Cryptography Policy Items from All Over

Bills to relax U.S. controls on the use and export of encryption were introduced 5 March in both the House (Rep. Goodlatte, H.R. 3011, Security and Freedom through Encryption Act) and Senate (Senator Leahy, S.1587, Encrypted Communications Privacy Act of 1966). At this writing (28 April), the House bill has attracted 37 co-sponsors; the Senate bill has only four, but Senator Dole is one of them. The bills are not identical, but both would relax U.S. export controls on encryption substantially and assure U.S. citizens certain rights in the use of encryption. Neither bill has progressed very far in the legislative process as yet.

According to the Internet Privacy Coalition, Senator Burns will introduce his own bill, entitled Promotion of Commerce On-line in the Digital Era (PRO-CODE), on April 30. This is the legislation he announced at the Computers, Freedom, and Privacy conference (Cipher EI #13).

In the past month, the ACM US Policy Board and IEEE US Activities Board jointly wrote to Senator Burns as chairman of the Senate subcommittee with cognizance over S. 1587 in support of relaxing export controls on encryption, but suggesting that "we believe that the inclusion of issues that are tangential to export, such as key escrow and encryption in domestic criminal activities, is not necessary. The relaxation of export controls is of great economic importance to industry and users, and should not become entangled in more controversial matters."

A letter from Dorothy Denning to Sen. Leahy was circulated widely on the Internet this month. She argues that his bill goes too far in removing export controls and that international solutions based on the use of escrowed encryption and CAPIs would be acceptable to business and government and should be sought. Matt Blaze and Bruce Schneier had earlier written to Sen. Leahy endorsing the legislation, though expressing concerns over the potential interpretation of the bill's provision that criminalizes the use of cryptography in the furtherance of a Federal felony. The Schneier and Blaze letters are available at the Internet Privacy Coalition's web site.

Now that the "Blue Ribbon" campaign against the Communications Decency Act is old news (though it's not over -- judges in a Philadelphia courtroom were treated to lessons in how to find indecent materials on the Internet this month, as the CDA trial continues), the Internet Privacy Coalition (IPC), sporting a distinguished list of Founding Members and a long list of Affiliated Organizations, has started a "Gold Key" campaign to "to raise awareness and support for the preservation of the right to communicate privately and the availability of new techniques which make it possible." The IPC announced its formation and the campaign on April 24. Details.

According to a report in Inter@ctive Week, the Gartner Group has issued a study arguing that

easily available encryption would quickly result in the dominance of a handful of encryption products worldwide, much like the market for other software. Once a mass market for cheap, easy-to-use security was established, the Gartner Group said, there would be little motivation for other companies to produce expensive, leading edge technologies, thus slowing the progress of encryption technology abroad as well as domestically. At that point, Gartner said, law enforcement could concentrate on cracking a handful of codes rapidly, instead of worrying about a wide variety of strong encryption technologies worldwide.

A report from the UK indicated that its Department of Trade and Industry (DTI) has received a study on information security featuring the key-escrow approach and that ministers will decide on whether the UK will adopt such a scheme in the next few months.