CDT | Text of FBI Draft Legislation

TEXT OF MANDATORY KEY RECOVERY SECTION OF FBI DRAFT LEGISLATION      
    (From FBI "Technical Assistance Draft" Dated August 28, 1997)

SEC. 105. PUBLIC ENCRYPTION PRODUCTS AND SERVICES

(a)    As of January 1, 1999, public network service providers offering 
encryption products or encryption services shall ensure that such products or 
services enable the immediate decryption of communications or electronic 
information encrypted by such products or services on the public network, upon 
receipt of a court order, warrant, or certification, pursuant to section 106, 
without the knowledge or cooperation of the person using such encryption 
products or services.

(b)    As of January 1, 1999, it shall be unlawful for any person to 
manufacture for sale or distribution within the U.S., distribute within the 
U.S., sell within the U.S., or import into the U.S. any product that can be 
used to encrypt communications or electronic information, unless that product 
-

       (1) includes features, such as key recovery, trusted third party
       compatibility or other means, that

           (A) permit immediate decryption upon receipt of decryption
           information by an authorized party without the knowledge or
           cooperation of the person using such encryption product; and
  
           (B) is either enabled at the time of manufacture, distribution,
           sale, or import, or may be enabled by the purchaser or end user; or

       (2) can be used only on systems or networks that include features, such
       as key recovery, trusted third party compatibility or other means, that
       permit immediate decryption by an authorized party without the     
       knowledge or cooperation of the person using such encryption product.

(c)  (1) Within 180 days of the enactment of this Act, the Attorney General
     shall publish in the Federal Register functional criteria for complying
     with the decryption requirements set forth in this section.

     (2) Within 180 days of the enactment of this Act, the Attorney General
     shall promulgate procedures by which data network service providers and
     encryption product manufacturers, sellers, re-sellers, distributors, and
     importers may obtain advisory opinions as to whether a decryption method
     will meet the requirements of this section.

     (3) Nothing in this Act or any other law shall be construed as requiring
     the implementation of any particular decryption method in order to 
     satisfy the requirements of paragraphs (a) or (b) of this section.
Back.