Statement of Matthew Bowcock
The House Armed Services Committee has requested that Baltimore Technologies present testimony on the SAFE Act.
We would like to thank the committee for the opportunity to present views and assist the committee with its work. As a leading non-US originated developer of security and encryption products with sales throughout the world, including the United States of America, we can provide a different perspective on the implications of this legislation. We are not encouraging the members to vote in a particular direction.
Cryptography is being incorporated into more and more technology products every day. The general technology boom and the Internet in particular fuel this explosive increase in use of crypto. It is apparent to everyone that a regulatory system designed to apply to a small number of specialist products cannot be sustained into the future.
Baltimore Technologies is a publicly listed company with headquarters in Ireland, UK, Australia and the USA. As a leading global supplier of security products for use in enterprise and e-commerce systems, we welcome all attempts to encourage worldwide open markets for cryptographic products. As a global company, we wish to compete on a level playing field and let the consumer choose the best product and supplier.
Baltimore Technologies, along with many other non-American originated companies, has no reservations with the underlying concepts in the SAFE Act. Indeed, we would welcome the global availability of products such as browsers, secure email and emerging technologies that will encourage the environment for world e-commerce.
A large portion of Baltimores business comes from customers who are free to choose products from our competitors from the USA, Canada, Europe. These customers are either American corporations or financial institutions who can obtain export licenses for US products. We believe that a very small percentage of our business comes as a direct result of American export restrictions.
Baltimore has technology and business relationships with many world-leading technology companies. These relationships are based on mutual business benefits and not because Baltimore is a non-US company. In the past three years we have worked with companies such as Intel, Cisco, IBM, RSA Data Security Inc., Netscape. These relationships exist both inside the United States and in other countries where Baltimore operates.
(A) Comments on SAFE Section 2: Sale and Use of Encryption
(B) Comments on SAFE Section 3: Exports of Encryption
Good morning Mr. Chairman and Members of the Committee.
My name is Matthew Bowcock and I am the Executive Vice President Corporate development for Baltimore Technologies. I am testifying today to provide the viewpoint of a leading information security company that originates from outside the USA.
I would like to put my comments in context by giving you a brief introduction to Baltimore Technologies.
Baltimore Technologies is a publicly listed company on the London Stock Exchange. We develop and market commercial security products for use in business and e-commerce most of these products use encryption technology. We have software and hardware development centres in Ireland, the UK and Australia and have sales offices in 16 cities worldwide and customers in over 40 countries. Many of these customers are governments, government bodies and some of the worlds leading financial institutions. We have business and technology relationships with many companies including US corporations such as Intel, Cisco, IBM, Netscape and Security Dynamics/RSA. While we do not develop software inside the USA, we are successfully selling our products and growing our business throughout America. We are one of the leading, global security companies in the world today.
We export the majority of our products from the country of development. These exports are regulated by the national government of the relevant country, all of which are signatories to the Wassenaar Arrangement. Accordingly, Baltimore has unrivalled experience of operating in the most international of export regulated environments. Our business objective is to provide the world with the underlying electronic security infrastructure to support world commerce.
The underlying framework of world commerce requires a reasonable regulatory environment that transcends national boundaries. This framework has to be acceptable to the twin requirements of international governments and the freedom of the individual.
Encryption is now a common requirement for almost any Internet or e-commerce product. This is in contrast to just a few years ago when encryption was only necessary for specialist products. It is now clear to everyone that the regulatory system designed to control cryptography in the past cannot be sustained into the future. The next move is highly important. Baltimore will encourage and support all initiatives to develop a structure that supports the requirements of industry and governments.
The SAFE Act will completely alter the nature of the security market, both inside the USA and in the rest of the world.
We welcome the use of cryptography for the development of a secure e-commerce structure within the United States as proposed in the SAFE Act. Security and trust are essential parts of commerce and cryptography is an essential part of e-commerce. The prohibition on mandating key escrow will also remove a potential technological obstacle to the adoption of secure systems.
The export provisions of the SAFE Act will potentially revolutionise the worldwide Internet and e-commerce markets. It will clear the way for full strength encryption in a vast range of security and general-purpose applications including Web Browsers, Email and File Encryption.
This Act will enable the vast majority of non-American businesses and consumers to conduct business with each other over the Internet using strong security.
However, this unilateral move comes soon after 33 leading countries, including the United States of America, agreed to harmonise a base level of crypto regulation in the Wassenaar Arrangement. The SAFE Act may solve a single problem of US export, but may cause other difficulties in selling and using US security products between other countries as many US companies have development, manufacturing and distribution facilities throughout the globe.
This is not a US versus the Rest of the World issue. The US has a unique position in that it is the largest single market for development, export and purchasing of high-technology products.
I would encourage the committee to consider a more international approach to the export section of the SAFE Act so that we recognise the international aspect of the industry and the Internet.
I also wish to refute the widespread perception that non-US security companies flourish solely because of perceived inability of US companies to export products with strong crypto. As part of my research for this testimony, I was astounded by some of the claims presented as testimony to other subcommittees. It is vital that that this sub-committee is not misled into developing legislation based on incorrect information.
We welcome any moves to encourage open markets for encryption products throughout the world. The US regulations may appear to give non-American companies a massively unfair advantage, but in truth the advantage gained is slight. US companies dominate in software and technology worldwide and will continue to do so. There are tens of millions of users of Microsoft and Netscape products outside America, most of whom have reduced strength cryptography. Even though freeware products exist to re-instate the strong crypto, a tiny percentage of people have done so.
Baltimore Technologies derives a high percentage of its revenues from the financial sector, where US companies are free to offer strong cryptographic products. We compete successfully in the same way as any technology company does by bringing the best products to market first. I do not know of any significant non-American companies who deliberately set out to build a business based on the US export situation. The only situations we encounter of companies deliberately sidestepping US regulations are the international subsidiaries of American corporations.
While US companies are subject to export restrictions, they have a domestic market that is the most active and sophisticated in the world comprising 260 million people. Many of Baltimores products emanated from our Ireland development centre, with a domestic market of fewer than 4 million people. In many ways we are envious of American companies which can access a vast domestic market in which to develop and sell advanced security products. US companies are not losing the technology race - nor will they. There exist many significant impediments to the development of security products, and many American companies would cite the commercialisation of various patents as being more significant.
The SAFE Act presents a highly significant opportunity to change the security landscape within the United States and beyond. It will impact both US and non-US security and encryption companies and potentially alter the way in which e-commerce and the Internet are secured.
Thank you again for your invitation to present here today.
INFORMATION ON BALTIMORE TECHNOLOGIES
Baltimore Technologies develops and markets security products and services for a wide range of e-commerce and enterprise applications.
Its products include Public Key Infrastructure (PKI) systems, cryptographic toolkits, security applications and hardware cryptographic devices. Baltimore Technologies employs over 400 people across fifteen global locations, has development centres in Europe and Australia, and services over 300 customers across forty countries.
In January 1999, Baltimore Technologies merged with Zergo Holdings plc. to form Baltimore Technologies plc (London:BLM). Intel Corporation holds a 6% stake in the company.
Baltimore Technologies operates from offices in fifteen cities around the world including London, Boston, Washington DC, New York, Denver, Dublin, Dallas, Mountain View, Sydney, Munich, Tokyo and Hong Kong.
For further information visit Baltimore Technologies athttp://www.baltimore.com
MATTHEW BOWCOCK RESUME
MATTHEW BOWCOCK is Baltimores Executive Vice President Corporate Development and is a member of the board of directors.
Matthew has responsibility for the Companys global strategy, analyst relations and investor relations. He has been instrumental in defining the Companys strategic marketing plan and in positioning Baltimore as a world leader in cryptographic information security.
With nearly twenty years of international sales and marketing experience in the IT sector, Matthew has a wealth of knowledge and expertise, gained from both the Government and Commercial sectors world-wide.
Prior to joining the Company, Matthew was Managing Director and founder of Security Domain, an electronic commerce security product company which was acquired in 1998. Prior to this, he was the General Manager at Electronic Transactions (Pty) Ltd. In addition, at Digital Equipment Corporation based in Sidney Matthew was responsible for the introduction of all security products into the region. This included classified defence equipment and secure operating systems.
Educated in the UK, Matthew has an Honors Degree in Law.