Summary: S.2067 — 105th Congress (1997-1998)All Information (Except Text)

There is one summary for S.2067. Bill summaries are authored by CRS.

Shown Here:
Introduced in Senate (05/12/1998)

TABLE OF CONTENTS:

Title I: Privacy Protection for Communications and

Electronic Information

Title II: Law Enforcement Assistance

Title III: Exports of Encryption Products

Encryption Protects the Rights of Individuals from Violation and Abuse in CYberspace (E-PRIVACY) Act - Title I: Privacy Protection for Communications and Electronic Information - Prohibits any person within the United States, and any U.S person in a foreign country, from using, developing, manufacturing, selling, distributing, or importing any encryption product, except as provided by this Act.

Prohibits any U.S. agency or State from requiring, compelling, setting standards for, or conditioning any approval or the receipt of any benefit on, a requirement that a decryption key, access to a decryption key, key recovery information, or other plaintext access capability be: (1) given to any other person, including any U.S. or State agency, or any private sector entity; or (2) retained by any person using encryption.

Prohibits any U.S. agency from requiring any person who is not an employee or agent of the United States or a State from using any key recovery or other plaintext access features for communicating or transacting business with any U.S. agency.

Makes such prohibitions inapplicable to encryption used solely for the internal operations and telecommunications systems of the United States or a State.

Directs that the use, development, manufacture, sale, distribution, and import of encryption products, standards, and services for purposes of assuring the confidentiality, authenticity, or integrity or access control of electronic information be voluntary and market driven.

Prohibits any U.S. or State agency from establishing any condition, tie, or link between encryption products, standards, and services used for confidentiality and those used for authentication, integrity, or access control purposes.

(Sec. 102) Authorizes a U.S. agency to purchase encryption products for: (1) the internal operations and telecommunications systems of the agency; or (2) use by, among, and between that agency and any other U.S. agency, and its employees or contractors.

Prohibits the United States from purchasing any encryption product with a key recovery or other plaintext access feature that would interfere with use of the product's full encryption capabilities when interoperating with other commercial encryption products.

(Sec. 103) Amends the Federal criminal code to authorize a governmental entity to require the disclosure of the contents of an electronic record in networked electronic storage: (1) by a provider of a remote computing service only if the person who created the record is accorded the same protections that would be available if the record had remained in that person's possession; and (2) only pursuant to a warrant or subpoena issued under the Federal Rules of Criminal Procedure or equivalent State warrant (subject to specified requirements), or upon the consent of the person who created the record.

(Sec. 104) Requires a provider of mobile electronic communication service to provide to a governmental entity information generated by and disclosing, on a real time basis, the physical location of a subscriber's equipment only if the governmental entity obtains a court order issued upon a finding that there is probable cause to believe that an individual using or possessing the subscriber equipment is committing, has committed, or is about to commit a felony offense.

(Sec. 105) Authorizes the court to enter an ex parte order: (1) authorizing the installation and use of a pen register or a trap and trace device within the court's jurisdiction if the court finds, based on the certification by the attorney for the Government or the State law enforcement or investigative officer, that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation; and (2) directing that the use of the pen register or trap and trace device be conducted in such a way as to minimize the recording or decoding of any electronic or other impulses that are not related to the dialing and signaling information utilized in call processing.

Title II: Law Enforcement Assistance - Prohibits and sets penalties for knowingly and willfully, during the commission of a Federal felony, encrypting any incriminating communication or information relating to that felony with intent to conceal it to avoid detection by a law enforcement agency or prosecutor.

Requires that an order authorizing the interception of a wire or electronic communication in criminal investigations and in foreign intelligence investigations, upon request of the applicant, direct that a provider of wire or electronic communication service furnish the applicant with the necessary decryption assistance, if the court finds that such assistance is necessary, subject to specified requirements.

Prohibits: (1) persons possessing information capable of decrypting a wire or electronic communication of another person from disclosing that information or providing decryption assistance to an investigative or law enforcement officer, other than pursuant to an order under this Act; (2) disclosing a decryption key or providing decryption assistance pertaining to the contents of stored electronic communications or records to a governmental entity, with exceptions (and authorizes a delay in service of the copy of the warrant or subpoena on the person who created the communication under specified circumstances); and (3) any investigative or law enforcement officer from releasing a decryption key to a foreign government or to a law enforcement agency of a foreign government, or providing decryption assistance to such government or agency unless specified conditions are met.

Establishes in the Department of Justice a National Electronic Technologies Center. Authorizes appropriations.

Title III: Exports of Encryption Products - Grants the Secretary of Commerce exclusive authority to control exports of encryption products.

(Sec. 302) Specifies that an encryption product that is generally available, or incorporates or employs in any form, implementation, or medium an encryption product that is generally available, shall be exportable without the need for an export license and without restrictions, other than those permitted under this Act, after a one-time 15-day technical review by the Secretary.

Authorizes the manufacturer or exporter of an encryption product to request written assurance from the Secretary that an encryption product is considered generally available for such purposes. Directs the Secretary to make a determination whether to issue a written assurance within 30 days after receiving a request and notify the requester. Specifies that a manufacturer or exporter who obtains such assurance shall not be held liable, responsible, or subject to sanctions for failing to obtain an export license for the encryption product at issue.

(Sec. 303) Provides that any product that does not itself provide encryption capabilities, but that incorporates or employs cryptographic application programming interfaces, shall be exportable without the need for an export license and without restrictions, other than those permitted under this Act, after a one-time, 15-day technical review by the Secretary.

(Sec. 304) Specifies that: (1) technical assistance and technical data associated with the installation and maintenance of encryption products covered by sections 302 (license exception for mass market products) and 303 (license exception for products without encryption capable of working with encryption products) shall be exportable without the need for an export license and without restrictions, other than those permitted under this Act; and (2) an encryption product not qualifying under section 302 shall be exportable without the need for an export license and without restrictions, other than those permitted under this Act, after a one-time 15-day technical review by the Secretary, if an encryption product utilizing the same or greater key length or otherwise providing comparable security to such product, is, or will be within the next 18 months, commercially available outside the United States from a foreign supplier.

Establishes the Encryption Export Advisory Board. Sets forth provisions regarding the Secretary's approval or disapproval of determinations by the Board and judicial review. Specifies that a product that incorporates or employs a foreign product, in the way it was intended to be used and that the Board has determined to be commercially available outside the United States, shall be exportable without the need for an export license and without restrictions other than those permitted under this Act, after a one-time 15-day technical review by the Secretary.

(Sec. 306) Prohibits the Government from restricting the export of encryption products used for nonconfidentiality purposes. Specifies that those encryption products previously decontrolled and not requiring an export license as of January 1, 1998, as a result of administrative decision or rulemaking, shall not require an export license.

(Sec. 307) Provides that nothing in this Act shall be construed to limit the President's authority under specified Acts to: (1) prohibit the export of encryption products to countries that have been determined to repeatedly provide support for acts of international terrorism; or (2) impose an embargo on exports to, and imports from, a specific country.

Directs the Secretary to: (1) prohibit the export of particular encryption products to an individual or organization in a specific foreign country identified by the Secretary if the Secretary determines that there is substantial evidence that such encryption products will be used for military or terrorist end-use; and (2) identify foreign barriers to exports of U.S. encryption products, initiate appropriate actions to address such barriers and report to the Congress on actions taken under this section.