13 May 1998

Date: Tue, 12 May 1998 19:13:08 -0400
To: John Young <jya@pipeline.com>
From: Alan Davidson <abd@cdt.org>
Subject: Links, etc. for Ashcroft-Leahy

Fyi, as I know how you follow these things:

* CDT's analysis of the new Ashcroft-Leahy crypto bill is enclosed below
and on our site at: http://www.cdt.org/press/051298press.html
* A section-by-section analysis of the bill as introduced is available on our
site at:  http://www.cdt.org/crypto/eprivsec.html
* We are hoping to get real legislative language soon.

	-- Alan

    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____            __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____ _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/__/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  )/_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/   \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 4, Number11
      A briefing on public policy issues affecting civil liberties online
CDT POLICY POST Volume 4, Number 11                         May 12, 1998

CONTENTS: (1) Senators Introduce Pro-Privacy Encryption Bill,
                 In Stark Contrast to Administration Position
          (2) How to Subscribe/Unsubscribe
          (3) About CDT, Contacting us

   ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of gbrowning@cdt.org



A new weapon in the arsenal against misguided U.S. encryption policy
arrives today as Sens. John Ashcroft (R-Mo.) and Patrick J. Leahy (D-Vt.)
introduce their new encryption bill , which lays out a pro-privacy approach
to computer security that contrasts starkly with the Clinton
Administration's approach. The new bill, the E-PRIVACY Act, protects the
privacy of all Americans by:
  ** protecting the domestic use of strong encryption without  "key
recovery" back doors for government eavesdropping;
  ** easing export controls to allow U.S. companies to sell their
encryption products overseas;
  ** strengthening protections from government access to decryption keys; and
  ** creating unprecedented new protections for data stored in networks and
cell phone location information.

A section-by-section analysis of the bill is available online at


CDT is concerned about several features in the E-PRIVACY Act  that create
new threats to privacy online.  The bill establishes a new research center
to assist federal, state and local police in dealing with encrypted data.
The bill also makes it a crime to use encryption to obstruct justice.
Implementing these provisions will require intensive oversight and public

Overall, the E-PRIVACY Act presents a strong pro-privacy approach to the
encryption issue, in marked contrast to the export controls and mandatory
backdoors embraced by the Clinton Administration. The bill makes more
encryption, more accessible, to many more people. It also creates new
privacy protections for data stored on networks - protections that will
become increasingly important as more people go online.

Major provisions of the new bill would:

*** Prevent the federal government from requiring back door access to
encrypted  communications and files:
     The bill reaffirms the right to use strong encryption domestically
without the 'key recovery' back doors supported by the Administration.  It
also prohibits the federal government from creating regulations or
standards designed to coerce public use of key recovery. To further limit
the government's ability to force people to use key recovery, the bill
requires that government key recovery systems be interoperable with
non-key-recovery systems.

*** Ease export restrictions:
     The E-PRIVACY Act would remove most export controls on generally
available and mass market encryption software and hardware. PGP, or 128-bit
Netscape and Internet Explorer, would be readily exportable to all but a
handful of countries. Custom encryption products would be exportable to
countries where comparable products are commercially available.

*** Establish privacy protections for encryption keys entrusted to third
     Today, a decryption key entrusted to a third party receives little
protection. Such keys can be demanded by the federal government with a mere
subpoena, without the supervision of a judge or any notice to the key's
owner. The bill would give decryption keys in the hands of third parties
the same protections they would have if they were retained by the key
owners. Such keys could only be retrieved by the government with a
"probable cause" court order, or with a subpoena served on the key owner
with a meaningful opportunity for the key owner to challenge it. This
provision could prove extremely important if encryption users voluntarily
choose to use key recovery, as many are expected to do.

*** Strengthen privacy protections for data stored in networks:
     In the future world of networked computing people will increasingly
store sensitive data outside of their homes. Under current law, data stored
on computer networks outside of a person's possession may receive limited
privacy protections.  This data may be accessible to government officials
without the owner's knowledge and without supervision by the courts. The
E-PRIVACY Act would create new standards protecting networked data as if it
were stored in an individual's possession.  The act would require a court
order based upon probable cause, or a subpoena that the information's owner
has a meaningful opportunity to challenge.

*** Strengthen privacy protections for cellular phone location information
and other data:
     The bill would also strengthen protections for cellular phone location
information,requiring a court order based upon probable cause before
sensitive physical location data could be turned over to the government.

The bill also gives  judges more authority in reviewing government requests
to install "trap and trace devices" and "pen registers," commonly used
surveillance devices that record revealing data about a person's telephone

The new bill also contains provisions designed to address law enforcement
concerns with encryption. An "obstruction of justice" encryption crime is
included, similar to the narrow provision found in the House SAFE bill. The
bill also establishes a new "Net Center" designed to improve federal,
state, and local resources for dealing with encryption. CDT believes that
both of these provisions are cause for concern and their implementation
will need to be closely monitored to ensure that they do not create new
burdens on the privacy of individuals using encryption.

CDT applauds Senators Ashcroft, Leahy, Burns, Boxer, and the bill's other
cosponsors for their forward-looking view of privacy and security online.
The E-PRIVACY Act represents a milestone in the hard-fought congressional
debate on encryption. While the Administration and some in the Senate have
continued to push for key recovery, the bill presents a diametrically
opposed approach, giving individuals and companies the technical tools and
legal protections needed to protect their security. On balance, the
E-PRIVACY Act would be a major step forward for individual privacy in the
Information Age.

More information about the encryption issue is available at CDT's Web site,
at http://www.cdt.org/crypto If you're interested in becoming more involved
in the encryption debate, please visit CDT's "Adopt Your Legislator"
campaign at: http://www.crypto.com



Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 13,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to


in the BODY of the message (leave the SUBJECT LINE BLANK), type

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the above

    unsubscribe policy-posts



The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications

Contacting us:

General information:  info@cdt.org
World Wide Web:       http://www.cdt.org/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

End Policy Post 4.11                                              5/12