13 May 1998


From: Greg Garcia <greg.garcia@computerprivacy.org>
To: "'jya@pipeline.com'" <jya@pipeline.com>
Subject: FW: Encryption Bill Introduced Today
Date: Wed, 13 May 1998 11:00:19 -0500

Attached is the Ashcroft-Leahy press release and bill summary for you to
post on Cryptome if you wish.


 Subject: 	Encryption Bill Introduced Today
 
 Senators cosponsoring the following legislation include:  Ashcroft,
 Leahy,  Burns, Craig, Boxer, Faircloth, Wyden, Kempthorne, Murray. 
 
 Ashcroft-Leahy Bill Protects Privacy of Computer Messages
 
 WASHINGTON -- U.S. Senators John Ashcroft (R-MO) and Patrick Leahy
 (D-VT) today  introduced legislation, the E-PRIVACY Act, which protects 
 Americans' private  computer communications and allows U.S. companies to 
 export stronger encryption  programs.
 
 "Fundamentally, the debate over computer privacy is about the
 relationship of U.S. citizens to our government.  There's been a push for
 legislation  which  would require individuals to hand over the 'keys' to 
 their private computer files.  Innocent citizens are expected to trust the 
 bureaucracy not to abuse their personal information, in spite of actions 
 to the contrary by agencies such as the IRS and the FBI," Ashcroft said.  
 "The E-PRIVACY Act addresses these concerns by balancing privacy rights 
 with legitimate concerns of law enforcement." 
 
 The E-PRIVACY (Encryption Protects the Rights of Individuals from
 Violation and Abuse in CYberspace) Act prohibits the government from 
 establishing a mandatory key escrow system where decryption codes are 
 required to be deposited with a federal agency or third party.  Under 
 this bill, authorities must have a court order or subpoena to obtain 
 decryption keys.
 
 The Ashcroft-Leahy measure also clears the way for Americans to use
 and sell encryption products of any strength.  However, general export 
 laws will continue  to apply, including embargoes to terrorist countries. 
 
 "Privacy is critical not just for personal information, but for
 financial and  business information as well.  Our bill seeks to create an
 environment where electronic commerce is secure and where America's 
 technology sector continues to flourish in the global marketplace. Simply 
 put, strong encryption means a strong economy," Ashcroft said.
 
 Americans for Computer Privacy (ACP), a broad-based coalition of
 businesses and organizations dedicated to protecting the privacy of all 
 Americans' electronic communications, today announced its support for the
 Ashcroft-Leahy bill.
     
 As Chairman of the Senate Constitution Subcommittee, Ashcroft held a
 hearing in March to examine the constitutionality of placing restrictions on
 encryption, as the McCain-Kerrey bill (S. 909) would do.  The hearing focused 
 on the government's desire for access to computer codes that protect e-mail
 and other electronic communications, and Washington's effort to impose limits
 on the strength of computer software that secures data transmissions. 
 
 SUMMARY OF THE ASHCROFT-LEAHY E-PRIVACY ACT

 ("Encryption Protects the Rights of Individuals from Violation and Abuse in
 Cyberspace")
 
 Protects Privacy of Communications and Electronic Information
 
 Affirms the rights of Americans to use and sell whatever encryption
 products they want at whatever strength they desire;
 Prohibits government-compelled key escrow or key recovery
 encryption; Prohibits indirect controls or ties to encryption used for
 authentication or integrity purposes;

 Requires a Title III court order to obtain decryption keys held by a
 third party that will be used to decrypt communications (i.e., same as is
 required to wiretap communications today);

 Extends to remotely-stored electronic information the same
 protections as exist under existing law (e.g., ECPA) for information 
 stored in your home, thereby requiring a court order or subpoena to obtain 
 either the plaintext or a decryption key/assistance from third party.

 Requires a judge to affirmatively decide to give the government
 access to location information generated by mobile electronic services.
 
 Assists Law Enforcement to Obtain Information Consistent with
 Constitutional Protections
 
 Makes the intentional use of encryption to conceal incriminating
 communications or information a crime; 

 Clarifies that existing wiretap authority can be used to obtain
 communications decryption keys/assistance from third parties;

 Provides that decryption keys/assistance for remotely-stored
 electronic information can be obtained from third parties with a court 
 order or subpoena with notice;

 Requires the release upon judicial order of a decryption
 key/assistance to the Attorney General so that plaintext of encrypted 
 communications or stored electronic information (but not the key) may 
 be furnished to a foreign government under certain conditions; and

 Creates a National Electronic Technology Center ("NET Center") to
 serve as a focal point for information and assistance to federal, state, 
 and local law enforcement authorities to address the technical 
 difficulties of obtaining plaintext of communications and electronic 
 information because of encryption, steganography, compression, 
 multiplexing, and other techniques.
 
 Modernizes Export Controls on Commercial Encryption Products
 
 The E-Privacy Act does not allow for unrestricted export of any
 encryption product; exports to certain unfriendly nations (such as 
 North Korea, Iraq, or Libya) are absolutely prohibited;

 Permits exportability under a license exception for mass market
 products which, by their nature, are uncontrollable given the volume 
 sold and ease of distribution;

 Permits exportability under a license exception for products which
 do not themselves provide encryption, but are capable of working with
 encryption products;

 Permits exportability under a license exception for product support
 and consulting services;

 Permits exportability under a license exception for custom hardware
 and software (i.e., not mass market) when comparable foreign products are
 available-establishes a joint government-industry board to determine
 whether encryption products utilizing the same or greater key length or
 otherwise providing comparable security are, or will be, within the next 18
 months  commercially available outside the U.S. from a foreign supplier;

 Affirms that there will be no export controls on encryption products
 used for non-confidentiality purposes, such as authentication, integrity,
 digital  signatures, non-repudiation, and copy protection;

 Assures that before export, all products undergo a one-time
 technical review to check that the encryption product works as represented; and

 Affirms the continued applicability of general export controls-the
 government will continue to be able to limit exports to terrorist countries, as
 part of a general embargo, and with respect to particular encryption products
 that would be exported to an individual or organization in a specific foreign
 country.
 
 -end-
 
 Contact: Steve Hilton (417) 881-7068 or Greg Harris  (202) 224-4589