New crypto bill clears committee

Alan Olsen root at nwdtc.com
Thu Jun 19 12:06:32 PDT 1997



http://www.news.com/News/Item/0,4,11693,00.html

The fix is in...


New crypto bill clears committee 
By Alex Lash
June 19, 1997, 11 a.m. PT 

just in Just two days after it was introduced, a bill that seeks
to impose restrictions on the domestic use of encryption sailed
without hearings through the Senate Commerce Committee. 

The bill, sponsored by Commerce Committee chairman John
McCain (R-Arizona) and Bob Kerrey (D-Nebraska),
originally was a proposal floated by the White House as an
alternative to other bills that aim to lift most restrictions on
the use and export of encryption software. The Commerce
Committee passed the bill on a voice vote. Unless it is
diverted to another committee, the bill will be scheduled for a
full Senate vote. 

Privacy advocates viewed the success of the McCain-Kerrey
bill, known formally as the Secure Public Networks Act of
1997, with great concern. 

"This is majorly bad news," David Sobel, legal counsel for the
Electronic Privacy Information Center, said today. "It basically
mandates use of key recovery encryption in any federally
supported network, including universities. It also muddies the
waters for the prospects of liberalizing encryption policy, and
it's directly at odds with the SAFE bill that is moving through
the House." 

Both the SAFE bill in the House and the Pro-Code bill in the
Senate seek to ban federally mandated key recovery.
Pro-Code had early success after its reintroduction this year
but has stalled in the same committee that just passed the
McCain-Kerrey bill. 

Like the White House proposal, the McCain-Kerrey bill
seeks to impose for the first time mandatory key recovery
within the United States on top of the White House's crypto
export regulations.

Despite implementing tight domestic controls on encryption,
the bill leaves open a window for looser export controls. It
gives the Commerce Department secretary leeway to approve
the export of strong encryption software without key recovery
if similar products already or soon will be available.

The bill slams the door, however, on the possibility of
challenging a crypto export denial: "The secretary's decision
on the grounds for the grant or denial of licenses shall not be
subject to judicial review." 

The struggle over encryption policy has centered on law
enforcement access to private information transmitted
electronically or stored on computers. The government argues
that criminals will use unregulated strong encryption to keep
their plans secret. The use of key recovery requires users of
encryption software, such as secure email programs, to store
their keys in a place where the government can quickly access
them without the users' knowledge. 

The McCain-Kerrey bill would make key recovery mandatory
for all products purchased by the government and for any
product used on a network that is even partially funded by the
federal government. The bill also states that law enforcement
would require only a subpoena to access private keys,
whereas current federal regulations require a court order.

The new bill would also link digital certificates to key recovery
and grant government the authority to license digital
certificates. These certificates, which establish and verify the
identity of the sender of an encrypted communication, are
considered a critical element of electronic commerce.
However, if McCain-Kerrey becomes law, users won't be
able to obtain a government-approved certificate without
storing their keys with a third party. 

Current regulations administered by the Commerce
Department allow software makers to export encryption up to
56 bits in strength without a license or key recovery
mechanisms. That limit seems less secure, however, after
yesterday's announcement that thousands of people linked
their computers over the Internet to crack a 56-bit DES code
from RSA Data Security. 

In a report released last year, a group of leading
cryptographers recommended a minimum key length of 90 bits
to ensure secure communications.

Senior writer Janet Kornblum and reporter Courtney
Macavinta contributed to this report.







More information about the cypherpunks-legacy mailing list