Encryption Technology: the Debate in the th 105 and 106th Congresses (CRS Report for Congress)
Premium Purchase PDF for $24.95 (19 pages)
add to cart or
subscribe for unlimited access
Pro Premium subscribers have free access to our full library of CRS reports.
Subscribe today, or
request a demo to learn more.
Release Date |
Jan. 22, 2001 |
Report Number |
RL30836 |
Report Type |
Report |
Authors |
Richard M. Nunno, Resources, Science, and Industry Division |
Source Agency |
Congressional Research Service |
Summary:
The controversy over encryption throughout the 1990s concerned what access the government
should have to encrypted stored computer data or electronic communications (voice and data, wired
and wireless) for law enforcement and national security purposes.
Encryption and decryption are methods of using cryptography to protect the confidentiality of
data and communications. When encrypted, a message can only be understood by someone with the
key to decrypt it. Businesses and consumers want strong encryption products to protect their
information, while the Clinton Administration wanted to ensure the law enforcement community's
ability to monitor undesirable activity in the digital age.
Until 1998, the Clinton Administration promoted the use of strong encryption (greater than 56
bits) here and abroad, only if it had "key recovery" features where a "key recovery agent" holds a
"spare key" to decrypt the information. The Administration wanted key recovery agents to make the
decryption key available to authorized federal and state government entities. Privacy advocates
argued that law enforcement entities would have too much access to private information. Under this
policy, the Administration attempted to use the export control process to influence companies to
develop key recovery encryption products by making it easy to export products with key recovery,
and difficult for those products without. There were no limits on domestic use or import of any type
of encryption, so the Administration tried to influence what was available for domestic use through
export controls since most companies do not want to incur the costs of creating two versions of the
same product--one for U.S. use and another for export. U.S. companies argued that U.S. export
policies hurt their market share while helping foreign companies not subject to export restrictions.
While many businesses and consumer groups agreed that key recovery is desirable when keys are lost,
stolen, or corrupted, they wanted market forces to drive the development of key recovery encryption
products. They also objected to government having any role in determining who can hold the keys.
Although a general consensus emerged that encryption is essential to the growth of electronic
commerce and use of the Internet, opposition to the Clinton Administration's policy grew as industry
and privacy rights groups lobbied Congress to loosen export controls. In the 106th Congress,
legislation was introduced intended to foster widespread use of the strongest encryption
( H.R. 850 , S. 798 ). While the Administration continued to
oppose that legislation, H.R. 850 was marked up by five Committees, resulting in widely
varying and, in places, contradictory, provisions.
In September 1999, the Clinton Administration announced plans to relax its encryption export
policy by allowing unlimited key length (with some exceptions) without key recovery, and reducing
reporting requirements. The rules for implementing that policy were issued by the Department of
Commerce in January 2000. While the new policy appears to have satisfied industry interests, privacy
rights groups continue to express concerns about government surveillance.