Interesting People mailing list archives
IP: CDT POLICY POST -- Administration Proposes Domestic
From: David Farber <farber () cis upenn edu>
Date: Thu, 27 Mar 1997 05:06:49 -0500
----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 3, Number 2 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 3, Number 2 March 26, 1997 CONTENTS: (1) Administration Proposes Domestic Encryption Controls (1) ADMINISTRATION PROPOSES DOMESTIC ENCRYPTION CONTROLS The Clinton Administration has drafted legislation to control the domestic use of encryption technologies and compel participation in key recovery systems open to the government. The bill would: * Create a vast new government-dominated "key management infrastructure" designed to be a prerequisite for participation in electronic commerce. * Compel people to use key recovery as a condition of participating in the key management infrastructure. * Require the disclosure of private keys held by third parties, without a court order and upon mere written request of any law enforcement or national security agency. CDT has obtained a draft of the proposed bill, which the Administration has floated to several members of Congress. To the best of our knowledge, the bill does not yet have a supporter on the Hill. The text of the draft is available online at http://www.cdt.org/crypto/ ________________________________________________________________________ SHORT SUMMARY The proposed bill would destroy any prospect of privacy and security on the Internet by opening a huge window of vulnerability to the private communications of Internet users. An initial analysis of the proposal by CDT reveals the following significant concerns: 1. EASY ACCESS TO PRIVATE COMMUNICATIONS BY LAW ENFORCEMENT: Under the proposal, the government is granted carte blanche access to private decryption keys through a "subpoena" or "written authorization in a form to be specified by the Attorney General," whenever the government has encrypted information (Sec. 302). The draft bill specifies no further standards for the release of keys and PROHIBITS notice to the person whose key has been revealed. The Administration's proposal would dramatically increase law enforcement surveillance authority by allowing access to decryption keys without a court order. Current electronic surveillance law requires law enforcement to obtain a Title III court order, upon a showing of probable cause, before obtaining the contents of an electronic communication or data from a wiretap. 2. NEW DOMESTIC CONTROLS ON ENCRYPTION TECHNOLOGY: Until now, the debate over encryption policy has centered on US export controls, which have had the indirect but intended effect of limiting the availability of strong, easy-to-use encryption technologies inside the United States. The Administration's proposal for the first time explicitly encourages the use of key recovery inside the United States. The bill seeks to accomplish this by granting government approved "Key Recovery Agents" and "Certificate Authorities" immunity for mishandling keys. 3. COMPELLED USE OF KEY RECOVERY DOMESTICALLY: While the Administration claims that its proposal is voluntary, the draft uses a variety of means to force use of government-approved key-recovery agents. In other words, in order to conduct business, engage in electronic commerce, or have a secure communication online, individuals would be compelled to use encryption systems with GUARANTEED GOVERNMENT ACCESS. Broadly speaking, a public key infrastructure would enable users to clearly identify the people they are communicating with and facilitate key management, and is widely viewed as an important component of a secure and trusted communications environment. However, the administration's proposal would establish this infrastructure at a heavy price: All users of the public key infrastructure would have to ensure government access to their encryption keys upon a mere government request. ________________________________________________________________________ MORE TO COME CDT will post a detailed analysis of the Administration's proposal on our Encryption Policy Issues Page (URL below) shortly. The full text of the Administration's draft is available now. Bills are currently pending in both the House and Senate to relax US encryption export controls and promote the widespread availability of strong, easy-to-use encryption technologies to protect privacy and security on the Internet. Two of these bills (S. 377 - the 'Promotion of Commerce Online in the Digital Era (Pro-CODE) Act of 1997' and HR --, the 'Security and Freedom through Encryption (SAFE) Act of 1997' were the subject of Congressional Hearings last week. Detailed background information on both proposals is available at CDT's encryption policy issues page and the Encryption Policy Resource Page (URLs below) * CDT's Encryption Policy Issues Page -- http://www.cdt.org/crypto * the Encryption Policy Resource Page -- http://www.crypto.com/
Current thread:
- IP: CDT POLICY POST -- Administration Proposes Domestic David Farber (Mar 27)