Key fights on crypto exports in Congress

The high-tech industry and privacy advocates have been fighting for more than six years to overturn the White House's encryption export policy, only to be repeatedly derailed by powerful law enforcement officials who want to closely monitor the data-scrambling technology in fighting crime.

Encryption, which renders digital information unreadable without a personal password or "key" to unscramble it, has become a critical means of securing global communications ranging from e-commerce to cellular phone calls.

Efforts to loosen crypto export controls have made significant progress this Congress. Those on both sides of the issue are focused on the House, which is considering Rep. Bob Goodlatte's (R-Virginia) Security and Freedom Through Encryption Act (SAFE) in several committees.

"Obviously, we want a level playing field to compete with our competitors overseas," said Doug McGowan, director for Hewlett-Packard's VerSecure, an encryption technology. "We spend significant time every year working with the government trying to get new products out the door. Any [broad] liberalization this year would be good."

Companies must submit to a complicated licensing process to export products containing the strongest encryption. The administration has scaled back its rules, but that relief primarily applies to 56-bit technology--a crypto strength that has already been cracked publicly.

In a boon for industry and computer privacy advocates, the House International Relations Committee yesterday approved the SAFE bill, which has more than 250 cosponsors and leaves its most significant reform measures intact.

But during a House Armed Services Committee hearing also held yesterday, Attorney General Janet Reno and FBI Director Louis Freeh toed the Clinton administration's consistent line: that the government should continue to limit the overseas shipment of encryption.

"Unless Congress recognizes the needs of law enforcement soon, it will become far more difficult for the FBI, DEA, and other federal, state, and local law enforcement agencies...to protect the public from crimes such as terrorism, narcotics trafficking, economic fraud, and child pornography," Reno said during the hearing.

U.S. companies counter that encryption already is freely available around the world.

For example, 805 hardware or software products that incorporate cryptography are being manufactured in 35 countries outside the United States, according to a study released by George Washington University last month, which was funded by the Americans for Computer Privacy lobbying group.

The House International Relations and Intelligence Committee held closed briefings on SAFE yesterday, and the latter held an open hearing today with administration witnesses. Tomorrow, the committee will hold a closed-door meeting to mark up the bill, and its chairman, Rep. Porter Goss (R-Florida), is expected to submit an amendment that would guarantee government access to plain-text encrypted material as a condition for export. Congressional committees have to finish working on bills by July 30.

"I'm always worried when they do closed briefings because we don't know what type of information is being shared with members of Congress, and we have little means to refute the concerns that are raised," said Lauren Hall, chief technology officer for Software & Information Industry Association.

Some SAFE supporters are more optimistic than ever that the proposal could finally pass Congress.

"Now the two committees with primary jurisdiction have reported the bill, and favorably, which always is good news," Hall said. "I think there is more momentum this year and that members are beginning to understand that the foreign availability is eroding the U.S. market and the ability to protect information and networks."

Sue Richards, a spokeswoman for the Americans for Computer Privacy, was equally optimistic: "We do expect SAFE to make it to the House, and there are those on the Senate side who believe legislation should be moved forward, too."

Others say Congress could once again fail to approve export relief in the face of law enforcement's opposition.

"Even if the legislation is going to survive in the shape it's in now, there are still members thinking of amendments that will gut the bill," said Ari Schwartz, a policy analyst for the Center for Democracy and Technology. "It's still really hard to say if legislation to lift export controls on strong encryption will actually be passed this year."

The Senate is mulling its own bill--the Promote Reliable Online Transactions to Encourage Commerce and Trade (PROTECT) Act--which would allow for the immediate export of 64-bit encryption and by 2002 could permit the easy export of 128-bit encryption. The legislation also would authorize more funding to help law enforcement stay on top of the latest security technologies and maintains the authority of the president and the commerce secretary to refuse export licenses to certain countries or individuals.

If the Senate passes the PROTECT Act and the House approves the SAFE Act, both chambers would hammer out differences in the legislation before a bill could clear the full Congress.

Reuters contributed to this report.