|
<<
^
>>
Date: 1998-05-13
E-Privacy: Neuer U.S. Gesetzesvorschlag
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
q/depesche 98.5.13.1
E-Privacy: Neuer U.S. Gesetzesvorschlag
Pro starke Crypto, ausserdem Export/erleichterung für Crypto/soft/ware,
mehr Abhörsicherheit fürs GSM. Das Center for Democracy and Technology
applaudiert dem Gesetzentwurf der einschlägig bekannten Senatoren Ashcroft
(R) und Leahy (D).
(1) SENATORS INTRODUCE PRO-PRIVACY ENCRYPTION BILL, IN STARK CONTRAST TO
ADMINISTRATION POSITION
A new weapon in the arsenal against misguided U.S. encryption policy
arrives today as Sens. John Ashcroft (R-Mo.) and Patrick J. Leahy (D-Vt.)
introduce their new encryption bill , which lays out a pro-privacy
approach
to computer security that contrasts starkly with the Clinton
Administration's approach. The new bill, the E-PRIVACY Act, protects the
privacy of all Americans by:
** protecting the domestic use of strong encryption without "key
recovery" back doors for government eavesdropping;
** easing export controls to allow U.S. companies to sell their
encryption products overseas;
** strengthening protections from government access to decryption keys;
and
** creating unprecedented new protections for data stored in networks
and
cell phone location information.
A section-by-section analysis of the bill is available online at
http://www.cdt.org/crypto
CDT is concerned about several features in the E-PRIVACY Act that create
new threats to privacy online. The bill establishes a new research center
to assist federal, state and local police in dealing with encrypted data.
The bill also makes it a crime to use encryption to obstruct justice.
Implementing these provisions will require intensive oversight and public
comment.
Overall, the E-PRIVACY Act presents a strong pro-privacy approach to the
encryption issue, in marked contrast to the export controls and mandatory
backdoors embraced by the Clinton Administration. The bill makes more
encryption, more accessible, to many more people. It also creates new
privacy protections for data stored on networks - protections that will
become increasingly important as more people go online.
Major provisions of the new bill would:
*** Prevent the federal government from requiring back door access to
encrypted communications and files:
The bill reaffirms the right to use strong encryption domestically
without the 'key recovery' back doors supported by the Administration. It
also prohibits the federal government from creating regulations or
standards designed to coerce public use of key recovery. To further limit
the government's ability to force people to use key recovery, the bill
requires that government key recovery systems be interoperable with
non-key-recovery systems.
*** Ease export restrictions:
The E-PRIVACY Act would remove most export controls on generally
available and mass market encryption software and hardware. PGP, or
128-bit
Netscape and Internet Explorer, would be readily exportable to all but a
handful of countries. Custom encryption products would be exportable to
countries where comparable products are commercially available.
*** Establish privacy protections for encryption keys entrusted to third
parties:
Today, a decryption key entrusted to a third party receives little
protection. Such keys can be demanded by the federal government with a
mere
subpoena, without the supervision of a judge or any notice to the key's
owner. The bill would give decryption keys in the hands of third parties
the same protections they would have if they were retained by the key
owners. Such keys could only be retrieved by the government with a
"probable cause" court order, or with a subpoena served on the key owner
with a meaningful opportunity for the key owner to challenge it. This
provision could prove extremely important if encryption users voluntarily
choose to use key recovery, as many are expected to do.
*** Strengthen privacy protections for data stored in networks:
In the future world of networked computing people will increasingly
store sensitive data outside of their homes. Under current law, data
stored
on computer networks outside of a person's possession may receive limited
privacy protections. This data may be accessible to government officials
without the owner's knowledge and without supervision by the courts. The
E-PRIVACY Act would create new standards protecting networked data as if
it
were stored in an individual's possession. The act would require a court
order based upon probable cause, or a subpoena that the information's
owner
has a meaningful opportunity to challenge.
*** Strengthen privacy protections for cellular phone location
information
and other data:
The bill would also strengthen protections for cellular phone
location
information,requiring a court order based upon probable cause before
sensitive physical location data could be turned over to the government.
The bill also gives judges more authority in reviewing government
requests
to install "trap and trace devices" and "pen registers," commonly used
surveillance devices that record revealing data about a person's telephone
usage.
The new bill also contains provisions designed to address law enforcement
concerns with encryption. An "obstruction of justice" encryption crime is
included, similar to the narrow provision found in the House SAFE bill.
The
bill also establishes a new "Net Center" designed to improve federal,
state, and local resources for dealing with encryption. CDT believes that
both of these provisions are cause for concern and their implementation
will need to be closely monitored to ensure that they do not create new
burdens on the privacy of individuals using encryption.
CDT applauds Senators Ashcroft, Leahy, Burns, Boxer, and the bill's other
cosponsors for their forward-looking view of privacy and security online.
The E-PRIVACY Act represents a milestone in the hard-fought congressional
debate on encryption. While the Administration and some in the Senate have
continued to push for key recovery, the bill presents a diametrically
opposed approach, giving individuals and companies the technical tools and
legal protections needed to protect their security. On balance, the
E-PRIVACY Act would be a major step forward for individual privacy in the
Information Age.
More information about the encryption issue is available at CDT's Web
site,
at http://www.cdt.org/crypto If you're interested in becoming more
involved
in the encryption debate, please visit CDT's "Adopt Your Legislator"
campaign at: http://www.crypto.com
====================================
TIP
Starke Crypto
Download free PGP 5.5.3i (Win95/NT & Mac)
http://keyserver.ad.or.at/pgp/download/
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by Harkank
published on: 1998-05-13
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<
^
>>
|
|
|
|