For other versions of this document, see http://wikileaks.org/wiki/CRS-RL30836 ------------------------------------------------------------------------------ Order Code RL30836 CRS Report for Congress Received through the CRS Web Encryption Technology: the Debate in the 105 and 106th Congresses th January 22, 2001 Richard M. Nunno Specialist in Information Technologies Resources, Science, and Industry Division Congressional Research Service ~ The Library of Congress Encryption Technology: the Debate in the 105th and 106th Congresses Summary The controversy over encryption throughout the 1990s concerned what access the government should have to encrypted stored computer data or electronic communications (voice and data, wired and wireless) for law enforcement and national security purposes. Encryption and decryption are methods of using cryptography to protect the confidentiality of data and communications. When encrypted, a message can only be understood by someone with the key to decrypt it. Businesses and consumers want strong encryption products to protect their information, while the Clinton Administration wanted to ensure the law enforcement community's ability to monitor undesirable activity in the digital age. Until 1998, the Clinton Administration promoted the use of strong encryption (greater than 56 bits) here and abroad, only if it had "key recovery" features where a "key recovery agent" holds a "spare key" to decrypt the information. The Adminis- tration wanted key recovery agents to make the decryption key available to authorized federal and state government entities. Privacy advocates argued that law enforcement entities would have too much access to private information. Under this policy, the Administration attempted to use the export control process to influence companies to develop key recovery encryption products by making it easy to export products with key recovery, and difficult for those products without. There were no limits on domestic use or import of any type of encryption, so the Administration tried to influence what was available for domestic use through export controls since most companies do not want to incur the costs of creating two versions of the same prod- uct--one for U.S. use and another for export. U.S. companies argued that U.S. export policies hurt their market share while helping foreign companies not subject to export restrictions. While many businesses and consumer groups agreed that key recovery is desirable when keys are lost, stolen, or corrupted, they wanted market forces to drive the development of key recovery encryption products. They also objected to government having any role in determining who can hold the keys. Although a general consensus emerged that encryption is essential to the growth of electronic commerce and use of the Internet, opposition to the Clinton Administration's policy grew as industry and privacy rights groups lobbied Congress to loosen export controls. In the 106th Congress, legislation was introduced intended to foster widespread use of the strongest encryption (H.R. 850, S. 798). While the Administration continued to oppose that legislation, H.R. 850 was marked up by five Committees, resulting in widely varying and, in places, contradictory, provisions. In September 1999, the Clinton Administration announced plans to relax its encryption export policy by allowing unlimited key length (with some exceptions) without key recovery, and reducing reporting requirements. The rules for implementing that policy were issued by the Department of Commerce in January 2000. While the new policy appears to have satisfied industry interests, privacy rights groups continue to express concerns about government surveillance. Contents Encryption, Computers, and Electronic Communications . . . . . . . . . . . . . . . . . . 1 Administration Policy and Industry Reactions . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Industry Reactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Action in the 105th Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Action in the 106th Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Issues in the Debate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Key Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Export Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Domestic Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Final Clinton Administration Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Encryption Technology: the Debate in the 105th and 106th Congresses The congressional debate over encryption technology was resolved without the enactment of legislation, with the Clinton Administration's significant reduction of restrictions on the use of encryption. Some groups, however, would like to see further reductions in those restrictions, and would also like to have the new policy codified in law. Others might want to reverse the current policy, to re-institute the previous restrictions on encryption use. This report serves as a comprehensive overview of the evolution of debate and legislation that led to modifications to the U.S. encryption policy that took place in the 1990s and 2000. Encryption, Computers, and Electronic Communications Encryption and decryption are procedures for applying the science of cryptography to ensure the confidentiality of messages. Technically, the issue discussed here is cryptography policy, but since encryption is the most controversial application of cryptography, it is the term used popularly and in this report. (Other methods of using cryptography to protect confidentiality­steganography and "chaffing and winnowing"­will not be discussed in this report.) Also, for a discussion of the specific issues regarding medical records privacy and security, see CRS Issue Brief IB98002, Medical Records Confidentiality, updated regularly. Encrypting messages so they can be understood only by the intended recipient historically was the province of those protecting military secrets. The burgeoning use of computers and computer networks, including the Internet, now has focused attention on its value to a much broader segment of society. Government agencies seeking to protect data stored in their databases, businesses wanting to guard proprietary data, and consumers expecting electronic mail to be as private as first class mail, all want access to strong encryption products. Other users of electronic communications, for example cellular (wireless) phone users who expect calls to be as private as wireline calls, also are showing increased interest in encryption. While encryption is uncommon for telephone users today, the advent of digital telephone services (particularly Personal Communication Services, PCS, a digital form of cellular telephony) is expected to make encrypted voice and data communications over telephones more common. Whether hardware- or software-based, an encryption product scrambles a message using mathematical algorithms. A corresponding key is needed to decrypt (unscramble) the message, and the key itself also may be encrypted. The algorithm is a series of digital numbers (bits), and the level of difficulty of breaking the code (its "strength") is usually represented by the number of bits in the key. (There are other CRS-2 factors that affect a key's strength, but in this debate, bit length is used as a benchmark.) Unencrypted data are referred to as "plaintext." Encrypted data are "ciphertext." The National Institute of Standards and Technology (NIST), in conjunction with industry, developed an encryption standard using a 56-bit key in 1977. Called the Data Encryption Standard (DES), it is widely used today in the United States and abroad, often in an enhanced mode called "3-key triple DES" providing the equivalent of a 112- bit key. NIST is currently working to establish a new, stronger standard than DES referred to as the Advanced Encryption Standard (AES). The need for a stronger standard was underscored in 1997 when DES was broken (see below). Encryption products are KEY RECOVERY AND widely available today, including KEY RECOVERY AGENTS some that use 128-bit keys or more. Some 128-bit encryption Once called "key escrow," key recovery means that when software can be downloaded from stored data or electronic communications are encrypted, a third party has a copy of the key needed to decrypt the the Internet. There are no limits on information. The third party is called a key recovery agent the strength of encryption products (formerly a key escrow agent). Key recovery is useful in cases used in the United States, whether where a key is lost, stolen or corrupted. Most parties to the encryption debate agree that market forces will drive the acquired here or imported. The development of key recovery-based encryption products for only limits are on exports. This stored computer data because businesses and individuals will indirectly influences what is It is lessbe sureif marketget copies of keys in an emergency. want to clear they can demands will drive key recovery available domestically, however, systems for electronic communications. since most U.S. companies are The controversy was over government's attempt to reluctant to develop two products, "encourage" the development of key recovery-based products through the export control process, the government's role in one for the U.S. market and determining who can serve as key recovery agents, and the another for export. For many extent to which law enforcement agencies could obtain the key years, reflecting the policies of the if they suspect undesirable activity (terrorism, child pornography, and drug cartels are often cited as examples). past three Administrations, the State Department did not allow general exports of encryption with more than 40-bit keys, except for banking and U.S.-owned subsidiaries (for a list of exceptions, see CRS Report 96-232). In December 1996, the Clinton Administration raised the limit to 56 bits for easily exportable encryption products that do not have key recovery features (see box), and removed bit length limits entirely for products with key recovery. Breaking a message encrypted with a 40-bit key by "brute-force" (trying every possible combination of bits until the correct one is found) is not considered difficult. In January 1997, a 40- bit key was broken in 3.5 hours. In general, for each bit added to the encryption key, the time required to break the key doubles. Thus it takes 216 (65,536) times longer to break a 56-bit key than a 40-bit key. In July 1998, a group from the Electronic Freedom Foundation (an electronic privacy rights group) demonstrated (for less than $250,000) the vulnerability of 40- and 56-bit keys by using a network of nearly 100,000 PCs on the Internet that broke a 56-bit key in 22 hours, 15 minutes. The ability to break 128-bit encryption (considered strong encryption) has not yet been demonstrated publicly. In May 1996, the National Research Council (NRC) released a comprehensive report entitled Cryptography's Role in Securing the Information Society (the "CRISIS" report). It stressed that national policy should make cryptography broadly CRS-3 available to all legitimate elements of society, promote continued economic growth and leadership of key U.S. industries, and ensure public safety and protection against foreign and domestic threats. Among the recommendations: key escrow is an unproven technology and the government should experiment with it and work with other nations, but not aggressively promote it now; export controls should be relaxed progressively, but not eliminated; and encryption policy issues can be debated adequately in public without relying upon classified information. The report also recommended that no law should bar the manufacture, sale or use of any form of encryption within the United States; and government should promote information security in the private sector. The report underscored that utilization of strong encryption and law enforcement objectives can be mutually compatible. Business and consumer groups consider 56-bit keys inadequate to ensure privacy and security. They oppose export encryption controls and requirements for key recovery features. They object to the government using the export process to force the development of key recovery encryption products, rather than allowing market forces to prevail, and to the government's role in determining who can serve as key recovery agents. These groups argue that strong encryption is needed, for example, to enhance the prospects for electronic commerce and other uses of computer networks. The willingness of consumers to buy goods via the Internet could be markedly affected by their beliefs as to whether credit card numbers will be secure. Businesses using computers for either internal or external communications need to ensure that competitors or other unauthorized parties cannot gain access to proprietary information. Privacy advocates argue that consumers should be assured that personal, medical and financial information transmitted by or stored in computers will be protected. They note that since 128-bit non-key recovery encryption is available worldwide either by downloading it from the Internet or buying it from foreign firms, the U.S. government already has lost control of influencing its availability. A 1997 survey conducted by Trusted Information Systems found 656 foreign encryption products available from 29 countries (in addition to 963 U.S. products). A 1998 report by the Economic Strategy Institute, Finding the Key, concluded that if the Administration's policies remained in effect, the U.S. economy would lose $35-96 billion by 2002 in lost encryption product sales; slower growth in encryption-dependent industries; foregone cost savings and efficiency gains from the Internet, intranets, and extranets; and indirect effects throughout the economy. In June 1999, a study conducted by George Washington University, titled the "Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations," found over 800 encryption products available from 35 foreign countries.1 At least 167 of those products were found to use strong encryption. Over 512 companies either manufacture or distribute cryptographic products (of quality comparable to U.S. products) in over 70 countries outside the United States. In June 1999, the Electronic Privacy Information Center (EPIC) produced its second annual report on the encryption policies of foreign nations and international organizations titled "Cryptography and Liberty," concluding that "in the vast majority of countries [both developed and developing] cryptography may be used, manufactured, and sold without restriction." On April 3, 2000, EPIC released its third annual international 1 [http://www.seas.gwu.edu/seas/institutes/cpi] CRS-4 review of encryption policies, covering 135 countries. The report found the relaxation of export controls was continuing, but that law enforcement agencies were seeking new authority and new funding to gain access to private keys and personal communications. Supporters of encryption export controls PROPONENTS AND OPPONENTS OF ENCRYPTION EXPORT CONTROLS agree that strong encryption is needed but insist that law Proponents: the Clinton Administration (notably the Department of enforcement and national Justice andof terrorists and otherAgency) and othersconduct activities the ability the National Security criminal groups to concerned about security concerns demand unmonitored if strong non-key recovery encryption is widely available. that, when authorized, the Opponents: government be able to · computer hardware and software manufacturers who wanted to intercept and decrypt market the same products for domestic and foreign markets and worried electronic communications or that they would lose market share to foreign competitors who did not would abide by such products for were the concerned that no one decrypt stored computer data have tobuy encryption limits. TheywhichalsoU.S. government could where undesirable activity is obtain the key. suspected. Law enforcement · U.S. businesses that wanted to use the same computer systems they had in their home offices with their foreign clients; and and national security officials · privacy and consumer groups, which are still not satisfied with the wanted to ensure their ability latest Clinton Administration encryption policy, want individuals to have to access the plaintext of the access to the best encryption possible without regard to key recovery features. information. The method most often discussed was to obtain the key needed to unscramble encrypted information from key recovery agents. Hence, they supported the use of strong encryption products as long as they included key recovery features, and wanted to limit the development of strong non-key recovery products. While conceding some strong non-key recovery encryption products were already available, they claimed use of these products was not widespread. They argued that while the U.S. government cannot prevent the availability of strong non-key recovery encryption, at least it could be restrained, and future generations of encryption products (with key recovery) would displace those without key recovery capabilities. Although the publicity surrounding the encryption debate centered on access to stored computer data, electronic communications are equally important to the law enforcement and national security communities. An Internet message, for example, is stored data when it resides on a server or an individual's computer, but it is an electronic communication while it is being transmitted between computers. The encryption export regulations apply to products for encrypting other electronic communications, not just those between computers. Telephones, whether wired or wireless, are also covered. The 1994 Communications Assistance to Law Enforcement Act (CALEA, P.L. 103-414) requires telecommunications carriers to ensure their equipment permits the interception of any electronic communication by law enforcement officials.2 If the communication is encrypted, law enforcement agencies want to ensure they can decrypt it, too. (CALEA requires the 2 For further details, see CRS Report RL30677, Digital Surveillance: The Communications Assistance for Law Enforcement Act and FBI Internet Monitoring, January 25, 2001. CRS-5 telecommunications carrier to provide decrypted information if the carrier itself is responsible for the encryption, but not if the customer has encrypted it.) Administration Policy and Industry Reactions The Clinton Administration consistently supported arguments by law enforcement and national security agencies that the government must be able to gain access to the plaintext of encrypted electronic data and messages when undesirable activity is suspected. In addition to international criminal activity, the Administration (notably the FBI) wants to be able to monitor domestic criminal activity. The Administration always permitted use of any strength encryption, without a key recovery requirement, in the United States. Rather than attempting to change that policy directly, the Administration used the indirect route of export controls to influence what types of encryption products were available, both here and abroad. Initially, the Clinton Administration sought to restrain the development of strong encryption products by prohibiting export of greater than 40-bit encryption (with a few exceptions). The Administration also tried several approaches to promote "voluntary" use of key recovery agents. In April 1993, the Administration released its "Clipper chip" policy requiring emplacement of special encryption computer chips (called Clipper, an encryption device used for unclassified but sensitive government communications) into new government equipment for voice communications, with two government agencies, NIST and the Department of Treasury, jointly serving as key escrow agents (each holds part of the key). The Administration implemented this policy in 1994 for sensitive but unclassified voice communications in the federal government through a Federal Information Processing Standard (FIPS) called the Escrowed Encryption Standard (EES, or FIPS-185). The Administration hoped that industry would accept the Clipper chip for its own use, but industry strongly objected to the key escrow provisions, particularly the fact that government agencies would hold the keys. In July 1994, the Administration agreed to work with the private sector to develop a "voluntary" key escrow system for data using "trusted third parties" as escrow agents instead of government agencies. This proposal was referred to by its detractors as "Clipper II." Industry continued to object to the key escrow concept as well as the export controls, leading to the legislation discussed below. In May 1996, the Administration released a draft paper on encryption policy, followed by a July statement by Vice President Gore. Called "Clipper III" by its opponents, these documents outlined policy changes the Administration was considering. Among other things, the term "key recovery" replaced "key escrow" to emphasize the positive attributes of key escrow in providing a means to recover a key that is lost, stolen, or corrupted. Furthermore, "key escrow" had come to be identified with the concept of the government holding the key. Under the key recovery policy, a trusted third party or an organization itself can serve that function ("self escrow") with some restrictions. On October 1, 1996, Vice President Gore announced the changes to the Administration's policy, to focus on the need for strong encryption, as long as it included key recovery features. The key recovery agent would be required to give the CRS-6 key to duly authorized law enforcement officials if undesirable activity is suspected (the three types most often cited were drug cartels, child pornographers, and terrorists). The associated executive order was signed November 15, and the Administration published an "interim final" regulation on December 30, to last two years, with the following details: continuation of no restrictions on domestic use or import of any encryption; no key length restrictions on export of encryption products if a key recovery system was used for that product; for 56-bit encryption products without key recovery systems, a one-time review was required before exporting the product, and within two years the exporter must have developed a key recovery system; export licenses were granted in 6-month increments to hold exporters to a timetable to ensure the key recovery systems were being developed (if not, the export license was not renewed); trusted parties served as key recovery agents, and in some cases, organizations were allowed to escrow keys themselves (self-escrow) if they met certain requirements; and commercial encryption was removed from the Munitions List and responsibility for commercial encryption export licensing was transferred from the State Department to the Commerce Department, with the Department of Justice serving an advisory role in commercial encryption export decisions. Foreign governments would apply to U.S. courts to gain access to keys, as they do when seeking other types of evidence. During the next two years, the Commerce Department granted some waivers for banking and financial services. On September 3, 1997, FBI Director Louis Freeh testified to the Senate Judiciary Committee that there was a need for domestic use restrictions on encryption products. Following that testimony, the existence of legislation proposed by the Administration to impose domestic use restrictions became widely known among congressional and industry groups. Vice President Gore later stated that Freeh's comments reflected the FBI's view, but did not indicate a change in Administration policy. The House Intelligence Committee, however, later approved an amendment to legislation similar to Freeh's position about the need for key recovery to be built into encryption products. In March 1998, Vice President Gore wrote to Senator Daschle restating the Administration's desire for a "balanced approach" to encryption policy and seeking to "produce cooperative solutions, rather than seeking to legislate domestic controls." The discussions would also enable additional steps to relax export controls on encryption products. Shortly afterwards, Secretary of Commerce Daley announced the release of a new report on electronic commerce wherein he said that although the Administration's policy was the right one, its implementation was a failure. He urged both industry and government to strive harder to reach consensus on the issue. The Undersecretary of Commerce for the Bureau of Export Administration (BXA) Reinsch later commented at a Congressional Internet Caucus meeting that the Administration was no longer looking for a legislative solution to the encryption issue. In July 1998, the Clinton Administration declassified two security algorithms used in the Clipper chip. In September 1998 it announced plans to allow the export of 56-bit encryption products without requiring provisions for key recovery, after a one-time review, to all users outside seven "terrorist countries" (Cuba, Iran, Iraq, Libya, North Korea, Syria, and Sudan). Export of encryption products of any strength was permitted to 46 designated countries if key recovery or access to CRS-7 plaintext was provided to a third party. The Administration also supported an FBI proposal to establish a technical support center to help law enforcement keep abreast of encryption technologies. In December 1998, the BXA released interim rules to implement the Administration's export control policy initiative. The rules allowed for the export of encryption commodities and software to U.S. companies or subsidiaries in the finance, insurance, health-care and medical end-users, and electronic commerce industries. Industry Reactions Most participants in the debate agreed that market forces would lead to the development of key recovery-based encryption products for stored data because companies and individuals would want to be able to replace lost, stolen or corrupted keys. The debate was over the government's role in "encouraging" the development of key recovery products through export regulations and the access government would have to the keys. Also of concern was the government's inclusion of other electronic communications. While computer companies continued to argue against the Administration's policy, some also developed key recovery products to satisfy the policy. A group of companies formed the Key Recovery Alliance in 1996 to identify barriers to the development of marketable key recovery products. On March 4, 1998, a group of more than 100 companies and organizations (some also members of the Key Recovery Alliance) formed the Americans for Computer Privacy (ACP) coalition to lobby for enabling the use of strong encryption, against export controls on strong encryption, and against mandatory key recovery. 3 Among the members are America On Line, Microsoft, Sybase, the National Rifle Association, the Law Enforcement Alliance of America, and the Business Software Alliance. In March 1998, Network Associates announced that it had arranged for a Swiss company to develop its own software product using specifications in a book by Philip Zimmerman, the creator of Pretty Good Privacy (PGP). Network Associates bought Mr. Zimmerman's company in 1997. PGP was a 128-bit encryption product that does not have key recovery and hence could not be exported under the current regulations. (An older version is available via the Internet, however, which sparked a multi-year Justice Department investigation of Mr. Zimmerman that resulted in no action against him). Since the book could be exported, and the Swiss company received no technical assistance from Network Associates, the company believed no laws were broken. The Swiss product was sold by a Dutch firm under the PGP name. Opponents of encryption controls pointed to this as evidence that the U.S. government cannot control the spread of non-key recovery encryption. In July 1998, as a possible compromise to the Clinton Administration, a group of software companies announced plans to develop a product, "private doorbell", to capture data that could be given to law enforcement before it is encrypted and sent over the Internet. While industry groups approved of the Administration's encryption export policy, they argued that 56-bit encryption had been broken and that stronger 3 ACP's web site is [http://www.computerprivacy.org]. CRS-8 encryption was necessary. Furthermore, they asserted that the Department of Commerce's rules could render the policy ineffective in increasing their ability to export encryption products. Privacy rights groups argued that while the new policy may help big companies, it would not increase the availability or use of 56-bit or stronger encryption by individual users of Internet communications. Action in the 105th Congress Three bills in the House and four in the Senate concerning encryption were introduced in the 105th Congress; none were enacted, although one (H.R. 1903) passed the House. Three (H.R. 695, S. 376, and S. 377) were versions of bills considered in the 104th Congress, generally favoring relaxed encryption export controls. Four new bills were also introduced. S. 909 reflected a philosophy closer to that of the Clinton Administration than the three previous bills. H.R. 1903 focused broadly on computer security issues and the role of NIST. H.R. 1964 focused broadly on computer privacy and security issues. S. 2067 was generally viewed as pro- industry and pro-privacy. Hearings were held by six House committees (Commerce, International Relations, Intelligence, Judiciary, National Security, and Science) and two Senate committees (Judiciary; and Commerce, Science, and Transportation). The Security and Freedom Through Encryption (SAFE) Act (H.R. 695, Goodlatte) originally sought to relax export controls on encryption, although versions of H.R. 695 as reported from various committees had substantially different provisions. The bill was eventually considered by the Committees on Judiciary, International Relations, Commerce, National Security, and Intelligence. Amendments adopted by the latter two committees reversed some of the provisions of the original bill by maintaining or increasing restrictions on export controls of encryption. The Rules Committee did not take action on the bills. The Encrypted Communication Privacy Act of 1997 (S. 376, Leahy) prohibited mandatory use of key recovery but allowed law enforcement to access the key under court order if key recovery is used; codified existing domestic use policy; gave the Secretary of Commerce exclusive jurisdiction over commercial encryption exports; liberalized export controls; made it a crime to use encryption to obstruct justice; and established liability protection and penalties for "key holders." The bill also established procedures for foreign governments to access keys or decryption assistance. The Promotion of Commerce On-Line in the Digital Era (PRO-CODE) Act of 1997 (S. 377, Burns) prohibited mandatory key recovery and established an Information Security Board as a forum to foster communication and coordination between industry and government. The bill also codified existing domestic use policy and gave the Secretary of Commerce exclusive jurisdiction over commercial encryption exports. It liberalized export controls but required the publisher or manufacturer of encryption software or hardware to report to the Secretary of Commerce within 30 days after exporting a product on the product's encryption capabilities. The report would have included the same information required under the December 30, 1996 regulations, but would be provided after export instead of as a condition of obtaining a license. CRS-9 The Secure Public Networks Act (S. 909, McCain et. al.) codified existing domestic use policy; established penalties for use of encryption in commission of a crime; encouraged but did not require use of key recovery; established procedures for government approval of key recovery agents and certificate authorities; required key recovery agents, whether or not registered by the government, to disclose recovery information to lawfully authorized federal or state government entities; provided liability protection for key recovery agents acting pursuant to the Act; permitted export of 56-bit encryption products without key recovery if they meet certain conditions; permitted export of any strength encryption product if it is based on a qualified key recovery system and meets certain other conditions; and allowed the President to waive provisions of the bill for national security or domestic safety and security reasons. During and after markup, the committee adopted amendments establishing an Encryption Export Advisory Board (EEAB) with four government (CIA, FBI, NSA and the White House) and eight industry representatives to make recommendations on whether export exemptions should be granted for non-key recovery products stronger than 56-bits. The committee ordered the bill reported, but the report was never filed. The Senate Judiciary Committee requested sequential referral of S. 909, and held a hearing on July 9, 1997 where FBI Director Louis Freeh expressed reservations about the bill because it allowed widespread use of strong encryption within the United States regardless of whether it has key recovery. Freeh amplified his concerns at a September 3 hearing before the Subcommittee on Technology, Terrorism, and Government Information. He stated that he wanted U.S. manufacturers to be required to build key recovery into encryption products, and that imported encryption products also be required to include key recovery. He further stated that achieving the goal of immediate lawful decryption "could be done in a mandatory manner. It could be done in an involuntary manner. ..." He later added that he thought legislation should first include the requirement that key recovery be built into encryption products and "then take up the more complex discussion about how that's enabled...." He also stated that Internet service providers should be required to be able to decrypt communications immediately. The Encryption Protects the Rights of Individuals from Violation and Abuse in Cyberspace (E-PRIVACY) Act (S. 2067, Ashcroft, et. al.) prohibited federal or state agencies from linking the use of encryption for authentication or identification to the use of encryption for confidentiality purposes; required that the use of encryption products be voluntary and market-driven; outlined procedures for U.S. and foreign law enforcement agencies to access decryption keys or assistance in decrypting electronic communications or stored data; established a National Electronic Technologies (NET) Center in the Department of Justice to help law enforcement keep pace with encryption technology; made the use of encryption to obstruct justice a crime; established an Encryption Export Advisory Board to determine whether comparable foreign products are commercially available; maintained the President's authority to prohibit export of encryption products to countries that support international terrorism or to impose embargoes on exports to or imports from a specific country; made electronic records in networked storage be treated in law as though the record had remained in the possession of the person who created the record; and set the circumstances under which the government may require a mobile CRS-10 electronic communication service to reveal the real-time physical location of a subscriber, and may obtain information from pen register and trap and trace devices. The Computer Security Enhancement Act (H.R. 1903, Sensenbrenner) amended and updated the Computer Security Act of 1987, enhancing the role of the National Institute of Standards and Technology (NIST). As passed by the House (H.Rept. 105-243), the bill required NIST to promote the use of commercial-off-the-shelf encryption products by civilian government agencies; clarified that NIST standards and guidelines are not intended as restrictions on the production or use of encryption by the private sector; provided funding for computer security fellowships at NIST; and required the National Research Council to conduct a study of public key infrastructures. A section requiring NIST to develop standardized tests and procedures to evaluate the strength of foreign encryption products was removed before passage. The bill passed the House and was reported without amendment by the Senate Commerce Committee October 13, 1998 (S.Rept. 105-412). The Communications Privacy and Consumer Empowerment Act (H.R. 1964, Markey) covered a range of computer privacy and security issues. With regard to encryption, the bill codified existing domestic use policy, prohibited the government (federal or state) from conditioning the issuance of certificates of authentication or certificates of authority upon use of key recovery systems, and prohibited the government (federal or state) from establishing a licensing, labeling or other regulatory scheme that requires key escrow as a condition of licensing or regulatory approval. The bill also required the National Telecommunications and Information Administration (NTIA) to conduct a study on, inter alia, how data security issues affect electronic commerce, including identification of generally available technologies (including encryption) for improving data security. Action in the 106th Congress On February 25, 1999, Representative Goodlatte introduced a new version of SAFE (H.R. 850), similar to the bill introduced in the 105th Congress, with a new provision directing the Attorney General to compile examples in which encryption has interfered with law enforcement. The bill was reported by the Judiciary Committee on April 27, and was referred jointly and sequentially to Committees on International Relations, Commerce, Armed Services, and Intelligence. Hearings were held by the Committees on Commerce (May 5 and 25), International Relations (May 18) and Intelligence (June 9 and July 14), Armed Services (July 1 and 13), . The bill has gained 257 co-sponsors, with a majority of both Republican and Democratic leadership. The bill was reported (amended) by the Committee on Commerce. (H.Rept. 106-117, Part II) on July 2, and by the remaining three committees (parts III, IV, and V) on July 23. The five versions of H.R.850 differed significantly. The versions passed by the Committees on the Judiciary, Commerce, and International Relations codified the regulations for unrestricted domestic use and sale of encryption, prohibited the government from mandating key escrow practices for the public, and liberalized the controls governing the export of strong encryption. One of the amendments passed CRS-11 by the Commerce Committee made it a crime to fail to decrypt information upon court orders, raising opposition from privacy rights advocates. The Armed Services and Intelligence Committee versions, in contrast, had minimal or no mention of domestic use of encryption, and increased the authority of the President in restricting the controls governing the export of strong encryption. All of the bills, except for the version by the Armed Services Committee, established criminal penalties for the use of encryption in the furtherance of a criminal act. The Intelligence Committee bill, however, provided greater details than the others for criminalizing the use of encryption in a criminal act. In addition, each Committee added provisions for specific agencies and circumstances. For example, the Commerce Committee established a National Electronic Technologies (NET) Center in the Department of Commerce to promote the exchange of information regarding data security techniques and technologies, and the International Relations Committee directed the Secretary of Commerce to consult with the Attorney General, the Federal Bureau of Investigation, and the Drug Enforcement Administration before approving any license to export encryption products to any country identified as being a major drug producer. The Intelligence Committee bill authorized appropriations for the Technical Support Center, at the FBI. The five versions were sent to the House Rules Committee on July 23, 1999. No further action was taken. In the Senate, On April 14, 1999, Senators McCain, Burns, Wyden, and Leahy introduced S. 798, the Promote Reliable Transactions to Encourage Commerce and Trade (PROTECT) Act. The bill would have immediately raised the maximum exportable key length of encryption products to 64 bits; S. 798 also set a deadline of January 1, 2002 for the federal adoption of the Advanced Encryption Standard (which uses a 128 bit key length) and allowed the export of products employing AES at that date. S.798 allowed the export of strong (greater than 64 bit) encryption products with key recovery features, as well as the export of strong encryption products to "legitimate and responsible entities," including publicly traded firms, U.S. corporate subsidiaries or affiliates, firms required by law to maintain plaintext records, and others. S.798 did not contain criminal provisions for the use of encryption in the furtherance of a crime (unlike H.R.850), and prohibited domestic controls and mandatory plaintext access. The Senate Commerce Committee held a hearing on the bill on June 10. The Senate Commerce Committee approved S. 798 on June 23, 1999. No further action was taken on the bill. Deep divisions remained between those who oppose liberalizing encryption policy and those who advocate it. While the computer industry, and privacy and consumer advocacy groups generally favored both bills, H.R. 850 was considered more pro-industry because of its greater liberalization of encryption export controls. The Departments of Defense and Justice remained opposed to both bills, arguing that the existing export restrictions were necessary to prevent the use of encryption by undesirable groups. In addition, on July 27, 1999, Representative Goss introduced two more bills on encryption policy: H.R. 2616 (which reflected House Intelligence Committee mark-up of H.R. 850), and H.R. 2617 (which proposed tax incentives for the nation's encryption software manufacturers to develop products with key recovery). Three other bills were introduced containing provisions regarding encryption. On April 21, 1999, Senator Leahy introduced S. 854, which included provisions that CRS-12 promoted the use of encryption by (1) prohibiting government requirements for non- federal use of key recovery or plaintext access practices, (2) prohibiting federal agencies from requiring non-federal entities to use specific encryption products to receive services, (3) prohibiting federal encryption products that interact with commercial systems from interfering with the encryption capabilities of the commercial products, and (4) prohibiting the disclosure of decryption assistance to foreign governments without a court order. The bill was referred to the Committee on the Judiciary. On June 9, 1999, Representative Sensenbrenner introduced H.R. 2086, which included a provision directing the National Science Foundation to undertake a study comparing the availability of encryption technologies in foreign countries to those subject to U.S. export restrictions. On July 1, 1999, Representative Sensenbrenner introduced H.R. 2413, which contained provisions for establishment of a public key management infrastructure and encryption standards for federal computers. On September 21, 1999, President Clinton sent to Congress proposed legislation that would ensure that law enforcement maintained its ability to access decryption information stored with third parties, and would be allowed to withhold information in courtrooms on its techniques used in decryption. The bill also authorized $80 million over four years for the FBI Technical Support Center, which would serve as a technical resource in responding to the use of encryption by criminals. That legislation was never introduced in the 106th Congress. Issues in the Debate Key Recovery Key recovery was the fundamental tenet of the Clinton Administration encryption policy. The Administration wanted law enforcement access to keys for encrypted data stored by computers, transmitted between computers, or other types of electronic communications. Not only did the Administration view this as critical for U.S. users, but it sought to create a global key management infrastructure (KMI, now referred to as public key infrastructure, or PKI) to ensure confidentiality for the growth of global electronic commerce, and monitoring undesirable activity (by terrorists, drug cartels, or child pornographers, for example). Many opponents of encryption controls agreed that key recovery has advantages for recovering a lost, stolen, or corrupted key, but believed market forces would drive the development of a PKI for stored computer data without government involvement. Less likely is a market-driven demand for key recovery products for electronic communications. In any case, opponents of controls insisted that the government should have no role in choosing who holds the keys. They feared the government would have unfettered access to private files and communications, though the Clinton Administration stressed that proper legal authorization would be required. Liability protection for proper release of keys and penalties for improper use or release of keys were an important aspects of Administration policy. CRS-13 Questions about technical vulnerabilities that could be introduced if key recovery is incorporated into computer systems were raised in a report (updated June 1998), The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption, by an ad hoc group of cryptographers and computer scientists. They concluded that key recovery "introduces a new and vulnerable path to the unauthorized recovery of data" and the "massive deployment of key-recovery-based infrastructures to meet law enforcement's specifications will require significant sacrifices in security and convenience and substantially increased costs...." The Clinton Administration acknowledged that global agreement on key recovery and PKI policy were essential to its policy and worked with the Organization for Economic Cooperation and Development (OECD) to develop guidelines for a global PKI. In 1997, the OECD released those guidelines, which stated that "national cryptography policies may allow lawful access to plaintext, or cryptographic keys, or encrypted data" (emphasis added). Hence, OECD neither endorsed nor rejected the concept of law enforcement access to decryption keys. The European Commission published a communication in October 1997 that noted the need for strong encryption to advance electronic commerce and expressed strong reservations about regulating encryption (by requiring key recovery, for example). Since then, Canada, Finland, Germany, France, and Taiwan announced a relaxation or elimination of their key recovery laws. Lacking international consensus, many believed it was unlikely that mandated key recovery would survive. Export Restrictions Using the export process to influence the type of encryption products that were available in the United States and abroad was one strategy of the Clinton Administration's policy. The Administration points to threats to national security and public safety that would arise if criminals and terrorists used encryption that the U.S. government could not decrypt. Administration representatives argued that NSA, for example, had been able to thwart criminals and terrorists because NSA intercepted communications in time; if those communications had been encrypted with strong encryption, their task would have been much more difficult. NSA opposed passing a law that does not require companies to notify the government of what encryption products are being exported and to whom. Others pointed to difficulties in stopping future attacks in an era when terrorists could use strong encryption. Opponents of the Administration's policy countered that the United States, through export controls, could not prevent access to strong non-key recovery encryption by criminals and terrorists because it was already available elsewhere in the world. They further pointed out that the current policy of no restrictions on domestic use or import of encryption meant that domestic threats would not be affected. Until its September 1999 announcement, the Clinton Administration used the export process to encourage companies to develop products with key recovery features. There were no limits on the strength of encryption products that could be exported if they include key recovery. Opponents of export controls objected to the government mandating the use of key recovery, arguing that foreign companies were not bound by such restrictions. They argued that customers who did not want U.S. law enforcement or national security agencies having access to decryption keys would buy encryption products from foreign suppliers. They insisted that the U.S. CRS-14 government could not control the availability of strong non-key recovery encryption products, since they already could be procured from foreign suppliers, or downloaded from the Internet. They asserted U.S. policies simply ensured that U.S. companies would lose market share to foreign competitors and would not achieve the overall objective of assuring law enforcement access to encrypted information of criminal groups. They pointed out that drug cartels, for example, could develop their own encryption products rather than buying commercially available products that would allow governments to access the keys. Proponents of export controls conceded that some criminal groups could develop their own encryption, but insisted that at some point they would have to interact with mainstream companies (such as banks or airlines). If the mainstream companies were using key recovery-based systems, this would provide an opportunity for law enforcement to access at least some of the groups' activities. They also pointed out that even though law enforcement agencies were allowed to tap telephone lines for decades, criminals still used telephones because the infrastructure is already in place, easily used, and less costly than building an alternative system for their own use. As for foreign competition, proponents argued that although some strong non-key recovery products were available from the Internet or foreign suppliers, they were not widely used and some were not as strong as their advertisements claimed. Some cases involving encryption export controls have been the basis for legal action. One involves University of Illinois Professor Daniel Bernstein and his attempts to publish, both in print and on the Internet, the source code for his Snuffle encryption algorithm. The government argued that the export required a license under the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR) through which AECA is implemented. On April 15, 1996, U.S. District Judge Marilyn Patel ruled that computer source code is "speech" and protected under the Constitution. On December 18, she further ruled that ITAR represents an unconstitutional prior restraint on free speech. Following the December 30, 1996 shift in jurisdiction over commercial export products from the State Department to the Commerce Department, Bernstein's lawyers asked her to review the new regulations. On August 25, 1997 she ruled that the new regulations also violate the First Amendment. On June 21, 1999, the Department of Justice filed a petition with a federal appeals court for reconsideration in the Bernstein case, which on May 6 upheld a ruling that encryption source code is scientific expression protected by the First Amendment. An opposite ruling was made in March 1996 by Judge Charles Richey in a case involving Philip Karn. Mr. Karn was denied permission to export source code on diskette even though the source code had been published in a book and hence was in the public domain. The State Department designated the diskette as a "defense article" under AECA and denied its export. Judge Richey dismissed the complaint because the AECA does not permit judicial review of what is designated by the President as a "defense article." Mr. Karn appealed the ruling, but by the time the appeal was heard in January 1997, the export regulations had changed so the case was remanded back to DC District Court. On July 7, 1998, U.S. District Judge James Gwin ruled that an individual could not challenge encryption export restrictions on the grounds that they abridge his right to free speech on the Internet. CRS-15 Domestic Use The focus of the encryption debate has at times shifted to include potential changes to domestic use policy. Current U.S. policy allows any type of encryption to be used in or imported into the United States. Clinton Administration concerns that attempting to change this policy would be unsuccessful was a factor in its choice of using export controls to influence what encryption products are available for domestic use. FBI Director Freeh's testimony to the Senate Judiciary Committee on September 3, 1997 heralded a shift in the debate toward the possibility of requiring that key recovery be built into products manufactured in or imported into the United States, and possibly enabled by the manufacturer, not only the user. The Administration's policy, however, did not change on this issue. In September 1999, questions were raised over the discovery of a software element, labeled NSAKey, in the security code of the Microsoft Windows operating system. Microsoft stated that the element was a back-up used for authentication of encryption components if the first key is damaged. Some question whether the key might enable the National Security Agency (NSA) to gain access to Windows operating systems. While it is unlikely that Microsoft would have collaborated surreptitiously with NSA, the dispute highlights the level of tension between industry and privacy rights groups over key recovery practices. Final Clinton Administration Policy In September 1999, the Clinton Administration announced its new encryption export policy, to make encryption products of any key length, after a technical review, exportable without a license to users in any country except seven "terrorist countries". Regulations implementing the Administration's new encryption export policy were issued by the BXA on January 14, 2000.4 According to these rules, retail encryption commodities and software of any key length can be exported without a license to any non-government end user in any country except the seven state supporters of terrorism, and can be re-exported to anyone (including Internet and telecommunications service providers). Exports previously allowed only for a company's internal use can now be used for communication with other firms, supply chains, and customers. Exports to government end-users still require a license. Exporters must report to BXA on where the encryption product is exported, and BXA will determine whether products qualify as retail by reviewing their functionality, sales volume, and distribution methods. In addition, if source code (computer language instructions written by programmers) is made publicly available (under "open source" policies) and no royalty is charged for its use, the code is not subject to export restrictions, a provision that was not included in an earlier draft and was the source of criticism by industry and privacy rights groups. Over the next year, the Administration announced further updates to its encryption policy. On July 17, 2000, changes were announced to allow exports of any strength encryption products to the governments of European Union and eight additional countries. It also allowed exports, without a technical review or reporting 4 Complete regulations are posted at [http://www.bxa.doc.gov/encryption/default.htm] CRS-16 requirements, of encryption embedded in short-range wireless products (e.g., mobile phones, audio devices, cameras, and videos). On October 2, 2000, the National Institute for Standards and Technology announced its selection of a new Advanced Encryption Standard for federal agency use to protect unclassified information. The algorithm for the standard, known as Rijndael, was developed by Belgian scientists and will be made freely available for use by the private sector. While the computer industry is satisfied with the latest rules, some privacy rights groups (including the American Civil Liberties Union, the Electronic Frontier Foundation, and the Electronic Privacy Information Center) argue that the remaining ambiguities in the rules make encryption technology overly cumbersome for individuals to use. Because the regulations could be reversed by a future Administration, these groups still advocate the passage of legislation to codify the changes in U.S. encryption policy. ------------------------------------------------------------------------------ For other versions of this document, see http://wikileaks.org/wiki/CRS-RL30836