interceptions of wire, oral 
or electronic communications. The process to obtain such court 
orders establishes a high level of law enforcement 
justification, including probable cause to believe a crime has 
been committed and that the communications will be evidence of 
the crime, as well as requiring a showing that other less-
intrusive investigative techniques have been exhausted or will 
not produce the necessary evidence. Indeed, the current law has 
reached a good balance between privacy protections and the need 
for law enforcement to have the tools it must use to 
effectively fight crime.
    Unless the H.R. 695 (the ``Security and Freedom Through 
Encryption (SAFE) Act'') is modified to provide law enforcement 
access to encrypted materials when law enforcement has obtained 
court authorization to do so, the ability of law enforcement at 
the federal and state level to effectively investigate 
organized criminal enterprises and activity will be severely 
damaged. Encryption is readily available today. Our 
Department's own experience with encrypted computer evidence is 
that, absent having access to encryption codes to ``break'' 
encrypted material, we can decypher only a very small portion 
of encrypted material. That which remains encrypted cannot be 
used as evidence against the criminals utilizing the 
encryption.
    Congressmen Oxley and Manton have offered an amendment to 
H.R. 695 that will be considered by your Committee today which 
will allow real time decryption of encrypted conversations when 
authorized by a court order and would require at all encryption 
products manufactured, sold, or imported into the United States 
be capable of providing decryption of communications upon the 
court-ordered request of law enforcement, while also limiting 
the release of the seized communications, much like present law 
provides when a wire, oral or electronic intercept has been 
made.
    The proposed amendment makes no change of Federal (or 
State) policy. Congress has wisely authorized the interception 
of communications by court order. The proposed amendment will 
simply assure that law enforcement may continue to do so in 
this age of electronic encryption.
    I urge you and the Committee to support this amendment. To 
allow law enforcement the real and effective access to 
decryption of encrypted communications is absolutely essential 
to the continued effectiveness of investigative efforts. Let me 
be clear, if decryption is not provided for, Federal and State 
law enforcement agencies will be unable to effectively develop 
the crucial evidence of conspiracies and other violations of 
law that have been instrumental in addressing organized crime 
in its various forms. I trust that the importance and the value 
of the proposed amendment will be recognized by you and the 
Committee members.
    Should you desire additional information from me, please do 
not hesitate to call me at (850) 488-8771. I ask that you share 
this letter with the Committee as it meets in ``markup'' this 
afternoon and whenever you consider H.R. 695.
            Sincerely,
                                      James T. Moore, Commissioner.
                                ------                                

                                City of Cincinnati,
                                        Division of Police,
                                                September 23, 1997.
Congressman Michael G. Oxley,
Committee on Commerce, Rayburn House Office Bldg.,
Washington, DC.
    Dear Congressman: I urge you to strongly consider the needs 
of law enforcement with respect to H.R. 695 when it comes 
before your committee on September 26, 1997. As it is written, 
H.R. 695 would permit the marketing of encryption products that 
would severely impair law enforcement's ability to lawfully 
gain access to criminal telephone conversations and 
electronically stored evidence.
    Law enforcement recognizes that encryption is necessary for 
communications security and privacy. We also understand that 
commercial interests are at stake in marketing of these 
products. Adequate legislation is the key to satisfying these 
needs and maintain the ability of law enforcement to combat 
serious crime. The use of non-key recovery encryption would 
severely hamper our efforts.
    The amended version of H.R. 695, offered by Congressman 
Oxley, Ohio and Congressman Manton, New York, requires 
manufacturers to include some form of recovery feature in 
encryption products sold in the United States. This would allow 
law enforcement the opportunity to gather criminal information 
when legally authorized to do so.
    Your consideration in this matter is of the utmost 
importance to the continued effort of maintaining public 
safety.
            Sincerely,
                                  Michael C. Snowden, Police Chief.
                                ------                                

                                   City of Phoenix,
                                Office of the Police Chief,
                                                September 24, 1997.
Hon. Michael G. Oxley,
Committee on Commerce, Rayburn House Office Building,
Washington, DC.
    Dear Mr. Oxley: I am aware that you are presently 
considering a variety of legislative proposals concerning the 
encryption of electronic information. While I recognize the 
need to encrypt communications for reasons of personal 
security, privacy, and safe electronic commerce, it is 
imperative that law enforcement be provided a feature that 
allows us, upon presentation of a court order, to gain timely 
access to plain text data through decryption. It is an 
undeniable fact that unrestricted use of strong encryption will 
cripple law enforcement's ability to use wiretaps and other 
measures to catch criminals and terrorists. Loss of this 
essential ability at a time when international drug 
trafficking, white collar crime, and terrorist activities are 
on the rise, would be disastrous.
    It should be noted that law enforcement's current 
judicially controlled wiretap capabilities have not resulted in 
misuse because adequate checks and balances prevail.
    I believe that any attempt to adopt a voluntary key 
recovery system is unacceptable. If only one vendor of a strong 
encryption product opts not to participate, or if unrestricted 
foreign products are imported, it will take time for these 
products to become the products of choice for criminal 
activities.
    Other countries have, and will continue to, develop strong 
encryption software that does not allow for key recovery. 
Little will be gained from restricting U.S. vendors from 
marketing competitive products to these countries. If however, 
any country establishes a key recovery requirement, as we 
should in the U.S., a ban with accompanying legal penalties 
should apply to the use and import of all non-compliant 
products.
    Clearly, law enforcement must have the ability to collect 
and decipher evidence of criminal and terrorist activities. We 
solicit your support in preserving law enforcement's ability to 
protect the public from serious crime.
            Sincerely,
                                   Dennis A. Garrett, Police Chief.
                                ------                                

                                  The Secretary of Defense,
                                     Washington, DC, July 21, 1997.
    Dear Members of Congress: Recently you received a letter 
from the nation's senior law enforcement officials regarding 
U.S. encryption policies. I am writing today to express my 
strong support for their views on this important issue.
    As you know, the Department of Defense is involved on a 
daily basis in countering international terrorism, narcotics 
trafficking, and the proliferation of weapons of mass 
destruction. The spread of unbreakable encryption, as a 
standard feature of mass market communication products, 
presents a significant threat to the ability of the U.S. and 
its allies to monitor the dangerous groups and individuals 
involved in these activities. Passage of legislation which 
effectively decontrols commercial encryption exports would 
undermine U.S. efforts to foster the use of strong key recovery 
encryption domestically and abroad. Key recovery products will 
preserve governments' abilities to counter worldwide terrorism, 
narcotics trafficking and proliferation.
    It is also important to note that the Department of Defense 
relies on the Federal Bureau of Investigation for the 
apprehension and prosecution of spies. Sadly, there have been 
over 60 espionage convictions of federal employees over the 
last decade. While these individuals represent a tiny minority 
of government employees, the impact of espionage activities on 
our nation's security can be enormous. As the recent arrests of 
Nicholson, Pitts and Kim clearly indicate, espionage remains a 
very serious problem. Any policies that detract from the FBI's 
ability to perform its vital counterintelligence function, 
including the ability to perform wiretaps, inevitably detract 
from the security of the Department of Defense and the nation.
    Encryption legislation must also address the nation's 
domestic information security needs. Today, approximately 95% 
of DoD communications rely on public networks; other parts of 
government, and industry, are even more dependent on the 
trustworthiness of such networks. Clearly, we must ensure that 
encryption legislation addresses these needs. An approach such 
as the one contained in S. 909 can go a long way toward 
balancing the need for strong encryption with the need to 
preserve national security and public safety. I hope that you 
will work with the Administration to enact legislation that 
addresses these national security concerns as well as the 
rights of the American people.
    I appreciate your consideration of these views.
            Sincerely,
                                                        Bill Cohen.

                            ADDITIONAL VIEWS

    The stated intent of H.R. 695, the removal of barriers to 
the competitiveness of U.S. high technology exports, is a goal 
with which few Members of Congress, the business community, or 
our law enforcement organizations could disagree. As reported 
by the Committee on Commerce, however, H.R. 695 inadequately 
addresses the legitimate public safety concerns surrounding the 
proliferation of strong encryption technology within our own 
borders.
    The bombings this decade alone at the Alfred P. Murrah 
Federal Building in Oklahoma City, Oklahoma and at New York's 
World Trade Center attest to the present dangers terrorist 
attacks pose to our citizens. The high tech world increasing 
presents the committed men and women who keep our nation safe 
with new and more daunting challenges in their fight against 
domestic and foreign criminals. The decisions Congress makes at 
the doorstep of the digital age will have serious repercussions 
lasting long past our own tenures in Congress and must be 
guided by more than economics.
    New encryption technologies have the potential to provide 
Americans with a level of security in telecommunications and 
electronic commerce never before available. At the same time, 
however, the widespread availability of such technology could 
render sophisticated criminals invisible to the lawful 
surveillance efforts of federal, state and local law 
enforcement.
    Congress need not provide government agencies with an 
increased ability to access the communications of suspected 
criminals to overcome the challenges posed by encryption. 
Congress need only ensure that the thoughtful and painstaking 
procedures law enforcement officials must presently abide by 
before commencing any surveillance operation continue to yield 
an ability to monitor the activities of those who threaten the 
safety of the American people.
    In our opinion, Congress must balance the needs of 
American's technological entrepreneurs with its fundamental 
duty to ensure public safety. We believe the goal of further 
promoting U.S. technology exports can be achieved in a version 
of H.R. 695 that does not threaten the safety of the American 
people. Though not entirely satisfied with H.R. 695 as reported 
out of the Commerce Committee, we look forward to addressing 
the bill's deficiencies on the House floor this Congress.

                                   Edolphus Towns.
                                   Frank Pallone, Jr.
                                   Rick C. Lazio.
                                   Bart Stupak.

                Additional Views of Hon. John D. Dingell

    Historically, encryption was used almost exclusively by the 
military and intelligence communities to protect secrets of 
defense and national security. But in the Information Age, 
businesses and consumers need a way to secure valuable trade 
and financial information that increasingly flows through wires 
and over the air.
    H.R. 695 attempts to accomplish these important goals by 
bringing export law in line with current domestic encryption 
policy. Unfortunately, such a change in the law does not come 
without a cost. While strong encryption can make interstate and 
foreign commerce more secure, its unrestricted use can make 
national security and law enforcement less so.
    It is clear that widespread use of unbreakable encryption 
poses serious problems for law enforcement in carrying out its 
duty to protect the public. Even in the post-cold war era, the 
wars against international terrorism, drug cartels, and 
violations of human rights continue.
    The law enforcement community advocates the use of key 
recovery systems on strong encryption products. Unfortunately, 
these system will work only if everybody uses them, including 
sophisticated criminals. And we know that there will continue 
to be a proliferation of encryption products available around 
the would without key recovery systems, regardless of U.S. 
Government law or policy.
    I am not convinced that the law enforcement approach will 
solve the problem the authorities correctly identify. But until 
a better solution is proposed that both protects the public 
against terrorism and removes barriers to the growth of 
electronic commerce around the world, I strongly believe it is 
in the public interest to err on the side of caution.
    This bill adopts the approach preferred by business and 
privacy advocates which, unfortunately, also contains flaws. 
Removing all government controls over encryption is tantamount 
to sending our troops to war without necessary arms or 
protective gear. The committee attempted to balance the 
important competing interests at stake, but failed to find the 
elusive middle ground. H.R. 695, as amended by this committee, 
simply adds window dressing in the form of a technology lab. 
This begs more questions than it answers.
    The American public has no assurance that a technology lab 
will be effective in providing law enforcement with the tools 
necessary to protect them. Without possessing a key to 
encrypted messages, the only way to unlock the door is through 
brute force. A brute force attack on today's encryption 
products requires both enormous computing power and a good deal 
of time. Law enforcement authorities possess neither luxury 
when confronted with an imminent, real-time threat to public 
safety. A technology lab will not change that reality.
    Some producers of encryption products have offered 
informally to provide the lab with technical assistance and 
perhaps some amount of private funding. But we have no specific 
commitment with regard to either offer, nor can we be sure that 
any such contribution would be sufficient to achieve the lab's 
purpose. The industry has specifically rejected the notion of 
providing source code for its encryption products to the lab, 
which is arguably the best hope for giving law enforcement a 
leg up on cracking these codes without a key.
    I appreciate that these issues have been the subject of 
intense debate for more than four years of government, 
industry, individual citizens, and academia alike. To date, no 
effective solution has been found. But the difficulty of the 
task does not mean that we should conduct the legislative 
equivalent of a coin toss. The simple fact that four other 
committees have reported this bill in such radically different 
forms should be evidence enough that while this issue may be 
ripe, the solution certainly is not.
    In my judgment, this bill is not ready for prime time. More 
work needs to be done. I urge all committees that have reported 
versions of this bill and the bipartisan leadership to continue 
working with industry and law enforcement to find an effective 
and balanced solution before this bill reaches the floor for 
consideration.

                                                   John D. Dingell.