[ISN] Senator introduces Net security laws

From: mea culpa (jerichoat_private)
Date: Sun Jan 31 1999 - 03:25:39 PST


Forwarded From: Sunit Nangia <sunitat_private>

Senator introduces Net security laws 
By Courtney Macavinta
Staff Writer, CNET News.com 
January 29, 1999, 11 a.m. PT 
URL: http://www.news.com/News/Item/0,4,31676,00.html 

WASHINGTON--Taking a break from the impeachment trial, Sen. Conrad Burns
today promised to safeguard Net surfers' privacy through his "digital
dozen" legislation package. 

Burns, a Montana Republican who chairs the Senate Commerce
Telecommunication Subcommittee, said he will reintroduce the Promotion of
Commerce Online in the Digital Era Act (Pro-Code) to allow U.S.  firms to
sell products overseas with stronger encryption than is permitted under
current laws. 

Also on the agenda are bills to protect online users' personal information
and computerized records, to promote the use of digital signatures, and to
curb unsolicited bulk email. He plans to post drafts of the privacy and
encryption bill as early as Monday. 

"We're living in an age where security is everything," Burns said during a
press conference. 

Burns has tried to pass Pro-Code twice before, but his efforts were
stymied by national security agencies. The FBI, for example, argues strong
crypto will give crafty criminals an upper hand when they use it to
scramble their digital communications. 

Law enforcement agencies long have fought to force manufacturers to create
"spare keys" that would be able to crack encrypted material under
investigation. Privacy advocates and crypto makers, however, maintain that
such a requirement would stifle both business concerns and security
efforts. 

Burns's bill, which also would prohibit so-called key recovery and cut
down on the red tape involved in exporting data-scrambling technology,
likely will face opposition, and will not mirror a popular compromise
introduced last year. The E-Privacy Act would have lifted some export
regulations, but it also would have carved out some concessions for law
enforcement agencies, by making it a felony to use encryption to "conceal
incriminating communications or information about a crime." 

The senator said he decided to go with Pro-Code because the administration
already has been whittling away at its crypto policy.  Also figuring in
his decision is the fact that national security agencies already have been
given the green light to set up a center that would bring together
encryption makers and nationwide investigators who need assistance with
decrypting messages in order to apprehend suspected criminals. 

"We've seen some movement in law enforcement with regard to encryption,"
Burns said today. "[The newly proposed legislation] will be more of a
reflection of the original Pro-Code." 

Added Mike Rawson, Burns's policy adviser for communications: "[The
senator] feels that there has been a lot of momentum and movement from the
administration. In that climate, he wants to come forward with a bill that
creates a level playing field." 

Still, the last version of the Pro-Code contained a controversial
provision that would have created an "information security board" made up
of representatives from federal agencies involved in developing
information security policies and export controls on encryption. The
board's meetings would have been closed to the public, an idea that raised
the hackles of privacy watchdogs. 

During the past year, the White House essentially has settled on a
piecemeal plan for cutting the red tape e-commerce companies and financial
institutions face in terms of crypto exports. The administration has done
little, however, to lift the controls on products designed for personal
use, such as those that help secure email messages or other computer
files. The U.S. crypto export standard has in fact been cracked on
multiple occasions. 

Privacy advocates nevertheless are relieved to see some high-tech
legislation emerge in the midst of President Clinton's historic Senate
impeachment trial. 

"There's obviously been efforts on the part of the administration to
diffuse legislative efforts to liberalize encryption policy," said David
Sobel, general counsel for the Electronic Privacy Information Center. "So
I'm glad to see that he remains committed to making encryption a high
priority." 

The digital dozen also tackles: 

* Government records--By April, Burns will introduce legislation to get
the Congressional Research Service online. The service's reports detail
the inner workings of the legislative process, such as draft bills, rather
than just the end results. 

* Digital signatures--Legislation to legitimize electronic IDs and digital
contracts will be introduced next month. 

* Spam--Mimicking past legislation, Senator Burns will work on requiring
senders of unsolicited bulk email to accurately identify themselves and to
remove people from their lists upon request. 

* E-rate--Taking on the federal school and library Net access subsidy,
known as the e-rate, Burns wants the program to be paid through an
existing 3 percent excise tax paid by telephone users--not through new
consumer long-distance fees, which is primarily how the program is being
funded now. 

* Bandwidth--Burns said he wants to see high-speed Net access become more
widely available in rural areas, rather than just in urban cores.  He said
he will put pressure on the Federal Communications Commission to
accelerate this process. 


-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]



This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:47 PDT