Senators unveil bill to relax encryption restrictions

Wednesday, May 13, 1998

Technology experts lobbying for relaxed government restrictions on encryption praised new legislation bolstering the right to scramble electronic messages but warned that some of the bill’s measures might still trample on privacy rights.

Sens. John Ashcroft, R-Mo., and Patrick Leahy, D-Vt., on Tuesday introduced the Encryption Protects the Rights of Individuals from Violation and Abuse in Cyberspace Act, known simply as the E-PRIVACY Act.

Ashcroft and Leahy touted the measure as one that guarantees computer users the right to scramble messages using nearly unbreakable codes to maintain privacy. It would also relax restrictions, including export limits, on encryption.

Encryption programs permit computers to scramble data so they can’t be read without a numerical access key. Current federal law prohibits the posting of strong encryption on the Internet without a license, saying it violates export codes.

Encryption experts contend that such laws violate free speech, because they create a prior restraint against computer programmers and others who wish to exchange programs or encryption over the Internet. They also say government access to encryption codes infringes on privacy rights.

But government officials, especially FBI Director Louis Freeh, contend that the government needs to control encryption to prevent its illegal use. Some say widespread use of strong encryption hinders effective law enforcement.

The bill’s sponsors and supporters describe the E-Privacy Act as a compromise among privacy and First Amendment advocates, the computer industry and law enforcement agencies.

“I want to be supportive of law enforcement, but I am not in favor of allowing the FBI or any single law enforcement agency to dictate the export policy of the United States, nor to dictate the technological growth and development of our computer industry,” Leahy said. “It’s just not going to be done.”

If passed, the legislation would:

  • Prohibit government-enforced key escrow or recovery, which law enforcement could use to unscramble electronic messages if they believe a crime had occurred. If manufacturers put the key on their software voluntarily, officials must first obtain a court order before using the encryption key;
  • Ease export restrictions on strong encryption;
  • Establish a National Electronic Technology Center to help law enforcement agencies break encryption codes and share information about encryption technology;
  • Criminalize the use of encryption to mask “incriminating” communications or information in planning or acting out a crime.

The Electronic Privacy Information Center, in a preliminary analysis of the bill, praised the senators for recognizing the privacy and free-speech issues surrounding encryption. But EPIC officials said they worried about the creation of a “net center” and provisions making it illegal to use encryption for crime.

“We believe it is a mistake to create criminal penalties for the use of a particular technique or device,” EPIC officials wrote. “Such a provision tends to draw attention away from the underlying criminal act and casts a shadow over a valuable technology that should not be criminalized.”

William Reinsch, an undersecretary in the U.S. Commerce Department who leads President Clinton’s encryption exportation policies, said he worried about the bill deleting key-recovery requirements. He said such measures would be detrimental to law enforcement measures.

–The Associated Press contributed to this report.