IP: Mandatory key escrow bill text, backed by FBI

[Dave Farber <farber () cis upenn edu>]

Date: Fri, 5 Sep 1997 19:46:55 -0700 (PDT)
From: Declan McCullagh <declan () well com>




All encryption products distributed in or imported into the U.S. after
January 1, 1999 must have a key escrow backdoor for the government,
according to an FBI-backed proposal circulating on Capitol Hill. The
measure would impose a similar requirement on "public network service
providers" that offer data-scrambling services. FBI Director Louis Freeh
talked about this proposal, without disclosing legislation existed, at a
Senate subcommittee haring on Wednesday.


Domestic use and sale of encryption has never been regulated.


Attached is an excerpt from the draft "Secure Public Networks Act" dated
August 28.


-Declan


-------


        SEC. 105. PUBLIC ENCRYPTION PRODUCTS AND SERVICES


        (a) As of January 1, 1999, public network service
        providers offering encryption products or encryption
        services shall ensure that such products or services
        enable the immediate decryption of communications or
        electronic information encrypted by such products or
        services on the public network, upon receipt of a court
        order, warrant, or certification, pursuant to section
        106, without the knowledge or cooperation of the person
        using such encryption products or services.


        (b) As of January 1, 1999, it shall be unlawful for any
        person to manufacture for sale or distribution within
        the U.S., distribute within the U.S., sell within the
        U.S., or import into the U.S., any product that can be
        used to encrypt communications or electronic
        information, unless that product:


         (1) includes features, such as key recovery, trusted 
         third party compatibility or other means, that


          (A) permit immediate decryption upon receipt of
          decryption information by an authorized party without
          the knowledge or cooperation of the person using such
          encryption product; and


          (B) is either enabled at the time of manufacture,
          distribution, sale, or import, or may be enabled by the
          purchase or end user; or


         (2) can be used only on systems or networks that include
         features, such as key recovery, trusted third party
         compatibility or other means, that permit immediate
         decryption by an authorized party without the knowledge
         or cooperation of the person using such encryption
         product.


        (c) (1) Within 180 days of the enactment of this Act,
        the Attorney General shall publish in the Federal
        Register functional criteria for complying with the
        decryption requirements set forth in this section.


        (2) Within 180 days of the enactment of this Act, the
        Attorney General shall promulgate procedures by which
        data network service providers sand encryption product
        manufacturers, sellers, re-sellers, distributors, and
        importers may obtain advisory opinions as to whether a
        decryption method will meet the requirements of this
        section.


        (3) Nothing in this Act or any other law shall be
        construed as requiring the implementation of any
        particular decryption method in order to satisfy the
        requirements of paragrpahs (a) or (b) of this section.


-------


MSNBC's Brock Meeks on above FBI proposal & White House support:
  http://www.msnbc.com/news/108020.asp


My report on the September 3 "mandatory key escrow" Senate hearing:
  http://jya.com/declan6.htm


Transcript of FBI director Louis Freeh's remarks at Sep 3 hearing:
  http://jya.com/fbi-gak.txt


Reuters' Aaron Pressman on Commerce Dept backing away from FBI:
  http://www.pathfinder.com/net/latest/RB/1997Sep05/248.html


-------