CDT Analysis of the McCain-Kerrey Bill S. 909: The McCain-Kerrey Bill | 105TH Congress

Senators John McCain (R-AZ) and Bob Kerrey (D-NE) have introduced legislation that would force U.S. encryption users to adopt vulnerable and costly "key recovery" systems. The bill provides only token relief from current export controls, and would create strong incentives to coerce American consumers and businesses to adopt untested and potentially insecure third-party access to sensitive encryption keys.

The "Secure Public Networks Act" threatens both Internet security and individual privacy. The bill would require key recovery agents to secretly disclose keys to the government without a court order. The bill would codify the current, ineffective 56-bit limit on encryption exports, preempt evolving state laws on electronic commerce, create 15 new federal crimes relating to encryption, and give the President sweeping powers to waive any provision of the act by Executive Order.

While presented as a compromise between Administration policy and proposed encryption reform bills now in Congress, the McCain-Kerrey bill in fact closely mirrors recent Administration draft legislation. As the attached comparison table indicates, the McCain-Kerrey bill's major features are very similar to those of the Administration's most recent proposal. The McCain-Kerrey bill actually goes even further than the Administration bill in forcing the domestic and worldwide adoption of key recovery systems. The bill claims to be voluntary, but its regulatory provisions and market pressures make key recovery all but mandatory.

Major provisions of the bill would:

1. Force businesses and individuals to use "key recovery" systems if they wish to participate in the secure information infrastructure. The bill would:
   • Require the use of key recovery systems in order to obtain the "public key certificates" needed to participate in electronic commerce. Retaining this linkage between certificates and third-party access effectively holds electronic commerce hostage to key recovery. (Sec. 405)
   • Use powerful safe harbor liability protections and other market-distorting regulations to force use of "federally-licensed" key recovery agents. (Title V)
   • Require key recovery for all secure networks built with any federal funds -- including the Internet II project and most university networks. (Title II)
   • Direct the President to negotiate with foreign countries to create a worldwide system for national government access to keys. (Title VI)
2. Codify a low 56-bit key length limit on exports of any non-key-recovery encryption products. Products with much greater strength are already in demand in the market and widely available outside of the U.S.
3. Endanger personal privacy by allowing government access to sensitive encryption keys without meeting normal Fourth and Fifth Amendment requirements. The bill would grant any government agency access to keys without court order, using as little as a subpoena issued without notice and without any judicial approval, thereby leaving valuable private keys highly vulnerable to mistaken disclosure as a result of mistake, fraud, or abuse.
4. Criminalize an array of encryption activities -- In addition to a broad new crime that would penalize routine use of encryption and federalize vast numbers of state crimes, the bill would create fifteen new federal crimes (see list below) dealing with the use of encryption and key recovery and grant the Commerce Dept. sweeping new enforcement powers.

Moreover, a waiver provision would give the President the authority to disregard any or all of the provisions of the bill on the basis of a Presidential Executive Order (Title IX). Over the last several years the President has already issued several similar orders regarding both encryption and export controls more generally.

The McCain-Kerrey bill is voluntary in name only.

The bill contains powerful regulatory incentives and legal penalties designed to compel individuals and corporations to adopt federal key recovery systems if they wish to participate in secure electronic commerce and private communications. This unnecessary linkage serves only to force the adoption of key recovery as the price for participation in the increasingly important sphere of electronic commerce.

The McCain-Kerrey bill would create new vulnerabilities and new costs for American consumers and businesses.

Key recovery systems of the type contemplated in the McCain-Kerrey bill open a huge window of vulnerability to the private data of computer users. A recent report by eleven noted computer security experts and cryptographers concluded that, "The massive deployment of key-recovery-based infrastructures to meet law enforcement's specifications will require significant sacrifices in security and convenience and substantially increased costs to all users of encryption."

The McCain-Kerrey bill would radically alter the current U.S. approach to encryption policy. To date, U.S. encryption policy has focused on export controls ostensibly designed to stop foreign use of strong encryption. While such export rules have impacted domestic use of encryption as well, official U.S. policy has maintained that there would be no domestic restrictions on the use of encryption. This bill would contradict that policy and directly target the domestic use of encryption by U.S. businesses and individuals.

Comparison: Major Features of the Administration and McCain-Kerrey Bills

	Administration Draft*	McCain-Kerrey** [w. section#]
Federal licensing of certificate authorities(CA) and key recovery agents	Yes.	Yes. [401-404]
Linkage of CA's and key recovery: Encryption public key certificates only issued to users of key recovery	Yes.	Yes. [405]
Export controls codified: 56-bit limit on encryption exports, no judicial review.	No.	Yes. [301-308]
Crime for use of encryption in furtherance of a crime.	Yes. Use of a licensed KRA is a defense.	Yes. No KRA defense. [104]
Crime for issuance of a key in furtherance of a crime.	No.	Yes. [105]
Gov't access to keys by subpoena without notice and or judicial approval	Yes.	Yes. [106]
Foreign gov't access to keys	Yes.	Yes. [106]
Federal procurements require key recovery.	No.	Yes. [201-207]
Federal funding (Internet II, universities, etc.) requires use of key recovery.	No.	Yes. [201-207]
"Safe harbor" liability protections for licensed CA's and recovery agents	Yes.	Yes. [501-505] Less extensive than Administration draft.
Requires Pres. to negotiate for international key recovery.	No.	Yes. [Title 6]
New Commerce Dept. enforcement powers	No.	Yes. [701-702]
Information Security Board	No.	Yes. [801]
Waiver of any provision of Act by Executive Order.	No.	Yes [901]

*The Encrypted Data Security Act, draft dated April 29, 1997.

**The Secure Public Networks Act, as released on June 17 by Senator Kerrey's office.

1. Background: Encryption, Certificate Authorities, and Key Recovery

Encryption is the essential and indispensable tool for protecting sensitive electronic communications and stored files. Encryption hardware and software products, which encode and decode electronic information, are the locks and keys of the information infrastructure. As more sensitive data (such as medical records, business secrets, or financial transactions) are placed online, and as more people use inherently open media such as the Internet or cellular phones, the widespread use of encryption will become essential to prevent crime, promote global commerce, and protect privacy.1

As electronic commerce and encryption use grows, there will be an increasing need for some form of "Certificate Authorities" (CA's) that help identify encryption users. A CA is a trusted party that vouches for the identity (or some other attribute) of an encryption user. For example, a bank might act as a CA to issue a "public key certificate" that identifies an individual, who could then use the certificate to make purchases on the Internet or create legally binding "digital signatures." The development and use of such certificates will be essential for trusted electronic exchanges. Consequently, using a CA will become a prerequisite to participation in electronic commerce and secure online communications.2

"Key recovery" and "key escrow," on the other hand, are entirely different systems unrelated to certificate authorities. Such systems allow for third-party access to decrypted data, through the storage of encryption keys or some other decryption information. There is likely to be some demand for a market-driven form of key recovery, such as "self-escrow" or storage of keys by a company, to allow for decryption under emergency circumstances. Government-dictated recovery systems, however, are radically different in nature. They would require rapid access to keys by law enforcement officials; access to both communications and stored files; and no notice of key disclosures to the owners of those keys. A recent report by a group of noted computer security experts recently concluded that these government-driven systems introduce tremendous new vulnerabilities and costs into otherwise secure encryption systems.3 For these and other reasons, government access systems have been repeatedly rejected in the marketplace.

The McCain-Kerrey bill would link the need for Certificate Authorities with government-mandated escrowed encryption. Yet there is no technical reason to link certificates for identification with key recovery systems that allow third-party access. On the contrary, such linkages are exceedingly risky. If the government policy succeeds, it will introduce sweeping new vulnerabilities into the system for identifying and securing electronic commerce, and will force millions of computer users to adopt key recovery systems that they do not want. Even if it fails, in the meantime electronic commerce will face years more without a standard for securing information privacy, with computer users increasingly at risk.

2. Forcing Encryption Users to Adopt Key Recovery

The McCain-Kerrey bill would create a new federal licensing system for certificate authorities and key recovery agents. Anyone wishing to participate in the online economy envisioned by the McCain-Kerrey bill will be forced to use this standardized system.

The Commerce Department would have broad authority to license, or revoke the licenses, of "trustworthy" private sector agents or authorities under its own regulations. These provisions would create a new government-approved and federally-licensed system for private encryption users to identify themselves and communicate confidentially online. This federal key infrastructure is designed to be a prerequisite for participation in electronic commerce.

Congress has not held a single hearing on the wisdom of entering into the controversial area of Certificate Authorities regulation. This involves issues of contract law normally left to the states. Indeed, the issue is already being handled at the State level, with states such as Utah taking the lead in sorting out the complex and emerging issues surrounding digital signature laws. The bill places Congress in the position of prematurely regulating a market that has not yet sorted out, and in a way that the market itself would never choose.4

A. Linkage of Key Recovery and Certificate Authority

Even more troublesome than the regulation of CA's and recovery agents is the McCain-Kerrey bill's effort to link the two. Under the McCain-Kerrey bill, encryption users would be coerced into using licensed key recovery systems in order to participate in the trusted certificate authority infrastructure:

• Certificates issued only for users of licensed key recovery -- Licensed Certificate Authorities will only be permitted to issue public key certificates for encryption to a person who uses a licensed recovery agent or some other means of lawful access. Violators will be subject to stiff criminal penalties. (Sec. 405)

As noted above, there is no technical reason for tying certificates to key recovery -- other than to force otherwise unwilling computer users to use federally licensed recovery agents. If the federal government were concerned with promoting electronic commerce, it could easily create a Certification Authority system that did not require the use of key recovery. Such a system would no doubt be more popular, less expensive, and more secure than the one contemplated by this bill.

B. Federal Procurement and Funding Provisions Force Adoption of Key Recovery

Title II of the bill would require that all new secure government networks, as well as any encrypted network established with the use of federal funds, use encryption based on a "qualified system of key recovery" under Commerce Department regulations.

Title II would ultimately force a broad group of private computer users to adopt key recovery. Some of the networks affected by Title II might include:

• the Internet II project;
• most university and many public school networks;
• networks established by government contractors, if using federal funds.

All of these networks would be forced to adopt risky and costly key recovery systems, regardless of how appropriate it is for the application or individuals using them.

C. Safe Harbor Regulations to Coerce Use of Key Recovery

Other provisions in the bill provide strong incentives and large penalties for those who choose not to use licensed escrow systems:

• Powerful safe harbors for licensed entities -- For licensed Certificate Authorities and Key Recovery Agents, compliance with registration requirements is "a complete defense" to any noncontractual civil liability under the bill (Sec. 502). This protection from potentially costly negligence or other claims will provide a major competitive advantage to licensed CA's and recovery agents, and will jeopardize the economic viability of any entity who chooses not to meet the "voluntary" registration requirements.
  
• Legal protections from government abuse do not apply to unlicensed agents -- The bill contains important privacy protections from abuse by government agencies, but only for users of licensed key recovery agents. Persons whose recovery information is unlawfully obtained or used may bring a civil action against the U.S. government. (Sec. 107) However, individuals and companies who choose not to use licensed escrow systems would not be similarly protected from law enforcement abuse.

Taken as a whole, these provisions create a powerful incentive to use federally licensed key recovery agents. The safe harbor liability provisions alone are likely to make it economically infeasible for CA's or recovery agents that are not federally licensed to compete with those that are.

3. Limited Export Control Relief

Title III of the McCain-Kerrey bill would provide limited export control relief for encryption technology. The bill would allow export of 56-bit DES or equivalent strength products following a one-time review, and stronger products if they use key recovery. The President could ultimately choose to increase this limit over time by Executive Order.

The bill would in effect codify the current Commerce Department regulations of encryption exports, with one change. Currently, 56 bit exporters must file a plan and promise to build key recovery systems within two years. Many observers believe that the two-year sunset on 56-bit non-recovery products cannot ultimately be enforced and is not a serious requirement. The McCain-Kerrey draft dispenses with that fictions and drops the requirement of key recovery for 56-bit products.

Codifying a 56-bit export control would continue to place the security of encryption users and the competitiveness of U.S. industry at risk. Over 15 months ago a panel of noted cryptographers found that 56-bit encryption products were not secure enough for many applications, and recommended at least 75-bit to 90-bit encryption in the near future. Moreover, encryption products of much greater (e.g. 128-bit) strength are increasingly available abroad; the export controls serve only to hamper U.S. industry and prevent U.S. computer users from obtaining secure, global encryption solutions. The export controls also act to coerce U.S. companies and individuals to adopt key recovery systems in order to export stronger products.

Moreover, the McCain-Kerrey bill would codify a use of presidential emergency powers that is highly questionable. The current, arbitrary and poorly understood licensing process for encryption technology is being challenged in the courts on grounds including prior restraint and other First Amendment constitutional protections. Moreover, many believe that the current application of IEEPA powers to the everyday maintenance of export controls is itself ripe for challenge. This statute would undercut many of these legal challenges to the President's unconstitutional exercise of authority over encryption exports.

4. Altering the Privacy Balance: Carte Blanche Government Access to Sensitive Decryption Keys

The McCain-Kerrey bill would:

• Allow government agency seizure of key information with as little as a subpoena -- Any holder of recovery information whether or not registered, including organizations holding their own keys, would be required to release their sensitive decryption keys to any government agent acting pursuant to subpoena or "other lawful authority" in a form to be specified by the Attorney General. (Sec. 106) Subpoenas offer very little protection. They are issued without judicial approval, upon mere relevance to a pending civil or criminal investigation by any of thousands of law enforcement and regulatory agencies. Moreover, the statute would require the federal government to provide decryption keys at the request of foreign governments.
  
• Prohibit notice of key seizures to encryption users -- All key recovery agents, whether licensed or not, would be generally prohibited from disclosing "the facts or circumstances" of such key releases. (Sec. 110)

Taken together these provision would deny basic privacy protections to individuals and business for their sensitive decryption keys.

Decryption keys are among the most sensitive pieces of information owned by an individual or organization. Decryption keys provide access to the most private and valuable of communications, stored records, or personal data. In some systems, obtaining a private decryption key might give access to years worth of encrypted information, or allow the easy forgery of a user's digital signature. Such sensitive keys demand a heightened degree of protection from disclosure and abuse -- as Congress has recognized in conjunction with the disclosure of other highly personal information.

The McCain-Kerrey bill moves in the opposite direction, setting an inappropriately low standard for seizure of these sensitive decryption keys. Seizure by subpoena or "other lawful authority" would provide virtually no judicial oversight or protection.

The bill would allow for the seizure of keys, on demand, by any of the over 15,000 federal, state, and local law enforcement agencies -- as well as requesting foreign governments. The potential for abuse is enormous. Subpoenas or "other lawful authority" require no appearance before a judge, no findings of probable cause or even reasonable suspicion of criminal activity by the target, and little or no judicial supervision. Moreover, the bill outlines no standards for the highly sensitive issue of release of keys to foreign governments. These low standards for access would destroy the delicate privacy balance that Congress and the Supreme Court have struck under the Fourth Amendment.5

It is not true that the Administration and McCain-Kerrey bills merely preserve current access. Currently, the law requires at least that the government serve a subpoena on the encryption user. In addition, the Fourth and Fifth Amendments may require a judicial order (subpoenas are issued without judicial approval), and the Fifth Amendment likely prohibits compelled disclosure of memorized keys or passwords. The McCain-Kerrey bill attempts to avoid these constitutional protections by compelling people to make their keys available to third parties. Once they keys are available, the government believes, the keys would be accessible with a mere subpoena issued and executed without judicial approval and without notice to the person whose privacy is being violated.

5. New Federal Crimes and Other Domestic Regulations

In addition to the domestic controls outlined above, other provisions of the Bill would regulate and potentially criminalize a range of domestic activities and individuals never before regulated in the United States:

• Fifteen new federal crimes for use of encryption -- The bill creates severe criminal penalties for the sweeping "use of encryption in furtherance of" a felony, potentially punishing the routine use of encryption. As detailed in the table below, the statute creates a total of fifteen new federal crimes relating to the use of encryption and the issuance of certificates and keys. Since encryption will most likely be used in the regular course of communication, file storage, and electronic commerce by a large segment of the population, these provisions will create a vast new form of federal criminal liability and a serious expansion of federal prosecutorial reach.
  
• Broad scope of "encryption" and "recovery agents" -- The overly broad definition used in the bill threaten to encompass a vast range of activities. "Encryption" is merely defined as a "transformation of data" done "in order to hide its information content," could include speaking in a foreign language or the use of compression algorithms.6 "Key recovery agents" include any entity holding key information in the course of business -- such as an individual who holds other people's keys in the regular course of business, or a small company that backs up keys for its employees. All of these activities would be exposed to the complex regulations and serious criminal liabilities imposed by the bill.

Together with the other domestically-targeted regulations outlined above, these provisions directly contravene the spirit, if not the letter, of repeated public statements by Administration officials that they would not seek to control domestic use of encryption.

The McCain-Kerrey bill would create 15 new federal crimes pertaining to the use of encryption. These provisions would criminalize a broad new set of activities relating to encryption and certification, often in vague terms. The effect of these sweeping, vague new laws will be to chill legal domestic uses of encryption by non-licensed encryption users. These provisions would also federalize a vast new set of acts previously within the jurisdiction of the states.

The McCain-Kerrey bill would impose criminal penalties including fines and imprisonment for up to five years, for any persons who:

1. knowingly encrypt data or communications in furtherance of the commission of a felony. [104]
2. obtain or use recovery information without lawful authority for the purpose of decrypting data or communications; [105]
3. exceed lawful authority in decryption data or communications; [105]
4. break the encryption code of another person without lawful authority for the purpose of violating the privacy, security or property rights of that person; [105]
5. intercept on a public communications network without lawful authority the intellectual property of another person for the purpose of violating intellectual property rights; [105]
6. impersonate another person for the purpose of obtaining recovery information of that person without lawful authority; [105]
7. issue a key to another person in furtherance of a crime; [105]
8. disclose recovery information in violation of a provision of this Act; [105]
9. publicly disclose without lawful authority plaintext of information that was decrypted using recovery info. obtained with or without lawful authority. [105]
10. violate the export control provisions of the Act [308]
11. [for a certificate authority registered under this Act, or an employee or agent thereof] to intentionally issue a public key certificate in violation of this Act; [407]
12. intentionally issue what purports to be a public key certificate issued by a registered CA when such person is not a CA registered under this Act; [407]
13. revoke what purports to be a public key certificate issued by a registered CA when the issuer does not have proper authority to revoke; [407]
14. intentionally issue a public key certificate to a person who does not meet the requirements of this Act or the regulations prescribed thereunder; or [407]
15. intentionally apply for or obtain a public key certificate under this Act knowing that the person to be identified in the public key certificate does not meet the requirements of this Act or the regulations thereunder. [407]
    

6. Conclusion

Taken as a whole, the McCain-Kerrey draft encryption legislation would, for the first time, tightly regulate and potentially criminalize a broad set of domestic activities for securing electronic data and communications. Voluntary in name only, the bill would force those seeking security and privacy for their computer files, Internet traffic, or cellular phone calls to adopt federally-licensed key recovery systems. The bill would dramatically expand government access to sensitive key information with mere written authorization and would destroy the delicate balances established by Congress and the Supreme Court to preserve the Fourth Amendment's protections for all Americans.

The bill threatens any prospect of privacy and security in electronic commerce and on the Internet by opening a huge window of vulnerability to the private data and communications of encryption users. Some of the issues raised in this analysis can be addressed by drafting changes to the bill. Many others cannot, and call for a major reconsideration of the bill's fundamental premises. As has been clear since the introduction of the failed Clipper Chip initiative, government-licensed key recovery systems will not be trusted by encryption users and cannot form the basis for electronic commerce and a secure information infrastructure.

For more information please contact:

Alan Davidson, Staff Counsel <abd@cdt.org>
Jim Dempsey, Senior Staff Counsel <jdempsey@cdt.org>
Center for Democracy and Technology http://www.cdt.org/
+1 202.637.9800 (v)
+1 202.637.0968 (f)

And see the Encryption Policy Resource Page on the World Wide Web:
http://www.crypto.com

Notes

¹ To date the use of encryption has not been widespread. This is largely attributed to US export regulations that have chilled the use of encryption both abroad and domestically, and which have prevented the development of a global encryption standard, leaving computer users at risk.

² There is a great deal of debate about the role of government in regulating CA's. CA's may ultimately be large, centralized, or even government-certified entities, or smaller, locally-trusted entities. At this early stage in deployment, no consensus has emerged on what government's role should be. See Michael Froomkin, The Essential Role of Trusted Third Parties in Electronic Commerce, 75 Oregon L.Rev. 49 (1996).

³ Hal Abelson, et al., The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption (1997), available on the World Wide Web at <http://www.crypto.com/key_study>.

⁴ For example, the controversial recent Commerce Department regulations on recovery agents that require two hour response time to government agency requests for keys, invasive credit and security checks for agent employees, and no notice to users whose keys are revealed, would all fall well within the broad discretion granted to the Secretary.

⁵ For example, to seize computer files from the home of an individual, law enforcement agencies are required to obtain a warrant issued by a judge under a showing of probable cause. To intercept a telephone call, agencies are required to pass through even greater substantive and procedural hurdles.

⁶ In contrast with the much more specific definitions of encryption in S.376, S.377, and H.R. 695.