Lawmakers Eye Legislation for New Encryption Export Policy

Lawmakers Eye Legislation for New Encryption Export Policy

William Daley

By Anne Gallagher, Contributing Writer

While applauding the White House's policy change to relax restrictions on encryption technology exports, lawmakers said they plan to push legislation in the upcoming weeks to lock the Clinton administration into sticking to its word on implementing the change.

Skeptical the administration will not follow through, the House and Senate plan to push legislation that would mandate a new policy.

But the White House remains opposed to much of the encryption legislation moving through Congress and is standing by veto threats on many areas.

The White House announced Sept. 16 its plan to permit the export of stronger encryption hardware and software in the Cyberspace Electronic Security Act of 1999. Currently, the government restricts the export of encryption of 56 bits or greater.

The new regulations would permit any encryption product with a key length of 64 bits to be exported under a license exception to commercial firms and other non-governmental end-users in any country, except for the seven identified state supporters of terrorism, Commerce Secretary William Daley told reporters at a White House briefing.

The new regulations also would implement the nation's international commitments for encryption controls, Daley said. Last year, the Wassenaar arrangement, involving 33 countries with common controls on exports including encryption, made a number of changes to modernize multilateral encryption controls.

"Among these changes, the U.S. will decontrol exports of 56 bit and equivalent products, including tool kits and chips, to all users and destinations, except the seven state supporters of terrorism after a technological review," he said. "In addition, exports with key lengths of 64 bits or less, including chips that fall under the Wassenaar arrangement's definition of mass market loss, will be decontrolled."

The White House said it would codify the new policy in export regulations by Dec. 15, following consultations on the details with industry.

In the wake of the White House announcement, several lawmakers took credit for driving the issue and promised over the next few months to boost efforts to move their own legislation through Congress.

"It remains to be seen whether the administration will follow through on implementation of today's encryption export policy," Rep. Bob Goodlatte, R-Va., said. "This
announcement is long on potential but short on detail, and Congress will be watching carefully to make sure that the regulations issued in December match the policy announced today."

Goodlatte's Security and Freedom Through Encryption Act (SAFE Act, H.R. 850) has passed through five committees and is pending before the House Rules Committee. The White House proposal includes some of the SAFE Act, including a one-time technical review of products prior to export, according to Goodlatte.

"Additionally, the administration is no longer proposing to link key escrow or key recovery encryption to export relief, which is expressly prohibited by the SAFE Act," he said.

But sticking points remain, and the White House said it will not back down in its opposition to portions of the SAFE act.

"There continues to be pressure for legislation in the Congress that would strip away any controls over encryption products," Daley said. "One of the bills is called the SAFE Act. The only persons who would be safe if that were passed would be spies, who would be free to export anything of national security interest, without any surveillance at all. We cannot support that, and the department would ask the president to veto it if it were passed."

Meanwhile, senators plan to push their own legislation in the upcoming weeks.

"I applaud the administration on its new proposal on the export of encryption technology that would improve our current policy," said Senate Commerce Committee Chairman John McCain, R-Ariz. "I have been working with the majority leader to bring the PROTECT bill to the Senate floor for action. This legislation would give the force and certainty of law to mandate these proposals we all believe in."

The Protect Reliable On-Line Transactions to Encourage Commerce and Trade Act (S. 798) directs the National Institute of Standards and Technology to complete the establishment of an advanced encryption standard by Jan. 1, 2002. It also allows for immediate exportation of encryption of key lengths up to 64 bits.
Many in industry who have been lobbying for change for some time cheered the move by the White House and ongoing efforts of Congress.

"Forcing U.S. companies to do business under tight export control was like asking them to use a black rotary telephone in a cellular call-waiting world," said Harris Miller, president of the Information Technology Association of America. "We're pleased the Clinton administration has joined with Congress in acting to move the entire marketplace forward."

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB