Crypto high on Congress agenda

The debate over encryption is firing up even as Congress gets ready for its summer recess next week.

Yesterday, the Computer Security Enhancement Act cleared the House Science Committee. A provision in the legislation would require the National Institute of Standards and Technology (NIST) to set up a procedure for U.S. companies to test foreign encryption.

The House National Security Committee will hold a hearing tomorrow on SAFE.

Rep. James Sensenbrenner's (R-Wisconsin) proposed test bed would supply ammunition for those fighting President Clinton's export restrictions on encryption.

Opponents of the White House policy say the bill's passage will help them illustrate that other countries are shipping stronger encryption products than the United States, therefore making the U.S. government's standard 56-bit limit on crypto key lengths useless.

The longer an encryption key is, the harder it is to break. Advocates of encryption say there should be no limits to key lengths to ensure that communications over computer networks are illegible if intercepted.

The Clinton administration opposes the NIST test bed provision, but privacy advocates are rooting for its approval.

"The act provides a mechanism whereby U.S. decision-makers can take into account the public availability of encryption technologies outside of the United States when formulating policy on encryption," said Marc Rotenberg, director of Electronic Privacy Information Center during a hearing on the Computer Security Enhancement Act. "I hope that an awareness of technologies available outside the United States will influence decision-makers to adopt a policy on encryption that will help U.S. computer hardware and software manufacturers be competitive in what is essentially a global market."

The Security and Freedom through Encryption Act (SAFE) will also have Congress's ear before its August recess.

The House National Security Committee will hold a hearing tomorrow on SAFE, introduced by Rep. Bob Goodlatte (R-Virginia). The bill is expected to go for a House vote in September. But three select committees can hold hearings on the bill before the fall to gather data, which could then be used to introduce "substitute" provisions to SAFE when it goes for House approval.

"It won't stop the bill, but it's another forum where the House can have an intelligent public policy debate about encryption," said Shabbir Safdar of the Voters Telecommunications Watch. "People who advocate the national security side have valid concerns, but they don't trump everything else in the debate."

SAFE would overturn Clinton's export limit and prevent the government from creating a mandatory "key recovery system." Under the current regulations, crypto export products within two years must give law enforcement officials with a court order access to the keys to decode any encrypted communication.

Legislators have been busy trying to overturn the president's export restrictions. The Pro-Code bill, introduced by Sen. Conrad Burns (R-Montana), has lost momentum this session, according to sources. Pro-Code could have served as the Senate companion bill to SAFE, making for an easier passage into law.

Not surprisingly, it's unclear what SAFE's chances are without the power of Pro-Code in the Senate: "The Senate is truly a different animal, but we have to get it out of the House first," said Ellen Stroud, Rep. Goodlatte's press secretary. "But we have the support of Burns and other senators who are on our team and who will work with us."

SAFE's main sponsors announced today that they had garnered 249 cosponsors, a majority of the House. Now they will try to get 290 sponsors to make the bill "veto-proof" should it land on the president's desk.