IN THE SENATE OF THE UNITED STATES Mr. BURNS (for himself, Mr. PRESSLER, Mr. LEAHY, Mr. DOLE, Mr.FAIRCLOTH, Mrs. MURRAY, Mr. McCAIN, Mr. WYDEN, Mr. ASHCROFT and Mr. NICKLES) introduced the following bill which was read twice and referred to the Committee on Commerce, Science and Transportation. A BILL To promote electronic commerce by facilitating the use of strong encryption, and for other purposes. Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled. SECTION 1. SHORT TITLE. This Act may be cited as the "Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act of 1996" SEC.2. FINDINGS; PURPOSE (a) FINDINGS. -- The Congress finds the following: (1) The ability to digitize information makes carrying out tremendous amounts of commerce and personal communication electronically possible. (2) Miniaturization, distributed computing, and reduced transmission costs make communication via electronic networks a reality. (3) The explosive growth in the Internet and other computer networks reflects the potential growth of electronic commerce and personal communication. (4) The Internet and the global information infrastructure have the potential to revolutionize the way individuals and businesses conduct business. (5) The full potential of the Internet for the conduct of business cannot be realized as long as it is an insecure medium in which confidential business information and sensitive personal information remains at risk of unauthorized viewing, alteration, and use. (6) Encryption of information enables busi- nesses and individuals to protect themselves against the unauthorized viewing, alteration, and use of information by employing widely understood and readily available science and technology to ensure the confidentiality, authenticity, and integrity of information. (7) In order to promote economic growth and meet the needs of businesses and individuals in the United States, a variety of encryption products and programs should be available to promote good, flexi- ble, and commercially acceptable encryption capab- ilities. (8) United States computer, computer software and hardware, communications and electronics businesses are leading the world technology revolution as those businesses have developed and are prepared to offer immediately to computer users worldwide a variety of communications and computers hardware and computer software that provide good, robust, and easy-to-use encryption. (9) United States businesses seek to market the products described in paragraph (8) in competition with scores of foreign businesses in many countries that offer similar, and frequently stronger, encryp- tion products and programs. (10) United States businesses have been discouraged from further developing and marketing products with encryption capabilities because of regulatory efforts by the Secretary of Commerce, acting through the National Institute Of Standards and Technology, to promulgate standards and guidelines in support of government-designed solutions to encryption problems that (A) were not developed in the private sector; and (B) have not received widespread commercial support. (11) Because of outdated Federal controls, United States businesses have been prohibited from exporting good encryption products and programs. (12) The Secretary of Commerce, acting through the National Institute of Standards and Technology on the part of the President has attempted to leverage the desire of United States businesses to sell commercial products to the United States Government, and sell a single product worldwide, to force the businesses to include features in products sold by the businesses in the United States and in foreign countries that will allow the Federal Government easy access to the plain text of all electronic information and communications. (13) Specifically, the Secretary of Commerce, acting through the National Institute of Standards and Technology, has proposed that United states businesses be allowed to sell products and programs offering good encryption to the United States Government, and in foreign countries only if the products and programs include a feature guaranteeing the Federal Government access to a key that decrypts information (hereafter in this section referred to as "key escrow encryption"). (14) The key escrow encryption approach to regulating encryption is reflected in the approval in 1994 by the National Institute of Standards and Technology of a Federal information processing standard for the "clipper chip", that was flawed and controversial. (15) The Federal Government - (A) has designed key escrow encryption to solve a perceived problem; and (B) has ignored the fact that - (i) there is no demonstrated commercial demand for features which give governments easy access to information; and (ii) numerous nonkey escrow encryption alternatives are available commercially from foreign suppliers and free of charge from the Internet. (16) In order to promote electronic commerce in the twenty-first century to realize the full potential of the Internet and other computer networks - (A) United States businesses should be encouraged to develop and market products and programs offering encryption capabilities; and (B) the Federal Government should be prohibited from promulgating regulations and adopting policies that discourage the use and sale of encryption. (b) PURPOSE - The purpose of this Act is to promote electronic commerce through the use of strong encryption by - (1) recognizing that businesses in the United States that offer computer hardware and computer software made in the United States that incorporate encryption technology are ready and immediately able, with respect to electronic information that will be essential to conducting business in the twenty-first century to - (A) protect the confidentiality of that information; and (B) ensure the authenticity and integrity of that information; (2) restricting the Department of Commerce with respect to the promulgation or enforcement of regulations, or the application of policies, that impose government- designed encryption standards; and (3) promoting the ability of United States businesses to sell to computer users worldwide computer software and computer hardware that provide the strong encryption demanded by such users by - (A) restricting Federal or State regulation of the sale of such products and programs in interstate commerce; (B) prohibiting mandatory key escrow encryption systems; and (C) establishing conditions for the sale of encryption products and programs in foreign commerce. SEC.3 DEFINITIONS. For purposes of this Act, the following definitions shall apply: (1) AS IS. - The term "as is" means, in the case of computer software (including computer software with encryption capabilities), a computer software program that is not designed, developed or tailored by a producer of computer software for specific users or purchasers, except that such terms may include computer software that - (A) is produced for purchasers that supply certain installation parameters needed by the computer software program to function properly with the computer systems of the purchaser; or (B) is customized by the purchaser by selecting from among options contained in the computer software program. (2) COMPUTING DEVICE. - The term "computing device" means a device that incorporates one or more microprocessor-based central processing units that are capable of accepting, storing, processing, or providing output of data. (3) COMPUTER HARDWARE. - The term "computer hardware", includes computer systems, equipment, application-specific assemblies, modules and integrated circuits. (4) DECRYPTION.- The term "decryption" means the unscrambling of wire or electronic communications or information using mathematical formulas, codes, or algorithms. (5) DECRYPTION KEY. - The term "decryption key" means the variable information used in a mathematical formula, code, or algorithm, or any component thereof, used to decrypt wire or electronic communications or information that has been encrypted. (6) DESIGNED FOR INSTALLATION BY THE USER OR PURCHASER. - The term "designed for installation by the user or purchaser" means, in the case of computer software (including computer software with encryption capabilities) computer software - (A) with respect to which the producer of that computer software - (i) intends for the user or purchaser (including any licensee or transferee), to install the computer software program on a computing device; and (ii) has supplied the necessary instructions to do so, except that the producer or distributor of the computer software program (or any agent of such producer or distributor) may also provide telephone help-line or onsite services for computer software installation, electronic transmission, or basic operations; and (B) that is designed for installation by the user or purchaser without further substantial support by the supplier. (7) ENCRYPTION. - The term "encryption" means the scrambling of wire or electronic communications or information using mathematical formulas, codes or algorithms in order to preserve the confidentiality, integrity, or authenticity of such communications or information and prevent unauthorized recipients from accessing or altering such communications. (8) GENERAL LICENSE. - The term "general license" means a general authorization that is applicable to a type of export that does not require an exporter of that type export to, as a condition to exporting - (A) submit a written application to the Secretary; or (B) receive prior written authorization by the Secretary. (9) GENERALLY AVAILABLE. - The term "generally available" means in the case of computer software (including software with encryption capabilities), computer software that - (A) is distributed via the Internet or that is widely offered for sale, license, or transfer (without regard to whether it is offered for consideration), including over-the-counter retail sales, mail order transactions, telephone orders transactions electronic distribution, or sale on approval; or (B) preloaded on computer hardware that is widely available. (10) INTERNET. - The term "Internet" means the international computer network of both Federal and non- Federal interconnected packet-switched data networks. (11) SECRETARY. - The term "Secretary" means the Secretary of Commerce. (12) STATE. - The term "State" means each of the several States of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States. SEC.4. RESTRICTION OF DEPARTMENT OF COMMERCE ENCRYPTION ACTIVITIES IMPOSING GOVERN- MENT ENCRYPTION SYSTEMS. (a) LIMITATION ON REGULATORY AUTHORITY CONCERNING ENCRYPTION STANDARDS. - The Secretary may not (acting through the National Institute of Standards and Technology or otherwise) promulgate, or enforce regulations, or otherwise adopt standards or carry out policies that result in encryption standards for use by businesses or entries other than Federal computer systems. (b) LIMITATION ON AUTHORITY CONCERNING EXPORTS OF COMPUTER HARDWARE AND COMPUTER SOFTWARE WITH ENCRYPTION CAPABILITIES. - The Secretary may not promulgate or enforce regulations, or adopt or carry out policies in a manner inconsistent with this Act, that have the effect of imposing government-designed encryption standards on the private sector by restricting the export of computer hardware and computer software with encryption capabilities. SEC. 5. PROMOTION OF COMMERCIAL ENCRYPTION PRODUCTS. (a) PROHIBITION ON RESTRICTIONS ON SALE OR DISTRIBUTION IN INTERSTATE COMMERCE. - (1) IN GENERAL. - Notwithstanding any other provision of law, neither the Federal Government nor any State may restrict or regulate the sale in interstate commerce, by any person of any product or program with encryption capabilities. Nothing in this paragraph may be construed to preempt any provision of Federal or State law applicable to contraband or regulated substances. (2) APPLICABILITY. - Paragraph (1) shall apply without regard to the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used for a product or program with encryption capabilities. (b) PROHIBITION ON MANDATORY KEY ESCROW. - Neither the Federal Government nor any State may require, as a condition of sale in interstate commerce, that a decryption key be given to any person (including a Federal agency or an entity in the private sector that may be certified or approved by the Federal Government or State). (c) CONTROL OF EXPORTING BY SECRETARY. - (1) GENERAL RULE. - Notwithstanding any other provision of law and subject to paragraph (2), (3) and (4), the Secretary shall have exclusive authority to control exports of all computer hardware, computer software, and technology with encryption capabilities, except computer hardware, computer software and technology that is specifically designed or modified for military use, including command, control, communications, and intelligence applications. (2) ITEMS THAT DO NOT REQUIRE VALIDATED LICENSES. - Only a general license may be required, except as otherwise provided under the Trading With The Enemy Act (50 U.S.C. App. 1 et seq.) (but only to the extent that the authority of the International Emergency Economic Power Act is not exercised to extend controls imposed under the Export Administration Act of 1979), for the export or reexport of - (A) any computer software and computer hardware, including computer software and computer hardware with encryption capabilities, that is - (i) generally available, as is, and designed for installation by the purchaser; or (ii) in the public domain (including on the Internet) or publicly available because it is generally accessible to the interested public in any form; or (B) any computing devise solely because it incorporates or employs in any form of computer software (including computer software with encryption capabilities) that is described in subparagraph (A). (3) COMPUTER SOFTWARE AND COMPUTER HARDWARE WITH ENCRYPTION CAPABILITIES. - (A) IN GENERAL. - Except as provided in subparagraph (B), the Secretary shall authorize the export or reexport of computer software and computer hardware with encryption capabilities under a general license for nonmilitary end-uses in any foreign country to which those exports of computers software and computer hardware of similar capability are permitted for use by financial institutions that the Secretary determines not to be controlled in fact by United States persons. (B) EXCEPTION. - The Secretary shall prohibit the export or reexport of computer software and computer hardware described in subparagraph (A) to a foreign country if the Secretary determines that there is substantial evidence that such software and computer hardware will be - (i) diverted to a military end-use or an end- use supporting international terrorism; (ii) modified for military or terrorist end- use; or (iii) reexported without the authorization required under Federal law. (d) STATUTORY CONSTRUCTION. - Nothing in this Act may be construed to affect any law in effect on the day before the date of enactment of this Act designed to prevent the distribution of descramblers and any other equipment for illegal interceptions cable and satellite television signals.
Return to the EPIC Crypto Page