21 October 1998
Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html

Excerpted from Senate debate on S.2539, International Crime
and Anti-Terrorism Amendments of 1998:

  http://jya.com/s2539-amend.txt

-----------------------------------------------------------------------

[Congressional Record: October 15, 1998 (Senate)]
[Page S12612-S12620]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr15oc98-211]


       INTERNATIONAL CRIME AND ANTI-TERRORISM AMENDMENTS OF 1998

[Snip]

  Mr. LEAHY. [snip]
  Finally, I would like to address the encryption amendment that
Senator Kyl offered and then withdrew during Committee consideration of
this bill. This amendment would have criminalized the use of encryption
in the commission of any federal felony.
  Unlike analogous provisions incorporated into pending encryption
bills, the Kyl amendment was not limited in any way to the criminal use
of encryption ``for the purpose of avoiding detection by law
enforcement agencies or prosecution'', as reflected in the SAFE bill,
H.R. 695, or ``with the intent to conceal that communication or
information for the purpose of avoiding detection by a law enforcement
agency or prosecutor,'' as reflected in the Ashcroft-Leahy E-PRIVACY
bill, S. 2067. The scope of the offered Kyl amendment raised concerns
about inviting government over-reaching. There is no requirement in the
amendment, for example, that a conviction for use of encryption be
predicated on a conviction of any underlying criminal offense.
  Moreover, were this amendment to become law, it could chill even the
routine use of encryption in the course of every day business, such as
communications between clients and lawyers or accountants, since the
mere use of encryption could result in exposure to substantial criminal
penalties of up to five years in prison.
  In addition, as I noted during the committee's discussion of the
amendment, the definition of encryption in the offered Kyl amendment
varied greatly from definitions used in pending legislation, including
bills I have introduced and cosponsored, that have been thoroughly
vetted with encryption and other technical exports. The Kyl amendment
definition of ``encryption'' is drafted so broadly that it could apply
to any transformation of analog to digital communications, without any
use of mathematical algorithms commonly associated with encryption. We
can and should do better if we are going to add a definition of this
highly technical operation to the criminal code for the first time.
  I appreciate the chairman's efforts, and Senator Kyl's willingness,
to address this issue in a considered fashion in the next Congress.
  As a former prosecutor, I have long been concerned about helping law
enforcement have the tools necessary to deal with changing
technologies, and at the same time provide procedural safeguards to
protect privacy and other important constitutional rights of American
citizens. That is why I sponsored, among other laws, the Electronic
Communications Privacy Act in 1986 and the Communications Assistance
for Law Enforcement Act in 1994, and worked with Senator Kyl and
Chairman Hatch on passage of the National Information Infrastructure
Protection Act in 1996 and, most recently, on identity theft
legislation.
  When it comes to encryption, I fully appreciate the challenge such
technology poses for law enforcement officers, who may increasingly
find that the communications they capture during court authorized
electronic surveillance is unintelligible because it is scrambled with
encryption technology. In the last Congress, I introduced legislation,
S. 1587, that contained a provision to criminalize the use of
encryption to obstruct justice. Again, in this Congress, I have
introduced a bill with such a provision, S. 376, and cosponsored with
Senator Ashcroft yet another bill, S. 2067, that contains a criminal
penalty for the willful use of encryption to conceal incriminating
communications or information. Thus, taking the step of creating a new
crime to address the criminal use of encryption is not a new idea to
me.
  I remain frustrated that sound encryption legislation was not enacted
this year, particularly since this technology is such an effective
crime prevention tool. The longer we go without addressing encryption
policy in a comprehensive fashion, the longer our computer information,
networks and critical infrastructures remain vulnerable to cyber-
attacks and theft.
  I encourage the FBI to continue working with industry to try to
define some cooperative efforts to facilitate court ordered access to
encrypted files and communications. But the job of Congress is to
ensure that procedural safeguards are in place to guide such
cooperation in ways that comport with our Constitution. I look forward
to working with Senator Kyl, as we have successfully in the past on
technology issues, and with other members, on comprehensive encryption
legislation that addresses both the criminal use of encryption as well
as policy changes to promote the widespread use of encryption as a
shield against cyber-crime.

                  criminalizing the use of encryption

  Mr. KYL. Mr. President, I am concerned over our inability to advance
good policy on encryption this Congress. The Senate has held many
hearings on encryption, and there have been a number of bills
introduced, with nothing concrete to show for it. What these bills have
in common is an approach that would fold all aspects of national policy
on encryption into one legislative vehicle. That has been a recipe for
gridlock.
  Meanwhile, terrorist and criminals and drug lords are increasingly
using encryption to hide their acts from law enforcement investigators.
This already serious problem will continue to worsen unless we find
some way to level the playing field.
  In committee, I offered an amendment I believed to be
noncontroversial. It would criminalize the use of encryption in
furtherance of a crime. It echoes language that appeared in each and
every encryption bill introduced this Congress. And yet, it was
rejected by some Members because it did not address other aspects of
encryption policy. We need to get beyond this all-or-nothing approach.
  Mr. HATCH. I am generally supportive of the concept embodied in the
amendment offered by the Senator from Arizona which was discussed in
committee, and I regret that it was not possible to work out acceptable
language to include in this bill. Next Congress, I believe the
Judiciary Committee should take up the challenge of reviewing this
Nation's encryption policies and ensure that law enforcement agencies
can continue to fulfill their critical responsibilities. This review
will include a hearing to consider the FBI's proposed Technical Support
Center, in order to evaluate its potential for solving some of law
enforcement's access concerns. I pledge my support to help enact
legislation to address the use of encryption in furtherance of a
felony.

[Snip]