BSA Letter to Vice President Gore
December 2, 1996
The Honorable Albert Gore
The Vice President of the United States
The White House
1600 Pennsylvania Ave., N.W.
Washington, D.C. 20500
Dear Mr. Vice President:
On behalf of America's leading publishers of computer software,*
I want to express our dismay at the way the Administration is implementing
the October 1 encryption policy announcement. BSA said at the time that
the announcement was a step in the right direction, but that numerous questions
remained. We understand that the Interagency Working Group on Encryption
intends to consult with interested parties throughout the process prior
to implementation of regulations which is planned for January 1, 1997, and
additional information may be available in the very near future. However,
given that everything we have seen and heard to date reveals that the government
is headed in the absolute wrong direction, we specifically wanted to bring
to your direct attention five key principles which underlie BSA's positions
and which should, but unfortunately do not appear to, be guiding the Administration.
It appears that significant backtracking has occurred since the October
1 announcement and, therefore, we seriously doubt that the regulations will
work, meet computer user demands, or be accepted by the private sector unless
the Administration radically changes its approach immediately. If not, the
new policy is destined to fail just like its predecessor Clipper efforts.
We strongly urge the Administration to focus on what is doable in the real
world of millions of Internet users with scores of encryption alternatives
from which to chose.
On November 8, BSA provided the Working Group detailed positions on the
issues and specific suggestions for regulatory implementation (a copy of
the letter is attached). Given the short period left before implementation,
five key principles are specifically discussed below which underlie the
positions taken in our earlier letter.
(1) VOLUNTARY AND MARKET DRIVEN: To be successful, any key recovery
initiative must be voluntary and market-driven. Our companies cannot sell
what consumers do not want. As BSA CEOs have discussed with numerous Administration
officials, the U.S. software industry is operating in a very competitive,
international market -- hundreds of strong encryption products are presently
available around the world, many easily down loaded from the Internet. Consumers
are demanding strong encryption and it is key to the success of the Internet.
Unless users find value in a key recovery function, they will not buy products
with this function. The result: American companies lose sales and the government
will have failed in its efforts to have such products widely deployed.
(2) UNLIMITED KEY LENGTH FOR KEY RECOVERY PRODUCTS: "Key recovery"
products should be exportable without key length limit if they include features
making the recovery of plain text stored information accessible without
the assistance of the individual who has encrypted the information.
As we have explained to the Working Group, there may well be commercial
demand for products that enable the recovery of stored encrypted data, but
there is little, if any, commercial demand for a key recovery function in
real-time communications. Accordingly, there should be no such requirement
for exportable encryption communications products (or products which do
both communications and stored data as long as there are key recovery features
for stored data).
Furthermore, key recovery is not key escrow. A purchaser or user
of a product being able to recover his data is different than, and separate
from, the decision as to whether to voluntarily empower a trusted third
party to be able to recover the data.
(3) NO INDUSTRIAL POLICY: The government should not dictate "milestones"
for company specific plans regarding key recovery products as a condition
for interim export control relief. Companies have already announced plans
to develop such key recovery products; for example, 35 companies have joined
IBM in a key recovery alliance. Numerous other companies already have key
recovery products on the market today. There is no need for the government
to go down the road of industrial policy by insisting upon becoming a partner
with each company. We urge the Administration to adopt the simplest possible
process.
(4) EASY EXPORT OF 56 BIT PRODUCTS AS PROMISED: Interim export control
relief must permit the export of 56-bit non-key recovery encryption products
under Department of Commerce General License procedures that represent actual
liberalization. The mere transfer of licensing jurisdiction to Commerce
is of little significance unless accompanied with expedited product reviews
and realistic licensing requirements. Yet, the recent Executive Order states
that products which already have export licenses will have to undergo new
reviews -- only this time with FBI scrutiny. There is also an urgent need
to permit the export of 128-bit encryption for financial applications (when
done with appropriate safeguards).
(5) MEETING MARKET DEMANDS NOW AND IN THE FUTURE: Any interim export
control relief will be only a mirage unless it meets business needs after
two years. Quite simply, there must be interoperability between key-recovery
and non key-recovery products. It also must be possible for American companies
to service and support the installed base of 56-bit non key-recovery products.
The American software industry needs immediate relief. It is a matter of
jobs and international competitiveness. For the Administration's policy
to be successful, the government must accept and work with the market, not
try to supplant it. It is clear that many in Congress understand the urgency
and importance of this issue and the need for strong protection for Internet
users. We thought that the October 1 announcement showed that the Administration
was also coming to grips with these issues. But now, only a few weeks later,
we wonder.
We have submitted comments to the Government and we stand ready to continue
working with you to formulate and implement a market driven, voluntary system
which meets consumers' needs.
[signature]
Robert W. Holleyman, II
President, BSA
* The Business Software Alliance promotes
the continued growth of the software industry through its international
public policy, education and enforcement programs in 65 countries throughout
North America, Europe, Asia and Latin America. BSA worldwide members include
the leading publishers of software for personal computers: Adobe Systems
Inc., Apple Computer, Inc., Autodesk, Inc., Bentley Systems, Inc., Lotus
Development Corp., Microsoft Corp., Novell, Inc., Symantec Corporation,
and the Santa Cruz Operation. BSA's Policy Council consists of these publishers
and other leading computer technology companies including Computer Associates,
Digital Equipment Corp., IBM, and Sybase.
Back.
Posted on December 5, 1996