[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NYT article on Kerrey bill (LONG)




Encryption Bill Would Restrain
Next Generation of the Internet

By PETER WAYNER

The users of the next generation of the Internet will be forced to 
turn over the keys to their
encrypted computer data to government authorities if a bill currently
before the Senate passes. 

Senator Bob Kerrey, the Nebraska Democrat who cosponsored the
measure, said in an interview Monday that the bill would require that
the authorities be able to recover such keys in the next generation
network, called Internet 2, an advanced, high-speed research project
that is being carried out in more than 100 universities across the
country. 

The bill does not mention Internet 2 specifically but simply refers to
data traveling on all networks created "with the use of Federal funds
for transaction of government business." Users of the current Internet would 
have the freedom to
choose whether to notify the authorities of the keys. 

Key recovery is a controversial proposal aimed at giving fast 
access to encrypted data to the
branches of the government responsible for law enforcement and national 
defense. These branches
worry that widely deployed, easy-to-use encryption technology will make it 
simple for criminals
and terrorists to cloak their communications and make it impossible for the 
police to use
surveillance to gather evidence. 

Others, including computer scientists, civil libertarians
and even some law enforcement officials, worry that
such a proposal would concentrate too much power in
the key recovery centers and that this makes the nation
vulnerable to both attack by terrorists and abuse by
those entrusted with the power. 

A government-approved key-recovery system, as
imagined by the bill, would be created by an organization
that would store the keys to unlock the data encrypted
by members of the organization. It could be either a
corporation, a university or a group of private citizens. 

The key recovery official for the organization, known as the "agent," 
would be responsible for
decrypting the data and providing a "plaintext" version to the police in 
response to a subpoena, a
court order, a warrant or a letter from an attorney general. The bill would 
remove the civil and
criminal liability from the agents for responding to such queries but would 
impose penalties of up to
$100,000 on those who fail to comply. 

The bill, called the Kerrey/McCain act after its sponsors, Kerrey and
John McCain, the Arizona Republican who is chairman of the
Commerce Committee, is officially known as the Secure Public
Networks Act. It would require all new federally financed networks
or computer systems to use government-approved key-recovery
technology. 

The Internet 2 is a cooperative effort involving 109 universities to
build a demonstration version of a very-high-speed Internet in order
to aid scientific research and to push the state of network technology.
Its current embodiment is financed by a mixture of grants from the
National Science Foundation and President Clinton's Next
Generation Internet initiative. 

The greatest problem facing the users of Internet 2 and other future
federally financed networks will be defining where the government
control begins and where it ends. In the interview, Kerrey admitted
that this was a challenging problem and said that the government
must be flexible in determining the answer. His legislation would
create an Information Security Board that would ultimately be
responsible for tuning the application of the law. 

"The law is written so we can get regular look-backs and decide
what's not working," he said. "We know the current law isn't right.
So let's change the law and get some good flexibility." 

The current law controls only the export of encryption technology.
People in the United States have been free to use encryption to
protect their secrets since before the days of the American
Revolution. Thomas Jefferson, for instance, dabbled in cryptography
and even personally specified the encryption system to be used by
Lewis and Clark in their expedition. 

For this reason, Senator Kerrey expects that people will challenge
the constitutionality of his bill, but he says that his office is working
hard to ensure that they get the bill right the first time. 

The law could run afoul of the First Amendment to the Constitution,
which prohibits the "abridging of the freedom of speech." Requiring
people to speak in a form that is understandable by the government
in order to participate in government-financed network might be
considered an abridgment. 

Donald Haines, legislative counsel of the American Civil Liberties Union 
said, "It's like asking:
'Can you make it illegal to commit a crime in French?' " 

A more likely challenge may come from the Second, Fourth and Fifth 
Amendments. The United
States government has treated encryption technology as munitions in order to 
control its export.
The Second Amendment, however, guarantees the right to "keep and bear arms." 

The Fourth Amendment guarantees "the right of the people to be secure in 
their persons, houses,
papers and effects, against unreasonable searches and seizures." It is not 
clear how a court would
view the requirement that a citizen disclose his or her encryption key to a
key-recovery agent in
order to participate in the next generation of the Internet. 

On one hand, the agent would act as an intermediary who would only disclose 
the data to the
government in response to a valid request. On the other, the requirement for 
disclosure before any
warrant is issued might be seen as a violation of the Fifth Amendment, which 
prohibits the
possibility that someone "be compelled in any criminal case to be a witness 
against himself." 

More obscure challenges may emerge from the Ninth and Tenth Amendments. The 
Tenth
Amendment reserves "powers not delegated to the United States by the 
Constitution" to either the
individual states or the people. 

Representative Bob Goodlatte, a Virginia Republican
and a sponsor of competing legislation in the House,
asserts that Kerrey's bill is unconstitutional and that it
amounts to a "dramatic erosion of the people's rights" to
allow access to someone's data without the oversight of
a court. He points out that Kerrey bill would allow
foreign governments to request access to anyone's files
in the United States through the office of the Attorney
General. 

To a large extent, the constitutional question may depend upon just how 
voluntary the
key-recovery process turns out to be. The current draft of the bill contains 
language that explicitly
guarantees that participation in the program is voluntary, but it then 
enumerates all the conditions
under which federal financing will make it mandatory. 

The first to feel the requirements will be universities and colleges, because 
they rely heavily on
government financing. Kerrey said he remained willing to consider any 
language that would help
give the universities the flexibility they need to continue to do research 
effectively, but added that
he remained committed to pushing key-recovery technology. 

Some members of the university community expressed doubt that any compromise 
would be
possible. Gregory A. Jackson, the associate provost of the University of 
Chicago and a member of
the Internet 2 steering committee, said that the record-keeping burden would 
be onerous and that
the gains would be to slim when measured against the cost. 

"I can understand the FBI's point," Jackson said. "There are times when we 
want access to some
communications on campus and we can't get it." 

In his work at the University of Chicago and in his previous job at the 
Massachusetts Institute of
Technology, Jackson said, he was often called on to deal with disciplinary 
problems involving
misuse of the campus networks. "We had to use different leverage over people 
on campus," he
said. "Ultimately, the FBI is probably going to reach the same conclusion." 

Besides, Jackson said, it is virtually impossible even to define what 
encryption is. While the law
requires that the key-recovery agents deliver "plaintext," it is impossible 
to control how people
speak or what data they exchange. 

He went on to predict that the Internet 2 project would find a way to migrate 
into a completely
private entity if it became necessary to avoid government regulation. 

"Even the most optimistic estimates of what the federal contribution will be 
are still a small fraction
of the costs of Internet 2," he said. "It's serious money, and its important 
for making it go forward
quickly, but it's not the lion's share." 

George Cybenko, a professor at Dartmouth, said that his use of the Internet 2 
could drop to simple
e-mail and Web browsing because of the overhead imposed by keeping track of 
the keys. 

"If someone shows up and says, 'This packet came out of your office at 4 p.m. 
What does it mean?'
it will be a nightmare," Cybenko said. 

Many of the new uses of the Internet involve packing new and different forms 
of communication into
complicated data structures. Determining the difference between data that are 
encrypted and data
that are merely unconventional is difficult and could lead to problems. 

Some Internet correspondents have predicted that the FBI will be able to find 
a Senator to add an
amendment to Kerrey's bill to make key recovery mandatory for all Americans. 
Kerrey himself
suggested that this amendment may be offered by the Judiciary committee or on 
the floor of the
Senate in coming weeks. 

On Wednesday, the Senate Judiciary committee will begin holding meetings to 
investigate the
technology. Some expect that the committee chairman, Senator Orrin Hatch, 
Republican of Utah,
will offer his own version of the legislation. 

In the House, however, a different story continues to unfold. Goodlatte has
sponsored his SAFE
legislation (Security and Freedom through Encryption) that would relax export 
controls and not
require key-recovery provisions for anyone. His bill would deal with the 
problem of criminals hiding
their actions by extending the sentences of anyone who uses encryption in 
furtherance of a felony. 

His legislation has enjoyed wide, bipartisan support. Cosponsors range from 
conservative
Republicans like Tom DeLay of Texas, to liberal Democrats like Maxine Waters 
of California. 

In the last two days, six more members of the House have signed on as 
co-sponsors, bringing the total to 131. 

Copyright 1997 The New York Times Company 

-----

Ariel Glenn / AcIS R&D / Columbia University
[email protected]
#include <stddisclaimer.h>