Science &Technology in Congress
Regulation of data encryption technology continues to be a troubling issue for Congress. Since the 104th Congress, there has been continual tension between the Administration's need to protect national security and the desire of the software industry to export software containing strong encryption. Advocates for free speech on-line, who view restricting encryption as a violation of civil rights, are also engaged in the policy debate.
Early in the 105th Congress, Rep. Bob Goodlatte (R-VA) and Sen. Conrad Burns (R-MT) each introduced a bill to liberalize the current export controls on encryption. The Goodlatte bill (H.R. 695) has been making progress through the House. The legislation, which has over 200 cosponsors, has been approved by the Judiciary Committee, and the International Relations Committee was scheduled to vote on the bill on July 22.
The Burns legislation, however, was not successful in attracting support in the Senate. The bill was halted by Sen. John McCain (R-AZ), chair of the Commerce Committee, and Sen. Bob Kerrey (D-NE) with the introduction of S. 909 on June 16. It differs from the Burns bill on several key points. Regarding export controls, where Sen. Burns would have eliminated existing restrictions, the McCain-Kerrey bill allows producers to export encryption products up to 56 bit DES in strength. To export anything stronger, the encryption product must include some means of recovering a key to the data, so that authorized law enforcement officials can access the information if necessary.
The McCain-Kerrey bill also goes far beyond the scope of the Burns legislation by outlining the legal parameters of a voluntary key-recovery infrastructure. With such an infrastructure, encryption users would have the option of depositing electronic keys to their encrypted data with the proper authorities. The proposed legislation provides rules governing the use and management of these keys.
The McCain-Kerrey bill is much closer to the Administration's position than previous legislative proposal. The Administration has long been pushing for a national key-recovery system, in one form or another, in order to give law-enforcement and national security agencies the power to tap into encrypted communications. Consequently, the Administration has been supportive of the efforts of Sens. McCain and Kerrey.
Meanwhile, on the House side, the Rep. F. James Sensenbrenner, Jr. (R-WI), Science Committee Chairman, contributed to the debate with H.R. 1903, the Computer Security Enhancement Act. The bill, introduced on June 17, would expand the role of the National Institute of Standards and Technology (NIST) in evaluating computer security technology and setting standards for protecting federal computer systems. The proposed legislation, however, faces serious opposition from the Administration because it authorizes NIST to evaluate foreign encryption technology as it relates to U.S. export controls. This is perceived by the Administration as regulatory authority which is best left in the hands of other agencies.
As the 105th Congress heads into the August recess, the outcome to the encryption battle is as uncertain as ever. This is especially true now that the Senate and the House are pursuing substantially divergent paths towards encryption legislation.