[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

News on Pending US (Encryption) Legislation



Will this have any effect on IPSEC?

Cheers,

Rob Goode	goode@nc3a.nato.int

----- Begin Included Message -----

====================================================================


To: coastwatch (COAST Mailing list)
Subject: Special Notice: News on Pending US Legislation

The last week has produced some incredible events in the U.S. House of 
Representatives as regards cryptography.  

Enclosed is a story about one such event that may soon result in U.S.
law. If you do business in the U.S. or live in the U.S. and expect to
use computer systems and networks, this issue should be of major
concern to you.  Most mainstream media seems to be avoiding this issue,
perhaps because it is difficult to present to the lay reader.  Thus,
you may not have heard about this.  We think you should.  The
implications are huge for our security and privacy, and for the ability
to conduct unhindered research and education on information security
issues in the U.S.

I will not editorialize on this issue here.  However, I urge you to seek out 
information on what is happening and convey your opinions, whatever they may 
be, to your elected representatives (if you are in the US).  You should act 
soon, as there may be little time before a final bill is crafted to go to the 
floor of the House.


>---------- Forwarded message ----------
>Date: Thu, 11 Sep 1997 23:37:39 -0700 (PDT)
>From: Declan McCullagh <declan@well.com>
>To: fight-censorship-announce@vorlon.mit.edu
>Subject: House panel votes behind closed doors to build in Big Brother
>
>Software that protects your privacy is a controlled substance that may no
>longer be sold, a Congressional committee decided today.
>
>Meeting behind closed doors this morning, the House Intelligence committee
>voted to replace a generally pro-encryption bill with an entirely
>rewritten draft that builds in Big Brother into all future encryption
>products. (The Senate appears to be moving in a similar direction.)
>
>The new SAFE bill -- titled in a wonderfully Orwellian manner the
>"Security and Freedom through Encryption" act even though it provides
>neither -- includes these provisions:
>
>SELLING CRYPTO: Selling unapproved encryption products (that do not
>include "immediate access to plaintext") becomes a federal crime,
>immediately after this bill becomes law. Five years in jail plus
>fines. Distributing, importing, or manufacturing such products
>after January 31, 2000 is another crime.
>
>NETWORK PROVIDERS: Anyone offering scrambled "network service"
>including encrypted web servers or even "ssh" would be required to
>build in a backdoor for the government by January 31, 2000. This
>backdoor must provide for "immediate decryption or access to
>plaintext of the data."
>
>TECHNICAL STANDARDS: The Attorney General will publish technical
>requirements for such backdoors in network service and encryption
>products, within five months after the president signs this bill.
>
>LEGAL TO USE CRYPTO: "After January 31, 2000, it shall not be
>unlawful to use any encryption product purchased or in use prior to
>such date."
>
>GOVERNMENT POWERS: If prosecutors think you may be selling,
>importing, or distributing non-backdoor'd crypto or are "about" to
>do so, they can sue. "Upon the filing of the complaint seeking
>injunctive relief by the Attorney General, the court shall
>automatically issue a temporary restraining order against the party
>being sued." Also, there are provisions for holding secret
>hearings, and "public disclosure of the proceedings shall be
>treated as contempt of court." You can request an advisory opinion
>from the government to see if the program you're about to publish
>violates the law.
>
>ACCESS TO PLAINTEXT: Courts can issue orders, ex parte, granting
>police access to your encrypted data. But all the government has to
>do to get one is to provide "a factual basis establishing the
>relevance of the plaintext" to an investigation. They don't have to
>demonstrate probable cause, which is currently required for a
>search warrant. More interestingly, this explicitly gives the FISA
>court jurisdiction (yes, the secret court that has never denied a
>request for a wiretap). If they decode your messages, they'll tell
>you within 90 days.
>
>GOVERNMENT PURCHASING: Federal government computer purchases must
>use a key escrow "immediate decryption" backdoor after 1998. Same
>with networks "purchased directly with Federal funds to provide the
>security service of data confidentially." Such products can be
>labeled "authorized for sale to U.S. government"
>
>ENCRYPTION EXPORTS: The Defense & Commerce departments will control
>exports of crypto. Software "without regard to strength" can be
>exported if it includes a key escrow backdoor and is first
>submitted to the government. Export decisions aren't subject to
>judicial review, and the "president may by executive order waive
>any provision of this act" if he thinks it's a threat to national
>security. Within 15 days, he must send a classified briefing to
>Congress.
>
>ADVISORY PANEL: Creates the Encryption Industry and Information
>Security Board, with seven members from Justice, State, FBI, CIA,
>White House, and six from the industry. 
>
>INTERNATIONAL: The president can negotiate international agreements
>and perhaps punish noncompliant governments. Can you say "trade
>sancation?"
>
>(Other provisions barring the use of crypto in a crime and
>some forms of cryptanalysis are also in the bill.)
>
>Next the Commerce Committee will vote on SAFE, and a former FBI
>agent-turned-Congressman is vowing to ensure that similar language to this
>is included. (The committees are voting on the bill in parallel, and a
>four-person team of Congressmen is working to forge a compromise before
>Commerce votes.) Then the heads of the five committees that have rewritten
>the legislation will sit down and work out another compromise. If it's
>acceptable to the House Rules committee -- and if the FBI/NSA get what
>they want it will be -- the bill can move to the floor for a vote. 
>
>That's why the encryption outlook in Congress is abysmal. Crypto-advocates
>have lost, and lost miserably. A month ago, the debate was about export
>controls. Now the battle is over how strict the //domestic// controls will
>be. It's sad, really, that so many millions of lobbyist-dollars were not
>only wasted, but used to advance legislation that has been morphed into a
>truly awful proposal. 
>
>I wrote more about this at:
>
>  http://cgi.pathfinder.com/netly/opinion/0,1042,1385,00.html
>
>-Declan
>

------- End of Forwarded Message


Follow-Ups: