Privacy Law and Policy Reporter
compiled by Graham Greenleaf
Senator Patrick Leahy and several other co-sponsors introduced the Encrypted Communications Privacy Act of 1996 (S.1587) in March (see http://www.epic.org/crypto/legislation/s1587.html for its text). The proposed legislation would:
EPIC supports the Leahy Bill's move to loosen export controls, but opposes any move to establish a legal structure for key escrow. It regards any legislation to `affirm' the freedom to use encryption within the US, or to impose additional criminal penalties for obstruction of justice, as both unnecessary and dangerous. EPIC's analysis of the Bill is at http://epic.org/crypto/legislation/s1587_analysis.html
EPIC is far more supportive of the Bill introduced by Senator Conrad Burns (and now also supported by Senator Leahy), the Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act (s 1726), which would relax export controls on software and hardware with encryption capabilities and would prohibit mandatory key-escrow. Hearings on the legislation are tentatively scheduled for June. See http://www.epic.org/crypto/export_controls/ for more details.
The US administrations continuing support of export bans on strong encryption, and its linkage to key escrow schemes, is coming under increasing attack from Congress, with a bi-partisan group of 27 House members recently writing to President Clinton to oppose such measures, citing a study that claimed that US technology industries will lose $60 billion in revenues and 200,000 jobs by the year 2000 in consequence of encryption export bans (see http://www.epic.org/crypto/key_escrow/).
43. Other goods as follows:(see http://www.austlii.edu.au/au/legis/cth/consol_reg/cer439/sch13.html for the full text).
(a) complete or partially complete cryptographic equipment designed to ensure the secrecy of communications (including data communications and communications through the medium of telegraphy, video, telephony and facsimile) or stored information;
(b) software controlling, or computers performing the function of, cryptographic equipment referred to in para (a);
(c) parts designed for goods referred to in paras (a) or (b);
(d) applications software for cryptographic or cryptanalytic purposes including software used for the design and analysis of cryptologics;
(h) information security systems, equipment, software, application specific assemblies, modules or integrated circuits, designed or modified to provide certified or certifiable multi-level security of user-isolation at a level exceeding Class E4 of the Information Technology Security Evaluation Criteria (ITSEC) or equivalent in force at the commencement of these regulations;
(i) software designed or adapted for the purpose of demonstrating that the information security features referred to in para (h) provide a multi-level security or user-isolation function.