[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ECPA/1997: the other shoe?




I've seen discussion on various lists and in the media about the reissue of
Sen. Burns' Pro-CODE bill (S. 377); I was poking around thomas.loc.gov for
information about S. 377 and ran across S. 376, introduced by Sen. Leahy,
the "Encrypted Communications Privacy Act of 1997", which implements a lot
of legislation that cypherpunks types have been speculating about for
several years now.

I couldn't find an easily-accessible version of the bill's text on thomas,
so I cobbled one together from the online version of the Congressional
Register. It's located at <http://www.io.com/~gbroiles/ecpa1997.html>. I
HTML-ized it in a hurry, so please rely on the official version when one
becomes available. 

I haven't had a chance to go over it in detail, but it purports to do these
things:

Makes the use of any cryptosystem in the US, or by US persons on foreign
soil, legal;

Prohibits the implementation of mandatory key escrow

Establishes standards and procedures under which key escrow agents may
release escrowed keys (including criminalizing wrongful release and
wrongful failure to release pursuant to court order/other authorization)

Criminalizes the willful use of encryption to obstruct justice

Confirms that it is legal to sell any cryptosystem within the US 

Sets standards for the release of keys to foreign governments

I'll post a more detailed summary later when I've had a chance to go over
the bill more carefully.
--
Greg Broiles                | US crypto export control policy in a nutshell:
[email protected]         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            |