By Elizabeth Corcoran
In approving the bill, introduced by Rep. Robert W. Goodlatte (R-Va.), the House took a step toward a showdown with the administration, which has worked hard since the start of President Clinton's first term to check the spread of sophisticated encryption technology.
"There's strong objection to the new [administration] regulations on the part of the software industry, business in general and privacy groups across the spectrum," Goodlatte said. He predicted that support for his bill "will continue to grow as people understand how important encryption is to so many things."
Also yesterday, a group called the New Democratic Coalition, led by Reps. Calvin M. Dooley (D-Calif.), James P. Moran Jr. (D-Va.) and Timothy J. Roemer (D-Ind.), sent a letter to Clinton signed by 43 members of the House, calling for the administration to lift its export restrictions on encryption technology.
Encryption technology is the padlock of the digital age. As more individuals and businesses communicate and do business via electronic networks, they have wanted to use such technology to keep intruders from snooping through information stored in databases or listening to online communications.
But encryption doesn't keep out just the bad guys. Law enforcement and national security representatives have argued that widespread use of powerful scrambling technologies could cripple their efforts to gather evidence against suspected criminals.
No rules ban the use of encryption within U.S. borders. But over the past five years, the administration has typically limited U.S. companies' export of encryption products to the least powerful technologies.
Companies argue that it is too costly to build different products for the domestic and foreign markets. So the export policies have effectively limited the companies to developing a single, weaker product they can sell here and abroad.
Privacy advocates, led by groups such as the Washington-based Center for Democracy and Technology and the Electronic Privacy Information Center, contend that people will be better able to protect personal information as better encryption products become available.
The vote on Goodlatte's bill "clearly indicates that the administration's position continues to lose ground," said David Sobel, legal counsel with the privacy center.
Administration officials were less enthusiastic. "We have problems" with Goodlatte's bill, said William A. Reinsch, undersecretary of commerce for export administration. The administration has tried to accommodate concerns about its encryption regulations, he said.
"What's kind of discouraged me [about the action in Congress] is that the members are locked into old stories and old policies," Reinsch said. "Our policies have evolved a lot in the last six months."
In January, the administration initiated a policy that lets companies export more sophisticated encryption, provided they have a plan to store "spare keys" for unlocking encrypted information with a government-approved third party. Those plans must take effect within two years.
So far, 24 companies have applied for permission to export encryption with such "key recovery plans," Reinsch said. The government has approved half the applications, including those from Netscape Communications Corp. and International Business Machines Corp. The others are still pending.
Last week, the administration nudged open the export door a bit further for banks and financial institutions by letting them use sophisticated encryption without a key recovery plan. Banks and financial institutions "are inclined to be helpful to [law enforcement and national security operations], so we are inclined to be helpful to them," Reinsch said.
But privacy advocates and software companies are still unhappy about the regulations. "In the name of law enforcement, key recovery puts everyone's privacy at risk," Sobel said.
Goodlatte is not the only one honing encryption legislation. Sens. Conrad Burns (R-Mont.) and Patrick J. Leahy (D-Vt.) have been developing bills, and Rep. Bob Kerrey (D-Neb.) said last week that he plans to introduce legislation to create a "level playing field" among international trading partners.
Kerrey said he is seeking "a law that lets the market develop a secure international network." Encryption proponents worry that he is contemplating stiff restrictions on use of the technology.
Goodlatte's bill is still subject to the scrutiny of the House International Relations Committee before it reaches a floor vote. But yesterday's vote pushes the bill ahead of any past encryption legislation.
"We think there will be something on the president's desk by the time this Congress is over," said Becca Gould, vice president for public policy with the Business Software Alliance, which has been a strong advocate of Goodlatte's bill.