CNET también está disponible en español.

Ir a español

Don't show this again


New Pro-Code bill raises fears

The new Pro Code bill aims to strike a balance with the opposition. But privacy advocates say the changes are dangerous.

To counter another possible defeat, the latest draft of the Pro-Code encryption bill contains language that appears aimed at striking a balance with the opposition, but privacy advocates say the additions are dangerous.

Sen. Conrad Burns (R-Montana) is expected to reintroduce the bill, formally named the Promotion of Commerce On-Line in the Digital Era Act, next week to remove most of the Clinton administration's restrictions on the export of software encryption, which are administered by the Commerce Department.

The regulations would require software companies to store with a third party the codes to exported encryption, which secures digital data like email. This system, known as key recovery or key escrow, gives law enforcement officers access to the keys with a court order.

Last month, Burns's office said the new bill would be unchanged from the version that died in the Senate last year. However, a February 12 draft of the bill calls for the creation of an "Information Security Board," made up of representatives from federal agencies that are involved in developing information security policy and export controls on encryption.

"We want to have the strongest bill possible that can get the largest support," Burns's press secretary Matt Raymond said today. "This formalizes a procedure for sharing and distributing information. It's giving the government a voice without making it the arbiter of the specifics of the debate."

Board members would keep their national security agencies informed about the latest information security and encryption technologies being exported. The board would learn about technologies in part from quarterly meeting with industry leaders, privacy experts, cryptographers, and engineers. The board can also meet at any time with any person involved in the development of crypto technology.

The provision to create a board has alarmed privacy groups like Electronic Privacy Information Center because the drafted bill states that the Federal Advisory Committee Act (FACA) does not apply to the board. The FACA requires that "each advisory committee meeting shall be open to the public."

"This provision would create a secret policy-making process. We want crypto policy made in the bright light of day," said Marc Rotenberg, director of EPIC. "We think it should be a public process. The board was a bit of a concession to pick up some more sponsors, but I think they'll be giving away quite a bit."

EPIC would be in support of a board that included for example, user groups and if the meetings were subject to the FACA.

However, other public-interest groups behind Pro-Code say that compromises such as the board have to made or the bill could be killed again.

The draft also includes a less-noticed provision that may have been added on to appease contenders from the cable and movie industries. The draft says laws intended to prevent the distribution of descramblers of cable and satellite television signals will not be affected by the bill.

"There were a lot of people in the coalition behind this effort that represent on a lot of different interests, including content providers like the Motion Picture Association," Raymond said today. "We wanted to make it clear that we're not trying to make it easier for people to illegally intercept cable TV transmissions."

Even with the draft's efforts to find a middle ground with opponents, law enforcement officials may still fight the bill contending that access to encrypted data is necessary to stop criminals who may use email and other electronic means to communicate and store information about their crimes.