[ISN] Senator changes his crypto tune

From: mea culpa (jerichoat_private)
Date: Fri Apr 02 1999 - 07:06:03 PST

  • Next message: mea culpa: "[ISN] Man arrested for Melissa virus"

    Senator changes his crypto tune
    http://www.news.com/News/Item/0,4,34501,00.html
    Courtney Macavinta
    Staff Writer, CNET News.com
    
    A powerful senator who once backed domestic controls on encryption now
    plans to submit legislation to liberalize the export of the
    data-scrambling technology. 
    
    Senate Commerce Committee [ http://www.senate.gov/~commerce/ ] chairman
    John McCain (R-Arizona) said today that he will introduce a bill to allow
    companies to ship strong encryption products overseas to non-hostile
    nations. 
    
    Although the bill doesn't call for the same magnitude of relief as the
    Security and Freedom through Encryption Act
    http://thomas.loc.gov/cgi-bin/query/z?c106:h.r.850: ](SAFE), observers say
    McCain's change of heart is significant and could finally push Congress
    over the line toward passage of crypto export policy reforms. 
    
    McCain's bill will allow for the immediate unfettered export of 64-bit
    crypto, and by 2002 could permit the easy export of 128-bit encryption. 
    Currently this rule applies only to 56-bit crypto, but that
    http://www.news.com/News/Item/0,4,19492,00.html ] standard has been
    cracked. 
    
    The legislation also would authorize more funding to help law enforcement
    stay on top of the latest security technologies, and maintains President
    Clinton and the Secretary of Commerce's power to refuse export licenses to
    certain countries or individuals. 
    
    "This bill protects our national security and law enforcement interests
    while maintaining the United States' leadership role in information
    technology," McCain said in a statement. Sens. Conrad Burns (R-Montana),
    Patrick Leahy (D-Vermont) and Ron Wyden (D-Oregon) will cosponsor the
    legislation. 
    
    The U.S. government has long regulated encryption exports under weapons
    controls, based on law enforcement assertions that tech-savvy criminals
    can use the products to conceal their activity. 
    
    But opponents of the rules argue that they cost the software industry
    profits and threaten global computer users' privacy. This same camp hit
    the roof in 1997 when McCain himself cosponsored a bill that for the first
    time would have imposed domestic controls on encryption used by
    government-funded institutions. 
    
    So it's no surprise that McCain's policy shift was greeted warmly. 
    
    "Having McCain, the chair of the powerful Commerce Committee, as a key
    sponsor, is a signal to the administration that their encryption export
    policy is losing support in Congress," said Lusan Chua a policy analyst at
    the Center for Democracy and Technology. 
    
    Still, McCain's isn't the best bill on the market, she added. Unlike SAFE,
    which would grant immediate relief, the major changes proposed by the
    McCain bill might not go into effect until 2002. 
    
    "The legislation is an important move in the right direction and a great
    start to the Senate process. However, it must be noted that the bill
    doesn't go as far or as fast as the SAFE Act, which now has 248 cosponsors
    in the House, and was favorably reported
    http://www.news.com/News/Item/0,4,34208,00.html ] by the House Judiciary
    Committee last week," Ed Gillespie, executive director of Americans for
    Computer Privacy [ http://www.computerprivacy.org/ ], said in a statement. 
    
    As part of a piecemeal concession plan, the White House has updated its
    policy to [ http://www.bxa.doc.gov/Encryption/EncrypolicyUpdate.htm ]
    allow for certain industries to export 56-bit encryption products after a
    one-time technical review. The administration also removed a requirement
    that those products must include "key recovery" mechanisms, which give
    companies or law enforcement officials with court orders a way to get
    access to encrypted data via a "spare key." 
    
    "Granting sectoral relief doesn't address the individual privacy concerns
    of computer users," CDT's Chua added. 
    
    Along with partial export relief, McCain's bill would do the following: 
    
    • Set up a 12-member Encryption Export Advisory Board to review export
    policy exemption applications. The Secretary of Commerce can reject an
    exemption, which can then be appealed to the courts by the applicant. 
    Clinton will pick seven people, including one each from the National
    Security Agency, the CIA, and his office, with four more chosen from the
    private sector. The other four members will be picked by Congress. 
    
    • Direct the National Institute for Science and Technology to establish an
    advance crypto standard, likely 128-bit, by January 1, 2002. 
    
    • Prohibits domestic controls on encryption products as well as mandatory
    government access to plain-text encrypted material as a condition for
    export. 
    
    • Unlike SAFE, the bill doesn't make it a crime to use encryption to cover
    up illegal activity. 
    
    
    
    
    
    
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:46 PDT