Sunday, June 22, 1997; Page C06

Pity the senator or representative who still hasn't quite mastered the details of how the Internet works, or the difference between the World Wide Web and e-mail. On the Net-related issues that, by all indications, draw the most urgent public interest – those relating to privacy protection – there are now multiple clumps of competing bills, whose differences are both highly important and highly technical.

Three of these involve different strategies to curb junk e-mail; two, diametrically opposed, concern encryption. All these bills are tangential, strictly speaking, to the basic concern expressed at hearings before the Federal Trade Commission: how to safeguard personal and sensitive data about yourself once it gets into the hands of institutions and third parties. (The commission itself is weighing whether to recommend such legislation based on what it heard.) But any of them could powerfully affect future privacy protection.

A striking example is the newest bill on encryption, sponsored by Sens. Robert Kerrey and John McCain, which the Senate Commerce Committee on Thursday voted to adopt as a replacement for a long-standing proposal by Sen. Conrad Burns, dubbed Pro-CODE. Where the Burns bill would have lifted restrictions on the export of "uncrackable" encryption software abroad – restrictions that the administration has fought to maintain for national security reasons – the McCain-Kerrey legislation goes the other way, seeking to expand such restrictions to cover most of the uses of encryption software in the United States. That proposal raises red flags even if you believe, as we do, that there are legitimate national security and law enforcement reasons for controlling the diffusion of such 'robust' coding software overseas.

The bill, offered as a compromise between the administration's priorities and those of Congress, shows how difficult it is to square this particular circle. It would require users of domestic networks with any government funding (such as universities, many hospitals and government contractors) to deposit an extra "key" to their codes with a licensed "key management" authority – with the licensing to be done by the government. Like the administration's international policy, this bill envisions the development of whole new government-regulated industries for key management, retrieval and authentication. This meets the needs of domestic law enforcement agencies, which could get the keys with an ordinary subpoena, but at a considerable cost to the consumer confidence that would be expected to drive a market in encryption software to begin with.

What you think of these bills has a good deal to do with how you think the worlds of electronic commerce and networked communal life will develop – and, of course, no one knows. Even the most enthusiastic boosters of the right to encryption concede that very few people actually use it yet. Electronic commerce itself has yet to take real shape. The main force shaping the Internet for now continues to be the perception – not to mention fear – of the all-too-likely prospect that anyone who wants to can snoop around in the stacks of your most private data, which are constantly accumulating in unknown files.