{ "id": "RL30836", "type": "CRS Report", "typeId": "REPORTS", "number": "RL30836", "active": false, "source": "EveryCRSReport.com", "versions": [ { "source": "EveryCRSReport.com", "id": 102062, "date": "2001-01-22", "retrieved": "2016-05-24T20:29:00.345941", "title": "Encryption Technology: the Debate in the 105th and 106th Congresses", "summary": "The controversy over encryption throughout the 1990s concerned what access the government\nshould have to encrypted stored computer data or electronic communications (voice and data, wired\nand wireless) for law enforcement and national security purposes. \n Encryption and decryption are methods of using cryptography to protect the confidentiality of\ndata and communications. When encrypted, a message can only be understood by someone with the\nkey to decrypt it. Businesses and consumers want strong encryption products to protect their\ninformation, while the Clinton Administration wanted to ensure the law enforcement community's\nability to monitor undesirable activity in the digital age. \n Until 1998, the Clinton Administration promoted the use of strong encryption (greater than 56\nbits) here and abroad, only if it had \"key recovery\" features where a \"key recovery agent\" holds a\n\"spare key\" to decrypt the information. The Administration wanted key recovery agents to make the\ndecryption key available to authorized federal and state government entities. Privacy advocates\nargued that law enforcement entities would have too much access to private information. Under this\npolicy, the Administration attempted to use the export control process to influence companies to\ndevelop key recovery encryption products by making it easy to export products with key recovery,\nand difficult for those products without. There were no limits on domestic use or import of any type\nof encryption, so the Administration tried to influence what was available for domestic use through\nexport controls since most companies do not want to incur the costs of creating two versions of the\nsame product--one for U.S. use and another for export. U.S. companies argued that U.S. export\npolicies hurt their market share while helping foreign companies not subject to export restrictions.\nWhile many businesses and consumer groups agreed that key recovery is desirable when keys are lost,\nstolen, or corrupted, they wanted market forces to drive the development of key recovery encryption\nproducts. They also objected to government having any role in determining who can hold the keys.\n Although a general consensus emerged that encryption is essential to the growth of electronic\ncommerce and use of the Internet, opposition to the Clinton Administration's policy grew as industry\nand privacy rights groups lobbied Congress to loosen export controls. In the 106th Congress,\nlegislation was introduced intended to foster widespread use of the strongest encryption\n( H.R. 850 , S. 798 ). While the Administration continued to\noppose that legislation, H.R. 850 was marked up by five Committees, resulting in widely\nvarying and, in places, contradictory, provisions.\n In September 1999, the Clinton Administration announced plans to relax its encryption export\npolicy by allowing unlimited key length (with some exceptions) without key recovery, and reducing\nreporting requirements. The rules for implementing that policy were issued by the Department of\nCommerce in January 2000. While the new policy appears to have satisfied industry interests, privacy\nrights groups continue to express concerns about government surveillance.", "type": "CRS Report", "typeId": "REPORTS", "active": false, "formats": [ { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/RL30836", "sha1": "81fc17e04a91ab63cf62511ffa9976b787a878a8", "filename": "files/20010122_RL30836_81fc17e04a91ab63cf62511ffa9976b787a878a8.pdf", "images": null }, { "format": "HTML", "filename": "files/20010122_RL30836_81fc17e04a91ab63cf62511ffa9976b787a878a8.html" } ], "topics": [] } ], "topics": [ "Foreign Affairs", "Intelligence and National Security" ] }