Congressional Documents
FILE h695.rh

          Union Calendar No. 160

          105th CONGRESS

          1st Session

                                         A BILL

          To amend title 18, United States Code, to affirm the rights of

          United States persons to use and sell encryption and to relax 

          export controls on encryption.

                                   September 29, 1997

          Reported from the Committee on Commerce with an amendment, 

          committed to the Committee of the Whole House on the State of the

          Union, and ordered to be printed

          H.R. 695 RH

          105th CONGRESS

          1st Session

          [Report No. 105-108, Parts I, II, III, IV, V]

          To amend title 18, United States Code, to affirm the rights of

          United States persons to use and sell encryption and to relax 

          export controls on encryption.

                             IN THE HOUSE OF REPRESENTATIVES

                                    February 12, 1997

          Mr. GOODLATTE (for himself, Ms. LOFGREN, Mr. DELAY, Mr. BOEHNER, 

              Mr. COBLE, Mr. SENSENBRENNER, Mr. BONO, Mr. PEASE, Mr. CANNON,

              Mr. CONYERS, Mr. BOUCHER, Mr. GEKAS, Mr. SMITH of Texas, Mr.

              INGLIS of South Carolina, Mr. BRYANT, Mr. CHABOT, Mr. BARR of

              Georgia, Ms. JACKSON-LEE of Texas, Ms. WATERS, Mr. ACKERMAN, 

              Mr. BAKER, Mr. BARTLETT of Maryland, Mr. CAMPBELL, Mr.

              CHAMBLISS, Mr. CUNNINGHAM, Mr. DAVIS of Virginia, Mr. DICKEY,

              Mr. DOOLITTLE, Mr. EHLERS, Mr. ENGEL, Ms. ESHOO, Mr. EVERETT,

              Mr. EWING, Mr. FARR of California, Mr. GEJDENSON, Mr. GILLMOR,

              Mr. GOODE, Ms. NORTON, Mr. HORN, Ms. EDDIE BERNICE JOHNSON of

              Texas, Mr. SAM JOHNSON of Texas, Mr. KOLBE, Mr. MCINTOSH, Mr.

              MCKEON, Mr. MANZULLO, Mr. MATSUI, Mr. MICA, Mr. MINGE, Mr.

              MOAKLEY, Mr. NETHERCUTT, Mr. PACKARD, Mr. SESSIONS, Mr. UPTON,

              Mr. WHITE, and Ms. WOOLSEY) introduced the following bill; 

              which was referred to the Committee on the Judiciary, and in

              addition to the Committee on International Relations, for a

              period to be subsequently determined by the Speaker, in each

              case for consideration of such provisions as fall within the

              jurisdiction of the committee concerned

                                      May 22, 1997

          Reported from the Committee on the Judiciary with an amendment

              [STRIKE OUT ALL AFTER THE ENACTING CLAUSE AND INSERT THE PART

                                   PRINTED IN ITALIC]

          Referral to the Committee on International Relations extended for a

              period ending not later than July 11, 1997

                                      June 26, 1997

          Referral to the Committee on International Relations extended for a

              period ending not later than July 25, 1997

          Referred to the Committees on Commerce, National Security, and the

              Permanent Select Committee on Intelligence for a period ending

              not later than September 5, 1997, for consideration of such

              provisions of the bill and amendment reported by the Committee

              on the Judiciary as fall within the jurisdiction of those

              committees pursuant to clause 1(e) and (k), rule X and rule

              XLVIII, respectively

                                      July 25, 1997

          Reported from the Committee on the International Relations with an

              amendment

              [STRIKE OUT ALL AFTER THE ENACTING CLAUSE AND INSERT THE PART

                               PRINTED IN BOLDFACE ROMAN]

                                      July 30, 1997

          Referral to the Permanent Select Committee on Intelligence extended

              for a period ending not later than September 12, 1997

                                      July 31, 1997

          Referral to the Committee on National Security extended for a 

              period ending not later than September 12, 1997

                                   September  5, 1997

          Referral to the Committee on Commerce extended for a period ending

              not later than September 12, 1997

                                   September  11, 1997

          Referral to the Permanent Select Committee on Intelligence extended

              for a period ending not later than September 16, 1997

          Referral to the Committee on Commerce extended for a period ending

              not later than September 26, 1997

                                   September  12, 1997

          Reported from the Committee on the National Security with  amendments

           [OMIT THE PART STRUCK THROUGH IN BOLD BRACKETS AND INSERT THE PART

                     PRINTED IN BOLDFACE ITALIC AND AMEND THE TITLE]

                                   September  16, 1997

          Reported from the Permanent Select Committee on Intelligence with 

              an amendment

              [STRIKE OUT ALL AFTER THE ENACTING CLAUSE AND INSERT THE PART

                   PRINTED IN BOLDFACE ROMAN IN DOUBLE BOLD BRACKETS]

                                   September  25, 1997

          Referral to the Committee on Commerce extended for a period ending

              not later than September 29, 1997

                                   September  29, 1997

          Additional sponsors: Mr. HASTINGS of Washington, Mr. COOK, Mr. FOX

              of Pennsylvania, Mrs. MORELLA, Mr. BILBRAY, Mrs. MYRICK, Mr.

              DEFAZIO, Mr. WATKINS, Mr. FRANKS of New Jersey, Mr. MARTINEZ,

              Mr. SHAYS, Mr. NADLER, Mr. HOSTETTLER, Mr. FALEOMAVAEGA, Mrs.

              LINDA SMITH of Washington, Mr. PAXON, Mr. WELDON of Florida, 

              Mr. GORDON, Mr. HUTCHINSON, Ms. RIVERS, Mr. SNOWBARGER, Mrs.

              TAUSCHER, Mr. DELAHUNT, Mr. ROHRABACHER, Mr. COOKSEY, Mr. MORAN

              of Virginia, Mr. GALLEGLY, Mr. CAMP, Mr. WEXLER, Mr. WELLER, 

              Mr. SHERMAN, Mr. DREIER, Mr. CALVERT, Mr. CAPPS, Mr. LINDER, 

              Mr. MCINNIS, Mr. GRAHAM, Mr. THOMAS, Ms. MCKINNEY, Ms. MCCARTHY

              of Missouri, Mr. FRANK of Massachusetts, Mr. SISISKY, Mr.

              FORBES, Mr. BLUNT, Mr. ISTOOK, Mr. PICKERING, Mr. DOOLEY of

              California, Mr. LATHAM, Mr. COX of California, Mr. ROEMER, Mr.

              FAZIO of California, Mr. ADAM SMITH of Washington, Mr. KIND, 

              Mr. BALLENGER, Mr. NEY, Mr. SALMON, Mr. HOUGHTON, Mr. MCHUGH,

              Ms. FURSE, Mr. HASTINGS of Florida, Mr. DIAZ-BALART, Mr. KING,

              Ms. SLAUGHTER, Mr. FROST, Mr. BURTON of Indiana, Ms. DUNN, Ms.

              CHRISTIAN-GREEN, Mr. ENGLISH of Pennsylvania, Mr. LAMPSON, Mr.

              BRADY, Mr. SMITH of New Jersey, Mrs. CHENOWETH, Mr. COBURN, 

              Mrs. CUBIN, Mr. BOB SCHAFFER of Colorado, Mr. BARTON of Texas,

              Mr. LARGENT, Mr. CLEMENT, Mr. HILLIARD, Mr. LUTHER, Mr. CRAPO,

              Mr. ROGAN, Mr. ANDREWS, Mr. BONILLA, Ms. ROS-LEHTINEN, Mr.

              GUTKNECHT, Mr. HAYWORTH, Mr. SUNUNU, Mr. SCARBOROUGH, Mr.

              NEUMANN, Mr. SANFORD, Mr. NORWOOD, Ms. PRYCE of Ohio, Mr. LEWIS

              of Kentucky, Mr. KASICH, Mr. ARCHER, Mr. HANSEN, Mr. HERGER, 

              Mr. RILEY, Mr. HILL, Mr. TAUZIN, Mr. MORAN of Kansas, Mr. BURR

              of North Carolina, Mr. BLUMENAUER, Mr. POMEROY, Mr. RIGGS, Mr.

              KINGSTON, Mr. MILLER of California, Mr. DUNCAN, Mr. WHITFIELD,

              Mr. SMITH of Oregon, Mr. QUINN, Mr. KENNEDY of Massachusetts,

              Mrs. KELLY, Mr. METCALF, Mr. MARKEY, Mr. NEAL of Massachusetts,

              Mrs. EMERSON, Mr. CHRISTENSEN, Mr. WATTS of Oklahoma, Mr.

              SOUDER, Mr. POMBO, Mr. STENHOLM, Mr. TIAHRT, Mr. MCGOVERN, Mr.

              PARKER, Mr. WICKER, Mr. BARRETT of Nebraska, Mr. GEPHARDT, Mr.

              KIM, Mrs. JOHNSON of Connecticut, Mr. LUCAS of Oklahoma, Mr.

              BROWN of California, Mr. KNOLLENBERG, Mr. TALENT, Mr. TIENEY,

              Mr. KLUG, Mr. JENKINS, Mr. CONDIT, Mr. HALL of Texas, Mr.

              BACHUS, Mr. CRANE, Mr. WAMP, Mr. CASTLE, Mr. LAHOOD, Mr.

              GOODLING, Mr. SHIMKUS, Mr. SERRANO, Mr. HOLDEN, Mr. HOBSON, Mr.

              RAHALL, Mr. THOMPSON, Mr. THUNE, Mr. CLYBURN, Mr. HILLEARY, Mr.

              DEAL of Georgia, Mr. COLLINS, Mr. DAN SCHAEFER of Colorado, Mr.

              HALL of Ohio, Mr. LIVINGSTON, Mr. HOEKSTRA, Mr. WISE, Mr.

              FILNER, Mr. MCDERMOTT, Ms. SANCHEZ, Mrs. THURMAN, Mr. TANNER,

              Mr. PASTOR, Ms. KAPTUR, Mr. LEWIS of Georgia, Mr. JACKSON of

              Illinois, Ms. MILLENDER-MCDONALD, Mr. CUMMINGS, Mr. JEFFERSON,

              Mr. FORD, Mr. BARRETT of Wisconsin, Mr. FATTAH, Mr. BARCIA, Ms.

              HOOLEY of Oregon, Mrs. NORTHUP, Mr. VENTO, Mr. BONIOR, Mrs.

              CLAYTON, Mrs. KENNELLY of Connecticut, Mr. PALLONE, Mr. OLVER,

              Ms. KILPATRICK, Ms. DELAURO, Mrs. MEEK of Florida, Ms. 

              STABENOW, Mr. STEARNS, Mr. RADANOVICH, Mr. TAYLOR of North

              Carolina, Mr. WALSH, Mr. NUSSLE, Mr. DAVIS of Illinois, and Mr.

              Rush

          Deleted sponsors: Mr. EVERETT (added February 12, 1997; deleted 

              July 30, 1997), Ms. EDDIE BERNICE JOHNSON of Texas (added

              February 12, 1997; deleted May 13, 1997), Mr. SOLOMON (added

              March 13, 1997; deleted April 29, 1997), Mr. ROTHMAN (added

              April 10, 1997; deleted July 24, 1997), Mr. JONES (added June

              23, 1997; deleted September 8, 1997), Mr. BUNNING (added July 

              9, 1997; deleted July 30, 1997), Mr. THORNBERRY (added July 24,

              1997; deleted September 4, 1997), and Mr. HEFLEY (added July 

              29, 1997; deleted July 30, 1997)

                                   September  29, 1997

          Reported from the Committee on Commerce with an amendment, 

              committed to the Committee of the Whole House on the State of

              the Union, and ordered to be printed

              [STRIKE OUT ALL AFTER THE ENACTING CLAUSE AND INSERT THE PART

                     PRINTED IN BOLDFACE ITALIC IN BOLD PARENTHESES]

                                         A BILL

          To amend title 18, United States Code, to affirm the rights of

          United States persons to use and sell encryption and to relax 

          export controls on encryption.

              Be it enacted by the Senate and House of

          Representatives of the United States of America in Congress

          assembled, 

          SECTION 1. SHORT TITLE.

            This Act may be cited as the `Security and Freedom Through

          Encryption (SAFE) Act'.

          SEC. 2. SALE AND USE OF ENCRYPTION.

            (a) IN GENERAL- Part I of title 18, United States Code, is 

          amended by inserting after chapter 121 the following new chapter:

              `CHAPTER 122--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

                                        

          `2801. Definitions.

          `2802. Freedom to use encryption.

          `2803. Freedom to sell encryption.

          `2804. Prohibition on mandatory key escrow.

          `2805. Unlawful use of encryption in furtherance of a criminal act.

          `Sec. 2801. Definitions

            `As used in this chapter--

                `(1) the terms `person', `State', `wire communication',

              `electronic communication', `investigative or law enforcement

              officer', `judge of competent jurisdiction', and `electronic

              storage' have the meanings given those terms in section 2510 of

              this title;

                `(2) the terms `encrypt' and `encryption' refer to the

              scrambling of wire or electronic information using mathematical

              formulas or algorithms in order to preserve the 

              confidentiality, integrity, or authenticity of, and prevent

              unauthorized recipients from accessing or altering, such

              information;

                `(3) the term `key' means the variable information used in a

              mathematical formula, code, or algorithm, or any component

              thereof, used to decrypt wire or electronic information that 

              has been encrypted; and

                `(4) the term `United States person' means--

                    `(A) any United States citizen;

                    `(B) any other person organized under the laws of any

                  State, the District of Columbia, or any commonwealth,

                  territory, or possession of the United States; and

                    `(C) any person organized under the laws of any foreign

                  country who is owned or controlled by individuals or 

                  persons described in subparagraphs (A) and (B).

          `Sec. 2802. Freedom to use encryption

            `Subject to section 2805, it shall be lawful for any person 

          within any State, and for any United States person in a foreign

          country, to use any encryption, regardless of the encryption

          algorithm selected, encryption key length chosen, or implementation

          technique or medium used.

          `Sec. 2803. Freedom to sell encryption

            `Subject to section 2805, it shall be lawful for any person 

          within any State to sell in interstate commerce any encryption,

          regardless of the encryption algorithm selected, encryption key

          length chosen, or implementation technique or medium used.

          `Sec. 2804. Prohibition on mandatory key escrow

            `(a) PROHIBITION- No person in lawful possession of a key to

          encrypted information may be required by Federal or State law to

          relinquish to another person control of that key.

            `(b) EXCEPTION FOR ACCESS FOR LAW ENFORCEMENT PURPOSES- 

          Subsection (a) shall not affect the authority of any investigative

          or law enforcement officer, acting under any law in effect on the

          effective date of this chapter, to gain access to encrypted

          information.

          `Sec. 2805. Unlawful use of encryption in furtherance of a criminal

          act

            `Any person who willfully uses encryption in furtherance of the

          commission of a criminal offense for which the person may be

          prosecuted in a court of competent jurisdiction--

                `(1) in the case of a first offense under this section, shall

              be imprisoned for not more than 5 years, or fined in the amount

              set forth in this title, or both; and

                `(2) in the case of a second or subsequent offense under this

              section, shall be imprisoned for not more than 10 years, or

              fined in the amount set forth in this title, or both.'.

            (b) CONFORMING AMENDMENT- The table of chapters for part I of

          title 18, United States Code, is amended by inserting after the 

          item relating to chapter 33 the following new item:

            2801'.  

             [  SEC. 3. EXPORTS OF ENCRYPTION.

               [  (a) AMENDMENT TO EXPORT

          ADMINISTRATION ACT OF 1979- Section 17 of the Export Administration

          Act of 1979 (50 U.S.C. App. 2416) is amended by adding at the end

          thereof the following new subsection:

               [  `(g) COMPUTERS AND RELATED

          EQUIPMENT-

                   [  `(1) GENERAL RULE- 

              Subject to paragraphs (2), (3), and (4), the Secretary shall

              have exclusive authority to control exports of all computer

              hardware, software, and technology for information security

              (including encryption), except that which is specifically

              designed or modified for military use, including command,

              control, and intelligence applications.

                   [  `(2) ITEMS NOT REQUIRING

              LICENSES- No validated license may be required, except pursuant

              to the Trading With The Enemy Act or the International 

              Emergency Economic Powers Act (but only to the extent that the

              authority of such Act is not exercised to extend controls

              imposed under this Act), for the export or reexport of--

                       [  `(A) any software,

                  including software with encryption capabilities--

                           [  `(i) that is

                      generally available, as is, and is designed for

                      installation by the purchaser; or

                           [  `(ii) that is in

                      the public domain for which copyright or other

                      protection is not available under title 17, United

                      States Code, or that is available to the public because

                      it is generally accessible to the interested public in

                      any form; or

                       [  `(B) any computing

                  device solely because it incorporates or employs in any 

                  form software (including software with encryption

                  capabilities) exempted from any requirement for a validated

                  license under subparagraph (A).

                   [  `(3) SOFTWARE WITH

              ENCRYPTION CAPABILITIES- The Secretary shall authorize the

              export or reexport of software with encryption capabilities for

              nonmilitary end uses in any country to which exports of 

              software of similar capability are permitted for use by

              financial institutions not controlled in fact by United States

              persons, unless there is substantial evidence that such 

              software will be--

                       [  `(A) diverted to a

                  military end use or an end use supporting international

                  terrorism;

                       [  `(B) modified for

                  military or terrorist end use; or

                       [  `(C) reexported

                  without any authorization by the United States that may be

                  required under this Act.

                   [  `(4) HARDWARE WITH

              ENCRYPTION CAPABILITIES- The Secretary shall authorize the

              export or reexport of computer hardware with encryption

              capabilities if the Secretary determines that a product 

              offering comparable security is commercially available outside

              the United States from a foreign supplier, without effective

              restrictions.

                   [  `(5) DEFINITIONS- As used

              in this subsection--

                       [  `(A) the term

                  `encryption' means the scrambling of wire or electronic

                  information using mathematical formulas or algorithms in

                  order to preserve the confidentiality, integrity, or

                  authenticity of, and prevent unauthorized recipients from

                  accessing or altering, such information;

                       [  `(B) the term

                  `generally available' means, in the case of software

                  (including software with encryption capabilities), software

                  that is offered for sale, license, or transfer to any 

                  person without restriction, whether or not for

                  consideration, including, but not limited to,

                  over-the-counter retail sales, mail order transactions,

                  phone order transactions, electronic distribution, or sale

                  on approval;

                       [  `(C) the term `as is'

                  means, in the case of software (including software with

                  encryption capabilities), a software program that is not

                  designed, developed, or tailored by the software publisher

                  for specific purchasers, except that such purchasers may

                  supply certain installation parameters needed by the

                  software program to function properly with the purchaser's

                  system and may customize the software program by choosing

                  among options contained in the software program;

                       [  `(D) the term `is

                  designed for installation by the purchaser' means, in the

                  case of software (including software with encryption

                  capabilities) that--

                           [  `(i) the software

                      publisher intends for the purchaser (including any

                      licensee or transferee), who may not be the actual

                      program user, to install the software program on a

                      computing device and has supplied the necessary

                      instructions to do so, except that the publisher may

                      also provide telephone help line services for software

                      installation, electronic transmission, or basic

                      operations; and

                           [  `(ii) the 

                      software program is designed for installation by the

                      purchaser without further substantial support by the

                      supplier;

                       [  `(E) the term

                  `computing device' means a device which incorporates one or

                  more microprocessor-based central processing units that can

                  accept, store, process, or provide output of data; and

                       [  `(F) the term

                  `computer hardware', when used in conjunction with

                  information security, includes, but is not limited to,

                  computer systems, equipment, application-specific

                  assemblies, modules, and integrated circuits.'.

              [  (b) CONTINUATION OF EXPORT

          ADMINISTRATION ACT- For purposes of carrying out the amendment made

          by subsection (a), the Export Administration Act of 1979 shall be

          deemed to be in effect.  ]  

          SEC. 3. EXPORTS OF ENCRYPTION.

            (a) EXPORT CONTROL OF ENCRYPTION PRODUCTS NOT CONTROLLED ON THE

          UNITED STATES MUNITIONS LIST- The Secretary of Commerce, with the

          concurrence of the Secretary of Defense, shall have the authority 

          to control the export of encryption products not controlled on the

          United States Munitions List. Decisions made by the Secretary of

          Commerce with the concurrence of the Secretary of Defense with

          respect to exports of encryption products under this section shall

          not be subject to judicial review.

            (b) LICENSE EXCEPTION FOR CERTAIN ENCRYPTION PRODUCTS- Encryption

          products with encryption strength equal to or less than the level

          identified in subsection (d) shall be eligible for export under a

          license exception after a 1-time review, if the encryption product

          being exported does not include features that would otherwise

          require licensing under applicable regulations, is not destined for

          countries, end-users, or end-uses that the Secretary of Commerce 

          has determined by regulation, with the concurrence of the Secretary

          of Defense, are ineligible to receive such products, and is

          otherwise qualified for export.

            (c) ONE-TIME PRODUCT REVIEW- The Secretary of Commerce, with the

          concurrence of the Secretary of Defense, shall specify the

          information that must be submitted for the 1-time review referred 

          to in subsection (b).

            (d) ELIGIBLE ENCRYPTION LEVELS- 

                (1) INITIAL ELIGIBILITY LEVEL- Not later than 30 days after

              the date of the enactment of this Act, the President shall

              notify the Congress of the maximum level of encryption strength

              that could be exported from the United States under license

              exception pursuant to this section without harm to the national

              security of the United States. Such level shall not become

              effective until 60 days after such notification.

                (2) ANNUAL REVIEW OF ELIGIBILITY LEVEL- Not later than 1 year

              after notifying the Congress of the maximum level of encryption

              strength under paragraph (1), and annually thereafter, the

              President shall notify the Congress of the maximum level of

              encryption strength that could be exported from the United

              States under license exception pursuant to this section without

              harm to the national security of the United States. Such level

              shall not become effective until 60 days after such notification.

                (3) CALCULATION OF 60-DAY PERIOD- The 60-day period referred

              to in paragraphs (1) and (2) shall be computed by excluding--

                    (A) the days on which either House is not in session

                  because of an adjournment of more than 3 days to a day

                  certain or an adjournment of the Congress sine die; and

                    (B) each Saturday and Sunday, not excluded under

                  subparagraph (A), when either House is not in session.

            (e) EXCERCISE OF EXISTING AUTHORITIES- The Secretary of Commerce

          and the Secretary of Defense may exercise the authorities they have

          under other provisions of law to carry out this section.

          SECTION 1. SHORT TITLE.

            This Act may be cited as the `Security and Freedom Through

          Encryption (SAFE) Act'.

          SEC. 2. SALE AND USE OF ENCRYPTION.

            (a) IN GENERAL- Part I of title 18, United States Code, is 

          amended by inserting after chapter 123 the following new chapter:

              `CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

                                        

          `2801. Definitions.

          `2802. Freedom to use encryption.

          `2803. Freedom to sell encryption.

          `2804. Prohibition on mandatory key escrow.

          `2805. Unlawful use of encryption in furtherance of a criminal act.

          `Sec. 2801. Definitions

            `As used in this chapter--

                `(1) the terms `person', `State', `wire communication',

              `electronic communication', `investigative or law enforcement

              officer', and `judge of competent jurisdiction' have the

              meanings given those terms in section 2510 of this title;

                `(2) the terms `encrypt' and `encryption' refer to the

              scrambling of wire communications, electronic communications, 

              or electronically stored information, using mathematical

              formulas or algorithms in order to preserve the 

              confidentiality, integrity, or authenticity of, and prevent

              unauthorized recipients from accessing or altering, such

              communications or information;

                `(3) the term `key' means the variable information used in a

              mathematical formula, code, or algorithm, or any component

              thereof, used to decrypt wire communications, electronic

              communications, or electronically stored information, that has

              been encrypted; and

                `(4) the term `United States person' means--

                    `(A) any United States citizen;

                    `(B) any other person organized under the laws of any

                  State, the District of Columbia, or any commonwealth,

                  territory, or possession of the United States; and

                    `(C) any person organized under the laws of any foreign

                  country who is owned or controlled by individuals or 

                  persons described in subparagraphs (A) and (B).

          `Sec. 2802. Freedom to use encryption

            `Subject to section 2805, it shall be lawful for any person 

          within any State, and for any United States person in a foreign

          country, to use any encryption, regardless of the encryption

          algorithm selected, encryption key length chosen, or implementation

          technique or medium used.

          `Sec. 2803. Freedom to sell encryption

            `Subject to section 2805, it shall be lawful for any person 

          within any State to sell in interstate commerce any encryption,

          regardless of the encryption algorithm selected, encryption key

          length chosen, or implementation technique or medium used.

          `Sec. 2804. Prohibition on mandatory key escrow

            `(a) PROHIBITION- No person in lawful possession of a key to

          encrypted communications or information may be required by Federal

          or State law to relinquish to another person control of that key.

            `(b) EXCEPTION FOR ACCESS FOR LAW ENFORCEMENT PURPOSES- 

          Subsection (a) shall not affect the authority of any investigative

          or law enforcement officer, or any member of the intelligence

          community as defined in section 3 of the National Security Act of

          1947 (50 U.S.C. 401a), acting under any law in effect on the

          effective date of this chapter, to gain access to encrypted

          communications or information.

          `Sec. 2805. Unlawful use of encryption in furtherance of a criminal

          act

            `Any person who, in the commission of a felony under a criminal

          statute of the United States, knowingly and willfully encrypts

          incriminating communications or information relating to that felony

          with the intent to conceal such communications or information for

          the purpose of avoiding detection by law enforcement agencies or

          prosecution--

                `(1) in the case of a first offense under this section, shall

              be imprisoned for not more than 5 years, or fined in the amount

              set forth in this title, or both; and

                `(2) in the case of a second or subsequent offense under this

              section, shall be imprisoned for not more than 10 years, or

              fined in the amount set forth in this title, or both.'.

            (b) CONFORMING AMENDMENT- The table of chapters for part I of

          title 18, United States Code, is amended by inserting after the 

          item relating to chapter 123 the following new item:

            2801'.  

          SEC. 3. EXPORTS OF ENCRYPTION.

            (a) AMENDMENT TO EXPORT ADMINISTRATION ACT OF 1979- Section 17 of

          the Export Administration Act of 1979 (50 U.S.C. App. 2416) is

          amended by adding at the end thereof the following new subsection:

            `(g) COMPUTERS AND RELATED EQUIPMENT- 

                `(1) GENERAL RULE- Subject to paragraphs (2), (3), and (4),

              the Secretary shall have exclusive authority to control exports

              of all computer hardware, software, and technology for

              information security (including encryption), except that which

              is specifically designed or modified for military use, 

              including command, control, and intelligence applications.

                `(2) ITEMS NOT REQUIRING LICENSES- No validated license may 

              be required, except pursuant to the Trading With The Enemy Act

              or the International Emergency Economic Powers Act (but only to

              the extent that the authority of such Act is not exercised to

              extend controls imposed under this Act), for the export or

              reexport of--

                    `(A) any software, including software with encryption

                  capabilities--

                        `(i) that is generally available, as is, and is

                      designed for installation by the purchaser; or

                        `(ii) that is in the public domain for which 

                      copyright or other protection is not available under

                      title 17, United States Code, or that is available to

                      the public because it is generally accessible to the

                      interested public in any form; or

                    `(B) any computing device solely because it incorporates

                  or employs in any form software (including software with

                  encryption capabilities) exempted from any requirement for 

                  a validated license under subparagraph (A).

                `(3) SOFTWARE WITH ENCRYPTION CAPABILITIES- The Secretary

              shall authorize the export or reexport of software with

              encryption capabilities for nonmilitary end uses in any country

              to which exports of software of similar capability are 

              permitted for use by financial institutions not controlled in

              fact by United States persons, unless there is substantial

              evidence that such software will be--

                    `(A) diverted to a military end use or an end use

                  supporting international terrorism;

                    `(B) modified for military or terrorist end use; or

                    `(C) reexported without any authorization by the United

                  States that may be required under this Act.

                `(4) HARDWARE WITH ENCRYPTION CAPABILITIES- The Secretary

              shall authorize the export or reexport of computer hardware 

              with encryption capabilities if the Secretary determines that a

              product offering comparable security is commercially available

              outside the United States from a foreign supplier, without

              effective restrictions.

                `(5) DEFINITIONS- As used in this subsection--

                    `(A) the term `encryption' means the scrambling of wire 

                  or electronic information using mathematical formulas or

                  algorithms in order to preserve the confidentiality,

                  integrity, or authenticity of, and prevent unauthorized

                  recipients from accessing or altering, such information;

                    `(B) the term `generally available' means, in the case of

                  software (including software with encryption capabilities),

                  software that is offered for sale, license, or transfer to

                  any person without restriction, whether or not for

                  consideration, including, but not limited to,

                  over-the-counter retail sales, mail order transactions,

                  phone order transactions, electronic distribution, or sale

                  on approval;

                    `(C) the term `as is' means, in the case of software

                  (including software with encryption capabilities), a

                  software program that is not designed, developed, or

                  tailored by the software publisher for specific purchasers,

                  except that such purchasers may supply certain installation

                  parameters needed by the software program to function

                  properly with the purchaser's system and may customize the

                  software program by choosing among options contained in the

                  software program;

                    `(D) the term `is designed for installation by the

                  purchaser' means, in the case of software (including

                  software with encryption capabilities) that--

                        `(i) the software publisher intends for the purchaser

                      (including any licensee or transferee), who may not be

                      the actual program user, to install the software 

                      program on a computing device and has supplied the

                      necessary instructions to do so, except that the

                      publisher may also provide telephone help line services

                      for software installation, electronic transmission, or

                      basic operations; and

                        `(ii) the software program is designed for

                      installation by the purchaser without further

                      substantial support by the supplier;

                    `(E) the term `computing device' means a device which

                  incorporates one or more microprocessor-based central

                  processing units that can accept, store, process, or 

                  provide output of data; and

                    `(F) the term `computer hardware', when used in

                  conjunction with information security, includes, but is not

                  limited to, computer systems, equipment,

                  application-specific assemblies, modules, and integrated

                  circuits.'.

            (b) CONTINUATION OF EXPORT ADMINISTRATION ACT- For purposes of

          carrying out the amendment made by subsection (a), the Export

          Administration Act of 1979 shall be deemed to be in effect.

          SEC. 4. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

            (a) COLLECTION OF INFORMATION BY ATTORNEY GENERAL- The Attorney

          General shall compile, and maintain in classified form, data on the

          instances in which encryption (as defined in section 2801 of title

          18, United States Code) has interfered with, impeded, or obstructed

          the ability of the Department of Justice to enforce the criminal

          laws of the United States.

            (b) AVAILABILITY OF INFORMATION TO THE CONGRESS- The information

          compiled under subsection (a), including an unclassified summary

          thereof, shall be made available, upon request, to any Member of

          Congress.

          SECTION 1. SHORT TITLE.

            This Act may be cited as the `Security and Freedom Through

          Encryption (SAFE) Act'.

          SEC. 2. SALE AND USE OF ENCRYPTION.

            (a) IN GENERAL- Part I of title 18, United States Code, is 

          amended by inserting after chapter 121 the following new chapter:

              `CHAPTER 122--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

                                        

          `2801. Definitions.

          `2802. Freedom to use encryption.

          `2803. Freedom to sell encryption.

          `2804. Prohibition on mandatory key escrow.

          `2805. Unlawful use of encryption in furtherance of a criminal act.

          `Sec. 2801. Definitions

            `As used in this chapter--

                `(1) the terms `person', `State', `wire communication',

              `electronic communication', `investigative or law enforcement

              officer', `judge of competent jurisdiction', and `electronic

              storage' have the meanings given those terms in section 2510 of

              this title;

                `(2) the terms `encrypt' and `encryption' refer to the

              scrambling of wire or electronic information using mathematical

              formulas or algorithms in order to preserve the 

              confidentiality, integrity, or authenticity of, and prevent

              unauthorized recipients from accessing or altering, such

              information;

                `(3) the term `key' means the variable information used in a

              mathematical formula, code, or algorithm, or any component

              thereof, used to decrypt wire or electronic information that 

              has been encrypted; and

                `(4) the term `United States person' means--

                    `(A) any United States citizen;

                    `(B) any other person organized under the laws of any

                  State, the District of Columbia, or any commonwealth,

                  territory, or possession of the United States; and

                    `(C) any person organized under the laws of any foreign

                  country who is owned or controlled by individuals or 

                  persons described in subparagraphs (A) and (B).

          `Sec. 2802. Freedom to use encryption

            `Subject to section 2805, it shall be lawful for any person 

          within any State, and for any United States person in a foreign

          country, to use any encryption, regardless of the encryption

          algorithm selected, encryption key length chosen, or implementation

          technique or medium used.

          `Sec. 2803. Freedom to sell encryption

            `Subject to section 2805, it shall be lawful for any person 

          within any State to sell in interstate commerce any encryption,

          regardless of the encryption algorithm selected, encryption key

          length chosen, or implementation technique or medium used.

          `Sec. 2804. Prohibition on mandatory key escrow

            `(a) PROHIBITION- No person in lawful possession of a key to

          encrypted information may be required by Federal or State law to

          relinquish to another person control of that key.

            `(b) EXCEPTION FOR ACCESS FOR LAW ENFORCEMENT PURPOSES- 

          Subsection (a) shall not affect the authority of any investigative

          or law enforcement officer, acting under any law in effect on the

          effective date of this chapter, to gain access to encrypted

          information.

          `Sec. 2805. Unlawful use of encryption in furtherance of a criminal

          act

            `Any person who willfully uses encryption in furtherance of the

          commission of a criminal offense for which the person may be

          prosecuted in a court of competent jurisdiction--

                `(1) in the case of a first offense under this section, shall

              be imprisoned for not more than 5 years, or fined in the amount

              set forth in this title, or both; and

                `(2) in the case of a second or subsequent offense under this

              section, shall be imprisoned for not more than 10 years, or

              fined in the amount set forth in this title, or both.'.

            (b) CONFORMING AMENDMENT- The table of chapters for part I of

          title 18, United States Code, is amended by inserting after the 

          item relating to chapter 33 the following new item:

            2801'.  

          SEC. 3. EXPORTS OF ENCRYPTION.

            (a) AMENDMENT TO EXPORT ADMINISTRATION ACT OF 1979- Section 17 of

          the Export Administration Act of 1979 (50 U.S.C. App. 2416) is

          amended by adding at the end thereof the following new subsection:

            `(g) CERTAIN CONSUMER PRODUCTS, COMPUTERS, AND RELATED EQUIPMENT- 

                `(1) GENERAL RULE- Subject to paragraphs (2), (3), and (4),

              the Secretary shall have exclusive authority to control exports

              of all computer hardware, software, and technology for

              information security (including encryption), except that which

              is specifically designed or modified for military use, 

              including command, control, and intelligence applications.

                `(2) ITEMS NOT REQUIRING LICENSES- No validated license may 

              be required, except pursuant to the Trading With The Enemy Act

              or the International Emergency Economic Powers Act (but only to

              the extent that the authority of such Act is not exercised to

              extend controls imposed under this Act), for the export or

              reexport of--

                    `(A) any consumer product commercially available within

                  the United States or abroad which--

                        `(i) includes encryption capabilities which are

                      inaccessible to the end user; and

                        `(ii) is not designed for military or intelligence 

                      end use;

                    `(B) any component or subassembly designed for use in a

                  consumer product described in subparagraph (A) which itself

                  contains encryption capabilities and is not capable of

                  military or intelligence end use in its condition as

                  exported;

                    `(C) any software, including software with encryption

                  capabilities--

                        `(i) that is generally available, as is, and is

                      designed for installation by the purchaser;

                        `(ii) that is in the public domain for which 

                      copyright or other protection is not available under

                      title 17, United States Code, or that is available to

                      the public because it is generally accessible to the

                      interested public in any form; or

                        `(iii) that is customized for an otherwise lawful use

                      by a specific purchaser or group of purchasers;

                    `(D) any computing device solely because it incorporates

                  or employs in any form--

                        `(i) software (including software with encryption

                      capabilities) that is exempted from any requirement for

                      a validated license under subparagraph (C); or

                        `(ii) software that is no more technically complex in

                      its encryption capabilties than software that is

                      exempted from any requirement for a validated license

                      under subparagraph (C) but is not designed for

                      installation by the purchaser;

                    `(E) any computer hardware that is generally available,

                  solely because it has encryption capabilities; or

                    `(F) any software or computing device solely on the basis

                  that it incorporates or employs in any form interface

                  mechanisms for interaction with other hardware and 

                  software, including hardware, and software, with encryption

                  capabilities.

                `(3) SOFTWARE WITH ENCRYPTION CAPABILITIES- The Secretary

              shall authorize the export or reexport of software with

              encryption capabilities for nonmilitary end uses in any country

              to which exports of software of similar capability are 

              permitted for use by financial institutions not controlled in

              fact by United States persons, unless there is substantial

              evidence that such software will be--

                    `(A) diverted to a military end use or an end use

                  supporting international terrorism;

                    `(B) modified for military or terrorist end use; or

                    `(C) reexported without any authorization by the United

                  States that may be required under this Act.

                `(4) HARDWARE WITH ENCRYPTION CAPABILITIES- The Secretary

              shall authorize the export or reexport of computer hardware 

              with encryption capabilities if the Secretary determines that a

              product offering comparable security is commercially available

              outside the United States from a foreign supplier, without

              effective restrictions.

                `(5) DEFINITIONS- As used in this subsection--

                    `(A) the term `encryption' means the scrambling of wire 

                  or electronic information using mathematical formulas or

                  algorithms in order to preserve the confidentiality,

                  integrity, or authenticity of, and prevent unauthorized

                  recipients from accessing or altering, such information;

                    `(B) the term `generally available' means--

                        `(i) in the case of software (including software with

                      encryption capabilities), software that is offered for

                      sale, license, or transfer to any person without

                      restriction, whether or not for consideration,

                      including, but not limited to, over-the-counter retail

                      sales, mail order transactions, phone order

                      transactions, electronic distribution, or sale on

                      approval; and

                        `(ii) in the case of hardware with encryption

                      capabilities, hardware that is offered for sale,

                      license, or transfer to any person without restriction,

                      whether or not for consideration, including, but not

                      limited to, over-the-counter retail sales, mail order

                      transactions, phone order transactions, electronic

                      distribution, or sale on approval;

                    `(C) the term `as is' means, in the case of software

                  (including software with encryption capabilities), a

                  software program that is not designed, developed, or

                  tailored by the software publisher for specific purchasers,

                  except that such purchasers may supply certain installation

                  parameters needed by the software program to function

                  properly with the purchaser's system and may customize the

                  software program by choosing among options contained in the

                  software program;

                    `(D) the term `is designed for installation by the

                  purchaser' means, in the case of software (including

                  software with encryption capabilities) that--

                        `(i) the software publisher intends for the purchaser

                      (including any licensee or transferee), who may not be

                      the actual program user, to install the software 

                      program on a computing device and has supplied the

                      necessary instructions to do so, except that the

                      publisher may also provide telephone help line services

                      for software installation, electronic transmission, or

                      basic operations; and

                        `(ii) the software program is designed for

                      installation by the purchaser without further

                      substantial support by the supplier;

                    `(E) the term `computing device' means a device which

                  incorporates one or more microprocessor-based central

                  processing units that can accept, store, process, or 

                  provide output of data; and

                    `(F) the term `computer hardware', when used in

                  conjunction with information security, includes, but is not

                  limited to, computer systems, equipment,

                  application-specific assemblies, modules, and integrated

                  circuits.'.

            (b) CONTINUATION OF EXPORT ADMINISTRATION ACT- For purposes of

          carrying out the amendment made by subsection (a), the Export

          Administration Act of 1979 shall be deemed to be in effect.

          SEC. 4. SENSE OF CONGRESS REGARDING INTERNATIONAL COOPERATION.

            (a) FINDINGS- The Congress finds that--

                (1) implementing export restrictions on widely available

              technology without the concurrence of all countries capable of

              producing, transshipping, or otherwise transferring that

              technology is detrimental to the competitiveness of the United

              States and should only be imposed on technology and countries 

              in order to protect the United States against a compelling

              national security threat; and

                (2) the President has not been able to come to agreement with

              other encryption producing countries on export controls on

              encryption and has imposed excessively stringent export 

              controls on this widely available technology.

            (b) SENSE OF CONGRESS- It is the sense of the Congress that the

          President should immediately take the necessary steps to call an

          international conference for the purpose of coming to an agreement

          with encryption producing countries on policies which will ensure

          that the free use and trade of this technology does not hinder

          mutual security.

             [     [

                             SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

               [     [

           (a) SHORT TITLE- This Act may be cited as the `Security 

          and Freedom through Encryption (`SAFE') Act of 1997'.

               [     [

           (b) TABLE OF CONTENTS- The table of contents is as follows:

             [     [

               Sec. 1. Short title; table of contents.

             [     [

               Sec. 2. Statement of policy.

                [     [

                       TITLE I--DOMESTIC USES OF ENCRYPTION

             [     [

               Sec. 101. Definitions.

             [     [

               Sec. 102. Lawful use of encryption.

             [     [

               Sec. 103. Voluntary private sector participation in 

              key management infrastructure.

             [     [

               Sec. 104. Unlawful use of encryption.

                [     [

                         TITLE II--GOVERNMENT PROCUREMENT

             [     [

               Sec. 201. Federal purchases of encryption products.

             [     [

               Sec. 202. Encryption products purchased with Federal

              funds.

             [     [

               Sec. 203. Networks established with Federal funds.

             [     [

               Sec. 204. Product labels.

             [     [

               Sec. 205. No private mandate.

             [     [

               Sec. 206. Implementation.

                [     [

                         TITLE III--EXPORTS OF ENCRYPTION

             [     [

               Sec. 301. Exports of encryption.

             [     [

               Sec. 302. License exception for certain encryption

              products-

             [     [

               Sec. 303. License exception for telecommunications

              products.

             [     [

               Sec. 304. Review for certain institutions.

             [     [

               Sec. 305. Encryption industry and information security

              board.

                [     [

                         TITLE IV--LIABILITY LIMITATIONS

             [     [

               Sec. 401. Compliance with court order.

             [     [

               Sec. 402. Compliance defense.

             [     [

               Sec. 403. Reasonable care defense.

             [     [

               Sec. 404. Good faith defense.

             [     [

               Sec. 405. Sovereign immunity.

             [     [

               Sec. 406. Civil action, generally.

                [     [

                        TITLE V--INTERNATIONAL AGREEMENTS

             [     [

               Sec. 501. Sense of congress.

             [     [

               Sec. 502. Failure to negotiate.

             [     [

               Sec. 503. Report to congress.

                [     [

                        TITLE VI--MISCELLANEOUS PROVISIONS

             [     [

               Sec. 601. Effect on law enforcement activities.

             [     [

               Sec. 602. Interpretation.

             [     [

               Sec. 603. Severability.

             [     [

                             SEC. 2. STATEMENT OF POLICY.

               [     [

           It is the policy of the United States to protect public

          computer networks through the use of strong encryption technology,

          to promote and improve the export of encryption products developed

          and manufactured in the United States, and to preserve public 

          safety and national security.

                [     [

                       TITLE I--DOMESTIC USES OF ENCRYPTION

             [     [

                             SEC. 101. DEFINITIONS.

               [     [

           For purposes of this Act:

                   [     

              [  (1) ATTORNEY FOR THE GOVERNMENT- The term `attorney

              for the Government' has the meaning given such term in Rule

              54(c) of the Federal Rules of Criminal Procedure, and also

              includes any duly authorized attorney of a State who is

              authorized to prosecute criminal offenses within such State.

                   [     

              [  (2) CERTIFICATE AUTHORITY- The term `certificate

              authority' means a person trusted by one or more persons to

              create and assign public key certificates.

                   [     

              [  (3) COMMUNICATIONS- The term `communications' means

              any wire communications or electronic communications as those

              terms are defined in paragraphs (1) and (12) of section 2510 of

              title 18, United States Code.

                   [     

              [  (4) COURT OF COMPETENT JURISDICTION- The term `court

              of competent jurisdiction' means any court of the United States

              organized under Article III of the Constitution of the United

              States, the court organized under the Foreign Intelligence

              Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), or a court 

              of general criminal jurisdiction of a State authorized pursuant

              to the laws of such State to enter orders authorizing searches

              and seizures.

                   [     

              [  (5) DATA NETWORK SERVICE PROVIDER- The term `data

              network service provider' means a person offering any service 

              to the general public that provides the users thereof with the

              ability to transmit or receive data, including communications.

                   [     

              [  (6) DECRYPTION- The term `decryption' means the

              retransformation or unscrambling of encrypted data, including

              communications, to its readable plaintext version. To `decrypt'

              data, including communications, is to perform decryption.

                   [     

              [  (7) DECRYPTION INFORMATION- The term `decryption

              information' means information or technology that enables one 

              to readily retransform or unscramble encrypted data from its

              unreadable and incomprehensible format to its readable 

              plaintext version.

                   [     

              [  (8) ELECTRONIC STORAGE- The term `electronic 

              storage' has the meaning given that term in section 2510(17) of

              title 18, United States Code.

                   [     

              [  (9) ENCRYPTION- The term `encryption' means the

              transformation or scrambling of data, including communications,

              from plaintext to an unreadable or incomprehensible format,

              regardless of the technique utilized for such transformation or

              scrambling and irrespective of the medium in which such data,

              including communications, occur or can be found, for the

              purposes of protecting the content of such data, including

              communications. To `encrypt' data, including communications, is

              to perform encryption.

                   [     

              [  (10) ENCRYPTION PRODUCT- The term `encryption

              product' means any software, technology, or mechanism, that can

              be used to encrypt or decrypt, or has the capability of

              encrypting or decrypting any data, including communications.

                   [     

              [  (11) FOREIGN AVAILABILITY- The term `foreign

              availability' has the meaning applied to foreign availability 

              of encryption products subject to controls under the Export

              Administration Regulations, as in effect on September 1, 1997.

                   [     

              [  (12) GOVERNMENT- The term `Government' means the

              Government of the United States and any agency or

              instrumentality thereof, or the government of any State.

                   [     

              [  (13) INVESTIGATIVE OR LAW ENFORCEMENT OFFICER- The

              term `investigative or law enforcement officer' has the meaning

              given that term in section 2510(7) of title 18, United States

              Code.

                   [     

              [  (14) KEY RECOVERY AGENT- The term `key recovery

              agent' means a person trusted by another person or persons to

              hold and maintain sufficient decryption information to allow 

              for the immediate decryption of the encrypted data or

              communications of another person or persons for whom that

              information is held, and who holds and maintains that

              information as a business or governmental practice, whether or

              not for profit. The term `key recovery agent' includes any

              person who holds his or her decryption information.

                   [     

              [  (15) NATIONAL SECURITY- The term `national security'

              means the national defense, foreign relations, or economic

              interests of the United States.

                   [     

              [  (16) PLAINTEXT- The term `plaintext' means the

              readable or comprehensible format of data, including

              communications, prior to its being encrypted or after it has

              been decrypted.

                   [     

              [  (17) PLAINVOICE- The term `plainvoice' means

              communication specific plaintext.

                   [     

              [  (18) SECRETARY- The term `Secretary' means the

              Secretary of Commerce, unless otherwise specifically identified.

                   [     

              [  (19) STATE- The term `State' has the meaning given

              that term in section 2510(3) of title 18, United States Code.

                   [     

              [  (20) TELECOMMUNICATIONS CARRIER- The term

              `telecommunications carrier' has the meaning given that term in

              section 102(8) of the Communications Assistance for Law

              Enforcement Act (47 U.S.C. 1001(8)).

                   [     

              [  (21) TELECOMMUNICATIONS SYSTEM- The term

              `telecommunications system' means any equipment, technology, or

              related software used in the movement, switching, interchange,

              transmission, reception, or internal signaling of data,

              including communications over wire, fiber optic, radio

              frequency, or other medium.

                   [     

              [  (22) UNITED STATES PERSON- The term `United States

              person' means--

                       [   

                   [  (A) any citizen of the United States;

                       [   

                   [  (B) any other person organized under 

                  the laws of any State; and

                       [   

                   [  (C) any person organized under the laws

                  of any foreign country who is owned or controlled by

                  individuals or persons described in subparagraphs (A) and

                  (B).

             [     [

                             SEC. 102. LAWFUL USE OF ENCRYPTION.

               [     [

           Except as otherwise provided by this Act or otherwise

          provided by law, it shall be lawful for any person within any State

          and for any United States person to use any encryption product,

          regardless of encryption algorithm selected, encryption key length

          chosen, or implementation technique or medium used.

             [     [

                             SEC. 103. VOLUNTARY PRIVATE SECTOR

                            PARTICIPATION IN KEY MANAGEMENT INFRASTRUCTURE.

               [     [

           (a) USE IS VOLUNTARY- The use of certificate authorities 

          or key recovery agents is voluntary.

               [     [

           (b) REGULATIONS- The Secretary shall promulgate 

          regulations establishing standards for creating key management

          infrastructures. Such regulations should--

                   [     

              [  (1) allow for the voluntary participation by private

              persons and non-Federal entities; and

                   [     

              [  (2) promote the development of certificate

              authorities and key recovery agents.

               [     [

           (c) REGISTRATION OF CERTIFICATE AUTHORITIES AND KEY

          RECOVERY AGENTS- Certificate authorities and key recovery agents

          meeting the standards established by the Secretary may be 

          registered by the Secretary if they so choose, and may identify

          themselves as meeting the standards of the Secretary.

             [     [

                             SEC. 104. UNLAWFUL USE OF ENCRYPTION.

               [     [

           (a) IN GENERAL- Part I of title 18, United States Code, is

          amended by inserting after chapter 121 the following new chapter:

                 `CHAPTER 122--ENCRYPTED DATA, INCLUDING COMMUNICATIONS

          `Sec.

             [     [

               `2801. Unlawful use of encryption in furtherance of a

              criminal act.

             [     [

               `2802. Privacy protection.

             [     [

               `2803. Unlawful sale of encryption.

             [     [

               `2804. Encryption products manufactured and intended

              for use in the United States.

             [     [

               `2805. Injunctive relief and proceedings.

             [     [

               `2806. Court order access to plaintext.

             [     [

               `2807. Notification procedures.

             [     [

               `2808. Lawful use of plaintext or decryption

              information.

             [     [

               `2809. Identification of decryption information.

             [     [

               `2810. Unlawful export of certain encryption products.

             [     [

               `2811. Definitions.

             [     [

           `Sec. 2801. Unlawful use of encryption in furtherance of a

          criminal act

               [     [

           `(a) PROHIBITED ACTS- Whoever knowingly uses encryption in

          furtherance of the commission of a criminal offense for which the

          person may be prosecuted in a district court of the United States

          shall--

                   [     

              [  `(1) in the case of a first offense under this

              section, be imprisoned for not more than 5 years, or fined 

              under this title, or both; and

                   [     

              [  `(2) in the case of a second or subsequent offense

              under this section, be imprisoned for not more than 10 years, 

              or fined under this title, or both.

               [     [

           `(b) CONSECUTIVE SENTENCE- Notwithstanding any other

          provision of law, the court shall not place on probation any person

          convicted of a violation of this section, nor shall the term of

          imprisonment imposed under this section run concurrently with any

          other term of imprisonment imposed for the underlying criminal

          offense.

               [     [

           `(c) PROBABLE CAUSE NOT CONSTITUTED BY USE OF ENCRYPTION-

          The use of encryption alone shall not constitute probable cause to

          believe that a crime is being or has been committed.

             [     [

           `Sec. 2802. Privacy protection

               [     [

           `(a) IN GENERAL- It shall be unlawful for any person to

          intentionally--

                   [     

              [  `(1) obtain or use decryption information without

              lawful authority for the purpose of decrypting data, including

              communications;

                   [     

              [  `(2) exceed lawful authority in decrypting data,

              including communications;

                   [     

              [  `(3) break the encryption code of another person

              without lawful authority for the purpose of violating the

              privacy or security of that person or depriving that person of

              any property rights;

                   [     

              [  `(4) impersonate another person for the purpose of

              obtaining decryption information of that person without lawful

              authority;

                   [     

              [  `(5) facilitate or assist in the encryption of data,

              including communications, knowing that such data, including

              communications, are to be used in furtherance of a crime; or

                   [     

              [  `(6) disclose decryption information in violation of

              a provision of this chapter.

               [     [

           `(b) CRIMINAL PENALTY- Whoever violates this section shall

          be imprisoned for not more than 10 years, or fined under this 

          title, or both.

             [     [

           `Sec. 2803. Unlawful sale of encryption

               [     [

           `Whoever, after January 31, 2000, sells in interstate or

          foreign commerce any encryption product that does not include

          features or functions permitting duly authorized persons immediate

          access to plaintext or immediate decryption capabilities shall be

          imprisoned for not more than 5 years, fined under this title, or

          both.

             [     [

           `Sec. 2804. Encryption products manufactured and intended

          for use in the United States

               [     [

           `(a) PUBLIC NETWORK SERVICE PROVIDERS- After January 31,

          2000, public network service providers offering encryption products

          or encryption services shall ensure that such products or services

          enable the immediate decryption or access to plaintext of the data,

          including communications, encrypted by such products or services on

          the public network upon receipt of a court order or warrant,

          pursuant to section 2806.

               [     [

           `(b) MANUFACTURERS, DISTRIBUTORS, AND IMPORTERS- After

          January 31, 2000, it shall be unlawful for any person to 

          manufacture for distribution, distribute, or import encryption

          products intended for sale or use in the United States, unless that

          product--

                   [     

              [  `(1) includes features or functions that provide an

              immediate access to plaintext capability, through any means,

              mechanism, or technological method that--

                       [   

                   [  `(A) permits immediate decryption of 

                  the encrypted data, including communications, upon the

                  receipt of decryption information by an authorized party in

                  possession of a facially valid order issued by a court of

                  competent jurisdiction; and

                       [   

                   [  `(B) allows the decryption of encrypted

                  data, including communications, without the knowledge or

                  cooperation of the person being investigated, subject to 

                  the requirements set forth in section 2806;

                   [     

              [  `(2) can be used only on systems or networks that

              include features or functions that provide an immediate access

              to plaintext capability, through any means, mechanism, or

              technological method that--

                       [   

                   [  `(A) permits immediate decryption of 

                  the encrypted data, including communications, upon the

                  receipt of decryption information by an authorized party in

                  possession of a facially valid order issued by a court of

                  competent jurisdiction; and

                       [   

                   [  `(B) allows the decryption of encrypted

                  data, including communications, without the knowledge or

                  cooperation of the person being investigated, subject to 

                  the requirements set forth in section 2806; or

                   [     

              [  `(3) otherwise meets the technical requirements and

              functional criteria promulgated by the Attorney General under

              subsection (c).

               [     [

           `(c) ATTORNEY GENERAL CRITERIA-

                   [     

              [  `(1) PUBLICATION OF REQUIREMENTS- Within 180 days

              after the date of the enactment of this chapter, the Attorney

              General shall publish in the Federal Register technical

              requirements and functional criteria for complying with the

              decryption requirements set forth in this section.

                   [     

              [  `(2) PROCEDURES FOR ADVISORY OPINIONS- Within 180

              days after the date of the enactment of this chapter, the

              Attorney General shall promulgate procedures by which data

              network service providers and encryption product manufacturers,

              sellers, re-sellers, distributors, and importers may obtain

              advisory opinions as to whether an encryption product intended

              for sale or use in the United States after January 31, 2000,

              meets the requirements of this section and the technical

              requirements and functional criteria promulgated pursuant to

              paragraph (1).

                   [     

              [  `(3) PARTICULAR METHODOLOGY NOT REQUIRED- Nothing in

              this chapter or any other provision of law shall be construed 

              as requiring the implementation of any particular decryption

              methodology in order to satisfy the requirements of subsections

              (a) and (b), or the technical requirements and functional

              criteria required by the Attorney General under paragraph (1).

               [     [

           `(d) USE OF PRIOR PRODUCTS LAWFUL- After January 31, 2000,

          it shall not be unlawful to use any encryption product purchased or

          in use prior to such date.

             [     [

           `Sec. 2805. Injunctive relief and proceedings

               [     [

           `(a) INJUNCTION- Whenever it appears to the Secretary or

          the Attorney General that any person is engaged in, or is about to

          engage in, any act that constitutes, or would constitute, a

          violation of section 2804, the Attorney General may initiate a 

          civil action in a district court of the United States to enjoin 

          such violation. Upon the filing of the complaint seeking injunctive

          relief by the Attorney General, the court shall automatically issue

          a temporary restraining order against the party being sued.

               [     [

           `(b) BURDEN OF PROOF- In a suit brought by the Attorney

          General under subsection (a), the burden shall be upon the

          Government to establish by a preponderance of the evidence that the

          encryption product involved does not comport with the requirements

          set forth by the Attorney General pursuant to section 2804 

          providing for immediate access to plaintext by Federal, State, or

          local authorities.

               [     [

           `(c) CLOSING OF PROCEEDINGS- (1) Upon motion of the party

          against whom injunction is being sought--

                   [     

              [  `(A) any or all of the proceedings under this 

              section shall be closed to the public; and

                   [     

              [  `(B) public disclosure of the proceedings shall be

              treated as contempt of court.

               [     [

           `(2) Upon a written finding by the court that public

          disclosure of information relevant to the prosecution of the

          injunction or relevant to a determination of the factual or legal

          issues raised in the case would cause irreparable or financial harm

          to the party against whom the suit is brought, or would otherwise

          disclose proprietary information of any party to the case, all

          proceedings shall be closed to members of the public, except the

          parties to the suit, and all transcripts, motions, and orders shall

          be placed under seal to protect their disclosure to the general

          public.

               [     [

           `(d) ADVISORY OPINION AS DEFENSE- It is an absolute 

          defense to a suit under this subsection that the party against whom

          suit is brought obtained an advisory opinion from the Attorney

          General pursuant to section 2804(c) and that the product at issue 

          in the suit comports in every aspect with the requirements 

          announced in such advisory opinion.

               [     [

           `(e) BASIS FOR PERMANENT INJUNCTION- The court shall issue

          a permanent injunction against the distribution of, and any future

          manufacture of, the encryption product at issue in the suit filed

          under subsection (a) if the court finds by a preponderance of the

          evidence that the product does not meet the requirements set forth

          by the Attorney General pursuant to section 2804 providing for

          immediate access to plaintext by Federal, State, or local

          authorities.

               [     [

           `(f) APPEALS- Either party may appeal, to the appellate

          court with jurisdiction of the case, any adverse ruling by the

          district court entered pursuant to this section. For the purposes 

          of appeal, the parties shall be governed by the Federal Rules of

          Appellate Procedure, except that the Government shall file its

          notice of appeal not later than 30 days after the entry of the 

          final order on the docket of the district court. The appeal of such

          matter shall be considered on an expedited basis and resolved as

          soon as practicable.

             [     [

           `Sec. 2806. Court order access to plaintext

               [     [

           `(a) COURT ORDER- (1) A court of competent jurisdiction

          shall issue an order, ex parte, granting an investigative or law

          enforcement officer immediate access to the plaintext of encrypted

          data, including communications, or requiring any person in

          possession of decryption information to provide such information to

          a duly authorized investigative or law enforcement officer--

                   [     

              [  `(A) upon the application by an attorney for the

              Government that--

                       [   

                   [  `(i) is made under oath or affirmation

                  by the attorney for the Government; and

                       [   

                   [  `(ii) provides a factual basis

                  establishing the relevance that the plaintext or decryption

                  information being sought has to a law enforcement or 

                  foreign counterintelligence investigation then being

                  conducted pursuant to lawful authorities; and

                   [     

              [  `(B) if the court finds, in writing, that the

              plaintext or decryption information being sought is relevant to

              an ongoing lawful law enforcement or foreign 

              counterintelligence investigation and the investigative or law

              enforcement officer is entitled to such plaintext or decryption

              information.

               [     [

           `(2) The order issued by the court under this section 

          shall be placed under seal, except that a copy may be made 

          available to the investigative or law enforcement officer 

          authorized to obtain access to the plaintext of the encrypted

          information, or authorized to obtain the decryption information

          sought in the application. Such order shall also be made available

          to the person responsible for providing the plaintext or the

          decryption information, pursuant to such order, to the 

          investigative or law enforcement officer.

               [     [

           `(3) Disclosure of an application made, or order issued,

          under this section, is not authorized, except as may otherwise be

          specifically permitted by this section or another order of the court.

               [     [

           `(b) OTHER ORDERS- An attorney for the Government may make

          application to a district court of the United States for an order

          under subsection (a), upon a request from a foreign country 

          pursuant to a Mutual Legal Assistance Treaty with such country that

          is in effect at the time of the request from such country.

               [     [

           `(c) RECORD OF ACCESS REQUIRED- (1) There shall be created

          an electronic record, or similar type record, of each instance in

          which an investigative or law enforcement officer, pursuant to an

          order under this section, gains access to the plaintext of 

          otherwise encrypted information, or is provided decryption

          information, without the knowledge or consent of the owner of the

          data, including communications, who is the user of the encryption

          product involved.

               [     [

           `(2) The court issuing the order under this section shall

          require that the electronic or similar type of record described in

          paragraph (1) is maintained in a place and a manner that is not

          within the custody or control of an investigative or law 

          enforcement officer gaining the access or provided the decryption

          information. The record shall be tendered to the court, upon notice

          from the court.

               [     [

           `(3) The court receiving such electronic or similar type 

          of record described in paragraph (1) shall make the original and a

          certified copy of the record available to the attorney for the

          Government making application under this section, and to the

          attorney for, or directly to, the owner of the data, including

          communications, who is the user of the encryption product.

               [     [

           `(d) AUTHORITY TO INTERCEPT COMMUNICATIONS NOT INCREASED-

          Nothing in this chapter shall be construed to enlarge or modify the

          circumstances or procedures under which a Government entity is

          entitled to intercept or obtain oral, wire, or electronic

          communications or information.

               [     [

           `(e) CONSTRUCTION- This chapter shall be strictly 

          construed to apply only to a Government entity's ability to decrypt

          data, including communications, for which it has previously 

          obtained lawful authority to intercept or obtain pursuant to other

          lawful authorities that would otherwise remain encrypted.

             [     [

           `Sec. 2807. Notification procedures

               [     [

           `(a) IN GENERAL- Within a reasonable time, but not later

          than 90 days after the filing of an application for an order under

          section 2806 which is granted, the court shall cause to be served,

          on the persons named in the order or the application, and such 

          other parties whose decryption information or whose plaintext has

          been provided to an investigative or law enforcement officer

          pursuant to this chapter as the court may determine that is in the

          interest of justice, an inventory which shall include notice of--

                   [     

              [  `(1) the fact of the entry of the order or the

              application;

                   [     

              [  `(2) the date of the entry of the application and

              issuance of the order; and

                   [     

              [  `(3) the fact that the person's decryption

              information or plaintext data, including communications, have

              been provided or accessed by an investigative or law 

              enforcement officer.

          The court, upon the filing of a motion, may make available to that

          person or that person's counsel, for inspection, such portions of

          the plaintext, applications, and orders as the court determines to

          be in the interest of justice. On an ex parte showing of good cause

          to a court of competent jurisdiction, the serving of the inventory

          required by this subsection may be postponed.

               [     [

           `(b) ADMISSION INTO EVIDENCE- The contents of any 

          encrypted information that has been obtained pursuant to this

          chapter or evidence derived therefrom shall not be received in

          evidence or otherwise disclosed in any trial, hearing, or other

          proceeding in a Federal or State court unless each party, not less

          than 10 days before the trial, hearing, or proceeding, has been

          furnished with a copy of the order, and accompanying application,

          under which the decryption or access to plaintext was authorized or

          approved. This 10-day period may be waived by the court if the 

          court finds that it was not possible to furnish the party with the

          information described in the preceding sentence within 10 days

          before the trial, hearing, or proceeding and that the party will 

          not be prejudiced by the delay in receiving such information.

               [     [

           `(c) CONTEMPT- Any violation of the provisions of this

          section may be punished by the court as a contempt thereof.

               [     [

           `(d) MOTION TO SUPPRESS- Any aggrieved person in any 

          trial, hearing, or proceeding in or before any court, department,

          officer, agency, regulatory body, or other authority of the United

          States or a State may move to suppress the contents of any 

          decrypted data, including communications, obtained pursuant to this

          chapter, or evidence derived therefrom, on the grounds that --

                   [     

              [  `(1) the plaintext was unlawfully decrypted or

              accessed;

                   [     

              [  `(2) the order of authorization or approval under

              which it was decrypted or accessed is insufficient on its face;

              or

                   [     

              [  `(3) the decryption was not made in conformity with

              the order of authorization or approval.

          Such motion shall be made before the trial, hearing, or proceeding

          unless there was no opportunity to make such motion, or the person

          was not aware of the grounds of the motion. If the motion is

          granted, the plaintext of the decrypted data, including

          communications, or evidence derived therefrom, shall be treated as

          having been obtained in violation of this chapter. The court, upon

          the filing of such motion by the aggrieved person, may make

          available to the aggrieved person or that person's counsel for

          inspection such portions of the decrypted plaintext, or evidence

          derived therefrom, as the court determines to be in the interests 

          of justice.

               [     [

           `(e) APPEAL BY UNITED STATES- In addition to any other

          right to appeal, the United States shall have the right to appeal

          from an order granting a motion to suppress made under subsection

          (d), or the denial of an application for an order under section

          2806, if the United States attorney certifies to the court or other

          official granting such motion or denying such application that the

          appeal is not taken for purposes of delay. Such appeal shall be

          taken within 30 days after the date the order was entered on the

          docket and shall be diligently prosecuted.

               [     [

           `(f) CIVIL ACTION FOR VIOLATION- Except as otherwise

          provided in this chapter, any person described in subsection (g) 

          may in a civil action recover from the United States Government the

          actual damages suffered by the person as a result of a violation

          described in that subsection, reasonable attorney's fees, and other

          litigation costs reasonably incurred in prosecuting such claim.

               [     [

           `(g) COVERED PERSONS- Subsection (f) applies to any person

          whose decryption information--

                   [     

              [  `(1) is knowingly obtained without lawful authority

              by an investigative or law enforcement officer;

                   [     

              [  `(2) is obtained by an investigative or law

              enforcement officer with lawful authority and is knowingly used

              or disclosed by such officer unlawfully; or

                   [     

              [  `(3) is obtained by an investigative or law

              enforcement officer with lawful authority and whose decryption

              information is unlawfully used to disclose the plaintext of the

              data, including communications.

               [     [

           `(h) LIMITATION- A civil action under subsection (f) shall

          be commenced not later than 2 years after the date on which the

          unlawful action took place, or 2 years after the date on which the

          claimant first discovers the violation, whichever is later.

               [     [

           `(i) EXCLUSIVE REMEDIES- The remedies and sanctions

          described in this chapter with respect to the decryption of data,

          including communications, are the only judicial remedies and

          sanctions for violations of this chapter involving such 

          decryptions, other than violations based on the deprivation of any

          rights, privileges, or immunities secured by the Constitution.

               [     [

           `(j) TECHNICAL ASSISTANCE BY PROVIDERS- A provider of

          encryption technology or network service that has received an order

          issued by a court pursuant to this chapter shall provide to the

          investigative or law enforcement officer concerned such technical

          assistance as is necessary to execute the order. Such provider may,

          however, move the court to modify or quash the order on the ground

          that its assistance with respect to the decryption or access to

          plaintext cannot be performed in a timely or reasonable fashion. 

          The court, upon notice to the Government, shall decide such motion

          expeditiously.

               [     [

           `(k) REPORTS TO CONGRESS- In May of each year, the 

          Attorney General, or an Assistant Attorney General specifically

          designated by the Attorney General, shall report in writing to

          Congress on the number of applications made and orders entered

          authorizing Federal, State, and local law enforcement access to

          decryption information for the purposes of reading the plaintext of

          otherwise encrypted data, including communications, pursuant to 

          this chapter. Such reports shall be submitted to the Committees on

          the Judiciary of the House of Representatives and of the Senate, 

          and to the Permanent Select Committee on Intelligence for the House

          of Representatives and the Select Committee on Intelligence for the

          Senate.

             [     [

           `Sec. 2808. Lawful use of plaintext or decryption

          information

               [     [

           `(a) AUTHORIZED USE OF DECRYPTION INFORMATION-

                   [     

              [  `(1) CRIMINAL INVESTIGATIONS- An investigative or 

              law enforcement officer to whom plaintext or decryption

              information is provided may use such plaintext or decryption

              information for the purposes of conducting a lawful criminal

              investigation or foreign counterintelligence investigation, and

              for the purposes of preparing for and prosecuting any criminal

              violation of law.

                   [     

              [  `(2) CIVIL REDRESS- Any plaintext or decryption

              information provided under this chapter to an investigative or

              law enforcement officer may not be disclosed, except by court

              order, to any other person for use in a civil proceeding that 

              is unrelated to a criminal investigation and prosecution for

              which the plaintext or decryption information is authorized

              under paragraph (1). Such order shall only issue upon a showing

              by the party seeking disclosure that there is no alternative

              means of obtaining the plaintext, or decryption information,

              being sought and the court also finds that the interests of

              justice would not be served by nondisclosure.

               [     [

           `(b) LIMITATION- An investigative or law enforcement

          officer may not use decryption information obtained under this

          chapter to determine the plaintext of any data, including

          communications, unless it has obtained lawful authority to obtain

          such data, including communications, under other lawful authorities.

               [     [

           `(c) RETURN OF DECRYPTION INFORMATION- An attorney for the

          Government shall, upon the issuance of an order of a court of

          competent jurisdiction--

                   [     

              [  `(1)(A) return any decryption information to the

              person responsible for providing it to an investigative or law

              enforcement officer pursuant to this chapter; or

                   [     

              [  `(B) destroy such decryption information, if the

              court finds that the interests of justice or public safety

              require that such decryption information should not be returned

              to the provider; and

                   [     

              [  `(2) within 10 days after execution of the court's

              order to destroy the decryption information--

                       [   

                   [  `(A) certify to the court that the

                  decryption information has either been returned or 

                  destroyed consistent with the court's order; and

                       [   

                   [  `(B) notify the provider of the

                  decryption information of the destruction of such

                  information.

               [     [

           `(d) OTHER DISCLOSURE OF DECRYPTION INFORMATION- Except as

          otherwise provided in section 2806, a key recovery agent may not

          disclose decryption information stored with the key recovery agent

          by a person unless the disclosure is--

                   [     

              [  `(1) to the person, or an authorized agent thereof;

                   [     

              [  `(2) with the consent of the person, including

              pursuant to a contract entered into with the person;

                   [     

              [  `(3) pursuant to a court order upon a showing of

              compelling need for the information that cannot be accommodated

              by any other means if--

                       [   

                   [  `(A) the person who supplied the

                  information is given reasonable notice, by the person

                  seeking the disclosure, of the court proceeding relevant to

                  the issuance of the court order; and

                       [   

                   [  `(B) the person who supplied the

                  information is afforded the opportunity to appear in the

                  court proceeding and contest the claim of the person 

                  seeking the disclosure;

                   [     

              [  `(4) pursuant to a determination by a court of

              competent jurisdiction that another person is lawfully entitled

              to hold such decryption information, including determinations

              arising from legal proceedings associated with the incapacity,

              death, or dissolution of any person; or

                   [     

              [  `(5) otherwise permitted by a provision of this

              chapter or otherwise permitted by law.

             [     [

           `Sec. 2809. Identification of decryption information

               [     [

           `(a) IDENTIFICATION- To avoid inadvertent disclosure, any

          person who provides decryption information to an investigative or

          law enforcement officer pursuant to this chapter shall specifically

          identify that part of the material provided that discloses

          decryption information as such.

               [     [

           `(b) RESPONSIBILITY OF INVESTIGATIVE OR LAW ENFORCEMENT

          OFFICER- The investigative or law enforcement officer receiving any

          decryption information under this chapter shall maintain such

          information in facilities and in a method so as to reasonably 

          assure that inadvertent disclosure does not occur.

             [     [

           `Sec. 2810. Unlawful export of certain encryption products

               [     [

           `Whoever, after January 31, 2000, knowingly exports an

          encryption product that does not include features or functions

          providing duly authorized persons immediate access to plaintext or

          immediate decryption capabilities, as required under law, shall be

          imprisoned for not more than 5 years, fined under this title, or

          both.

             [     [

           `Sec. 2811. Definitions

               [     [

           `The definitions set forth in section 101 of the Security

          and Freedom through Encryption (`SAFE`) Act of 1997 shall apply to

          this chapter.'.

               [     [

           (b) CONFORMING AMENDMENT- The table of chapters for part I

          of title 18, United States Code, is amended by inserting after the

          item relating to chapter 121 the following new item:

            2801'.  

                [     [

                         TITLE II--GOVERNMENT PROCUREMENT

             [     [

                             SEC. 201. FEDERAL PURCHASES OF 

                            ENCRYPTION PRODUCTS.

               [     [

           After January 1, 1999, any encryption product or service

          purchased or otherwise procured by the United States Government to

          provide the security service of data confidentiality for a Federal

          computer system shall include a technique enabling immediate

          decryption by an authorized party without the knowledge or

          cooperation of the person using such encryption products or services.

             [     [

                             SEC. 202. ENCRYPTION PRODUCTS PURCHASED

                            WITH FEDERAL FUNDS.

               [     [

           After January 1, 1999, any encryption product or service

          purchased directly with Federal funds to provide the security

          service of data confidentiality shall include a technique enabling

          immediate decryption by an authorized party without the knowledge 

          or cooperation of the person using such encryption product or

          service unless the Secretary, with the concurrence of the Attorney

          General, determines implementing this requirement would not promote

          the purposes of this Act.

             [     [

                             SEC. 203. NETWORKS ESTABLISHED WITH

                            FEDERAL FUNDS.

               [     [

           After January 1, 1999, any communications network

          established with the use of Federal funds shall use encryption

          products which include techniques enabling immediate decryption by

          an authorized party without the knowledge or cooperation of the

          person using such encryption products or services unless the

          Secretary, with the concurrence of the Attorney General, determines

          implementing this requirement would not promote the purposes of 

          this Act.

             [     [

                             SEC. 204. PRODUCT LABELS.

               [     [

           An encryption product may be labeled to inform users that

          the product is authorized for sale to or for use in transactions 

          and communications with the United States Government under this

          title.

             [     [

                             SEC. 205. NO PRIVATE MANDATE.

               [     [

           The United States Government may not mandate the use of

          encryption standards for the private sector other than for use with

          computer systems, networks, or other systems of the United States

          Government, or systems or networks created using Federal funds.

             [     [

                             SEC. 206. IMPLEMENTATION.

               [     [

           (a) EXCLUSION- Nothing in this title shall apply to

          encryption products and services used solely for access control,

          authentication, integrity, nonrepudiation, digital signatures, or

          other similar purposes.

               [     [

           (b) RULEMAKING- The Secretary, in consultation with the

          Attorney General and other affected agencies, may through rules

          provide for the orderly implementation of this title and the

          effective use of secure public networks.

                [     [

                         TITLE III--EXPORTS OF ENCRYPTION

             [     [

                             SEC. 301. EXPORTS OF ENCRYPTION.

               [     [

           (a) COORDINATION OF EXECUTIVE BRANCH AGENCIES REQUIRED- 

          The Secretary, in close coordination with the Secretary of Defense

          and any other executive branch department or agency with

          responsibility for protecting the national security, shall have the

          authority to control the export of encryption products not

          controlled on the United States Munitions List.

               [     [

           (b) DECISIONS NOT SUBJECT TO JUDICIAL REVIEW- Decisions

          made by the Secretary pursuant to subsection (a) with respect to

          exports of encryption products under this title shall not be 

          subject to judicial review.

             [     [

                             SEC. 302. LICENSE EXCEPTION FOR CERTAIN

                            ENCRYPTION PRODUCTS.

               [     [

           (a) LICENSE EXCEPTION- After January 31, 2000, encryption

          products, without regard to encryption strength, shall be eligible

          for export under a license exception if such encryption product--

                   [     

              [  (1) is submitted to the Secretary for a 1-time

              product review;

                   [     

              [  (2) does not include features or functions that 

              would otherwise require licensing under applicable regulations;

                   [     

              [  (3) is not destined for countries, end users, or end

              uses that the Secretary, in coordination with the Secretary of

              Defense and other executive branch departments or agencies with

              responsibility for protecting the national security, by

              regulation, has determined should be ineligible to receive such

              products, and is otherwise qualified for export; and

                   [     

              [  (4)(A) includes features or functions providing an

              immediate access to plaintext capability, if there is lawful

              authority for such immediate access; or

                   [     

              [  (B) includes features or functions providing an

              immediate decryption capability of the encrypted data, 

              including communications, upon the receipt of decryption

              information by an authorized party, and such decryption can be

              accomplished without unauthorized disclosure.

               [     [

           (b) ENABLING OF DECRYPTION CAPABILITIES- The features or

          functions described in subsection (a)(4) need not be enabled by the

          manufacturer before or at the time of export for purposes of this

          title. Such features or functions may be enabled by the purchaser 

          or end user.

               [     [

           (c) RESPONSIBILITIES OF THE SECRETARY- The Secretary, in

          close coordination with the Secretary of Defense and other 

          executive branch departments or agencies with responsibility for

          protecting the national security, shall--

                   [     

              [  (1) specify, by regulation, the information that 

              must be submitted for the 1-time review referred to in this

              section; and

                   [     

              [  (2) make all export determinations under this title

              within 30 days following the date of submission to the 

              Secretary of--

                       [   

                   [  (A) the completed application for a

                  license exception; and

                       [   

                   [  (B) the encryption product intended for

                  export that is to be reviewed as required by this section.

               [     [

           (d) EXERCISE OF OTHER AUTHORITIES- The Secretary, and the

          Secretary of Defense, may exercise the authorities they have under

          other provisions of law, including the Export Administration Act of

          1979, as continued in effect under the International Emergency

          Economic Powers Act, to carry out this section.

               [     [

           (e) PRESUMPTION IN FAVOR OF EXPORTS- There shall be a

          presumption in favor of export of encryption products under this

          title.

               [     [

           (f) WAIVER AUTHORITY- The President may by Executive order

          waive any provision of this title, or the applicability of any such

          provision to a person or entity, if the President determines that

          the waiver is in the interests of national security or public 

          safety and security. The President shall submit a report to the

          relevant committees of the Congress not later than 15 days after

          such determination. The report shall include the factual basis upon

          which such determination was made. The report may be in classified

          format.

               [     [

           (g) RELEVANT COMMITTEES- The relevant committees of the

          Congress described in subsection (f) are the Committee on

          International Relations, the Committee on the Judiciary, the

          Committee on National Security, and the Permanent Select Committee

          on Intelligence of the House of Representatives, and the Committee

          on Foreign Relations, the Committee on the Judiciary, the Committee

          on Armed Services, and the Select Committee on Intelligence of the

          Senate.

             [     [

                             SEC. 303. LICENSE EXCEPTION FOR

                            TELECOMMUNICATIONS PRODUCTS.

               [     [

           After a 1-time review as described in section 302, the

          Secretary shall authorize for export under a license exception 

          voice encryption products that do not contain decryption or access

          to plainvoice features or functions otherwise required in section

          302, if the Secretary, after consultation with relevant executive

          branch departments or agencies, determines that--

                   [     

              [  (1) information recovery requirements for such

              exports would disadvantage United States exporters; and

                   [     

              [  (2) such exports under a license exception would not

              create a risk to the foreign policy, non-proliferation, or

              national security of the United States.

             [     [

                             SEC. 304. REVIEW FOR CERTAIN INSTITUTIONS.

               [     [

           The Secretary, in consultation with other executive branch

          departments or agencies, shall establish a procedure for expedited

          review of export license applications involving encryption products

          for use by qualified banks, financial institutions, subsidiaries of

          companies owned or controlled by United States persons, or other

          users specifically authorized by the Secretary.

             [     [

                             SEC. 305. ENCRYPTION INDUSTRY AND

                            INFORMATION SECURITY BOARD.

               [     [

           (a) ENCRYPTION INDUSTRY AND INFORMATION SECURITY BOARD

          ESTABLISHED- There is hereby established an Encryption Industry and

          Information Security Board. The Board shall undertake an advisory

          role for the President.

               [     [

           (b) PURPOSES- The purposes of the Board are--

                   [     

              [  (1) to provide a forum to foster communication and

              coordination between industry and the Federal Government on

              matters relating to the use of encryption products;

                   [     

              [  (2) to promote the export of encryption products

              manufactured in the United States;

                   [     

              [  (3) to encourage research and development of 

              products that will foster electronic commerce;

                   [     

              [  (4) to recommend policies enhancing the security of

              public networks;

                   [     

              [  (5) to promote the protection of intellectual

              property and privacy rights of individuals using public networks;

                   [     

              [  (6) to enable the United States to effectively and

              continually understand the benefits and risks to its national

              security, law enforcement, and public safety interests by 

              virtue of the proliferation of strong encryption on the global

              market;

                   [     

              [  (7) to evaluate and make recommendations regarding

              the further development and use of encryption;

                   [     

              [  (8) to advance the development of international

              standards regarding interoperability and global use of

              encryption products; and

                   [     

              [  (9) to evaluate the foreign availability of

              encryption products and their threat to United States industry.

               [     [

           (c) MEMBERSHIP- (1) The Board shall be composed of 13

          members, as follows:

                   [     

              [  (A) The Secretary, or the Secretary's designee, who

              shall chair the Board.

                   [     

              [  (B) The Attorney General, or the Director of the

              Federal Bureau of Investigation, or a respective designee.

                   [     

              [  (C) The Secretary of Defense, or the Secretary's

              designee.

                   [     

              [  (D) the Director of Central Intelligence, or his or

              her designee.

                   [     

              [  (E) The Special Assistant to the President for

              National Security Affairs, or his or her designee.

                   [     

              [  (F) Two private sector individuals, appointed by the

              President, who have expertise in consumer and privacy interests

              relating to or affected by information security technology.

                   [     

              [  (G) Six representatives from the private sector who

              have expertise in the development, operation, marketing, law, 

              or public policy relating to information security or technology.

               [     [

           (2) The six private sector representatives described in

          paragraph (1)(G) shall be appointed as follows:

                       [   

                   [  (A) Two by the Speaker of the House of

                  Representatives.

                       [   

                   [  (B) One by the Minority Leader of the

                  House of Representatives.

                       [   

                   [  (C) Two by the Majority Leader of the

                  Senate.

                       [   

                   [  (D) One by the Minority Leader of the

                  Senate.

               [     [

           (e) MEETINGS- The Board shall meet at such times and in

          such places as the Secretary may prescribe, but not less frequently

          than every four months. The Federal Advisory Committee Act (5 

          U.S.C. App.) does not apply to the Board or to meetings held by the

          Board under this section.

               [     [

           (f) FINDINGS AND RECOMMENDATIONS- The chair of the Board

          shall convey the findings and recommendations of the Board to the

          President and to the Congress within 30 days after each meeting of

          the Board. The recommendations of the Board are not binding upon 

          the President.

               [     [

           (g) FOREIGN AVAILABILITY- The consideration of foreign

          availability by the Board shall include computer software that is

          distributed over the Internet or advertised for sale, license, or

          transfer, including over-the-counter retail sales, mail order

          transactions, telephone order transactions, electronic 

          distribution, or sale on approval.

                [     [

                         TITLE IV--LIABILITY LIMITATIONS

             [     [

                             SEC. 401. COMPLIANCE WITH COURT ORDER.

               [     [

           (a) NO LIABILITY FOR COMPLIANCE- Subject to subsection 

          (b), no civil or criminal liability under this Act, or under any

          other provision of law, shall attach to any person for disclosing 

          or providing--

                   [     

              [  (1) the plaintext of encrypted data, including

              communications;

                   [     

              [  (2) the decryption information of such encrypted

              data, including communications; or

                   [     

              [  (3) technical assistance for access to the plaintext

              of, or decryption information for, encrypted data, including

              communications.

               [     [

           (b) EXCEPTION- Subsection (a) shall not apply to a person

          who provides plaintext or decryption information to another and is

          not authorized by court order to disclose such plaintext or

          decryption information.

             [     [

                             SEC. 402. COMPLIANCE DEFENSE.

               [     [

           Compliance with the provisions of sections 2806, 2807,

          2808, or 2809 of title 18, United States Code, as added by section

          104(a) of this Act, or any regulations authorized thereunder, shall

          provide a complete defense for any civil action for damages based

          upon activities covered by this Act, other than an action founded 

          on contract.

             [     [

                             SEC. 403. REASONABLE CARE DEFENSE.

               [     [

           The participation by person in the key management

          infrastructure established by regulation for United States

          Government information security operations under section 103 shall

          be treated as evidence of reasonable care or due diligence in any

          proceeding where the reasonableness of one's actions is an element

          of the claim at issue.

             [     [

                             SEC. 404. GOOD FAITH DEFENSE.

               [     [

           An objectively reasonable reliance on the legal authority

          provided by this Act and the amendments made by this Act, requiring

          or authorizing access to the plaintext of otherwise encrypted data,

          including communications, or to the decryption information that 

          will allow the immediate decryption of data, including

          communications, that is otherwise encrypted, shall be a complete

          defense to any criminal or civil action that may be brought under

          the laws of the United States or any State.

             [     [

                             SEC. 405. SOVEREIGN IMMUNITY.

               [     [

           Except as otherwise specifically provided otherwise,

          nothing in this Act or the amendments made by this Act, or any

          regulations promulgated thereunder, modifies or amends the 

          sovereign immunity of the United States.

             [     [

                             SEC. 406. CIVIL ACTION, GENERALLY.

               [     [

           A civil action may be brought against any person who,

          regardless of that person's participation in the key management

          infrastructure to be established by regulations promulgated by the

          Secretary pursuant to section 103, violates or acts in a manner 

          that is inconsistent with or violates the provisions or intent of

          this Act or the amendments made by this Act.

                [     [

                        TITLE V--INTERNATIONAL AGREEMENTS

             [     [

                             SEC. 501. SENSE OF CONGRESS.

               [     [

           It is the sense of Congress that--

                   [     

              [  (1) the President should conduct negotiations with

              foreign governments for the purposes of mutual recognition of

              any key management infrastructures, and their component parts,

              that exist or are developed; and

                   [     

              [  (2) such mutual recognition agreements will 

              safeguard the privacy of the citizens of the United States,

              prevent economic espionage, and enhance the information 

              security needs of the United States.

             [     [

                             SEC. 502. FAILURE TO NEGOTIATE.

               [     [

           The President may consider a government's refusal to

          negotiate mutual recognition agreements described in section 501

          when considering the participation of the United States in any

          cooperation or assistance program with that country.

             [     [

                             SEC. 503. REPORT TO CONGRESS.

               [     [

           (a) REPORT TO CONGRESS- The President shall report 

          annually to the Congress on the status of the international effort

          outlined by section 501.

               [     [

           (b) FIRST REPORT- The first report required under

          subsection (a) shall be submitted in unclassified form no later 

          than December 15, 1998.

                [     [

                        TITLE VI--MISCELLANEOUS PROVISIONS

             [     [

                             SEC. 601. EFFECT ON LAW ENFORCEMENT

                            ACTIVITIES.

               [     [

           (a) COLLECTION OF INFORMATION BY ATTORNEY GENERAL- The

          Attorney General shall compile, and maintain in classified form,

          data on the instances in which encryption has interfered with,

          impeded, or obstructed the ability of the Department of Justice to

          enforce the criminal laws of the United States.

               [     [

           (b) AVAILABILITY OF INFORMATION TO THE CONGRESS- The

          information compiled under subsection (a), including an 

          unclassified summary thereof, shall be made available, upon 

          request, to any Member of Congress.

             [     [

                             SEC. 602. INTERPRETATION.

               [     [

           Nothing contained in this Act or the amendments made by

          this Act shall be deemed to--

                   [     

              [  (1) preempt or otherwise affect the application of

              the Arms Export Control Act (22 U.S.C. 2751 et seq.), the 

              Export Administration Act of 1979 (50 U.S.C. App. 2401 et 

              seq.), or the International Emergency Economic Powers Act (50

              U.S.C. 1701 et seq.) or any regulations promulgated thereunder;

                   [     

              [  (2) affect foreign intelligence activities of the

              United States; or

                   [     

              [  (3) negate or diminish any intellectual property

              protections under the laws of the United States or of any State.

             [     [

                             SEC. 603. SEVERABILITY.

               [     [

           If any provision of this Act or the amendments made by 

          this Act, or the application thereof, to any person or 

          circumstances is held invalid by a court of the United States, the

          remainder of this Act or such amendments, and the application

          thereof, to other persons or circumstances shall not be affected

          thereby.  ]     ] 

           

            (  SECTION 1. SHORT TITLE.

              (  This Act may be cited as the `Security and

          Freedom Through Encryption (SAFE) Act'.

            (  SEC. 2. SALE AND USE OF ENCRYPTION.

              (  (a) IN GENERAL- Part I of title 18, United

          States Code, is amended by inserting after chapter 123 the 

          following new chapter:

                 (  `CHAPTER 125--ENCRYPTED WIRE AND

                             ELECTRONIC INFORMATION 

            (  `2801. Definitions.

            (  `2802. Assistance for law enforcement.

            (  `2803. Freedom to sell encryption.

            (  `2804. Prohibition on mandatory key escrow.

            (  `2805. Unlawful use of encryption in

              furtherance of a criminal act.

            (  `2806. Liability limitations.

            (  `Sec. 2801. Definitions

              (  `As used in this chapter--

                  (  `(1) the terms `person', `State', `wire

              communication', `electronic communication', and `investigative

              or law enforcement officer' have the meanings given those terms

              in section 2510 of this title;

                  (  `(2) the terms `encrypt' and 

              `encryption' refer to the scrambling of wire communications,

              electronic communications, or electronically stored 

              information, using mathematical formulas or algorithms in order

              to preserve the confidentiality, integrity, or authenticity of,

              and prevent unauthorized recipients from accessing or altering,

              such communications or information;

                  (  `(3) the term `key' means the variable

              information used in a mathematical formula, code, or algorithm,

              or any component thereof, used to decrypt wire communications,

              electronic communications, or electronically stored 

              information, that has been encrypted; and

                  (  `(4) the term `United States person'

              means--

                      (  `(A) any United States citizen;

                      (  `(B) any other person organized 

                  under the laws of any State; and

                      (  `(C) any person organized under the

                  laws of any foreign country who is owned or controlled by

                  individuals or persons described in subparagraphs (A) and

                  (B).

            (  `Sec. 2802. Assistance for law enforcement

              (  `(a) NATIONAL ELECTRONIC TECHNOLOGIES CENTER- 

                  (  `(1) ESTABLISHMENT- There is established

              in the Department of Justice a National Electronic Technologies

              Center (in this subsection referred to as the `NET Center').

                  (  `(2) DIRECTOR- The NET Center shall have

              a Director, who shall be appointed by the Attorney General.

                  (  `(3) DUTIES- The duties of the NET 

              Center shall be--

                      (  `(A) to serve as a center for

                  Federal, State, and local law enforcement authorities for

                  information and assistance regarding decryption and other

                  access requirements;

                      (  `(B) to serve as a center for

                  industry and government entities to exchange information 

                  and methodology regarding information security techniques

                  and technologies;

                      (  `(C) to examine encryption 

                  techniques and methods to facilitate the ability of law

                  enforcement to gain efficient access to plaintext of

                  communications and electronic information;

                      (  `(D) to conduct research to develop

                  efficient methods, and improve the efficiency of existing

                  methods, of accessing plaintext of communications and

                  electronic information;

                      (  `(E) to investigate and research new

                  and emerging techniques and technologies to facilitate

                  access to communications and electronic information,

                  including --

                          (  `(i) reverse-steganography;

                          (  `(ii) decompression of

                      information that previously has been compressed for

                      transmission; and

                          (  `(iii) de-multiplexing; and

                      (  `(F) to obtain information regarding

                  the most current hardware, software, telecommunications, 

                  and other capabilities to understand how to access

                  information transmitted across networks.

                  (  `(4) EQUAL ACCESS- State and local law

              enforcement agencies and authorities shall have access to

              information, services, resources, and assistance provided by the

          NET Center to the same extent that Federal law enforcement agencies

          and authorities have such access.

                  (  `(5) PERSONNEL- The Director may appoint

              such personnel as the Director considers appropriate to carry

              out the duties of the NET Center.

                  (  `(6) ASSISTANCE OF OTHER FEDERAL

              AGENCIES- Upon the request of the Director of the NET Center,

              the head of any department or agency of the Federal Government

              may, to assist the NET Center in carrying out its duties under

              this subsection--

                      (  `(A) detail, on a reimbursable 

                  basis, any of the personnel of such department or agency to

                  the NET Center; and

                      (  `(B) provide to the NET Center

                  facilities, information, and other non-personnel resources.

                  (  `(7) PRIVATE INDUSTRY ASSISTANCE- The 

              NET Center may accept, use, and dispose of gifts, bequests, or

              devises of money, services, or property, both real and 

              personal, for the purpose of aiding or facilitating the work of

              the Center. Gifts, bequests, or devises of money and proceeds

              from sales of other property received as gifts, bequests, or

              devises shall be deposited in the Treasury and shall be

              available for disbursement upon order of the Director of the 

              NET Center.

                  (  `(8) ADVISORY BOARD- 

                      (  `(A) ESTABLISHMENT- There is

                  established the Advisory Board of the Strategic NET Center

                  for Excellence in Information Security (in this paragraph

                  referred to as the `Advisory Board'), which shall be

                  comprised of members who have the qualifications described

                  in subparagraph (B) and who are appointed by the Attorney

                  General. The Attorney General shall appoint a chairman of

                  the Advisory Board.

                      (  `(B) QUALIFICATIONS- Each member of

                  the Advisory Board shall have experience or expertise in 

                  the field of encryption, decryption, electronic

                  communication, information security, electronic commerce, 

                  or law enforcement.

                      (  `(C) DUTIES- The duty of the 

                  Advisory Board shall be to advise the NET Center and the

                  Federal Government regarding new and emerging technologies

                  relating to encryption and decryption of communications and

                  electronic information.

                  (  `(9) IMPLEMENTATION PLAN- Within 2 

              months after the date of the enactment of the Security and

              Freedom Through Encryption (SAFE) Act, the Attorney General

              shall, in consultation and cooperation with other appropriate

              Federal agencies and appropriate industry participants, develop

              and cause to be published in the Federal Register a plan for

              establishing the NET Center. The plan shall--

                      (  `(A) specify the physical location 

                  of the NET Center and the equipment, software, and 

                  personnel resources necessary to carry out the duties of 

                  the NET Center under this subsection;

                      (  `(B) assess the amount of funding

                  necessary to establish and operate the NET Center; and

                      (  `(C) identify sources of probable

                  funding for the NET Center, including any sources of 

                  in-kind contributions from private industry.

              (  `(b) FREEDOM OF USE- Subject to section 

          2805, it shall be lawful for any person within any State, and for

          any United States person in a foreign country, to use any

          encryption, regardless of the encryption algorithm selected,

          encryption key length chosen, or implementation technique or medium

          used. No Federal or State law or regulation may condition the

          issuance of certificates of authentication or certificates of

          authority for any encryption product upon any escrowing or other

          sharing of private encryption keys, whether with private agents or

          government entities, or establish a licensing, labeling, or other

          regulatory scheme for any encryption product that requires key

          escrow as a condition of licensing or regulatory approval.

            (  `Sec. 2803. Freedom to sell encryption

              (  `Subject to section 2805, it shall be lawful

          for any person within any State to sell in interstate commerce any

          encryption, regardless of the encryption algorithm selected,

          encryption key length chosen, or implementation technique or medium

          used.

            (  `Sec. 2804. Prohibition on mandatory key escrow

              (  `(a) PROHIBITION- No person in lawful

          possession of a key to encrypted communications or information may

          be required by Federal or State law to relinquish to another person

          control of that key.

              (  `(b) EXCEPTION FOR ACCESS FOR LAW 

          ENFORCEMENT PURPOSES- Subsection (a) shall not affect the authority

          of any investigative or law enforcement officer, or any member of

          the intelligence community as defined in section 3 of the National

          Security Act of 1947 (50 U.S.C. 401a), acting under any law in

          effect on the effective date of this chapter, to gain access to

          encrypted communications or information.

            (  `Sec. 2805. Unlawful use of encryption in

          furtherance of a criminal act

              (  `Any person who, in the commission of a

          felony under a criminal statute of the United States, knowingly and

          willfully encrypts incriminating communications or information

          relating to that felony with the intent to conceal such

          communications or information for the purpose of avoiding detection

          by law enforcement agencies or prosecution--

                  (  `(1) in the case of a first offense 

              under this section, shall be imprisoned for not more than 10

              years, or fined in the amount set forth in this title, or both;

              and

                  (  `(2) in the case of a second or

              subsequent offense under this section, shall be imprisoned for

              not more than 20 years, or fined in the amount set forth in 

              this title, or both.

            (  `Sec. 2806. Liability limitations

              (  `No person shall be subject to civil or

          criminal liability for providing access to the plaintext of

          encrypted communications or electronic information to any law

          enforcement official or authorized government entity, pursuant to

          judicial process.'.

              (  (b) STUDY- Within 6 months after the date of

          the enactment of this Act, the National Telecommunications and

          Information Administration shall conduct a study, and prepare and

          submit to the Congress and the President a report regarding such

          study, that--

                  (  (1) assesses the effect that

              establishment of a mandatory system for recovery of encryption

              keys for encrypted communications and information would have on--

                      (  (A) electronic commerce;

                      (  (B) data security;

                      (  (C) privacy in interstate commerce;

                  and

                      (  (D) law enforcement authorities and

                  activities; and

                  (  (2) assesses other possible methods for

              providing access to encrypted communications and information to

              further law enforcement activities.

              (  (c) CONFORMING AMENDMENT- The table of

          chapters for part I of title 18, United States Code, is amended by

          inserting after the item relating to chapter 123 the following new

          item:

            2801'.  

            (  SEC. 3. EXPORTS OF ENCRYPTION.

              (  (a) AMENDMENT TO EXPORT ADMINISTRATION ACT 

          OF 1979- Section 17 of the Export Administration Act of 1979 (50

          U.S.C. App. 2416) is amended by adding at the end thereof the

          following new subsection:

              (  `(g) COMPUTERS AND RELATED EQUIPMENT- 

                  (  `(1) GENERAL RULE- Subject to paragraphs

              (2), (3), and (4), the Secretary shall have exclusive authority

              to control exports of all computer hardware, software, and

              technology for information security (including encryption),

              except that which is specifically designed or modified for

              military use, including command, control, and intelligence

              applications.

                  (  `(2) ITEMS NOT REQUIRING LICENSES- No

              validated license may be required, except pursuant to the

              Trading With The Enemy Act or the International Emergency

              Economic Powers Act (but only to the extent that the authority

              of such Act is not exercised to extend controls imposed under

              this Act), for the export or reexport of--

                      (  `(A) any software, including 

                  software with encryption capabilities--

                          (  `(i) that is generally 

                      available, as is, and is designed for installation by

                      the purchaser; or

                          (  `(ii) that is in the public

                      domain for which copyright or other protection is not

                      available under title 17, United States Code, or that 

                      is available to the public because it is generally

                      accessible to the interested public in any form; or

                      (  `(B) any computing device solely

                  because it incorporates or employs in any form software

                  (including software with encryption capabilities) exempted

                  from any requirement for a validated license under

                  subparagraph (A).

                  (  `(3) SOFTWARE WITH ENCRYPTION

              CAPABILITIES- The Secretary shall authorize the export or

              reexport of software with encryption capabilities for

              nonmilitary end uses in any country to which exports of 

              software of similar capability are permitted for use by

              financial institutions not controlled in fact by United States

              persons, unless there is substantial evidence that such 

              software will be--

                      (  `(A) diverted to a military end use

                  or an end use supporting international terrorism;

                      (  `(B) modified for military or

                  terrorist end use; or

                      (  `(C) reexported without any

                  authorization by the United States that may be required

                  under this Act.

                  (  `(4) HARDWARE WITH ENCRYPTION

              CAPABILITIES- The Secretary shall authorize the export or

              reexport of computer hardware with encryption capabilities if

              the Secretary determines that a product offering comparable

              security is commercially available outside the United States

              from a foreign supplier, without effective restrictions.

                  (  `(5) DEFINITIONS- As used in this

              subsection--

                      (  `(A) the term `encryption' means the

                  scrambling of wire or electronic information using

                  mathematical formulas or algorithms in order to preserve 

                  the confidentiality, integrity, or authenticity of, and

                  prevent unauthorized recipients from accessing or altering,

                  such information;

                      (  `(B) the term `generally available'

                  means, in the case of software (including software with

                  encryption capabilities), software that is offered for 

                  sale, license, or transfer to any person without

                  restriction, whether or not for consideration, including,

                  but not limited to, over-the-counter retail sales, mail

                  order transactions, phone order transactions, electronic

                  distribution, or sale on approval;

                      (  `(C) the term `as is' means, in the

                  case of software (including software with encryption

                  capabilities), a software program that is not designed,

                  developed, or tailored by the software publisher for

                  specific purchasers, except that such purchasers may supply

                  certain installation parameters needed by the software

                  program to function properly with the purchaser's system 

                  and may customize the software program by choosing among

                  options contained in the software program;

                      (  `(D) the term `is designed for

                  installation by the purchaser' means, in the case of

                  software (including software with encryption capabilities)

                  that--

                          (  `(i) the software publisher

                      intends for the purchaser (including any licensee or

                      transferee), who may not be the actual program user, to

                      install the software program on a computing device and

                      has supplied the necessary instructions to do so, 

                      except that the publisher may also provide telephone

                      help line services for software installation, 

                      electronic transmission, or basic operations; and

                          (  `(ii) the software program is

                      designed for installation by the purchaser without

                      further substantial support by the supplier;

                      (  `(E) the term `computing device'

                  means a device which incorporates one or more

                  microprocessor-based central processing units that can

                  accept, store, process, or provide output of data; and

                      (  `(F) the term `computer hardware',

                  when used in conjunction with information security,

                  includes, but is not limited to, computer systems,

                  equipment, application-specific assemblies, modules, and

                  integrated circuits.'.

              (  (b) CONTINUATION OF EXPORT ADMINISTRATION

          ACT- For purposes of carrying out the amendment made by subsection

          (a), the Export Administration Act of 1979 shall be deemed to be in

          effect.

            (  SEC. 4. TREATMENT OF ENCRYPTION IN INTERSTATE

                            AND FOREIGN COMMERCE.

              (  (a) INQUIRY REGARDING IMPEDIMENTS TO TRADE-

          Within 180 days after the date of the

          enactment of this Act, the Secretary of Commerce shall complete an

          inquiry to--

                  (  (1) identify any domestic and foreign

              impediments to trade in encryption products and services and 

              the manners in which and extent to which such impediments

              inhibit the development of interstate and foreign commerce; and

                  (  (2) identify import restrictions imposed

              by foreign nations that constitute unfair trade barriers to

              providers of encryption products or services.

          The Secretary shall submit a report to the Congress regarding the

          results of such inquiry by such date.

              (  (b) REMOVAL OF IMPEDIMENTS TO TRADE- Within 

          1 year after such date of enactment, the Secretary of Commerce, in

          consultation with the Attorney General, shall prescribe such

          regulations as may be necessary to reduce the impediments to trade

          in encryption products and services identified in the inquiry

          pursuant to subsection (a) for the purpose of facilitating the

          development of interstate and foreign commerce. Such regulations

          shall be designed to--

                  (  (1) promote the sale and distribution in

              foreign commerce of encryption products and services

              manufactured in the United States; and

                  (  (2) strengthen the competitiveness of

              domestic providers of encryption products and services in

              foreign commerce.

              (  (c) INTERNATIONAL AGREEMENTS- 

                  (  (1) REPORT TO PRESIDENT- Upon the

              completion of the inquiry under subsection (a), the Secretary 

              of Commerce shall submit a report to the President regarding

              reducing any impediments to trade in encryption products and

              services that are identified by the inquiry and could, in the

              determination of the Secretary, require international

              negotiations for such reduction.

                  (  (2) NEGOTIATIONS- The President shall

              take all actions necessary to conduct negotiations with other

              countries for the purposes of (A) concluding international

              agreements on the promotion of encryption products and 

              services, and (B) achieving mutual recognition of countries'

              export controls, in order to meet the needs of countries to

              preserve national security, safeguard privacy, and prevent

              commercial espionage. The President may consider a country's

              refusal to negotiate such international export and mutual

              recognition agreements when considering the participation of 

              the United States in any cooperation or assistance program with

              that country. The President shall submit a report to the

              Congress regarding the status of international efforts 

              regarding cryptography not later than December 31, 2000.

              (  (d) DEFINITIONS- For purposes of this

          section, the following definitions shall apply:

                  (  (1) COMMUNICATION- The term

              `communication' includes wire communication and electronic

              communication.

                  (  (2) DECRYPT; DECRYPTION- The terms

              `decrypt' and `decryption' refer to the electronic

              retransformation of communications or electronically stored

              information that has been encrypted into the original form of

              the communication or information.

                  (  (3) ELECTRONIC COMMUNICATION- The term

              `electronic communication' has the meaning given such term in

              section 2510 of title 18, United States Code.

                  (  (4) ENCRYPT; ENCRYPTION- The terms

              `encrypt' and `encryption' have the meanings given such terms 

              in section 2801 of title 18, United States Code (as added by

              section 2 of this Act).

                  (  (5) ENCRYPTION PRODUCT- The term

              `encryption product' means any product, software, or technology

              that can be used to encrypt and decrypt communications or

              electronic information and any product, software, or technology

              with encryption capabilities;

                  (  (6) WIRE COMMUNICATION- The term `wire

              communication' has the meaning given such term in section 3 of

              the Communications Act of 1934 (47 U.S.C. 153).

            (  SEC. 5. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

              (  (a) COLLECTION OF INFORMATION BY ATTORNEY

          GENERAL- The Attorney General shall compile, and maintain in

          classified form, data on the instances in which encryption (as

          defined in section 2801 of title 18, United States Code) has

          interfered with, impeded, or obstructed the ability of the

          Department of Justice to enforce the criminal laws of the United

          States.

              (  (b) AVAILABILITY OF INFORMATION TO THE

          CONGRESS- The information compiled under subsection (a), including

          an unclassified summary thereof, shall be made available, upon

          request, to any Member of Congress.  ) 

            Amend the title so as to read: `A bill to amend title 18, United

          States Code, to affirm the rights of United States persons to use

          and sell encryption.'.