LETTER FROM SENATOR PATRICK LEAHY (D-VT)
ON ENCRYPTION

-----BEGIN PGP SIGNED MESSAGE-----

     LETTER FROM SENATOR PATRICK LEAHY (D-VT) ON ENCRYPTION
     
May 2, 1996

Dear Friends:

Today, a bipartisan group of Senators has joined me in supporting
legislation to encourage the development and use of strong,
privacy-enhancing technologies for the Internet by rolling back
the out-dated restrictions on the export of strong cryptography.

In an effort to demonstrate one of the more practical uses of
encryption technology (and so that you all know this message
actually came from me), I have signed this message using a
digital signature generated by the popular encryption program
PGP.  I am proud to be the first member of Congress to utilize
encryption and digital signatures to post a message to the
Internet.

As a fellow Internet user, I care deeply about protecting
individual privacy and encouraging the development of the Net as
a secure and trusted communications medium.  I do not need to
tell you that current export restrictions only allow American
companies to export primarily weak encryption technology.  The
current strength of encryption the U.S. government will allow out
of the country is so weak that, according to a January 1996 study
conducted by world-renowned cryptographers, a pedestrian hacker
can crack the codes in a matter of hours!  A foreign intelligence
agency can crack the current 40-bit codes in seconds.

Perhaps more importantly, the increasing use of the Internet and
similar interactive communications technologies by Americans to
obtain critical medical services, to conduct business, to be
entertained and communicate with their friends, raises special
concerns about the privacy and confidentiality of those
communications.  I have long been concerned about these issues,
and have worked over the past decade to protect privacy and
security for our wire and electronic communications.  Encryption
technology provides an effective way to ensure that only the
people we choose can read our communications.

I have read horror stories sent to me over the Internet about how
human rights groups in the Balkans have had their computers
confiscated during raids by security police seeking to find out
the identities of people who have complained about abuses. 
Thanks to PGP, the encrypted files were undecipherable by the
police and the names of the people who entrusted their lives to
the human rights groups were safe.

The new bill, called the "Promotion of Commerce On-Line in the
Digital Era (PRO-CODE) Act of 1996," would:

     o    bar any government-mandated use of any particular
     encryption system, including key escrow systems and affirm
     the right of American citizens to use whatever form of
     encryption they choose domestically;

     o    loosen export restrictions on encryption products so
     that American companies are able to export any generally
     available or mass market encryption products without
     obtaining government approval; and

     o    limit the authority of the federal government to set
     standards for encryption products used by businesses and
     individuals, particularly standards which result in products
     with limited key lengths and key escrow.

This is the second encryption bill I have introduced with Senator
Burns and other congressional colleagues this year. Both bills
call for an overhaul of this country's export restrictions on
encryption, and, if enacted, would quickly result in the
widespread availability of strong, privacy protecting
technologies. Both bills also prohibit a government-mandated key
escrow encryption system.  While PRO-CODE would limit the
authority of the Commerce Department to set encryption standards
for use by private individuals and businesses, the first bill we
introduced, called the "Encrypted Communications Privacy Act",
S.1587, would set up stringent procedures for law enforcement to
follow to obtain decoding keys or decryption assistance to read
the plaintext of encrypted communications obtained under court
order or other lawful process.

It is clear that the current policy towards encryption exports is
hopelessly outdated, and fails to account for the real needs of
individuals and businesses in the global marketplace.  Encryption
expert Matt Blaze, in a recent letter to me, noted that current
U.S. regulations governing the use and export of encryption are
having a "deleterious effect ... on our country's ability to
develop a reliable and trustworthy information infrastructure." 
The time is right for Congress to take steps to put our national
encryption policy on the right course.

I am looking forward to hearing from you on this important issue.
Throughout the course of the recent debate on the Communications
Decency Act, the input from Internet users was very valuable to
me and some of my Senate colleagues.

You can find out more about the issue at my World Wide Web home
page (http://www.leahy.senate.gov/) and at the Encryption Policy
Resource Page (http://www.crypto.com/). Over the coming months, I
look forward to the help of the Net community in convincing other
Members of Congress and the Administration of the need to reform
our nation's cryptography policy.

Sincerely,

Patrick Leahy
United States Senator



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYjdVBM5YGSLu9/1AQGFwwQArk/HYG65cSOr3dsykvkDFonjISjur7xb
SEMCFLI3E4KSoXSy4+6cNogICGADxDnwI8j/29Gviu+d93eQ2veeNmKP43+r0R+S
Zcv86b3/pK6btq3QqVN6+x3G8CEA2MnDtuSWbNyANEdValtpOYTCzU2Sm6gNfg9Q
4QxUZ4R4+Ps=
=VJ87
-----END PGP SIGNATURE-----