Testimony of

Alan B. Davidson, Staff Counsel

Center for Democracy and Technology

Before the

House Committee on International Relations

Subcommittee on International Economic Policy and Trade

May 18, 1999


The Center for Democracy and Technology (CDT) is pleased to have this opportunity to testify once again about U.S. encryption policy before the House Committee on International Relations. CDT is a non-profit public interest group dedicated to promoting civil liberties and democratic values on the Internet. CDT testified two years ago before this subcommittee in support of the Security and Freedom through Encryption (SAFE) Act, and developments since have made the need for encryption policy reform even more acute.

The last two years have made it more clear than ever that Congress should enact SAFE:

Two years ago, there were about 50 million people on the Internet. Today that number has nearly tripled to 140 million people worldwide. Surveys indicate that the number one issue for people as they move online and begin to participate in electronic commerce is privacy and security. The Internet has vast potential to reinvigorate democracy, provide access to information, create new forms of community, and promote economic growth. But the promise of the Internet will not be met unless people can trust it. Widespread availability of strong encryption without backdoors is needed to provide that trust. The export control relief in SAFE is essential to protecting privacy online around the world and at home.

Several points about encryption export controls are central to this Subcommittee's inquiry into encryption:

The Administration's basic approach to encryption has failed. Congressional action is needed. While CDT remains concerned with the criminal provisions in the SAFE Act, overall the SAFE Act of 1999 improves on previous versions of the bill and would help provide Americans with the strong security and privacy products they so badly need. CDT commends Chairwoman Ros-Lehtinen, Representative Gejdenson, and the other cosponsors of the SAFE Act for their continued commitment to the protection of privacy online.


Developments of the Last Two Years Have Confirmed the Need for
Fundamental Revision of U.S. Encryption Policy

Two years ago, this committee held a hearing on encryption strikingly similar to the one being held today. Privacy advocates and industry representatives testified about the need for new encryption policies, and Administration officials argued that new regulations would allow U.S. policy to satisfy the competing interests at hand. In retrospect, the rapid pace of technical and marketplace developments over the last two years has made it clearer than ever before that the U.S. approach to encryption policy remains fundamentally flawed.

A. Exportable encryption has proven increasingly vulnerable.

Two years ago, privacy advocates argued that 56-bit encryption, the maximum strength exportable for consumers without key recovery, was not secure enough for many applications. The Justice Department disputed this, claiming that "According to the National Security Agency’s estimates, the average time needed to decrypt a single message by means of a brute force cryptoanalytic attack on 56-bit DES — a strength whose export we are now allowing --- would be approximately one year and eighty-seven days using a thirty-million-dollar supercomputer." [ 1 ]

Technical developments have proven these comments wrong. In the Fall of 1998, a group of researchers sponsored by the Electronic Frontier Foundation built a "DES Cracker" system for less than $250,000 that broke a 56-bit key within 56 hours. [ 2 ] Less than six months later, in January 1999, encryption enthusiasts broke a 56-bit code in 22 hours using the DES Cracker and a network of distributed computers. If a non-profit and a group of part-time enthusiasts could develop such a system on a shoestring budget, we are only left to imagine what a foreign government, large corporation, or sophisticated criminal enterprise could do.

The U.S. Government has itself recognized the weakness in 56-bit encryption systems. In a January 1999 draft the National Institute of Standards and Technology (NIST) revised the encryption standard for government use from 56-bit DES to much stronger "Triple DES," citing the vulnerability of DES. [ 3 ] Meanwhile, NIST has been leading efforts to create an Advanced Encryption Standard based on the 128-bit (and higher) algorithms that are becoming the world standard for online security. If the government does not trust 56-bit security, why should everyday computer users and companies be expected to rely on this weaker level of security?

B. Key recovery has not been widely accepted.

Two years ago before this Subcommittee, Administration witnesses touted key recovery as the compromise that met law enforcement desires and was going to "become the worldwide standard." [ 4 ] In fact, since then government-driven key recovery has been greeted with great skepticism and widely discredited.

Research has revealed the vulnerabilities of key recovery systems, which create backdoors to plaintext without the notice or consent of an encryption user. A 1997 report by a group of encryption experts found that "[t]he deployment of key-recovery-based encryption infrastructures to meet law enforcement’s stated specifications will result in substantial sacrifices in security and greatly increased costs to the end-user." A year later, with no substantive response from within the Administration or the technical community, the same group of experts confirmed its findings still held true in June 1998. [ 5 ] A copy of their report is being submitted to the Subcommittee along with this testimony.

Despite Administration predictions, the marketplace has shown little interest in even stored data recovery, and there is virtually no demand for key recovery for communications. To CDT’s knowledge, not one major key recovery encryption product is being widely used by consumers today.

[ 6 ]

C. The world is not adopting U.S. encryption control policies.

Encryption controls are ultimately only effective if other countries control encryption products as well. In 1997, the Administration testified, "We have engaged in extensive international discussions on this topic over the last year, and a consensus is now emerging throughout much of the world that the way to achieve this balance is through the use of a ‘key recovery’ or ‘trusted third party’ system. . . We believe that key recovery will become the worldwide standard for users of the GII." [ 7 ]

To date, the opposite has been true. The OECD Cryptography Policy Guidelines and the Ministerial Declaration of the European Union, both released in 1997, failed to embrace key recovery despite lobbying by the U.S. government. In the past year, Canada, Ireland and Finland have announced encryption policies allowing free use and export of strong encryption products without key recovery. Even France, a country with sweeping controls on encryption use in the past, recently liberalized its policies.

Finally, recent Administration claims of a new encryption control regime through the Wassenaar Arrangement have been overstated. In fact, many countries, including Wassenaar signatories, still allow encryption exports consistent with Wassenaar.

D. The Administration has proven unable to engage in comprehensive reform.

The Department of Commerce has taken a step forward in its recently released encryption regulations, easing exports of 56-bit products and allowing export of strong encryption products to online merchants. However, U.S. policy remains focused on export controls and incentives to use key recovery. The mass market products needed by individual users remain controlled. The special relief for certain industry sectors, while surely welcome by those businesses, does little to change the encryption available to individual computer users or small organizations.

Taken together, these developments argue for a more comprehensive change to U.S. encryption policy, away from export controls and key recovery and towards a view where public safety is best protected by giving people the encryption tools they need to protect themselves online.

U.S. Encryption Export Controls
Continue to Restrict Privacy Abroad and At Home

Today's export controls continue to limit the availability of strong encryption products both domestically and abroad. Such controls directly limit the availability of strong encryption products outside of the U.S., of particular concern to human rights groups and other organizations abroad. Export controls affect people in the U.S. when they communicate abroad, since they may be forced to use the lower levels of encryption available to parties worldwide. Most importantly, export controls have slowed the deployment of strong encryption standards. While some strong encryption products are available to consumers, export controls have largely slowed the seamless integration of good security systems into operating systems, network protocols, and many applications. Encryption should be easy for consumers; because of federal regulations, it is not.

The most recent December 1998 encryption regulations, while a welcome step forward by the Administration, do not change the fundamental premise of U.S. policy: export controls on all but the weakest encryption for mass market consumers, and strong incentives for the use of key recovery and plaintext access systems. The sectoral relief provided for foreign subsidiaries of U.S. companies, certain industries, and online merchants does little to provide regular consumers with strong encryption. Export controls remain a powerful incentive to adopt key recovery and plaintext access systems. The piecemeal relief offered by the regulations raises the question: When do regular people get to protect their privacy online?

Computer users remain at risk, awaiting the widespread deployment of encryption and facing increasing threats to their unprotected information.


Good Encryption is Increasingly Produced Abroad

Ideas cannot be stopped at the border, and so it is no surprise that strong encryption products are increasingly being produced abroad. Surveys have documented literally hundreds of encryption products produced outside of the United States, many of them stronger than the limits imposed on U.S. exports. [ 8 ] The open, global, decentralized nature of the Internet makes transfer of encryption software around the world a simple matter. For example, a short online search reveals a sample of Web sites from around the world (see Figure 1 below) distributing free versions of the popular 128-bit encryption software "Pretty Good Privacy" (PGP). PGP is distributed on Web sites around the world ranging from those run by well-known organizations, to those provided by Internet Service Providers, to individual home pages.

While some have argued that foreign encryption is easily broken, there is much reason to believe that much of the internationally-produced encryption is just as secure as American encryption. Cryptography has become a global science. Many cryptography researchers live outside of the U.S. Many of the important cryptography conferences are held outside of the U.S. each year. Some of the most important advances in cryptography have been made by researchers outside of the U.S. For example, just this month an important new method for attacking encryption systems was released by Israeli cryptographer Adi Shamir.


Figure 1: Some Foreign Sites Supplying

Pretty Good Privacy ™ (popular 128-bit encryption product)


Site Name



The International PGP Page



Arges Tempo Internet Service Provider



The Best of Internet Software (Personal Home Page)



(Personal Homepage)



Centre for Internet Research



CoMa's PGPClick Download Page


Source: Center for Democracy and Technology, May 1999.


Other examples of high quality foreign cryptography can be found in the ongoing efforts of the National Institute for Standards and Technology (NIST) to create a new Advanced Encryption Standard (AES), due to be completed by 2002. NIST solicited submissions for the AES algorithms, expected to become the world-class standard for the strongest (128-bit and higher) encryption products. Of the 15 submissions NIST received, ten were from industry and university researchers based in countries outside of the United States -- including Australia, Belgium, Canada, Costa Rica, England, France, Germany, Israel, Japan, and Korea.


The Export of Strong Encryption Does Not Violate the Wassenaar Arrangement

The Clinton Administration has long argued that the world community would imminently agree to limit the spread of encryption. In December 1998, the Administration claimed victory when 32 other nations agreed under the Wassenaar Arrangement to create a separate category for encryption products, removing encryption of 64 bits or greater from the General Software Note, a license exception for software products that are generally available and in the public domain. [ 9 ] Administration officials claimed that the amendments to Wassenaar "closed a loophole" by creating an international ceiling on bit-length. [ 10 ] However, the Wassenaar Arrangement does not impose multilateral controls on encryption products as the Administration claims.

Administration officials have argued that the export liberalization provisions in SAFE would violate the Wassenaar Arrangement. [ 11 ] However, Wassenaar does not impose multilateral export controls, but rather provides a set of non-binding guidelines for participating countries to follow in the spirit of international stabilization. Compliance with standards set by Wassenaar is entirely at the discretion of each participating country: "All measures undertaken with respect to the arrangement will be in accordance with national legislation and policies will be implemented on the basis of national discretion." [ 12 ] The member countries are not required to adopt Wassenaar standards, and there are no penalties for exercising national discretion. Several Wassenaar signatories such as Canada, Finland, and Ireland readily allow the export of strong encryption products.

Moreover, several important countries that are not members of Wassenaar — Israel, China, and India — allow export of strong encryption.

The SAFE Act is completely consistent with the letter, and the spirit, of Wassenaar. It eases export controls on encryption products that are already generally available on the international market. The bill also prohibits mandatory key escrow, a system that is being rejected by the international community because it imposes serious privacy risks on the encryption user. SAFE also includes provisions that allow the Secretary of Commerce to prohibit export of specific encryption products to specific countries if "such encryption products will be used for military or terrorist end-use."


Government-Driven "Key Recovery" and "Plaintext Access" is Not a Solution

The law enforcement community in general has variously endorsed "key escrow," "key recovery," and other forms of "plaintext access" as its favored approach to encryption policy. These variations on the failed "Clipper Chip" policy seek to guarantee third-party access to the keys for all encrypted communications and stored data without the notice or consent of the key owners. Such proposals have been greeted with much skepticism and concern from the global Internet community.

The attempt to institutionalize key recovery worldwide is a fundamental threat to privacy and security both domestically and abroad:

Despite these concerns, current encryption regulations continue to give many encryption producers a Hobbesian choice: accept key recovery or be forced to export lower strength encryption. Moreover, proposals backed by the FBI in the past have sought to further force U.S. encryption users to adopt key recovery through a number of coercive regulations, including outright domestic mandates. While we are encouraged that the Administration appears to have backed away from mandatory domestic controls, we are wary that it has not denounced this approach. And even the current U.S. encryption policy based on key recovery and export controls threatens to leave global Internet users without the technical means to secure their communications or the international legal standards needed to protect their privacy.


National Security and Law Enforcement are Best Served
by the Widespread Use of Strong, Unescrowed Encryption

It is increasingly clear that the benefits of widespread encryption far outweigh the costs. The last two years have seen Americans moving their lives online in unprecedented numbers. A Presidential Commission has highlighted the vulnerability of our nation's critical information infrastructure. Together these developments have underscored the importance of securing the Internet, and deploying strong encryption to do so.

Two years ago the national security community seemed to speak with one voice about the danger of strong encryption. Today there has been an increasing recognition of the cost of U.S. encryption policy. As Sam Nunn, Co-Chair of the Advisory Committee to the President’s Commission on Critical Infrastructure Protection, noted in 1998 Senate testimony, "I do think we are in a different era of technology now and I do not think the nostalgia for the old-fashioned wiretap by law enforcement is going to be realistic in this age we are in now. [ 15 ] " Senator Bob Kerrey, an early proponent of encryption controls, argued in an October 1998 speech that "the encryption debate has hobbled our efforts to write laws that enable our law enforcement and national security agencies to carry out their mission" and argued that it was time to "remove export restrictions on encryption products of any strength." [ 16 ]

The benefits of current U.S. policy to law enforcement are uncertain. U.S. policy will not stop sophisticated criminals from using encryption to evade law enforcement. Strong, non-escrowed encryption is already available both inside and outside of the United States today. Foreign governments and criminals have access to these powerful tools and will be able to encrypt data despite continued export controls or key recovery. Furthermore, nothing in the Administration policies prevents users from "super-encrypting" communications even within a key recovery framework.

The law enforcement problems with encryption are important but more limited than claimed. Law enforcement faces a real, but narrowly focused, problem with encryption. Most encrypted information will still be accessible to law enforcement by legal process even in an encrypted world. For example, businesses will be still be required to produce the plaintext of encrypted business records under proper legal process. Stored information, corporate and business information, and even a great deal of electronic communication will most likely be largely available to law enforcement through legal process similar to that available today.

Important challenges remain for law enforcement interceptions of communications or seizures of data without notice to the party under surveillance. This narrower problem must be put into the context of the benefits provided by encryption and the costs associated with key recovery systems. The information economy presents new and powerful tools and opportunities for law enforcement surveillance. Online interaction leaves a detailed trail of electronic transactions, credit card purchases, online communications, and Web-based clickstream data presenting new traffic analysis opportunities. In fact, law enforcement is operating today in a Golden Age of surveillance, with online collections of personal data offering unprecedented new tools to obtain evidence of criminal activity (and raising important privacy concerns that must be dealt with.)

U.S. policy is creating a deficit of trust around important issues we could all be working on together. U.S. policy stands in the way of a growing urgent need for strong encryption products and better computer security in general. As Sam Nunn testified before the Senate last year, "[I]f the deadlock continues as it is today, building the trust required between the public and private sectors in the broad area of infrastructure protection will be even more difficult." [ 17 ] Nunn went on to note that "limiting the power of encryption over the long-haul is simply not going to be feasible." Current U.S. policy dangerously impedes the deployment of accessible, easy-to-use, global security systems for the Internet that are needed to protect our privacy and our critical infrastructure.

On balance, national security demands strong encryption. CDT agrees with the conclusion of the National Research Council's major study of encryption, which argued in its 1996 encryption study, "On balance, the advantages of more widespread use of cryptography outweigh the disadvantages." [ 18 ]



U.S. policy stands in the way of a growing urgent need for strong encryption products that people trust. The past two years have shown that people and businesses are moving more and more of their lives, economic activities, and sensitive data online. The federal government has identified the vulnerability of our nation's critical information infrastructure. Strong encryption, without built-in backdoors, is an essential part of protecting that sensitive data and critical infrastructure.

That is why the SAFE Act is so important. In the current policy standoff between an unsustainable control policy and the emerging and acute privacy and security needs of the Information Age, Congressional action is needed. Only Congress is in the position today to change U.S. encryption policy and get Americans the privacy and security tools they need. The private sector cannot do it. The Administration will not do it. The courts may do it, but not without a protracted struggle. Congress must act. CDT believes that immediate liberalization of export controls in the SAFE Act will help provide Americans on the Internet with the strong security and privacy they so badly need.


About the Center for Democracy and Technology

CDT is an independent, non-profit public interest policy organization in Washington, D.C. The Center's mission is to develop and implement public policies that protect and advance individual liberty and democratic values in new digital communications media. The Center achieves its goals through policy development, public education, and coalition building. CDT also coordinates the Digital Privacy and Security Working Group (DPSWG), an ad hoc coalition of more than 50 computer, communications, and public interest organizations and associations working on information privacy and security issues.

House Rule XI, clause 2(g)(4) disclosures: Neither Alan Davidson nor the Center for Democracy and Technology have received any federal grant, contract, or subcontract in the current or preceding two fiscal years.



1. Security and Freedom Through Encryption (SAFE) Act: Hearing on H.R. 695 Before the Subcomm. on International Economic Policy and Trade of the House Comm. on International Relations, 105th Cong., 2nd Sess, 57-73 (1997) (Statement of Robert S. Litt, Deputy Assistant Attorney General, Department of Justice) (emphasis added).


3. "With regard to use of single DES, exhaustion of the DES (i.e. breaking a DES encryption ciphertext by trying all possible keys) has become increasingly more feasible with technology advances. Following a recent hardware based DES key exhaustion attack, NIST can no longer support the use of single DES for many applications." 64 FED. REG. 10, 2625-2628 (1999) (proposed January 15, 1999).

4."[W]e believe that key recovery encryption is going to become the worldwide standard." Security and Freedom Through Encryption (SAFE) Act: Hearing on H.R. 695 Before the Subcomm. on International Economic Policy and Trade of the House Comm. on International Relations, 105th Cong., 2nd Sess, 57-73 (1997) (Statement of Robert S. Litt, Deputy Assistant Attorney General, Department of Justice).


6. Cost may play a role. A recent study by the Business Software Alliance estimated the cost of key escrow systems at $7.7 billion per year and $38.5 billion over a five year period. BUSINESS SOFTWARE ALLIANCE, THE COST OF GOVERNMENT-DRIVEN KEY ESCROW ENCRYPTION (1998).

7.Security and Freedom Through Encryption (SAFE) Act: Hearing on H.R. 695 Before the Subcomm. on International Economic Policy and Trade of the House Comm. on International Relations, 105th Cong., 2nd Sess, 57-73 (1997) (Statement of Robert S. Litt, Deputy Assistant Attorney General, Department of Justice).

8. Encryption software can be purchased from many other countries across the globe, and easily downloaded over the Internet. According to a recent study by the Economic Strategy Institute, 1,601 encryption products were available as of September 1997 from 941 firms in thirty countries. Of this total, 653 are made outside the United States by 472 foreign firms.

9. The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, (http://www.wassenaar.org/).

10. Security and Freedom Through Encryption (SAFE) Act: Hearing on H.R. 695 Before the Subcomm. on Courts and Intellectual Property of the House Comm. on the Judiciary, 106th Cong., 1st Sess. (March 4, 1999) (Statement of William A. Reinsch, Under Secretary for Export Administration, Department of Commerce).

11. At a March 1999 meeting of the President's Export Subcommittee on Encryption, Under Secretary Reinsch identified provisions of the SAFE bill that he asserted would violate the Wassenaar Arrangement. Summary of Open Session, President's Export Subcommittee on Encryption (March 12, 1999).

12.Initial Elements as adopted by the Plenary of 11 - 12 July 1996, Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (http://www.wassenaar.org/).

13. AN AD-HOC GROUP CRYPTOGRAPHERS AND COMPUTER SCIENTISTS, THE RISKS OF KEY RECOVERY, KEY ESCROW, & TRUSTED THIRD PARTY ENCRYPTION (1997). (Updated 1998 report available at http://www.cdt.org/crypto/risks98/.)

14. American Association for the Advancement of Science, Comments on Bureau of Export Administration Interim Rule on Encryption Controls (Feb. 7, 1997).

15. Hearing before the Subcommittee on Technology, Terrorism, and Government Information of the Senate Committee on the Judiciary, 105th Cong., 2nd Sess, (March 17. 1998) (Statement of Sam Nunn, Co-Chair, Advisory Committee to the President's Commission on Critical Infrastructure Protection).

16. 144 CONG.REC. S12359 (1998).

17. Hearing before the Subcommittee on Technology, Terrorism, and Government Information of the Senate Committee on the Judiciary, 105th Cong., 2nd Sess, (March 17. 1998) (Statement of Sam Nunn, Co-Chair, Advisory Committee to the President's Commission on Critical Infrastructure Protection).



For more information contact:

Alan B. Davidson, Staff Counsel

[email protected]

James X. Dempsey, Senior Staff Counsel

[email protected]

Center for Democracy and Technology


202.637.9800 (v)

202.637.0968 (f)

And see CDT's Encryption Policy Resource Page on the World Wide Web: