Encryption bill is laissez-faire

Sen. Conrad Burns (R-Montana) next week will reintroduce legislation aimed at wiping out most Commerce Department restrictions on the export of software encryption, his press secretary told CNET yesterday.

The new version of the so-called Pro-Code bill, which died in the Senate Commerce Committee last year after a series of high-profile hearings, will be unchanged and should enjoy the same support it gained in the 1996 session, Burns's press secretary Matt Raymond said.

"The language was not something that was arrived at lightly," Raymond said. "We should have time for a more robust and considerate debate" compared with last year's unsuccessful rush to get the bill passed, he added.

Without such time pressures, Pro-Code backers hope to convince key senators such as Alphonse D'Amato (R-New York) and Arlen Specter (R-Pennsylvania) that the bill is good for business and privacy and will not compromise national security. One of the bill's biggest opponents last year, Senator James Exon (D-Nebraska), is no longer in office.

Burns, who sits on the Senate Commerce Committee, is set to appear via satellite Tuesday at the RSA Data Security Conference in San Francisco to announce the bill's reintroduction.

"It's an important move in the crypto policy chess game," said Stanton McCandlish, program director of the online privacy organization Electronic Frontier Foundation. "It's time for Congress to get back in the game, and this will be a strong push."

The latest encryption regulations, enacted January 1 and administered by the Commerce Department, mandate the storage of encryption codes or "keys" with third parties if the encryption is exported. This system, known as "key recovery" or "key escrow," lets law enforcement officials with a court order access private keys.

Once law officials have the keys, they can intercept email and open stored data. The Commerce regulations give software companies that want to export strong cryptography a grace period of two years to submit their keys to a third party.

Foes of the new federal regulations contend that federal law enforcement's influence over the export licensing process is scaring away foreign buyers of U.S. products and hurting the competitiveness of domestic software businesses.

"The 'give the government your keys' plan is not an appropriate form of regulation on exports," McCandlish said.

But law enforcement, led by FBI director Louis Freeh and the Clinton administration contend that some access to digital data is necessary in an age where techno-savvy criminals are using email and other electronic means to communicate and store information.

Meanwhile, a case challenging the constitutionality of encryption export regulations was stalled yesterday because of the administration's new rules.

The U.S. Court of Appeals decided to send the case back to a lower court because the new rules transferred regulatory authority from the State Department to the Commerce Department. The case was originally filed against the State Department in September of 1995 by cryptographer Philip Karn who was denied permission to export a computer disk containing the source code in the book Applied Cryptography.

Karn's request was denied despite the fact that the book itself may--for now--be freely exported. This case raises the question of whether the government can make a distinction between information on paper and information in digital form. Karn is appealing a lower court's decision to dismiss the case.

Back to introduction page