Testimony of
Dave McCurdy
President
Electronic Industries Alliance
before the
House Judiciary Committee
Subcommittee on Courts and Intellectual Property
U.S. House of Representatives
regarding
Encryption Policy for the Information Age
March 4, 1999
Thank you, Mr. Chairman for the opportunity to testify today on U.S. encryption policy for the Information Age. With over 2000 member companies, EIA is the premier alliance of trade associations for the high-technology industry. Our mission is to promote an economic and political environment, in this country and around the world, in which our industry can thrive.
I am also a former member of Congress from Oklahoma. During my 14 year tenure in this body, I served as Chairman of the House Intelligence Committee, as well as subcommittee chairman on the Armed Services Committee and the Science Committee. I continue to serve as a member of the Weapons of Mass Destruction Commission, a group of experts investigating how this country can combat proliferation. So I am well aware of how dual-use civilian technologies like encryption can be used for illicit purposes, and the important role of export controls to our national security. But I also recognize the severely limited effectiveness of export controls, as well as the vital importance of a strong and innovative high-technology sector to keep our armed forces a step ahead of any adversary.
Mr. Chairman, it is now clear that 1998 was the year the Internet became mainstream, with more than 100 million people worldwide using the network, up from only three million just four years earlier. Furthermore, shoppers are likely to spend upwards of $10 billion online this year, and the figure could quadruple by 2002. But as the Net proves itself to be a powerful means for commerce, with potentially hundreds of billions of dollars moving across the network, it also becomes a tempting target for criminals seeking to steal consumers' credit card data or eavesdrop on their online communications. Similarly, as large and small companies turn to the Net to exchange information with their various divisions, or communicate with their suppliers and customers around the world, those electronic transmissions become targets for hackers or business rivals. Other examples of electronic information needing protection are the intellectual property on DVD's or posted on websites; voice conversations moving across wireless networks; or product designs, employee records, and other sensitive data stored on companies' internal computers.
In each of these cases, individuals and companies need encryption to protect themselves. Additionally, with the exponential advances in computing power available to ordinary people and criminals alike, ever stronger encryption is needed to defend against illegal attempts to unscramble sensitive electronic information. Yet, the Administration continues to impose regulations which threaten the security and privacy of millions of Internet users.
The net effect of this policy is to damage the global competitiveness of the U.S. high-tech industry, as well as to jeopardize the security of individuals and companies which operate internationally. Meanwhile, if the so-called "bad actors" want to use encryption, they have the choice of buying it off the shelf of any software store in America, or downloading it from the Internet, or buying it from a producer overseas no questions asked. Because of these overly strict and burdensome, yet futile export controls, one of this country's most dynamic and competitive industries is ceding marketshare to foreign competitors. Even the Commerce Department, which administers the encryption rules, has acknowledged that there are over 600 encryption products being produced in 29 countries outside the United States, and they are competitive with anything the U.S. produces. It would be tragic if these export rules forced U.S. high-tech companies, and the high-paying jobs associated with them, to move offshore. Such a development would also have the ironic effect of compelling our law enforcement and national security officers to confront encryption made by more non-U.S. companies, with which they have no cooperative relationships.
Mr. Chairman, I have the privilege of representing the most dynamic and competitive industry in the U.S. economy today -- actually, I should say, in the world economy today. The companies we represent operate globally, they think and plan in global terms, and they face intense international competition. The fact is, the days when U.S. companies dominated the high-technology industry are over. Similarly, the days when the domestic U.S. market could sustain the industry are also over. It has become almost cliche, but the global economy is a fact of doing business for us, and is a critically important concept to keep in mind as we formulate public policy in this area.
As any successful CEO will tell you, competing -- indeed, surviving -- in the global economy means exporting. The phenomenal success of the U.S. technology industry comes from its entreprenurialism, its aggressiveness, its willingness to compete -- all those free market forces that drive innovation. In this kind of business environment, tapping new markets before the competition does is the key to success. In 1997, more than one-third of what the U.S. electronics industry produced was exported overseas, over $150 billion in goods. That means more than a third of the 1.8 million employees who work for U.S. electronics companies depend on exports for their jobs, and the percentage goes up every year.
We must also recognize that our high-tech companies are the engine for technological innovation and economic growth in the world today. The U.S. economy is the most competitive in the world due in no small part to the amazing advancements our companies have achieved. Technologies which, not long ago, had only military or limited civilian applications are now pervasive in our society, and the greater economic efficiency stemming from this diffusion of technology has been the driving force for the remarkable prosperity so many Americans are experiencing.
The impact of export controls on how this industry competes in the global economy can hardly be overstated. They hold us back from competing. Unilateral export controls essentially force us to cede the playing field to our overseas competitors, or at least burden us to the point that we cannot compete effectively. The case of export controls on encryption is perhaps the best example. No amount of government subsidies could do more to develop the European encryption industry than U.S. export controls have.
We assert that a more balanced policy is needed -- one which recognizes the interests of government, the high-tech industry, and corporate and individual users. While we in the business community recognize the importance of keeping potentially dangerous technologies out of the wrong hands, the government must similarly recognize the importance of a dynamic and innovative high-tech industry to our economy, and not incidentally, to our national security. We believe that the national security vs. economic arguments present a false choice, and that a well-balanced and realistic compromise is within reach.
The Security and Freedom Through Encryption Act (SAFE) is a vital aspect of the strategy to develop a meaningful Information Age encryption policy, and we sincerely appreciate the tremendous efforts of Congressmen Goodlatte and Lofgren as leaders of effort. Among other things, this bill would reaffirm the right of all Americans to use whatever encryption they choose to protect themselves, their digital property, and their electronic communications. Furthermore, it would prevent the government from requiring businesses to use only certain types of encryption in their global operations. EIA is excited to be part of the coalition working to enact this important legislation, and we look forward to working with this committee towards that end.
EIA has also put forward a proposal which we urge the Administration to consider, and which is attached to my written testimony. In brief, our compromise proposal has four basic elements. First, the government needs to significantly ease the restrictions on low-level and mass market encryption software. It was not very long ago that encryption was a solely military application, and therefore easily controlled, but to continue imposing onerous controls on software which anyone can purchase at the local shopping mall just does not make sense.
Second, the law enforcement and national security agencies could better define their access requirements, thereby allowing industry to develop a variety of marketable solutions, as well as enabling the Clinton Administration to finally abandon its key recovery policy.
Third, our new policy needs to differentiate between the increasingly numerous uses for the technology, such as for voice communications, data transmission, and in consumer electronics, with appropriate controls on those applications that clearly present problems for government, and decontrolling the rest.
Finally, U.S. policymakers need to recognize the futility of unilateral export restrictions, which serve only to damage our domestic industries while doing little to protect our national security. Only when we encourage our allies to develop meaningful multilateral controls can we hope to prevent the bad actors from acquiring these technologies.
The bottom line is, we in the high-tech industry believe this is a controversy which has dragged on for too long, and that a reasonable solution is possible if all sides are willing to compromise. Our industry is willing to accept restrictions on exports if the controls are reasonable, if they are effective at addressing the problem they are meant to solve, and if they do not impose unnecessary, overly burdensome requirements. We believe that by implementing these basic proposals, the Administration's legitimate concerns can be addressed, the U.S. high-tech industry will be allowed to compete globally, and users will have the security they need.
I would be happy to take your questions.