|
|
|
|
||
|
By Amy Branson A bipartisan trio of senators heralded a new encryption bill Tuesday that they hope will jump-start the stalled debate over the export and domestic use of data-scrambling technology. "I hope this bill will break the logjam [and the practice of] people talking past each other," said Sen. Patrick Leahy, D-Vt., one of the bill's sponsors. Leahy was joined by Republican Sens. John Ashcroft of Missouri and Conrad Burns of Montana in touting the bill. Still, maneuvering the bill through Congress and getting it signed by the president will be an uphill battle at best, some supporters concede. The measure faces "a difficult road," said Alan Davidson, staff counsel for the Center for Democracy and Technology. The CDT is a Washington-based nonprofit advocacy group which generally supports this latest encryption bill. Several factors could work against passage of such a bill this year: time constraints presented by Congress' election-year legislative schedule; persistent law enforcement concerns about encryption; and obstacles erected by lawmakers themselves. "I do not believe that there is anything close to a consensus in Congress" on the issue of encryption, said David Sobel, general counsel for the Electronic Privacy Information Center, a Washington-based public interest research center. EPIC, like the Center for Democracy and Technology, basically favors the new legislation. There were also indications Tuesday that some in the law enforcement community will not warm to this bill because it does not promote the widespread domestic use of products that let the authorities rapidly retrieve the "plain text" versions of scrambled files. A law enforcement representative familiar with the issue, who declined to be identified and would not comment on the bill itself, said many in the law enforcement community maintain that domestic encryption products must include features that allow for the "immediate" decryption of "lawfully seized" data and communications. But the sponsors of the bill -- dubbed the "E-PRIVACY Act" -- insist it attempts to balance the "legitimate" needs of law enforcement with privacy concerns raised by advocacy groups, Ashcroft explained. "E-PRIVACY" stands for "Encryption Protects the Rights of Individuals from Violation and Abuse in CYberspace." "We are offering this as what we think is an appropriate solution," he said, inviting the FBI and other administration officials to talk over this proposal with the sponsors. But, Ashcroft added, "We're also saying to them, 'Let's look at where the world is.'" Government-ordered "key escrow" or "key recovery" systems would be outlawed by the bill, which means that the government could not force encryption users to turn over their decryption keys to a third party. The government, especially the FBI, has sought such systems to allow law enforcement officials with court orders or warrants easier access to encoded data and communications. But in deference to FBI Director Louis Freeh and others worried about law enforcement's ability to catch criminals who use encryption and other sophisticated technology to hide their crimes, the bill would establish a National Electronic Technology Center. This NET Center is intended to help authorities "address the technical difficulties" of retrieving the plain text of scrambled files or communications. A similar, but not identical, proposal was added to the House Commerce Committee's version of the Security and Freedom Through Encryption (SAFE) Act [H.R. 695], which has been sponsored by Rep. Bob Goodlatte, R-Va. Privacy advocates, while generally supportive of the E-PRIVACY bill, do not like the NET Center provision. "The danger is that we don't want [the NET Center] to become a new surveillance threat for Americans," said the Center for Democracy and Technology's Davidson. And EPIC's Sobel said the bill's version of a NET Center essentially paves the way for the National Security Agency to get involved with domestic law enforcement activities. "While we support the goal of lifting [export restrictions on encryption] it should not be done at the cost of creating new domestic problems," he said. Both Sobel and Davidson also said a provision in the bill making it a crime to use encryption to hide incriminating information or communications was problematic for their organizations. Meanwhile, Ashcroft Tuesday criticized the "antiquated export regulations" for encryption products maintained by the Clinton administration, arguing that these policies have done nothing but export American jobs. "It is a bit of a tragedy that we have a setting which curtails and constrains U.S. industry," he said, adding that current policies could cost the country 200,000 jobs and $60 billion by the year 2000. Through this bill, the senators are attempting to protect the interests of some U.S. hardware and software manufacturers who have argued repeatedly that the administration's export policies have stymied their efforts to compete in overseas markets. The senators echoed those arguments, with Burns and Leahy also criticizing the fact that the FBI essentially has been allowed to dictate what the administration's export policies for these products will be. "The White House has got to pay more attention to this; they've got to get up to speed," Leahy said, adding: "I don't think they are yet." Burns also said the American electronics industry should not be "frozen in place" by federal law enforcement concerns. The bill would liberalize export controls for mass market encryption and encryption-compatible products, but does not completely remove all controls. For example, exports to terrorist nations for any strength product is prohibited by the legislation, according to a summary prepared by Ashcroft's office. It also would permit exports of "custom" hardware and software that can encrypt communications and data when "comparable foreign products are available," according to the summary. Also, a joint board comprised of government and industry officials would be created to determine whether comparable products are or will be commercially available abroad from a foreign supplier. But while the encryption debate rages on, certain events threaten to make it obsolete. For example, in March the Dutch subsidiary of Network Associates, the largest U.S. independent maker of computer security software, began to produce and market the company's strongest, nonrecoverable encryption technology, called Pretty Good Privacy. In the same month, Ronald Rivest, a scientist for the Massachusetts Institute of Technology, announced his development of a new technique to secure digital files and communications in a way that does not rely on encryption. Meanwhile, the matter very well could reach the Supreme Court before the legislative and executive branches can reach an agreement, Sobel noted.
|
|||||||||||||||||||
|
|
|
|
||
 |
||
