31 March 1998
Thanks to Alan Davidson, Center for Democracy and Technology

To: Interested Parties
From: CDT
Re: Preliminary Analysis of Revised McCain-Kerrey Bill (S.909)

Despite these changes, CDT remains opposed to S.909 for one fundamental reason: The revised draft still seeks, through a series of incentives (export controls, government procurement, and liability safe harbors), to require encryption users to surrender control over their keys on the government's terms. We also oppose the revised bill because its privacy standards fall short; it criminalizes a wide range of uses of encryption; and it effectively retains current export controls on encryption. CDT believes S.909 is at best a codification of a bad status-quo. Overall, the new bill still threatens electronic privacy and security through the coercion of the marketplace towards adoption of a government key recovery standard, with all the risks that entails.

Senators McCain and Kerrey have said they are seeking a compromise on the encryption issue. However, any legislation that includes government-dictated standards for key recovery is not a compromise. It entails too many risks and is fundamentally inconsistent with the user-controlled nature of the new electronic technologies. It requires people to do something they would never do otherwise do: place their keys in the hands of someone they don't control.

Overview of S.909 -- S.909 is a comprehensive bill regulating the use and export of encryption. The original bill included export controls, procurement requirements, new criminal penalties, and a complex federal licensing system for certificate authorities (CA's) and key recovery agents. It was widely criticized for: linking key recovery to CA's; using export, procurement, and liability relief to force the use of key recovery; allowing access to keys with a subpoena; codifying a weak 56-bit limit on exports; and creating sweeping new federal criminal penalties. For a detailed review of the provisions of S.909, see CDT's analysis available at http://www.cdt.org/crypto.

Problems with the revised S.909 -- CDT continues to oppose S.909 as a bill intended to make government-designed key recovery all but mandatory through coercion of the marketplace. Government-mandated key recovery is fundamentally different from the type of key recovery that the marketplace is now developing in response to user needs. Under the revised bill, "qualified key recovery systems" will still be defined by the Commerce Secretary. They will likely require that key recovery occur "without the knowledge or cooperation of the key owner" and they will likely extend to communications, key points that are in current regulations. These features directly threaten privacy and security online and are not acceptable to the marketplace.

Changes to S.909 -- The revised S.909 contains a number of significant changes, most of which are direct responses to criticisms raised by privacy advocates and industry groups. Major changes include --

• Removal of the linkage between certificate authority and key recovery agents -- Sec. 405 of the original bill would have required users of federally licensed certificate authorities to also use key recovery. In the revised bill, this linkage has been completely deleted. However, the complex federal registering structure for CA's and key recovery agents is retained, along with the powerful safe harbor provisions designed to force companies to submit to licensing.

• Heightened standards for access to keys -- The original S.909 allowed government to obtain key information on a mere subpoena. The revised bill requires a "court order" based "upon a finding that the recovery information is relevant to an ongoing law enforcement or counterintelligence investigation." Sec. 106(4). CDT believes this standard is still too low for sensitive key information. In the emerging world of digital commerce and personal communication, decryption keys will be among the most sensitive information in an individual's life. Criminal inquiry can be very broad; counterintelligence investigations are even broader. It is not sufficient for the government to merely show that a decryption key is "relevant" to an investigation.

• Export controls -- Allows export of key recovery products that allow government access to plaintext "without the knowledge or cooperation of the person using the product." Retains the 56-bit limit on non-recovery products, with the limit to be raised based upon findings of an Encryption Export Advisory Board. (This change was already adopted at the Commerce Committee mark-up last year.) The 13-member board is appointed by the President and the Congress; its findings can be waived by executive order. The new bill also allows the Secretary to license products with user-controlled key recovery features. Bottom line: It would grant the Executive discretion to continue export control policies identical to those in place today.

• Procurement -- Attempts to narrow key recovery requirement to federal systems and those federally-funded networks "for the transaction of business with the federal government." Intended to carve out Internet 2 and universities (according to staff).
  

Other changes include narrower access to key information at the request of foreign governments (only plaintext, not keys, can be released), and narrowed Presidential waiver authority (does not apply to Title I privacy protections.)

Specific reasons why we oppose the revised bill --

• Push to key recovery -- The revised bill still uses a series of incentives to require or encourage encryption users to surrender their keys in accord with government standards:
  
  
  • Procurement -- In an effort to influence the non-government marketplace, the bill still requires federal computer systems -- as well as many federally-funded systems -- to adopt key recovery designed not for security but for ready investigative access. This places government systems at risk because key recovery is not appropriate for all applications, even in government.
    
    
  • Safe harbors -- Very broad protection from immunity will make it unlikely that any entity would want to become a key recovery agent without meeting government key recovery requirements. Such large giveaways to recovery agents also raise serious consumer issues.
    
    
  • Export relief linked to key recovery -- Producers of encryption can obtain export relief if they install key recovery features meeting government standards.
    
    
• Privacy standards -- Though better than a subpoena, the court order standard based upon mere "relevance" is still not sufficient for sensitive keys. The bill also includes no minimization requirements for recovery information in domestic investigations.
  
  
• Export controls -- The current 56-bit limit and key recovery exemptions are retained. In addition to codifying a bad standard, this bill would be a major setback for ongoing litigation aimed at challenging encryption controls.
  
  
• Broad criminal penalties -- The new bill retains S. 909's 15 federal crimes pertaining to encryption, including the sweeping "unlawful use of encryption" crime penalizing "whoever knowingly encrypts data or communications in furtherance of the commission of a criminal offense." This new crime threatens to chill the routine use of encryption due to the risk of severe penalties. It applies to state crimes as well, effectively federalizing a vast number of investigations.
  
  
• CA regulation -- There is no consensus today on the proper shape of federal CA regulation; this effort appears both premature and profoundly anti-market.
  
  
• Broad waiver authority -- President can waive any provision of the bill (except Title I) "in the interests of national security, or domestic safety and security." (Title IX)
  
  

Conclusion: CDT appreciates the efforts made by Senators McCain and Kerrey to address privacy and industry concerns with S.909. However, the bill still attempts to impose the government's vision of key recovery -- an international, ubiquitous system that allows access to keys without the knowledge or consent of the key owner -- on an unwilling marketplace. Insufficient access standards, limited export relief, and sweeping new criminal penalties would chill the use of encryption and threaten information privacy. For these reasons CDT believes that the revised bill, if passed, would be a serious blow to electronic privacy and security.