[1804] in cryptography@c2.net mail archive
Re: Current status of GAK legislation?
daemon@ATHENA.MIT.EDU (John Young)
Sat Nov 8 10:54:05 1997
Date: Fri, 07 Nov 1997 19:47:51 -0500
To: "James A. Donald" <jamesd@echeque.com>
From: John Young <jya@pipeline.com>
Cc: cryptography@c2.net
James Donald wrote:
>Where is the GAK legislation now, and who is tracking it?
----------
Here's a recent news report:
5 November 1997, PC Week:
No progress expected anytime soon on encryption bills
The debate over U.S. regulation of encryption technology appears to be on hold
until next year.
The Rules Committee of the U.S. House of Representatives, which now has four
versions of the Security and Freedom through Encryption Act (H.R. 695)
before it,
has yet to schedule hearings on the encryption legislation and is not
likely to do so
before early next year, said Lauren Hall, chief technologist at the Software
Publishers Association in Washington.
The bill stalled after Rules Committee Chairman Gerald Solomon, R-N.Y.,
insisted
on language that would make it illegal to sell, use or build encryption
software that
does not allow the government to obtain real-time and secret access to
encrypted
data.
That language, proposed by the House Intelligence Committee but opposed by the
House Commerce Committee, is at the heart of the Federal Bureau of
Investigation's efforts to guarantee law enforcement agencies' access to
encrypted
data through a national key-escrow infrastructure.
But there's a technological problem. Encrypted sessions, such as the Secure
Socket Layer used by most browsers, generate keys on the fly. There is no back
door that can be opened with a copy of a company's private key. In theory,
current browser technology would become illegal under the proposed
legislation.
Ironically, the SAFE bill was originally supported by the software industry
as a
means to relax current export restrictions on encryption technology.
On the Senate side, the Secure Public Networks Act (S.909) also includes a
mandatory key-recovery scheme, but it has yet to be discussed or amended in
committee. Nor is it expected to happen this year.
So far, the Clinton administration has indicated it wants to balance the
needs of the
industry for strong encryption with the needs of law enforcement to gain
access to
encrypted data.
Ira Magaziner, the White House's point man on electronic commerce, told
industry
executives at a Washington conference in September that the administration
has no
plans to back off its current stance. Since then, however, Magaziner has
described
President Clinton's policy as a work in progress, indicating to some that the
administration may be willing to soften its stance.
