Science & Technology in Congress
Until last year, the ability of the American computer industry to export encryption was tightly restricted by federal regulations. Encryption, the protection of data by mathematically encoding it so that an electronic "key" is needed to access it, was regarded as a security threat, and was treated as such. Software manufacturers could only export relatively weak and easily deciphered 40 bit encryption products. Under pressure from industry representatives and lawmakers on Capitol Hill, the Administration loosened restrictions last fall, allowing business to export stronger encryption technology. The catch, however, is that in order to take advantage of the new situation, software producers are required to devise a key-recovery system that will allow law enforcement officials to access the encrypted data, if necessary.
This new Administration position has left many members of Congress and industry representatives unsatisfied. They claim that foreign competitors already have the ability to market strong encryption, without worrying about compromising their security by imposing a key recovery system on their products. The fear among some policymakers is that the Administration needs to allow U.S. businesses to access this important new market soon, or else lose out to foreign businesses who have greater incentive to develop the technology.
Senators Conrad Burns (R-MT) and Patrick J. Leahy (D-VT), and Rep. Bob Goodlatte (R-VA) have each introduced legislation to loosen the government restrictions and to prohibit imposition of a mandatory key recovery or key escrow system. Sen. Burns' bill, the Promotion of Digital Commerce On-Line in the Digital Era Act (Pro-CODE, S. 377), would liberalize U.S. export restrictions on encryption. Sen. Leahy's bill, the Encrypted Communications Privacy Act (S. 376) ,would create standards to protect the privacy of individuals involved in voluntary key recovery systems. Rep. Goodlatte's bill, the Security and Freedom through Encryption Act (SAFE, H.R. 695) would also relax export restrictions, and prohibit mandatory key recovery.
Administration officials warn that the proposed bills would pose a national security threat if passed. They claim that by promoting unrestricted international use of encryption, it would be easier for terrorists and other criminals to keep their affairs secret. The Administration has circulated draft legislation on Capitol Hill which would encourage domestic use of voluntary key recovery. The Administration's plan outlines requirements for legal access to keys, and would make it a crime to misuse keys or use encryption for illegal purposes.
In order to gain acceptance for its position, the Administration has some serious issues to address. Some critics maintain that criminals around the world already have access to strong encryption, and that a national voluntary key recovery system would do little good in curbing illicit use of the technology. Others point out that the Administration's vision of international adoption of key-based encryption policies is not getting as much support as the White House had hoped. Instead of endorsing key recovery, the Organization for Economic Cooperation and Development (OECD) has established general non-binding guidelines for establishing encryption policies.
The Administration draft legislation represents its latest attempt to define the nation's data protection policies for the next century. The proposal is likely to meet stiff resistance from business interests who export controls clearly reduced and from electronic privacy advocates who see government involvement in a key recovery system as a threat to individual rights. Rep. Goodlatte, Sen. Burns, and Sen. Leahy are each hoping to advance their bills in Congress. It remains to be seen if a compromise can be worked out between the Administration and Congress.