28 June 1999. Thanks to LS and Anonymous.
Source:
http://sion.quickie.net/en60399.pdf
(17 pages in hardcopy)
Also available at: http://www.fbi.gov/library/encrypt/en60399.pdf
Compare to version of March 26, 1999: http://cryptome.org/en32699.pdf
[FBI Seal]
June 3, 1999
Laboratory Division
Engineering Research Facility
Quantico, Virginia
For Policy Information: Digital Telephony & Encryption Policy Unit Office of Public & Congressional Affairs Section 935 Pennsylvania Avenue, N.W. Washington, D.C. 20535 (202) 324-5355 |
For Technical Information: Cryptographic & Electronic Analysis Unit Electronic Surveillance Technology Engineering Research Facility Quantico, VA 22135 (703) 632-6200 |
EXECUTIVE SUMMARY Encryption is extremely beneficial when used legitimately to protect commercially sensitive information and communications. The law enforcement community, both domestically and abroad, is extremely concerned about the serious threat posed by the proliferation and use of robust encryption products that do not allow for the immediate, lawful access to the plaintext of encrypted, criminally-related communications and electronically stored data in accordance with strict legal requirements and procedures. The potential use of such commercially-available encryption products by a vast array of criminals and terrorists to conceal their criminal communications and information poses an extremely serious threat to public safety and national security. Law enforcement fully supports a balanced encryption policy that satisfies both the commercial needs of industry for robust encryption while at the same time satisfying law enforcement's public safety and national security needs. Robust, commercially- available encryption products, which include some type of recoverable capability that allows for immediate, lawful access to plaintext is clearly the best method to achieve the goals of both industry and law enforcement. Since April of 1993, the Clinton Administration has expressed support for the adoption of a balanced encryption policy. In lieu of legislation, the Clinton Administration continues to favor a voluntary approach to address law enforcement's public safety concerns regarding encryption for domestic use. The Administration has been attempting to work with industry, through "good faith dialogue," and by allowing "market forces," influence and inducements (mainly changes to existing export regulations) to bring about the development, sale and use of recoverable encryption products within the U.S. During the 105th Congress, several encryption-related bills were introduced; however, none were enacted. The main focus of these bills was the relaxation of existing export controls on encryption, regardless of the impact on national security and foreign policy. During the 106th Congress, three encryption-related bills have been introduced. Like last Congress' encryption related bills, the main focus of these bills is to either relax existing export controls on encryption products and/or prevent the government (federal or state) from imposing domestic requirements on encryption products to ensure that such domestic encryption products include some type of plaintext access for law enforcement should these products be used in the furtherance of serious criminal activity. These bills included: H.R.850, S.798, and S.854. THE PROLIFERATION OF SECURE OR ENCRYPTED COMMUNICATIONS AND ELECTRONICALLY STORED INFORMATION WILL MAKE IT INCREASINGLY DIFFICULT FOR LAW ENFORCEMENT TO OBTAIN AND DECIPHER THE ENCRYPTED CONTENT OF LAWFULLY INTERCEPTED COMMUNICATIONS AND LAWFULLY OBTAINED ELECTRONICALLY STORED INFORMATION THAT IS NECESSARY TO PROVIDE FOR EFFECTIVE LAW ENFORCEMENT, PUBLIC SAFETY, AND NATIONAL SECURITY. WHAT IS ENCRYPTION? Encryption is the method of hiding the content of a message. In broad terms, any system or technique that renders a message unintelligible by anyone other than the intended recipient of the message is utilizing encryption. A message which has not been encrypted is often referred to as "plaintext". After a message has been encrypted, it is referred to as "ciphertext". Whereas encryption is used to secure a message, decryption is the method for converting ciphertext back to its original plaintext. Many encryption systems use a mathematical function, known as a cryptographic algorithm, to encrypt and decrypt messages. Just as a lock box requires a key to lock or unlock it, a cryptographic algorithm requires a key to encrypt and decrypt a message.
USES AND BENEFITS OF ENCRYPTION Governments have always been very concerned with the secrecy of information related to military, economic and foreign policy issues. For many years, military and government missions drove the development and use of applications for encryption. Protecting one's intentions from an opposing party is critical and for that reason information security is very important. Although encryption software and hardware devices have been commercially available for years, their cost, degradation of voice quality, and user "friendliness" have, in the past made these devices unattractive to the general public. The introduction of digitally-based technologies as well as the widespread use of computers and computer networks which may incorporate privacy features/capabilities through the use of encryption are facilitating the development, production, and use of affordable and robust commercially-available encryption products and services for use by the general public. These encryption systems provide robust security for conventional and cellular telephone conversations, facsimile transmissions, local and wide area networks, communications transmitted over the Internet (E-mail, etc.), personal computers, wireless communications systems, electronically stored information, remote keyless entry systems, advanced messaging systems, and radio frequency communications systems.
Various applications will use encryption to provide privacy, information integrity, authentication and non-repudiation. Privacy, or confidentiality, is probably the best known application of encryption. Unauthorized individuals are prevented from listening in or viewing electronic information. Information integrity protects against unauthorized changes to information after it is sent. This is important for the validation of legal electronic documents. Authentication techniques verify the identity of a sender of a message. This provides assurance that the claimed sender (e.g., return address on a letter envelope) of information is the actual sender and vice versa for destination authentication. Non-repudiation ensures that a sender is not able to deny that he or she sent a particular message. This verification is important when auditing or when litigation is being considered.
ADVERSE IMPACTS OF ENCRYPTION The ability of encryption to ensure the confidentiality and the content of important messages, files or communications of corporations and private citizens can also prevent those same entities from gaining plaintext access to that critical information should the keys needed for decryption become lost or corrupted. Unless there is an alternative plaintext access method, such as a recovery feature incorporated in the encryption product to allow such plaintext access, this important information could be lost forever. The use of encryption can effectively prevent plaintext access not only to law enforcement acting under proper legal authority, but also to corporations in situations where an employee could potentially use encryption to commit illegal acts, including acts against the corporation. A report from Congress's Office of Technology Assessment entitled, "Information Security and Privacy in Network Environments," cited the following: "There is also growing recognition of the potential misuses of encryption, such as by disgruntled employees as a means to sabotage an employer's database." Encryption can also be used to conceal criminal activity and thwart law enforcement efforts to collect critical evidence needed to prevent, solve and prosecute serious and often violent criminal activities, including illegal drug trafficking, organized crime, child pornography and terrorism. In these instances, the use of encryption to secure the content or confidentiality of information poses substantial threats to law enforcement's abilities to: 1) interpret and analyze stored electronic records and files which have been obtained through court-order or other lawful procedures; and 2) perform court- ordered electronic surveillance. Encrypted information obtained through the use of lawfully intercepted communications and/or lawfully accessed electronic records or files will be useless in solving crimes and preventing criminal activity unless law enforcement, pursuant to a court order, has immediate access to the plaintext of such encrypted, criminally-related communications and electronically stored data. In addition to the following notable cases which have been previously highlighted: 1)the Aldrich Ames spy case where Ames was told by his Soviet handlers to encrypt computer file information to be passed to them; 2)the Ramzi Yousef (mastermind of the World Trade Center)/Manilla [sic] Air terrorist case where Yousef and other international terrorists were plotting to blow up 11 U.S. owned airliners in the Far East in which data regarding this terrorist plan was found in encrypted computer files discovered in Manilla after Yousef's arrest; and 3)a child pornography case where the subject used commercially-available encryption to encrypt pornographic images of children that were transmitted to other subjects of the investigation, [L]aw enforcement continues to experience an increase in the number of encounters with, and the subsequent damaging and detrimental effects of, the use of commercially-available encryption by criminals, terrorists and in hostile intelligence activities throughout the United States and across international borders. In particular, the FBI is currently experiencing the greatest impact from encryption in Foreign Counter-Intelligence (FCI), Violent Crime (which includes sexual exploitation of children and child pornography cases), and White Collar Crime/Computer Crimes and Threat Assessments investigations. However, the use of encryption in Organized Crime, Drug, as well as Domestic and International Terrorism investigations have also been encountered. In fact, at least 50 percent of the FBI's 56 field offices have recently encountered encryption in cases involving one or more of the aforementioned investigative program areas. Given the ongoing nature of many of these cases, it is extremely difficult to publicly discuss, with any degree of specificity, the details of these specific case examples, which would further illustrate the adverse impact that the use of encryption is having on law enforcement's ability to effectively conduct investigations and carry out its public safety mission, because such public disclouser could compromise many of these ongoing investigations. The following represents some of the general information which can be publicly discussed concerning ongoing FBI investigations that have been adversly impacted by the use of encryption: 1) At least eight major FBI field offices have identified the use of encryption by the subjects of foreign counter- intelligence and international terrorism investigations in a deliberate attempt by these subjects to protect their suspected criminally-related communications and prevent detection by law enforcement of their suspected criminal activities; 2) In addition to the previously stated example of a child pornography case where pornographic images of children were encrypted and transmitted between subjects, there continues to be evidence of the increased use of encryption by a number of subjects involved in the sexual exploitation of children and child pornography who are utilizing various commercially available encryption products to protect suspected criminally-related information and communications as well as to protect their illegal pornographic images of children from discovery and detection; and 3) There are also numerous ongoing FBI investigations involving illegal hacker intrusions into several university and government computer systems as well as software piracy in which the subjects of these investigations have encrypted potentially incriminating information which, if decrypted, could indicate the level of their involvement in these illegal activities as well as disclose the specific information stolen from these various computer systems. The FBI Laboratory Division's Computer Analysis and Response Team (CART) is responsible for providing assistance in law enforcement investigations where computer generated and/or electronically stored information has been obtained pursuant to court authorized search and seizure. The CART has seen the number of cases utilizing encryption and/or password protection increase from two (2) percent to approximately twenty (20) percent over the past four years, to include the use of 56-bit Data Encryption Standard and 128-bit Pretty Good Privacy encryption. These totals are expected to increase significantly with the introduction of Microsoft's newest operating system, Windows 2000. This new operating system will allow users to employ an Encrypted File System (EFS) which will provide the individual computer users with easy to use "point and click" encryption thereby enabling the user, including criminals and terrorists, to easily encrypt all of the files stored on their computer. It is important to understand that this is not an issue unique only to U.S. law enforcement. Included in a recently released paper by the British Government entitled "Encryption and Law Enforcement", several case examples were sited where encryption had been used in furtherance of serious criminal activity in the United Kingdom. The paper noted that the "development of encryption technology gives rise to a number of challenges to law enforcement, security and intelligence agencies. In particular, its widespread use will have an effect on the ability of these agencies to make use of lawfully intercepted communications and retrieved data for law enforcement purposes." Additionally, the paper emphasized the important role the use of lawful communication interceptions play in protecting society from crime and terrorism and concludes "that the development of electronic communications, which promises many benefits to businesses and individuals, should not also give assistance to those who are engaged in serious crime." The case examples set forth in the paper include the following: 1) a 1995 child pornography investigation involving two suspected paedophiles who used the Internet to distribute pornographic images of children that was severely hampered by the use of encryption by the primary suspect of the investigation; 2) a 1996 investigation of a Northern Irish terrorist group in which a computer was seized containing encrypted files concerning potential terrorist targets, including police officers and politicians; and 3) a 1998 attempted murder and sexual assault investigation that was impeded by the discovery of relevant encrypted files on a suspect's computer. THE CONCEPT OF RECOVERABLE ENCRYPTION Technical solutions that provide robust encryption, combined with some type of recoverable feature which allows for the immediate, lawful access to plaintext of encrypted, criminally- related communications and electronically stored data, is clearly the best way to achieve the goals of both industry and law enforcement. Law enforcement's needs in dealing with its responsibility for protecting public safety and national security are best met by ensuring that commercially-available encryption products manufactured or imported into the U.S. include some type of capability that allows for the immediate access to the plaintext of encrypted, criminal-related data (both transmitted and stored), pursuant to lawful authority (court order). The concept of recoverable encryption: Provides a means for corporations to address the misuse of encryption by disgruntled employees; Ensures the integrity of the investigation through the obtainment of the recovery information or plaintext from a trusted third party (this would also provide the assurance to commercial and individual users of encryption that their encrypted communications and electronically stored information are secure against unauthorized disclosure and illegal "hacker-type" attacks); Allows for an overt process for legally obtaining recovery information or plaintext that is subject to public scrutiny and accountability; Provides confidentiality of law enforcement's request for recovery information or plaintext access; Provides an immediate decryption capability which is available to law enforcement upon presentation of proper legal authority (to include the state and local levels) of encrypted, criminally-related communications or electronically stored information. Law enforcement's public safety needs can either be achieved through a voluntary approach, should their be a willingness on the part of industry as a whole (inclusive of all domestic manufacturers and all importers of foreign made products into the U.S.) to effectively address law enforcement's needs voluntarily; or through a legislative approach, should there be the will on the part of public policy makers to address the issue legislatively; or through a combination of both. Failure to effectively address law enforcement's needs regarding domestic encryption products will ultimately have a devastatingly adverse impact on the safety and security of the American public. CLINTON ADMINISTRATION'S POSITION ON ENCRYPTION Since April of 1993, the Clinton Administration has expressed support for the adoption of a balanced encryption policy that meets the commercial needs of industry for robust encryption while at the same time meeting the public safety needs of law enforcement. Administration representatives have been attempting to working with representatives of industry to encourage the voluntary development, sale, and use of recoverable encryption products within the U.S. The Clinton Administration has steadfastly opposed any legislative effort to impose domestic controls on encryption, favoring a voluntary approach to address law enforcement's public safety needs through the use of "good faith dialogue," "market-forces," influence and inducements (mainly regulatory change to exiting export controls on encryption products). Law enforcement remains optimistic that such a voluntary approach will be successful in addressing its public safety needs; however, this approach's ultimate success remains uncertain at this time. On March 4, 1998, the Vice President announced a new Administration initiative to try and bring about the voluntary development of technical solutions that address law enforcement's public safety needs by calling for "good faith dialogue" between industry and law enforcement rather than seeking to legislate domestic controls at that time. Such "good faith dialogue" efforts remain ongoing. Additionally and of significance to law enforcement, on September 16, 1998, the Clinton Administration formally express support for the creation of a centralized law enforcement resource within the FBI to provide law enforcement with urgently needed technical capablities to fulfill its investigative responsibilities in light of the ever increasing proliferation and use of strong, commercially-available encryption products within the U.S. Conversely, the Clinton Administration has steadfastly opposed any legislative effort to relax existing export controls on encryption. Such encryption export controls have existed for years to protect national security and foreign policy interest. ENCRYPTION LEGISLATION ENCRYPTION-RELATED BILLS INTRODUCED DURING THE 106TH CONGRESS: H.R.850, the "Security and Freedom Through Encryption (SAFE )Act," introduced by Congressman Goodlatte (R-6th-VA) on February 25, 1999. S.798, the "Promote Reliable On-Line Transactions to Encourage Commerce and Trade (PROTECT) Act of 1999," introduced by Senator McCain (R-AZ) on April 14, 1999. S.854, the "Electronic Rights (E-Rights) for the 21st Century Act" introduced by Senator Leahy (D-VT) on April 21, 1999. H.R.850 H.R.850 is almost identical to the bill Congressman Goodlatte introduced during the 105th Congress(H.R.695). H.R.850 would largely remove existing export controls on hardware and software encryption products of comparable strength to those that are commercially available from a foreign supplier, regardless of the adverse impact to national security. The bill would also place a prohibition on mandatory key recovery encryption by the government and includes a provision making it a crime to use encryption in furtherance of a criminal act. At the time of the bill's introduction, it enjoyed over 200 bi-partisan co-sponsors. Since that time, the number of co-sponsors has grown to over 250. The following is an overview of the bill's progress thus far during the 106th Congress: On March 4, 1999, the House Judiciary Committee's Subcommittee on Courts and Intellectual Property held a hearing concerning the bill with witnesses from NSA, the Justice Department and the Commerce Department testifying in opposition to the bill. On March 11, 1999, despite the aforementioned testimony, the Subcommittee held a mark-up concerning the bill and favorably reported the bill out of Subcommittee (Congressman Goodlatte is a member of that Subcommittee). On March 24, 1999, the full House Judiciary Committee held a mark-up concerning H.R.850 and, by a voice vote, favorably reported the bill out of committee without amendments. During the mark-up Congressman McCollum (R-8th-FL) expressed concerns about the bill's adverse impact on law enforcement, national security and intelligence interest, should encryption products that do not allow for immediate plaintext access proliferate within the U.S. and aboard. Congressman McCollum then offered an amendment to the bill's export provisions that would require all hardware and software encryption products for export to include features that allow for immediate plaintext access capabilities for use when there is lawful authorization to obtain such plaintext. Congressman Goodlatte immediately raised a point of order objection, asserting that the amendment was not germane and, without debate, Chairman Hyde ruled that Congressman McCollum's amendment did not fall under the jurisdiction of the Judiciary Committee. The bill has been referred to the House International Relations, Armed Services, Intelligence and Commerce Committees for consideration. The House International Relations and Commerce Committees held hearings on the bill in May, with the House Intelligence Committee planning to hold several hearings on the bill in June. S.798 S.798, introduced by Senator McCain who is the Chairman of the Senate Commerce Committee, is somewhat of a pro-industry bill even though the bill's expressed purpose is "to promote electronic commerce by encouraging and facilitating the use of encryption in interstate commerce consistent with the protections of national security and other purposes." The bill seeks to address both domestic and export related issues regarding encryption and would basically set in law many of the Clinton Administration's official positions on encryption [market driven/voluntary approach regarding domestic encryption, opposition to mandatory domestic controls (plaintext access requirement), and the appropriate relaxation of export controls on encryption for certain sectors and "responsible" governments while maintaining national security interests. [In Senator McCain's bill, the responsible governments include NATO, Association of Southeast Asian Nations (ASEAN)& Organization for Economic Cooperation and Development (OECD)]. The bill would also create an "Encryption Export Advisory Board" to make recommendations to the Secretary of Commerce regarding those encryption products that are generally available, publicly available or are comparable or will be comparable within 12 months from a foreign supplier thus making these encryption products eligible for export from the United States. In an attempt to address NSA's national security concerns with regard to the export relaxation of such "publicly available" foreign encryption products, the bill includes a provision that would allow the President to override any decision by the Advisory Board for purposes of national security and maintains current Presidential Authorities to prohibit the export of encryption to countries that support acts of terrorism or who pose a threat to United States national security. From strictly a law enforcement prospective, the only provision of Senator McCain's bill that is not in sync with the Administration's current voluntary efforts in support of law enforcement is Title II of the bill, entitled "Government Procurement". This provision requires the federal government to purchase only encryption products that are interoperable with any and all types of encryption products (recoverable and non- recoverable) thus eliminating one of law enforcement's potentially most effective influencers in the market-place in our effort to encourage industry to manufacture and sale encryption products that meet law enforcement's plaintext access needs. Additionally, Title I of the bill, entitled "Domestic Encryption Provisions", would prohibit the federal government or any state government from requiring or mandating key escrow, key recovery or plaintext access capabilities be included in domestic encryption products. The following is an overview of the bill's progress thus far during the 106th Congress: Introduced on April 14, 1999, and referred to the Senate Commerce Committee for consideration. S.854 S.854 was introduced by Senator Leahy, who is the Ranking Minority Member of the Senate Judiciary Committee. The bill's expressed purpose is "to protect the privacy and constitutional rights of Americans, to establish standards and procedures regarding law enforcement access to location information, decryption assistance for encrypted communication and stored electronic information, and other private information, to affirm the rights of Americans to use and sell encryption as a tool for protecting their online privacy and for other purposes." The bill is generally not in the best interest of law enforcement. Like the Goodlatte and McCain bills, S.854 would also prohibit the federal government or any state government from requiring or mandating that key escrow, key recovery or plaintext access capabilities be included in domestic encryption products. The bill also seeks to significantly raise the current legal standard needed to obtain a court order to acquire electronically stored information held by a third party, decryption information held by a third party, and the location information of a wireless telecommunication instrument within a carrier's system to a probable cause standard; repeal last Congress' changes to the roving wiretap statute; institute minimization requirements on pen register intercepts with regard to "post cut through digits"; and institute reporting requirements on the Department of Justice with regards to Section 2703 court orders for the obtainment of electronically stored information. The following is an overview of the bill's progress thus far during the 106th Congress: Introduced on April 21, 1999 and referred to the Senate Judiciary Committee for consideration. ENCRYPTION-RELATED BILLS INTRODUCED DURING THE 105TH CONGRESS: H.R.695, the "Security and Freedom Through Encryption (SAFE) Act," introduced by Congressman Goodlatte (R-6th-VA) on February 12, 1997; S.376, the "Encryption Communications Privacy Act of 1997," introduced by Senator Leahy (D-VT) on February 27, 1997; S.377, the "Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act of 1997," introduced by Senator Burns (R-MT) on February 27, 1997; S.909, the "Secure Public Networks Act," introduced by Senators McCain (R-AZ), Kerrey (D-NE), Hollings (D-SC) on June 16, 1997. S.2067, the "Encryption Protects the Rights of Individuals from Violation and Abuse in Cyberspace (E-Privacy) Act," introduced by Senators Ashcroft (R-MO) and Leahy (D-VT) on May 12, 1998. * NONE OF THE AFOREMENTIONED ENCRYPTION BILLS WERE ENACTED DURING THE 105TH CONGRESS. Four of the aforementioned encryption-related bills [Goodlatte (H.R.695), Leahy (S.376), Burns (S.377), and Ashcroft/Leahy (S.2067)] would have largely removed existing export controls on hardware and software encryption products of comparable strength to those that were commercially available from a foreign supplier, regardless of the adverse impact to national security. All five bills would have placed a prohibition on mandatory key recovery encryption by the government and included provisions making it a crime to use encryption in furtherance of a criminal act. The McCain/Kerrey, Leahy, and Ashcroft/Leahy bills would have allowed for the voluntary use of key recovery encryption and would have established in law requirements for the release of decryption keys to law enforcement (Leahy and Ashcroft/Leahy bills by court order, McCain/Kerrey bill by subpoena). The following is an overview of each to the aforementioned bills' progress during the 105th Congress: H.R.695 Reported favorably out of the House Judiciary Committee on May 14, 1997 with three amendments. (Congressman McCollum's amendment--members of the Intelligence Community could obtain key recovery information if escrowed, Congressman Asa Hutchinson's amendment--AG is to maintain records regarding the number of cases where encryption prevented law enforcement from enforcing the law, and Congressman Delahunt's amendment--would make it a felony to encrypt information of a criminal nature). The bill was then referred to the House International Relations Committee for consideration and appropriate action. On May 24, 1997, the House International Relations Committee's Subcommittee on International Economic Policy and Trade held a mark-up concerning the bill and favorably reported the bill out of subcommittee by a fourteen (14) to one (1) vote. On 7/22/97, the House International Relations Committee held a mark-up concerning the bill. The Committee voted to report H.R.695 out of Committee with no amendments. The bill was then referred to the House National Security Committee, the House Permanent Select Committee on Intelligence and the House Commerce Committee for appropriate action. Hearings were also held concerning H.R.695 before the House National Security Committee on July 30, 1997, before the House Commerce Committee's Subcommittee on Telecommunications, Trade and Consumer Protection on September 4, 1997 and before the House Permanent Select committee on Intelligence on September 9, 1997. The House National Security Committee held a mark-up of H.R.695 on September 9, 1997 and adopted an amendment which continues to require a "one time review" and export license for export of encryption products. This action effectively addressed the national security concerns associated with the bill. The House Permanent Select Committee on Intelligence held a mark-up of H.R.695 on September 11, 1997 and adopted an amendment by way of a substitute bill that effectively addressed all of the law enforcement and national security concerns associated with commercially-available encryption products and services manufactured for use in the U.S. as well as for export. Highlights include: requirements for immediate access to plaintext features to be included in all encryption products and services manufactured for use in the United States or imported for use in the United States by 1/31/2000; "one time review" by NSA of all encryption products for export and voluntary enabling of any decryption feature included in encryption products for export by the destination country; provide for criminal and civil penalties for unauthorized access to plaintext or decryption information; and, require the U.S. government to only purchase encryption products which include such immediate access to plaintext features. On September 24, 1997, the House Commerce Committee held a mark-up of H.R.695. Two competing amendments were offered: Congressmen Oxley and Manton offered an amendment to require all encryption products manufactured for use in the U.S. or imported into the U.S. to contain an immediate access to plaintext feature which would have effectively address law enforcement's domestic encryption needs and would be supported by law enforcement; Congressmen Markey and White offered an amendment to establish a "National Electronic Technologies Center" to foster the "exchange of information and expertise" between government and industry. However, the Markey/White amendment provided no funding for this center. It did not mandate industry participation, nor is it the goal of the "Center" to provide law enforcement with immediate decryption technical capabilities. Markey/White was supported by industry but was opposed by law enforcement. The Commerce Committee defeated the Oxley/Manton proposal and adopted the Markey/White Amendment, agreeing to favorably report H.R.695 out of committee as amended. H.R.695, as amended by the five committees, was then sent to the House Rules Committee. The Rules Committee, at the discretion of its Chairman, was to consider the different versions of the bill adopted by the five House Committees (Judiciary, International Relations, National Security, Intelligence and Commerce) to determine if a workable compromise bill could be developed and forwarded to the House floor for action. At the insistence of Chairman Solomon (R-NY-22nd), no action was taken by the Rules Committee concerning H.R. 695 as to ensure that the House did not pass an encryption bill that failed to meet all of the law enforcement and national security needs concerning encryption. S.909 Reported favorably out of the Senate Commerce Committee on June 19, 1997 with five amendments: one amendment to section 106 regarding the strength of the subpoena used to obtain recovery information; one amendment to section 201 requiring NIST to release a public reference plan regarding key recovery systems prior to the policy provisions of this section being enforced; one amendment to section 205 to clarify that this section only covers networks for the transaction of government business; and one amendment to section 1005 to define what key recovery means. Another amendment was introduced that would create an export advisory board consisting of a chairman appointed by the President, four (4) industry representatives and four (4) government representatives-one each from the CIA, NSA, FBI and Commerce. The bill was scheduled to be referred to the Senate Judiciary and Intelligence Committees for appropriate action but was never officially reported out of the Senate Commerce Committee. S.377 Introduced. Failed to be favorably reported out of the Commerce Committee by a 12 to 8 vote on June 19, 1997 as a substitute to S.909. Senators Burns, Gorton, Lott, Ashcroft**, Abraham**, Brownback, Dorgan and Wyden voted in favor of S.377; Senators McCain, Stevens, Hutchison, Snowe, Frist, Hollings, Inouye, Ford, Rockefeller, Kerry, Breaux and Bryan voted against S.377. (** denotes member of Senate Judiciary Committee) S.376 Only introduced. S.2067 Only introduced.
[End]
Transcription and HTML by JYA/Urban Deadline.