(Washington, D.C.) — In testimony today before the Senate Commerce, Science and Transportation Committee, Ed Black, President of the Computer & Communications Industry Association (CCIA), expressed the Association’s support for the “Promotion of On-Line Commerce in the Digital Era Act of 1997” or “Pro-CODE” bill which would modernize existing restrictions on exports of products with strong encryption. Black said that there was a simple equation in endorsing the bill, “The need for legislation is directly proportional to the problems with current regulatory policy. We are therefore in dire need of legislation.”
In his testimony, Black stated that “The Administration’s desire to restrict encryption is in pursuit of legitimate intelligence gathering and law enforcement goals. However, the Administration’s plan is not viable and will not achieve its objectives. It will require the sale of products for which there is limited demand, make it harder for companies to protect themselves against breaches of security, and place U.S. manufacturers of computer hardware and software at a competitive disadvantage. Furthermore, it lacks the multilateral consensus that is essential to making the restrictions effective.”
Under the Administration’s policy, companies wishing to export are required to commit to developing a so-called key recovery system where the codes to decipher the messages (the keys to the locks) are deposited outside the company or with a government approved entity. Black assailed the Administration for using the producers and users of encryption products as guinea pigs. “It is indisputable that key recovery is untried, especially on the scale that the Administration is contemplating in its plan. The blue-ribbon panel of the National Research Council was very clear that key recovery is not sufficiently understood nor ready for widespread implementation. In short, key recovery is not ready for prime time. Unfortunately, the Administration has given the back of its hand to the findings of this distinguished panel.”
Black continued, “In the name of law enforcement, the Administration’s policy deprives the private sector of its ability to protect itself against criminals seeking to steal their most sensitive information. Key recovery renders the systems of companies, large and small, more vulnerable to breaches of security than they would otherwise have been. It is tantamount to your local police telling you to take the deadbolt off your front door.”
“The Burns-Leahy Pro-CODE bill recognizes the reality of strong encryption, the necessity to ease export restrictions on encryption products, and the futility of mandatory key recovery. For those reasons and others, CCIA is pleased to endorse this legislation.”
CCIA is an association of computer and communications industry firms, as represented by their chairmen, presidents, chief executive officers, chief operating officers and other senior executives. Small, medium and large in size, these companies represent a broad, cross-section of the industry, including equipment manufacturers, software developers, telecommunications and on-line service providers, re-sellers, systems integrators, third-party vendors and other related business ventures.
CCIA member companies employ over a half million workers and generate annual revenues of nearly 200 billion dollars.