13 May 1998
From: Greg Garcia <greg.garcia@computerprivacy.org>
To: "'jya@pipeline.com'" <jya@pipeline.com>
Subject: FW: Encryption Bill Introduced Today
Date: Wed, 13 May 1998 11:00:19 -0500
Attached is the Ashcroft-Leahy press release and bill summary for you to
post on Cryptome if you wish.
Subject: Encryption Bill Introduced Today
Senators cosponsoring the following legislation include: Ashcroft,
Leahy, Burns, Craig, Boxer, Faircloth, Wyden, Kempthorne, Murray.
Ashcroft-Leahy Bill Protects Privacy of Computer Messages
WASHINGTON -- U.S. Senators John Ashcroft (R-MO) and Patrick Leahy
(D-VT) today introduced legislation, the E-PRIVACY Act, which protects
Americans' private computer communications and allows U.S. companies to
export stronger encryption programs.
"Fundamentally, the debate over computer privacy is about the
relationship of U.S. citizens to our government. There's been a push for
legislation which would require individuals to hand over the 'keys' to
their private computer files. Innocent citizens are expected to trust the
bureaucracy not to abuse their personal information, in spite of actions
to the contrary by agencies such as the IRS and the FBI," Ashcroft said.
"The E-PRIVACY Act addresses these concerns by balancing privacy rights
with legitimate concerns of law enforcement."
The E-PRIVACY (Encryption Protects the Rights of Individuals from
Violation and Abuse in CYberspace) Act prohibits the government from
establishing a mandatory key escrow system where decryption codes are
required to be deposited with a federal agency or third party. Under
this bill, authorities must have a court order or subpoena to obtain
decryption keys.
The Ashcroft-Leahy measure also clears the way for Americans to use
and sell encryption products of any strength. However, general export
laws will continue to apply, including embargoes to terrorist countries.
"Privacy is critical not just for personal information, but for
financial and business information as well. Our bill seeks to create an
environment where electronic commerce is secure and where America's
technology sector continues to flourish in the global marketplace. Simply
put, strong encryption means a strong economy," Ashcroft said.
Americans for Computer Privacy (ACP), a broad-based coalition of
businesses and organizations dedicated to protecting the privacy of all
Americans' electronic communications, today announced its support for the
Ashcroft-Leahy bill.
As Chairman of the Senate Constitution Subcommittee, Ashcroft held a
hearing in March to examine the constitutionality of placing restrictions on
encryption, as the McCain-Kerrey bill (S. 909) would do. The hearing focused
on the government's desire for access to computer codes that protect e-mail
and other electronic communications, and Washington's effort to impose limits
on the strength of computer software that secures data transmissions.
SUMMARY OF THE ASHCROFT-LEAHY E-PRIVACY ACT
("Encryption Protects the Rights of Individuals from Violation and Abuse in
Cyberspace")
Protects Privacy of Communications and Electronic Information
Affirms the rights of Americans to use and sell whatever encryption
products they want at whatever strength they desire;
Prohibits government-compelled key escrow or key recovery
encryption; Prohibits indirect controls or ties to encryption used for
authentication or integrity purposes;
Requires a Title III court order to obtain decryption keys held by a
third party that will be used to decrypt communications (i.e., same as is
required to wiretap communications today);
Extends to remotely-stored electronic information the same
protections as exist under existing law (e.g., ECPA) for information
stored in your home, thereby requiring a court order or subpoena to obtain
either the plaintext or a decryption key/assistance from third party.
Requires a judge to affirmatively decide to give the government
access to location information generated by mobile electronic services.
Assists Law Enforcement to Obtain Information Consistent with
Constitutional Protections
Makes the intentional use of encryption to conceal incriminating
communications or information a crime;
Clarifies that existing wiretap authority can be used to obtain
communications decryption keys/assistance from third parties;
Provides that decryption keys/assistance for remotely-stored
electronic information can be obtained from third parties with a court
order or subpoena with notice;
Requires the release upon judicial order of a decryption
key/assistance to the Attorney General so that plaintext of encrypted
communications or stored electronic information (but not the key) may
be furnished to a foreign government under certain conditions; and
Creates a National Electronic Technology Center ("NET Center") to
serve as a focal point for information and assistance to federal, state,
and local law enforcement authorities to address the technical
difficulties of obtaining plaintext of communications and electronic
information because of encryption, steganography, compression,
multiplexing, and other techniques.
Modernizes Export Controls on Commercial Encryption Products
The E-Privacy Act does not allow for unrestricted export of any
encryption product; exports to certain unfriendly nations (such as
North Korea, Iraq, or Libya) are absolutely prohibited;
Permits exportability under a license exception for mass market
products which, by their nature, are uncontrollable given the volume
sold and ease of distribution;
Permits exportability under a license exception for products which
do not themselves provide encryption, but are capable of working with
encryption products;
Permits exportability under a license exception for product support
and consulting services;
Permits exportability under a license exception for custom hardware
and software (i.e., not mass market) when comparable foreign products are
available-establishes a joint government-industry board to determine
whether encryption products utilizing the same or greater key length or
otherwise providing comparable security are, or will be, within the next 18
months commercially available outside the U.S. from a foreign supplier;
Affirms that there will be no export controls on encryption products
used for non-confidentiality purposes, such as authentication, integrity,
digital signatures, non-repudiation, and copy protection;
Assures that before export, all products undergo a one-time
technical review to check that the encryption product works as represented; and
Affirms the continued applicability of general export controls-the
government will continue to be able to limit exports to terrorist countries, as
part of a general embargo, and with respect to particular encryption products
that would be exported to an individual or organization in a specific foreign
country.
-end-
Contact: Steve Hilton (417) 881-7068 or Greg Harris (202) 224-4589