Letter from industry groups and privacy advocates sent to Senator McCain and members of the Senate Commerce Committee regarding the McCain-Kerrey bill

The Honorable John McCain
Chair
Senate Commerce, Science and Transportation Committee
508 Dirksen Senate Office Building
Washington, DC 20510

Dear Chairman McCain:

We are writing to express our support for legislation currently under consideration by the Commerce Committee that would make encryption security tools more widely available to businesses and individuals seeking to protect their security online. We are also writing to indicate our concern about certain proposals under discussion in the Senate that would limit encryption policy reform or force individuals to use insecure and costly "key recovery" products.

The undersigned companies and organizations believe that reform of export policies on encryption is urgently needed to protect security, maintain the competitiveness of U.S. high-technology industry, promote public safety, and prevent crime online. We appreciate the growing interest of Senators in this issue, and we share the desire to accommodate the legitimate needs of the law enforcement and intelligence agencies.

While we have divergent positions on many aspects of the encryption debate, we are in strong agreement about the need for encryption reform legislation that would:

• Liberalize current export controls -- Current Cold War-era regulations restrict the export of strong encryption products demanded by the market place -- even though similar products are widely available abroad.
• Affirm domestic rights to use encryption, even without key recovery -- Individuals and businesses need the ability to buy and use encryption products most suited to their applications and needs. A truly voluntary marketplace is the appropriate place to address these security concerns.
  

These principles are embodied in many of the provisions of S.377, the "Pro-CODE" bill.

At the same time, certain proposals now being considered in the Senate would not constitute meaningful reform. Specifically, we do not support legislation that is based on the following components:

• Export controls on products over 56 bits -- This policy continues to jeopardize U.S. competitiveness and leaves U.S. businesses and individuals without a good standard for security.
• Key recovery for communications as well as stored data -- There is virtually no business or consumer demand for third-party access to keys used to protect communications.
• Linkage between certificate authorities and key recovery -- Recent draft Senate legislation would make key recovery a prerequisite for obtaining the certificates needed to partake in electronic commerce. This linkage is not functionally necessary and imposes an enormous penalty on those who choose not to use key recovery.
• Government access to escrowed keys or other decryption assistance -- Consumers will not trust encryption systems that leave their most sensitive keys easily available without Constitutional protections and without even their notice or consent.
  

Provisions such as these, even when couched in "voluntary" terms, are no better than the status quo reflected in existing Commerce Department regulations. They will not advance the interests of U.S. business or consumers, and they will not provide the security and privacy necessary for the Information Age.

We remain committed to working on meaningful reform of encryption policy with you.

Respectfully,

Americans for Tax Reform
Business Software Alliance
Center for Democracy and Technology
CommerceNet
Computer & Communications Industry Association
Electronic Messaging Association
Information Technology Association of America
National Association of Manufacturers
Pretty Good Privacy, Inc.
RSA, Inc.
Silicon Valley Software Industry Coalition
Software Publishers Association
Voters Telecommunication Watch

Back.

[Posted on June 19, 1997]