Date: Tue, 5 Mar 1996 12:17:39 -0500 (EST) From: Voters Telecommunications Watch Message-Id: <199603051717.MAA13725@panix3.panix.com> To: sea-list@panix.com Subject: LACC: (INFO) Leahy/Goodlatte introduce crypto bill Sender: owner-lacc@suburbia.net Errors-to: nobody@mail.uu.net Precedence: bulk Reply-To: nobody@mail.uu.net ======================================================================== __ _________ __ \ \ / /_ _\ \ / / Voters Telecommunications Watch (VTW) \ \ / / | | \ \ /\ / / (We're not the EFF) \ V / | | \ V V / URL:http://www.vtw.org/ \_/ |_| \_/\_/ Mar 5, 1996 (expires Apr 5, 1996) SEN. LEAHY (D-VT) AND REP. GOODLATTE (R-VA) INTRODUCE "ENCRYPTED COMMUNICATIONS PRIVACY ACT" TO THWART CLINTON ADMINISTRATION'S FLAWED CLIPPER PLAN Please widely redistribute this document with this banner intact ________________________________________________________________________ CONTENTS The Latest News Analysis of Leahy bill What You Can Do Now Chronology of Leahy bill Press Contact Information A few questions and answers Our policy on financial donations ________________________________________________________________________ THE LATEST NEWS In the opening round of what promises to be a no-holds-barred fight with the Clinton Administration and the Intelligence community over cryptography policy, Senator Patrick Leahy (D-VT) and Representative Robert Goodlatte (R-VA) presented bills today that intend to: -decontrol the export restrictions on mass-market and publicly available software such as Phil Zimmerman's "Pretty Good Privacy" (PGP), -affirm Americans' right to use cryptography of their own choosing, -affirm Americans' right to *not* use key escrow systems, -make it a crime for an authorized key escrow agent to disclose a key recklessly or intentionally, and -create a crime of using cryptography while committing a felony for the express purpose of thwarting an investigation. The topic of cryptography exports is crucial to the continued growth and security of the Internet and online commerce. The success of the information economy in many cases hinges on the ability to employ strong encryption techniques to protect confidential data. The two bills come at a crucial time after the Clinton Administration has put forth two flawed encryption proposals, Clipper and Son of Clipper. A third plan, this time in the form of legislation, is in the works if one is to believe the rumors in the press. So far the only reason the Clinton Administration's flawed "Clipper" plans have been paid any attention to at all is because they offer relaxed export controls in return for storing your keys with government agencies or quasi-government agencies. The best part of the Leahy bill, though, is that you can use the encryption export provisions without ever thinking about using escrow. Leahy's bill will ensure that few consumers, if any, ever consider another Clinton-mandated encryption scheme ever again. The Leahy/Goodlatte bill allows the export of most of the cryptographic products you and I would would like to use, without any of the Clipper requirements. Without the lure of relaxed export for "Clippered" products, nobody will pay attention to Clipper products. This will surely be the deadly blow to all present and future "Clipper" plans that rely on the Clinton Administration's strongarm export policy tactics. A new Clinton proposal on encryption is rumored to be in the works. However, judging from the way they've bungled the first two proposals, VTW believes the newest Clinton proposal will be created with a similar process, with little regard for the concerns of business, industry and the public. One thing is certain; there will be movement on encryption policy this year. It may be legislative or it may be regulatory; we're in a far better position driving legislation we endorse, rather than lobbing bombs at legislation being driven past us. VTW believes this legislation is an excellent initiative. We have long advocated the decontrol of cryptography export laws based on the following principles: -The public and businesses have the right to use the strongest cryptographic products they (not the government) feel are necessary to ensure the confidentiality of their private communications. -The public and businesses should never be compelled to use software with escrow functionality, escrow agents, nor escrow agents that do not have the public's confidence. -If the public and business should choose to use escrow agents, the agents' primary responsibility should be to key owners, not to law enforcement. They should be mostly unregulated, and in an ideal world, there should be hundreds, if not thousands to choose from. -Current export controls are outdated, don't work, are endangering the worsening the problem of security of the Internet, and are damaging the competitiveness of US companies in the global marketplace. The way Leahy/Goodlatte addresses export of cryptography is consistent with our principles. VTW will keep you informed of its progress. As anyone familiar with the legislative process knows, a bill rarely ever looks the same at the end of the process as it did at the beginning. This bill is good for the Internet, and we intend to monitor it like the watchdogs you expect us to be, to ensure that it does not significantly deviate from the basic principles outlined above. In doing this, it will be crucial for the Internet community to speak up. Big business will weigh in on this bill to protect their rights to sell products with encryption in them. However nobody will speak up for your right to have a private conversation except you. We're counting on you to find that voice, and use it over the next few months to ensure that your present right to use encryption *of your choice* isn't amended out of the bill. There are some powerful forces out there that will be lobbying heavily on this legislation. The White house is rumored to have their bill ready. The law enforcement and intelligence communities, who would rather you couldn't use strong encryption, will be employing their usual scare tactics. Worst of all, the Clinton Administration, particularly Vice President Al Gore, who should be a voice of reason for these issues, will, if the example of Clipper and Son of Clipper is any indication, pander to law enforcement and the anti-crime vote in an election year. We predict that the White House will do everything in their power to prevent Senator Leahy from liberating PGP. He will need your help to push forward. Over the next few months, VTW will be coordinating a coalition of names, many of which are already familiar to you. This coalition will ask you to call and write to Congress, expressing your opinion, and threatening to back it up with the ultimate legitimate weapon of democracy, your vote in this election year. We're counting on you; we know you're up to it. We urge you to visit our homepage at http://www.vtw.org/, where we'll keep you updated on current events involving the bill. If you haven't already, you may want to subscribe to our vtw-announce list, no discussion, low-volume email messages that will keep you updated directly as we issue alerts and newsletters. In the wake of the Telecomm Bill protests, over 3,000 of you have subscribed in less than a month. Use the one-line form on our home page. P.S. We don't count our WWW page hits; we have better things to do. ________________________________________________________________________ ANALYSIS OF ENCRYPTED COMMUNICATIONS PRIVACY ACT The Leahy and Goodlatte bills are not exactly alike. For the moment, we will concentrate on the Leahy bill for purposes of analysis. We find it to be fleshed out in many areas. AFFIRMS OUR RIGHT TO USE CRYPTOGRAPHY OF OWN CHOOSING The bill affirms that "Americans should be free lawfully to use whatever particular encryption techniques, technologies, programs, or products developed in the marketplace they desire in order to interact electronically worldwide in a secure, private, and confidential manner". The bill also affirms our right to use cryptographic products that do not have key escrow functions in them, or to choose not to use such functions. If we do choose to use escrow holders, the bill affirms our right to use key holders of our own choosing. DEREGULATION OF PUBLICLY-AVAILABLE CRYPTOGRAPHIC TECHNOLOGY The bill addresses the "PGP problem" by making software that is "generally available", "publicly available", or "public domain" exportable with NO LICENSE REQUIRED, unless it is "specifically designed for military use". CREATES CRIMINAL PENALTIES FOR MALICIOUS KEY HOLDERS If I designate a local business to be my key holder, it is important that they take that responsibility seriously. The bill creates criminal penalties for key holders that behave recklessly with my decryption keys. Recently the Administration suggested that such individuals must be licensed by the US Government, and in some cases, be required to possess security clearances. This would make them little more than puppets of law enforcement. The bill creates criminal penalties with monetary fines if a key holder releases a key recklessly or inappropriately. Reasonable rules for an escrow agents conduct are described in the bill. These are discussed further below. RAISES THE STANDARD FOR A COURT TO OBTAIN YOUR DECRYPTION KEY Currently a court needs to only issue a simple search warrant to obtain a copy of your key for decryption of your communications. This bill raises the requirement to be equivalent to that of a court-ordered wiretap. ENCOURAGES KEY HOLDERS TO SERVE THE INTERESTS OF KEY OWNERS WHEN PRESENTED WITH A COURT-ORDER If you have chosen to use a key holder, they may find themselves in a curious predicament if presented with a court order at some point in the future. They really don't want to simply hand over your decryption key, since once it is divulged, it might be used to decrypt more information than what is required under the court order. The bill instructs a key holder to provide law enforcement with as little information as possible, in order to satisfy a warrant request, while still protecting as much of the key owner's confidentiality as possible. The bill accomplishes this by instructing a key owner to attempt to deliver decrypted communications only for the times specified by the warrant to law enforcement as a first step. If the key holder is unable to produce the decrypted communication for law enforcement, only then, as a last resort, should a key holder relinquish your key. This allows a key holder to work to protect the confidentiality of your decryption keys, while still fulfilling both the spirit and letter of the court order. DISCOURAGES THE USE OF ENCRYPTION TO THWART A FELONY INVESTIGATION This is probably the one provision we wouldn't have put in the bill, were we drafting it. Clearly added to appease law enforcement, it creates a new crime to "willfully" attempt to thwart a law enforcement investigation y using encryption. VTW feels that such a crime is unnecessary, but we're happy to see this is a fairly narrowly-tailored statute. It only applies to individuals who are engaging in a felony and using encryption to communicate information while in the commission of the felony, and whose intent, in using encryption, is to foil a law enforcement investigation. If you and a friend are talking with an encrypted phone, and you mention that you think some mutual friend is cheating on their taxes, you are not liable under this provision. If you are planning the Million Man March using encrypted email, and fear that you may be investigated because your cause in unpopular in some law enforcement circles, you are not liable because you are not committing a felony, even though law enforcement may find it annoying that they cannot read your mail. This provision only applies to you if you are using encryption to specifically foil a law enforcement investigation AND the communication relates to a felony AND you are using the communication to commit the felony. VTW feels this is a fairly narrowly drawn statute that is not likely to be easily abused. Although this bill is the best thing we've seen in Congress on this issue since ex-Rep. Maria Cantwell's (D-WA) export-of-encryption bill was introduced to the 103rd Congress two years ago, there are still some issues in the bill that bear further examination. Let it be understood that we think the balance of this bill right now will help the net far more than hurt it and the net should step forward and help Leahy and Goodlatte in their fight against the Administration over this issue. Nevertheless, our suggestions for tuning this bill are included below. BILL SHOULD INCLUDE AN EXPLICIT SUPPRESSION PROVISION Although the Fourth Amendment is the law of the land, it is important to note that it a applies to communications decrypted after an erroneous warrant has been issued. VTW feels that such a provision should be enumerated in the bill, just to clarify any concerns a court might have about such evidence. It is also clear, however, that such a provision is nearly impossible to obtain in the current Congressional climate, though we will continue to urge the bill's sponsors to add it. THE BILL SHOULD CLEARLY INCLUDE ENCRYPTION PRODUCTS FOR STORED DATA The bill addresses encryptions products used for wire or oral communications, per the Electronic Communications Privacy Act. Since many encryption products are built for just this purpose, it includes many of them. However, we think it is appropriate to specifically include products that are used only for encrypting stored data. THE BILL SHOULD INSTRUCT ESCROW AGENTS TO REPORT DISCLOSURES AS WELL The bill currently requires law enforcement to notify the Office of the Courts as to the number of court orders served on key holders and for what crimes the court orders were obtained. The Office is required to make this information public annually. VTW feels that accountability should never be in short supply. Requiring key holders to notify the Office of the Courts whenever they are ordered to disclose a key will allow the public yet another way of making sure that appropriate procedures are being followed to protect the public. We suggest an inexpensive reporting method such as registered mail so as not to burden key holders needlessly. Presumably, when the Office of the Courts totals up its numbers every year, the number of disclosures reported by law enforcement will add up to the SAME number reported by key holders themselves. Should there be a discrepancy, the public will be grateful for the additional accountability. NEW CRIMES ARE NEEDED TO DISCOURAGE MISREPRESENTING YOURSELF TO A KEY HOLDER Currently the bill relies on existing laws that cover police misrepresentation to punish law enforcement officials that misrepresent themselves to a key holder with an improper or forged warrant to obtain a key or a decrypted communication. The majority of law enforcement officials are good people that would never consider such an act. Consequently, they should have nothing to fear from such a statute. VTW believes that a new statute is needed to dissuade those few over-zealous law enforcement officials from violating the public's trust in these matters. On the whole, we believe that this bill is a win for the Internet public and Internet businesses that require strong market-driven cryptography. VTW urges you to become familiar with it and support Leahy and Goodlatte in their efforts. ________________________________________________________________________ WHAT YOU CAN DO NOW 1. It's crucial that you familiarize yourself with this bill. You can find links to it at http://www.vtw.org/ If you are an ISP or run a WWW page, we urge you to place a pointer to the bill on your homepage or in your message of the day. Here's a sample paragraph you can use: A bill has been introduced in Congress today that will decontrol many types of encryption products so they may be sold abroad, including the world-famous PGP. To learn more about this legislation, see VTW's home page at http://www.vtw.org/ Please remove this notice after a few days. 2. If you are an Internet Small Business, signon to VTW's Internet Small Business Coalition at http://www.vtw.org/help/ We'll likely be assembling a coalition of Internet small businesses in the next few weeks and will solicit your input on ways of carrying your message to Congress. 3. Join our vtw-announce mailing list by sending mail to majordomo@vtw.org or by signing up straight through our WWW page at http://www.vtw.org/. We'll be following this issue closely in the coming months. Note that vtw-announce is not a discussion list. It's VTW announcements, with little repeat content from other sources. ________________________________________________________________________ CHRONOLOGY OF THE 1996 LEAHY/GOODLATTE CRYPTO BILLS Feb 26, '96 Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) introduce the Encrypted Communications Privacy Act. Cosponsoring this legislation on the Senate side at Sen. Burns (R-MT) and Sen. Murray (D-WA). On the House side are the following cosponsors: DeLay, Campbell, Eshoo, Moorhead, Doolittle, Barr, Ewing, Mica, Everett, Bono, Lofgren, and McKeon. ________________________________________________________________________ A FEW QUESTIONS AND ANSWERS Q: Does this require, or even urge individuals to use third parties to hold their decryption keys? A: No way. You can use the liberal export provisions in this bill with out ever allowing your keys to leave your "cold dead fingers". Q: Does this advance the Clinton Administration's Clipper scheme in any way? A: No, in fact this bill cuts out the very heart of the Clipper program. The two Clipper programs had the potential to be adopted because Clipper products were intended to receive preferential export treatment. This allows the export of non-Clipper products. In the global marketplace, the Clipper products will not be able to compete. This bill is probably the final nail in the coffin of the Administration's flawed Clipper proposals. Q: Bills change during Congressional deliberation. Could this bill change in such a way that VTW would no longer support it? A: Absolutely. In fact, we consider it our mission to monitor the legislation to ensure that it isn't amended to act against the right of Internet users and businesses. Q: Wasn't Goodlatte one of the bad guys on the Communications Decency Act? Why is he sponsoring this bill, and can we trust him? A: Goodlatte did indeed introduce the fatal amendment that made the House version of the Telecomm Bill unsupportable. Nevertheless, VTW has found that a Congressperson's vote on one sort of bill is little indication of his or her stand on others. VTW wil closely examine any change in the language of the bill throughout its Congressional life. Q: Does this create a requirement for key holders to exist, or for me to use programs that store keys with third parties? A: No. The bill affirms your right to use encryption without such a feature, and if you do use software with such a feature, to self-escrow the keys. In fact, key holders can exist today. Q: Does this create a new obligations for key holders to disclose keys that they wouldn't have to comply with before? A: No. In fact, this bill makes it harder for a law enforcement official to retrieve a key from a key holder, by requiring a wiretap request instead of a simple search warrant. ________________________________________________________________________ PRESS CONTACT INFORMATION BY EMAIL (if your deadline is more than 24 hours away) Send mail to vtw@vtw.org with "press deadline" in the subject line if you are on a deadline. BY PHONE (if your deadline is in less than 24 hours) Call 718-596-2851 and follow the directions for contacting Steven Cherry or Shabbir J. Safdar quickly. ________________________________________________________________________ OUR POLICY ON FINANCIAL DONATIONS We do not accept unsolicited financial donations for our work. If you want to help further VTW's work, we urge you to register to vote. Check the Blue Pages of your local phone book for "Board of Elections". You should be able to obtain voter registration forms from them. ________________________________________________________________________ Copyright 1994-1996 Voters Telecommunications Watch. Permission is granted to copy and distribute this document for non-commercial purposes only, provided that the above banner and this copyright notice appear in all copies. For other uses, see our Copyright Policy at http://www.vtw.org/copyright.html ======================================================================== Distribution: To: INTERNET:SEA-LIST@PANIX.COM