[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Senate panel nixes ProCODE II, approves McCain-Kerrey bill
----Original Message Follows----
In the end, it was child pornography that derailed
encryption legislation in the U.S. Senate and dealt a
bitter defeat to crypto supporters. Spurred by the
chairman's denunciations of cyberporn, a majority of
the Senate Commerce Committee rejected ProCODE II this
morning -- and instead approved a bill introduced
earlier this week that creates new Federal crimes for
some uses of crypto and an all-but-mandatory key
escrow infrastructure.
Sen. John McCain (R-Ariz.), committee chair and chief
sponsor of the measure, led the attack, saying
Congress must "stop child pornography on the Internet
and Internet gambling. These legitimate law
enforcement concerns cannot and should not be
overlooked or taken lightly."
He warned that allowing encryption to be exported
would permit child pornographers to use it. "If it's
being used for child pornography? Are we going to say
that's just fine? That's it's just business? I don't
think so."
Then Sen. Kay Bailey Hutchinson (R-Tex.) chimed in,
saying she doesn't want "children to have access to
pornography or other bad types of information."
Sen. John Ashcroft (R-MO) tried to disagree. "It's like
photography. We're not going to [ban] photography if
someone takes dirty pictures." (At this point, one of
the more deaf committee members asked, "Pornography?
Are we going to ban pornography?")
Between the child-porn attack team of senators McCain,
Hollings, Kerry, and Frist, ProCODE sponsor Sen. Sen.
Conrad Burns (R-Mont.) didn't stand a chance. Hunched
over the microphone, Burns was outmaneuvered,
outprepared, and outgunned on almost every point.
Nevertheless, he introduced ProCODE II -- a so-called
compromise measure -- and was defeated 8-12. The
changes from ProCODE I gave the NSA, FBI, and CIA
oversight over crypto exports and permitted only the
export of up to 56-bit crypto products without key
escrow. Products of any strength with key escrow could
be exported freely.
That's hardly a pro-privacy, pro-encryption bill, says
the ACLU's Don Haines. "The ProCODE vote shows the
political bankruptcy of the pro-business agenda. Even
in the Commerce Committee, commerce arguments didn't
work," he says.
The committee also approved amendments proposed by
Kerry that would give jurisdiction over crypto exports
to a nine-member "Encryption Export Advisory Board."
The panel would "evaluate whether [a] market exists
abroad" and make non-binding recommendations to the
president.
Frist also introduced amendments to the McCain-Kerrey
bill that were accepted:
* Requiring that not any Federally-funded
communications network, but only ones established "for
transaction of government business" would use key
escrow -- thereby jumpstarting the domestic market.
* "Requirements for a subpoenas [sic] should be no
less stringent for obtaining keys, then [sic] for any
other subpoenaed materials."
* Key recovery can mean recovering only a portion of
the key "such as all but 40 bits of the key."
* NIST after consulting with DoJ and DoD will "publish
a reference implementation plan for key recovery
systems;" the law will not take effect until the
president tells Congress such a study is complete.
After the vote, advocacy groups tried to put a good
face on the devastating loss -- and an expensive
defeat it was. After 15 months of lobbying, countless
hearings, backroom dealmaking, and political capital
spent, ProCODE is gutted and dead. "There's another
day. We have confidence in the system," said BSA's
Robert Holleyman. CDT's Jerry Berman said, "What is
encouraging is that unlike the CDA other committees
are getting involved."
Of course, the involvement of other committees is only
likely to add more key escrow provisions and
limitations on crypto-exports. ProCODE's replacement
-- the McCain-Kerrey bill -- now goes to the Senate
Judiciary committee, and its chairman has already been
talking about mandating key escrow in some
circumstances...
-Declan
====================================================================
Maybe I'm just paranoid, but doesn't this mean that it is now illegal to
use anything over 56 bits in the US, and doesn't this give the US
Government the unofficial green light to start cracking down on those of
us that use encryption? All they gotta say is that they suspected that
we were dealing in child pornography, based on the fact that they
monitored encrypted messages leaving from our addresses? It's not that
far of a leap in possibilities after everything else they've done. This
is starting to get scary ladies and gentleman. I use 2048 bit
encryption, does that make me a porn lover because I use that heavy of
encryption,and encryption period? I feel some very bad days coming down
the pike. I just hope that we can do something to stem the tide.
---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------