Senators back legislation to erase encryption limits
Technology experts welcomed the recent introduction of encryption legislation in the Senate but said some portions of the bill might still cut into the First Amendment, privacy and business rights of computer users.
Sens. John McCain, R-Ariz., Conrad Burns, R-Mont., Ron Wyden, R-Ore., and Patrick Leahy, D-Vt., on April 14 introduced the PROTECT Act of 1999, legislation that would forbid mandatory government access to coded messages.
The senators cobbled together the Promote Reliable On-Line Transactions to Encourage Commerce and Trade Act from various encryption bills each had sponsored in past sessions.
In general, the act would prohibit domestic controls on encryption, permit the export of stronger forms of encryption and set 128-bit encryption as the national standard. But the act would also prohibit the use of encryption to mask criminal conduct.
Encryption programs permit computers to scramble data so they can’t be read without a numerical access key. Current federal law prohibits the posting of strong encryption on the Internet without a license, saying it violates export codes.
Encryption experts contend that such laws violate free speech by creating a prior restraint against computer programmers and others who wish to exchange programs or encryption over the Internet. They also say government access to encryption codes infringes on privacy rights.
But government officials, especially FBI Director Louis Freeh, contend that the government needs to control encryption to prevent its illegal use. Some say widespread use of strong encryption would hinder effective law enforcement.
According to supporters of the encryption bills, however, the cost to the U.S. economy could run as high as $60 billion a year and 200,000 jobs by next year if the government doesn’t revise its encryption policy now.
Last fall, the Clinton administration relaxed some restrictions on encryption. The move allowed U.S. companies to export high-tech tools that use the 56-bit Data Encryption Standard, which has an unlocking key with 72 quadrillion possible combinations.
But even with the 56-bit limit, developers of cryptography say the United States remains woefully behind those who are developing encryption technology elsewhere. They note that a team assembled by the Electronic Frontier Foundation in January cracked the national standard in fewer than 23 hours.
Some experts claim that 128-bit encryption is already the worldwide standard and that U.S. companies are losing sales to foreign suppliers who aren’t restricted to 56-bit encryption.
Senate sponsors note that federal encryption regulations inhibit privacy and First Amendment rights.
“For people to feel comfortable in exercising their First Amendment rights — by speaking, traveling and associating freely online or in physical space — they must be able to keep their activities confidential and private,” Leahy told the Senate Judiciary Committee last week. “When Big Brother is watching, the exercise of First Amendment rights is chilled by no less than the threat of a government censor.”
Leahy said the United States holds a cherished tradition of political anonymity. In particular, the senator noted that The Federalist Papers were published by James Madison, John Jay and Alexander Hamilton anonymously or under a pseudonym.
Ed Gillespie, executive director for the Americans for Computer Privacy, said that the PROTECT Act “is an important move in the right direction and a great start to the Senate process. However, it must be noted that the bill doesn’t go as far as the Security and Freedom through Encryption Act,” which ensures more privacy for computer users.
The SAFE Act, which has 248 co-sponsors and passed the House Judiciary Committee last month, is currently before the House International Relations Committee.
Technology experts say they are encouraged by the efforts to abolish restrictions on encryption but express concern about the creation of a new federal law forbidding the use of encryption to conceal crime.