Crypto compromise coming?
Sounding more optimistic than before, Sen. Conrad Burns says a compromise could be on the horizon for federal limits on encryption exports.
At a meeting in Silicon Valley just three weeks ago, Burns told reporters that he doubted legislation would move this year to relax restrictions on strong encryption, which secures digital communication. Burns noted that there weren't enough days left in the legislative session.
But today, Burns said he and six other key senators, including majority leader Trent Lott (R-Mississippi), have promised to pass encryption legislation if the Clinton administration does not change its policy.
"We have been debating this issue since the administration's introduction of the ill-fated Clipper chip proposal over five years ago, but no substantial change in administration policy has taken place. It is time for us to take action," Burns, who has long fought to relax the export limits, said in a statement.
Federal rules not only restrict the export of strong encryption, they require that exporters get a license. The rules also require that products eventually support key-recovery systems, which let investigators access secure email or computer files.
Law enforcement officials say they need access to the private keys to investigate tech-savvy suspects. But privacy advocates argue that the restriction affects all overseas computer users by prohibiting their access to the best security products.
Moreover, software makers say that encryption products with a "back door" for police aren't marketable and are too weak to secure email or data files.
"Law enforcement has legitimate concerns about the spread of this technology, and we must work to provide them the tools and expertise they need to keep up with advances in encryption technology," Burns added. "The fact is that we are making fundamental decisions about what kind of privacy Americans will have in the years to come."
The hottest proposal on the table is the E-Privacy Act. The bill would lift crypto export regulations for products that are generally available on the international market.
The legislation also would prohibit the government from mandating within those products key-recovery systems or key escrow, in which copies of people's private crypto keys are stored with licensed third parties or the government. Currently, manufacturers must show they plan to support key-recovery in the future to get an export license.
The E-Privacy Act also carves out some concessions for law enforcement. For example, the proposal would make it a felony to use encryption to "conceal incriminating communications or information about a crime." In addition, a National Electronic Technology Center would be set up to bring together encryption makers and nationwide investigators who need assistance in decrypting messages to catch criminals.
Although there have been several meetings between the private sector and administration along with numerous hearings about the encryption export limits, the rules have remained intact. Also, the handful of bills to ease the regulations have never been passed.
"Continuing to restrict the foreign sale of American encryption technology that is already available abroad, or will soon be available, is antibusiness, anticonsumer, antijobs, and antimotivation," Lott said in a statement. "If the administration will not do what is right, reform its export regime, then Congress must enact encryption reform during this session."