A last-minute amendment to lessen criminal penalties on the use of encryption could see the SAFE Act through a crucial vote tomorrow.
Rep. Bill Delahunt (D-Massachusetts) will introduce the amendment to Rep. Bob Goodlatte's (R-Virginia) bill, which relaxes encryption export rules. The amendment aims to scrap a condition that would make the use of encryption "in furtherance of a crime" punishable by up to five years in prison.
A coalition of privacy and commercial interests had threatened to pull their endorsement of SAFE if Goodlatte didn't throw out the criminal portion altogether. Delahunt's amendment, conceived by the Electronic Privacy Information Center, may strike an accepted balance.
The amendment states that the punishable crime must be a felony. Further, the perpetrator must "knowingly and willfully encrypt incriminating information relating to that felony with the intent to conceal such information for the purpose of avoiding detection by law enforcement agencies or prosecution."
"None of us are happy about any criminal provision, but this is an improvement," David Sobel, staff counsel to EPIC, said today. "The existing language is very broad and could cover even 'unknowing' uses of encryption."
Goodlate is rumored to have already endorsed the amendment, which his cosponsor Rep. Zoe Lofgren (D-California) helped Delahunt draft.
If SAFE doesn't pass, Lofgren maintains, billions of dollars will be lost by U.S. software companies unable to compete with less-regulated foreign manufacturers. "If we do not change our encryption policy, American companies will be left behind," she said in a statement.
The White House opposes the SAFE Act and Senate legislation known as the Pro-Code bill, which would also overturn federal limits on the strong export encryption.
The bills would eliminate the Clinton administration's requirement to build so-called key-recovery systems, which let law enforcement officials with court orders unscramble encrypted communications. Federal agencies say they need this ability because criminals can use encrypted data to help them commit crimes.
"This [amendment]is a surgical solution to the problem that law enforcement keeps raising. We believe that enactment of this provision should finally put to rest the law enforcement arguments on encryption and will underscore the fact that key escrow or 'recovery' is unnecessary," Sobel said.
But the administration is not expected to drop its campaign to get keys to private data in and out of the United States.
The White House floated a bill in March that would create a voluntary "key management infrastructure" for domestic encryption. The bill has yet be sponsored, but an outline of a new bill by Sen. Bob Kerrey (D-Nebraska) appears similar.
Kerrey's effort would require universities and other online networks funded by the federal government to give up keys to their encryption data. It also allows for a "fast-track review" for encryption used in financial transaction software, but this provision was already granted by the government last week. (See related story)