27 July 1999
Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html

For related House Report 116-117, parts I, II, III, IV and V:

  http://cryptome.org/hr106-117-p1.txt
  http://cryptome.org/hr106-117-p2.txt
  http://cryptome.org/hr106-117-p3.txt
  http://cryptome.org/hr106-117-p4.txt
  http://cryptome.org/hr106-117-p5.txt

-----------------------------------------------------------------------

[DOCID: f:h850rh.txt]

                                                 Union Calendar No. 149

106th CONGRESS

  1st Session

                               H. R. 850

             [Report No. 106-117, Parts I, II, III, IV, V]

_______________________________________________________________________

                                 A BILL

 To amend title 18, United States Code, to affirm the rights of United
States persons to use and sell encryption and to relax export controls
                             on encryption.

_______________________________________________________________________

                             July 23, 1999

     Reported from the Committee on Armed Services with amendments

                             July 23, 1999

 Reported from the Permanent Select Committee on Intelligence with an
 amendment, committed to the Committee of the Whole House on the State
                of the Union, and ordered to be printed
                                                 Union Calendar No. 149
106th CONGRESS
  1st Session
                                H. R. 850

             [Report No. 106-117, Parts I, II, III, IV, V]

 To amend title 18, United States Code, to affirm the rights of United
States persons to use and sell encryption and to relax export controls
                             on encryption.

_______________________________________________________________________

                    IN THE HOUSE OF REPRESENTATIVES

                           February 25, 1999

  Mr. Goodlatte (for himself, Ms. Lofgren, Mr. Armey, Mr. DeLay, Mr.
 Watts of Oklahoma, Mr. Davis of Virginia, Mr. Cox, Ms. Pryce of Ohio,
Mr. Blunt, Mr. Gephardt, Mr. Bonior, Mr. Frost, Ms. DeLauro, Mr. Lewis
of Georgia, Mr. Gejdenson, Mr. Sensenbrenner, Mr. Gekas, Mr. Coble, Mr.
   Smith of Texas, Mr. Gallegly, Mr. Bryant, Mr. Chabot, Mr. Barr of
 Georgia, Mr. Hutchinson, Mr. Pease, Mr. Cannon, Mr. Rogan, Mrs. Bono,
 Mr. Bachus, Mr. Conyers, Mr. Frank of Massachusetts, Mr. Boucher, Mr.
Nadler, Ms. Jackson-Lee of Texas, Ms. Waters, Mr. Meehan, Mr. Delahunt,
 Mr. Wexler, Mr. Ackerman, Mr. Andrews, Mr. Archer, Mr. Ballenger, Mr.
 Barcia, Mr. Barrett of Nebraska, Mr. Barrett of Wisconsin, Mr. Barton
of Texas, Mr. Bilbray, Mr. Blumenauer, Mr. Boehner, Mr. Brady of Texas,
     Mr. Brady of Pennsylvania, Ms. Brown of Florida, Mr. Brown of
  California, Mr. Burr of North Carolina, Mr. Burton of Indiana, Mr.
  Camp, Mr. Campbell, Mrs. Capps, Mr. Chambliss, Mrs. Chenoweth, Mrs.
  Christian-Christensen, Mrs. Clayton, Mr. Clement, Mr. Clyburn, Mr.
     Collins, Mr. Cook, Mr. Cooksey, Mrs. Cubin, Mr. Cummings, Mr.
 Cunningham, Mr. Davis of Illinois, Mr. Deal of Georgia, Mr. DeFazio,
 Mr. Deutsch, Mr. Dickey, Mr. Dooley of California, Mr. Doolittle, Mr.
Doyle, Mr. Dreier, Mr. Duncan, Ms. Dunn, Mr. Ehlers, Mrs. Emerson, Mr.
English, Ms. Eshoo, Mr. Ewing, Mr. Farr of California, Mr. Filner, Mr.
 Ford, Mr. Fossella, Mr. Franks of New Jersey, Mr. Gillmor, Mr. Goode,
 Mr. Goodling, Mr. Gordon, Mr. Green of Texas, Mr. Gutknecht, Mr. Hall
of Texas, Mr. Hastings of Washington, Mr. Herger, Mr. Hill of Montana,
 Mr. Hobson, Mr. Hoekstra, Mr. Holden, Ms. Hooley of Oregon, Mr. Horn,
  Mr. Houghton, Mr. Inslee, Mr. Istook, Mr. Jackson of Illinois, Mr.
    Jefferson, Ms. Eddie Bernice Johnson of Texas, Mrs. Johnson of
Connecticut, Mr. Kanjorski, Mr. Kasich, Mrs. Kelly, Ms. Kikpatrick, Mr.
   Kind, Mr. Kingston, Mr. Knollenberg, Mr. Kolbe, Mr. Lampson, Mr.
 Largent, Mr. Latham, Ms. Lee, Mr. Lewis of Kentucky, Mr. Linder, Mr.
Lucas of Oklahoma, Mr. Luther, Ms. McCarthy of Missouri, Mr. McDermott,
 Mr. McGovern, Mr. McIntosh, Mr. Maloney of Connecticut, Mr. Manzullo,
    Mr. Markey, Mr. Martinez, Mr. Matsui, Mrs. Meek of Florida, Mr.
    Metcalf, Mr. Mica, Ms. Millender-McDonald, Mr. George Miller of
  California, Mr. Moakley, Mr. Moran of Virginia, Mrs. Morella, Mrs.
Myrick, Mrs. Napolitano, Mr. Neal of Massachusetts, Mr. Nethercutt, Mr.
 Norwood, Mr. Nussle, Mr. Olver, Mr. Packard, Mr. Pallone, Mr. Pastor,
 Mr. Peterson of Minnesota, Mr. Pickering, Mr. Pombo, Mr. Pomeroy, Mr.
  Price of North Carolina, Mr. Quinn, Mr. Radanovich, Mr. Rahall, Mr.
 Rangel, Mr. Reynolds, Ms. Rivers, Mr. Rohrabacher, Ms. Ros-Lehtinen,
   Mr. Rush, Mr. Salmon, Ms. Sanchez, Mr. Sanders, Mr. Sanford, Mr.
 Scarborough, Mr. Schaffer, Mr. Sessions, Mr. Shays, Mr. Sherman, Mr.
Shimkus, Mr. Smith of Washington, Mr. Smith of New Jersey, Mr. Souder,
  Ms. Stabenow, Mr. Stark, Mr. Sununu, Mr. Tanner, Mrs. Tauscher, Mr.
   Tauzin, Mr. Taylor of North Carolina, Mr. Thomas, Mr. Thompson of
Mississippi, Mr. Thune, Mr. Tiahrt, Mr. Tierney, Mr. Upton, Mr. Vento,
   Mr. Walsh, Mr. Wamp, Mr. Watkins, Mr. Weller, Mr. Whitfield, Mr.
 Wicker, Ms. Woolsey, and Mr. Wu) introduced the following bill; which
was referred to the Committee on the Judiciary, and in addition to the
 Committee on International Relations, for a period to be subsequently
   determined by the Speaker, in each case for consideration of such
 provisions as fall within the jurisdiction of the committee concerned

                             April 27, 1999

              Reported from the Committee on the Judiciary

                             April 27, 1999

  Referral to the Committee on International Relations extended for a
               period ending not later than July 2, 1999

                             April 27, 1999

   Referred to the Committees on Armed Services and Commerce and the
  Permanent Select Committee on Intelligence for a period ending not
                        later than July 2, 1999

                              July 2, 1999

       Reported from the Committee on Commerce with an amendment
 [Strike out all after the enacting clause and insert the part printed
                               in italic]

                              July 2, 1999

  Referral to the Committee on International Relations extended for a
               period ending not later than July 16, 1999

                              July 2, 1999

 Referral to the Committee on Armed Services and the Permanent Select
 Committee on Intelligence extended for a period ending not later than
                             July 23, 1999

                             July 16, 1999

  Referral to the Committee on International Relations extended for a
               period ending not later than July 19, 1999

                             July 19, 1999

    Reported from the Committee on International Relations with an
                               amendment
 [Strike out all after the enacting clause and insert the part printed
                           in boldface roman]

                             July 23, 1999

     Reported from the Committee on Armed Services with amendments
 [Strike out all after the enacting clause and insert the part printed
                      in italic and bold brackets]

                             July 23, 1999

   Additional sponsors: Mr. Hall of Ohio, Mr. Forbes, Mr. Holt, Mr.
Gibbons, Mr. Calvert, Ms. Slaughter, Mr. Bonilla, Mr. Diaz-Balart, Mr.
Engel, Mr. Hilliard, Mr. King, Mr. LaHood, Ms. McKinney, Mr. Ney, Mrs.
   Northup, Mr. Riley, Mr. Serrano, Mr. Stenholm, Mr. Tancredo, Mr.
 Hansen, Mr. Moran of Kansas, Mr. Sam Johnson of Texas, Mr. Hilleary,
Mr. Gary Miller of California, Ms. Norton, Mr. Sweeney, Mr. Baker, Mr.
   Crane, Mr. McInnis, Mr. Weldon of Florida, Mr. Wise, Mr. Ose, Mr.
 Baldacci, Mr. Minge, Mr. Underwood, Mr. DeMint, Mr. Walden of Oregon,
Mr. Hayes, Mr. Foley, Mr. Terry, Mr. Shows, Mr. Ryan of Wisconsin, Mr.
   Etheridge, Mr. Watt of North Carolina, Mr. Crowley, Mr. Udall of
Colorado, Mr. Hoeffel, Mr. Fletcher, Mr. Baird, Mr. Talent, Mr. Kennedy
of Rhode Island, Mr. Udall of New Mexico, Mr. Sawyer, Mr. Menendez, and
                              Mr. Hinchey
 Deleted sponsors: Mr. Holden (added February 25, 1999; deleted April
 21, 1999), and Mr. Hastings of Florida (added March 16, 1999; deleted
                             June 10, 1999)

                             July 23, 1999

 Reported from the Permanent Select Committee on Intelligence with an
 amendment, committed to the Committee of the Whole House on the State
                of the Union, and ordered to be printed
 [Strike out all after the enacting clause and insert the part printed
                          in boldface italic]

_______________________________________________________________________

                                 A BILL


 To amend title 18, United States Code, to affirm the rights of United
States persons to use and sell encryption and to relax export controls
                             on encryption.

    Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Security And Freedom
through Encryption (SAFE) Act''.</DELETED>

<DELETED>SEC. 2. SALE AND USE OF ENCRYPTION.</DELETED>

<DELETED>    (a) In General.--Part I of title 18, United States Code,
is amended by inserting after chapter 123 the following new
chapter:</DELETED>

         <DELETED>``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC
                         INFORMATION</DELETED>

<DELETED>``Sec.
<DELETED>``2801. Definitions.
<DELETED>``2802. Freedom to use encryption.
<DELETED>``2803. Freedom to sell encryption.
<DELETED>``2804. Prohibition on mandatory key escrow.
<DELETED>``2805. Unlawful use of encryption in furtherance of a
                            criminal act.
<DELETED>``Sec. 2801. Definitions</DELETED>
<DELETED>    ``As used in this chapter--</DELETED>
        <DELETED>    ``(1) the terms `person', `State', `wire
        communication', `electronic communication', `investigative or
        law enforcement officer', and `judge of competent jurisdiction'
        have the meanings given those terms in section 2510 of this
        title;</DELETED>
        <DELETED>    ``(2) the term `decrypt' means to retransform or
        unscramble encrypted data, including communications, to its
        readable form;</DELETED>
        <DELETED>    ``(3) the terms `encrypt', `encrypted', and
        `encryption' mean the scrambling of wire communications,
        electronic communications, or electronically stored
        information, using mathematical formulas or algorithms in order
        to preserve the confidentiality, integrity, or authenticity of,
        and prevent unauthorized recipients from accessing or altering,
        such communications or information;</DELETED>
        <DELETED>    ``(4) the term `key' means the variable
        information used in a mathematical formula, code, or algorithm,
        or any component thereof, used to decrypt wire communications,
        electronic communications, or electronically stored
        information, that has been encrypted; and</DELETED>
        <DELETED>    ``(5) the term `key recovery information' means
        information that would enable obtaining the key of a user of
        encryption;</DELETED>
        <DELETED>    ``(6) the term `plaintext access capability' means
        any method or mechanism which would provide information in
        readable form prior to its being encrypted or after it has been
        decrypted;</DELETED>
        <DELETED>    ``(7) the term `United States person' means--
        </DELETED>
                <DELETED>    ``(A) any United States citizen;</DELETED>
                <DELETED>    ``(B) any other person organized under the
                laws of any State, the District of Columbia, or any
                commonwealth, territory, or possession of the United
                States; and</DELETED>
                <DELETED>    ``(C) any person organized under the laws
                of any foreign country who is owned or controlled by
                individuals or persons described in subparagraphs (A)
                and (B).</DELETED>
<DELETED>``Sec. 2802. Freedom to use encryption</DELETED>
<DELETED>    ``Subject to section 2805, it shall be lawful for any
person within any State, and for any United States person in a foreign
country, to use any encryption, regardless of the encryption algorithm
selected, encryption key length chosen, or implementation technique or
medium used.</DELETED>
<DELETED>``Sec. 2803. Freedom to sell encryption</DELETED>
<DELETED>    ``Subject to section 2805, it shall be lawful for any
person within any State to sell in interstate commerce any encryption,
regardless of the encryption algorithm selected, encryption key length
chosen, or implementation technique or medium used.</DELETED>
<DELETED>``Sec. 2804. Prohibition on mandatory key escrow</DELETED>
<DELETED>    ``(a) General Prohibition.--Neither the Federal Government
nor a State may require that, or condition any approval on a
requirement that, a key, access to a key, key recovery information, or
any other plaintext access capability be--</DELETED>
        <DELETED>    ``(1) built into computer hardware or software for
        any purpose;</DELETED>
        <DELETED>    ``(2) given to any other person, including a
        Federal Government agency or an entity in the private sector
        that may be certified or approved by the Federal Government or
        a State to receive it; or</DELETED>
        <DELETED>    ``(3) retained by the owner or user of an
        encryption key or any other person, other than for encryption
        products for use by the Federal Government or a
        State.</DELETED>
<DELETED>    ``(b) Prohibition on Linkage of Different Uses of
Encryption.--Neither the Federal Government nor a State may--</DELETED>
        <DELETED>    ``(1) require the use of encryption products,
        standards, or services used for confidentiality purposes, as a
        condition of the use of such products, standards, or services
        for authenticity or integrity purposes; or</DELETED>
        <DELETED>    ``(2) require the use of encryption products,
        standards, or services used for authenticity or integrity
        purposes, as a condition of the use of such products,
        standards, or services for confidentiality purposes.</DELETED>
<DELETED>    ``(c) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or
law enforcement officer, or any member of the intelligence community as
defined in section 3 of the National Security Act of 1947 (50 U.S.C.
401a), acting under any law in effect on the effective date of this
chapter, to gain access to encrypted communications or
information.</DELETED>
<DELETED>``Sec. 2805. Unlawful use of encryption in furtherance of a
              criminal act</DELETED>
<DELETED>    ``(a) Encryption of Incriminating Communications or
Information Unlawful.--Any person who, in the commission of a felony
under a criminal statute of the United States, knowingly and willfully
encrypts incriminating communications or information relating to that
felony with the intent to conceal such communications or information
for the purpose of avoiding detection by law enforcement agencies or
prosecution--</DELETED>
        <DELETED>    ``(1) in the case of a first offense under this
        section, shall be imprisoned for not more than 5 years, or
        fined in the amount set forth in this title, or both;
        and</DELETED>
        <DELETED>    ``(2) in the case of a second or subsequent
        offense under this section, shall be imprisoned for not more
        than 10 years, or fined in the amount set forth in this title,
        or both.</DELETED>
<DELETED>    ``(b) Use of Encryption Not a Basis for Probable Cause.--
The use of encryption by any person shall not be the sole basis for
establishing probable cause with respect to a criminal offense or a
search warrant.''.</DELETED>
<DELETED>    (b) Conforming Amendment.--The table of chapters for part
I of title 18, United States Code, is amended by inserting after the
item relating to chapter 123 the following new item:</DELETED>

<DELETED>``125. Encrypted wire and electronic information...    2801''.

<DELETED>SEC. 3. EXPORTS OF ENCRYPTION.</DELETED>

<DELETED>    (a) Amendment to Export Administration Act of 1979.--
Section 17 of the Export Administration Act of 1979 (50 U.S.C. App.
2416) is amended by adding at the end thereof the following new
subsection:</DELETED>
<DELETED>    ``(g) Certain Consumer Products, Computers, and Related
Equipment.--</DELETED>
        <DELETED>    ``(1) General rule.--Subject to paragraphs (2) and
        (3), the Secretary shall have exclusive authority to control
        exports of all computer hardware, software, computing devices,
        customer premises equipment, communications network equipment,
        and technology for information security (including encryption),
        except that which is specifically designed or modified for
        military use, including command, control, and intelligence
        applications.</DELETED>
        <DELETED>    ``(2) Items not requiring licenses.--After a one-
        time, 15-day technical review by the Secretary, no export
        license may be required, except pursuant to the Trading with
        the enemy Act or the International Emergency Economic Powers
        Act (but only to the extent that the authority of such Act is
        not exercised to extend controls imposed under this Act), for
        the export or reexport of--</DELETED>
                <DELETED>    ``(A) any computer hardware or software or
                computing device, including computer hardware or
                software or computing devices with encryption
                capabilities--</DELETED>
                        <DELETED>    ``(i) that is generally
                        available;</DELETED>
                        <DELETED>    ``(ii) that is in the public
                        domain for which copyright or other protection
                        is not available under title 17, United States
                        Code, or that is available to the public
                        because it is generally accessible to the
                        interested public in any form; or</DELETED>
                        <DELETED>    ``(iii) that is used in a
                        commercial, off-the-shelf, consumer product or
                        any component or subassembly designed for use
                        in such a consumer product available within the
                        United States or abroad which--</DELETED>
                                <DELETED>    ``(I) includes encryption
                                capabilities which are inaccessible to
                                the end user; and</DELETED>
                                <DELETED>    ``(II) is not designed for
                                military or intelligence end
                                use;</DELETED>
                <DELETED>    ``(B) any computing device solely because
                it incorporates or employs in any form--</DELETED>
                        <DELETED>    ``(i) computer hardware or
                        software (including computer hardware or
                        software with encryption capabilities) that is
                        exempted from any requirement for a license
                        under subparagraph (A); or</DELETED>
                        <DELETED>    ``(ii) computer hardware or
                        software that is no more technically complex in
                        its encryption capabilities than computer
                        hardware or software that is exempted from any
                        requirement for a license under subparagraph
                        (A) but is not designed for installation by the
                        purchaser;</DELETED>
                <DELETED>    ``(C) any computer hardware or software or
                computing device solely on the basis that it
                incorporates or employs in any form interface
                mechanisms for interaction with other computer hardware
                or software or computing devices, including computer
                hardware and software and computing devices with
                encryption capabilities;</DELETED>
                <DELETED>    ``(D) any computing or telecommunication
                device which incorporates or employs in any form
                computer hardware or software encryption capabilities
                which--</DELETED>
                        <DELETED>    ``(i) are not directly available
                        to the end user; or</DELETED>
                        <DELETED>    ``(ii) limit the encryption to be
                        point-to-point from the user to a central
                        communications point or link and does not
                        enable end-to-end user encryption;</DELETED>
                <DELETED>    ``(E) technical assistance and technical
                data used for the installation or maintenance of
                computer hardware or software or computing devices with
                encryption capabilities covered under this subsection;
                or</DELETED>
                <DELETED>    ``(F) any encryption hardware or software
                or computing device not used for confidentiality
                purposes, such as authentication, integrity, electronic
                signatures, nonrepudiation, or copy
                protection.</DELETED>
        <DELETED>    ``(3) Computer hardware or software or computing
        devices with encryption capabilities.--After a one-time, 15-day
        technical review by the Secretary, the Secretary shall
        authorize the export or reexport of computer hardware or
        software or computing devices with encryption capabilities for
        nonmilitary end uses in any country--</DELETED>
                <DELETED>    ``(A) to which exports of computer
                hardware or software or computing devices of comparable
                strength are permitted for use by financial
                institutions not controlled in fact by United States
                persons, unless there is substantial evidence that such
                computer hardware or software or computing devices will
                be--</DELETED>
                        <DELETED>    ``(i) diverted to a military end
                        use or an end use supporting international
                        terrorism;</DELETED>
                        <DELETED>    ``(ii) modified for military or
                        terrorist end use; or</DELETED>
                        <DELETED>    ``(iii) reexported without any
                        authorization by the United States that may be
                        required under this Act; or</DELETED>
                <DELETED>    ``(B) if the Secretary determines that a
                computer hardware or software or computing device
                offering comparable security is commercially available
                outside the United States from a foreign supplier,
                without effective restrictions.</DELETED>
        <DELETED>    ``(4) Definitions.--As used in this subsection--
        </DELETED>
                <DELETED>    ``(A)(i) the term `encryption' means the
                scrambling of wire communications, electronic
                communications, or electronically stored information,
                using mathematical formulas or algorithms in order to
                preserve the confidentiality, integrity, or
                authenticity of, and prevent unauthorized recipients
                from accessing or altering, such communications or
                information;</DELETED>
                <DELETED>    ``(ii) the terms `wire communication' and
                `electronic communication' have the meanings given
                those terms in section 2510 of title 18, United States
                Code;</DELETED>
                <DELETED>    ``(B) the term `generally available'
                means, in the case of computer hardware or computer
                software (including computer hardware or computer
                software with encryption capabilities)--</DELETED>
                        <DELETED>    ``(i) computer hardware or
                        computer software that is--</DELETED>
                                <DELETED>    ``(I) distributed through
                                the Internet;</DELETED>
                                <DELETED>    ``(II) offered for sale,
                                license, or transfer to any person
                                without restriction, whether or not for
                                consideration, including, but not
                                limited to, over-the-counter retail
                                sales, mail order transactions, phone
                                order transactions, electronic
                                distribution, or sale on
                                approval;</DELETED>
                                <DELETED>    ``(III) preloaded on
                                computer hardware or computing devices
                                that are widely available for sale to
                                the public; or</DELETED>
                                <DELETED>    ``(IV) assembled from
                                computer hardware or computer software
                                components that are widely available
                                for sale to the public;</DELETED>
                        <DELETED>    ``(ii) not designed, developed, or
                        tailored by the manufacturer for specific
                        purchasers or users, except that any such
                        purchaser or user may--</DELETED>
                                <DELETED>    ``(I) supply certain
                                installation parameters needed by the
                                computer hardware or software to
                                function properly with the computer
                                system of the user or purchaser;
                                or</DELETED>
                                <DELETED>    ``(II) select from among
                                options contained in the computer
                                hardware or computer software;
                                and</DELETED>
                        <DELETED>    ``(iii) with respect to which the
                        manufacturer of that computer hardware or
                        computer software--</DELETED>
                                <DELETED>    ``(I) intended for the
                                user or purchaser, including any
                                licensee or transferee, to install the
                                computer hardware or software and has
                                supplied the necessary instructions to
                                do so, except that the manufacturer of
                                the computer hardware or software, or
                                any agent of such manufacturer, may
                                also provide telephone or electronic
                                mail help line services for
                                installation, electronic transmission,
                                or basic operations; and</DELETED>
                                <DELETED>    ``(II) the computer
                                hardware or software is designed for
                                such installation by the user or
                                purchaser without further substantial
                                support by the manufacturer;</DELETED>
                <DELETED>    ``(C) the term `computing device' means a
                device which incorporates one or more microprocessor-
                based central processing units that can accept, store,
                process, or provide output of data;</DELETED>
                <DELETED>    ``(D) the term `computer hardware'
                includes, but is not limited to, computer systems,
                equipment, application-specific assemblies, smart
                cards, modules, integrated circuits, and printed
                circuit board assemblies;</DELETED>
                <DELETED>    ``(E) the term `customer premises
                equipment' means equipment employed on the premises of
                a person to originate, route, or terminate
                communications;</DELETED>
                <DELETED>    ``(F) the term `technical assistance'
                includes instruction, skills training, working
                knowledge, consulting services, and the transfer of
                technical data;</DELETED>
                <DELETED>    ``(G) the term `technical data' includes
                blueprints, plans, diagrams, models, formulas, tables,
                engineering designs and specifications, and manuals and
                instructions written or recorded on other media or
                devices such as disks, tapes, or read-only memories;
                and</DELETED>
                <DELETED>    ``(H) the term `technical review' means a
                review by the Secretary of computer hardware or
                software or computing devices with encryption
                capabilities, based on information about the product's
                encryption capabilities supplied by the manufacturer,
                that the computer hardware or software or computing
                device works as represented.''.</DELETED>
<DELETED>    (b) No Reinstatement of Export Controls on Previously
Decontrolled Products.--Any encryption product not requiring an export
license as of the date of enactment of this Act, as a result of
administrative decision or rulemaking, shall not require an export
license on or after such date of enactment.</DELETED>
<DELETED>    (c) Applicability of Certain Export Controls.--</DELETED>
        <DELETED>    (1) In general.--Nothing in this Act shall limit
        the authority of the President under the International
        Emergency Economic Powers Act, the Trading with the enemy Act,
        or the Export Administration Act of 1979, to--</DELETED>
                <DELETED>    (A) prohibit the export of encryption
                products to countries that have been determined to
                repeatedly provide support for acts of international
                terrorism; or</DELETED>
                <DELETED>    (B) impose an embargo on exports to, and
                imports from, a specific country.</DELETED>
        <DELETED>    (2) Specific denials.--The Secretary may prohibit
        the export of specific encryption products to an individual or
        organization in a specific foreign country identified by the
        Secretary, if the Secretary determines that there is
        substantial evidence that such encryption products will be used
        for military or terrorist end-use.</DELETED>
        <DELETED>    (3) Definition.--As used in this subsection and
        subsection (b), the term ``encryption'' has the meaning given
        that term in section 17(g)(5)(A) of the Export Administration
        Act of 1979, as added by subsection (a) of this
        section.</DELETED>
<DELETED>    (d) Continuation of Export Administration Act.--For
purposes of carrying out the amendment made by subsection (a), the
Export Administration Act of 1979 shall be deemed to be in
effect.</DELETED>

<DELETED>SEC. 4. EFFECT ON LAW ENFORCEMENT ACTIVITIES.</DELETED>

<DELETED>    (a) Collection of Information by Attorney General.--The
Attorney General shall compile, and maintain in classified form, data
on the instances in which encryption (as defined in section 2801 of
title 18, United States Code) has interfered with, impeded, or
obstructed the ability of the Department of Justice to enforce the
criminal laws of the United States.</DELETED>
<DELETED>    (b) Availability of Information to the Congress.--The
information compiled under subsection (a), including an unclassified
summary thereof, shall be made available, upon request, to any Member
of Congress.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Security And Freedom through
Encryption (SAFE) Act''.

SEC. 2. DEFINITIONS.

    For purposes of this Act, the following definitions shall apply:
            (1) Computer hardware.--The term ``computer hardware''
        includes computer systems, equipment, application-specific
        assemblies, smart cards, modules, integrated circuits, printed
        circuit board assemblies, and devices that incorporate 1 or
        more microprocessor-based central processing units that are
        capable of accepting, storing, processing, or providing output
        of data.
            (2) Encrypt and encryption.--The terms ``encrypt'' and
        ``encryption'' means the scrambling (and descrambling) of wire
        communications, electronic communications, or electronically
        stored information, using mathematical formulas or algorithms
        to preserve the confidentiality, integrity, or authenticity of,
        and prevent unauthorized recipients from accessing or altering,
        such communications or information.
            (3) Encryption product.--The term ``encryption product''--
                    (A) means computer hardware, computer software, or
                technology with encryption capabilities; and
                    (B) includes any subsequent version of or update to
                an encryption product, if the encryption capabilities
                are not changed.
            (4) Key.--The term ``key'' means the variable information
        used in a mathematical formula, code, or algorithm, or any
        component thereof, used to decrypt wire communications,
        electronic communications, or electronically stored
        information, that has been encrypted.
            (5) Key recovery information.--The term ``key recovery
        information'' means information that would enable obtaining the
        key of a user of encryption.
            (6) Person.--The term ``person'' has the meaning given the
        term in section 2510 of title 18, United States Code.
            (7) Secretary.--The term ``Secretary'' means the Secretary
        of Commerce.
            (8) State.--The term ``State'' means any State of the
        United States and includes the District of Columbia and any
        commonwealth, territory, or possessions of the United States.
            (9) United states person.--The term ``United States
        person'' means any--
                    (A) United States citizen; or
                    (B) legal entity that--
                            (i) is organized under the laws of the
                        United States, or any States, the District of
                        Columbia, or any commonwealth, territory, or
                        possession of the United States; and
                            (ii) has its principal place of business in
                        the United States.
            (10) Wire communication; electronic communication.--The
        terms ``wire communication'' and ``electronic communication''
        have the meanings given such terms in section 2510 of title 18,
        United States Code.

SEC. 3. ENSURING DEVELOPMENT AND DEPLOYMENT OF ENCRYPTION IS A
              VOLUNTARY PRIVATE SECTOR ACTIVITY.

    (a) Statement of Policy.--It is the policy of the United States
that the use, development, manufacture, sale, distribution, and
importation of encryption products, standards, and services for
purposes of assuring the confidentiality, authenticity, or integrity of
electronic information shall be voluntary and market driven.
    (b) Limitation on Regulation.--Neither the Federal Government nor a
State may establish any conditions, ties, or links between encryption
products, standards, and services used for confidentiality, and those
used for authenticity or integrity purposes.

SEC. 4. PROTECTION OF DOMESTIC SALE AND USE OF ENCRYPTION.

    Except as otherwise provided by this Act, it is lawful for any
person within any State, and for any United States person in a foreign
country, to develop, manufacture, sell, distribute, import, or use any
encryption product, regardless of the encryption algorithm selected,
encryption key length chosen, existence of key recovery, or other
plaintext access capability, or implementation or medium used.

SEC. 5. PROHIBITION ON MANDATORY GOVERNMENT ACCESS TO PLAINTEXT.

    (a) In General.--No department, agency, or instrumentality of the
United States or of any State may require that, set standards for,
condition any approval on, create incentives for, or tie any benefit to
a requirement that, a decryption key, access to a key, key recovery
information, or any other plaintext access capability be--
            (1) required to be built into computer hardware or software
        for any purpose;
            (2) given to any other person (including a department,
        agency, or instrumentality of the United States or an entity in
        the private sector that may be certified or approved by the
        United States or a State); or
            (3) retained by the owner or user of an encryption key or
        any other person, other than for encryption products for the
        use of the United States Government or a State government.
    (b) Protection of Existing Access.--Subsection (a) does not affect
the authority of any investigative or law enforcement officer, or any
member of the intelligence community (as defined in section 3 of the
National Security Act of 1947 (50 U.S.C. 401a)), acting under any law
in effect on the date of the enactment of this Act, to gain access to
encrypted communications or information.

SEC. 6. UNLAWFUL USE OF ENCRYPTION IN FURTHERANCE OF A CRIMINAL ACT.

    (a) Encryption of Incriminating Communications or Information
Unlawful.--Any person who, in the commission of a felony under a
criminal statute of the United States, knowingly and willfully encrypts
incriminating communications or information relating to that felony
with the intent to conceal such communications or information for the
purpose of avoiding detection by law enforcement agencies or
prosecution--
            (1) in the case of a first offense under this section,
        shall be imprisoned for not more than 5 years, or fined under
        title 18, United States Code, or both; and
            (2) in the case of a second or subsequent offense under
        this section, shall be imprisoned for not more than 10 years,
        or fined under title 18, United States Code, or both.
    (b) Use of Encryption Not a Basis for Probable Cause.--The use of
encryption by any person shall not be the sole basis for establishing
probable cause with respect to a criminal offense or a search warrant.

SEC. 7. EXPORTS OF ENCRYPTION.

    (a) Amendment to Export Administration Act of 1979.--Section 17 of
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended
by adding at the end the following new subsection:
    ``(g) Certain Consumer Products, Computers, and Related
Equipment.--
            ``(1) General rule.--Subject to paragraphs (2), (3), and
        (4), the Secretary shall have exclusive authority to control
        exports of all computer hardware, software, computing devices,
        customer premises equipment, communications network equipment,
        and technology for information security (including encryption),
        except that which is specifically designed or modified for
        military use, including command, control, and intelligence
        applications.
            ``(2) Critical infrastructure protection products.--
                    ``(A) Identification.--Not later than 90 days after
                the date of the enactment of the Security And Freedom
                through Encryption (SAFE) Act, the Assistant Secretary
                of Commerce for Communications and Information and the
                National Telecommunications and Information
                Administration shall issue regulations that identify,
                define, or determine which products and equipment
                described in paragraph (1) are designed for improvement
                of network security, network reliability, or data
                security.
                    ``(B) NTIA responsibility.--Not later than the
                expiration of the 2-year period beginning on the date
                of the enactment of the Security And Freedom through
                Encryption (SAFE) Act, all authority of the Secretary
                under this subsection and all determinations and
                reviews required by this section, with respect to
                products and equipment described in paragraph (1) that
                are designed for improvement of network security,
                network reliability, or data security through the use
                of encryption, shall be exercised through and made by
                the Assistant Secretary of Commerce for Communications
                and Information and the National Telecommunications and
                Information Administration. The Secretary may, at any
                time, assign to the Assistant Secretary and the NTIA
                authority of the Secretary under this section with
                respect to other products and equipment described in
                paragraph (1).
            ``(3) Items not requiring licenses.--After a one-time
        technical review by the Secretary of not more than 30 working
        days, which shall include consultation with the Secretary of
        Defense, the Secretary of State, the Attorney General, and the
        Director of Central Intelligence, no export license may be
        required, except pursuant to the Trading with the Enemy Act or
        the International Emergency Economic Powers Act (but only to
        the extent that the authority of such Act is not exercised to
        extend controls imposed under this Act), for the export or
        reexport of--
                    ``(A) any computer hardware or software or
                computing device, including computer hardware or
                software or computing devices with encryption
                capabilities--
                            ``(i) that is generally available;
                            ``(ii) that is in the public domain for
                        which copyright or other protection is not
                        available under title 17, United States Code,
                        or that is available to the public because it
                        is generally accessible to the interested
                        public in any form; or
                            ``(iii) that is used in a commercial, off-
                        the-shelf, consumer product or any component or
                        subassembly designed for use in such a consumer
                        product available within the United States or
                        abroad which--
                                    ``(I) includes encryption
                                capabilities which are inaccessible to
                                the end user; and
                                    ``(II) is not designed for military
                                or intelligence end use;
                    ``(B) any computing device solely because it
                incorporates or employs in any form--
                            ``(i) computer hardware or software
                        (including computer hardware or software with
                        encryption capabilities) that is exempted from
                        any requirement for a license under
                        subparagraph (A); or
                            ``(ii) computer hardware or software that
                        is no more technically complex in its
                        encryption capabilities than computer hardware
                        or software that is exempted from any
                        requirement for a license under subparagraph
                        (A) but is not designed for installation by the
                        purchaser;
                    ``(C) any computer hardware or software or
                computing device solely on the basis that it
                incorporates or employs in any form interface
                mechanisms for interaction with other computer hardware
                or software or computing devices, including computer
                hardware and software and computing devices with
                encryption capabilities;
                    ``(D) any computing or telecommunication device
                which incorporates or employs in any form computer
                hardware or software encryption capabilities which--
                            ``(i) are not directly available to the end
                        user; or
                            ``(ii) limit the encryption to be point-to-
                        point from the user to a central communications
                        point or link and does not enable end-to-end
                        user encryption;
                    ``(E) technical assistance and technical data used
                for the installation or maintenance of computer
                hardware or software or computing devices with
                encryption capabilities covered under this subsection;
                or
                    ``(F) any encryption hardware or software or
                computing device not used for confidentiality purposes,
                such as authentication, integrity, electronic
                signatures, nonrepudiation, or copy protection.
            ``(4) Computer hardware or software or computing devices
        with encryption capabilities.--After a one-time technical
        review by the Secretary of not more than 30 working days, which
        shall include consultation with the Secretary of Defense, the
        Secretary of State, the Attorney General, and the Director of
        Central Intelligence, the Secretary shall authorize the export
        or reexport of computer hardware or software or computing
        devices with encryption capabilities for nonmilitary end uses
        in any country--
                    ``(A) to which exports of computer hardware or
                software or computing devices of comparable strength
                are permitted for use by financial institutions not
                controlled in fact by United States persons, unless
                there is substantial evidence that such computer
                hardware or software or computing devices will be--
                            ``(i) diverted to a military end use or an
                        end use supporting international terrorism;
                            ``(ii) modified for military or terrorist
                        end use;
                            ``(iii) reexported without any
                        authorization by the United States that may be
                        required under this Act; or
                            ``(iv)(I) harmful to the national security
                        of the United States, including capabilities of
                        the United States in fighting drug trafficking,
                        terrorism, or espionage, (II) used in illegal
                        activities involving the sexual exploitation
                        of, abuse of, or sexually explicit conduct with
                        minors (including activities in violation of
                        chapter 110 of title 18, United States Code,
                        and section 2423 of such title), or (III) used
                        in illegal activities involving organized
                        crime; or
                    ``(B) if the Secretary determines that a computer
                hardware or software or computing device offering
                comparable security is commercially available in such
                country from a foreign supplier, without effective
                restrictions.
            ``(5) Definitions.--For purposes of this subsection--
                    ``(A) the term `computer hardware' has the meaning
                given such term in section 2 of the Security And
                Freedom through Encryption (SAFE) Act;
                    ``(B) the term `computing device' means a device
                which incorporates one or more microprocessor-based
                central processing units that can accept, store,
                process, or provide output of data;
                    ``(C) the term `customer premises equipment' means
                equipment employed on the premises of a person to
                originate, route, or terminate communications;
                    ``(D) the term `data security' means the
                protection, through techniques used by individual
                computer and communications users, of data from
                unauthorized penetration, manipulation, or disclosure;
                    ``(E) the term `encryption' has the meaning given
                such term in section 2 of the Security And Freedom
                through Encryption (SAFE) Act;
                    ``(F) the term `generally available' means, in the
                case of computer hardware or computer software
                (including computer hardware or computer software with
                encryption capabilities)--
                            ``(i) computer hardware or computer
                        software that is--
                                    ``(I) distributed through the
                                Internet;
                                    ``(II) offered for sale, license,
                                or transfer to any person without
                                restriction, whether or not for
                                consideration, including, but not
                                limited to, over-the-counter retail
                                sales, mail order transactions, phone
                                order transactions, electronic
                                distribution, or sale on approval;
                                    ``(III) preloaded on computer
                                hardware or computing devices that are
                                widely available for sale to the
                                public; or
                                    ``(IV) assembled from computer
                                hardware or computer software
                                components that are widely available
                                for sale to the public;
                            ``(ii) not designed, developed, or tailored
                        by the manufacturer for specific purchasers or
                        users, except that any such purchaser or user
                        may--
                                    ``(I) supply certain installation
                                parameters needed by the computer
                                hardware or software to function
                                properly with the computer system of
                                the user or purchaser; or
                                    ``(II) select from among options
                                contained in the computer hardware or
                                computer software; and
                            ``(iii) with respect to which the
                        manufacturer of that computer hardware or
                        computer software--
                                    ``(I) intended for the user or
                                purchaser, including any licensee or
                                transferee, to install the computer
                                hardware or software and has supplied
                                the necessary instructions to do so,
                                except that the manufacturer of the
                                computer hardware or software, or any
                                agent of such manufacturer, may also
                                provide telephone or electronic mail
                                help line services for installation,
                                electronic transmission, or basic
                                operations; and
                                    ``(II) the computer hardware or
                                software is designed for such
                                installation by the user or purchaser
                                without further substantial support by
                                the manufacturer;
                    ``(G) the term `network reliability' means the
                prevention, through techniques used by providers of
                computer and communications services, of the
                malfunction, and the promotion of the continued
                operations, of computer or communications network;
                    ``(H) the term `network security' means the
                prevention, through techniques used by providers of
                computer and communications services, of unauthorized
                penetration, manipulation, or disclosure of information
                of a computer or communications network;
                    ``(I) the term `technical assistance' includes
                instruction, skills training, working knowledge,
                consulting services, and the transfer of technical
                data;
                    ``(J) the term `technical data' includes
                blueprints, plans, diagrams, models, formulas, tables,
                engineering designs and specifications, and manuals and
                instructions written or recorded on other media or
                devices such as disks, tapes, or read-only memories;
                and
                    ``(K) the term `technical review' means a review by
                the Secretary of computer hardware or software or
                computing devices with encryption capabilities, based
                on information about the product's encryption
                capabilities supplied by the manufacturer, that the
                computer hardware or software or computing device works
                as represented.''.
    (b) Transfer of Authority to National Telecommunications and
Information Administration.--Section 103(b) of the National
Telecommunications and Information Administration Organization Act (47
U.S.C. 902(b)) is amended by adding at the end the following new
paragraph:
            ``(4) Export of communications transaction technologies.--
        In accordance with section 17(g)(2) of the Export
        Administration Act of 1979 (50 U.S.C. App. 2416(g)(2)), the
        Secretary shall assign to the Assistant Secretary and the NTIA
        the authority of the Secretary under such section 17(g), with
        respect to products and equipment described in paragraph (1) of
        such section that are designed for improvement of network
        security, network reliability, or data security, that (after
        the expiration of the 2-year period beginning on the date of
        the enactment of the Security And Freedom through Encryption
        (SAFE) Act) is to be exercised by the Assistant Secretary and
        the NTIA.''.
    (c) No Reinstatement of Export Controls on Previously Decontrolled
Products.--Any encryption product not requiring an export license as of
the date of enactment of this Act, as a result of administrative
decision or rulemaking, shall not require an export license on or after
such date of enactment.
    (d) Applicability of Certain Export Controls.--
            (1) In general.--Nothing in this Act shall limit the
        authority of the President under the International Emergency
        Economic Powers Act, the Trading with the Enemy Act, or the
        Export Administration Act of 1979, to--
                    (A) prohibit the export of encryption products to
                countries that have been determined to repeatedly
                provide support for acts of international terrorism; or
                    (B) impose an embargo on exports to, and imports
                from, a specific country.
            (2) Specific denials.--The Secretary of Commerce may
        prohibit the export of specific encryption products to an
        individual or organization in a specific foreign country
        identified by the Secretary, if the Secretary determines that
        there is substantial evidence that such encryption products
        will be--
                    (A) used for military or terrorist end-use or
                modified for military or terrorist end use;
                    (B) harmful to United States national security,
                including United States capabilities in fighting drug
                trafficking, terrorism, or espionage;
                    (C) used in illegal activities involving the sexual
                exploitation of, abuse of, or sexually explicit conduct
                with minors (including activities in violation of
                chapter 110 of title 18, United States Code, and
                section 2423 of such title); or
                    (D) used in illegal activities involving organized
                crime.
            (3) Other export controls.--An encryption product is
        subject to any export control imposed on that product for any
        reason other than the existence of encryption capability.
        Nothing in this Act or the amendments made by this Act alters
        the ability of the Secretary of Commerce to control exports of
        products for reasons other than encryption.
    (e) Continuation of Export Administration Act.--For purposes of
carrying out the amendment made by subsection (a), the Export
Administration Act of 1979 shall be deemed to be in effect.

SEC. 8. GOVERNMENT PROCUREMENT OF ENCRYPTION PRODUCTS.

    (a) Statement of Policy.--It is the policy of the United States--
            (1) to permit the public to interact with government
        through commercial networks and infrastructure; and
            (2) to protect the privacy and security of any electronic
        communication from, or stored information obtained from, the
        public.
    (b) Purchase of Encryption Products by Federal Government.--Any
department, agency, or instrumentality of the United States may
purchase encryption products for internal use by officers and employees
of the United States to the extent and in the manner authorized by law.
    (c) Prohibition of Requirement for Citizens To Purchase Specified
Products.--No department, agency, or instrumentality of the United
States, nor any department, agency, or political subdivision of a
State, may require any person in the private sector to use any
particular encryption product or methodology, including products with a
decryption key, access to a key, key recovery information, or any other
plaintext access capability, to communicate with, or transact business
with, the government.

SEC. 9. NATIONAL ELECTRONIC TECHNOLOGIES CENTER.

    Part A of the National Telecommunications and Information
Administration Organization Act is amended by inserting after section
105 (47 U.S.C. 904) the following new section:

``SEC. 106. NATIONAL ELECTRONIC TECHNOLOGIES CENTER.

    ``(a) Establishment.--There is established in the NTIA a National
Electronic Technologies Center (in this section referred to as the `NET
Center').
    ``(b) Director.--The NET Center shall have a Director, who shall be
appointed by the Assistant Secretary.
    ``(c) Duties.--The duties of the NET Center shall be--
            ``(1) to serve as a center for industry and government
        entities to exchange information and methodology regarding data
        security techniques and technologies;
            ``(2) to examine encryption techniques and methods to
        facilitate the ability of law enforcement to gain efficient
        access to plaintext of communications and electronic
        information;
            ``(3) to conduct research to develop efficient methods, and
        improve the efficiency of existing methods, of accessing
        plaintext of communications and electronic information;
            ``(4) to investigate and research new and emerging
        techniques and technologies to facilitate access to
        communications and electronic information, including --
                    ``(A) reverse-steganography;
                    ``(B) decompression of information that previously
                has been compressed for transmission; and
                    ``(C) de-multiplexing;
            ``(5) to obtain information regarding the most current
        computer hardware and software, telecommunications, and other
        capabilities to understand how to access information
        transmitted across computer and communications networks; and
            ``(6) to serve as a center for Federal, State, and local
        law enforcement authorities for information and assistance
        regarding decryption and other access requirements.
    ``(d) Equal Access.--State and local law enforcement agencies and
authorities shall have access to information, services, resources, and
assistance provided by the NET Center to the same extent that Federal
law enforcement agencies and authorities have such access.
    ``(e) Personnel.--The Director may appoint such personnel as the
Director considers appropriate to carry out the duties of the NET
Center.
    ``(f) Assistance of Other Federal Agencies.--Upon the request of
the Director of the NET Center, the head of any department or agency of
the Federal Government may, to assist the NET Center in carrying out
its duties under this section--
            ``(1) detail, on a reimbursable basis, any of the personnel
        of such department or agency to the NET Center; and
            ``(2) provide to the NET Center facilities, information,
        and other non-personnel resources.
    ``(g) Private Industry Assistance.--The NET Center may accept, use,
and dispose of gifts, bequests, or devises of money, services, or
property, both real and personal, for the purpose of aiding or
facilitating the work of the Center. Gifts, bequests, or devises of
money and proceeds from sales of other property received as gifts,
bequests, or devises shall be deposited in the Treasury and shall be
available for disbursement upon order of the Director of the NET
Center.
    ``(h) Advisory Board.--
            ``(1) Establishment.--There is established the Advisory
        Board of the NET Center (in this subsection referred to as the
        ``Advisory Board''), which shall be comprised of 11 members who
        shall have the qualifications described in paragraph (2) and
        who shall be appointed by the Assistant Secretary not later
        than 6 months after the date of the enactment of this Act. The
        chairman of the Advisory Board shall be designated by the
        Assistant Secretary at the time of appointment.
            ``(2) Qualifications.--Each member of the Advisory Board
        shall have experience or expertise in the field of encryption,
        decryption, electronic communication, information security,
        electronic commerce, or law enforcement.
            ``(3) Duties.--The duty of the Advisory Board shall be to
        advise the NET Center and the Federal Government regarding new
        and emerging technologies relating to encryption and decryption
        of communications and electronic information.
    ``(i) Implementation Plan.--Within 2 months after the date of the
enactment of this Act, the Assistant Secretary, in consultation and
cooperation with other appropriate Federal agencies and appropriate
industry participants, develop and cause to be published in the Federal
Register a plan for establishing the NET Center. The plan shall--
            ``(1) specify the physical location of the NET Center and
        the equipment, software, and personnel resources necessary to
        carry out the duties of the NET Center under this section;
            ``(2) assess the amount of funding necessary to establish
        and operate the NET Center; and
            ``(3) identify sources of probable funding for the NET
        Center, including any sources of in-kind contributions from
        private industry.''.

SEC. 10. STUDY OF NETWORK AND DATA SECURITY ISSUES.

    Part C of the National Telecommunications and Information
Administration Organization Act is amended by adding at the end the
following new section:

``SEC. 156. STUDY OF NETWORK RELIABILITY AND SECURITY AND DATA SECURITY
              ISSUES.

    ``(a) In General.--The NTIA shall conduct an examination of--
            ``(1) the relationship between--
                    ``(A) network reliability (for communications and
                computer networks), network security (for such
                networks), and data security issues; and
                    ``(B) the conduct, in interstate commerce, of
                electronic commerce transactions, including through the
                medium of the telecommunications networks, the
                Internet, or other interactive computer systems;
            ``(2) the availability of various methods for encrypting
        communications; and
            ``(3) the effects of various methods of providing access to
        encrypted communications and to information to further law
        enforcement activities.
    ``(b) Specific Issues.--In conducting the examination required by
subsection (a), the NTIA shall--
            ``(1) analyze and evaluate the requirements under
        paragraphs (3) and (4) of section 17(g) of the Export
        Administration Act of 1979 (50 U.S.C. App. 2416(g); as added by
        section 7(a) of this Act) for products referred to in such
        paragraphs to qualify for the license exemption or mandatory
        export authorization under such paragraphs, and determine--
                    ``(A) the scope and applicability of such
                requirements and the products that, at the time of the
                examination, qualify for such license exemption or
                export authorization; and
                    ``(B) the products that will, 12 months after the
                examination is conducted, qualify for such license
                exemption or export authorization; and
            ``(2) assess possible methods for providing access to
        encrypted communications and to information to further law
        enforcement activities.
    ``(c) Reports.--Within one year after the date of enactment of this
section, the NTIA shall submit to the Congress and the President a
detailed report on the examination required by subsections (a) and (b).
Annually thereafter, the NTIA shall submit to the Congress and the
President an update on such report.
    ``(d) Definitions.--For purposes of this section--
            ``(1) the terms `data security', `encryption', `network
        reliability', and `network security' have the meanings given
        such terms in section 17(g)(5) of the Export Administration Act
        of 1979 (50 U.S.C. App. 2416(g)(5)); and
            ``(2) the terms `Internet' and `interactive computer
        systems' have the meanings provided by section 230(e) of the
        Communications Act of 1934 (47 U.S.C. 230(e)).''.

SEC. 11. TREATMENT OF ENCRYPTION IN INTERSTATE AND FOREIGN COMMERCE.

    (a) Inquiry Regarding Impediments to Commerce.--Within 180 days
after the date of the enactment of this Act, the Secretary of Commerce
shall complete an inquiry to--
            (1) identify any domestic and foreign impediments to trade
        in encryption products and services and the manners in which
        and extent to which such impediments inhibit the development of
        interstate and foreign commerce; and
            (2) identify import restrictions imposed by foreign nations
        that constitute trade barriers to providers of encryption
        products or services.
The Secretary shall submit a report to the Congress regarding the
results of such inquiry by such date.
    (b) Removal of Impediments to Trade.--Within 1 year after such date
of enactment, the Secretary shall prescribe such regulations as may be
necessary to reduce the impediments to trade in encryption products and
services identified in the inquiry pursuant to subsection (a) for the
purpose of facilitating the development of interstate and foreign
commerce. Such regulations shall be designed to--
            (1) promote the sale and distribution, including through
        electronic commerce, in foreign commerce of encryption products
        and services manufactured in the United States; and
            (2) strengthen the competitiveness of domestic providers of
        encryption products and services in foreign commerce, including
        electronic commerce.
    (c) International Agreements.--
            (1) Report to president.--Upon the completion of the
        inquiry under subsection (a), the Secretary shall submit a
        report to the President regarding reducing any impediments to
        trade in encryption products and services that are identified
        by the inquiry and could, in the determination of the
        Secretary, require international negotiations for such
        reduction.
            (2) Negotiations.--The President shall take all actions
        necessary to conduct negotiations with other countries for the
        purposes of (A) concluding international agreements on the
        promotion of encryption products and services, and (B)
        achieving mutual recognition of countries' export controls, in
        order to meet the needs of countries to preserve national
        security, safeguard privacy, and prevent commercial espionage.
        The President may consider a country's refusal to negotiate
        such international export and mutual recognition agreements
        when considering the participation of the United States in any
        cooperation or assistance program with that country. The
        President shall submit a report to the Congress regarding the
        status of international efforts regarding cryptography not
        later than December 31, 2000.

SEC. 12. COLLECTION OF INFORMATION ON EFFECT OF ENCRYPTION ON LAW
              ENFORCEMENT ACTIVITIES.

    (a) Collection of Information by Attorney General.--The Attorney
General shall compile, and maintain in classified form, data on the
instances in which encryption (as defined in section 2801 of title 18,
United States Code) has interfered with, impeded, or obstructed the
ability of the Department of Justice to enforce the criminal laws of
the United States.
    (b) Availability of Information to the Congress.--The information
compiled under subsection (a), including an unclassified summary
thereof, shall be made available, upon request, to any Member of
Congress.

SEC. 13. PROHIBITION ON TRANSFERS TO PLA AND COMMUNIST CHINESE MILITARY
              COMPANIES.

    (a) Prohibition.--Whoever knowingly and willfully transfers to the
People's Liberation Army or to any Communist Chinese military company
any encryption product that utilizes a key length of more than 56
bits--
            (1) in the case of a first offense under this section,
        shall be imprisoned for not more than 5 years, or fined under
        title 18, United States Code, or both; and
            (2) in the case of second or subsequent offense under this
        section, shall be imprisoned for not more than 10 years, or
        fined under title 18, United States Code, or both.
    (b) Definitions.--For purposes of this section:
            (1) Communist chinese military company.--(A) Subject to
        subparagraph (B), the term ``Communist Chinese military
        company'' has the meaning given that term in section 1237(b)(4)
        of the Strom Thurmond National Defense Authorization Act for
        Fiscal Year 1999 (50 U.S.C. 1701 note).
            (B) At such time as the determination and publication of
        persons are made under section 1237(b)(1) of the Strom Thurmond
        National Defense Authorization Act for Fiscal Year 1999, the
        term ``Communist Chinese military company'' shall mean the list
        of those persons so published, as revised under section
        1237(b)(2) of that Act.
            (2) People's liberation army.--The term ``People's
        Liberation Army'' has the meaning given that term in section
        1237(c) of the Strom Thurmond National Defense Authorization
        Act for Fiscal Year 1999.

SEC. 14. FAILURE TO DECRYPT INFORMATION OBTAINED UNDER COURT ORDER.

    Whoever is required by an order of any court to provide to the
court or any other party any information in such person's possession
which has been encrypted and who, having possession of the key or such
other capability to decrypt such information into the readable or
comprehensible format of such information prior to its encryption,
fails to provide such information in accordance with the order in such
readable or comprehensible form--
            (1) in the case of a first offense under this section,
        shall be imprisoned for not more than 5 years, or fined under
        title 18, United States Code, or both; and
            (2) in the case of second or subsequent offense under this
        section, shall be imprisoned for not more than 10 years, or
        fined under title 18 United States Code, or both.

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Security And Freedom through
Encryption (SAFE) Act''.

SEC. 2. SALE AND USE OF ENCRYPTION.

    (a) In General.--Part I of title 18, United States Code, is amended
by inserting after chapter 123 the following new chapter:

        ``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

``Sec.
``2801. Definitions.
``2802. Freedom to use encryption.
``2803. Freedom to sell encryption.
``2804. Prohibition on mandatory key escrow.
``2805. Unlawful use of encryption in furtherance of a criminal act.
``Sec. 2801. Definitions
    ``As used in this chapter--
            ``(1) the terms `person', `State', `wire communication',
        `electronic communication', `investigative or law enforcement
        officer', and `judge of competent jurisdiction' have the
        meanings given those terms in section 2510 of this title;
            ``(2) the term `decrypt' means to retransform or unscramble
        encrypted data, including communications, to its readable form;
            ``(3) the terms `encrypt', `encrypted', and `encryption'
        mean the scrambling of wire communications, electronic
        communications, or electronically stored information, using
        mathematical formulas or algorithms in order to preserve the
        confidentiality, integrity, or authenticity of, and prevent
        unauthorized recipients from accessing or altering, such
        communications or information;
            ``(4) the term `key' means the variable information used in
        a mathematical formula, code, or algorithm, or any component
        thereof, used to decrypt wire communications, electronic
        communications, or electronically stored information, that has
        been encrypted; and
            ``(5) the term `key recovery information' means information
        that would enable obtaining the key of a user of encryption;
            ``(6) the term `plaintext access capability' means any
        method or mechanism which would provide information in readable
        form prior to its being encrypted or after it has been
        decrypted;
            ``(7) the term `United States person' means--
                    ``(A) any United States citizen;
                    ``(B) any other person organized under the laws of
                any State, the District of Columbia, or any
                commonwealth, territory, or possession of the United
                States; and
                    ``(C) any person organized under the laws of any
                foreign country who is owned or controlled by
                individuals or persons described in subparagraphs (A)
                and (B).
``Sec. 2802. Freedom to use encryption
    ``Subject to section 2805, it shall be lawful for any person within
any State, and for any United States person in a foreign country, to
use any encryption, regardless of the encryption algorithm selected,
encryption key length chosen, or implementation technique or medium
used.
``Sec. 2803. Freedom to sell encryption
    ``Subject to section 2805, it shall be lawful for any person within
any State to sell in interstate commerce any encryption, regardless of
the encryption algorithm selected, encryption key length chosen, or
implementation technique or medium used.
``Sec. 2804. Prohibition on mandatory key escrow
    ``(a) General Prohibition.--Neither the Federal Government nor a
State may require that, or condition any approval on a requirement
that, a key, access to a key, key recovery information, or any other
plaintext access capability be--
            ``(1) built into computer hardware or software for any
        purpose;
            ``(2) given to any other person, including a Federal
        Government agency or an entity in the private sector that may
        be certified or approved by the Federal Government or a State
        to receive it; or
            ``(3) retained by the owner or user of an encryption key or
        any other person, other than for encryption products for use by
        the Federal Government or a State.
    ``(b) Exception for Government National Security and Law
Enforcement Purposes.--The prohibition contained in subsection (a)
shall not apply to any department, agency, or instrumentality of the
United States, or to any department, agency, or political subdivision
of a State, that has a valid contract with a nongovernmental entity
that is assisting in the performance of national security or law
enforcement activity.
    ``(c) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or
law enforcement officer, or any member of the intelligence community as
defined in section 3 of the National Security Act of 1947 (50 U.S.C.
401a), acting under any law in effect on the effective date of this
chapter, to gain access to encrypted communications or information.
``Sec. 2805. Unlawful use of encryption in furtherance of a criminal
              act
    ``(a) Encryption of Incriminating Communications or Information
Unlawful.--Any person who, in the commission of a felony under a
criminal statute of the United States, knowingly and willfully encrypts
incriminating communications or information relating to that felony
with the intent to conceal such communications or information for the
purpose of avoiding detection by law enforcement agencies or
prosecution--
            ``(1) in the case of a first offense under this section,
        shall be imprisoned for not more than 5 years, or fined in the
        amount set forth in this title, or both; and
            ``(2) in the case of a second or subsequent offense under
        this section, shall be imprisoned for not more than 10 years,
        or fined in the amount set forth in this title, or both.
    ``(b) Use of Encryption Not a Basis for Probable Cause.--The use of
encryption by any person shall not be the sole basis for establishing
probable cause with respect to a criminal offense or a search
warrant.''.
    (b) Conforming Amendment.--The table of chapters for part I of
title 18, United States Code, is amended by inserting after the item
relating to chapter 123 the following new item:

``125. Encrypted wire and electronic information............    2801''.

SEC. 3. EXPORTS OF ENCRYPTION.

    (a) Amendment to Export Administration Act of 1979.--Section 17 of
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended
by adding at the end thereof the following new subsection:
    ``(g) Certain Consumer Products, Computers, and Related
Equipment.--
            ``(1) General rule.--Subject to paragraphs (2) and (3), the
        Secretary shall have exclusive authority to control exports of
        all computer hardware, software, computing devices, customer
        premises equipment, communications network equipment, and
        technology for information security (including encryption),
        except that which is specifically designed or modified for
        military use, including command, control, and intelligence
        applications.
            ``(2) Items not requiring licenses.--After a 1-time
        technical review by the Secretary, which shall be completed not
        later than 30 working days after submission of the product
        concerned for such technical review, no export license may be
        required, except pursuant to the Trading with the enemy Act or
        the International Emergency Economic Powers Act (but only to
        the extent that the authority of such Act is not exercised to
        extend controls imposed under this Act), for the export or
        reexport of--
                    ``(A) any computer hardware or software or
                computing device, including computer hardware or
                software or computing devices with encryption
                capabilities--
                            ``(i) that is generally available;
                            ``(ii) that is in the public domain for
                        which copyright or other protection is not
                        available under title 17, United States Code,
                        or that is available to the public because it
                        is generally accessible to the interested
                        public in any form; or
                            ``(iii) that is used in a commercial, off-
                        the-shelf, consumer product or any component or
                        subassembly designed for use in such a consumer
                        product available within the United States or
                        abroad which--
                                    ``(I) includes encryption
                                capabilities which are inaccessible to
                                the end user; and
                                    ``(II) is not designed for military
                                or intelligence end use;
                    ``(B) any computing device solely because it
                incorporates or employs in any form--
                            ``(i) computer hardware or software
                        (including computer hardware or software with
                        encryption capabilities) that is exempted from
                        any requirement for a license under
                        subparagraph (A); or
                            ``(ii) computer hardware or software that
                        is no more technically complex in its
                        encryption capabilities than computer hardware
                        or software that is exempted from any
                        requirement for a license under subparagraph
                        (A) but is not designed for installation by the
                        purchaser;
                    ``(C) any computer hardware or software or
                computing device solely on the basis that it
                incorporates or employs in any form interface
                mechanisms for interaction with other computer hardware
                or software or computing devices, including computer
                hardware and software and computing devices with
                encryption capabilities;
                    ``(D) any computing or telecommunication device
                which incorporates or employs in any form computer
                hardware or software encryption capabilities which--
                            ``(i) are not directly available to the end
                        user; or
                            ``(ii) limit the encryption to be point-to-
                        point from the user to a central communications
                        point or link and does not enable end-to-end
                        user encryption;
                    ``(E) technical assistance and technical data used
                for the installation or maintenance of computer
                hardware or software or computing devices with
                encryption capabilities covered under this subsection;
                or
                    ``(F) any encryption hardware or software or
                computing device not used for confidentiality purposes,
                such as authentication, integrity, electronic
                signatures, nonrepudiation, or copy protection.
            ``(3) Computer hardware or software or computing devices
        with encryption capabilities.--After a 1-time technical review
        by the Secretary, which shall be completed not later than 30
        working days after submission of the product concerned for such
        technical review, the Secretary shall authorize the export or
        reexport of computer hardware or software or computing devices
        with encryption capabilities for nonmilitary end uses in any
        country--
                    ``(A) to which exports of computer hardware or
                software or computing devices of comparable strength
                are permitted for use by financial institutions not
                controlled in fact by United States persons, unless
                there is credible evidence that such computer hardware
                or software or computing devices will be--
                            ``(i) diverted to a military end use or an
                        end use supporting international terrorism;
                            ``(ii) modified for military or terrorist
                        end use; or
                            ``(iii) reexported without any
                        authorization by the United States that may be
                        required under this Act; or
                    ``(B) if the Secretary determines that a computer
                hardware or software or computing device offering
                comparable security is commercially available outside
                the United States from a foreign supplier, without
                effective restrictions.
            ``(4) Exports to major drug-transit and illicit drug
        producing countries.--The Secretary, before approving any
        export or reexport of encryption products to any major drug-
        transit country or major illicit drug producing country
        identified under section 490(h) of the Foreign Assistance Act
        of 1961, shall consult with the Attorney General of the United
        States, the Director of the Federal Bureau of Investigation,
        and the Administrator of the Drug Enforcement Administration on
        the potential impact of such export or reexport on the flow of
        illicit drugs into the United States. This paragraph shall not
        authorize the denial of an export of an encryption product, or
        of the issuance of a specific export license, for which such
        denial is not otherwise appropriate, solely because the country
        of destination is a major drug-transit country or major illicit
        drug producing country.
            ``(5) Definitions.--As used in this subsection--
                    ``(A)(i) the term `encryption' means the scrambling
                of wire communications, electronic communications, or
                electronically stored information, using mathematical
                formulas or algorithms in order to preserve the
                confidentiality, integrity, or authenticity of, and
                prevent unauthorized recipients from accessing or
                altering, such communications or information;
                    ``(ii) the terms `wire communication' and
                `electronic communication' have the meanings given
                those terms in section 2510 of title 18, United States
                Code;
                    ``(B) the term `generally available' means, in the
                case of computer hardware or computer software
                (including computer hardware or computer software with
                encryption capabilities)--
                            ``(i) computer hardware or computer
                        software that is--
                                    ``(I) distributed through the
                                Internet;
                                    ``(II) offered for sale, license,
                                or transfer to any person without
                                restriction, whether or not for
                                consideration, including, but not
                                limited to, over-the-counter retail
                                sales, mail order transactions, phone
                                order transactions, electronic
                                distribution, or sale on approval;
                                    ``(III) preloaded on computer
                                hardware or computing devices that are
                                widely available for sale to the
                                public; or
                                    ``(IV) assembled from computer
                                hardware or computer software
                                components that are widely available
                                for sale to the public;
                            ``(ii) not designed, developed, or tailored
                        by the manufacturer for specific purchasers or
                        users, except that any such purchaser or user
                        may--
                                    ``(I) supply certain installation
                                parameters needed by the computer
                                hardware or software to function
                                properly with the computer system of
                                the user or purchaser; or
                                    ``(II) select from among options
                                contained in the computer hardware or
                                computer software;
                            ``(iii) with respect to which the
                        manufacturer of that computer hardware or
                        computer software--
                                    ``(I) intended for the user or
                                purchaser, including any licensee or
                                transferee, to install the computer
                                hardware or software and has supplied
                                the necessary instructions to do so,
                                except that the manufacturer of the
                                computer hardware or software, or any
                                agent of such manufacturer, may also
                                provide telephone or electronic mail
                                help line services for installation,
                                electronic transmission, or basic
                                operations; and
                                    ``(II) the computer hardware or
                                software is designed for such
                                installation by the user or purchaser
                                without further substantial support by
                                the manufacturer; and
                            ``(iv) offered for sale, license, or
                        transfer to any person without restriction,
                        whether or not for consideration, including,
                        but not limited to, over-the-counter retail
                        sales, mail order transactions, phone order
                        transactions, electronic distribution, or sale
                        on approval;
                    ``(C) the term `computing device' means a device
                which incorporates one or more microprocessor-based
                central processing units that can accept, store,
                process, or provide output of data;
                    ``(D) the term `computer hardware' includes, but is
                not limited to, computer systems, equipment,
                application-specific assemblies, smart cards, modules,
                integrated circuits, and printed circuit board
                assemblies;
                    ``(E) the term `customer premises equipment' means
                equipment employed on the premises of a person to
                originate, route, or terminate communications;
                    ``(F) the term `technical assistance' includes
                instruction, skills training, working knowledge,
                consulting services, and the transfer of technical
                data;
                    ``(G) the term `technical data' includes
                blueprints, plans, diagrams, models, formulas, tables,
                engineering designs and specifications, and manuals and
                instructions written or recorded on other media or
                devices such as disks, tapes, or read-only memories;
                and
                    ``(H) the term `technical review' means a review by
                the Secretary of computer hardware or software or
                computing devices with encryption capabilities, based
                on information about the product's encryption
                capabilities supplied by the manufacturer, that the
                computer hardware or software or computing device works
                as represented.''.
    (b) No Reinstatement of Export Controls on Previously Decontrolled
Products.--Any encryption product not requiring an export license as of
the date of enactment of this Act, as a result of administrative
decision or rulemaking, shall not require an export license on or after
such date of enactment.
    (c) Applicability of Certain Export Controls.--
            (1) In general.--Nothing in this Act shall limit the
        authority of the President under the International Emergency
        Economic Powers Act, the Trading with the enemy Act, or the
        Export Administration Act of 1979, to--
                    (A) prohibit the export of encryption products to
                countries that have been determined to repeatedly
                provide support for acts of international terrorism;
                    (B) prohibit the export or reexport of any
                encryption product with an encryption strength of more
                than 56 bits to any military unit of the People's
                Republic of China, including the People's Liberation
                Army (as defined in section 1237(c) of the Strom
                Thurmond National Defense Authorization Act for Fiscal
                Year 1999 (50 U.S.C. 1701 note)); or
                    (C) impose an embargo on exports to, and imports
                from, a specific country.
            (2) Specific denials.--The Secretary of Commerce may
        prohibit the export of specific encryption products to an
        individual or organization in a specific foreign country or
        countries identified by the Secretary, if the Secretary, in
        consultation with the Secretary of Defense, the Secretary of
        State, the Attorney General, the Director of the Federal Bureau
        of Investigation, the Administrator of the Drug Enforcement
        Administration, and the Director of Central Intelligence,
        determines that there is credible evidence that such encryption
        products will be used--
                    (A) for military or terrorist end-use;
                    (B) to facilitate the import of illicit drugs into
                the United States;
                    (C) in the manufacture of weapons of mass
                destruction or otherwise to assist in the proliferation
                of weapons of mass destruction; or
                    (D) for illegal activities involving the sexual
                exploitation of, abuse of, or sexually explicit conduct
                with minors.
            (3) Other export controls.--Any encryption product is
        subject to export controls for any reason other than the
        existence of encryption capability, including export controls
        imposed on high performance computers. Nothing in this Act or
        the amendments made by this Act alters the ability of the
        Secretary of Commerce to control exports for reasons other than
        encryption capabilities.
            (4) Definition.--As used in this subsection and subsection
        (b), the term ``encryption'' has the meaning given that term in
        section 17(g)(5)(A) of the Export Administration Act of 1979,
        as added by subsection (a) of this section.
    (d) Continuation of Export Administration Act.--For purposes of
carrying out the amendment made by subsection (a), the Export
Administration Act of 1979 shall be deemed to be in effect.

SEC. 4. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

    (a) Collection of Information by Attorney General.--The Attorney
General shall compile, and maintain in classified form, data on the
instances in which encryption (as defined in section 2801 of title 18,
United States Code) has interfered with, impeded, or obstructed the
ability of the Department of Justice to enforce the criminal laws of
the United States.
    (b) Availability of Information to the Congress.--The information
compiled under subsection (a), including an unclassified summary
thereof, shall be made available, upon request, to any Member of
Congress.

[SECTION 1. SHORT TITLE.

    [This Act may be cited as the ``Protection of National Security and
Public Safety Act''.

[SEC. 2. EXPORTS OF ENCRYPTION.

    [(a) Authority to Control Exports.--The President shall control the
export of all dual-use encryption products.
    [(b) Authority to Deny Export for National Security Reasons.--
Notwithstanding any provision of this Act, the President may deny the
export of any encryption product on the basis that its export is
contrary to the national security interests of the United States.
    [(c) Decisions Not Subject to Judicial Review.--Any decision made
by the President or his designee with respect to the export of
encryption products under this Act shall not be subject to judicial
review.

[SEC. 3. LICENSE EXCEPTION FOR CERTAIN ENCRYPTION PRODUCTS.

    [Encryption products with encryption strength equal to or less than
the level identified in section 5 shall be eligible for export under a
license exception if--
            [(1) such encryption product is submitted for a 1-time
        technical review;
            [(2) such encryption product does not require licensing
        under otherwise applicable regulations;
            [(3) such encryption product is not intended for a country,
        end user, or end use that is by regulation ineligible to
        receive such product, and the encryption product is otherwise
        qualified for export; and
            [(4) the exporter, at the time of submission of the product
        for technical review, provides the names and addresses of its
        distribution chain partners.

[SEC. 4. ONE-TIME PRODUCT REVIEW.

    [The President shall specify the information that must be submitted
for the 1-time review referred to in section 3.

[SEC. 5. ELIGIBILITY LEVELS.

    [(a) Initial Eligibility Level.--Not later than 180 days after the
date of the enactment of this Act, the President shall notify the
Congress of the maximum level of encryption strength that may be
exported from the United States under license exception pursuant to
section 3 without harm to the national security interests of the United
States. Such level shall not become effective until 30 days after such
notification.
    [(b) Periodic Review of Eligibility Level.--The President shall, at
the end of each successive 180-day period after the notice provided to
the Congress under subsection (a), notify the Congress of the maximum
level of encryption strength, which may not be lower than that in
effect under this section during that 180-day period, that may be
exported from the United States under a license exception pursuant to
section 3 without harm to the national security interests of the United
States. Such level shall not become effective until 30 days after such
notification.

[SEC. 6. ENCRYPTION LICENSES REQUIRED.

    [(a) United States Products Exceeding Certain Bit Length.--An
export license is required for the export of any encryption product
designed or manufactured within the United States with an encryption
strength exceeding the maximum level eligible for a license exception
under section 3.
    [(b) Requirements for Export License Application.--To apply for an
export license, the applicant shall submit--
            [(1) the product for technical review;
            [(2) a certification identifying--
                    [(A) the intended end use of the product; and
                    [(B) the expected end user of the product;
            [(3) in instances where the export is to a distribution
        chain partner--
                    [(A) proof that the distribution chain partner has
                contractually agreed to abide by all laws and
                regulations of the United States concerning the export
                and reexport of encryption products designed or
                manufactured within the United States; and
                    [(B) the name and address of the distribution chain
                partner; and
            [(4) any other information required by the President.
    [(c) Post-Export Reporting.--
            [(1) Unauthorized use.--Any exporter of encryption products
        that are designed or manufactured within the United States
        shall submit a report to the Secretary at any time the exporter
        has reason to believe that any such product exported pursuant
        to this section is being diverted to a use or user not approved
        at the time of export.
            [(2) Distribution chain partners.--All exporters of
        encryption products that are designed and manufactured within
        the United States, and all distribution chain partners of such
        exporters, shall submit to the Secretary a report which shall
        specify--
                    [(A) the particular product sold;
                    [(B) the name and address of the end user of the
                product; and
                    [(C) the intended use of the product sold.

[SEC. 7. WAIVER AUTHORITY.

    [(a) In General.--The President may by Executive order waive the
applicability of any provision of section 3 to a person or entity if
the President determines that the waiver is necessary to protect the
national security interests of the United States. The President shall,
not later than 15 days after making such determination, submit a report
to the committees referred to in subsection (c) that includes the
factual basis upon which such determination was made. The report may be
in classified format.
    [(b) Waivers for Certain Classes of End Users.--The President may
by Executive order waive the licensing requirements of section 6 for
specific classes of end users identified as being eligible for receipt
of encryption commodities and software under license exception in
section 740.17 of title 15, Code of Federal Regulations, as in effect
on July 17, 1999. The President shall, not later than 15 days after
issuing such a waiver, submit a report to the committees referred to in
subsection (c) that includes the factual basis upon which such waiver
was made. The report may be in classified format.
    [(c) Committees.--The committees referred to in subsections (a) and
(b) are the Committee on International Relations, the Committee on
Armed Services, and the Permanent Select Committee on Intelligence of
the House of Representatives, and the Committee on Foreign Relations,
the Committee on Armed Services, and the Select Committee on
Intelligence of the Senate.

[SEC. 8. ENCRYPTION INDUSTRY AND INFORMATION SECURITY BOARD.

    [(a) Encryption Industry and Information Security Board
Established.--There is hereby established an Encryption Industry and
Information Security Board. The Board shall undertake an advisory role
for the President on the matter of foreign availability of encryption
products.
    [(b) Membership.--(1) The Board shall be composed of 12 members, as
follows:
            [(A) The Secretary, or the Secretary's designee.
            [(B) The Attorney General, or his or her designee.
            [(C) The Secretary of Defense, or his or her designee.
            [(D) The Director of Central Intelligence, or his or her
        designee.
            [(E) The Director of the Federal Bureau of Investigation,
        or his or her designee.
            [(F) The Special Assistant to the President for National
        Security Affairs, or his or her designee, who shall chair the
        Board.
            [(G) Six representatives from the private sector who have
        expertise in the development, operation, marketing, law, or
        public policy relating to information security or technology.
        Members under this subparagraph shall each serve for 5-year
        terms.
    [(2) The six private sector representatives described in paragraph
(1)(G) shall be appointed as follows:
                    [(A) Two by the Speaker of the House of
                Representatives.
                    [(B) One by the Minority Leader of the House of
                Representatives.
                    [(C) Two by the Majority Leader of the Senate.
                    [(D) One by the Minority Leader of the Senate.
    [(c) Meetings.--The Board shall meet at such times and in such
places as the Secretary may prescribe, but not less frequently than
every four months.
    [(d) Findings and Recommendations.--The chair of the Board shall
convey the findings and recommendations of the Board to the President
and to the Congress within 30 days after each meeting of the Board. The
recommendations of the Board are not binding upon the President.
    [(e) Limitation.--The Board shall have no authority to review any
export determination made pursuant to this Act.
    [(f) Termination.--This section shall cease to be effective 10
years after the date of the enactment of this Act.

[SEC. 9. MARKET SHARE SURVEY.

    [The Secretary shall, at least once every 6 months, conduct a
market share survey of foreign markets for encryption products. The
Secretary shall publish the results of the survey in the Federal
Register. The publication shall include an assessment of the market
share of each foreign encryption product in each market surveyed and a
description of the general characteristics of each encryption product.

[SEC. 10. DEFINITIONS.

    [In this Act:
            [(1) Encryption.--The term ``encryption'' means the
        transformation or scrambling of data, for the purpose of
        protecting such data, from plaintext to an unreadable or
        incomprehensible format, regardless of the techniques used for
        such transformation or scrambling and regardless of the medium
        in which such data occur or can be found.
            [(2) Export and exporter.--The term ``export'' includes
        reexport, the term ``exporter'' includes ``reexporter''.
            [(3) Secretary.--The term ``Secretary'' means the Secretary
        of Commerce.]

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title.--This Act may be cited as the ``Encryption for the
National Interest Act''.
    (b) Table of Contents.--The table of contents is as follows:

Sec. 1. Short title; table of contents.
Sec. 2. Statement of policy.
Sec. 3. Congressional findings.
                  TITLE I--DOMESTIC USES OF ENCRYPTION

Sec. 101. Definitions.
Sec. 102. Lawful use of encryption.
Sec. 103. Unlawful use of encryption.
                    TITLE II--GOVERNMENT PROCUREMENT

Sec. 201. Federal purchases of encryption products.
Sec. 202. Networks established with Federal funds.
Sec. 203. Government contract authority.
Sec. 204. Product labels.
Sec. 205. No private mandate.
Sec. 206. Exclusion.
                    TITLE III--EXPORTS OF ENCRYPTION

Sec. 301. Exports of encryption.
Sec. 302. License exception for certain encryption products.
Sec. 303. Discretionary authority.
Sec. 304. Expedited review authority.
Sec. 305. Encryption licenses required.
Sec. 306. Encryption Industry and Information Security Board.
                    TITLE IV--LIABILITY LIMITATIONS

Sec. 401. Compliance with court order.
Sec. 402. Compliance defense.
Sec. 403. Good faith defense.
                   TITLE V--INTERNATIONAL AGREEMENTS

Sec. 501. Sense of Congress.
Sec. 502. Failure to negotiate.
Sec. 503. Report to Congress.
                   TITLE VI--MISCELLANEOUS PROVISIONS

Sec. 601. Effect on law enforcement activities.
Sec. 602. Interpretation.
Sec. 603. FBI technical support.
Sec. 604. Severability.

SEC. 2. STATEMENT OF POLICY.

    It is the policy of the United States to protect public computer
networks through the use of strong encryption technology, to promote
the export of encryption products developed and manufactured in the
United States, and to preserve public safety and national security.

SEC. 3. CONGRESSIONAL FINDINGS.

    The Congress finds the following:
            (1) Information security technology, encryption, is--
                    (A) fundamental to secure the flow of intelligence
                information to national policy makers;
                    (B) critical to the President and national command
                authority of the United States;
                    (C) necessary to the Secretary of State for the
                development and execution of the foreign policy of the
                United States;
                    (D) essential to the Secretary of Defense's
                responsibilities to ensure the effectiveness of the
                Armed Forces of the United States;
                    (E) invaluable to the protection of the citizens of
                the United States from fraud, theft, drug trafficking,
                child pornography; kidnapping, and money laundering;
                and
                    (F) basic to the protection of the nation's
                critical infrastructures, including electrical grids,
                banking and financial systems, telecommunications,
                water supplies, and transportation.
            (2) The goal of any encryption legislation should be to
        enhance and promote the global market strength of United States
        encryption manufacturers, while guaranteeing that national
        security and public safety obligations of the Government can
        still be accomplished.
            (3) It is essential to the national security interests of
        the United States that United States encryption products
        dominate the global market.
            (4) Widespread use of unregulated encryption products poses
        a significant threat to the national security interests of the
        United States.
            (5) Leaving the national security and public safety
        responsibilities of the Government to the marketplace alone is
        not consistent with the obligations of the Government to
        protect the public safety and to defend the Nation.
            (6) In order for the United States position in the global
        market to benefit the national security interests of the United
        States, it is imperative that the export of encryption products
        be subject to a dynamic and constructive export control regime.
            (7) Export of commercial items are best managed through a
        regulatory structure which has flexibility to address
        constantly changing market conditions.
            (8) Managing sensitive dual-use technologies, such as
        encryption products, is challenging in any regulatory
        environment due to the difficulty in balancing competing
        interests in national security, public safety, privacy, fair
        competition within the industry, and the dynamic nature of the
        technology.
            (9) There is a widespread perception that the executive
        branch has not adequately balanced the equal and competing
        interests of national security, public safety, privacy, and
        industry.
            (10) There is a perception that the current encryption
        export control policy has done more to disadvantage United
        States business interests than to promote and protect national
        security and public safety interests.
            (11) A balance can and must be achieved between industry
        interests, national security, law enforcement requirements, and
        privacy needs.
            (12) A court order process should be required for access to
        plaintext, where and when available, and criminal and civil
        penalties should be imposed for misuse of decryption
        information.
            (13) Timely access to plaintext capability is--
                    (A) necessary to thwarting potential terrorist
                activities;
                    (B) extremely useful in the collection of foreign
                intelligence;
                    (C) indispensable to force protection requirements;
                    (D) critical to the investigation and prosecution
                of criminals; and
                    (E) both technically and economically possible.
            (14) The United States Government should encourage the
        development of those products that would provide a capability
        allowing law enforcement (Federal, State, and local), with a
        court order only, to gain timely access to the plaintext of
        either stored data or data in transit.
            (15) Unless law enforcement has the benefit of such market
        encouragement, drug traffickers, spies, child pornographers,
        pedophiles, kidnappers, terrorists, mobsters, weapons
        proliferators, fraud schemers, and other criminals will be able
        to use encryption software to protect their criminal activity
        and hinder the criminal justice system.
            (16) An effective regulatory approach to manage the
        proliferation of encryption products which have dual-use
        capabilities must be maintained and greater confidence in the
        ability of the executive branch to preserve and promote the
        competitive advantage of the United States encryption industry
        in the global market must be provided.

                  TITLE I--DOMESTIC USES OF ENCRYPTION

SEC. 101. DEFINITIONS.

    For purposes of this Act:
            (1) Attorney for the government.--The term ``attorney for
        the Government'' has the meaning given such term in Rule 54(c)
        of the Federal Rules of Criminal Procedure, and also includes
        any duly authorized attorney of a State who is authorized to
        prosecute criminal offenses within such State.
            (2) Authorized party.--The term ``authorized party'' means
        any person with the legal authority to obtain decryption
        information or plaintext of encrypted data, including
        communications.
            (3) Communications.--The term ``communications'' means any
        wire communications or electronic communications as those terms
        are defined in paragraphs (1) and (12) of section 2510 of title
        18, United States Code.
            (4) Court of competent jurisdiction.--The term ``court of
        competent jurisdiction'' means any court of the United States
        organized under Article III of the Constitution of the United
        States, the court organized under the Foreign Intelligence
        Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), or a court
        of general criminal jurisdiction of a State authorized pursuant
        to the laws of such State to enter orders authorizing searches
        and seizures.
            (5) Data network service provider.--The term ``data network
        service provider'' means a person offering any service to the
        general public that provides the users thereof with the ability
        to transmit or receive data, including communications.
            (6) Decryption.--The term ``decryption'' means the
        retransformation or unscrambling of encrypted data, including
        communications, to its readable plaintext version. To
        ``decrypt'' data, including communications, is to perform
        decryption.
            (7) Decryption information.--The term ``decryption
        information'' means information or technology that enables one
        to readily retransform or unscramble encrypted data from its
        unreadable and incomprehensible format to its readable
        plaintext version.
            (8) Electronic storage.--The term ``electronic storage''
        has the meaning given that term in section 2510(17) of title
        18, United States Code.
            (9) Encryption.--The term ``encryption'' means the
        transformation or scrambling of data, including communications,
        from plaintext to an unreadable or incomprehensible format,
        regardless of the technique utilized for such transformation or
        scrambling and irrespective of the medium in which such data,
        including communications, occur or can be found, for the
        purposes of protecting the content of such data, including
        communications. To ``encrypt'' data, including communications,
        is to perform encryption.
            (10) Encryption product.--The term ``encryption product''
        means any software, technology, commodity, or mechanism, that
        can be used to encrypt or decrypt or has the capability of
        encrypting or decrypting any data, including communications.
            (11) Foreign availability.--The term ``foreign
        availability'' has the meaning applied to foreign availability
        of encryption products subject to controls under the Export
        Administration Regulations, as in effect on July 1, 1999.
            (12) Government.--The term ``Government'' means the
        Government of the United States and any agency or
        instrumentality thereof, or the government of any State, and
        any of its political subdivisions.
            (13) Investigative or law enforcement officer.--The term
        ``investigative or law enforcement officer'' has the meaning
        given that term in section 2510(7) of title 18, United States
        Code.
            (14) National security.--The term ``national security''
        means the national defense, intelligence, or foreign policy
        interests of the United States.
            (15) Plaintext.--The term ``plaintext'' means the readable
        or comprehensible format of that data, including
        communications, which has been encrypted.
            (16) Plainvoice.--The term ``plainvoice'' means
        communication specific plaintext.
            (17) Secretary.--The term ``Secretary'' means the Secretary
        of Commerce, unless otherwise specifically identified.
            (18) State.--The term ``State'' has the meaning given that
        term in section 2510(3) of title 18, United States Code.
            (19) Telecommunications carrier.--The term
        ``telecommunications carrier'' has the meaning given that term
        in section 3 of the Communications Act of 1934 (47 U.S.C. 153).
            (20) Telecommunications system.--The term
        ``telecommunications system'' means any equipment, technology,
        or related software used in the movement, switching,
        interchange, transmission, reception, or internal signaling of
        data, including communications over wire, fiber optic, radio
        frequency, or any other medium.
            (21) United states person.--The term ``United States
        person'' means--
                    (A) any citizen of the United States;
                    (B) any other person organized under the laws of
                any State; and
                    (C) any person organized under the laws of any
                foreign country who is owned or controlled by
                individuals or persons described in subparagraphs (A)
                and (B).

SEC. 102. LAWFUL USE OF ENCRYPTION.

    Except as otherwise provided by this Act or otherwise provided by
law, it shall be lawful for any person within any State and for any
United States person to use any encryption product, regardless of
encryption algorithm selected, encryption bit length chosen, or
implementation technique or medium used.

SEC. 103. UNLAWFUL USE OF ENCRYPTION.

    (a) In General.--Part I of title 18, United States Code, is amended
by inserting after chapter 123 the following new chapter:

        ``CHAPTER 125--ENCRYPTED DATA, INCLUDING COMMUNICATIONS

``Sec.
``2801. Unlawful use of encryption in furtherance of a criminal act.
``2802. Privacy protection.
``2803. Court order access to plaintext or decryption information.
``2804. Notification procedures.
``2805. Lawful use of plaintext or decryption information.
``2806. Identification of decryption information.
``2807. Definitions.
``Sec. 2801. Unlawful use of encryption in furtherance of a criminal
              act
    ``(a) Prohibited Acts.--Whoever knowingly uses encryption in
furtherance of the commission of a criminal offense for which the
person may be prosecuted in a district court of the United States
shall--
            ``(1) in the case of a first offense under this section, be
        imprisoned for not more than 5 years, or fined under this
        title, or both; and
            ``(2) in the case of a second or subsequent offense under
        this section, be imprisoned for not more than 10 years, or
        fined under this title, or both.
    ``(b) Consecutive Sentence.--Notwithstanding any other provision of
law, the court shall not place on probation any person convicted of a
violation of this section, nor shall the term of imprisonment imposed
under this section run concurrently with any other term of imprisonment
imposed for the underlying criminal offense.
    ``(c) Probable Cause Not Constituted by Use of Encryption.--The use
of encryption by itself shall not establish probable cause to believe
that a crime is being or has been committed.
``Sec. 2802. Privacy protection
    ``(a) In General.--It shall be unlawful for any person to
intentionally--
            ``(1) obtain or use decryption information without lawful
        authority for the purpose of decrypting data, including
        communications;
            ``(2) exceed lawful authority in decrypting data, including
        communications;
            ``(3) break the encryption code of another person without
        lawful authority for the purpose of violating the privacy or
        security of that person or depriving that person of any
        property rights;
            ``(4) impersonate another person for the purpose of
        obtaining decryption information of that person without lawful
        authority;
            ``(5) facilitate or assist in the encryption of data,
        including communications, knowing that such data, including
        communications, are to be used in furtherance of a crime; or
            ``(6) disclose decryption information in violation of a
        provision of this chapter.
    ``(b) Criminal Penalty.--Whoever violates this section shall be
imprisoned for not more than 10 years, or fined under this title, or
both.
``Sec. 2803. Court order access to plaintext or decryption information
    ``(a) Court Order.--(1) A court of competent jurisdiction shall
issue an order, ex parte, granting an investigative or law enforcement
officer timely access to the plaintext of encrypted data, including
communications, or requiring any person in possession of decryption
information to provide such information to a duly authorized
investigative or law enforcement officer--
            ``(A) upon the application by an attorney for the
        Government that--
                    ``(i) is made under oath or affirmation by the
                attorney for the Government; and
                    ``(ii) provides a factual basis establishing the
                relevance that the plaintext or decryption information
                being sought has to a law enforcement, foreign
                counterintelligence, or international terrorism
                investigation then being conducted pursuant to lawful
                authorities; and
            ``(B) if the court finds, in writing, that the plaintext or
        decryption information being sought is relevant to an ongoing
        lawful law enforcement, foreign counterintelligence, or
        international terrorism investigation and the investigative or
        law enforcement officer is entitled to such plaintext or
        decryption information.
    ``(2) The order issued by the court under this section shall be
placed under seal, except that a copy may be made available to the
investigative or law enforcement officer authorized to obtain access to
the plaintext of the encrypted information, or authorized to obtain the
decryption information sought in the application. Such order shall,
subject to the notification procedures set forth in section 2804, also
be made available to the person responsible for providing the plaintext
or the decryption information, pursuant to such order, to the
investigative or law enforcement officer.
    ``(3) Disclosure of an application made, or order issued, under
this section, is not authorized, except as may otherwise be
specifically permitted by this section or another order of the court.
    ``(b) Record of Access Required.--(1) There shall be created an
electronic record, or similar type record, of each instance in which an
investigative or law enforcement officer, pursuant to an order under
this section, gains access to the plaintext of otherwise encrypted
information, or is provided decryption information, without the
knowledge or consent of the owner of the data, including
communications, who is the user of the encryption product involved.
    ``(2) The court issuing the order under this section may require
that the electronic or similar type of record described in paragraph
(1) is maintained in a place and a manner that is not within the
custody or control of an investigative or law enforcement officer
gaining the access or provided the decryption information. The record
shall be tendered to the court, upon notice from the court.
    ``(3) The court receiving such electronic or similar type of record
described in paragraph (1) shall make the original and a certified copy
of the record available to the attorney for the Government making
application under this section, and to the attorney for, or directly
to, the owner of the data, including communications, who is the user of
the encryption product, pursuant to the notification procedures set
forth in section 2804.
    ``(c) Authority To Intercept Communications Not Increased.--Nothing
in this chapter shall be construed to enlarge or modify the
circumstances or procedures under which a Government entity is entitled
to intercept or obtain oral, wire, or electronic communications or
information.
    ``(d) Construction.--This chapter shall be strictly construed to
apply only to a Government entity's ability to decrypt data, including
communications, for which it has previously obtained lawful authority
to intercept or obtain pursuant to other lawful authorities, which
without an order issued under this section would otherwise remain
encrypted.
``Sec. 2804. Notification procedures
    ``(a) In General.--Within a reasonable time, but not later than 90
days after the filing of an application for an order under section 2803
which is granted, the court shall cause to be served, on the persons
named in the order or the application, and such other parties whose
decryption information or whose plaintext has been provided to an
investigative or law enforcement officer pursuant to this chapter, as
the court may determine is in the interest of justice, an inventory
which shall include notice of--
            ``(1) the fact of the entry of the order or the
        application;
            ``(2) the date of the entry of the application and issuance
        of the order; and
            ``(3) the fact that the person's decryption information or
        plaintext data, including communications, has been provided or
        accessed by an investigative or law enforcement officer.
The court, upon the filing of a motion, may make available to that
person or that person's counsel, for inspection, such portions of the
plaintext, applications, and orders as the court determines to be in
the interest of justice.
    ``(b) Postponement of Inventory for Good Cause.--(1) On an ex parte
showing of good cause by an attorney for the Government to a court of
competent jurisdiction, the serving of the inventory required by
subsection (a) may be postponed for an additional 30 days after the
granting of an order pursuant to the ex parte motion.
    ``(2) No more than 3 ex parte motions pursuant to paragraph (1) are
authorized.
    ``(c) Admission Into Evidence.--The content of any encrypted
information that has been obtained pursuant to this chapter or evidence
derived therefrom shall not be received in evidence or otherwise
disclosed in any trial, hearing, or other proceeding in a Federal or
State court, other than the court organized pursuant to the Foreign
Intelligence Surveillance Act of 1978, unless each party, not less than
10 days before the trial, hearing, or proceeding, has been furnished
with a copy of the order, and accompanying application, under which the
decryption or access to plaintext was authorized or approved. This 10-
day period may be waived by the court if the court finds that it was
not possible to furnish the party with the information described in the
preceding sentence within 10 days before the trial, hearing, or
proceeding and that the party will not be prejudiced by the delay in
receiving such information.
    ``(d) Construction.--The provisions of this chapter shall be
construed consistent with--
            ``(1) the Classified Information Procedures Act (18 U.S.C.
        App.); and
            ``(2) the Foreign Intelligence Surveillance Act of 1978 (50
        U.S.C. 1801 et seq.).
    ``(e) Contempt.--Any violation of the provisions of this section
may be punished by the court as a contempt thereof.
    ``(f) Motion To Suppress.--Any aggrieved person in any trial,
hearing, or proceeding in or before any court, department, officer,
agency, regulatory body, or other authority of the United States or a
State, other than the court organized pursuant to the Foreign
Intelligence Surveillance Act of 1978, may move to suppress the
contents of any decrypted data, including communications, obtained
pursuant to this chapter, or evidence derived therefrom, on the grounds
that --
            ``(1) the plaintext was decrypted or accessed in violation
        of this chapter;
            ``(2) the order of authorization or approval under which it
        was decrypted or accessed is insufficient on its face; or
            ``(3) the decryption was not made in conformity with the
        order of authorization or approval.
Such motion shall be made before the trial, hearing, or proceeding
unless there was no opportunity to make such motion, or the person was
not aware of the grounds of the motion. If the motion is granted, the
plaintext of the decrypted data, including communications, or evidence
derived therefrom, shall be treated as having been obtained in
violation of this chapter. The court, upon the filing of such motion by
the aggrieved person, may make available to the aggrieved person or
that person's counsel for inspection such portions of the decrypted
plaintext, or evidence derived therefrom, as the court determines to be
in the interests of justice.
    ``(g) Appeal by United States.--In addition to any other right to
appeal, the United States shall have the right to appeal from an order
granting a motion to suppress made under subsection (f), or the denial
of an application for an order under section 2803, if the attorney for
the Government certifies to the court or other official granting such
motion or denying such application that the appeal is not taken for
purposes of delay. Such appeal shall be taken within 30 days after the
date the order was entered on the docket and shall be diligently
prosecuted.
    ``(h) Civil Action for Violation.--Except as otherwise provided in
this chapter, any person described in subsection (i) may, in a civil
action, recover from the United States Government the actual damages
suffered by the person as a result of a violation described in that
subsection, reasonable attorney's fees, and other litigation costs
reasonably incurred in prosecuting such claim.
    ``(i) Covered Persons.--Subsection (h) applies to any person whose
decryption information--
            ``(1) is knowingly obtained without lawful authority by an
        investigative or law enforcement officer;
            ``(2) is obtained by an investigative or law enforcement
        officer with lawful authority and is knowingly used or
        disclosed by such officer unlawfully; or
            ``(3) is obtained by an investigative or law enforcement
        officer with lawful authority and whose decryption information
        is unlawfully used to disclose the plaintext of the data,
        including communications.
    ``(j) Limitation.--A civil action under subsection (h) shall be
commenced not later than 2 years after the date on which the unlawful
action took place, or 2 years after the date on which the claimant
first discovers the violation, whichever is later.
    ``(k) Exclusive Remedies.--The remedies and sanctions described in
this chapter with respect to the decryption of data, including
communications, are the only judicial remedies and sanctions for
violations of this chapter involving such decryptions, other than
violations based on the deprivation of any rights, privileges, or
immunities secured by the Constitution.
    ``(l) Technical Assistance by Providers.--A provider of encryption
technology or network service that has received an order issued by a
court pursuant to this chapter shall provide to the investigative or
law enforcement officer concerned such technical assistance as is
necessary to execute the order. Such provider may, however, move the
court to modify or quash the order on the ground that its assistance
with respect to the decryption or access to plaintext cannot be
performed in fact, or in a timely or reasonable fashion. The court,
upon notice to the Government, shall decide such motion expeditiously.
    ``(m) Reports to Congress.--In May of each year, the Attorney
General, or an Assistant Attorney General specifically designated by
the Attorney General, shall report in writing to Congress on the number
of applications made and orders entered authorizing Federal, State, and
local law enforcement access to decryption information for the purposes
of reading the plaintext of otherwise encrypted data, including
communications, pursuant to this chapter. Such reports shall be
submitted to the Committees on the Judiciary of the House of
Representatives and of the Senate, and to the Permanent Select
Committee on Intelligence for the House of Representatives and the
Select Committee on Intelligence for the Senate.
``Sec. 2805. Lawful use of plaintext or decryption information
    ``(a) Authorized Use of Decryption Information.--
            ``(1) Criminal investigations.--An investigative or law
        enforcement officer to whom plaintext or decryption information
        is provided may only use such plaintext or decryption
        information for the purposes of conducting a lawful criminal
        investigation, foreign counterintelligence, or international
        terrorism investigation, and for the purposes of preparing for
        and prosecuting any criminal violation of law.
            ``(2) Civil redress.--Any plaintext or decryption
        information provided under this chapter to an investigative or
        law enforcement officer may not be disclosed, except by court
        order, to any other person for use in a civil proceeding that
        is unrelated to a criminal investigation and prosecution for
        which the plaintext or decryption information is authorized
        under paragraph (1). Such order shall only issue upon a showing
        by the party seeking disclosure that there is no alternative
        means of obtaining the plaintext, or decryption information,
        being sought and the court also finds that the interests of
        justice would not be served by nondisclosure.
    ``(b) Limitation.--An investigative or law enforcement officer may
not use decryption information obtained under this chapter to determine
the plaintext of any data, including communications, unless it has
obtained lawful authority to obtain such data, including
communications, under other lawful authorities.
    ``(c) Return of Decryption Information.--An attorney for the
Government shall, upon the issuance of an order of a court of competent
jurisdiction--
            ``(1)(A) return any decryption information to the person
        responsible for providing it to an investigative or law
        enforcement officer pursuant to this chapter; or
            ``(B) destroy such decryption information, if the court
        finds that the interests of justice or public safety require
        that such decryption information should not be returned to the
        provider; and
            ``(2) within 10 days after execution of the court's order
        to return or destroy the decryption information--
                    ``(A) certify to the court that the decryption
                information has either been returned or destroyed
                consistent with the court's order; and
                    ``(B) if applicable, notify the provider of the
                decryption information of the destruction of such
                information.
    ``(d) Other Disclosure of Decryption Information.--Except as
otherwise provided in section 2803, decryption information or the
plaintext of otherwise encrypted data, including communications, shall
not be disclosed by any person unless the disclosure is--
            ``(1) to the person encrypting the data, including
        communications, or an authorized agent thereof;
            ``(2) with the consent of the person encrypting the data,
        including pursuant to a contract entered into with the person;
            ``(3) pursuant to a court order upon a showing of
        compelling need for the information that cannot be accommodated
        by any other means if--
                    ``(A) the person who supplied the information is
                given reasonable notice, by the person seeking the
                disclosure, of the court proceeding relevant to the
                issuance of the court order; and
                    ``(B) the person who supplied the information is
                afforded the opportunity to appear in the court
                proceeding and contest the claim of the person seeking
                the disclosure;
            ``(4) pursuant to a determination by a court of competent
        jurisdiction that another person is lawfully entitled to hold
        such decryption information, including determinations arising
        from legal proceedings associated with the incapacity, death,
        or dissolution of any person; or
            ``(5) otherwise permitted by law.
``Sec. 2806. Identification of decryption information
    ``(a) Identification.--To avoid inadvertent disclosure of
decryption information, any person who provides decryption information
to an investigative or law enforcement officer pursuant to this chapter
shall specifically identify that part of the material that discloses
decryption information as such.
    ``(b) Responsibility of Investigative or Law Enforcement Officer.--
The investigative or law enforcement officer receiving any decryption
information under this chapter shall maintain such information in a
facility and in a method so as to reasonably assure that inadvertent
disclosure does not occur.
``Sec. 2807. Definitions
    ``The definitions set forth in section 101 of the Encryption for
the National Interest Act shall apply to this chapter.''.
    (b) Conforming Amendment.--The table of chapters for part I of
title 18, United States Code, is amended by inserting after the item
relating to chapter 121 the following new item:

``125. Encrypted data, including communications.............    2801''.

                    TITLE II--GOVERNMENT PROCUREMENT

SEC. 201. FEDERAL PURCHASES OF ENCRYPTION PRODUCTS.

    (a) Decryption Capabilities.--The President may, consistent with
the provisions of subsection (b), direct that any encryption product or
service purchased or otherwise procured by the United States Government
to provide the security service of data confidentiality for a computer
system owned and operated by the United States Government shall include
recoverability features or functions that enable the timely decryption
of encrypted data, including communications, or timely access to
plaintext by an authorized party without the knowledge or cooperation
of the person using such encryption products or services.
    (b) Consistency With Intelligence Services and Military
Operations.--The President shall ensure that all encryption products
purchased or used by the United States Government are supportive of,
and consistent with, all statutory obligations to protect sources and
methods of intelligence collection and activities, and supportive of,
and consistent with, those needs required for military operations and
the conduct of foreign policy.

SEC. 202. NETWORKS ESTABLISHED WITH FEDERAL FUNDS.

    The President may direct that any communications network
established for the purpose of conducting the business of the Federal
Government shall use encryption products that--
            (1) include features and functions that enable the timely
        decryption of encrypted data, including communications, or
        timely access to plaintext, by an authorized party without the
        knowledge or cooperation of the person using such encryption
        products or services; and
            (2) are supportive of, and consistent with, all statutory
        obligations to protect sources and methods of intelligence
        collection and activities, and supportive of, and consistent
        with, those needs required for military operations and the
        conduct of foreign policy.

SEC. 203. GOVERNMENT CONTRACT AUTHORITY.

    The President may require as a condition of any contract by the
Government with a private sector vendor that any encryption product
used by the vendor in carrying out the provisions of the contract with
the Government include features and functions that enable the timely
decryption of encrypted data, including communications, or timely
access to plaintext, by an authorized party without the knowledge or
cooperation of the person using such encryption products or services.

SEC. 204. PRODUCT LABELS.

    An encryption product may be labeled to inform Government users
that the product is authorized for sale to or for use by Government
agencies or Government contractors in transactions and communications
with the United States Government under this title.

SEC. 205. NO PRIVATE MANDATE.

    The United States Government may not require the use of encryption
standards for the private sector except as otherwise authorized by
section 204.

SEC. 206. EXCLUSION.

    Nothing in this title shall apply to encryption products and
services used solely for access control, authentication, integrity,
nonrepudiation, digital signatures, or other similar purposes.

                    TITLE III--EXPORTS OF ENCRYPTION

SEC. 301. EXPORTS OF ENCRYPTION.

    (a) Authority To Control Exports.--The President shall control the
export of all dual-use encryption products.
    (b) Authority To Deny Export for National Security Reasons.--
Notwithstanding any provision of this title, the President may deny the
export of any encryption product on the basis that its export is
contrary to the national security.
    (c) Decisions Not Subject to Judicial Review.--Any decision made by
the President or his designee with respect to the export of encryption
products under this title shall not be subject to judicial review.

SEC. 302. LICENSE EXCEPTION FOR CERTAIN ENCRYPTION PRODUCTS.

    (a) License Exception.--Upon the enactment of this Act, any
encryption product with an encryption strength of 64 bits or less shall
be eligible for export under a license exception if--
            (1) such encryption product is submitted for a 1-time
        technical review;
            (2) such encryption product does not require licensing
        under otherwise applicable regulations;
            (3) such encryption product is not intended for a country,
        end user, or end use that is by regulation ineligible to
        receive such product, and the encryption product is otherwise
        qualified for export;
            (4) the exporter, within 180 days after the export of the
        product, submits a certification identifying--
                    (A) the intended end use of the product; and
                    (B) the name and address of the intended recipient
                of the product, where available;
            (5) the exporter, within 180 days of the export of the
        product, provides the names and addresses of its distribution
        chain partners; and
            (6) the exporter, at the time of submission of the product
        for technical review, provides proof that its distribution
        chain partners have contractually agreed to abide by all laws
        and regulations of the United States concerning the export and
        reexport of encryption products designed or manufactured within
        the United States.
    (b) One-Time Technical Review.--(1) The technical review referred
to in subsection (a) shall be completed within no longer than 45 days
after the submission of all of the information required under paragraph
(2).
    (2) The President shall specify the information that must be
submitted for the 1-time technical review referred to in this section.
    (3) An encryption product may not be exported during the technical
review of that product under this section.
    (c) Periodic Review of License Exception Eligibility Level.--(1)
Not later than 180 days after the date of the enactment of this Act,
the President shall notify the Congress of the maximum level of
encryption strength, which may not be lower than 64-bit, that may be
exported from the United States under license exception pursuant to
this section consistent with the national security.
    (2) The President shall, at the end of each successive 180-day
period after the notice provided to the Congress under paragraph (1),
notify the Congress of the maximum level of encryption strength, which
may not be lower than that in effect under this section during that
180-day period, that may be exported from the United States under a
license exception pursuant to this section consistent with the national
security.
    (d) Factors Not To Be Considered.--A license exception for the
exports of an encryption product under this section may be allowed
whether or not the product contains a method of decrypting encrypted
data.

SEC. 303. DISCRETIONARY AUTHORITY.

    Notwithstanding the requirements of section 305, the President may
permit the export, under a license exception pursuant to the conditions
of section 302, of encryption products with an encryption strength
exceeding the maximum level eligible for a license exception under
section 302, if the export is consistent with the national security.

SEC. 304. EXPEDITED REVIEW AUTHORITY.

    The President shall establish procedures for the expedited review
of commodity classification requests, or export license applications,
involving encryption products that are specifically approved, by
regulation, for export.

SEC. 305. ENCRYPTION LICENSES REQUIRED.

    (a) United States Products Exceeding Certain Bit Length.--Except as
permitted under section 303, in the case of all encryption products
with an encryption strength exceeding the maximum level eligible for a
license exception under section 302, which are designed or manufactured
within the United States, the President may grant a license for export
of such encryption products, under the following conditions:
            (1) There shall not be any requirement, as a basis for an
        export license, that a product contains a method of--
                    (A) gaining timely access to plaintext; or
                    (B) gaining timely access to decryption
                information.
            (2) The export license applicant shall submit--
                    (A) the product for technical review;
                    (B) a certification, under oath, identifying--
                            (i) the intended end use of the product;
                        and
                            (ii) the expected end user or class of end
                        users of the product;
                    (C) proof that its distribution chain partners have
                contractually agreed to abide by all laws and
                regulations of the United States concerning the export
                and reexport of encryption products designed or
                manufactured within the United States; and
                    (D) the names and addresses of its distribution
                chain partners.
    (b) Technical Review for License Applicants.--(1) The technical
review described in subsection (a)(3)(A) shall be completed within 45
days after the submission of all the information required under
paragraph (2).
    (2) The information to be submitted for the technical review shall
be the same as that required to be submitted pursuant to section
302(b)(2).
    (3) An encryption product may not be exported during the technical
review of that product under this section.
    (c) Post-Export Reporting.--
            (1) Unauthorized use.--All exporters of encryption products
        that are designed or manufactured within the United States
        shall submit a report to the Secretary at any time the exporter
        has reason to believe any such exported product is being
        diverted to a use or a user not approved at the time of export.
            (2) Pirating.--All exporters of encryption products that
        are designed or manufactured within the United States shall
        report any pirating of their technology or intellectual
        property to the Secretary as soon as practicable after
        discovery.
            (3) Distribution chain partners.--All exporters of
        encryption products that are designed or manufactured within
        the United States, and all distribution chain partners of such
        exporters, shall submit to the Secretary a report which shall
        specify--
                    (A) the particular product sold;
                    (B) the name and address of--
                            (i) the ultimate end user of the product,
                        if known; or
                            (ii) the name and address of the next
                        purchaser in the distribution chain; and
                    (C) the intended use of the product sold.
    (d) Exercise of Other Authorities.--The Secretary, the Secretary of
Defense, and the Secretary of State may exercise the authorities they
have under other provisions of law, including the Export Administration
Act of 1979, as continued in effect under the International Emergency
Economic Powers Act, to carry out this title.
    (e) Waiver Authority.--
            (1) In general.--The President may by Executive order waive
        any provision of this title, or the applicability of any such
        provision to a person or entity, if the President determines
        that the waiver is necessary to advance the national security.
        The President shall, not later than 15 days after making such
        determination, submit a report to the committees referred to in
        paragraph (2) that includes the factual basis upon which such
        determination was made. The report may be in classified format.
            (2) Committees.--The committees referred to in paragraph
        (1) are the Committee on International Relations, the Committee
        on Armed Services, and the Permanent Select Committee on
        Intelligence of the House of Representatives, and the Committee
        on Foreign Relations, the Committee on Armed Services, and the
        Select Committee on Intelligence of the Senate.
            (3) Decisions not subject to judicial review.--Any
        determination made by the President under this subsection shall
        not be subject to judicial review.

SEC. 306. ENCRYPTION INDUSTRY AND INFORMATION SECURITY BOARD.

    (a) Encryption Industry and Information Security Board
Established.--There is hereby established an Encryption Industry and
Information Security Board. The Board shall undertake an advisory role
for the President.
    (b) Purposes.--The purposes of the Board are--
            (1) to provide a forum to foster communication and
        coordination between industry and the Federal Government on
        matters relating to the use of encryption products;
            (2) to enable the United States to effectively and
        continually understand the benefits and risks to its national
        security, law enforcement, and public safety interests by
        virtue of the proliferation of strong encryption on the global
        market;
            (3) to evaluate and make recommendations regarding the
        further development and use of encryption;
            (4) to advance the development of international standards
        regarding interoperability and global use of encryption
        products;
            (5) to promote the export of encryption products
        manufactured in the United States;
            (6) to recommend policies enhancing the security of public
        networks;
            (7) to encourage research and development of products that
        will foster electronic commerce;
            (8) to promote the protection of intellectual property and
        privacy rights of individuals using public networks; and
            (9) to evaluate the availability and market share of
        foreign encryption products and their threat to United States
        industry.
    (c) Membership.--(1) The Board shall be composed of 12 members, as
follows:
            (A) The Secretary, or the Secretary's designee.
            (B) The Attorney General, or his or her designee.
            (C) The Secretary of Defense, or the Secretary's designee.
            (D) The Director of Central Intelligence, or his or her
        designee.
            (E) The Director of the Federal Bureau of Investigation, or
        his or her designee.
            (F) The Special Assistant to the President for National
        Security Affairs, or his or her designee, who shall chair the
        Board.
            (G) Six representatives from the private sector who have
        expertise in the development, operation, marketing, law, or
        public policy relating to information security or technology.
        Members under this subparagraph shall each serve for 5-year
        terms.
    (2) The six private sector representatives described in paragraph
(1)(G) shall be appointed as follows:
                    (A) Two by the Speaker of the House of
                Representatives.
                    (B) One by the Minority Leader of the House of
                Representatives.
                    (C) Two by the Majority Leader of the Senate.
                    (D) One by the Minority Leader of the Senate.
    (e) Meetings.--The Board shall meet at such times and in such
places as the Secretary may prescribe, but not less frequently than
every four months. The Federal Advisory Committee Act (5 U.S.C. App.)
does not apply to the Board or to meetings held by the Board under this
section.
    (f) Findings and Recommendations.--The chair of the Board shall
convey the findings and recommendations of the Board to the President
and to the Congress within 30 days after each meeting of the Board. The
recommendations of the Board are not binding upon the President.
    (g) Limitation.--The Board shall have no authority to review any
export determination made pursuant to this title.
    (h) Foreign Availability.--The consideration of foreign
availability by the Board shall include computer software that is
distributed over the Internet or advertised for sale, license, or
transfer, including over-the-counter retail sales, mail order
transactions, telephone order transactions, electronic distribution, or
sale on approval and its comparability with United States products and
its use in United States and foreign markets.
    (i) Termination.--This section shall cease to be effective 10 years
after the date of the enactment of this Act.

                    TITLE IV--LIABILITY LIMITATIONS

SEC. 401. COMPLIANCE WITH COURT ORDER.

    (a) No Liability for Compliance.--Subject to subsection (b), no
civil or criminal liability under this Act, or under any other
provision of law, shall attach to any person for disclosing or
providing--
            (1) the plaintext of encrypted data, including
        communications;
            (2) the decryption information of such encrypted data,
        including communications; or
            (3) technical assistance for access to the plaintext of, or
        decryption information for, encrypted data, including
        communications.
    (b) Exception.--Subsection (a) shall not apply to a person who
provides plaintext or decryption information to another in violation of
the provisions of this Act.

SEC. 402. COMPLIANCE DEFENSE.

    Compliance with the provisions of sections 2803, 2804, 2805, or
2806 of title 18, United States Code, as added by section 103(a) of
this Act, or any regulations authorized by this Act, shall provide a
complete defense for any civil action for damages based upon activities
covered by this Act, other than an action founded on contract.

SEC. 403. GOOD FAITH DEFENSE.

    An objectively reasonable reliance on the legal authority provided
by this Act and the amendments made by this Act, authorizing access to
the plaintext of otherwise encrypted data, including communications, or
to decryption information that will allow the timely decryption of
data, including communications, that is otherwise encrypted, shall be
an affirmative defense to any criminal or civil action that may be
brought under the laws of the United States or any State.

                   TITLE V--INTERNATIONAL AGREEMENTS

SEC. 501. SENSE OF CONGRESS.

    It is the sense of Congress that--
            (1) the President should conduct negotiations with foreign
        governments for the purposes of establishing binding export
        control requirements on strong nonrecoverable encryption
        products; and
            (2) such agreements should safeguard the privacy of the
        citizens of the United States, prevent economic espionage, and
        enhance the information security needs of the United States.

SEC. 502. FAILURE TO NEGOTIATE.

    The President may consider a government's refusal to negotiate
agreements described in section 501 when considering the participation
of the United States in any cooperation or assistance program with that
country.

SEC. 503. REPORT TO CONGRESS.

    (a) Report to Congress.--The President shall report annually to the
Congress on the status of the international effort outlined by section
501.
    (b) First Report.--The first report required under subsection (a)
shall be submitted in unclassified form no later than September 1,
2000.

                   TITLE VI--MISCELLANEOUS PROVISIONS

SEC. 601. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

    (a) Collection of Information by Attorney General.--The Attorney
General shall compile, and maintain in classified form, data on--
            (1) the instances in which encryption has interfered with,
        impeded, or obstructed the ability of the Department of Justice
        to enforce the laws of the United States; and
            (2) the instances where the Department of Justice has been
        successful in overcoming any encryption encountered in an
        investigation.
    (b) Availability of Information to the Congress.--The information
compiled under subsection (a), including an unclassified summary
thereof, shall be submitted to Congress annually beginning October 1,
2000.

SEC. 602. INTERPRETATION.

    Nothing contained in this Act or the amendments made by this Act
shall be deemed to--
            (1) preempt or otherwise affect the application of the Arms
        Export Control Act (22 U.S.C. 2751 et seq.), the Export
        Administration Act of 1979 (50 U.S.C. App. 2401 et seq.), or
        the International Emergency Economic Powers Act (50 U.S.C. 1701
        et seq.) or any regulations promulgated thereunder;
            (2) affect foreign intelligence activities of the United
        States; or
            (3) negate or diminish any intellectual property
        protections under the laws of the United States or of any
        State.

SEC. 603. FBI TECHNICAL SUPPORT.

    There are authorized to be appropriated for the Technical Support
Center in the Federal Bureau of Investigation, established pursuant to
section 811(a)(1) of the Antiterrorism and Effective Death Penalty Act
of 1996 (Public Law 104-132)--
            (1) $25,000,000 for fiscal year 2000 for building and
        personnel costs;
            (2) $20,000,000 for fiscal year 2001 for personnel and
        equipment costs;
            (3) $15,000,000 for fiscal year 2002; and
            (4) $15,000,000 for fiscal year 2003.

SEC. 604. SEVERABILITY.

    If any provision of this Act or the amendments made by this Act, or
the application thereof, to any person or circumstances is held invalid
by a court of the United States, the remainder of this Act or such
amendments, and the application thereof, to other persons or
circumstances shall not be affected thereby.
            Amend the title so as to read: ``A bill to protect national
        security and public safety through the balanced use of export
        controls on encryption products.''.
