[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [New Search]
>Date: Thu, 11 Sep 1997 23:37:39 -0700 (PDT) >From: Declan McCullagh <declan@well.com> >Subject: FC: House panel votes behind closed doors to build in Big Brother > > >Software that protects your privacy is a controlled substance that may no >longer be sold, a Congressional committee decided today. > >Meeting behind closed doors this morning, the House Intelligence committee >voted to replace a generally pro-encryption bill with an entirely >rewritten draft that builds in Big Brother into all future encryption >products. (The Senate appears to be moving in a similar direction.) > >The new SAFE bill -- titled in a wonderfully Orwellian manner the >"Security and Freedom through Encryption" act even though it provides >neither -- includes these provisions: > >SELLING CRYPTO: Selling unapproved encryption products (that do not >include "immediate access to plaintext") becomes a federal crime, >immediately after this bill becomes law. Five years in jail plus fines. >Distributing, importing, or manufacturing such products after January 31, >2000 is another crime. > >NETWORK PROVIDERS: Anyone offering scrambled "network service" including >encrypted web servers or even "ssh" would be required to build in a >backdoor for the government by January 31, 2000. This backdoor must >provide for "immediate decryption or access to plaintext of the data." > >TECHNICAL STANDARDS: The Attorney General will publish technical >requirements for such backdoors in network service and encryption >products, within five months after the president signs this bill. > >LEGAL TO USE CRYPTO: "After January 31, 2000, it shall not be unlawful to >use any encryption product purchased or in use prior to such date." > >GOVERNMENT POWERS: If prosecutors think you may be selling, importing, or >distributing non-backdoor'd crypto or are "about" to do so, they can sue. >"Upon the filing of the complaint seeking injunctive relief by the >Attorney General, the court shall automatically issue a temporary >restraining order against the party being sued." Also, there are >provisions for holding secret hearings, and "public disclosure of the >proceedings shall be treated as contempt of court." You can request an >advisory opinion from the government to see if the program you're about >to publish violates the law. > >ACCESS TO PLAINTEXT: Courts can issue orders, ex parte, granting police >access to your encrypted data. But all the government has to do to get >one is to provide "a factual basis establishing the relevance of the >plaintext" to an investigation. They don't have to demonstrate probable >cause, which is currently required for a search warrant. More >interestingly, this explicitly gives the FISA court jurisdiction (yes, >the secret court that has never denied a request for a wiretap). If they >decode your messages, they'll tell you within 90 days. > >GOVERNMENT PURCHASING: Federal government computer purchases must use a >key escrow "immediate decryption" backdoor after 1998. Same with networks >"purchased directly with Federal funds to provide the security service of >data confidentially." Such products can be labeled "authorized for sale >to U.S. government" > >ENCRYPTION EXPORTS: The Defense & Commerce departments will control >exports of crypto. Software "without regard to strength" can be exported >if it includes a key escrow backdoor and is first submitted to the >government. Export decisions aren't subject to judicial review, and the >"president may by executive order waive any provision of this act" if he >thinks it's a threat to national security. Within 15 days, he must send >a classified briefing to Congress. > >ADVISORY PANEL: Creates the Encryption Industry and Information Security >Board, with seven members from Justice, State, FBI, CIA, White House, and >six from the industry. > >INTERNATIONAL: The president can negotiate international agreements and >perhaps punish noncompliant governments. Can you say "trade sancation?" > >(Other provisions barring the use of crypto in a crime and some forms of >cryptanalysis are also in the bill.) > >Next the Commerce Committee will vote on SAFE, and a former FBI >agent-turned-Congressman is vowing to ensure that similar language to this >is included. (The committees are voting on the bill in parallel, and a >four-person team of Congressmen is working to forge a compromise before >Commerce votes.) Then the heads of the five committees that have rewritten >the legislation will sit down and work out another compromise. If it's >acceptable to the House Rules committee -- and if the FBI/NSA get what >they want it will be -- the bill can move to the floor for a vote. > >That's why the encryption outlook in Congress is abysmal. Crypto-advocates >have lost, and lost miserably. A month ago, the debate was about export >controls. Now the battle is over how strict the //domestic// controls will >be. It's sad, really, that so many millions of lobbyist-dollars were not >only wasted, but used to advance legislation that has been morphed into >a truly awful proposal. > >I wrote more about this at: > > http://cgi.pathfinder.com/netly/opinion/0,1042,1385,00.html > >--Declan > >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >This list is public. To join fight-censorship-announce, send >"subscribe fight-censorship-announce" to majordomo@vorlon.mit.edu. >More information is at http://www.eff.org/~declan/fc/ > > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com