The Honorable Janet Reno,
Attorney General
US Department of Justice
950 Pennsylvania Avenue, NW
Washington, DC 20530-0001

Dear Attorney General Reno,

On September 27, I wrote to you seeking clarification of the Administration's policies regarding online privacy - specifically as related to encryption export controls and federal monitoring of online networks. Although I had asked for a response by October 15, I have still not received any answers to my questions.

I have seen, however, the draft regulations released by the U.S. Department of Commerce on November 24. Unfortunately, they seem to fall short of the rhetoric employed when the new Administration position was announced. The rules seem overly prescriptive and excessively bureaucratic. Since these are only draft regulations, however, I am willing to reserve judgement until the rules are final. I urge you to take another look at the provisions of HR 850, the SAFE Act, when crafting the final version - the bill has overwhelming bipartisan support and was scheduled for floor action when the Administration announced it's reversal on encryption export policy.

Online privacy issues, like encryption, need to be handled in an open and straightforward manner. As this Christmas shopping season has demonstrated, e-commerce is here to stay, but it will only continue to flourish if consumers have confidence that their online transactions are secure. The Administration cannot continue to unveil important online policy changes without adequate public vetting and explanation. A failure to communicate can lead to a lack of confidence in the online environment.

This is particularly true with regard to network security issues. FIDNet, and other related computer network monitoring proposals, have raised many concerns about the federal government "cybersnooping" on online transactions. While I share the Administration's goal of protecting government computer networks from outside intruders, there are serious policy questions about how best to achieve security in a way that protects personal privacy.

The few answers that have been forthcoming are often vague and even contradictory. For example, your September 24 letter states "As envisioned, FIDNet is being designed to monitor federal executive branch computer networks for intrusions, not private networks or the Internet in general." Yet National Journal's Tech Daily reported on October 20 that "The Department of Justice is cultivating controversial plans to avoid or repeal portions of the Freedom of Information Act because of concerns the law might keep businesses from playing a crucial role in the Clinton Administration's computer network security plans."

Is this article accurate? If there is no private sector role in the "National Plan," why would FOIA have to be waived? Or was your answer to my initial letter simply that FIDNet itself is not designed to monitor private networks, but that other components of the Administration's network security plan will involve private networks?

I feel very strongly that Congress should not authorize or appropriate any funds to implement the "National Plan," until the details of the plan are carefully scrutinized and debated by the Congress and the public at-large. Congress will not put the confidence of the American people in their online transactions at risk by prematurely supporting a plan that has not yet seen the light of day. I hope you will take this opportunity to reassure the public that there is no Administration effort to invade personal privacy before releasing the "National Plan" later this year.

The American people will not simply "trust" that the Justice Department, which allowed 900 FBI files containing personal information about American citizens to be released into unauthorized hands (i.e. Craig Livingstone), will be more careful with their online privacy.

People are very interested in preserving their personal security online. The future of e-commerce depends on it. I urge you to work with Congress to bring these important Internet privacy issues to the forefront where they can be openly discussed and debated before the public. I am certain that the Administration shares our commitment to online privacy. Please take this opportunity to demonstrate it by providing more clarity and light to the encryption export rules and the FIDNet proposals.

Sincerely,

DICK ARMEY
House Majority Leader

Cc:
Secretary of Commerce, William M. Daley
Secretary of Defense, William S. Cohen
National Security Adviser, Samuel R. Berger
Chief Counselor for Privacy at OMB, Peter Swire

Please send any questions or comments to webmaster@eff.org