title: Oh say can't you see

Oh say can't you see.

A little over a week ago a subcommittee of the House Judiciary Committee unanimously approved the "Security and Freedom Through Encryption (SAFE) Act" (http://www.cdt.org/crypto/legis_105/SAFE/hr695_text.html) This bill, if it were to become law, would significantly change the potential for the widespread use of effective encryption technologies on the Internet.

This bill would guarantee the right for all "United States persons" (citizens, resident or resident in a foreign country "owned or controlled" by a citizen or resident) to use and sell any and all encryption technologies (modulo patent rights and the like, I assume). It would also prohibit any state or federal law from requiring the use of key escrow. In addition, it enables the export of encryption hardware as long as hardware of similar capability is available outside the US. The bill permits the exportation of encryption software if it is "generally available" (i.e. for sale to all comers), is of capability similar to that which can already be sold to non-US banks, and is not likely to be diverted to military or terrorist use, or might be reexported from the foreign country without a US OK. Finally the bill would impose a quite harsh penalty for the use of encryption "in the furtherance of a criminal act."

This is a good bill. A future defined by this bill would help provide a more level playing field for US companies in the world software and hardware markets than a future defined by the policies of the current administration. The unanimous approval by the subcommittee aside, there is opposition to the bill. The U.S. Department of Justice sent a letter to the subcommittee during its deliberations asking that the bill be rejected. The letter is more than a bit on the alarmist side: "we believe that the bill would severely compromise law enforcement's ability to protect the American people from the threats posed by terrorists, organized crime, child pornographers, drug cartels, financial predators, hostile foreign intelligence agents, and other criminals." The Department must be used to dealing with rather dumb "hostile foreign intelligence agents" if the agents are not already using encryption. They also seem to have a world view in which no one outside the US is smart enough to develop good encryption technology so if we don't sell it, it will not be available.

The current administration world view has had an effect. It has meant that companies like Microsoft have not put good encryption technology into their domestic products as a part of the basic operating system. This does mean that when a computer is seized during a criminal investigation it is less likely that the files on it will be encrypted and thus it is more likely that information can be extracted from the disks that could be of assistance in prosecuting a criminal case. But the current policy has made it very hard indeed for US companies to sell their products outside the US wherever they compete against products that include good, unencumbered, encryption support and it has weakened the security of the Internet. This bill is a step in the right direction.

disclaimer: Some Harvard professors have been accused of sounding like the output of an encryption program but the above are my own opinions.