US Report: Senate bill would lift bans on overseas crypto
"There's no mistake about it. This is strong privacy medicine," said Alan Davidson, an attorney and policy specialist with the Centre for Democracy and Technology. "It makes more encryption accessible to more people and that's exactly what we need."
David Sobel, policy counsel at the Electronic Privacy Centre, said the bill offered encouragement to pro-privacy forces. "There will finally be a vehicle in the Senate which is pro-encryption," he said.
Like bills before it, the "E-Privacy Act" sponsored by Vermont Democrat Sen. Patrick Leahy and Missouri Republican Sen. John Ashcroft would lift export controls on encryption technology to countries where encryption of similar strength was available. The bill also adds several new twists to the crypto debate by joining to it a parallel battle over wiretaps in the Federal Communications Commission.
The two senators are expected to join with the industry-funded Americans for Computer Privacy to announce the bill at a press conference on Tuesday.
A copy of the Ashcroft-Leahy proposal obtained by Inter@ctive Week bans attempts to require encryption "back doors" for law enforcement domestically and abroad. It would also lift export controls to all countries where similar products are available except for a handful or "rogue" nations like Libya and Iran.
Encryption technology uses simple mathematics to do extraordinary things. In short, it encodes messages so thoroughly that credit cards, love letters even massive bank transfers are safe from prying eyes online. As such, the technology is irreplaceable to efforts to doing business online and, proponents say, already ubiquitous worldwide.
Nonetheless, that same power can shield phone calls, e-mail and other digital communications from police wiretaps. As a result, law enforcement and intelligence specialists want its uncontrolled spread stopped.. If not stopped in its tracks, they say, the spread of strong crypto will lead to a reign of terror from mad bombers, drug dealers and the like. FBI Director Louis Freeh, in fact, has made repeated calls for a prohibition on all encryption which does not include "back doors" for police to unscramble messages through a still unspecified legal process.
Under the bill, police would also have to show courts probable cause before demanding that cell phone companies let them track cell phone users' whereabouts through their networks. Such data can now be garnered with no more than a US attorney's signature.
The bill also requires increased legal thresholds for police who request that phone companies trace incoming and outgoing phone calls from customers' lines.
Both issues are at the centre of a three-year dispute over implementation of the 1995 Communications Assistance to Law Enforcement Act. Police say they need the law and the $500m (£306m) in funding it provides to preserve their ability to conduct wiretaps in increasingly computerised phone networks. Phone companies and privacy advocates, by contrast, say the law would drastically expand wiretap capabilities.
For all the controls on police, they do get something out of the bill. Among other things, the legislation would impose five and 10 year prison sentences on criminals who use encryption to commit crimes, as well as establish a "Net centre" which could be used to teach police how to try to crack weaker forms of encryption -- a goal arguably at odds with a bill meant to constrain potential police abuses.
Though it's anyone's guess whether the bill has a better chance than its predecessors, activists said the bill represents their best hope in a chamber that has been loathe to move on an issue that has divided privacy advocates and computer companies from law enforcement like no other.
"These guys aren't going away," Davidson said.