Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

Senate Committee Approves Compromise Encryption Bill

23 June 1997

Newsbytes

Senate Committee Approves Compromise Encryption Bill

A compromise bill on encryption exports passed by the US Senate Commerce, Science and Transportation Committee is too compromising, as far as industry is concerned.

While the approved encryption legislation, S.909, the Secure Public Networks Act, is aimed at liberalizing laws barring export of software products with strong encryption capabilities, its provisions would relax those controls to only a 56-bit key length, and require a significant government role in key management for stronger solutions.

The Secure Public Networks Act, S909, introduced by Senator Bob Kerrey's (D- Nebraska), and co-sponsored by Sen. John McCain (R- Arizona) and Sen. Fritz Hollings (D-South Carolina), attempts to find the middle road on encryption policy. The bill would relax encryption controls to only a 56-bit key length, and would require encryption software used by the federal government, or purchased with federal funds for public use, to include key recovery software.

The Committee adopted an amendment to the legislation adopted by Sen. John Kerry (D-Massachusetts) that would establish an Encryption Export Advisory Board composed of four representatives from industry, the Secretary of Commerce and representatives from the National Security Agency, the Federal Bureau of Investigations and the Central Intelligence Agency.

This board, Kerry said, "would evaluate whether a market exists for non-key recovery encryption products that are stronger than 56-bit DES and make recommendations to the President on those findings."

The Committee also approved amendments by Sen. Bill Frist (R-Tennessee) that would require subpoenas for obtaining encryption keys "to be as stringent as other subpoenaed material."

Frist's amendments also would ensure that government communications systems operate with key recovery, and directed the National Institute of Science and Technology, along with the Justice and Defense Departments, to publish an implementation plan for key recovery and to define key recovery.

The key recovery proposal, privacy advocates and software publishers say, is a slightly watered down version of the key recovery proposal sponsored by the Clinton Administration. Currently, the Clinton Administration does not allow US companies to export products that use algorithms longer than 40 bits without government approval, or without providing key recovery.

"The Secure Public Networks Act, however, is little more than an ineffectual attempt by Senators Kerrey and McCain to carry the Clinton administration's water in a bucket riddled with holes," Lauren Hall, chief technologist for the Software Publishers Association (SPA), told Newsbytes.

David Banisar, staff counsel for the Electronic Privacy Information Center (EPIC), concurred, saying "this is the same coercive strategy they used with the Clipper chip. The bill is the administration's wish list for trying to restrict public cryptography."

"Senators Kerrey and McCain deferred to the concerns of the Federal Bureau of Investigation and the National Security Agency, who argue that strong encryption prohibits their ability to monitor and investigate the actions of suspected criminals and terrorists," Hall said.

Information Technology Association of America (ITAA) President Harris Miller said that passage of S.909 demonstrates "a failure to come to terms with current marketplace realities."

"Legislating a 56-bit key length for software encryption algorithms is simply out of touch with the realities of electronic commerce," he said. "S. 909 would distort the marketplace with extensive government imposed key recovery requirements. We're in danger of closing a door we should be opening. Encryption is the key to doing business in cyberspace. Today's vote is a vote for putting US software companies at an extreme disadvantage, threatening the growth and vitality of electronic commerce and harnessing industry with a burdensome, costly and potentially ineffective key recovery system."

Sen. McCain, chairman of the Senate Commerce Committee, said however, that the Clinton Administration threatened to veto other encryption bills currently in Congress if they did not include a key recovery process.

"It will be fruitless to move a bill that will never become law," McCain said. "I am a supporter of a free market. But the free market cannot be allowed to act in a manner that is contrary to our nation's security needs."

Commerce Committee member Sen. John Ashcroft, (R-Missouri), disagreed with the tone of the bill, calling it an attempt to "outlaw photography because somebody takes dirty pictures."

(19970620/Press Contact: Pia Pialorsi, Senate Committee on Commerce, Science and Transportation,



[ Back | Home | Products | Security News | Security Links | Download | Resources | Press | Employment | Contact | About ]

CryptoSoft GmbH

Feedback: webmaster@cryptosoft.com
 Copyright ©1995-1998 Cryptosoft GmbH
All Rights Reserved