Return to Home PageContact Senator LeahySenator Leahy's Privacy PolicySearch Senator Leahy's Website
Vermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick Leahy
Vermont's US Senator, Patrick LeahyWelcome Audio MessageimageVideo MessageVideo Messageimage
Press Releases & Statements Senator Leahy's Biography Constituent Services Major Issues For Vermonters Senator Leahy's Office


Image


Statement of Senator Leahy

On Release Of Cryptographers’ Report On

“The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption”

May 21, 1997

Last year the National Research Council concluded that aggressive promotion by the U.S. government of global key recovery encryption is not appropriate at this time. This new study by nine world-renowned cryptographers further shows the real-world problems with the government’s proposal. It is even clearer now that the time for global key recovery encryption is still not right, and it may never be right. The U.S. government acts as though it doesn’t understand the issue.

Many of us fully expect that some users -- maybe even many -- will want and voluntarily choose to use key recovery encryption systems for some purposes. For example, no company wants to be left without a key to decode important business information stored in encrypted form on computer discs.

The government apparently already is spending about $8 million on pilot projects to test key recovery systems, and that is just a drop in the bucket. According to the cryptographers’ report, “a global key recovery infrastructure can be expected to be extraordinarily complex and costly.” As Congress examines the Administration’s proposals for key recovery systems, we need to ask the questions about how much their proposals will cost the government, businesses and Internet users who want the strongest but cheapest security possible for their computer communications.

Federal law enforcement officials contend that their objective is simple: easy, surreptitious access to both encrypted communications and encrypted stored data. The experts do not think this is so simple. The cryptographers’ report observes: “We simply do not know how to build a secure key management infrastructure of this size, let alone operate one.” When the experts say they do not know how to do it, we in Congress should think twice before legislating encryption commandments that may be impossible to afford and enforce.


[Sen. Patrick Leahy, D-Vt., is the ranking Democratic member of the Senate Judiciary Committee. He is chief sponsor of the Encrypted Communications Privacy Act (ECPA) and is chief cosponsor of the Promotion of Commerce On-Line in the Digital Era (PRO-CODE) Act, a companion bill sponsored by Sen. Conrad Burns, R-Mont.]

Back
U.S. Postal Address Please select a destination: