Pro-Code's premature death duly noted (CNET coverage)

   Pro-Code bill all but dead
   By Alex Lash
   June 19, 1997, 5 p.m. PT
   
   With the swiftness of a palace coup, one encryption bill has replaced
   its ideological rival as the center of the contentious debate over how
   much freedom Internet users should have in protecting their private
   correspondence.
   
   Just days after its introduction, the Secure Public Networks Act has
   passed a major hurdle and usurped center stage from the Pro-Code bill
   sponsored by Sen. Conrad Burns (R-Montana). The former seeks to impose
   domestic "key recovery" controls on encryption use, almost a complete
   turnaround from the Burns bill's aim to ban any federally mandated key
   recovery scheme either for domestic use or for exported software.
   
   Under such a system, the cryptographic keys used to decode encrypted
   information must be available by court order if a law enforcement
   agency needs to unscramble data in the investigation of a crime.
   
   Pro-Code supporters this week jeered at the new bill, sponsored by
   Senators John McCain (R-Arizona) and Bob Kerrey (D-Nebraska). The
   industry association Software Publishers Association called it "dead
   on arrival." It was dead wrong. (See related story)
   
   The McCain-Kerrey bill passed on a voice vote today more or less
   intact, all but replacing Pro-Code as the main encryption bill in the
   Senate. Burns's press secretary, Matt Raymond, admitted that Pro-Code
   is going nowhere, even after it was hastily amended to provide a
   compromise alternative to McCain-Kerrey.
   
   "We don't see this, however, as the end of the goals contained in
   Pro-Code," Raymond said.
   
   Given today's last minute amendment, it is unclear what those goals
   have become. Part of the amendment required key recovery in any
   exported product over 56 bits, no different from the administration's
   current regulations that Pro-Code once sought to overturn. The amended
   Pro-Code was nonetheless voted down 12-8.
   
   One observer of today's proceedings who asked not to be identified
   underlined how quickly the terms of the debate have changed. "Burns
   knew he wasn't going to win this one," the obesrver said.
   
   Burns and his supporters hope to have more opportunities to tinker
   with the McCain-Kerrey legislation, which mandates key recovery for
   encryption purchased by the government and for public networks even
   partially funded by the government. It would also make electronic
   commerce difficult for users who refuse to register their encryption
   keys with a key recovery agent.
   
   McCain-Kerrey will most likely head to the Senate Judiciary Committee,
   where chairman Orrin Hatch (R-Utah) has put encryption hearings on the
   agenda. There is also talk of the bill going to the Intelligence
   Committee.
   
   "If it ends up on Senate floor, it's very unlikely that it'll look
   like it does today," said SPA chief technologist Lauren Hall. The SPA
   had lobbied hard for Pro-Code and will now focus its efforts on key
   senators and on promoting the SAFE Act, a House bill that, like the
   previous Pro-Code, seeks to ban most export restrictions.
   
   McCain-Kerrey has gone through some changes already. Sen. John Kerry
   (D-Massachusetts) added language to create an advisory board where
   software companies could complain that foreign products without key
   recovery were posing a threat to the competitiveness of American
   software firms. The board would consist of four industry
   representatives, the Commerce Department secretary, and
   representatives from the National Security Agency, the FBI, and the
   CIA.
   
   The SPA's Hall questioned how such a board will help counteract
   foreign products as they hit the market: "It puts industry in position
   of having to ask to do business overseas. That's not the best way to
   preserve American competitiveness. How likely is it that a foreign
   competitor will call up an American company and say, 'Hey, we're about
   to release a competing product?'"
   
   Sen. Bill Frist (R-Tennessee) successfully introduced four amendments
   that require the following:
   
     The process of getting a subpoena to obtain private keys must be as
   stringent as obtaining any other type of subpoena.
   
     Government communications systems must operate with key recovery.
   
     The National Institute of Science and Technology and the Justice and
   Defense departments must publish a reference implementation plan for
   key recovery systems, as well as a definition of key recovery.
   
    related news stories
    • New crypto bill clears committee June 19, 1997
    • Group cracks 56-bit encryption June 18, 1997
    • Crypto foes have day in court June 18, 1997
    • Group sues for crypto czar records June 18, 1997
    • Eudora stays private with PGP June 17, 1997
    • Crypto bill seeks domestic rules June 17, 1997
   
   Copyright ©1995-97 CNET, Inc. All rights reserved.