WASHINGTON-Two powerful senators have come together on the sticky issue of encryption legislation.
Encryption is technology used to scramble computer data. The computer industry has been trying for years to get export controls on encryption technology relaxed, but the FBI and National Security Agency have resisted.
The debate over controls on encryption products has been going on since 1996 when the Clinton administration moved jurisdiction of encryption export control policy from the State Department to the Commerce Department. Commerce relaxed regulations so U.S. computer companies could not export encryption products with bit strengths greater than 56 bits with restrictions and 40 bits without restrictions. These bit strengths are considered weak by the computer industry, which has developed products with bit strengths of at least 128 bits.
Sens. John McCain (R-Ariz.), chairman of the Senate Commerce Committee, and Conrad Burns (R-Mont.), chairman of the communications subcommittee, were on opposite sides last Congress as McCain favored more oversight of encryption technology and Burns favored less.
This year the two have come together and plan next week to introduce what they are calling the The Protect Act, according to a statement released by McCain’s office. The Senate is currently recessed.
“This bill protects our national security and law enforcement interests while maintaining the United States leadership role in information technology. We must update our laws to reflect the realities of the information age,” said McCain.
The Protect Act was met with cautious support from the Americans for Computer Privacy, a coalition of computer companies and associations. “[The senators] are to be congratulated for the Protect Act, which recognizes the fact that widespread deployment of strong American-made encryption is in the best interests of this nation … However, it must be noted that the bill doesn’t go as far as the Security and Freedom through Encryption Act,” said Ed Gillespie, ACP executive director.
The Safe Act, is a pro-industry bill sponsored in the House by Reps. Bob Goodlatte (R-Va.) and Zoe Lofgren (D-Calif.). It has 248 cosponsors and passed the House Judiciary Committee last month.
Some major differences between the Safe Act and the Protect Act include the key bits that can be exported and the review process.
The Protect The Commerce Department could not comment on the new bill because it has not been introduced yet. Law enforcement also didn’t comment. But one official said he was pleased with the bill’s plan to get more money law enforcement counter encryption needs. Act caps the bit strength at 64 bits. There is no cap in the Safe Act because of a generally available test.
The Safe Act provides for a 15-day review by the Secretary of Commerce while the Protect Act has an elaborate process with review by an Encryption Export Advisory Board, after which the Commerce Secretary must respond within 15 days.
The Commerce Department could not comment on the new bill because it has not been introduced yet. Law enforcement also didn’t comment. But one official said he was pleased with the bill’s plan to get more money law enforcement counter encryption needs.
