iTeleHealth Publications

Introduction to Digital Security and Encryption

Technology in this age of information has brought with it a whole new level of privacy concerns, particularly in the area of online communication. Online communication in the form of electronic mail, newsgroup postings, and chat room participation can be easily tracked and stored by others, including the federal government (Beeson, 1996). This, in addition to open Internet access to mature and sensitive information, has escalated the need for digital security and encryption.

Definitions

This paper addresses digital security and encryption legislation, and how these issues affect its stakeholders. In addition, outstanding issues regarding digital security and encryption are discussed.

Digital Security and Encryption Legislation

Within the past two years, concerns regarding digital security and encryption on the Internet has resulted in the introduction of legislation to address these concerns. With the backing of software companies, the Security and Freedom through Encryption (SAFE) (H.R. 695) legislation was introduced by sponsor Representative Robert Goodlatte of Virginia in February 1997. The software industry is pinning its hopes on this bill which will lift the current 40-bit limit on encrypted data by relaxing export controls on encryption and affirming the rights of Americans to use and sell encryption (Computer World, 1998; Thomas, 1997).

Senator Burns of Montana introduced the Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act of 1997 (S. 377) in February 1997. The bill promotes electronic commerce by facilitating the use of strong encryption such digital signatures for online banking. It was referred to the Senate Commerce, Science, and Transportation Committee where no further action has been taken (Thomas, 1998).

The Secure Public Networks Act (S. 909), sponsored by Senators Robert Kerrey of Nebraska and John McCain of Arizona, was introduced to Congress in June 1997. This legislation mirrors the Clinton administration’s position by encouraging and facilitating the creation of secure public networks for communication, commerce, education, medicine, and government (Thomas, 1998).

The Internet School Filtering Act (S. 1619), also referred to as the McCain Bill, requires libraries and schools to certify that they have installed Internet filtering or blocking software in order to receive the E-rate telecommunication discounts authorized in the Telecommunications Act of 1996 under universal service provisions. This bill, sponsored by Senator John McCain of Arizona, has been viewed as depriving library patrons of the their First Amendment rights (Electronic Frontier Foundation, 1998). To temper these concerns, modifications to the bill were recommended. Senator Burns of Montana proposed requiring schools and libraries that receive federal subsidies to adopt "appropriate Internet use policies" for children since many institutions had already implemented this approach (NYT Editorial Staff, 1998). Senator Breaux of Louisiana proposed another alternative which would require flexible filtering intended to allow access to needed health and other educational information. There is a dispute whether modifications incorporating the suggestions by Burns and Beaux were included in the bill that was approved by the US Senate Commerce Committee on March 12, 1998.

On this same date, the US Senate Commerce Committee also approved the Coats Bill (S. 1482). This bill, introduced by Senator Coats of Indiana, prohibits commercial distribution on the Internet of material deemed harmful to minors (Thomas, 1998).

Two bills, related to the Internet School Filtering Act, were also introduced this year.
On February 11, Representative Bob Franks of New Jersey introduced H.R. 3177, a bill essentially identical to the McCarran proposal. On March 11, Representative Edward Marquee of Massachusetts introduced H.R. 3442, a bill that would require appropriate local use policies. No action in the House has been scheduled, but this election year session remains highly
fluid (ALAWON, 1998).

June 1997 was a busy month for the introduction of legislation related to digital security and encryption. Representative Markey of Massachusetts introduced the Communications Privacy and Consumer Empowerment Act (H.R. 1964) which protects consumer privacy, empowers parents, enhances the telecommunications infrastructure for efficient electronic commerce, and safeguards data security (Thomas, 1998). The bill was referred to the House Committee on Commerce and Telecommunications, Trade, and Consumer Protection subcommittees where no further action has been.

The Computer Security Enhancement Act of 1997 (H.R. 1903) was also introduced in June 1997 by Representative Sensenbrenner of Wisconsin. This bill calls for an amendment to the National Institute of Standards and Technology (NIST) Act to enhance the ability of NIST to improve computer security. This bill was revised three times and then referred to the Senate Committee on Commerce, Science, and Transportation where no further action has been taken (Thomas, 1998).

Stakeholders

The stakeholders include all parties affected by the development and implementation of digital security and encryption on the Internet. This includes all users of the Internet in addition to local, state, and federal governments and their law enforcement agencies, electronic commerce providers, software developers, and consumer user groups.

Government is responsible for developing and reinforcing legislation pertaining to digital security and encryption (Digital Security: Who Holds the Keys?, 1997). As previously discussed, there has been active legislation in the past two years regarding these issues. This issue is of such concern to the image of the Clinton Administration that the White House has retreated from legislation that will give law enforcers access to encrypted computer data and communications (Clausing, 1998).

Electronic commerce providers are busy trying to convince concerned online consumers that it is safe to input personal information such as credit card numbers and social security information. According to the Washington Post (1997), the chances of a credit card number being swiped over the Internet are lower than the chances of money being stolen from someone’s home. Still, consumers are still uneasy purchasing products and services online.

U.S. software companies maintain that export regulations make it difficult to compete with international companies that do not have to meet the same security and encryption requirements (Digital Security: Who Holds the Keys?, 1997).

Consumer privacy advocates aim to protect their interests as it relates to digital security and encryption including preventing the government from monitoring private conversations (Digital Security: Who Holds the Keys?, 1997). Still other consumers are concerned about protecting their legal rights to own and control the use of their work on the Internet (Corcoran, February 23, 1998; Electronic Frontier Foundation, 1998). These consumers have formed a coalition, Americans for Computer Privacy, to launch print and broadcast ads to convince people that encryption technology is more than a computer industry issue (Corcoran, March 4, 1998). On other fronts, public and school library consumer groups continue to fight against the utilization of filtering software being tied into eligibility for the telecommunications discount programs.

Outstanding Issues

No technology is impervious to security attacks. While encryption is important for the defense of personal and national security, it is a potential headache for law enforcement officers concerned about terrorists, spies, and thieves using encryption to hide what they are doing (Digital Security: Who Holds the Keys?, 1997).

As a result of this concern, there are still issues regarding how tightly the government should regulate encryption technology. While the Clinton Administration is taking the stand that the federal government is primarily concerned with preserving the nation's ability to protect public safety and defend national security, it is not focusing on legislation that will allow law enforcers access to encrypted computer data and communications (Clausing, 1998). Yet, the government continues to approve exports of encryption technology which helps to create standardization, but also increases the risk of terrorism. An example is Hewlett-Packard’s recent approval by the U.S. government to export a strong encryption technology to customers in five countries. In order to maintain some governmental control, the technology must be activated for renewable one-year periods by designated agencies in each country (Clark and Wingfield, 1998).

Conclusion

In the past two years, digital security and encryption have become critical issues to assure public and private protection of privacy on the Internet. This is particularly true as utilization of the Internet continues to rapidly increase with little or no control over open access to mature or sensitive content. These concerns have resulted in the introduction of legislation to protect the interests of all those affected by the advancing technology.

As a result of the changes recommended by the legislation, there is some concern that first amendment rights are being violated. On the other hand, without controls, the fear of crime and terrorism is very real. In response to these issues, consumer groups have formed coalitions and software developers have extensively lobbied to gain support for or against the proposed legislation. To date, only two of the proposed bills regarding digital security and encryption have passed in the Senate. No bill has been passed by the full Congress at this time.

It is hoped that the proposed legislation will lead to international standardization of guidelines regarding digital security and encryption. Through this effort, it is further hoped that the privacy and security of all users of the Internet will be adequately protected.

References

ALAWON. (March 25, 1998). Action needed: Update on status of Internet school filtering act. American Library Association Washington Office Newsmen 7(32).

Beeson, A. (1996). Privacy in cyberspace: Is your e-mail safe from the boss, the sysop, the hackers, and the cops? [On-line]. Available: http://www.aclu.org/issues/cyber/priv/privpap.html

Clausing, J. (March 18, 1998). FBI halts its push for encryption access legislation. New York Times (CyberTimes). [On-Line] Available: http://www.nytimes.com/library/tech/98/03/cyber/articles/18encrypt.html

Clark, D. & Wingfield, N. Hewlett receives approval to export encryption system. Wall Street Journal. [On-Line] Available: http://wsj.com/

Corcoran, E. (1998, March 4). Ads to target encryption curbs. Washington Post. [On-Line] Available: http://www.washingtonpost.com/wp-srv/Wplate/1998-03/04/0491-030498-idx.html

Corcoran, E. (1998, February 23). Protecting the ownership right to copyright. Washington Post. [On-Line] Available: http://www.washingtonpost.com/wp-s…te/1998-02/23/0161-022398-idx.html

Crypto bill could see spring passage. (January 19, 1998). Computer World 32(3), 10.

Digital security: Who holds the keys? (1997, September 25). Washington Post. [On-Line] Available: http://www.washingtonpost.com/wp-s…ch/analysis/encryption/encrypt.htm

Electronic Frontier Foundation (1998) [On-Line] Available: http://www.eff.org/

Zimmerman, P. (1997). PGP and what it does. [On-Line] Available: http://www.arc.unm.edu/~drosoff/pgp/pgp.html#defs

iTeleHealth Home Page | Contact Information