The U.S. Senate and House Commerce committees yesterday approved bills that would liberalize the encryption export regulations, while the Senate committee also passed bills calling for the promotion of digital signatures and filtering software to block pornography.
The House Security and Freedom through Encryption (SAFE) Act removes the government's restrictions on exporting strong encryption if a comparable encryption product is commercially available outside the U.S. It also bars the government from requiring key recovery, whereby the government would have access to keys to decode encrypted messages for law-enforcement purposes.
Government officials argue they need to control the export of strong encryption for national-security purposes to fight terrorism, while vendors argue that the restrictions hamper their global competitiveness because strong encryption is readily available outside the U.S. The government wants vendors to develop encryption software that includes a key-recovery mechanism.
Several amendments approved by the House committee would require that a comparable encryption product be available in a country outside the U.S. in order for a U.S. company to export similar technology there; bar export to the Chinese military; allow the secretary of Commerce to deny the export of encryption products if they would be used to harm national security, sexually exploit children or execute other illegal activities; require the secretary of Commerce to consult with the secretaries of State and Defense, the director of Central Intelligence and the attorney general when reviewing a product; and subject a person to criminal penalties for not providing access to encrypted data if a subpoena were served and the person had the capability to decrypt the data.
Senate proposes stronger encryption exports
Meanwhile, the Senate encryption bill, proposed by John McCain, an Arizona Republican, would allow exporting encryption key lengths up to 64 bits. In general, companies currently must get a license to export encryption higher than 56 bits in key length.
The McCain encryption bill also would allow export of stronger "non-defense" encryption to "responsible entities" and governments in the North Atlantic Treaty Organization, the Association of Southeast Asian Nations and the Organization for Economic Cooperation and Development. It would, however, allow the secretary of Commerce to prohibit export of particular encryption products to an individual or organization in a foreign country.
That measure would also create an Encryption Export Advisory Board to review applications for exemption of encryption of over 64 bits and make recommendations to the secretary of Commerce, as well as authorize more funding to law enforcement and national security agencies to "upgrade facilities and intelligence." The bill would ask the National Institute of Standards and Technology to establish an advanced encryption standard by Jan. 1, 2002.
"The bill carefully balances our national security and law-enforcement interests while updating current laws on encryption technology," McCain said in a statement. "It is illogical to deny U.S. producers the ability to compete globally if similar products are already being offered by foreign companies."
Digital signatures addressed
On the digital signature front, Sen. Spencer Abraham, a Michigan Republican, said the Millennium Digital Commerce Act he sponsored would "ensure that individuals and organizations in different sttates are held to their agreements and obligations even if their respective states have different rules concerning electronically signed documents."
The Abraham bill would prohibit state law from denying that digital contracts are legal solely because they are in electronic form; establish guidelines for international use of electronic signatures that would remove obstacles to electronic transactions; and allow the market to determine the type of authentication technology used in international commerce.
The Senate Commerce Committee also grappled with Internet censorship by approving another McCain-sponsored bill that would require schools and libraries receiving universal service discounts for Internet access to use filtering technology on computers children access.
Alan Davidson, staff counsel for the Washington-based Center for Democracy and Technology, said "it was a mixed day for the Internet on Capital Hill."
Beware the 'dark side'
While legislators realize the potential of electronic commerce and favor liberalizing encryption export to advance it, they are fearful of what they see as the "dark side" of the Internet -- content that might be objectionable, according to Davidson.
Rather than require filtering software in schools and libraries, legislators should offer educational institutions the flexibility to choose "acceptable use or monitoring policies," he said.
"Mandating that every school and library filter access to the Internet is not going to be the best way to protect kids," he said. "In additional to the fact that the bill has constitutional problems, it mandates one technological approach without regard to the more effective ways that local communities are already protecting kids."
The bills may be taken up by other committees before they go to the floor of the two houses for a vote, he said.