clock menu more-arrow no yes mobile

Filed under:

An Insider On Encryption Legislation

We posted a bit recently about how the Department Of Justice had a little
proposal about wiretapping PCs. We periodically post such things because
a) it's an evolving media, and b) it's in your interest to know about that kind
of thing, and c) we have, we think, an erudite audience and an occasional
digression is warranted. So anyway, we got a nice response from one of the
Dukies on the Hill, which we'll pass on to you. Well we think she's a
Dukie. She didn't say, but we're assuming she is. Obviously we
should have paid more attention to "School House Rock." We can
still remember most of it, but obviously forgot some key parts!

I'm normally a huge, daily-reading fan of your site, and since I am an
editor of legislative tracking for Congressional Quarterly, I took some
interest in your 8/22 "Our call" regarding a so-called "Cyberspace
Electronic Security Act."

Before you urge your loyal readers to pester their representatives based on
a shoddy piece of MSNBC journalism, I would like to make a few
clarifications:

There is no "Cyberspace Electronic Security Act" in the House or Senate.
The MSNBC article mentioned a draft piece of legislation from the Justice
department, but as you'll remember from "School House Rock," a bill can
only be passed by the two chambers of Congress. So until DOJ can get a
member to sponsor the bill, and it then gets a number and goes through the
true legislative process, nothing is going to happen with that "act." The
administration writes tons of draft legislation on major topics every year
-- doesn't matter. The President alone can not pass a bill.

Y'all may instead be interested in HR850, the Security and Freedom through
Encryption (SAFE) Act, HR850, roughly the opposite of the (fake) bill you
described. It made it through its committees in the House, and has been
placed on the calendar, so it is ready for debate on the House floor.

Here are the first several paragraphs of the bill summary, as written by
the Congressional Research Service:
****

Security and Freedom through Encryption (SAFE) Act - Amends the Federal
criminal code to permit any person within any State and any U.S. person in
a foreign country to use, and any person within any State to sell in
interstate commerce, any encryption, regardless of the encryption algorithm
selected, encryption key length chosen, or implementation technique or
median use.

Provides that neither the Federal Government nor a State may require that,
or condition any approval on a requirement that, a key, access to a key,
key recovery information, or any other plaintext access capability be: (1)
built into computer hardware or software for any purpose; (2) given to any
other person, including a Federal Government agency or an entity in the
private sector that may be certified or approved by the Federal Government
or any State to receive it; or (3) retained by the owner or user of an
encryption key or any other person, other than for encryption products for
use by the Federal Government or a State. Makes exceptions with respect to
investigative or law enforcement officers and members of the intelligence
community.

Provides that neither the Federal Government nor a State may require the
use of encryption products, standards, or services (products) for: (1)
confidentiality purposes, as a condition of the use of such products for
authenticity or integrity purposes; or (2) authenticity or integrity
purposes, as a condition of the use of such products for confidentiality
purposes.

Sets penalties for the unlawful use of encryption in furtherance of a
criminal act. Specifies that the use of encryption shall not be the sole
basis for establishing probable cause with respect to a criminal offense or
a search warrant.
***

Should you want to follow this legislation more closely (or read the rest
of the summary,) I suggest checking out the free and mostly accurate
(though CQ's information -- OnCongress.cq.com -- is more thorough ... yes,
a shameless plug) library of congress site, "thomas.loc.gov" and searching
either on HR850 or on whatever other aspects of internet/computer
encryption/civil rights encroachment may catch your fancy.

I also recommend that instead of having readers write their representatives
to vote against the fake bill, they instead urge passage of HR850.
Legislators tend to appreciate people who sound like they have an idea of
what they're talking about, instead of those constituents who have
knee-jerk reactions to the media "crisis du jour."

Lastly, an easier link for such electronic communication to House
representatives is:

http://www.house.gov/writerep/