U.S. committees approve encryption, other bills

By Elinor Mills ABREU
IDG News Service, 06/24/99

The U.S. Senate and House Commerce Committees today approved bills that would liberalize encryption export regulations. In addition, the Senate committee passed bills calling for the promotion of digital signatures and filtering software to block pornography.

The House Security and Freedom through Encryption (SAFE) Act removes the government restrictions on export of strong encryption if a comparable encryption product is commercially available outside the U.S. In addition, the SAFE Act bars the government from requiring key recovery, whereby the government would have access to keys to decode encrypted messages for law-enforcement purposes.

The government argues that it needs to control the export of strong encryption for national security. Vendors argue that the restrictions hamper their competitiveness on the worldwide market because strong encryption is readily available outside the U.S. The government wants vendors to develop encryption software that includes a key recovery mechanism.

The amendments approved by the House committee would do several things: require that a comparable encryption product be available in a country outside the U.S. in order for a U.S. company to export similar technology there; bar export to the People's Liberation Army or the Communist Military in China; allow the Secretary of Commerce to deny the export of encryption products if they would be used to harm national security, to sexually exploit children or to execute other illegal activities; require the Secretary of Commerce to consult with the secretaries of State and Defense, the Director of Central Intelligence and the Attorney General when reviewing a product; and subject a person to criminal penalties for not providing access to encrypted data if a subpoena were served and the person had the capability to decrypt the data.

Meanwhile, Sen. John McCain [R-Ariz.] proposed a Senate encryption bill that would allow for the exportation of encryption of key lengths up to 64 bits. In general, companies currently must get a license to export encryption higher than 40 bits in key length.

In addition, the McCain encryption bill would allow for the export of stronger "nondefense" encryption to "responsible entities" and governments in the North Atlantic Treaty Organization, the Association of Southeast Asian Nations and the Organization for Economic Cooperation and Development. However, the Secretary of Commerce would be allowed to prohibit export of particular encryption products to an individual or organization in a foreign country. An Encryption Export Advisory Board would be created to review applications for exemption of encryption of over 64 bits, make recommendations to the Secretary of Commerce and authorize more funding to law enforcement and national security agencies to "upgrade facilities and intelligence." The bill would ask the National Institute of Standards and Technology to establish an advanced encryption standard by Jan. 1, 2002.

"The bill carefully balances our national security and law enforcement interests while updating current laws on encryption technology," McCain said in a statement. "It is illogical to deny U.S. producers the ability to compete globally if similar products are already being offered by foreign companies."

On the digital signature front, Sen. Spencer Abraham [R-Mich.] said the Millennium Digital Commerce Act he sponsored would "ensure that individuals and organizations in different states are held to their agreements and obligations even if their respective states have different rules concerning electronically signed documents."

The Abraham bill would pre-empt state law from denying that digital contracts are legal solely because they are in electronic form; establish guidelines for international use of electronic signatures that would remove obstacles to electronic transactions; and allow the market to determine the type of authentication technology used in international commerce.

The Senate Commerce Committee also grappled with Internet censorship by approving another McCain-sponsored bill. The plan would require schools and libraries receiving government universal service discounts for Internet access to use filtering technology on computers children access that would screen out pornography.

Taking up a less controversial bill, the Senate committee also approved a measure to tie cellular phone users calling 911 to medical centers, police and firefighters for faster response time to accidents and emergencies. The bill would expand the coverage areas of wireless telephone service; establish parity of protection for the provision or use of wireless 911 service; and upgrade 911 systems so they can provide information such as location and automatic crash notification data.

Alan Davidson, staff counsel for the Washington, D.C.-based Center for Democracy and Technology, said "it was a mixed day for the Internet on Capital Hill."

While legislators realize the potential of electronic commerce and favor liberalizing encryption export to advance it, they are fearful of what they see as the "dark side" of the Internet - content that might be objectionable, according to Davidson.

Rather than require filtering software in schools and libraries, legislators should offer educational institutions the flexibility to choose "acceptable use or monitoring policies," he said.

"Mandating that every school and library filter access to the Internet is not going to be the best way to protect kids," he said. "In addition to the fact that the bill has constitutional problems, it mandates one technological approach without regard to the more effective ways that local communities are already protecting kids."

Other committees may review these bills before they go to the floor of the two houses for a vote, he said.

More information about the committee action can be obtained online at http://www.senate.gov/~commerce/press/releases.htm and http://www.house.gov/commerce.