************ http://pathfinder.com/netly/editorial/0,1012,931,00.html The Netly News Network http://netlynews.com/ May 9, 1997 Bill of Goods by Declan McCullagh (declan@well.com) Senate Democrats are preparing legislation that requires universities and other groups receiving Federal grants to make their communication networks snoopable by the government, The Netly News has learned. The draft also includes penalties for "unauthorized breaking of another's encryption codes," and restrictions on importing encryption products. At a Democratic leadership press briefing, Sen. Bob Kerrey (D-Neb.) yesterday said his bill slightly relaxed export rules in exchange for greater federal control over crypto imports. But what he appears to be truly aiming for is a full-scale assault on your right to use whatever encryption software you want in your own home. Academics are indignant over the strings attached to grants. "This is outrageous," says Dave Farber, a university professor at the University of Pennsylvania and an EFF board member. "It's going to generate roaring screams on campus. If you look at Internet II, if you look at the Next Generation Internet, if you look at campus networks -- all those have components of federal funds." It's diabolical. Researchers already have to comply with a legion of rules to qualify for grants. Kerrey's proposed bill, called "The Secure Public Network Act," would add yet another provision to the fine print. It requires that "all encryption software purchased with federal funds shall be software based on a system of key recovery" and "all encrypted networks established with the use of federal funds shall use encryption based on a system of key recovery." Key recovery, or key escrow, technology enables law-enforcement officials to obtain copies of the mathematical keys needed to decipher messages. In other words, someone else keeps a copy of your secret key -- and some proposed bills say that the cops may not even need a search warrant to seize it. And not just universities will be jump-starting the market for domestic key escrow. Organizations from defense contractors to the United States Institute of Peace to the American Red Cross receive federal monies. "This is out-and-out industrial policy," says Jim Lucier of Americans for Tax Reform. "It's going to affect every technology there is for doing business on the Net." What about the penalties for "unauthorized breaking of another's encryption codes?" That would criminalize cryptanalysis, the way to verify the security of encryption software you buy. "The only way to know the strength of a cipher is cryptanalysis," says Marc Briceno, a cryptography guru at Community ConneXion. Then there's Kerrey's statement saying "there will be" restrictions on what encryption products you're permitted to buy from overseas firms. This contradicts Justice Department official Michael Vatis, who told me at a conference this year that the Clinton administration did not want import controls. Though Cabe Franklin, spokesperson for Trusted Information Systems, says Kerrey was misunderstood. "In the briefing afterwards, I found out he didn't mean that at all. He meant import controls, but more regulation than restriction. The same way they wouldn't let a car with faulty steering controls in the country. He meant more quality control," Franklin says. (I don't know about you, but I'm not convinced.) But the real question is: Why does Kerrey think this rat-bastard bill has any chance of passing through Congress, especially when there's already legislation that would generally relax controls on crypto? After all, Rep. Bob Goodlatte (R-Va.)'s "SAFE" bill already has 86 cosponsors and shot out of subcommittee last week. Sen. Conrad Burns' (R-Mont.) "Pro-CODE" bill is headed for markup next month. The answer is simple: this a trading chit that the White House and the Democratic leadership can play to water down the Burns and Goodlatte bills, and perhaps meld all three together. The Democratic strategy makes sense. Members of Congress are driven by a fierce, desperate urge to compromise. The drive is primal: legislators are compelled to find a middle ground. But to their chagrin, crypto doesn't offer one. Either you keep a copy of the electronic keys to your files or someone else does -- which is exactly what the White House wants. Either you're free to speak privately over the Net using PGP, or you're not -- which is exactly what the White House also wants. This may seem like a lot of high-powered attention on an obscure subject; after all, encryption does nothing more than scramble, verify and reassemble bits of information. Besides ensuring that your messages are private, encryption provides the protocols for scrambling credit card numbers and minting electronic coins. It allows digital signatures, proofs of identity online, digital time stamps and even secure electronic voting. It lets anonymous remailers exist. It supplies the foundation and steel girders for an information society. Kerrey's sudden interest in cryptologic arcana likely stems from a recent addition to his staff: policy aide Chris McLean. McLean is hardly a friend of the Net. While in former Sen. Jim Exon's (D-Neb.) office, McLean drafted the notorious Communications Decency Act and went on to prompt Exon to derail "Pro-CODE" pro-encryption legislation last fall. Then, not long after McLean moved to his current job, his new boss stood up on the Senate floor and bashed Pro-CODE in favor of the White House party line: "The President has put forward a plan which in good faith attempts to balance our nation's interests in commerce, security, and law enforcement." Now, more ominously, McLean just might be Bill Clinton's appointee to fill a vacant slot at the Federal Communications Commission. If you think the White House is out to slam the Net, imagine what the FCC could do... ### ------------------------- Declan McCullagh Time Inc. The Netly News Network Washington Correspondent http://netlynews.com/