ChatGPT's New Skills Resident Evil 4 Remake Galaxy A54 5G Hands-On TikTok CEO Testifies Huawei's New Folding Phone How to Use Google's AI Chatbot Airlines and Family Seating Weigh Yourself Accurately
Want CNET to notify you of price drops and the latest stories?
No, thank you

Safe Net: Encryption and personal data

Law enforcement wants access to encrypted communication and Netizens want safe, private e-commerce--in the middle is Congress, with a slew of bills in the works.

Safe NetEveryone on Capitol Hill is talking about the potential of e-commerce. Consumers need more than a browser and a buyer's impulse to spend cash online, however, they need to feel secure. Netizens also want to keep their digital conversations private. Encrypting (or scrambling) electronic data so that only the rightful recipient can read a message is the industry's
Bills to watch Legislation to watch
Bills that have passed Signed into law
solution. But law enforcement wants the ability to crack the codes when investigating alleged crimes. Congress is considering the following bills to reconcile those issues, as well as others to ensure consumers' online privacy.


Security and Freedom Through Encryption (SAFE) Act
Introduced by Rep. Bob Goodlatte (R- Virginia)

As introduced, SAFE relaxes federal export restrictions on strong encryption, which scrambles digital messages so that only the sender and recipient can decipher the communication using a "key." The bill also prevents the government from creating a mandatory "key recovery system." Under the current regulations, within two years, producers of exported crypto must build a back door to their software that gives law enforcement access to the keys that decode encrypted messages. There are five versions of the bill now; at least one gives law enforcement quick access to unlock secure messages within the United States during criminal investigations.

The House Commerce, Intelligence, Judiciary, National Security, and International Relations committees have each passed their own versions of the bill. The House Rules Committee now will reconcile all five bills. Observers say the chairman of the committee opposes any encryption bill unless it contains domestic controls. If cleared, the next step would be a House vote.

Previous coverage
•  Crypto bill SAFE out of committee September 24, 1997
•  AFE crypto bill cracked again, September 12, 1997
•  Overhaul of SAFE bill approved, September 9, 1997
•  Feds respond to crypto criticism, May 21, 1997
•  House committee OKs crypto bill, May 14, 1997
•  Clause could rescue crypto bill, May 13, 1997
•  Crypto showdown this month, May 6, 1997

Secure Public Networks Act
Introduced by Sen. John McCain (R-Arizona) and Sen. Robert Kerrey (D-Nebraska)

This bill began as a Clinton administration proposal, and makes key recovery mandatory for all U.S. online networks and computing equipment funded wholly or partially with federal money. This condition could make key recovery a component of a majority of the networks in the country, as the government and public academic institutions provided most of the initial seed money for building the Net. With the advent of the McCain-Kerrey bill, the Senate Commerce Committee has discontinued consideration of Sen. Conrad Burns's (R-Montana) so-called Pro-Code legislation, which, like SAFE, would have relaxed crypto export controls.

Previous coverage
•  Lott lambasts FBI crypto policy, October 24, 1997
•  Cooks in Clinton crypto kitchen, September 11, 1997
•  White House shuns FBI crypto plan, September 5, 1997
•  McCain-Kerrey crypto talks continue, July 29, 1997
•  FBI wants domestic crypto keys, July 10, 1997
•  New crypto bill clears committee, June 19, 1997
•  Pro-Code bill all but dead, June 19, 1997
•  Crypto bill seeks domestic rules, June 17, 1997
•  Pro-Code bill adds security board, February 27, 1997

Encrypted Communications Privacy Act
Introduced by Sen. Patrick Leahy (D-Vermont)

Allows all U.S. citizens to use any strength encryption. Prohibits federal or state lawmakers from requiring that encryption users store the key to unlock their digital communications with a third party, which is known as domestic "key escrow."

Senate Judiciary Committee held.

Consumer Privacy

Social Security On-line Privacy Protection Act
Introduced by Rep. Bob Franks (R-New Jersey)

Federal Internet Privacy Protection Act Introduced by Rep. Tom Barrett (D-Wisconsin)

Personal Information Privacy Act
Introduced by Sen. Dianne Feinstein (D-California), Sen. Charles Grassley (R-Iowa), and Rep. Gerald Kleczka (D-Wisconsin)

American Family Privacy Act
Introduced by Rep. Paul Kanjorski (D-Pennsylvania)

Social Security Information Safeguards Act
Introduced by Rep. Barbara Kennelly (D-Connecticut)

These bills have one thing in common: they all keep Social Security numbers (SSNs) off the Net. Franks's bill prohibits Net access or online service providers from selling or disclosing customers' SSNs or other personally identifiable information without prior informed written consent. The Feinstein-Grassley bill goes one step further, stating that no one can sell or share another person's private data without permission. The proposals by Barrett and Kanjorski are similar, but include federal agencies among those who can't post online any information about a person's education, financial or tax transactions, and medical or employment history, if the records contain the individual's name, SSN, or other personal identification numbers.

The Commissioner of Social Security would only have to study the issue of putting SSNs and other private data on the Net under Kennelly's bill.

All bills referred to various House and Senate committees for consideration.

Previous coverage
•  Social Security still a sticky issue, September 4, 1997
•  FTC backs industry on privacy, July 31, 1997
•  Privacy forum plugs disclosure, June 11, 1997
•  Privacy bills stampede on Hill, April 18, 1997
•  Lawmakers address online privacy, April 15, 1997
•  FTC urges privacy protections, January 6, 1997

Consumer Internet Privacy Protection Act Introduced by Rep. Bruce Vento (D-Minnesota)

Mandates that ISPs and online services get customers' permission prior to releasing their personally identifiable information to third parties.

Under consideration by the House Subcommittee on Telecommunications, Trade, and Consumer Protection.

Previous coverage
•  Dutch ISP won't tap email, November 14, 1997
•  CNET Special Feature: Dark side of the Web, July 18, 1997
•  Clinton sets course for Internet, July 1, 1997

Communications Privacy and Consumer Empowerment Act Introduced by Rep. Ed Markey (D-Massachusetts)

Bills to watch Data Privacy Act
Introduced by Rep. Billy Tauzin (R-Louisiana)

Requires that the Federal Trade Commission hold another set of hearings to explore companies' online practices for collecting and using consumers' and children's personal information. The legislation directs the Federal Communications Commission to examine ISPs' and common carriers' data protection practices and to propose regulations to protect consumer online privacy if current laws or industry self-regulatory efforts are ineffective. In addition, Markey's bill would require that Net access providers offer all customers blocking software at no charge.

Tauzin's bill encourages self-regulation of online privacy. The bill mandates the creation of an industry working group to draft voluntary guidelines for the collection of surfers' data and to address unsolicited commercial email.

Referred to House Subcommittee on Telecommunications, Trade, and Consumer Protection.

Previous coverage
•  Credit reports taken off Net, August 15, 1997
•  Netizens blast FTC privacy report, August 1, 1997
•  FTC backs industry on privacy, July 31, 1997

Digital Signatures

Bills to watch Electronic Commerce Enhancement Act
Introduced by Rep. Zoe Lofgren (D-California) and Rep. Billy Tauzin (R-Louisiana)

Increases consumer confidence in electronic transactions. This bill would require federal agencies to accept digital signatures as valid signatures on online forms. In addition, the Office of Management and Budget and the National Telecommunications and Information Administration would have to develop a plan to put all federal forms online within 12 months. The private sector is being placed in the hot seat to come up with the software and certificates needed to verify that someone who files a government form electronically is who they say they are.

Referred to House Commerce and Oversight committees.

Previous coverage
•  Bill seeks online federal forms, November 12, 1997
•  Digital signature laws discouraged, October 29, 1997

Go to: Taxes, gambling, and piracy