WASHINGTON -- A proposal to allow American companies to easily sell encryption products abroad took its first steps toward becoming law on Thursday.
A House subcommittee unanimously voted to approve the Security and Freedom through Encryption Act, better known as SAFE.
But the proposal has a long way to go. An array of other committees are likely to weigh in on SAFE, which is almost certain to stall the process for months or more. Some members of Congress could even turn the plan on its head and transform the legislation into a proposal to restrict Americans' privacy rights instead of expanding them.
That's what happened two years ago. The House Intelligence Committee voted to make it a crime to manufacture, sell, or distribute encryption products -- including Web browsers and PGP -- without backdoors for government surveillance. The ensuing deadlock prevented the full House from voting.
Since a new Congress is now in session after the 1998 elections, Representative Bob Goodlatte (R-Virginia) had to reintroduce SAFE and start over.
"This legislation is needed because every American is vulnerable to online predators. Credit-card numbers can be stolen, personal medical records can be exposed, and bank deposits can be rerouted, all because of the administration's restrictive encryption policy," Goodlatte, said in a statement Thursday.
At the meeting of the House Judiciary Committee's courts and intellectual-property subcommittee, some Democrats said SAFE went too far and would endanger national security.
"The bill may hamper the US' ability to comply with the Wassenaar Arrangement," said a spokesman for Representative Howard Berman. The California Democrat was concerned "that this not undermine our ability to protect national security and comply with the Wassenaar Agreement." But Berman ended up voting for SAFE.
In December, 33 countries -- including the United States and most major powers that are part of the agreement -- agreed in principle to limit exports. Few smaller states have any such rules. The Clinton administration has said it will pressure them to follow suit.
Overall, Democrats have been less supportive of SAFE than their GOP counterparts, largely as a show of party unity. Current law lets the executive branch declare a "national emergency" and restrict encryption exports, which President Clinton has done.
SAFE would allow companies, who have complained that current regulations inhibit their ability to compete overseas -- to export crypto products that are "generally available" in the public domain or shrink-wrapped and sold as an off-the-shelf product.
But it would still require that any would-be exporter submit their product to the Feds for "a one-time, 15-day technical review." SAFE also includes the first-ever criminal penalties for Americans who use encryption to conceal criminal activities.
"We and other cyber rights groups remain concerned about the criminal provision. Except for that provision, this is probably the best vehicle for encryption reform that is pending," said David Sobel, staff counsel for the Electronic Privacy Information Center. Conservative groups have opposed that portion of SAFE.
