All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.
Two bills addressing the thorny issue of data-security technologies were introduced in the Senate Thursday. Both aim to roll back the Clinton administration's policy on encryption exports.
The Promotion of Commerce Online in the Digital Era Act - or Pro-CODE Act - would overturn the White House policy on "key recovery" encryption export. Introduced by Republican Senator Conrad Burns of Montana and 19 co-sponsors, including Senate Majority Leader Trent Lott, Pro-CODE is a market-friendly approach to encryption technologies.
In contrast to the White House's current policy, Pro-CODE puts no limits on the strength of encryption that can be exported. Currently, the Commerce Department allows a maximum of 56-bit encryption to be exported, and it must include the hotly contested key recovery option.
Pro-CODE also would establish an "Information Security Board" whose members would include officials from the Federal Bureau of Investigation and Department of Justice. The board would aim to improve communication between the computer-security industry and federal agencies, which are concerned that criminals and terrorist organizations would abuse that same data-security technology.
Many privacy advocates say the board, as outlined in the bill, is crucial in reaching a compromise between privacy and security interests.
"We are truly in the middle of the crypto wars and what hangs in the balance is user privacy" said Shabbir J. Safdar, co-founder of the Voters Telecommunication Watch. "The board as it stands is a voluntary organization designed to advise agencies, and that is not problematic. If the board were to change in mission, if it were to become less of an information group and more of a regulatory commission, that would be problematic."
Meanwhile, Democratic Senator Patrick Leahy of Vermont, a co-sponsor of Pro-CODE, introduced a separate bill called the Encrypted Communications Privacy Act, or ECPA II, which establishes civil and criminal penalties for the unauthorized release of key recovery information. Many companies and individuals prefer encryption software with a key recovery option so that they can access the encrypted data if necessary.
"Although there are a number of key recovery technologies already on the market, there are currently no protections against the unauthorized disclosure of sensitive key recovery information," Jerry Berman, executive director of the Center for Democracy and Technology, said in a statement. The CDT supports both Senate bills.
A similar version of Pro-CODE was introduced by Burns last year but languished in committee during the final days of Congress.
