Senators John Ashcroft and Patrick Leahy fired a new volley Tuesday in Washington's long battle over federal encryption policy.
The duo -- a Missouri Republican and a Vermont Democrat, respectively -- introduced a bill that would scuttle an FBI-led drive to require US software makers to equip all encryption-enabled programs with a feature that would allow law enforcers to get quick access to scrambled information.
The E-Privacy Act contains a declaration of Americans' right to secure communications protected by crypto technology and also seeks -- as other bills have in the past -- to force the government to ease export controls on such software.
Early reaction to the bill was predictably mixed.
The recently formed Americans for Computer Privacy -- a software-industry-supported group started expressly to oppose the FBI's key-recovery agenda -- lauded the Ashcroft-Leahy initiative.
William Reinsch, a commerce undersecretary who is the Clinton administration's lead man on crypto export policy, told the Associated Press he was troubled by the bill's exemption of mass-market software from the key-recovery requirements the FBI seeks. He suggested that the provision would help big companies, such as Microsoft, and hurt smaller ones who might develop alternative products or crypto software equipped with key-recovery features.
The Electronic Privacy Information Center, a strong proponent of crypto as a means of protecting individual security, welcomed the counterattack on the forces of mandatory key recovery while expressing strong reservations about two of the bill's provisions in particular.
The center urged sponsors to reconsider a section that would punish those who use encryption to hide incriminating information -- arguing that it's inappropriate to criminalize a technique that might aid a criminal enterprise instead of focusing on the criminal act itself. The center also objects to the bill's proposed National Electronic Technology Center -- a police laboratory that would study codebreaking technology and the law-enforcement issues it raises. The EPIC analysis warned against the center as a potential "new domestic surveillance bureaucracy within the Department of Justice."
The naming of the proposed legislation continues the tradition among those who seek to liberalize US encryption policy of using a bill's title as a badly tortured acronym. In this case, E-Privacy stands for "Encryption Protects the Rights of Individuals from Violation and Abuse in Cyberspace." A 1997 Senate predecessor, also co-sponsored by Leahy, was called Pro-Code: "Promotion of Commerce Online in the Digital Era." And a still-alive House bill is known as SAFE -- the Safety and Freedom Through Encryption Act.
