-----------------------------------------------------------------------------
_____ _____ _______
/ ____| __ \__ __| ____ ___ ____ __
| | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_
| | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/
| |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_
\_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/
The Center for Democracy and Technology /____/ Volume 3, Number 8
----------------------------------------------------------------------------
A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
CDT POLICY POST Volume 3, Number 8 June 19, 1997
CONTENTS: (1) Senate Commerce Committee Approves Domestic Key Recovery Bill
(2) How to Subscribe/Unsubscribe
(3) About CDT, contacting us
** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of
** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------
(1) SENATE COMMERCE COMMITTEE APPROVES DOMESTIC KEY-RECOVERY BILL
The Senate Commerce Committee today approved the McCain-Kerrey "Secure
Public Networks Act" (S. 909) - a bill which for the first time would
impose domestic restrictions on the ability of Americans to protect their
privacy and security in their own homes.
CDT believes that S. 909 represents a grave threat to privacy and security
on the Internet. The bill all but mandates domestic key recovery and key
escrow encryption to provide guaranteed government access to private
communications and stored files. The bill would also codify into law the
56-bit limit on encryption exports, link certificate authorities to
key-recovery, and create 15 new crimes relating to encryption.
S. 909 now replaces Pro-CODE in the Senate. Senator Conrad Burns (R-MT),
the lead author of Pro-CODE, mounted a last-ditch campaign to block the
key-recovery provisions of the McCain-Kerrey bill. His effort lost on a
vote of 12 - 8 (votes are listed below)
CDT believes that S. 909, if passed into law, would amount a full scale
assault on your ability to protect your privacy and security on the
Internet.
The bill would create a ubiquitous global key-recovery infrastructure - an
untested idea which 11 of the world's leading cryptographers have said
"will result in substantial sacrifices in security and cost to the end
user. Building a secure infrastructure of the breathtaking scale and
complexity demanded by [the government's] requirements is far beyond the
experience and current competency of the field."
Though McCain offered his bill as a compromise between the Clinton
Administration's position and Congressional efforts to reform US Encryption
policy, in reality S. 909 closely mirrors draft legislation proposed by the
Clinton Administration earlier this year.
Specifically, the McCain-Kerrey bill would:
* Compel Americans to Use Government-Approved Key Recovery Systems
* Make Key Recovery a Condition Of Participation in E-Commerce
* Allow Government Carte Blanche Access to Sensitive Encryption Keys
Without a Court Order
* Create New Opportunities for Cybercrimes
* Codify a low 56-bit Key Length Limit on Encryption Exports
* Create Broad New Criminal Penalties for the Use of Encryption
The full text of the bill, along with a detailed analysis of S. 909, an
analysis of the constitutional issues raised by the key-recovery
provisions, and the amendments (when available) is available online at
http://www.cdt.org/crypto/
One encouraging development was the adoption of an amendment offered by
Senator Frist (R-TN) which would requiring the government to demonstrate
the key recovery will work before such systems are deployed. Senator Frist
cited the recently released "Risks of Key Recovery" study as the reason for
offering the amendment. The committee also approved several other
amendments - though none substantially change the bill or address any of
the serious privacy and security concerns raised by compelled domestic key
recovery.
________________________________________________________________________
VOTE COUNT
Senator Conrad Burns' (R-MT) effort to block the McCain-Kerrey bill was
defeated by a vote of 12 - 8. The 8 Senators who voted with Burns deserve
a great deal of credit for standing up for the Net.
Voting to block S. 909 Voting to Support S. 909
------------------------ --------------------------
Abraham (R-MI) Breaux (D-LA)
Aschroft (R-MO) Bryan (D-NV)
Brownback (R-KS) Ford (D-KY)
Burns (R-MT) Frist (R-TN)
Dorgan (D-ND) Hollings (R-SC)
Gorton (R-WA) Hutchinson (R-TX)
Lott (R-MS) Inouye (D-HI)
Wyden (D-OR) Kerry (D-MA)
McCain (R-AZ)
Rockefeller (D-WV)
Snowe (R-ME)
Stevens (R-AK)
To keep up to date on your Senator's position on this and other Internet
related policy issues, join the Adopt Your Legislator Campaign. Visit
http://www.crypto.com/adopt for details.
-------------------------------------------------------------------------
NEXT STEPS
There is a good chance the bill will be referred to the Senate Judiciary
Committee, which has scheduled hearings on encryption for next Wednesday
June 25. A number of Judiciary Committee members have expressed concerns
about the key recovery provisions of the McCain-Kerrey bill.
The House International Relations Trade subcommittee is expected to vote on
the SAFE bill next week. The SAFE bill would relax US encryption export
controls and does not contain key recovery provisions. The bill, sponsored
by Rep. Bob Goodlatte (R-VA), enjoys broad bi-partisan support.
CDT will continue to fight the key-recovery provisions of S. 909 and work
to ensure that Congress passes meaningful encryption policy reform
legislation which does not force American citizens to provide guaranteed
government access to their private communications and stored files.
Visit http://www.cdt.org/crypto for the latest news and information.
------------------------------------------------------------------------
(2) SUBSCRIPTION INFORMATION
Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list. CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 13,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.
To subscribe to CDT's Policy Post list, send mail to
policy-posts-request@cdt.org
with a subject:
subscribe policy-posts
If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:
unsubscribe policy-posts
-----------------------------------------------------------------------
(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: URL:http://www.cdt.org/
FTP URL:ftp://ftp.cdt.org/pub/cdt/
Snail Mail: The Center for Democracy and Technology
1634 Eye Street NW * Suite 1100 * Washington, DC 20006
(v) +1.202.637.9800 * (f) +1.202.637.0968
-----------------------------------------------------------------------
End Policy Post 3.08 06/19/97
-----------------------------------------------------------------------
CDT Publications Page
CDT Cryptography Page
CDT Home Page