Crypto compromise not in cards
Sen. Conrad Burns, who has long fought to lift limits on encryption, says he doubts the issue will be resolved this year.
Sen. Conrad Burns (R-Montana), who wrote the dormant Pro-Code crypto export relief bill, told reporters gathered at Netscape Communications' headquarters here that the heated debate over data security products is still alive and well.
"I would like to see legislation this year, but I'm not optimistic about it," he said.
When investigating crimes, law enforcement wants to the ability to obtain a "spare key" to unlock consumers' protected digital communication. But industry leaders say there is no global market for data security products that have a built-in "back door" for law enforcement.
Last month, Burns cosponsored a popular compromise: the E-Privacy Act. The bill would lift crypto export regulations for products that are generally available on the international market.
The legislation also would prohibit the government from mandating within those products key-recovery systems or key escrow, in which copies of people's private crypto keys are stored with licensed third parties or the government. Currently, manufacturers must show they plan to support key-recovery in the future to get an export license.
High-tech companies, a
slew of federal lawmakers, and consumer advocates
agree that electronic commerce will not flourish if people are concerned about the security of their messages and financial transactions. The
unfettered availability of encryption can quell these fears, according to proponents of export relief.
"The Internet will never see its great potential until there is some reliance [in the] safety of the information you move over the Internet," Burns said. The senator was in town meeting with the Technology Network, a bipartisan lobbying group based in Silicon Valley.
The senator added he is not involved in next Tuesday's meeting between FBI, Justice Department officials, and industry executives who are expected to attend from America Online, AT&T, Netscape, Microsoft, MCI Communications, and Novell, among other companies.
According to sources, the meeting was set up by Sen. Dianne Feinstein (D-California) and Sen. Jon Kyl (R-Arizona).
Last fall, Feinstein and Kyl backed the FBI's request for mandatory key-recovery systems in domestic encryption products, a move that angered Silicon Valley consortia and privacy groups.
There is little likelihood that the E-Privacy Act will be taken up by Congress this year, but it is possible industry and government could negotiate a deal behind closed doors.
A coalition called Americans for Computer Privacy (ACP) has been in discussions with White House officials. Most of the executives meeting with the FBI next week also are members of the ACP.
The group asked President Clinton to allow the export of strong encryption to "legitimate and responsible organizations" worldwide, such as foreign financial institutions or telecommunications firms. The ACP apparently set this Friday as the deadline for Clinton to respond.
Any such compromise will no doubt pull from the E-Privacy Act, which carves out some concessions for law enforcement. For example, the proposal would make it a felony to use encryption to "conceal incriminating communications or information about a crime." In addition, a National Electronic Technology (NET) Center would be set up to bring together encryption makers and nationwide investigators who need assistance in decrypting messages to bust suspected criminals.
Also next week in Washington, the Electronic Privacy Information Center will hold its Cryptography and Privacy Conference. The conference will center on the administration's export policy, such as the merits and problems of key escrow and key-recovery systems.
Justice officials and William Reinsch, the undersecretary of the Commerce Department's export bureau, are expected to speak on a panel with privacy advocates and industry representatives about key-recovery mandates and whether the White House needs to abandon its policy.