Summary: Security and Freedom through Encryption (SAFE) Act in 106th Congress.

Summary of Encryption Bills
in the 106th Congress

This page summarizes the following bills:

HR 850, the Security and Freedom through Encryption (SAFE) Act (Goodlatte).
S 798, the Promote Reliable On Line Transactions to Encourage Commerce and Trade (PROTECT) Act (McCain).
S 854, the Electronic Rights for the 21st Century Act (Leahy).
HR 2616, the Encryption for the National Interest Act (Goss).

HR 850, the Security and Freedom through Encryption (SAFE) Act.

This page was last updated on November 12, 1999.

Sponsors. Rep. Bob Goodlatte (R-VA) (web site | bio), Rep. Zoe Lofgren (D-CA) (web site | bio), and over 250 others. See, list of original cosponsors.

Summary. HR 850 IH provides that people in the United States can use any kind of encryption. It also provides that any person in the U.S. may sell in interstate commerce any encryption product. Moreover, the government cannot mandate any kind of key escrow.

However, the bulk of the seventeen page bill deals with the export of encryption products. Section 3 of the bill would amend the Export Administration Act of 1979 in many ways. First, it would place all encryption products, except those specifically designed or modified for military use, under the jurisdiction of the Secretary of Commerce.

Second, it would provide that after a one-time, 15-day technical review by the Secretary, no export license may be required for generally available encryption software and hardware products, generally available products containing encryption, generally available products with encryption capabilities, technical assistance and data used to install or maintain generally available encryption products, products containing encryption, and products with encryption capabilities, and encryption products not used for confidentiality purposes.

Third, it would provide that after a one-time, 15-day technical review by the Secretary, the Secretary shall allow the export of custom-designed encryption products and custom-designed products with encryption capabilities if those products are permitted for use by banks or if comparable products are commercially available outside the U.S.

Fourth, it would provide that encryption products that do not require an export license as of the date of enactment of the bill would not require an export license on or after that date.

Finally, the bill provides that nothing in the bill would limit the authority of the President to prohibit the export of encryption products to terrorist nations or nations that have been determined to repeatedly support acts of international terrorism, or to impose an embargo on exports to and imports from a specific country. The bill would also allow the Secretary of Commerce to prohibit the export of specific encryption products to specific individuals or organizations in specific foreign countries, if the Secretary determines that there is substantial evidence that such products will be used for military or terrorist purposes.

See also, Sponsors' Summary.

Status. HR 850 was re-introduced on February 25, 1999. The House Courts and Intellectual Property Subcommittee approved it on March 4. The House Judiciciary Committee approved it on March 24. All other committees with jurisdiction have passed some version of HR 850.

Legislative History with Links to Related Materials.

2/25/99. HR 850 IH introduced in the House.
2/25/99. The lead sponsors held a press conference to announce the re-introduction of the SAFE Act. See also:
• Statement of Rep. Goodlatte.
• TLJ Story.
2/25/99. HR 850 referred to the House Judiciary Committee (jurisdiction over Section 2, regarding domestic use and sale of encryption) and the House International Relations Committee (jurisdiction over Section 3, regarding export of encryption products).
3/3/99. HR 850 referred to the House Judiciary Committee's Subcommittee on Courts and Intellectual Property.
3/4/99. The Courts and Intellectual Property held a hearing on HR 850.
3/11/99. The Courts and Intellectual Property Subcommittee approved HR 850.
3/24/99. The House Judiciary Committee approved HR 850 by unanimous voice vote without amendment. See also:
• Statement by Rep. Lofgren in support.
• Statement by Rep. Goodlatte in support.
• Statement by Rep. McCollum in opposition.
• Proposed amendment offered by Rep. McCollum. (Ruled not germane.)
• Statement by Rep. McCollum in support of amendment.
• TLJ story.
4/27/99. The House Judiciary Committee issued its Report, H. Rept. 106-117.
4/27/99. HR 850 referred jointly and sequentially to the House Committee on Armed Services, House Committee on Commerce, and the House Committee on Intelligence (Permanent Select), for periods ending not later than July 2, 1999 for consideration of such provisions of the bill as fall within the jurisdiction of those committees.
5/18/99. The House International Economic Policy and Trade Subcommittee held a hearing on HR 850. See also:
• Statement of Rep. Benjamin Gilman.
• Statement of William Reinsch (DOC).
• Statement of Ronald Lee (DOJ).
• TLJ story.
5/25/99. The House Commerce Committee's Telecommunications Subcommittee held a hearing on HR 850. See also:
• Statement by Rep. Tom Bliley.
• Statement by Rep. John Dingell.
• Statement by Rep. Billy Tauzin.
• Statement by Rep. Ed Markey.
• TLJ story.
5/26/99. Four Democrats on the House Armed Services Committee, Patrick Kennedy (D-RI), Loretta Sanchez (D-CA), Adam Smith (D-WA), and Ellen Tauscher (D-CA), circulated a Dear Colleague letter in support of HR 850.
5/29/99. Statement by Rep. Patrick Kennedy (D-RI) in support of HR 850.
6/2/99. Rep. Goodlatte addressed a Networks Associates convention on HR 850. See, TLJ story and copy of address.
6/9/99. The House Select Intelligence Committee held a hearing on HR 850. See:
• Statement by Rep. Porter Goss.
• Statement by Rep. Julian Dixon.
• Testimony of Rep. Bob Goodlatte.
• TLJ story.
6/16/99. The House Commerce Committee, Telecom Subcommittee, marked up and adopted the HR 850. See:
• Tauzin's Amendment in the Nature of a Substitute (AINS). (Adopted.)
• Wilson Amendment 1a to the AINS. (Adopted.)
• Oxley's Amendment 1b to the AINS. (Adopted.)
• Stearns Amendment 1c to the AINS. (Defeated.)
• Stearns Amendment 1d to the AINS. (Defeated.)
• TLJ Story.
6/23/99. HR 850 marked up by the House Commerce Committee.
7/3/99. HR 850 reported by the House Commerce Committee.
7/13/99. HR 850 marked up by the International Relations Committee.
7/19/99. HR 850 reported by the International Relations Committee. See H. Rept. 106-117, Part III.
7/21/99. HR 850 marked up by the Armed Services Committee.
7/23/99. HR 850 reported by the Armed Services Committee. See, H. Rept. 106-117, Part IV.

S 798, the Promote Reliable On Line Transactions to Encourage Commerce and Trade (PROTECT) Act.

Sponsor. Sen. John McCain (R-AZ). Cosponsors. Conrad Burns (R-MT), Patrick Leahy (D-VT), Ron Wyden (R-OR), Spencer Abraham (R-MI), John Kerry (D-MA), Russ Feingold (D-WI).

Summary. S 798 IS is a 34 page bill covering use and export of encryption products. It contains strong guarantees of rights to use encryption domestically. It includes very similar language to HR 850 on domestic use. It also liberalizes export restraints, but not nearly as much as HR 850.

Table of Contents of the PROTECT Act

Sec. 1. Short Title.
Sec. 2. Purposes.
Sec. 3. Findings.
Sec. 4. Definitions.
Title I - Domestic Encryption Provisions.
Sec. 101. Development and Deployment of Encryption a Voluntary Private Sector Activity.
Sec. 102. Sale and Use of Encryption Lawful.
Sec. 103. Mandatory government access to plaintext prohibited.
Title II - Government Procurement.
Sec. 201. Policy.
Sec. 202. Federal Purchases of Encryption Products.
Title III - Advanced Encryption Standard.
Sec. 301. Deadline for Final Selection of Algorithm or Algorithms by NIST.
Sec. 302. Commerce Department Encryption Standards and Exports Authority Restricted.
Title IV - Improvement of Governmental Technological Capability.
Sec. 401. Information Technology Laboratory.
Sec. 402. Advisory Board on Computer System Security and Privacy.
Sec. 403. Authorization of Appropriations.
Title V - Export of Encryption Products.
Sec. 501. Commercial Encryption Products.
Sec. 502. Presidential Authority.
Sec. 503. Exportation of Encryption Products with not more than 64-bit Key Length.
Sec. 504. Exportability of Certain Encryption Products Under a License Exception.
Sec. 505. Exportability of Encryption Products Employing a Key Length Greater Than 64 Bits.
Sec. 506. Exportability of Encryption Products Employing AES or its Equivilent.
Sec. 507. Elimination of Reporting Requirements.

Status. This bill was introduced on April 14, 1999. The Senate Commerce Committee held a hearing on June 10, but no other action has been taken.

Legislative History with Links to Related Materials.

3/31/99. Sen. John McCain issued a press release which stated that he would introduce an encryption bill. See also, TLJ story.
4/14/99. S 798 IS introduced in the Senate. See also:
• Statement of Sen. McCain.
• Statement of Sen. Burns.
• TLJ story.
4/14/99. S 798 referred to the Senate Commerce Committee.
4/15/99. Statement by Sen. McCain published in the Congressional Record.
6/10/99. Hearing on S 798 before the Senate Commerce Committee. See also:
• Statement by Sen. Burns.
• Statement by Sen. Ashcroft.
• Statement by Sen. John Kerry.
• Testimony of Rep. Goodlatte.
• TLJ story.
6/23/99. S 798 approved by Senate Commerce Committee.

S 854, the Electronic Rights for the 21st Century Act.

Sponsor. Sen. Patrick Leahy (D-VT).

Summary. S 854 IS is a huge bill which deals with encryption, and a myriad of other privacy related topics. Title II of the bill covers encryption. This bill contains several provisions that are very similar to the SAFE Act, HR 850.

First, S 854 IS garuntees the right of Americans to use encryption: Sec. 201(a) provides:

"It shall be lawful for any person within the United States, and for any United States person in a foreign country, to use, develop, manufacture, sell, distribute, or import any encryption product, regardless of the encryption algorithm selected, encryption key length chosen, existence of key recovery or other plaintext access capability, or implementation or medium used."

While the list of verbs includes "use, develop, manufacture, sell," and so forth, one verb is left out: export. Much of HR 850 IH deals with export of encryption products. S 854 IS is silent on export restraints.

S 854 IS also prohibits the federal government from mandating key escow or key recovery. (Sec. 201(b).) HR 850 IH also prohibits the states from doing this.

S 854 IS also contains a long section dealing with assistance to law enforcement.

Status. This bill was introduced on April 21, 1999. No action has been taken.

Legislative History with Links to Related Materials.

4/21/99. S 854 IS introduced in the Senate.
4/21/99. S 854 referred to the Senate Judiciary Committee.

HR 2616, the Encryption for the National Interest Act.

Sponsor. Rep. Porter Goss (R-FL). Original Cosponsors. Julian Dixon (D-CA), Jerry Lewis (R-CA), Michael Castle (R-DE), Sherwood Boehlert (R-NY), Charles Bass (R-NH), Jim Gibbons (R-NV), Ray LaHood (R-IL), Heather Wilson (R-NM), Sanford Bishop (D-GA), Norman Sisisky (D-VA), Gary Condit (D-CA), Alcee Hasting (D-FL), Benjamin Gilman (R-NY), Mike Oxley (R-OH), Cliff Stearns (R-FL).

Summary. This is a bill which is sponsored by, and reflects the views of, Representatives who oppose efforts to liberalize encryption export restraints, and guarantee Americans encryption rights. It is vastly different from HR 850.

On its face, there is some language in the bill that encryption proponents would appreciate. For example, on the domestic use issue, Section 102 provides: "Except as otherwise provided by this Act or otherwise provided by law, it shall be lawful for any person within any State and for any United States person to use any encryption product, regardless of encryption algorithm selected, encryption bit length chosen, or implementation technique or medium used."

However, what is important is what is missing. There is no language providing that it is lawful to produce, transfer, or sell any encryption products. Nor is there any requirement that any government systems be interoperable with encryption products that lack key escrow, backdoor access, or some access to the plaintext of encrypted data.

Another aspect of the bill is that it lacks any express requirement that encryption products provide for key escrow or backdoor access. However, the bill leaves the government plenty of opportunity to assure that most encryption products actually used will provide for government access to the plaintext of encrypted data.

For example, Section 201 and Section 203 provide that the government may require government agencies and those who do business with the government to allow backdoor access. It provides: "The President may require as a condition of any contract by the Government with a private sector vendor that any encryption product used by the vendor in carrying out the provisions of the contract with the Government include features and functions that enable the timely decryption of encrypted data, including communications, or timely access to plaintext, by an authorized party without the knowledge or cooperation of the person using such encryption products or services."

Also, nothing in the bill prevents the government from using software products that are not interoperable with software products that lack government backdoor access. This enables government agencies to deprive people from interacting with the government online if they do not use software products that provide access to plaintext.

The argument that proponents of encryption rights have advanced at Congressional hearings on HR 850 and S 798 is this. Americans will eventually need to interact online with both the government and entities that do business with the government. If they cannot do so with software products that do not allow access to plaintext, they will choose products that allow access. These products will become the industry standard. And the government will have achieved its goal of getting backdoor access, without a bill that actually mandates it.

Moreover, much of the bill deals with procedures to be followed by the government to gain access to plaintext or decryption information. (A court order is required.) Of course, this presumes that Americans will be using encryption products that allow access to plaintext. That is, that the government will succeed in compelling the widespread use of products that allow backdoor access.

The bill also addresses at length encryption export restraints. It lacks the relief provided by HR 850, or even that contained in S 798.

Finally, civil rights groups will take exception to a provision in the bill criminalizing certain uses of encryption. The new Section 2801 makes it a crime for "Whoever knowingly uses encryption in furtherance of the commission of a criminal offense for which the person may be prosecuted in a district court of the United States". The maximum penalty for the first offense is five years.

This is very broad. First, the furtherance offense can be any federal offense, no matter how minor. Administration officials who have testified before Congressional committees have repeatedly claimed that their concerns are terrorists, drug lords, and pedophiles. The bill does not limit its criminal sanctions to the use of encryption in connection with terrorism, drug dealing, or sex crimes.

Second, one need not be convicted of the furtherance offense (or even charged). Indeed, one need not even meet all of the elements of any other criminal offense. It need only be "in furtherance of the commission".

Status. This bill was introduced on July 27, 1999.

Legislative History with Links to Related Materials.

7/27/99. HR 2616 IH introduced in the House.
7/27/99. HR 2616 referred to the Committee on the Judiciary, and in addition to the Committees on International Relations, and Government Reform.

Tech Law Journal Stories, 1999

Boucher and Goodlatte Criticize British Key Escrow Proposals, 2/18/99.
Encryption Bill Reintroduced in the House, 2/25/99.
House Judiciary Committee Approves SAFE Act, 3/25/99.
Sen. McCain Announces Plans to Introduce Encryption Bill, 4/1/99.
Sen. McCain Introduces Encryption Bill, 4/15/99.
9th Circuit Rules Encryption Export Regs Violate 1st Amendment, 5/10/99.
House Subcommittee Criticizes Administration Opposition to SAFE Act, 5//99.
House Telecom Subcommittee Holds Hearing on SAFE Act, 5/26/99.
Goodlatte Promotes SAFE Act at Network Associates Conference, 6/2/99.
House Intelligence Committee Holds Hearing on SAFE Act, 6/10/99.
Group Releases International Survey of Encryption Policies, 6/10/99.
Senate Commerce Committee Holds Hearing on PROTECT Act, 6/11/99.
House Telecom Subcommittee Approves SAFE Act, 6/17/99.
DOJ Files Petition for Rehearing En Banc in Bernstein Case, 6/22/99.
Rush Limbaugh Criticizes Administration Encryption Policy, 6/23/99.
Gephardt, Lofgren and Eshoo Write Clinton on Encryption Bill, 9/14/99.
PM Tony Blair Promises No Government Mandated Key Escrow, 9/13/99.
Clinton Administration Talks Encryption, 9/17/99.
Reaction to the Clinton Administration Encryption Policy Proposals, 9/17/99
Administration Addresses Encryption Reform Proposal, 9/29/99.
Rep. Weldon Criticizes Administration's Encryption Proposal, 9/29/99.
Rep. Lofgren Calls for SAFE Act to be Held in Abeyance, 10/6/99.
Representatives Caution Clinton About Encryption Export Regs, 11/12/99.
Lofgren Seeks Revisions to Draft Encryption Export Regulations, 12/8/99.
Administration Delays Encryption Export Regulations. (12/14/99)