[This file includes some introductory info, full text of the bill, and analysis of what the bill means, after the press release immediately below. The bill was introduced as HR3627, then folded into HR3937, after which it was removed, and thus did not pass.] Maria Cantwell 1st District, Washington 1520 Longworth Building Washington, DC 20515 202-225-6311 Congress of the United States House of Representatives Washington, DC 20515-4701 For Immediate Release For More Information November 23, 1993 Larry West (202) 225-6311 Cantwell Introduces "Encryption" bill to Expand Export Markets for US Computer and Software Companies US Rep. Maria Cantwell (D-WA) has introduced legislation to amend the Export Administration Act to allow US computer and software manufacturers to compete in an international market that could mean as much as $6 billion to $9 billion a year to American high-tech industries. Cantwell's bill would liberalize export controls on software that features encryption capabilities, which protect computer data against unauthorized disclosure, theft or alteration. As communications systems link more and more computers and telephones around the world, Cantwell said, businesses and indviduals are becoming more concerned about protecting the privacy of their electronic files, messages and transactions. She said the worldwide demand for cryptographic software, and computer systems that employ such software, is growing rapidly and American companies must be allowed to meet that demand. According to Cantwell, this legislation is needed to ensure that American companies do not lose critical international markets to foreign competitors, who operate with few export restrictions. Currently, more than 200 software and hardware products for text, file and data encryption are available from 20 foreign countries. "The Export Administration Act has erected a wall between American high-tech companies and their international customers -- it's time to lower the wall," Cantwell said. "Computer and software technology are among the most competitive fields in the world, and American companies are the clear leaders. To maintain that lead, American companies must be able to respond to worldwide consumer demand." Robert Holleyman, president of the Business Software Alliance, an association of America's nine leading software companies, applauded Cantwell for introducing the leigslation and said the bill would "assist US software companies and maintaining their competitive edge in international markets." Dr. Nathan Myhrvold, senior vice president for Advance Technology at Microsoft Corporation in Redmond, Washington, also praised Cantwell for her leadership on this issue. "The ability to include encryption features in software we sell worldwide is important to our remaining competititve in foreign markets," Myhrvold said. " We commend Rep. Cantwell for recognizing the importance of this issue to the American software industry." CANTWELL ON EXPORT CONTROLS/ ADD ONE Cantwell said current export controls that prohibit the export of American software programs that offer good encryption capabilities only make it harder for American companies to compete internationally. She said the regulations ignore the realities of today's post-Cold War global economy and the needs of one of this country's most innovative and successful industries. American software companies currently command a 75 percent worldwide market share, and many of those companies earn more than 50 percent of their annual revenues from exports, but Cantwell said that could change quickly. "The United States' export control system is broken and needs to be fixed," Cantwell said. "It was designed as a tool of the Cold War, to help America fight against enemies that no longer exist. If we continue to prevent American companies from meeting the worldwide demand for cryptographic software, America gains nothing -- but those companies stand to lose $6 billion and $9 billion a year." Paul Brainerd, CEO of Aldus in Seattle, said, "Rep. Cantwell's bill would liberalize outdated export controls, which are threatening the continued success of America's software companies in world markets. In order to remain competitive worldwide, American companies must be able to offer features -- like information security -- demanded by our customers and available from foreign companies." Cantwell said her legislation would not interfere with the government's ability to control exports to nations with terrorist tendencies (such as Iran, Libya and Syria) or other embargoed countries (such as Cuba and North Korea). On the other hand, she said, current export controls on American software do not prevent anyone from obtaining cryptographic software. "Much of this is ordinary shrink-wrapped software," Cantwell said, "the kind millions of people buy every day for their home and business computers at regular retail outlets. International consumers who cannot purchase American computer systems and software programs with encryption features don't do without, they just buy those products elsewhere. They are concerned with protecting their privacy and keeping their businesses secure." Cantwell said she is determined to bring the issue out from behind closed doors and into the light of public debate before the House Subcommittee on Economic Policy, Trade and Environment marks up the Export Administration Act early next year. She said she hopes her bill will encourage the Administration to act quickly to revise export controls on software -- perhaps before Congress reconvenes in late January. "The Administration is reviewing this issue, and I think they are interested in making the changes that will allow American companies to remain competitive," Cantwell said. "I would like nothing better than to come back to Congress after the recess and discover that the problem had been solved." ### AMERICAN COMPUTER COMPANIES MUST BE ALLOWED TO EXPORT SOFTWARE WITH ENCRYPTION CAPABILITIES _Introduction and Summary_ America's computer software and hardware companies, including such well-known companies as Apple, DEC, Hewlett-Packard, IBM, Lotus, Microsoft, Novell and Wordperfect, have been among the country's most internationally competitive firms earning more than one-half of their revenues from exports. Unfortunately, this vital American industry is directly threatened by unilateral U.S. Government export controls which prevent those companies from meeting worldwide user demand for software that includes encryption capabilities to protect computer data against unauthorized disclosure, theft or alteration. Legislative action is needed to ensure that American companies do not lose critical international markets to foreign software companies that operate without significant export restrictions. _The Problem_ With ready access to powerful, interconnected, computers, business and home users increasingly are relying on electronic information storage and transmissions to conduct their affairs. At the same time, computer users worldwide are demanding that computer software offer encryption capabilities to ensure that their data is secure and its integrity is maintained. Unfortunately, current unilateral U.S. "munitions" export controls administered by the National Security Agency and the State Department effectively prohibit the export of American software programs offering good encryption capabilities. Yet these unilateral U.S. controls are _not_ effective in restricting the availability of encryption abroad. More than 200 generally available, mass-market foreign commercial programs and products, as well as many programs available from the Internet, all offer good encryption. In addition, generally available software with encryption capabilities is sold within the U.S. at thousands of retail outlets, by mail and over the phone. These programs may be transferred abroad in minutes by anyone using a public telephone line and a computer modem. The only result of continued U.S. export controls is to threaten the continued preeminence of America's computer software and hardware companies in world markets. American software companies stand to lose between $6 and $9 billion in annual revenues from sales of generally available software. In addition, American hardware companies are losing hundreds of millions of dollars in computer system sales every year, because sales increasingly are dependent on the ability of a U.S. firm to offer encryption as a feature of an integrated customer solution involving hardware, software and services. _The Solution_ Legislation introduced by U.S. Rep. Maria Cantwell would ensure that exports of software with encryption capabilities would be controlled by the Secretary of Commerce as a commercial item and would be exportable. This legislation is strongly supported by the Business Software Alliance and the Industry Coalition on Technology Transfer. ----------------------------------------------------------------------- SECTION-BY-SECTION ANALYSIS OF CANTWELL BILL EXPORT CONTROL LIBERALIZATION FOR INFORMATION ECURITY PROGRAMS AND PRODUCTS _Section 1_ Section 1 amends the Export Administration Act by adding a new subsection that specifically addresses exports of computer hardware, software and technology for information security including encryption. The new subsection has three basic provisions: 1) It gives the Secretary of Commerce exclusive authority over the export of such programs and products except those which are specifically designed for military use, including command, control and intelligence applications or for deciphering encrypted information. 2) The Government is generally prohibited from requiring a validated export license for the export of generally available software (e.g. mass market commercial or public domain software) or computer hardware simply because it incorporates such software. Nevertheless, the Secretary will be able to continue controls on countries of terrorists (like Lybia, Syria and Iran) or other embargoed countries (like Cuba and North Korea) pursuant to the Trading With The Enemy Act os the International Emergency Economic Powers Act (except for instances where IEEPA is employed to extend EAA-based controls when the EAA is not in force). 3) The Secretary is required to grant validated licenses for exports of sotware to commercial users in any country to which exports of such software has been approved for use by foreign financial institutions. Importantly, the Secretary is not required to grant such export approvals if there is substantial evidence that the software will be diverted or modified for military or terrorists' end-use or re-exported without requisite authorization. _Section 2_ Section 2 provides definitions necessary for the proper implementation of the substantive provisions. For example, generally available software is offered for sale or licensed to the public without restriction and available through standard commercial channels of distribution; sold as is without further customization; and designed to be installed by the purchaser without additional assistance from the publisher. Computer hardware and computing devices are also defined. --------------------------------------------------------------------- 103D CONGRESS H.R. 3627 1ST SESSION --------------------------------------- IN THE HOUSE OF REPRESENTATIVES MS. CANTWELL (for herself and ___) introduced the following bill which was referred to the Committee on __________. --------------------------------------- A BILL To amend the Export Administration Act of 1979 with respect to the control of computers and related equipment. 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress Assembled, 3 SECTION 1. GENERALLY AVAILABLE SOFTWARE 4 Section 17 of the Export Administration Act of 1979 5 (50 U.S.C. App. 2416) is amended by adding at the end 6 thereof the following new subsection: 7 ``(g) COMPUTERS AND RELATED EQUIPMENT.--- 8 ``(1) GENERAL RULE.---Subject to paragraphs 9 (2) and (3), the Secretary shall have exclusive au- 2 1 thority to control exports of all computer hardware, 2 software and technology for information security 3 (including encryption), except that which is specifi- 4 cally designed or modified for military use, including 5 command, control and intelligence applications. 6 ``(2) ITEMS NOT REQUIRING LICENSES.---No 7 validated license may be required, except pursuant 8 to the Trading With The Enemy Act or the Inter- 9 national Emergency Economic Powers Act (but only 10 to the extent that the authority of such act is not 11 exercised to extend controls imposed under this act), 12 for the export or reexport of--- 13 ``(A) any software, including software with 14 encryption capabilities, that is--- 15 ``(i) generally available, as is, and is 16 designed for installation by the purchaser; 17 or 18 ``(ii) in the public domain or publicly 19 available because it is generally accessible 20 to the interested public in any form; or 21 ``(B) any computing device soley because 22 it incorporates or employs in any form software 23 (including software with encryption capabilities) 24 exempted from any requirement for a validated 25 license under subparagraph (A). 3 1 ``(3) SOFTWARE WITH ENCRYPTION CAPABILI- 2 TIES.---The Secretary shall authorize the export or 3 reexport of software with encryption capabilities for 4 nonmilitary end-uses in any country to which ex- 5 ports of software of similar capability are permitted 6 for use by financial institutions not controlled in fact 7 by United States persons, unless there is substantial 8 evidence that such software will be--- 9 ``(A) diverted to a military end-use or an 10 end-use supporting international terrorism; 11 ``(B) modified for military or terrorist end- 12 use; or 13 ``(C) reexported without requisite United 14 States authorization. 15 ``(4) DEFINITIONS.---As used in this 16 subsection--- 17 ``(A) the term `generally available' means, 18 in the case of software (including software with 19 encryption capabilities), software that is offered 20 for sale, license, or transfer to any person with- 21 out restriction through any commercial means, 22 including, but not limited to, over-the-counter 23 retail sales, mail order transactions, phone 24 order transactions, electronic distribution, or 25 sale on approval; 4 1 ``(B) the term `as is' means, in the case of 2 software (including software with encryption ca- 3 pabilities), a software program that is not de- 4 signed, developed, or tailored by the software 5 company for specific purchasers, except that 6 such purchasers may supply certain installation 7 parameters needed by the software program to 8 function properly with the purchaser's system 9 and may customize the software program by 10 choosing among options contained in the soft- 11 ware program; 12 ``(C) the term `is designed for installation 13 by the purchaser' means, in the case of soft- 14 ware (including software with encryption capa- 15 bilities)--- 16 ``(i) the software company intends for 17 the purchaser (including any licensee or 18 transferee), who may not be the actual 19 program user, to install the software pro- 20 gram on a computing device and has sup- 21 plied the necessary instructions to do so, 22 except that the company may also provide 23 telephone help line services for software in- 24 stallation, electronic transmission, or basic 25 operations; and--- 5 1 ``(ii) that the software program is de- 2 signed for installation by the purchaser 3 without further substantial support by the 4 supplier; 5 ``(D) the term `computing device' means a 6 device which incorporates one or more 7 microprocessor-based central processing units 8 that can accept, store, process or provide out- 9 put of data; and 10 ``(E) the term `computer hardware', when 11 used in conjunction with information security, 12 includes, but is not limited to, computer sys- 13 tems, equipment, application-specific assem- 14 blies, modules and integrated circuits.''