Senator changes his crypto tune
http://www.news.com/News/Item/0,4,34501,00.html
Courtney Macavinta
Staff Writer, CNET News.com
A powerful senator who once backed domestic controls on encryption now
plans to submit legislation to liberalize the export of the
data-scrambling technology.
Senate Commerce Committee [ http://www.senate.gov/~commerce/ ] chairman
John McCain (R-Arizona) said today that he will introduce a bill to allow
companies to ship strong encryption products overseas to non-hostile
nations.
Although the bill doesn't call for the same magnitude of relief as the
Security and Freedom through Encryption Act
http://thomas.loc.gov/cgi-bin/query/z?c106:h.r.850: ](SAFE), observers say
McCain's change of heart is significant and could finally push Congress
over the line toward passage of crypto export policy reforms.
McCain's bill will allow for the immediate unfettered export of 64-bit
crypto, and by 2002 could permit the easy export of 128-bit encryption.
Currently this rule applies only to 56-bit crypto, but that
http://www.news.com/News/Item/0,4,19492,00.html ] standard has been
cracked.
The legislation also would authorize more funding to help law enforcement
stay on top of the latest security technologies, and maintains President
Clinton and the Secretary of Commerce's power to refuse export licenses to
certain countries or individuals.
"This bill protects our national security and law enforcement interests
while maintaining the United States' leadership role in information
technology," McCain said in a statement. Sens. Conrad Burns (R-Montana),
Patrick Leahy (D-Vermont) and Ron Wyden (D-Oregon) will cosponsor the
legislation.
The U.S. government has long regulated encryption exports under weapons
controls, based on law enforcement assertions that tech-savvy criminals
can use the products to conceal their activity.
But opponents of the rules argue that they cost the software industry
profits and threaten global computer users' privacy. This same camp hit
the roof in 1997 when McCain himself cosponsored a bill that for the first
time would have imposed domestic controls on encryption used by
government-funded institutions.
So it's no surprise that McCain's policy shift was greeted warmly.
"Having McCain, the chair of the powerful Commerce Committee, as a key
sponsor, is a signal to the administration that their encryption export
policy is losing support in Congress," said Lusan Chua a policy analyst at
the Center for Democracy and Technology.
Still, McCain's isn't the best bill on the market, she added. Unlike SAFE,
which would grant immediate relief, the major changes proposed by the
McCain bill might not go into effect until 2002.
"The legislation is an important move in the right direction and a great
start to the Senate process. However, it must be noted that the bill
doesn't go as far or as fast as the SAFE Act, which now has 248 cosponsors
in the House, and was favorably reported
http://www.news.com/News/Item/0,4,34208,00.html ] by the House Judiciary
Committee last week," Ed Gillespie, executive director of Americans for
Computer Privacy [ http://www.computerprivacy.org/ ], said in a statement.
As part of a piecemeal concession plan, the White House has updated its
policy to [ http://www.bxa.doc.gov/Encryption/EncrypolicyUpdate.htm ]
allow for certain industries to export 56-bit encryption products after a
one-time technical review. The administration also removed a requirement
that those products must include "key recovery" mechanisms, which give
companies or law enforcement officials with court orders a way to get
access to encrypted data via a "spare key."
"Granting sectoral relief doesn't address the individual privacy concerns
of computer users," CDT's Chua added.
Along with partial export relief, McCain's bill would do the following:
• Set up a 12-member Encryption Export Advisory Board to review export
policy exemption applications. The Secretary of Commerce can reject an
exemption, which can then be appealed to the courts by the applicant.
Clinton will pick seven people, including one each from the National
Security Agency, the CIA, and his office, with four more chosen from the
private sector. The other four members will be picked by Congress.
• Direct the National Institute for Science and Technology to establish an
advance crypto standard, likely 128-bit, by January 1, 2002.
• Prohibits domestic controls on encryption products as well as mandatory
government access to plain-text encrypted material as a condition for
export.
• Unlike SAFE, the bill doesn't make it a crime to use encryption to cover
up illegal activity.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
Received on Sat Apr 3 10:56:52 1999