At 7:04 PM -0700 9/17/97, John Young wrote:
The Computer Security Enhancement Act of 1997 (HR1903) is intended to replace the Computer Security Act of 1987. It redefines the role of NIST in meeting federal computer security and encryption requirements through cooperation of industry. Public use of encryption is also addressed in the bill.
Two lengthy reports on the bill have been issued recently, both of which provide overviews of the current encryption debate.
House Report 105-243, published on September 3, provides a detailed analysis of the bill, hearings held, floor remarks and mark-ups since introduction:
http://jya.com/hr105-243.txt (115K)
And one published today includes recent floor remarks on encryption, mostly supportive of public use:
http://jya.com/hr1903-floor.htm (44K)
One point of contention is the evaluation of foreign encryption. The original bill put that responsibility on NIST, but the latest version deleted that and leaves the task to BXA (and unnamed others). Moreover, there's dispute over committee jurisdiction for other provisions.
It seems that the GAK crowd doesn't want a credible evaluation of foreign encryption to interfere with their dream that only the US can make encryption products. ------------------------------------------------------------------------- Bill Frantz | Internal surveillance | Periwinkle -- Consulting (408)356-8506 | helped make the USSR the | 16345 Englewood Ave. frantz@netcom.com | nation it is today. | Los Gatos, CA 95032, USA