1997 Congressional Hearings
Intelligence and Security

Security and Freedom Through Encryption (SAFE) Act
March 20, 1997 - House Judiciary Subcommittee on Courts and Intellectual Property



  Mr. Chairman, my name is Grover G. Norquist and I am President of Americans for Tax Reform. I am here to strongly support the Security and Freedom through Encryption (SAFE) Act, H.R. 695, introduced by the gentleman from Virginia, my good friend Mr. Bob Goodlatte. I am also here to thank Mr. Goodlatte and all those who have co-sponsored this bill in the House of Representatives, including John Boehner and Tom DeLay.
  The irony is, I shouldn't have to be here. The SAFE Act essentially affirms traditional Constitutional principles that Americans should be free ''their persons and possessions from unreasonable searches and seizures,'' and that they should be allowed to conduct their lawful business with a minimum of interference from the state. These are indeed truths we should hold self-evident.
  Instead, the alternative to the SAFE Act, championed by the Clinton Administration and almost no one else on the planet, is the biggest government power grab since income-tax withholding and a sweeping expansion of state power that threatens to put life, property, and personal information at risk. Bill Clinton's inexplicable fixation with the Clipper Chip represents not only a sweeping expansion of state power but also reckless endangerment of the public infrastructure.
  The Clipper Chip was an issue even George Bush got right bad idea, wouldn't be prudent. You didn't see it come from his Administration. The Clipper Chip, as you recall, was a government plan to strongarm private industry into building a backdoor for government eavesdropping into every communications device. Companies which wouldn't cooperate wouldn't get government contracts, might have their taxes audited, and might be embarrassed in front of Congressional Committees. Yet the initial public relations fiasco of Clipper Proposal Number One somehow didn't register with this Administration. They keep coming back with new names and new proposals—''key escrow, key recovery, key management infrastructure,'' and what have you. But it's still the same thing. The single most important message I want to leave you with today is that all these new proposals are variations on the Clipper theme. They are categorically unacceptable. The reason we need the SAFE Act is not, unfortunately, to make any positive changes but rather to put a nail in the Clipper coffin once and for all.
  There are three basic questions to deal with: First, what is our basic model of economic development in this country is it free markets or ham-fisted industrial policy? Second, who makes the laws in this country—is it Congress or the President? And third, do we still give a hoot in this country about civil liberties protections and Fourth Amendment guarantees against searches and seizures, particularly when these apply to taxpayers?
  If you as Members of Congress think this is a free market country where Congress makes laws and the Constitution still means something, then you will unanimously support Mr. Goodlatte's bill.
  Let me present a few words about my background as I launch into the body of my testimony. I am President of Americans for Tax Reform, which serves as the clearinghouse for a national coalition of taxpayer groups. We lobby for lower taxes, less government spending, less government regulation, and less information about taxpayers in the hands of high school-educated Internal Revenue Service computer clerks. We think the government has more than adequate opportunities to spy on taxpayers, take their money, and otherwise run their lives.
  I am also a member of the National Commission on Restructuring the Internal Revenue Service, which is chaired by Senator Robert Kerrey and Representative Rob Portman. Both have done an excellent job in guiding the Commission's useful work. I come here having spent a fair amount of time studying prosecutorial abuse by the IRS, failures in IRS technology management, sloppy handling of taxpayer records, failure by the IRS to maintain its own records, and worse. Even so, the prospect of an IRS playing with Clipper Chip spinoffs makes almost anything else I have seen pale by comparison.
  As noted earlier, in a sensible world I shouldn't have to be testifying in support of the SAFE Act.. The bill has little positive content other than saying the U.S. Government should not do anything stupid. My primary reasons for supporting the SAFE Act is that what the Administration wants to do and has been doing is so bad. The Administrations Clipper, son of Clipper, key escrow, and other various proposals constitute the following serious problems: A regulatory mandated. Abuse of the regulatory process. It is an attempt to end-run Congress by seeking international agreements which not even the statists in Europe want. An attack on the property rights needed to develop markets in cyberspace and new products in digital media. A threat to U.S. National Security. A threat to U.S. domination of world financial markets and dollarization of the world economy. A threat to the security of Americans doing business on the domestic public infrastructure. A threat to the security of Americans and U.S. businesses doing business in places like Russia, China, France, and countries which don't have the Fourth Amendment. An open prospect to government abuse of personal information. A very troubling development in the context of various proposals floating around for a national ID card, a national worker registry, and federal and state databases of all kinds.
  The overall effect of Administration policy, if uncorrected by the SAFE Act, would be to fundamentally change the evolving nature of public networks in the digital economy. The networks which now promise to be an unprecedented infrastructure for knowledge, commerce and communication would instead become an infrastructure for government surveillance, regulation, taxation, and control of citizen. This is not a very prosperous way to begin a 21st century.
  The only good news about this development is that it probably won't work in the long run. Lack of encryption, which means lack of adequate property rights, privacy, and enforceable contracts, will turn the Internet into one vast collective farm. Sooner or later it will collapse and freedom will reign. We just may have to endure 50 years of misery the way the Russians had to endure 50 years of collective farms.
  Now, I am talking mostly in terms of a long term perspective here, but let me explain how Clipper Chip nonsense comprises a vast expansion of state power.
Right now, if the government wants to read your mail, it has to sort through trillions of physical pieces of paper that might be anywhere in the country. This is difficult, time-consuming, and expensive.
If the government wants to listen to your phone calls, they have to pay people to listen, and listening takes a long time. Even though you can electronically sort out telephone calls and only listen to those calls that go from numbers you want to monitor to numbers you monitor, technology is such that you still have to hire people to listen, and this again is expensive.
The government can't easily monitor what you do in groups of people that meet in three dimensional space like your church, your business, or your local bar;
The government can't easily track what you do with physical currency.
  I might also mention that the government can't easily track the trillions of tax documents that exist on paper, but that's another story.
  Now, consider the world of the future, when everything you do, you do on-line, on a digital network of some sort:
Your phones, cell e-mail, pager, laptop computer, personal digital assistant, and other communications will rely on digital networks that don't distinguish between ''wired'' and ''wireless'' channels;
You will do your shopping over the Internet or its successor;
Your videos and all your other information will come in over the phone lines or the Internet;
Your car will plug into digital networks that guide and steer it for you when you travel on computercontrolled highways;
Even purchases you make in person will use some sort of electronic cash and electronic payment system that might involve simply pointing your wallet at what you want;
When you go to the airport and get out of your cab, or out of your car which can drive itself home, the airport will know who you are and where you are going;
Almost any type of activity generates a ''transaction stream'' that can be audited, monitored, or interfered with.
  You get my drift. Everything you do, you do on-line. In these circumstances, giving the government easy capabilities to snoop is like letting the government put a TV camera in every room of your house. Key-escrow means the government just promises not to turn the cameras on unless you have been bad.
  The result is just like the 19th century, when the federal tax collector used to walk into your house, see what you had, and hand you a bill. This is actually not too far removed from things the IRS still does and wants to do on a wider scale, such as the Taxpayer Compliance Monitoring Program and the so-called lifestyle or ''Jockey Shorts'' audit.
  The bottom line is that the citizen as taxpayer has fewer civil liberties and Fourth Amendment protections than the citizen in almost any other role. The taxpayer does not even necessarily have the presumption of innocence in tax proceedings. If civil liberties abuse begins under a key escrow system, it will probably begin with routine monitoring of transactions for ''tax compliance.''
  To look at this from another perspective, consider the following:
Would you let the government have a key to your house? Of course not.
Would you trust the government to put a lock on your door? No, because if everyone has the same lock and the same key, every teenager with a hacksaw will know how to break in.
  The Marx Brothers once built a whole move around the idea of what happens when a bunch of lunatics get hold of the passkey in a fancy hotel. And this is the Administration's view of law and order? I think not.
  The U.S. economy is fast approaching a point of development when both products and payments move electronically over the public networks. If you are a writer, a teacher, an architect, an engineer, a consultant, a lawyer, a graphic designer, or even a doctor practicing tale-medicine, you will work with your colleagues and customers using what we now think of as computers on the Internet. Most of the leading U.S. multinational companies already work over computer networks in this fashion with teams of employees that span the entire globe.
  So, how do we conduct business on the Internet? When everything is digits on the phone line, you still need the equivalent of signed contracts, sealed packages, property rights, indelible marks, verifiable signatures, dollar bills, unforgeable checks, and the like.
  Now, it happens that ''encryption'' is not just a way of hiding things. The term encryption encompasses a huge range of mathematical techniques that put the equivalent of signs, signatures, seals, and marks on streams of digits. If you can't use encryption, you can't do these things. If you put unreasonable and arbitrary controls on encryption, as President Clinton wants to do, you drastically limit the possibilities for growth and commerce in the digital economy. This constitutes an enormous regulatory burden. To the extent Clinton's policy stalls business on the Internet, Clinton is imposing a pre-emptive 100 percent tax on the information age.
  This gets to my point about recklessly endangering public infrastructure and denying citizens the ability to use infrastructure safely. If you deny citizens tools for doing business in a normal way, you deny them the ability to do any business at all.
  Let's compare on the Internet to settling the frontier. What would have happened in the 19th century if Congress had said: No paving roads; no fence on your farm; and no lock on your front door.
  Certainly, most of you who represent the Western states today would not be here at all. There would be very little business in the West. And the West would still be lawless, as the Internet is still in some respects lawless or at least dangerous to people whose identities may be forged and whose information may be stolen. People who did live in the West would have to worry constantly about someone breaking into their house, or worse.
  On the Internet, there are two aspects of safety and security. One is keeping people from stealing your things and invading your privacy. Obviously encryption is key to this. The other problem is keeping those teenagers with hacksaws that I mentioned or other bad guys from crashing the network.

  For preventing theft, you need to make it difficult to steal things. Difficult means very expensive. How expensive would cracking the Congressional Record have to keep this material secure? Probably not very. But suppose a major auto company just spent five billion dollars to develop a new car, which is what new cars cost. Then clearly you need encryption that is tough enough to protect five billion dollars. There are reports that a major auto company actually did have plans for a new model stolen through economic espionage in the last few years, so this is a very real threat. Yet right now, Bill Clinton is trying to force Americans to use encryption no stronger than a French graduate student recently cracked using the machines in a few hours using the machines in his French computer lab for free.
  For preventing sabotage, you need a system that does not have well-known limits and vulnerabilities. If everybody uses the same type of encryption, sooner or later someone will find a vulnerability and figure out how to break it. Therefore, to be safe, you need a proliferation of different system so no one passkey opens all the locks.
  America already relies on critical infrastructure. This includes: the public telephone system, on which much U.S. military communication travels; the financial and banking infrastructure; the power grid; the air traffic control system; and more.
  Soon the highways themselves will be a computer network as well as a roadway network. For the American people to be safe from terrorists, enemies, and vandals in the future, we need to most robust encryption possible to keep these networks safe and secure.
  Finally, a word on international problems.
  President Clinton is trying to make the other industrial nations go along with an international key escrow system with key sharing agreements so that countries doing international police work could share their cases and pool information. Unfortunately, only the U.S. has a Fourth Amendment that is somewhat enforceable in U.S. courts. Outside the US, anything goes.
  This is silly. These agreements amount to telling foreign governments everything there is to know about how Americans and U.S. companies attempt to protect themselves in foreign markets. It says, here is the outline of what U.S. companies do, their techniques of encryption, and the legal limits on how secure their communications can be. And we hope you nice governments and intelligence services in Europe that work hand-in-glove with state-owned companies will reciprocate and let us spy on you as well. This is ridiculous. It just won't work.
  The really disturbing aspect, however, is the way the Clinton Administration abusing international export controls to attempt to make U.S. companies follow regulations that were never approved or considered by Congress, and the way the Administration tried to make international Clipper Chipping a done deal by international agreements before Congress could legislate otherwise. Fortunately, a draft document recently leaked from the OECD suggests the Europeans rejected this. It is not often I am thankful to Europeans, but there it is.
  As a taxpayer activist, I favor policies that will cause the economy to grow and make the relative size of the state shrink while freedom is expanded. I therefore support freedom of encryption and look forward to the growth of digital commerce.
  As a taxpayer and a citizen, I also worry about civil liberties and tax and regulatory policy that could cause the size of the state sector to balloon. I do not think the government should be able to sweep my e-mails and read what it wants without great difficulty, though I recognize the government is much bigger than I am and has rooms the size of football fields filled with computers that even the wildest science fiction writer couldn't dream of 20 years ago. The issue is not whether the government should not be able to crack codes. The issue is whether it should be sufficiently challenging to spy on individual people so that systematic surveillance is impractical, as it is know.
  I worry about an America in which the White House can ask for and receive 900 FBI files with sensitive taxpayer information. I worry about an America in which the FBI Director lies to Congress and has to be corrected by his own Inspector General. These guys want to assign me my digital signature and keep my key on file with them or someone they designate?
  The government has tremendous information resources at its disposals in database centers like the Financial Crimes Enforcement Network (FinCEN) which might be called ''the mother of all Government databases.'' FinCEN has literally everything there is to know about you tax records, postal addresses, credit records, banking information, you name it and if more taxpayers knew about it they would be outraged. They would also recognize encryption as the last little bit of protection individuals have against the totalitarian state.
  The government has enough power already. It doesn't need more. I thank you for the opportunity to testify and look forward to your questions.