For example, SIGINT proved its worth in World War II when the United States broke the Japanese naval code and learned of their plans to invade Midway Island. This intelligence significantly aided the U.S. defeat of the Japanese fleet. Subsequent use of SIGINT helped shorten the war. NSA continues today to provide vital intelligence to the warfighter and the policy maker in time to make a difference for our nation's security. Demands on us in this arena have only grown since the break-up of the Soviet Union and have expanded to address other national security threats such as terrorism, weapons proliferation, and narcotic trafficking, to name a few.

Because of these growing serious threats to our national security, care must be taken to protect our nation's intelligence equities. Passage of legislation that immediately decontrols the export of strong encryption will significantly harm NSA's ability to carry out our mission and will ultimately result in the loss of essential intelligence reporting. This will greatly complicate our exploitation of foreign targets and the timely delivery of intelligence to decision makers because it will take too long to decrypt a message if indeed we can decrypt it at all.

Today, many of the world's communications are unencrypted. Historically, encryption has been used primarily by governments and the military. It was employed for confidentiality in hardware-based systems and was often cumbersome to use. As encryption moves to software-based implementations and the infrastructure develops to provide a host of encryption-related security services, encryption will spread and be widely used by other foreign adversaries that have traditionally relied upon unencrypted communications. The immediate decontrol of encryption exports would accelerate the use of encryption by many of these adversaries and as a result, much of the crucial information we are able to gather today could quickly become unavailable to us. Immediate encryption decontrol will also deprive us of the opportunity to conduct a meaningful review of encryption products prior to their export. In the past, this review process has provided us with valuable insight into what is being exported, to whom, and for what purpose. Without this review and the ability to deny an export application, it will be impossible to control exports of encryption to individuals and organizations that threaten the United States. For instance, immediate decontrol will undermine international efforts to prevent terrorist attacks, and catch terrorists, drug traffickers, and proliferators of weapons of mass destruction.

Please do not confuse the needs of national security with the needs of law enforcement. The two sets of interests and methods vary considerably and must be addressed separately. The law enforcement community is primarily concerned about the use of non-recoverable encryption by persons engaged in illegal activity. At NSA, we are primarily focused on preserving export controls on encryption to protect national security.

While our mission is to provide intelligence to help protect the country's security, we also recognize that there must be a balanced approach to the encryption issue. The interests of industry and privacy groups, as well as of the Government, must be taken into account. Encryption is a technology that will allow our citizens to fully participate in the 21st Century world of electronic commerce. It will enhance the economic competitiveness of U.S. industry. It will combat unauthorized access to private information and it will deny adversaries from gaining access to U.S. information wherever it may be in the world.

To promote this balanced approach, we are engaged in an ongoing and productive dialogue with industry. The recent Administration update to the export control regulations addresses many industry concerns and has significantly advanced the ability of U.S. vendors to participate in overseas markets. Of equal significance, the Wassenaar nations, representing most major producers and users of encryption, agreed unanimously in December 1998 to control strong hardware and software encryption products. The Wassenaar Agreement clearly shows that other nations agree that a balanced approach is needed on encryption policy and export controls so that commercial and national security interests are addressed. Both are positive developments because they open new opportunities for U.S. industry while still protecting national security. These are examples of the kinds of advances possible under the current regulatory structure, which provides greater flexibility than a statutory structure to adjust export controls as circumstances warrant in order to meet the needs of Government and industry. We want U.S. companies to effectively compete in world markets. In fact, it is something we strongly support as long as it is done consistently with national security needs. NSA supports the recent updates to the Administration's policy. The export provisions were carefully designed to open up large commercial markets while trying to minimize potential risk to national security. We believe significant progress was made.

As you review the SAFE Act, it is very important that you understand the significant effect certain provisions of this bill will have on national security. If enacted, the bill would effectively decontrol most commercial computer software encryption and specified hardware encryption exports to all destinations, even regions of instability. It would also deprive the Government of the opportunity to conduct a meaningful review of a proposed export to assure it is compatible with U.S. national security interests and would also eliminate the ability to deny an export application if national security concerns are not adequately addressed.

The bill would permit exports of encryption based on products that are permitted to be exported for foreign financial institutions. The criteria for exporting encryption to these institutions should not be the basis for decontrolling other encryption exports. Allowing favorable treatment for specific classes of end-users may be appropriate in cases such as those involving banks and other financial institutions which are well regulated and have a good record of providing access to lawful requests for information. Requiring the blanket approval of exports to all other end-users in a country would eliminate important national security end-use considerations for these exports.

In summary, the SAFE Act will harm national security by making NSA's job of providing vital intelligence to our leaders and military commanders difficult, if not impossible, thus putting our nation's security at some considerable risk. Our nation cannot have an effective decision-making process, a strong fighting force, a responsive law enforcement community, or a strong counter-terrorism capability unless the intelligence information required to support them is available in time to make a difference. The nation needs a balanced encryption policy that allows U.S. industry to continue to be the world's technology leader, but that policy must also protect our national security interests.