At 07:51 AM 3/5/97 -0800, Greg Broiles wrote:
I've seen discussion on various lists and in the media about the reissue of Sen. Burns' Pro-CODE bill (S. 377); I was poking around thomas.loc.gov for information about S. 377 and ran across S. 376, introduced by Sen. Leahy, the "Encrypted Communications Privacy Act of 1997", which implements a lot of legislation that cypherpunks types have been speculating about for several years now. [snip] I haven't had a chance to go over it in detail, but it purports to do these things: Makes the use of any cryptosystem in the US, or by US persons on foreign soil, legal;
Which is somewhat illogical, because if we assume that things are legal until made illegal, and there is no illegal cryptosystem, that means that no bill can "make the use of any cryptosystem legal." (I understand, of course, that you may simply be saying that the bill pretends to do it...)
Prohibits the implementation of mandatory key escrow
Again, somewhat of a non-issue, wouldn't you say? What with the 1st amendment, the government would have an enormous uphill battle to make key escrow mandatory anyway.
Establishes standards and procedures under which key escrow agents may release escrowed keys (including criminalizing wrongful release and wrongful failure to release pursuant to court order/other authorization)
Key escrow agents (to the extent they currently exist and will exist in the future) are presumably entitled to contract with their customers whatever conditions and terms their customers desire. If that DOESN'T include sharing the key with the government, as far as I know that's entirely legitimate. ("impairment of contracts.") Also, I see no reason to believe that those agents will necessarily have copies of the keys in unencrypted form, useable by the government.
Criminalizes the willful use of encryption to obstruct justice
Which, as Tim May points out, could imply practically any useage of crypto with the "appropriate" misinterpretation on the part of government, particularly encrypted remailers. Just what the Leahy bill last year appeared to be intended to do.
Confirms that it is legal to sell any cryptosystem within the US
Again, that's unnecessary and redundant.
Sets standards for the release of keys to foreign governments
I'll post a more detailed summary later when I've had a chance to go over the bill more carefully.
What we should be particularly suspicious of is any differnces between last year's bill and this year's. Somehow I doubt we'll see any desireable change; all the changes will be bad. Jim Bell jimbell@pacifier.com