12 September 1997
Source: Mail list cypherpunks@toad.com
To: cypherpunks@toad.com Date: Thu, 11 Sep 1997 23:38:07 -0700 (PDT) From: Declan McCullagh <declan@well.com> Subject: House panel votes behind closed doors to build in Big Brother ---------- Forwarded message ---------- Date: Thu, 11 Sep 1997 23:37:39 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: fight-censorship-announce@vorlon.mit.edu Subject: House panel votes behind closed doors to build in Big Brother Software that protects your privacy is a controlled substance that may no longer be sold, a Congressional committee decided today. Meeting behind closed doors this morning, the House Intelligence committee voted to replace a generally pro-encryption bill with an entirely rewritten draft that builds in Big Brother into all future encryption products. (The Senate appears to be moving in a similar direction.) The new SAFE bill -- titled in a wonderfully Orwellian manner the "Security and Freedom through Encryption" act even though it provides neither -- includes these provisions: SELLING CRYPTO: Selling unapproved encryption products (that do not include "immediate access to plaintext") becomes a federal crime, immediately after this bill becomes law. Five years in jail plus fines. Distributing, importing, or manufacturing such products after January 31, 2000 is another crime. NETWORK PROVIDERS: Anyone offering scrambled "network service" including encrypted web servers or even "ssh" would be required to build in a backdoor for the government by January 31, 2000. This backdoor must provide for "immediate decryption or access to plaintext of the data." TECHNICAL STANDARDS: The Attorney General will publish technical requirements for such backdoors in network service and encryption products, within five months after the president signs this bill. LEGAL TO USE CRYPTO: "After January 31, 2000, it shall not be unlawful to use any encryption product purchased or in use prior to such date." GOVERNMENT POWERS: If prosecutors think you may be selling, importing, or distributing non-backdoor'd crypto or are "about" to do so, they can sue. "Upon the filing of the complaint seeking injunctive relief by the Attorney General, the court shall automatically issue a temporary restraining order against the party being sued." Also, there are provisions for holding secret hearings, and "public disclosure of the proceedings shall be treated as contempt of court." You can request an advisory opinion from the government to see if the program you're about to publish violates the law. ACCESS TO PLAINTEXT: Courts can issue orders, ex parte, granting police access to your encrypted data. But all the government has to do to get one is to provide "a factual basis establishing the relevance of the plaintext" to an investigation. They don't have to demonstrate probable cause, which is currently required for a search warrant. More interestingly, this explicitly gives the FISA court jurisdiction (yes, the secret court that has never denied a request for a wiretap). If they decode your messages, they'll tell you within 90 days. GOVERNMENT PURCHASING: Federal government computer purchases must use a key escrow "immediate decryption" backdoor after 1998. Same with networks "purchased directly with Federal funds to provide the security service of data confidentially." Such products can be labeled "authorized for sale to U.S. government" ENCRYPTION EXPORTS: The Defense & Commerce departments will control exports of crypto. Software "without regard to strength" can be exported if it includes a key escrow backdoor and is first submitted to the government. Export decisions aren't subject to judicial review, and the "president may by executive order waive any provision of this act" if he thinks it's a threat to national security. Within 15 days, he must send a classified briefing to Congress. ADVISORY PANEL: Creates the Encryption Industry and Information Security Board, with seven members from Justice, State, FBI, CIA, White House, and six from the industry. INTERNATIONAL: The president can negotiate international agreements and perhaps punish noncompliant governments. Can you say "trade sancation?" (Other provisions barring the use of crypto in a crime and some forms of cryptanalysis are also in the bill.) Next the Commerce Committee will vote on SAFE, and a former FBI agent-turned-Congressman is vowing to ensure that similar language to this is included. (The committees are voting on the bill in parallel, and a four-person team of Congressmen is working to forge a compromise before Commerce votes.) Then the heads of the five committees that have rewritten the legislation will sit down and work out another compromise. If it's acceptable to the House Rules committee -- and if the FBI/NSA get what they want it will be -- the bill can move to the floor for a vote. That's why the encryption outlook in Congress is abysmal. Crypto-advocates have lost, and lost miserably. A month ago, the debate was about export controls. Now the battle is over how strict the //domestic// controls will be. It's sad, really, that so many millions of lobbyist-dollars were not only wasted, but used to advance legislation that has been morphed into a truly awful proposal. I wrote more about this at: http://cgi.pathfinder.com/netly/opinion/0,1042,1385,00.html -Declan