|Encryption Bills Gain Momentum
Ever since the Internet emerged as a vehicle for widespread communication and commerce, data security has been of increasing concern to the policy makers responsible for crafting new regulations to protect network users. Encryption, the ability to scramble data so that it can only be decoded with the right key, is fundamental technology that forms the basis for secure transactions and communications.
Congress faces the task of defining appropriate uses and restrictions on encryption technology, balancing the privacy needs of individuals and organizations against the potentially dangerous use of unbreakable encryption by criminals and terrorists. The debate between these two poles has raged over Capitol Hill since the 104th Congress. The Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have consistently held that law enforcement officers need to be able to access encrypted information for surveillance purposes and to effectively prosecute criminals. The Administration also wishes to enforce restrictions on encryption exports. On the other side of the issue, software producers have led the charge against export restrictions, arguing that they damage U.S. competitiveness since strong encryption products are available internationally anyway. Advocates for privacy and free speech are also aligned against the Administration position, claiming that Americans are entitled to unregulated use of encrypted communication. A new, powerful coalition of software businesses and on-line advocacy groups called Americans for Computer Privacy (ACP) was launched early in March and is now spearheading a campaign to liberalize encryption controls. Scientists also have a stake in this debate because current encryption restrictions limit the ability of computer scientists studying cryptography to publish their findings.
Two legislative proposals have emerged from the debate as contenders for congressional action. H.R. 695, introduced by Rep. Bob Goodlatte (R-VA) and S. 909, introduced by Sen. John McCain (R-AZ) and Sen Bob Kerrey (D-NE) would each eliminate the current cap on the strength of encryption exports. Instead, they would allow the government to approve exports based on the level of strength generally available abroad. Both bills would also prohibit the government from forcing domestic encryption users to hand over copies of their keys to the data to a centralized government-sanctioned authority.
On March 17, in the most recent encryption hearing, the Senate Constitution, Federalism, and Property Rights Subcommittee listened to testimony about the constitutionality of encryption regulations. One of the witnesses was Cindy Cohn, lead counsel for Bernstein v. the Department of Justice, et al. For six years, Professor Daniel Bernstein, a computer scientist, has been trying to publish on the Internet an encryption program he wrote. This would violate current U.S. policy. Arguing that this constituted a violation of free speech, Bernstein took his case to court. In the ensuing decisions, according to Cohn, “the Federal District Court has declared that every single one of the current (and previous) regulations of encryption software are unconstitutional.”
Cohn went on to point out that the current legislative proposals regarding encryption, including H.R. 695, the software industry’s favorite bill, do not address the issues raised by the Bernstein case. She stated in her testimony that it “does not clearly protect scientists such as Professor Bernstein, but only protects those who seek to distribute mass market software already available abroad. This means that American scientists can no longer participate in the ongoing international development of this vital and important area of science.” Other witnesses outlined similar concerns, and many cited the fact that many of the men who framed the constitution regularly enciphered their correspondence using techniques that led to modern digital encryption. The sole Administration witness at the hearing, Robert S. Litt of the Department of Justice argued in favor of encryption regulations, citing the needs of law enforcement and national security. Litt also addressed the issues of the Bernstein case, stating that “a restriction on the dissemination of certain encryption products could be constitutional” even if the products are being distributed for educational or scientific purposes.
Both H.R. 695 and S. 909 are likely to come to the floors of their respective
chambers this session. H.R. 695 has over half of the House of Representatives
on its list of cosponsors, but it also faces serious opposition from Members
concerned with national security, as well as the Administration.
Backers of S. 909 have announced their intention to get the bill before
the Senate in May.