Interesting People mailing list archives
ip: Encryption Bill Would Restrain Next Generation of the
From: David Farber <farber () cis upenn edu>
Date: Wed, 25 Jun 1997 10:49:14 -0400
CyberTimes Click Here for Microsoft News
toolbar
[INLINE]
June 25, 1997
Encryption Bill Would Restrain
Next Generation of the Internet
By PETER WAYNER
T he users of the next generation of the Internet will be forced to
turn over the keys to their encrypted computer data to government
authorities if a bill currently before the Senate passes.
_______________________________________________________________
Related Articles
Microsoft and Netscape Allowed to Export Data Scrambling Software
Surprise Bill Disrupts Encryption Debate
(June 21, 1997)
_______________________________________________________________
Senator Bob Kerrey, the Nebraska Democrat who cosponsored the
measure, said in an interview Monday that the bill would require
that the authorities be able to recover such keys in the next
generation network, called Internet 2, an advanced, high-speed
research project that is being carried out in more than 100
universities across the country.
The bill does not mention Internet 2 specifically but simply refers
to data traveling on all networks created "with the use of Federal
funds for transaction of government business." Users of the current
Internet would have the freedom to choose whether to notify the
authorities of the keys.
Key recovery is a controversial proposal aimed at giving fast access
to encrypted data to the branches of the government responsible for
law enforcement and national defense. These branches worry that
widely deployed, easy-to-use encryption technology will make it
simple for criminals and terrorists to cloak their communications
and make it impossible for the police to use surveillance to gather
evidence.
_______________________________________________________________
[INLINE] We know the current law isn't right. So let's change the
law and get some good flexibility. [INLINE]
Senator Bob Kerrey
Democrat of Nebraska
_______________________________________________________________
Others, including computer scientists, civil libertarians and even
some law enforcement officials, worry that such a proposal would
concentrate too much power in the key recovery centers and that this
makes the nation vulnerable to both attack by terrorists and abuse
by those entrusted with the power.
A government-approved key-recovery system, as imagined by the bill,
would be created by an organization that would store the keys to
unlock the data encrypted by members of the organization. It could
be either a corporation, a university or a group of private
citizens.
The key recovery official for the organization, known as the
"agent," would be responsible for decrypting the data and providing
a "plaintext" version to the police in response to a subpoena, a
court order, a warrant or a letter from an attorney general. The
bill would remove the civil and criminal liability from the agents
for responding to such queries but would impose penalties of up to
$100,000 on those who fail to comply.
_______________________________________________________________
Today in CyberTimes
ARTICLES AND COLUMNS
Encryption Bill Would Restrain Next Generation of Internet
By Peter Wayner
Microsoft and Netscape Allowed to Export Data Scrambling Software
By John Markoff
Lexis-Nexis Agrees to Let People See Personal Data
By The Associated Press
Ink Stains and the News World Order
By Lisa Napoli
The Tyranny of the Absolute
By Peter Wayner
Giving Expression to Communication With Virtual Humans
By Ashley Dunn
_______________________________________________________________
TODAY'S SECTION FRONT
SEVEN-DAY INDEX
CYBERTIMES FORUMS
CYBERTIMES NAVIGATOR
_______________________________________________________________
The bill, called the Kerrey/McCain act after its sponsors, Kerrey
and John McCain, the Arizona Republican who is chairman of the
Commerce Committee, is officially known as the Secure Public
Networks Act. It would require all new federally financed networks
or computer systems to use government-approved key-recovery
technology.
The Internet 2 is a cooperative effort involving 109 universities to
build a demonstration version of a very-high-speed Internet in order
to aid scientific research and to push the state of network
technology. Its current embodiment is financed by a mixture of
grants from the National Science Foundation and President Clinton's
Next Generation Internet initiative.
The greatest problem facing the users of Internet 2 and other future
federally financed networks will be defining where the government
control begins and where it ends. In the interview, Kerrey admitted
that this was a challenging problem and said that the government
must be flexible in determining the answer. His legislation would
create an Information Security Board that would ultimately be
responsible for tuning the application of the law.
"The law is written so we can get regular look-backs and decide
what's not working," he said. "We know the current law isn't right.
So let's change the law and get some good flexibility."
The current law controls only the export of encryption technology.
People in the United States have been free to use encryption to
protect their secrets since before the days of the American
Revolution. Thomas Jefferson, for instance, dabbled in cryptography
and even personally specified the encryption system to be used by
Lewis and Clark in their expedition.
For this reason, Senator Kerrey expects that people will challenge
the constitutionality of his bill, but he says that his office is
working hard to ensure that they get the bill right the first time.
The law could run afoul of the First Amendment to the Constitution,
which prohibits the "abridging of the freedom of speech." Requiring
people to speak in a form that is understandable by the government
in order to participate in government-financed network might be
considered an abridgment.
Donald Haines, legislative counsel of the American Civil Liberties
Union said, "It's like asking: 'Can you make it illegal to commit a
crime in French?' "
A more likely challenge may come from the Second, Fourth and Fifth
Amendments. The United States government has treated encryption
technology as munitions in order to control its export. The Second
Amendment, however, guarantees the right to "keep and bear arms."
The Fourth Amendment guarantees "the right of the people to be
secure in their persons, houses, papers and effects, against
unreasonable searches and seizures." It is not clear how a court
would view the requirement that a citizen disclose his or her
encryption key to a key-recovery agent in order to participate in
the next generation of the Internet.
On one hand, the agent would act as an intermediary who would only
disclose the data to the government in response to a valid request.
On the other, the requirement for disclosure before any warrant is
issued might be seen as a violation of the Fifth Amendment, which
prohibits the possibility that someone "be compelled in any criminal
case to be a witness against himself."
More obscure challenges may emerge from the Ninth and Tenth
Amendments. The Tenth Amendment reserves "powers not delegated to
the United States by the Constitution" to either the individual
states or the people.
_______________________________________________________________
In the House, widespread support for a less Draconian measure
portends trouble for the Kerrey bill.
_______________________________________________________________
Representative Bob Goodlatte, a Virginia Republican and a sponsor of
competing legislation in the House, asserts that Kerrey's bill is
unconstitutional and that it amounts to a "dramatic erosion of the
people's rights" to allow access to someone's data without the
oversight of a court. He points out that Kerrey bill would allow
foreign governments to request access to anyone's files in the
United States through the office of the Attorney General.
To a large extent, the constitutional question may depend upon just
how voluntary the key-recovery process turns out to be. The current
draft of the bill contains language that explicitly guarantees that
participation in the program is voluntary, but it then enumerates
all the conditions under which federal financing will make it
mandatory.
The first to feel the requirements will be universities and
colleges, because they rely heavily on government financing. Kerrey
said he remained willing to consider any language that would help
give the universities the flexibility they need to continue to do
research effectively, but added that he remained committed to
pushing key-recovery technology.
Some members of the university community expressed doubt that any
compromise would be possible. Gregory A. Jackson, the associate
provost of the University of Chicago and a member of the Internet 2
steering committee, said that the record-keeping burden would be
onerous and that the gains would be to slim when measured against
the cost.
"I can understand the FBI's point," Jackson said. "There are times
when we want access to some communications on campus and we can't
get it."
In his work at the University of Chicago and in his previous job at
the Massachusetts Institute of Technology, Jackson said, he was
often called on to deal with disciplinary problems involving misuse
of the campus networks. "We had to use different leverage over
people on campus," he said. "Ultimately, the FBI is probably going
to reach the same conclusion."
Besides, Jackson said, it is virtually impossible even to define
what encryption is. While the law requires that the key-recovery
agents deliver "plaintext," it is impossible to control how people
speak or what data they exchange.
He went on to predict that the Internet 2 project would find a way
to migrate into a completely private entity if it became necessary
to avoid government regulation.
"Even the most optimistic estimates of what the federal contribution
will be are still a small fraction of the costs of Internet 2," he
said. "It's serious money, and its important for making it go
forward quickly, but it's not the lion's share."
George Cybenko, a professor at Dartmouth, said that his use of the
Internet 2 could drop to simple e-mail and Web browsing because of
the overhead imposed by keeping track of the keys.
"If someone shows up and says, 'This packet came out of your office
at 4 p.m. What does it mean?' it will be a nightmare," Cybenko said.
Many of the new uses of the Internet involve packing new and
different forms of communication into complicated data structures.
Determining the difference between data that are encrypted and data
that are merely unconventional is difficult and could lead to
problems.
Some Internet correspondents have predicted that the FBI will be
able to find a Senator to add an amendment to Kerrey's bill to make
key recovery mandatory for all Americans. Kerrey himself suggested
that this amendment may be offered by the Judiciary committee or on
the floor of the Senate in coming weeks.
On Wednesday, the Senate Judiciary committee will begin holding
meetings to investigate the technology. Some expect that the
committee chairman, Senator Orrin Hatch, Republican of Utah, will
offer his own version of the legislation.
In the House, however, a different story continues to unfold.
Goodlatte has sponsored his SAFE legislation (Security and Freedom
through Encryption) that would relax export controls and not require
key-recovery provisions for anyone. His bill would deal with the
problem of criminals hiding their actions by extending the sentences
of anyone who uses encryption in furtherance of a felony.
His legislation has enjoyed wide, bipartisan support. Cosponsors
range from conservative Republicans like Tom DeLay of Texas, to
liberal Democrats like Maxine Waters of California.
In the last two days, six more members of the House have signed on
as co-sponsors, bringing the total to 131.
_______________________________________________________________
Related Sites
Following are links to the external Web sites mentioned in this
article. These sites are not part of The New York Times on the Web,
and The Times has no control over their content or availability.
When you have finished visiting any of these sites, you will be able
to return to this page by clicking on your Web browser's "Back"
button or icon until this page reappears.
* The Internet 2 Project's Home Page
* Text of Secure Public Networks Act, S909
This draft is not current. For instance, Section 205 has been
replaced with: "Any encrypted communications network established
after the date of enactment of this Act with the use of Federal
funds for transaction of government businesss shall use encryption
products based upon a qualified system of key recovery."
* Bill Summary and Status for S.909 (The Kerrey/McCain act)
* Bill Summary and Status for H.R.695 (Rep. Goodlatte's bill)
Home | Sections | Contents | Search | Forums | Help
Copyright 1997 The New York Times Company
_________________________________________________________________
Click Here for Microsoft News
Current thread:
- ip: Encryption Bill Would Restrain Next Generation of the David Farber (Jun 25)