Declan McCullagh on Sun, 7 Sep 1997 19:07:01 +0200 (MET DST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Mandatory key escrow bill text, backed by FBI




---------- Forwarded message ----------
Date: Fri, 5 Sep 1997 19:34:51 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: cypherpunks@toad.com
Subject: Mandatory key escrow bill text, backed by FBI

All encryption products distributed in or imported into the U.S. after
January 1, 1999 must have a key escrow backdoor for the government,
according to an FBI-backed proposal circulating on Capitol Hill. The
measure would impose a similar requirement on "public network service
providers" that offer data-scrambling services. FBI Director Louis Freeh
talked about this proposal, without disclosing legislation existed, at a
Senate subcommittee haring on Wednesday.

Domestic use and sale of encryption has never been regulated.

Attached is an excerpt from the draft "Secure Public Networks Act" dated
August 28.

-Declan

-------

	SEC. 105. PUBLIC ENCRYPTION PRODUCTS AND SERVICES

	(a) As of January 1, 1999, public network service
	providers offering encryption products or encryption
	services shall ensure that such products or services
	enable the immediate decryption of communications or
	electronic information encrypted by such products or
	services on the public network, upon receipt of a court
	order, warrant, or certification, pursuant to section
	106, without the knowledge or cooperation of the person
	using such encryption products or services.

	(b) As of January 1, 1999, it shall be unlawful for any
	person to manufacture for sale or distribution within
	the U.S., distribute within the U.S., sell within the
	U.S., or import into the U.S., any product that can be
	used to encrypt communications or electronic
	information, unless that product:

  	 (1) includes features, such as key recovery, trusted 
	 third party compatibility or other means, that

	  (A) permit immediate decryption upon receipt of
	  decryption information by an authorized party without
	  the knowledge or cooperation of the person using such
	  encryption product; and

	  (B) is either enabled at the time of manufacture,
	  distribution, sale, or import, or may be enabled by the
	  purchase or end user; or

	 (2) can be used only on systems or networks that include
	 features, such as key recovery, trusted third party
	 compatibility or other means, that permit immediate
	 decryption by an authorized party without the knowledge
	 or cooperation of the person using such encryption
	 product.

	(c) (1) Within 180 days of the enactment of this Act,
	the Attorney General shall publish in the Federal
	Register functional criteria for complying with the
	decryption requirements set forth in this section.

	(2) Within 180 days of the enactment of this Act, the
	Attorney General shall promulgate procedures by which
	data network service providers sand encryption product
	manufacturers, sellers, re-sellers, distributors, and
	importers may obtain advisory opinions as to whether a
	decryption method will meet the requirements of this
	section.

	(3) Nothing in this Act or any other law shall be
	construed as requiring the implementation of any
	particular decryption method in order to satisfy the
	requirements of paragrpahs (a) or (b) of this section.

-------

MSNBC's Brock Meeks on above FBI proposal & White House support:
  http://www.msnbc.com/news/108020.asp

My report on the September 3 "mandatory key escrow" Senate hearing:
  http://jya.com/declan6.htm

Transcript of FBI director Louis Freeh's remarks at Sep 3 hearing:
  http://jya.com/fbi-gak.txt

Reuters' Aaron Pressman on Commerce Dept backing away from FBI:
  http://www.pathfinder.com/net/latest/RB/1997Sep05/248.html

-------





---
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@icf.de and "info nettime" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner@icf.de