Menu Search Account

LegiStorm

Get LegiStorm App Visit Product Demo Website
» Get LegiStorm App
» Get LegiStorm Pro Free Demo

Encryption Technology: the Debate in the th 105 and 106th Congresses (CRS Report for Congress)

Premium   Purchase PDF for $24.95 (19 pages)
add to cart or subscribe for unlimited access
Release Date Jan. 22, 2001
Report Number RL30836
Report Type Report
Authors Richard M. Nunno, Resources, Science, and Industry Division
Source Agency Congressional Research Service
Summary:

The controversy over encryption throughout the 1990s concerned what access the government should have to encrypted stored computer data or electronic communications (voice and data, wired and wireless) for law enforcement and national security purposes. Encryption and decryption are methods of using cryptography to protect the confidentiality of data and communications. When encrypted, a message can only be understood by someone with the key to decrypt it. Businesses and consumers want strong encryption products to protect their information, while the Clinton Administration wanted to ensure the law enforcement community's ability to monitor undesirable activity in the digital age. Until 1998, the Clinton Administration promoted the use of strong encryption (greater than 56 bits) here and abroad, only if it had "key recovery" features where a "key recovery agent" holds a "spare key" to decrypt the information. The Administration wanted key recovery agents to make the decryption key available to authorized federal and state government entities. Privacy advocates argued that law enforcement entities would have too much access to private information. Under this policy, the Administration attempted to use the export control process to influence companies to develop key recovery encryption products by making it easy to export products with key recovery, and difficult for those products without. There were no limits on domestic use or import of any type of encryption, so the Administration tried to influence what was available for domestic use through export controls since most companies do not want to incur the costs of creating two versions of the same product--one for U.S. use and another for export. U.S. companies argued that U.S. export policies hurt their market share while helping foreign companies not subject to export restrictions. While many businesses and consumer groups agreed that key recovery is desirable when keys are lost, stolen, or corrupted, they wanted market forces to drive the development of key recovery encryption products. They also objected to government having any role in determining who can hold the keys. Although a general consensus emerged that encryption is essential to the growth of electronic commerce and use of the Internet, opposition to the Clinton Administration's policy grew as industry and privacy rights groups lobbied Congress to loosen export controls. In the 106th Congress, legislation was introduced intended to foster widespread use of the strongest encryption ( H.R. 850 , S. 798 ). While the Administration continued to oppose that legislation, H.R. 850 was marked up by five Committees, resulting in widely varying and, in places, contradictory, provisions. In September 1999, the Clinton Administration announced plans to relax its encryption export policy by allowing unlimited key length (with some exceptions) without key recovery, and reducing reporting requirements. The rules for implementing that policy were issued by the Department of Commerce in January 2000. While the new policy appears to have satisfied industry interests, privacy rights groups continue to express concerns about government surveillance.