All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.
An influential bipartisan Senate trio has introduced a bill intended to stand as the Clinton administration's answer to House and Senate bills that would relax government policy on encryption control and export.
The Secure Public Networks Act, introduced Monday by Senators John McCain (R-Arizona), Bob Kerrey (D-Nebraska), and Ernest Hollings (D-South Carolina), would provide strong industry incentives for participation in domestic key recovery - a system in which users of data-security technology give up a key to access their data to an authorized third party. The bill would also establish a system of key certificate authorities - the third parties the government would certify to hold the keys.
Privacy advocates have condemned the provisions, part of an administration draft released in March, as a violation of a basic right to keep one's personal communications to one's self.
Once law enforcement officials obtain access to your encrypted information - either through a subpoena or other means - "all future communication could be compromised," said Jonah Seiger of the Center for Democracy and Technology. "It gives broad new surveillance authority."
The bill also would create 15 new federal crimes dealing with the use of encryption and key recovery, such as using encryption to further a crime, with penalties of up to five years in prison.
In contrast to the Kerrey/McCain/Hollings bill are bills in the House and Senate that would end export controls and ignore domestic key recovery.
Pro-CODE, introduced earlier this year by Senator Conrad Burns (R-Montana), would end most export controls on encryption and set up an advisory panel to advise the government on regulating this new frontier of securing electronic data transfers. A similar bill in the House by Representative Bob Goodlatte (R-Virginia) has gained 121 cosponsors.
The Kerrey/McCain/Hollings bill sticks closely to the administration’s current policy of export controls. For example, it would reinforce the current administration policy of limiting the strength of encryption allowed for export to 56-bit - a strength that, while it has not been cracked, is not seen among encryption experts as the most secure means of locking up data.
The new bill will likely be considered by the Senate Commerce Committee later this week, and may push Pro-CODE aside as this year’s answer to encryption policy, Senate staffers suggest. McCain is the chairman of the Senate Commerce Committee, and Kerrey is the ranking Democrat on the Senate Intelligence Committee.
But the bill faces obstacles.
Encryption experts have argued that some aspects of the administration’s encryption plan - such as domestic third-party key recovery - are risky, expensive, and beyond the expertise of those working in the field today. A report by 11 encryption experts issued last month, which focused on the technological (as opposed to political) viability of a worldwide key escrow system of key recovery with quick access by law enforcement officials, concluded that that possibility was, for now, essentially a fantasy.
The US software and computer industries have also lobbied strongly against the administration policy - on the basis that the US edge in encryption and related applications such as e-commerce and communications software is quickly being eroded by foreign competitors - and have won friendly hearings in Congress.
