IN THE SENATE OF THE UNITED STATES
Mr. BURNS (for himself, Mr. PRESSLER, Mr. LEAHY, Mr.
DOLE, Mr.FAIRCLOTH, Mrs. MURRAY, Mr. McCAIN, Mr.
WYDEN, Mr. ASHCROFT and Mr. NICKLES) introduced the
following bill which was read twice and referred to the
Committee on Commerce, Science and Transportation.
A BILL
To promote electronic commerce by facilitating the use of
strong encryption, and for other purposes.
Be it enacted by the Senate and House of Representa-
tives of the United States of America in Congress assembled.
SECTION 1. SHORT TITLE.
This Act may be cited as the "Promotion of Commerce
On-Line in the Digital Era (Pro-CODE) Act of 1996"
SEC.2. FINDINGS; PURPOSE
(a) FINDINGS. -- The Congress finds the following:
(1) The ability to digitize information makes
carrying out tremendous amounts of commerce and
personal communication electronically possible.
(2) Miniaturization, distributed computing, and
reduced transmission costs make communication via
electronic networks a reality.
(3) The explosive growth in the Internet and
other computer networks reflects the potential
growth of electronic commerce and personal
communication.
(4) The Internet and the global information
infrastructure have the potential to revolutionize
the way individuals and businesses conduct business.
(5) The full potential of the Internet for the
conduct of business cannot be realized as long as it
is an insecure medium in which confidential business
information and sensitive personal information
remains at risk of unauthorized viewing, alteration,
and use.
(6) Encryption of information enables busi-
nesses and individuals to protect themselves against
the unauthorized viewing, alteration, and use of
information by employing widely understood and
readily available science and technology to ensure
the confidentiality, authenticity, and integrity of
information.
(7) In order to promote economic growth and
meet the needs of businesses and individuals in the
United States, a variety of encryption products and
programs should be available to promote good, flexi-
ble, and commercially acceptable encryption capab-
ilities.
(8) United States computer, computer software and
hardware, communications and electronics businesses are
leading the world technology revolution as those
businesses have developed and are prepared to offer
immediately to computer users worldwide a variety of
communications and computers hardware and computer
software that provide good, robust, and easy-to-use
encryption.
(9) United States businesses seek to market the
products described in paragraph (8) in competition
with scores of foreign businesses in many countries
that offer similar, and frequently stronger, encryp-
tion products and programs.
(10) United States businesses have been discouraged
from further developing and marketing products with
encryption capabilities because of regulatory efforts
by the Secretary of Commerce, acting through the
National Institute Of Standards and Technology, to
promulgate standards and guidelines in support of
government-designed solutions to encryption problems
that
(A) were not developed in the private sector;
and
(B) have not received widespread commercial
support.
(11) Because of outdated Federal controls, United
States businesses have been prohibited from exporting
good encryption products and programs.
(12) The Secretary of Commerce, acting through the
National Institute of Standards and Technology on the
part of the President has attempted to leverage the
desire of United States businesses to sell commercial
products to the United States Government, and sell a
single product worldwide, to force the businesses to
include features in products sold by the businesses in
the United States and in foreign countries that will
allow the Federal Government easy access to the plain
text of all electronic information and communications.
(13) Specifically, the Secretary of Commerce, acting
through the National Institute of Standards and
Technology, has proposed that United states businesses
be allowed to sell products and programs offering good
encryption to the United States Government, and in
foreign countries only if the products and programs
include a feature guaranteeing the Federal
Government access to a key that decrypts information
(hereafter in this section referred to as "key escrow
encryption").
(14) The key escrow encryption approach to regulating
encryption is reflected in the approval in 1994 by the
National Institute of Standards and Technology of a
Federal information processing standard for the
"clipper chip", that was flawed and controversial.
(15) The Federal Government -
(A) has designed key escrow encryption to solve
a perceived problem; and
(B) has ignored the fact that -
(i) there is no demonstrated commercial
demand for features which give
governments easy access to information;
and
(ii) numerous nonkey escrow encryption
alternatives are available commercially
from foreign suppliers and free of charge
from the Internet.
(16) In order to promote electronic commerce in the
twenty-first century to realize the full
potential of the Internet and other computer
networks -
(A) United States businesses should be
encouraged to develop and market products
and programs offering encryption
capabilities; and
(B) the Federal Government should be prohibited
from promulgating regulations and adopting
policies that discourage the use and sale of
encryption.
(b) PURPOSE - The purpose of this Act is to promote electronic
commerce through the use of strong encryption by -
(1) recognizing that businesses in the United States
that offer computer hardware and computer software made
in the United States that incorporate encryption
technology are ready and immediately able, with respect
to electronic information that will be essential to
conducting business in the twenty-first century to -
(A) protect the confidentiality of that
information; and
(B) ensure the authenticity and integrity
of that information;
(2) restricting the Department of Commerce with
respect to the promulgation or enforcement of regulations,
or the application of policies, that impose government-
designed encryption standards; and
(3) promoting the ability of United States businesses
to sell to computer users worldwide computer software and
computer hardware that provide the strong encryption
demanded by such users by -
(A) restricting Federal or State regulation of the
sale of such products and programs in
interstate commerce;
(B) prohibiting mandatory key escrow encryption
systems; and
(C) establishing conditions for the sale of
encryption products and programs in foreign
commerce.
SEC.3 DEFINITIONS.
For purposes of this Act, the following definitions shall apply:
(1) AS IS. - The term "as is" means, in the case of
computer software (including computer software with
encryption capabilities), a computer software program
that is not designed, developed or tailored by a producer
of computer software for specific users or purchasers,
except that such terms may include computer software
that -
(A) is produced for purchasers that supply
certain installation parameters needed by the
computer software program to function properly
with the computer systems of the purchaser; or
(B) is customized by the purchaser by selecting
from among options contained in the computer
software program.
(2) COMPUTING DEVICE. - The term "computing device"
means a device that incorporates one or more
microprocessor-based central processing units that are
capable of accepting, storing, processing, or providing
output of data.
(3) COMPUTER HARDWARE. - The term "computer hardware",
includes computer systems, equipment, application-specific
assemblies, modules and integrated circuits.
(4) DECRYPTION.- The term "decryption" means the
unscrambling of wire or electronic communications or
information using mathematical formulas, codes, or
algorithms.
(5) DECRYPTION KEY. - The term "decryption key" means
the variable information used in a mathematical formula,
code, or algorithm, or any component thereof, used to
decrypt wire or electronic communications or information
that has been encrypted.
(6) DESIGNED FOR INSTALLATION BY THE USER OR PURCHASER. -
The term "designed for installation by the user or
purchaser" means, in the case of computer software
(including computer software with encryption capabilities)
computer software -
(A) with respect to which the producer of that
computer software -
(i) intends for the user or purchaser
(including any licensee or transferee),
to install the computer software program
on a computing device; and
(ii) has supplied the necessary instructions
to do so, except that the producer or
distributor of the computer software
program (or any agent of such producer or
distributor) may also provide telephone
help-line or onsite services for computer
software installation, electronic
transmission, or basic operations; and
(B) that is designed for installation by the user
or purchaser without further substantial
support by the supplier.
(7) ENCRYPTION. - The term "encryption" means the
scrambling of wire or electronic communications or
information using mathematical formulas, codes or
algorithms in order to preserve the confidentiality,
integrity, or authenticity of such communications or
information and prevent unauthorized recipients from
accessing or altering such communications.
(8) GENERAL LICENSE. - The term "general license" means a
general authorization that is applicable to a type of
export that does not require an exporter of that type
export to, as a condition to exporting -
(A) submit a written application to the Secretary;
or
(B) receive prior written authorization by the
Secretary.
(9) GENERALLY AVAILABLE. - The term "generally available"
means in the case of computer software (including software
with encryption capabilities), computer software that -
(A) is distributed via the Internet or that is
widely offered for sale, license, or transfer
(without regard to whether it is offered for
consideration), including over-the-counter
retail sales, mail order transactions,
telephone orders transactions electronic
distribution, or sale on approval; or
(B) preloaded on computer hardware that is widely
available.
(10) INTERNET. - The term "Internet" means the
international computer network of both Federal and non-
Federal interconnected packet-switched data networks.
(11) SECRETARY. - The term "Secretary" means the
Secretary of Commerce.
(12) STATE. - The term "State" means each of the several
States of the United States, the District of Columbia, the
Commonwealth of Puerto Rico, and any territory or
possession of the United States.
SEC.4. RESTRICTION OF DEPARTMENT OF COMMERCE
ENCRYPTION ACTIVITIES IMPOSING GOVERN-
MENT ENCRYPTION SYSTEMS.
(a) LIMITATION ON REGULATORY AUTHORITY CONCERNING
ENCRYPTION STANDARDS. - The Secretary may not (acting through the
National Institute of Standards and Technology or otherwise)
promulgate, or enforce regulations, or otherwise adopt standards
or carry out policies that result in encryption standards for use
by businesses or entries other than Federal computer systems.
(b) LIMITATION ON AUTHORITY CONCERNING EXPORTS OF COMPUTER
HARDWARE AND COMPUTER SOFTWARE WITH ENCRYPTION CAPABILITIES. - The
Secretary may not promulgate or enforce regulations, or adopt or
carry out policies in a manner inconsistent with this Act, that
have the effect of imposing government-designed encryption
standards on the private sector by restricting the export of
computer hardware and computer software with encryption
capabilities.
SEC. 5. PROMOTION OF COMMERCIAL ENCRYPTION PRODUCTS.
(a) PROHIBITION ON RESTRICTIONS ON SALE OR DISTRIBUTION IN
INTERSTATE COMMERCE. -
(1) IN GENERAL. - Notwithstanding any other provision of
law, neither the Federal Government nor any State may
restrict or regulate the sale in interstate commerce, by
any person of any product or program with encryption
capabilities. Nothing in this paragraph may be construed
to preempt any provision of Federal or State law
applicable to contraband or regulated substances.
(2) APPLICABILITY. - Paragraph (1) shall apply without
regard to the encryption algorithm selected, encryption
key length chosen, or implementation technique or medium
used for a product or program with encryption
capabilities.
(b) PROHIBITION ON MANDATORY KEY ESCROW. - Neither the Federal
Government nor any State may require, as a condition of sale in
interstate commerce, that a decryption key be given to any person
(including a Federal agency or an entity in the private sector
that may be certified or approved by the Federal Government or
State).
(c) CONTROL OF EXPORTING BY SECRETARY. -
(1) GENERAL RULE. - Notwithstanding any other provision
of law and subject to paragraph (2), (3) and (4), the
Secretary shall have exclusive authority to control
exports of all computer hardware, computer software, and
technology with encryption capabilities, except computer
hardware, computer software and technology that is
specifically designed or modified for military use,
including command, control, communications, and
intelligence applications.
(2) ITEMS THAT DO NOT REQUIRE VALIDATED LICENSES. -
Only a general license may be required, except as
otherwise provided under the Trading With The Enemy Act
(50 U.S.C. App. 1 et seq.) (but only to the extent that the
authority of the International Emergency Economic Power
Act is not exercised to extend controls imposed under the
Export Administration Act of 1979), for the export or
reexport of -
(A) any computer software and computer hardware,
including computer software and computer
hardware with encryption capabilities,
that is -
(i) generally available, as is, and designed
for installation by the purchaser; or
(ii) in the public domain (including on the
Internet) or publicly available because it
is generally accessible to the interested
public in any form; or
(B) any computing devise solely because it
incorporates or employs in any form of computer
software (including computer software with
encryption capabilities) that is described in
subparagraph (A).
(3) COMPUTER SOFTWARE AND COMPUTER HARDWARE WITH
ENCRYPTION CAPABILITIES. -
(A) IN GENERAL. - Except as provided in subparagraph
(B), the Secretary shall authorize the export
or reexport of computer software and computer
hardware with encryption capabilities under a
general license for nonmilitary end-uses in
any foreign country to which those exports of
computers software and computer hardware of
similar capability are permitted for use by
financial institutions that the Secretary
determines not to be controlled in fact by
United States persons.
(B) EXCEPTION. - The Secretary shall prohibit the
export or reexport of computer software and
computer hardware described in subparagraph (A)
to a foreign country if the Secretary
determines that there is substantial evidence
that such software and computer hardware will
be -
(i) diverted to a military end-use or an end-
use supporting international terrorism;
(ii) modified for military or terrorist end-
use; or
(iii) reexported without the authorization
required under Federal law.
(d) STATUTORY CONSTRUCTION. - Nothing in this Act may be
construed to affect any law in effect on the day before the date
of enactment of this Act designed to prevent the distribution of
descramblers and any other equipment for illegal interceptions
cable and satellite television signals.
Return to the EPIC Crypto Page