EXECUTIVE SUMMARY Encryption is extremely beneficial when used legitimately to protect commercially sensitive information and communications. The law enforcement community, both domestically and abroad, is extremely concerned about the serious threat posed by the proliferation and use of robust encryption products that do not allow for the immediate, lawful access to the plaintext of encrypted, criminally-related communications and electronically stored data in accordance with strict legal requirements and procedures. The potential use of such commercially-available encryption products by a vast array of criminals and terrorists to conceal their criminal communications and information poses an extremely serious threat to public safety and national security. Law enforcement fully supports a balanced encryption policy that satisfies both the commercial needs of industry for robust encryption while at the same time satisfying law enforcement's public safety and national security needs. Robust, commercially- available encryption products, which include some type of recoverable capability that allows for immediate, lawful access to plaintext is clearly the best method to achieve the goals of both industry and law enforcement. Since April of 1993, the Clinton Administration has expressed support for the adoption of a balanced encryption policy. In lieu of legislation, the Clinton Administration continues to favor a voluntary approach to address law enforcement's public safety concerns regarding encryption for domestic use. The Administration has been attempting to work with industry, through "good faith dialogue," and by allowing "market forces," influence and inducements (mainly changes to existing export regulations) to bring about the development, sale and use of recoverable encryption products within the U.S. During the 105th Congress, several encryption-related bills were introduced; however, none were enacted. The main focus of these bills was the relaxation of existing export controls on encryption, regardless of the impact on national security and foreign policy. During the 106th Congress, three encryption-related bills have been introduced. Like last Congress' encryption related bills, the main focus of these bills is to either relax existing export controls on encryption products and/or prevent the government (federal or state) from imposing domestic requirements on encryption products to ensure that such domestic encryption products include some type of plaintext access for law enforcement should these products be used in the furtherance of serious criminal activity. These bills included: H.R.850, S.798, and S.854. THE PROLIFERATION OF SECURE OR ENCRYPTED COMMUNICATIONS AND ELECTRONICALLY STORED INFORMATION WILL MAKE IT INCREASINGLY DIFFICULT FOR LAW ENFORCEMENT TO OBTAIN AND DECIPHER THE ENCRYPTED CONTENT OF LAWFULLY INTERCEPTED COMMUNICATIONS AND LAWFULLY OBTAINED ELECTRONICALLY STORED INFORMATION THAT IS NECESSARY TO PROVIDE FOR EFFECTIVE LAW ENFORCEMENT, PUBLIC SAFETY, AND NATIONAL SECURITY. WHAT IS ENCRYPTION? Encryption is the method of hiding the content of a message. In broad terms, any system or technique that renders a message unintelligible by anyone other than the intended recipient of the message is utilizing encryption. A message which has not been encrypted is often referred to as "plaintext". After a message has been encrypted, it is referred to as "ciphertext". Whereas encryption is used to secure a message, decryption is the method for converting ciphertext back to its original plaintext. Many encryption systems use a mathematical function, known as a cryptographic algorithm, to encrypt and decrypt messages. Just as a lock box requires a key to lock or unlock it, a cryptographic algorithm requires a key to encrypt and decrypt a message.
USES AND BENEFITS OF ENCRYPTION Governments have always been very concerned with the secrecy of information related to military, economic and foreign policy issues. For many years, military and government missions drove the development and use of applications for encryption. Protecting one's intentions from an opposing party is critical and for that reason information security is very important. Although encryption software and hardware devices have been commercially available for years, their cost, degradation of voice quality, and user "friendliness" have, in the past made these devices unattractive to the general public. The introduction of digitally-based technologies as well as the widespread use of computers and computer networks which may incorporate privacy features/capabilities through the use of encryption are facilitating the development, production, and use of affordable and robust commercially-available encryption products and services for use by the general public. These encryption systems provide robust security for conventional and cellular telephone conversations, facsimile transmissions, local and wide area networks, communications transmitted over the Internet (E-mail, etc.), personal computers, wireless communications systems, electronically stored information, remote keyless entry systems, advanced messaging systems, and radio frequency communications systems.
Various applications will use encryption to provide privacy, information integrity, authentication and non-repudiation. Privacy, or confidentiality, is probably the best known application of encryption. Unauthorized individuals are prevented from listening in or viewing electronic information. Information integrity protects against unauthorized changes to information after it is sent. This is important for the validation of legal electronic documents. Authentication techniques verify the identity of a sender of a message. This provides assurance that the claimed sender (e.g., return address on a letter envelope) of information is the actual sender and vice versa for destination authentication. Non-repudiation ensures that a sender is not able to deny that he or she sent a particular message. This verification is important when auditing or when litigation is being considered.
ADVERSE IMPACTS OF ENCRYPTION The ability of encryption to ensure the confidentiality and the content of important messages, files or communications of corporations and private citizens can also prevent those same entities from gaining plaintext access to that critical information should the keys needed for decryption become lost or corrupted. Unless there is an alternative plaintext access method, such as a recovery feature incorporated in the encryption product to allow such plaintext access, this important information could be lost forever. The use of encryption can effectively prevent plaintext access not only to law enforcement acting under proper legal authority, but also to corporations in situations where an employee could potentially use encryption to commit illegal acts, including acts against the corporation. A report from Congress's Office of Technology Assessment entitled, "Information Security and Privacy in Network Environments," cited the following: "There is also growing recognition of the potential misuses of encryption, such as by disgruntled employees as a means to sabotage an employer's database." Encryption can also be used to conceal criminal activity and thwart law enforcement efforts to collect critical evidence needed to prevent, solve and prosecute serious and often violent criminal activities, including illegal drug trafficking, organized crime, child pornography and terrorism. In these instances, the use of encryption to secure the content or confidentiality of information poses substantial threats to law enforcement's abilities to: 1) interpret and analyze stored electronic records and files which have been obtained through court-order or other lawful procedures; and 2) perform court- ordered electronic surveillance. Encrypted information obtained through the use of lawfully intercepted communications and/or lawfully accessed electronic records or files will be useless in solving crimes and preventing criminal activity unless law enforcement, pursuant to a court order, has immediate access to the plaintext of such encrypted, criminally-related communications and electronically stored data. In addition to the following notable cases which have been previously highlighted: 1)the Aldrich Ames spy case where Ames was told by his Soviet handlers to encrypt computer file information to be passed to them; 2)the Ramzi Yousef (mastermind of the World Trade Center)/Manilla [sic] Air terrorist case where Yousef and other international terrorists were plotting to blow up 11 U.S. owned airliners in the Far East in which data regarding this terrorist plan was found in encrypted computer files discovered in Manilla after Yousef's arrest; and 3)a child pornography case where the subject used commercially-available encryption to encrypt pornographic images of children that were transmitted to other subjects of the investigation, [L]aw enforcement continues to experience an increase in the number of encounters with, and the subsequent damaging and detrimental effects of, the use of commercially-available encryption by criminals, terrorists and in hostile intelligence activities throughout the United States and across international borders. In particular, the FBI is currently experiencing the greatest impact from encryption in Foreign Counter-Intelligence (FCI), Violent Crime (which includes sexual exploitation of children and child pornography cases), and White Collar Crime/Computer Crimes and Threat Assessments investigations. However, the use of encryption in Organized Crime, Drug, as well as Domestic and International Terrorism investigations have also been encountered. In fact, at least 50 percent of the FBI's 56 field offices have recently encountered encryption in cases involving one or more of the aforementioned investigative program areas. Given the ongoing nature of many of these cases, it is extremely difficult to publicly discuss, with any degree of specificity, the details of these specific case examples, which would further illustrate the adverse impact that the use of encryption is having on law enforcement's ability to effectively conduct investigations and carry out its public safety mission, because such public disclouser could compromise many of these ongoing investigations. The following represents some of the general information which can be publicly discussed concerning ongoing FBI investigations that have been adversly impacted by the use of encryption: 1) At least eight major FBI field offices have identified the use of encryption by the subjects of foreign counter- intelligence and international terrorism investigations in a deliberate attempt by these subjects to protect their suspected criminally-related communications and prevent detection by law enforcement of their suspected criminal activities; 2) In addition to the previously stated example of a child pornography case where pornographic images of children were encrypted and transmitted between subjects, there continues to be evidence of the increased use of encryption by a number of subjects involved in the sexual exploitation of children and child pornography who are utilizing various commercially available encryption products to protect suspected criminally-related information and communications as well as to protect their illegal pornographic images of children from discovery and detection; and 3) There are also numerous ongoing FBI investigations involving illegal hacker intrusions into several university and government computer systems as well as software piracy in which the subjects of these investigations have encrypted potentially incriminating information which, if decrypted, could indicate the level of their involvement in these illegal activities as well as disclose the specific information stolen from these various computer systems.
The FBI Laboratory Division's Computer Analysis and Response
Team (CART) is responsible for providing assistance in law
enforcement investigations where computer generated and/or
electronically stored information has been obtained pursuant to
court authorized search and seizure. The CART has seen the
number of cases utilizing encryption and/or password protection
increase from two (2) percent to approximately twenty (20)
percent over the past four years, to include the use of 56-bit
Data Encryption Standard and 128-bit Pretty Good Privacy
encryption. These totals are expected to increase significantly
with the introduction of Microsoft's newest operating system,
Windows 2000. This new operating system will allow users to
employ an Encrypted File System (EFS) which will provide the
individual computer users with easy to use "point and click"
encryption thereby enabling the user, including criminals and
terrorists, to easily encrypt all of the files stored on their
computer.
It is important to understand that this is not an issue
unique only to U.S. law enforcement. Included in a recently
released paper by the British Government entitled "Encryption and
Law Enforcement", several case examples were sited where
encryption had been used in furtherance of serious criminal
activity in the United Kingdom. The paper noted that the
"development of encryption technology gives rise to a number of
challenges to law enforcement, security and intelligence
agencies. In particular, its widespread use will have an effect
on the ability of these agencies to make use of lawfully
intercepted communications and retrieved data for law enforcement
purposes." Additionally, the paper emphasized the important role
the use of lawful communication interceptions play in protecting
society from crime and terrorism and concludes "that the
development of electronic communications, which promises many
benefits to businesses and individuals, should not also give
assistance to those who are engaged in serious crime." The case
examples set forth in the paper include the following:
1) a 1995 child pornography investigation involving two
suspected paedophiles who used the Internet to distribute
pornographic images of children that was severely hampered
by the use of encryption by the primary suspect of the
investigation;
2) a 1996 investigation of a Northern Irish terrorist group
in which a computer was seized containing encrypted files
concerning potential terrorist targets, including police
officers and politicians; and
3) a 1998 attempted murder and sexual assault investigation
that was impeded by the discovery of relevant encrypted
files on a suspect's computer.
THE CONCEPT OF RECOVERABLE ENCRYPTION
Technical solutions that provide robust encryption, combined
with some type of recoverable feature which allows for the
immediate, lawful access to plaintext of encrypted, criminally-
related communications and electronically stored data, is clearly
the best way to achieve the goals of both industry and law
enforcement. Law enforcement's needs in dealing with its
responsibility for protecting public safety and national security
are best met by ensuring that commercially-available encryption
products manufactured or imported into the U.S. include some type
of capability that allows for the immediate access to the
plaintext of encrypted, criminal-related data (both transmitted
and stored), pursuant to lawful authority (court order).
The concept of recoverable encryption:
Provides a means for corporations to address the misuse
of encryption by disgruntled employees;
Ensures the integrity of the investigation through the
obtainment of the recovery information or plaintext
from a trusted third party (this would also provide
the assurance to commercial and individual users of
encryption that their encrypted communications and
electronically stored information are secure against
unauthorized disclosure and illegal "hacker-type"
attacks);
Allows for an overt process for legally obtaining
recovery information or plaintext that is subject to
public scrutiny and accountability;
Provides confidentiality of law enforcement's request
for recovery information or plaintext access;
Provides an immediate decryption capability which is
available to law enforcement upon presentation of
proper legal authority (to include the state and local
levels) of encrypted, criminally-related communications
or electronically stored information.
Law enforcement's public safety needs can either be achieved
through a voluntary approach, should their be a willingness on
the part of industry as a whole (inclusive of all domestic
manufacturers and all importers of foreign made products into the
U.S.) to effectively address law enforcement's needs voluntarily;
or through a legislative approach, should there be the will on
the part of public policy makers to address the issue
legislatively; or through a combination of both. Failure to
effectively address law enforcement's needs regarding domestic
encryption products will ultimately have a devastatingly adverse
impact on the safety and security of the American public.
CLINTON ADMINISTRATION'S POSITION ON ENCRYPTION
Since April of 1993, the Clinton Administration has
expressed support for the adoption of a balanced encryption
policy that meets the commercial needs of industry for robust
encryption while at the same time meeting the public safety needs
of law enforcement. Administration representatives have been
attempting to working with representatives of industry to
encourage the voluntary development, sale, and use of recoverable
encryption products within the U.S. The Clinton Administration
has steadfastly opposed any legislative effort to impose domestic
controls on encryption, favoring a voluntary approach to address
law enforcement's public safety needs through the use of "good
faith dialogue," "market-forces," influence and inducements
(mainly regulatory change to exiting export controls on
encryption products). Law enforcement remains optimistic that
such a voluntary approach will be successful in addressing its
public safety needs; however, this approach's ultimate success
remains uncertain at this time.
On March 4, 1998, the Vice President announced a new
Administration initiative to try and bring about the voluntary
development of technical solutions that address law enforcement's
public safety needs by calling for "good faith dialogue" between
industry and law enforcement rather than seeking to legislate
domestic controls at that time. Such "good faith dialogue"
efforts remain ongoing. Additionally and of significance to law
enforcement, on September 16, 1998, the Clinton Administration
formally express support for the creation of a centralized law
enforcement resource within the FBI to provide law enforcement
with urgently needed technical capablities to fulfill its
investigative responsibilities in light of the ever increasing
proliferation and use of strong, commercially-available
encryption products within the U.S.
Conversely, the Clinton Administration has steadfastly
opposed any legislative effort to relax existing export controls
on encryption. Such encryption export controls have existed for
years to protect national security and foreign policy interest.
ENCRYPTION LEGISLATION
ENCRYPTION-RELATED BILLS INTRODUCED DURING THE 106TH CONGRESS:
H.R.850, the "Security and Freedom Through Encryption
(SAFE )Act," introduced by Congressman Goodlatte (R-6th-VA)
on February 25, 1999.
S.798, the "Promote Reliable On-Line Transactions to
Encourage Commerce and Trade (PROTECT) Act of 1999,"
introduced by Senator McCain (R-AZ) on April 14, 1999.
S.854, the "Electronic Rights (E-Rights) for the 21st
Century Act" introduced by Senator Leahy (D-VT) on
April 21, 1999.
H.R.850
H.R.850 is almost identical to the bill Congressman
Goodlatte introduced during the 105th Congress(H.R.695).
H.R.850 would largely remove existing export controls on hardware
and software encryption products of comparable strength to those
that are commercially available from a foreign supplier,
regardless of the adverse impact to national security. The bill
would also place a prohibition on mandatory key recovery
encryption by the government and includes a provision making it a
crime to use encryption in furtherance of a criminal act. At the
time of the bill's introduction, it enjoyed over 200 bi-partisan
co-sponsors. Since that time, the number of co-sponsors has
grown to over 250.
The following is an overview of the bill's progress thus far
during the 106th Congress:
On March 4, 1999, the House Judiciary Committee's
Subcommittee on Courts and Intellectual Property held a hearing
concerning the bill with witnesses from NSA, the Justice
Department and the Commerce Department testifying in opposition
to the bill. On March 11, 1999, despite the aforementioned
testimony, the Subcommittee held a mark-up concerning the bill
and favorably reported the bill out of Subcommittee (Congressman
Goodlatte is a member of that Subcommittee).
On March 24, 1999, the full House Judiciary Committee held a
mark-up concerning H.R.850 and, by a voice vote, favorably
reported the bill out of committee without amendments. During the
mark-up Congressman McCollum (R-8th-FL) expressed concerns about
the bill's adverse impact on law enforcement, national security
and intelligence interest, should encryption products that do not
allow for immediate plaintext access proliferate within the U.S.
and aboard. Congressman McCollum then offered an amendment to
the bill's export provisions that would require all hardware and
software encryption products for export to include features that
allow for immediate plaintext access capabilities for use when
there is lawful authorization to obtain such plaintext.
Congressman Goodlatte immediately raised a point of order
objection, asserting that the amendment was not germane and,
without debate, Chairman Hyde ruled that Congressman McCollum's
amendment did not fall under the jurisdiction of the Judiciary
Committee.
The bill has been referred to the House International
Relations, Armed Services, Intelligence and Commerce Committees
for consideration. The House International Relations and
Commerce Committees held hearings on the bill in May, with the
House Intelligence Committee planning to hold several hearings on
the bill in June.
S.798
S.798, introduced by Senator McCain who is the Chairman of
the Senate Commerce Committee, is somewhat of a pro-industry
bill even though the bill's expressed purpose is "to promote
electronic commerce by encouraging and facilitating the use of
encryption in interstate commerce consistent with the protections
of national security and other purposes."
The bill seeks to address both domestic and export related
issues regarding encryption and would basically set in law many
of the Clinton Administration's official positions on encryption
[market driven/voluntary approach regarding domestic encryption,
opposition to mandatory domestic controls (plaintext access
requirement), and the appropriate relaxation of export controls
on encryption for certain sectors and "responsible" governments
while maintaining national security interests. [In Senator
McCain's bill, the responsible governments include NATO,
Association of Southeast Asian Nations (ASEAN)& Organization for
Economic Cooperation and Development (OECD)].
The bill would also create an "Encryption Export Advisory
Board" to make recommendations to the Secretary of Commerce
regarding those encryption products that are generally available,
publicly available or are comparable or will be comparable within
12 months from a foreign supplier thus making these encryption
products eligible for export from the United States. In an
attempt to address NSA's national security concerns with regard
to the export relaxation of such "publicly available" foreign
encryption products, the bill includes a provision that would
allow the President to override any decision by the Advisory
Board for purposes of national security and maintains current
Presidential Authorities to prohibit the export of encryption to
countries that support acts of terrorism or who pose a threat to
United States national security.
From strictly a law enforcement prospective, the only
provision of Senator McCain's bill that is not in sync with the
Administration's current voluntary efforts in support of law
enforcement is Title II of the bill, entitled "Government
Procurement". This provision requires the federal government to
purchase only encryption products that are interoperable with any
and all types of encryption products (recoverable and non-
recoverable) thus eliminating one of law enforcement's
potentially most effective influencers in the market-place in our
effort to encourage industry to manufacture and sale encryption
products that meet law enforcement's plaintext access needs.
Additionally, Title I of the bill, entitled "Domestic Encryption
Provisions", would prohibit the federal government or any state
government from requiring or mandating key escrow, key recovery
or plaintext access capabilities be included in domestic
encryption products.
The following is an overview of the bill's progress thus far
during the 106th Congress:
Introduced on April 14, 1999, and referred to the Senate
Commerce Committee for consideration.
S.854
S.854 was introduced by Senator Leahy, who is the Ranking
Minority Member of the Senate Judiciary Committee. The bill's
expressed purpose is "to protect the privacy and constitutional
rights of Americans, to establish standards and procedures
regarding law enforcement access to location information,
decryption assistance for encrypted communication and stored
electronic information, and other private information, to affirm
the rights of Americans to use and sell encryption as a tool for
protecting their online privacy and for other purposes."
The bill is generally not in the best interest of law
enforcement. Like the Goodlatte and McCain bills, S.854 would
also prohibit the federal government or any state government from
requiring or mandating that key escrow, key recovery or plaintext
access capabilities be included in domestic encryption products.
The bill also seeks to significantly raise the current legal
standard needed to obtain a court order to acquire electronically
stored information held by a third party, decryption information
held by a third party, and the location information of a wireless
telecommunication instrument within a carrier's system to a
probable cause standard; repeal last Congress' changes to the
roving wiretap statute; institute minimization requirements on
pen register intercepts with regard to "post cut through digits";
and institute reporting requirements on the Department of Justice
with regards to Section 2703 court orders for the obtainment of
electronically stored information.
The following is an overview of the bill's progress thus far
during the 106th Congress:
Introduced on April 21, 1999 and referred to the Senate
Judiciary Committee for consideration.
ENCRYPTION-RELATED BILLS INTRODUCED DURING THE 105TH CONGRESS:
H.R.695, the "Security and Freedom Through Encryption (SAFE)
Act," introduced by Congressman Goodlatte (R-6th-VA) on
February 12, 1997;
S.376, the "Encryption Communications Privacy Act of 1997,"
introduced by Senator Leahy (D-VT) on February 27, 1997;
S.377, the "Promotion of Commerce On-Line in the Digital Era
(Pro-CODE) Act of 1997," introduced by Senator Burns (R-MT)
on February 27, 1997;
S.909, the "Secure Public Networks Act," introduced by
Senators McCain (R-AZ), Kerrey (D-NE), Hollings (D-SC) on
June 16, 1997.
S.2067, the "Encryption Protects the Rights of Individuals
from Violation and Abuse in Cyberspace (E-Privacy) Act,"
introduced by Senators Ashcroft (R-MO) and Leahy (D-VT) on
May 12, 1998.
* NONE OF THE AFOREMENTIONED ENCRYPTION BILLS WERE ENACTED
DURING
THE 105TH CONGRESS. Four of the aforementioned encryption-related
bills [Goodlatte (H.R.695), Leahy (S.376), Burns (S.377), and
Ashcroft/Leahy (S.2067)] would have largely removed existing
export controls on hardware and software encryption products of
comparable strength to those that were commercially available
from a foreign supplier, regardless of the adverse impact to
national security. All five bills would have placed a
prohibition on mandatory key recovery encryption by the
government and included provisions making it a crime to use
encryption in furtherance of a criminal act. The McCain/Kerrey,
Leahy, and Ashcroft/Leahy bills would have allowed for the
voluntary use of key recovery encryption and would have
established in law requirements for the release of decryption
keys to law enforcement (Leahy and Ashcroft/Leahy bills by court
order, McCain/Kerrey bill by subpoena).
The following is an overview of each to the aforementioned
bills' progress during the 105th Congress:
H.R.695
Reported favorably out of the House Judiciary Committee on
May 14, 1997 with three amendments. (Congressman McCollum's
amendment--members of the Intelligence Community could obtain key
recovery information if escrowed, Congressman Asa Hutchinson's
amendment--AG is to maintain records regarding the number of
cases where encryption prevented law enforcement from enforcing
the law, and Congressman Delahunt's amendment--would make it a
felony to encrypt information of a criminal nature). The bill
was then referred to the House International Relations Committee
for consideration and appropriate action.
On May 24, 1997, the House International Relations
Committee's Subcommittee on International Economic Policy and
Trade held a mark-up concerning the bill and favorably reported
the bill out of subcommittee by a fourteen (14) to one (1) vote.
On 7/22/97, the House International Relations Committee held
a mark-up concerning the bill. The Committee voted to report
H.R.695 out of Committee with no amendments. The bill was then
referred to the House National Security Committee, the House
Permanent Select Committee on Intelligence and the House Commerce
Committee for appropriate action.
Hearings were also held concerning H.R.695 before the House
National Security Committee on July 30, 1997, before the House
Commerce Committee's Subcommittee on Telecommunications, Trade
and Consumer Protection on September 4, 1997 and before the House
Permanent Select committee on Intelligence on September 9, 1997.
The House National Security Committee held a mark-up of
H.R.695 on September 9, 1997 and adopted an amendment which
continues to require a "one time review" and export license for
export of encryption products. This action effectively addressed
the national security concerns associated with the bill.
The House Permanent Select Committee on Intelligence held a
mark-up of H.R.695 on September 11, 1997 and adopted an amendment
by way of a substitute bill that effectively addressed all of the
law enforcement and national security concerns associated with
commercially-available encryption products and services
manufactured for use in the U.S. as well as for export.
Highlights include: requirements for immediate access to
plaintext features to be included in all encryption products and
services manufactured for use in the United States or imported
for use in the United States by 1/31/2000; "one time review" by
NSA of all encryption products for export and voluntary enabling
of any decryption feature included in encryption products for
export by the destination country; provide for criminal and
civil penalties for unauthorized access to plaintext or
decryption information; and, require the U.S. government to only
purchase encryption products which include such immediate access
to plaintext features.
On September 24, 1997, the House Commerce Committee held
a mark-up of H.R.695. Two competing amendments were offered:
Congressmen Oxley and Manton offered an amendment to require all
encryption products manufactured for use in the U.S. or imported
into the U.S. to contain an immediate access to plaintext feature
which would have effectively address law enforcement's domestic
encryption needs and would be supported by law enforcement;
Congressmen Markey and White offered an amendment to establish a
"National Electronic Technologies Center" to foster the "exchange
of information and expertise" between government and industry.
However, the Markey/White amendment provided no funding for this
center. It did not mandate industry participation, nor is it the
goal of the "Center" to provide law enforcement with immediate
decryption technical capabilities. Markey/White was supported by
industry but was opposed by law enforcement. The Commerce
Committee defeated the Oxley/Manton proposal and adopted the
Markey/White Amendment, agreeing to favorably report H.R.695 out
of committee as amended.
H.R.695, as amended by the five committees, was then sent to
the House Rules Committee. The Rules Committee, at the
discretion of its Chairman, was to consider the different
versions of the bill adopted by the five House Committees
(Judiciary, International Relations, National Security,
Intelligence and Commerce) to determine if a workable compromise
bill could be developed and forwarded to the House floor for
action. At the insistence of Chairman Solomon (R-NY-22nd), no
action was taken by the Rules Committee concerning H.R. 695 as to
ensure that the House did not pass an encryption bill that failed
to meet all of the law enforcement and national security needs
concerning encryption.
S.909
Reported favorably out of the Senate Commerce Committee on
June 19, 1997 with five amendments: one amendment to section 106
regarding the strength of the subpoena used to obtain recovery
information; one amendment to section 201 requiring NIST to
release a public reference plan regarding key recovery systems
prior to the policy provisions of this section being enforced;
one amendment to section 205 to clarify that this section only
covers networks for the transaction of government business; and
one amendment to section 1005 to define what key recovery means.
Another amendment was introduced that would create an export
advisory board consisting of a chairman appointed by the
President, four (4) industry representatives and four (4)
government representatives-one each from the CIA, NSA, FBI and
Commerce. The bill was scheduled to be referred to the Senate
Judiciary and Intelligence Committees for appropriate action but
was never officially reported out of the Senate Commerce
Committee.
S.377
Introduced. Failed to be favorably reported out of the
Commerce Committee by a 12 to 8 vote on June 19, 1997 as a
substitute to S.909. Senators Burns, Gorton, Lott, Ashcroft**,
Abraham**, Brownback, Dorgan and Wyden voted in favor of S.377;
Senators McCain, Stevens, Hutchison, Snowe, Frist, Hollings,
Inouye, Ford, Rockefeller, Kerry, Breaux and Bryan voted against
S.377. (** denotes member of Senate Judiciary Committee)
S.376
Only introduced.
S.2067
Only introduced.