-
This page design copyright 1999 by Steve N. Jackson.
Contents copyright 1999 by Steve N. Jackson and Authors.
Student enrolled in Journalism 110 are actively encouraged to use
the code from this page.
Version 7.09 (19 July).
|
Hilbert College |
Issue in Mass Communications: The Security and Freedom through Encryption Act |
- Home - Students - Tutorials - - Student Papers - |
|
by: Karin Peters 23, November, 1999
A major corporation that has confidential data it needs to transfer to another branch. The United States government receiving top secret information concerning national security. Or the average American citizen sending an e-mail to a friend. In any situation where the Internet is used and privacy is desired, encryption is needed. Encryption is the process of encoding data or communications in a form that only the recipient can decipher. Until rather recently, encryption was generally considered to be the need only for national security and law enforcement agencies. With the appearance of computers and other digital electronic communications, however, encryption has now become important to people and companies in society because they want to be able to transfer information securely. There are many who believe that the Internet is not as successful as it has the potential to be, since those who use it do not feel that the data being transmitted through the Internet is protected. (Goodlatte, 1999). In order to understand the issues of the Security and Freedom through Encryption Act, one must first know some basic terminology. In the digital world, data are communicated in a series of ones and zeroes that computers understand, but the average person does not. The encryption scheme changes these ones to zeroes and zeroes to ones according to an algorithm. The intended receiver knows the mathematical formula, the "key," to decode this encrypted information. The complexity and quality of an encryption scheme is what determines the difficulty of breaking the code and how effectively the scheme guards the information. The length of the key is a major factor in the intricacy of the encryption scheme. It is usually expressed in terms of "bit length," and a key with a bit length of 40 is considered weak, whereas one of 128 is very strong. (Congress, April 27, 1999). The encryption debate is comprised of two main issues. The first being whether the domestic use and sale of encryption products should have restrictions, and in particular whether or not private users should be required to place their keys in escrow with the government, or some third party whose sole purpose would be to hold keys. The other issue involves the export of encryption products and whether they should be restricted.(Congress, April 27, 1999) The controversy over encryption policy and products has been going on since 1996, when the Clinton administration moved the jurisdiction of the encryption export control policy from the State Department to the Commerce Department. This transfer produced an export control policy that said that U.S. computer companies could not export encryption products greater than 40 bits without restrictions and 56 bits with restrictions. (Weaver, 1999) On February 25, 1999, Representative Robert Goodlatte (R-VA) introduced bill H.R. 850, the Security and Freedom through Encryption Act, to the House of Representatives to "amend title 18, United States Code, to affirm the rights of United States persons to use and sell encryption and to relax export controls on encryption." (Thomas, 1999) Goodlatte developed the SAFE Act in order to encourage the widespread use of American-made encryption technology. This new level of encryption that the SAFE Act will grant will also be what allows the United States to lead the way into the 21st Century and beyond. (Goodlatte, 1999)As opposed to the current level of encryption presently approved by law, which is so weak that a college hacker was able to break it in less than four hours. (Forbes, 1997) In order to address the first issue of the encryption debate, the SAFE Act would foremost grant the freedom to all United States citizens to use encryption. They would be given the right to not only use, but also sell, any encryption, regardless of the algorithm, key length, or medium used. In order to protect the privacy of those using the Internet, the act would also prohibit Federal or State law from requiring any person in lawful possession of a key to relinquish it to another person. The act, however, would not affect the authority of any investigative or law enforcement officer acting in accord to law where the encrypted information is necessary. In the event that a person use encryption to commit or to cover up an illegal action, the SAFE Act would call for the criminal to be prosecuted in court and impose stiff penalties. In the case of a first offense, there would be jail time of no more than 5 years and a fine. For any offense thereafter, the imprisonment would be increased to 10 years, along with a greater fine.(Congress, June 24, 1997) In response to the second issue of the encryption debate, the SAFE Act would amend section 17 of the Export Administration Act of 1979. It would begin by first granting the Secretary the exclusive authority to control exports of all computer hardware, software, and technology for information technology (including encryption), except that which is specifically designed for military use. Secondly, the SAFE Act would not require a license for the export or re-export of any software or computing device, with or without encryption capabilities, that is generally available and designed for installation by the purchaser. The Secretary will be required to authorize the export or re-export of software with encryption capabilities for nonmilitary use, unless there is strong evidence that the software will be diverted to or modified for a military or terrorist use. The secretary shall also authorize the export or re-export of encryption hardware, should there be similar products commercially available from a foreign supplier that can provide comparable protection. (Congress, June 24, 1997). Although the bill would do so much to alleviate the problems of privacy and the Internet, and the exportation of encryption products, the bill faces strong opposition from people like Attorney General Janet Reno, FBI director Louis Freeh, and President Clinton. They fear that loosening export restrictions would too easily put security products into the hands of international criminals. (Null, 1999)As Janet Reno said in a letter to Congress:
Because Reno and others in opposition to the SAFE Act do realize that encryption is critical to privacy and security in communications, and that there are substantial interests at stake, they are fully aware that an encryption policy of some sort is needed. They feel, however, that Congress should "choose robust, unbreakable encryption that protects commerce and privacy and gives law enforcement the ability to protect public safety." (United States Department of Justice, 1999)They feel that all of this would be possible with the enforcement of a viable key management infrastructure. After a technical review, however, the Clinton administration announced to the public on September 16, 1999 that it would allow for the export of strong encryption products. Although genuinely happy with this development, supporters of the SAFE Act would like to see it stay alive in order to ensure the White House delivers the changes it promised. (Congress Daily, 1999)As Representative Richard Armey(R-TX) said at a Capitol Hill hearing with Goodlatte on the 16th, "We welcome the White House effort here. We are going to look at it with a great deal of interest and a great deal of enthusiasm. But weÕre also going to keep the SAFE Act on the schedule. We know how hard we worked, we know how well this is tuned to meet the dual objectives of opening access to world markets and maintaining security for this great nation. And so we will proceed on this basis." (Capitol Hill Hearing, 1999) The changes announced by the White House are very close to those set out in the SAFE Act, particularly in the area of export controls, which is a dramatic change from where it has previously been. The export policy that the White House announced includes a good majority of the principles expressed in the SAFE Act, including a one-time technical review of encryption products prior to export, a denial of exports to terrorist nations, and the freedom for U.S. companies to export mass market encryption products without serious restrictions. Also, the administrationÕs proposed policy would not require encryption users to escrow their keys to the government, a concept which was also expressly prohibited in the SAFE Act. ." (Capitol Hill Hearing, 1999) The administration has said that they will have the regulations if this new policy out on December 15, 1999. Until that time, Goodlatte and other supporters of the SAFE Act have said that they will be carefully watching to make sure that these regulations will match the policy announced in September. Once they are available, Goodlatte would like to see how well the regulations mesh with the SAFE Act before determining its final fate Ðcontinuing on through Congress or dying. "Nonetheless," he says, "IÕm pleased that after years of ignoring the importance of strong encryption in fighting crime and protecting our national security, the administration has finally moved towards adopting a balanced and reasonable approach on the encryption policy." (Capitol Hill Hearing, 1999) Time will only tell the future of the encryption policy of the United States. Although, of course, with the modern standards of encryption, many could already knowÉ. Bibliography: Capitol Hill Hearing. (September 16, 1999) Press conference with Representative Dick Armey and Representative Robert Goodlatte. Congress. (July 30, 1997)H.R. 695, The Security and Freedom through Encryption (SAFE) Act. Y 4.Se 2/1A: 997-98/23. Congress. (June 24, 1997) H.R. 695: Security and Freedom through Encryption (SAFE) Act. Y 4.IN 8/16: SE 2/4. Congress. (April 27, 1999) Security and Freedom through Encryption (SAFE) Act. Y 1.1/8: 106-117/PT.1. CongressDaily/AM. (September 24, 1999) Safe Act Unclear After Latest Encryption Moves. Forbes, Steve. (April 21, 1997) Thwarting Internet Thieves and Peeping Toms. Forbes. v159 n8. Goodlatte, Bob. (1999) The Safety and Encryption Act of 1999. Online: http://www.house.gov/goodlatte/encrypt.htm/. Harrison, Ann. (March 22, 1999) Privacy Activists Push Congress to Ease Encryption Limits. Computerworld. Mitchell, Russ. (October 13, 1997) Is the FBI Reading Your Mail? US News and World Report. Null, Christopher. (November 1999) Encrypt Your Mail, Go To Jail. PC/Computing. Rabinovitz, Jonathan. (September 16, 1999) US To Change Encryption-Export Policy. Knight Ridder/Tribune Service. Reinsch, William A. and Bob Goodlatte. (September 8, 1997). Q: Should Uncle Sam Control US Encryption Technology Exports? Insight on the News. v13 n33. Thomas (1999) Bill Summary and Status for 105th . Online: http://thomas.loc.gov/cgi-bin/bdquery/z?d105:HR00695:@@@D . United States Department of Justice (1999) Encryption and Computer Crime. Online: http://www.usdoj.gov/criminal/cybercrime/crypto.html/. Weaver, Heather Forsgren. (August 30, 1999) DOJ Encryption Bill Headed For Rocky Hill Reception. Radio Communications Report. |
||
This page design copyright 1999 by Steve N. Jackson.
Contents copyright 1999 by Steve N. Jackson and Authors.
Student enrolled in Journalism 110 are actively encouraged to use
the code from this page.
Version 7.09 (19 July).