Showdown Still Ahead on Crypto Legislation

Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

23 June 1997

ZDNet

Showdown Still Ahead on Crypto Legislation

The battle over loosening the legal binds on the use of data-encoding software is heating up, with a Senate committee yesterday approving a new bill that critics say would chill domestic use of encryption tools because it would establish an overly-aggressive national key-recovery system.

The bill, dubbed the "Secure Public Networks Act," was offered as an alternative to another bill now pending in the Senate, the "Pro-Code" bill, which would all but eliminate domestic and international controls on the sale of encryption products. While industry groups and privacy advocates rushed to denounce the new bill, the real showdown is probably still over the horizon.

A vote on both bills by the full Senate is still ahead, probably within the next few months. Ironically, the version of the Secure Public Networks Act approved by the Senate Commerce Committee includes an amendment by one of its sponsors, Senator John Kerry (D-Mass.), that at first glance makes it look a bit more similar to the Pro-Code bill, which faces a threatened Clinton administration veto.

The amendment calls for permitting the export of U.S.-made encryption products "of comparable security" to those available in certain countries overseas -- but there's a catch. It allows for a Presidential veto of such exports if the President determines that they would violate national security, according to Senator Kerry's deputy press secretary, Amy Kobeta.

"As amended, the encryption legislation squarely addresses key needs of industry and also addresses the genuine efforts of the law enforcement and national security communities which are charged with protecting all Americans in this new digital world," Kerry said in a statement on the amendment.

But the Secure Public Networks Act calls for much more stringent controls than the technology industry would like. The bill, co-sponsored by Senator John McCain (R-Ariz.), chairman of the Senate Commerce Committee, Senator Bob Kerrey (D-Neb.) and Senator Ernest Hollings (D-S.C.), calls for limits on federal spending on data-scrambling technologies without corresponding key-recovery systems. It also would force even private individuals to use key-recovery when sending encrypted digital certificates to buy goods and services online.

"Retaining this linkage between certificates and third-party access effectively holds electronic commerce hostage to key recovery," the Center for Democracy and Technology said, in a statement reacting to the committee's passage of the bill.

"Clearly, [the] decision by the Senate Commerce Committee is a step in the wrong direction," officials from the Business Software Alliance said in a statement.

A coalition of software companies and industry groups, including encryption software makers RSA Data Security Inc., Pretty Good Privacy Inc. and the Silicon Valley Software Industry Coalition, this week sent a letter to McCain expressing support for the Pro-Code bill, which affirms domestic rights to use encryption without key recovery, and liberalizes export controls.

Currently, U.S. software makers are barred from exporting software with keys longer than 56 bits.

On the House site, a bill that mirrors the Pro-Code bill's provisions, the Security and Freedom through Encryption (SAFE) bill, awaits a final vote, which could come later this year. It passed the House Judiciary Committee last month.