31 March 1998
Thanks to Alan Davidson, Center for Democracy
and Technology
To: Interested Parties
From: CDT
Re: Preliminary Analysis of Revised
McCain-Kerrey Bill (S.909)
Senators McCain and Kerrey are circulating a revised version of their encryption
bill, S.909. The new draft includes several changes in response to industry
and privacy concerns: It heightens the legal standards for access to escrowed
keys; it removes the linkage between key recovery and the regulation of
certificate authorities; and it refines export control requirements.
Despite these changes, CDT remains opposed to S.909 for one fundamental reason:
The revised draft still seeks, through a series of incentives (export controls,
government procurement, and liability safe harbors), to require encryption
users to surrender control over their keys on the government's terms. We
also oppose the revised bill because its privacy standards fall short; it
criminalizes a wide range of uses of encryption; and it effectively retains
current export controls on encryption. CDT believes S.909 is at best a
codification of a bad status-quo. Overall, the new bill still threatens
electronic privacy and security through the coercion of the marketplace towards
adoption of a government key recovery standard, with all the risks that entails.
Senators McCain and Kerrey have said they are seeking a compromise on the
encryption issue. However, any legislation that includes government-dictated
standards for key recovery is not a compromise. It entails too many risks
and is fundamentally inconsistent with the user-controlled nature of the
new electronic technologies. It requires people to do something they would
never do otherwise do: place their keys in the hands of someone they don't
control.
Overview of S.909 -- S.909 is a comprehensive bill regulating
the use and export of encryption. The original bill included export controls,
procurement requirements, new criminal penalties, and a complex federal licensing
system for certificate authorities (CA's) and key recovery agents. It was
widely criticized for: linking key recovery to CA's; using export, procurement,
and liability relief to force the use of key recovery; allowing access to
keys with a subpoena; codifying a weak 56-bit limit on exports; and creating
sweeping new federal criminal penalties. For a detailed review of the provisions
of S.909, see CDT's analysis available at
http://www.cdt.org/crypto.
Problems with the revised S.909 -- CDT continues to oppose
S.909 as a bill intended to make government-designed key recovery all
but mandatory through coercion of the marketplace. Government-mandated
key recovery is fundamentally different from the type of key recovery that
the marketplace is now developing in response to user needs. Under the revised
bill, "qualified key recovery systems" will still be defined by the Commerce
Secretary. They will likely require that key recovery occur "without the
knowledge or cooperation of the key owner" and they will likely extend to
communications, key points that are in current regulations. These features
directly threaten privacy and security online and are not acceptable to the
marketplace.
Changes to S.909 -- The revised S.909 contains a number
of significant changes, most of which are direct responses to criticisms
raised by privacy advocates and industry groups. Major changes include --
-
Removal of the linkage between certificate authority and key recovery
agents -- Sec. 405 of the original bill would have required users of
federally licensed certificate authorities to also use key recovery. In the
revised bill, this linkage has been completely deleted. However, the complex
federal registering structure for CA's and key recovery agents is retained,
along with the powerful safe harbor provisions designed to force companies
to submit to licensing.
-
Heightened standards for access to keys -- The original S.909 allowed
government to obtain key information on a mere subpoena. The revised bill
requires a "court order" based "upon a finding that the recovery information
is relevant to an ongoing law enforcement or counterintelligence investigation."
Sec. 106(4). CDT believes this standard is still too low for sensitive key
information. In the emerging world of digital commerce and personal
communication, decryption keys will be among the most sensitive information
in an individual's life. Criminal inquiry can be very broad; counterintelligence
investigations are even broader. It is not sufficient for the government
to merely show that a decryption key is "relevant" to an investigation.
-
Export controls -- Allows export of key recovery products that allow
government access to plaintext "without the knowledge or cooperation of the
person using the product." Retains the 56-bit limit on non-recovery products,
with the limit to be raised based upon findings of an Encryption Export Advisory
Board. (This change was already adopted at the Commerce Committee mark-up
last year.) The 13-member board is appointed by the President and the Congress;
its findings can be waived by executive order. The new bill also allows the
Secretary to license products with user-controlled key recovery features.
Bottom line: It would grant the Executive discretion to continue export control
policies identical to those in place today.
-
Procurement -- Attempts to narrow key recovery requirement to federal
systems and those federally-funded networks "for the transaction of business
with the federal government." Intended to carve out Internet 2 and universities
(according to staff).
Other changes include narrower access to key information at the request of
foreign governments (only plaintext, not keys, can be released), and narrowed
Presidential waiver authority (does not apply to Title I privacy protections.)
Specific reasons why we oppose the revised bill
--
-
Push to key recovery -- The revised bill still uses a series of
incentives to require or encourage encryption users to surrender their keys
in accord with government standards:
-
Procurement -- In an effort to influence the non-government marketplace,
the bill still requires federal computer systems -- as well as many
federally-funded systems -- to adopt key recovery designed not for security
but for ready investigative access. This places government systems at risk
because key recovery is not appropriate for all applications, even in
government.
-
Safe harbors -- Very broad protection from immunity will make it unlikely
that any entity would want to become a key recovery agent without meeting
government key recovery requirements. Such large giveaways to recovery agents
also raise serious consumer issues.
-
Export relief linked to key recovery -- Producers of encryption can
obtain export relief if they install key recovery features meeting government
standards.
-
Privacy standards -- Though better than a subpoena, the court order
standard based upon mere "relevance" is still not sufficient for sensitive
keys. The bill also includes no minimization requirements for recovery
information in domestic investigations.
-
Export controls -- The current 56-bit limit and key recovery exemptions
are retained. In addition to codifying a bad standard, this bill would be
a major setback for ongoing litigation aimed at challenging encryption
controls.
-
Broad criminal penalties -- The new bill retains S. 909's 15 federal
crimes pertaining to encryption, including the sweeping "unlawful use of
encryption" crime penalizing "whoever knowingly encrypts data or communications
in furtherance of the commission of a criminal offense." This new crime threatens
to chill the routine use of encryption due to the risk of severe penalties.
It applies to state crimes as well, effectively federalizing a vast number
of investigations.
-
CA regulation -- There is no consensus today on the proper shape of
federal CA regulation; this effort appears both premature and profoundly
anti-market.
-
Broad waiver authority -- President can waive any provision of the
bill (except Title I) "in the interests of national security, or domestic
safety and security." (Title IX)
Conclusion: CDT appreciates the efforts made by Senators
McCain and Kerrey to address privacy and industry concerns with S.909. However,
the bill still attempts to impose the government's vision of key recovery
-- an international, ubiquitous system that allows access to keys without
the knowledge or consent of the key owner -- on an unwilling marketplace.
Insufficient access standards, limited export relief, and sweeping new criminal
penalties would chill the use of encryption and threaten information privacy.
For these reasons CDT believes that the revised bill, if passed, would be
a serious blow to electronic privacy and security.