[Congressional Bills 105th Congress]
[From the U.S. Government Publishing Office]
[H.R. 695 Reported in House (RH)]





                                                 Union Calendar No. 160

105th CONGRESS

  1st Session

                               H. R. 695

             [Report No. 105-108, Parts I, II, III, IV, V]

_______________________________________________________________________

                                 A BILL

 To amend title 18, United States Code, to affirm the rights of United 
States persons to use and sell encryption and to relax export controls 
                             on encryption.

_______________________________________________________________________

                           September 29, 1997

Reported from the Committee on Commerce with an amendment, committed to 
the Committee of the Whole House on the State of the Union, and ordered 
                             to be printed





                                                 Union Calendar No. 160
105th CONGRESS
  1st Session
                                H. R. 695

             [Report No. 105-108, Parts I, II, III, IV, V]

 To amend title 18, United States Code, to affirm the rights of United 
States persons to use and sell encryption and to relax export controls 
                             on encryption.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           February 12, 1997

 Mr. Goodlatte (for himself, Ms. Lofgren, Mr. DeLay, Mr. Boehner, Mr. 
Coble, Mr. Sensenbrenner, Mr. Bono, Mr. Pease, Mr. Cannon, Mr. Conyers, 
    Mr. Boucher, Mr. Gekas, Mr. Smith of Texas, Mr. Inglis of South 
Carolina, Mr. Bryant, Mr. Chabot, Mr. Barr of Georgia, Ms. Jackson-Lee 
    of Texas, Ms. Waters, Mr. Ackerman, Mr. Baker, Mr. Bartlett of 
  Maryland, Mr. Campbell, Mr. Chambliss, Mr. Cunningham, Mr. Davis of 
Virginia, Mr. Dickey, Mr. Doolittle, Mr. Ehlers, Mr. Engel, Ms. Eshoo, 
  Mr. Everett, Mr. Ewing, Mr. Farr of California, Mr. Gejdenson, Mr. 
Gillmor, Mr. Goode, Ms. Norton, Mr. Horn, Ms. Eddie Bernice Johnson of 
 Texas, Mr. Sam Johnson of Texas, Mr. Kolbe, Mr. McIntosh, Mr. McKeon, 
    Mr. Manzullo, Mr. Matsui, Mr. Mica, Mr. Minge, Mr. Moakley, Mr. 
 Nethercutt, Mr. Packard, Mr. Sessions, Mr. Upton, Mr. White, and Ms. 
   Woolsey) introduced the following bill; which was referred to the 
    Committee on the Judiciary, and in addition to the Committee on 
International Relations, for a period to be subsequently determined by 
the Speaker, in each case for consideration of such provisions as fall 
           within the jurisdiction of the committee concerned

                              May 22, 1997

     Reported from the Committee on the Judiciary with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]
  Referral to the Committee on International Relations extended for a 
               period ending not later than July 11, 1997

                             June 26, 1997

  Referral to the Committee on International Relations extended for a 
               period ending not later than July 25, 1997
  Referred to the Committees on Commerce, National Security, and the 
  Permanent Select Committee on Intelligence for a period ending not 
 later than September 5, 1997, for consideration of such provisions of 
 the bill and amendment reported by the Committee on the Judiciary as 
  fall within the jurisdiction of those committees pursuant to clause 
           1(e) and (k), rule X and rule XLVIII, respectively

                             July 25, 1997

  Reported from the Committee on the International Relations with an 
                               amendment
 [Strike out all after the enacting clause and insert the part printed 
                           in boldface roman]

                             July 30, 1997

Referral to the Permanent Select Committee on Intelligence extended for 
           a period ending not later than September 12, 1997

                             July 31, 1997

 Referral to the Committee on National Security extended for a period 
                ending not later than September 12, 1997

                           September 5, 1997

Referral to the Committee on Commerce extended for a period ending not 
                     later than September 12, 1997

                           September 11, 1997

Referral to the Permanent Select Committee on Intelligence extended for 
           a period ending not later than September 16, 1997
Referral to the Committee on Commerce extended for a period ending not 
                     later than September 26, 1997

                           September 12, 1997

  Reported from the Committee on the National Security with amendments
  [Omit the part struck through in bold brackets and insert the part 
            printed in boldface italic and amend the title]

                           September 16, 1997

 Reported from the Permanent Select Committee on Intelligence with an 
                               amendment
 [Strike out all after the enacting clause and insert the part printed 
               in boldface roman in double bold brackets]

                           September 25, 1997

Referral to the Committee on Commerce extended for a period ending not 
                     later than September 29, 1997

                           September 29, 1997

 Additional sponsors: Mr. Hastings of Washington, Mr. Cook, Mr. Fox of 
Pennsylvania, Mrs. Morella, Mr. Bilbray, Mrs. Myrick, Mr. DeFazio, Mr. 
Watkins, Mr. Franks of New Jersey, Mr. Martinez, Mr. Shays, Mr. Nadler, 
 Mr. Hostettler, Mr. Faleomavaega, Mrs. Linda Smith of Washington, Mr. 
 Paxon, Mr. Weldon of Florida, Mr. Gordon, Mr. Hutchinson, Ms. Rivers, 
   Mr. Snowbarger, Mrs. Tauscher, Mr. Delahunt, Mr. Rohrabacher, Mr. 
Cooksey, Mr. Moran of Virginia, Mr. Gallegly, Mr. Camp, Mr. Wexler, Mr. 
 Weller, Mr. Sherman, Mr. Dreier, Mr. Calvert, Mr. Capps, Mr. Linder, 
  Mr. McInnis, Mr. Graham, Mr. Thomas, Ms. McKinney, Ms. McCarthy of 
  Missouri, Mr. Frank of Massachusetts, Mr. Sisisky, Mr. Forbes, Mr. 
Blunt, Mr. Istook, Mr. Pickering, Mr. Dooley of California, Mr. Latham, 
 Mr. Cox of California, Mr. Roemer, Mr. Fazio of California, Mr. Adam 
Smith of Washington, Mr. Kind, Mr. Ballenger, Mr. Ney, Mr. Salmon, Mr. 
  Houghton, Mr. McHugh, Ms. Furse, Mr. Hastings of Florida, Mr. Diaz-
Balart, Mr. King, Ms. Slaughter, Mr. Frost, Mr. Burton of Indiana, Ms. 
 Dunn, Ms. Christian-Green, Mr. English of Pennsylvania, Mr. Lampson, 
 Mr. Brady, Mr. Smith of New Jersey, Mrs. Chenoweth, Mr. Coburn, Mrs. 
Cubin, Mr. Bob Schaffer of Colorado, Mr. Barton of Texas, Mr. Largent, 
   Mr. Clement, Mr. Hilliard, Mr. Luther, Mr. Crapo, Mr. Rogan, Mr. 
 Andrews, Mr. Bonilla, Ms. Ros-Lehtinen, Mr. Gutknecht, Mr. Hayworth, 
Mr. Sununu, Mr. Scarborough, Mr. Neumann, Mr. Sanford, Mr. Norwood, Ms. 
   Pryce of Ohio, Mr. Lewis of Kentucky, Mr. Kasich, Mr. Archer, Mr. 
   Hansen, Mr. Herger, Mr. Riley, Mr. Hill, Mr. Tauzin, Mr. Moran of 
 Kansas, Mr. Burr of North Carolina, Mr. Blumenauer, Mr. Pomeroy, Mr. 
    Riggs, Mr. Kingston, Mr. Miller of California, Mr. Duncan, Mr. 
       Whitfield, Mr. Smith of Oregon, Mr. Quinn, Mr. Kennedy of 
    Massachusetts, Mrs. Kelly, Mr. Metcalf, Mr. Markey, Mr. Neal of 
 Massachusetts, Mrs. Emerson, Mr. Christensen, Mr. Watts of Oklahoma, 
  Mr. Souder, Mr. Pombo, Mr. Stenholm, Mr. Tiahrt, Mr. McGovern, Mr. 
  Parker, Mr. Wicker, Mr. Barrett of Nebraska, Mr. Gephardt, Mr. Kim, 
   Mrs. Johnson of Connecticut, Mr. Lucas of Oklahoma, Mr. Brown of 
  California, Mr. Knollenberg, Mr. Talent, Mr. Tieney, Mr. Klug, Mr. 
  Jenkins, Mr. Condit, Mr. Hall of Texas, Mr. Bachus, Mr. Crane, Mr. 
 Wamp, Mr. Castle, Mr. LaHood, Mr. Goodling, Mr. Shimkus, Mr. Serrano, 
   Mr. Holden, Mr. Hobson, Mr. Rahall, Mr. Thompson, Mr. Thune, Mr. 
   Clyburn, Mr. Hilleary, Mr. Deal of Georgia, Mr. Collins, Mr. Dan 
 Schaefer of Colorado, Mr. Hall of Ohio, Mr. Livingston, Mr. Hoekstra, 
  Mr. Wise, Mr. Filner, Mr. McDermott, Ms. Sanchez, Mrs. Thurman, Mr. 
 Tanner, Mr. Pastor, Ms. Kaptur, Mr. Lewis of Georgia, Mr. Jackson of 
  Illinois, Ms. Millender-McDonald, Mr. Cummings, Mr. Jefferson, Mr. 
 Ford, Mr. Barrett of Wisconsin, Mr. Fattah, Mr. Barcia, Ms. Hooley of 
    Oregon, Mrs. Northup, Mr. Vento, Mr. Bonior, Mrs. Clayton, Mrs. 
 Kennelly of Connecticut, Mr. Pallone, Mr. Olver, Ms. Kilpatrick, Ms. 
     DeLauro, Mrs. Meek of Florida, Ms. Stabenow, Mr. Stearns, Mr. 
 Radanovich, Mr. Taylor of North Carolina, Mr. Walsh, Mr. Nussle, Mr. 
                    Davis of Illinois, and Mr. Rush
 Deleted sponsors: Mr. Everett (added February 12, 1997; deleted July 
30, 1997), Ms. Eddie Bernice Johnson of Texas (added February 12, 1997; 
deleted May 13, 1997), Mr. Solomon (added March 13, 1997; deleted April 
 29, 1997), Mr. Rothman (added April 10, 1997; deleted July 24, 1997), 
Mr. Jones (added June 23, 1997; deleted September 8, 1997), Mr. Bunning 
(added July 9, 1997; deleted July 30, 1997), Mr. Thornberry (added July 
 24, 1997; deleted September 4, 1997), and Mr. Hefley (added July 29, 
                      1997; deleted July 30, 1997)

                           September 29, 1997

Reported from the Committee on Commerce with an amendment, committed to 
the Committee of the Whole House on the State of the Union, and ordered 
                             to be printed
 [Strike out all after the enacting clause and insert the part printed 
                in boldface italic in bold parentheses]

_______________________________________________________________________

                                 A BILL


 
 To amend title 18, United States Code, to affirm the rights of United 
States persons to use and sell encryption and to relax export controls 
                             on encryption.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Security and Freedom 
Through Encryption (SAFE) Act''.</DELETED>

<DELETED>SEC. 2. SALE AND USE OF ENCRYPTION.</DELETED>

<DELETED>    (a) In General.--Part I of title 18, United States Code, 
is amended by inserting after chapter 121 the following new 
chapter:</DELETED>

         <DELETED>``CHAPTER 122--ENCRYPTED WIRE AND ELECTRONIC 
                         INFORMATION</DELETED>

<DELETED>``2801. Definitions.
<DELETED>``2802. Freedom to use encryption.
<DELETED>``2803. Freedom to sell encryption.
<DELETED>``2804. Prohibition on mandatory key escrow.
<DELETED>``2805. Unlawful use of encryption in furtherance of a 
                            criminal act.
<DELETED>``Sec. 2801. Definitions</DELETED>
<DELETED>    ``As used in this chapter--</DELETED>
        <DELETED>    ``(1) the terms `person', `State', `wire 
        communication', `electronic communication', `investigative or 
        law enforcement officer', `judge of competent jurisdiction', 
        and `electronic storage' have the meanings given those terms in 
        section 2510 of this title;</DELETED>
        <DELETED>    ``(2) the terms `encrypt' and `encryption' refer 
        to the scrambling of wire or electronic information using 
        mathematical formulas or algorithms in order to preserve the 
        confidentiality, integrity, or authenticity of, and prevent 
        unauthorized recipients from accessing or altering, such 
        information;</DELETED>
        <DELETED>    ``(3) the term `key' means the variable 
        information used in a mathematical formula, code, or algorithm, 
        or any component thereof, used to decrypt wire or electronic 
        information that has been encrypted; and</DELETED>
        <DELETED>    ``(4) the term `United States person' means--
        </DELETED>
                <DELETED>    ``(A) any United States citizen;</DELETED>
                <DELETED>    ``(B) any other person organized under the 
                laws of any State, the District of Columbia, or any 
                commonwealth, territory, or possession of the United 
                States; and</DELETED>
                <DELETED>    ``(C) any person organized under the laws 
                of any foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).</DELETED>
<DELETED>``Sec. 2802. Freedom to use encryption</DELETED>
<DELETED>    ``Subject to section 2805, it shall be lawful for any 
person within any State, and for any United States person in a foreign 
country, to use any encryption, regardless of the encryption algorithm 
selected, encryption key length chosen, or implementation technique or 
medium used.</DELETED>
<DELETED>``Sec. 2803. Freedom to sell encryption</DELETED>
<DELETED>    ``Subject to section 2805, it shall be lawful for any 
person within any State to sell in interstate commerce any encryption, 
regardless of the encryption algorithm selected, encryption key length 
chosen, or implementation technique or medium used.</DELETED>
<DELETED>``Sec. 2804. Prohibition on mandatory key escrow</DELETED>
<DELETED>    ``(a) Prohibition.--No person in lawful possession of a 
key to encrypted information may be required by Federal or State law to 
relinquish to another person control of that key.</DELETED>
<DELETED>    ``(b) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or 
law enforcement officer, acting under any law in effect on the 
effective date of this chapter, to gain access to encrypted 
information.</DELETED>
<DELETED>``Sec. 2805. Unlawful use of encryption in furtherance of a 
              criminal act</DELETED>
<DELETED>    ``Any person who willfully uses encryption in furtherance 
of the commission of a criminal offense for which the person may be 
prosecuted in a court of competent jurisdiction--</DELETED>
        <DELETED>    ``(1) in the case of a first offense under this 
        section, shall be imprisoned for not more than 5 years, or 
        fined in the amount set forth in this title, or both; 
        and</DELETED>
        <DELETED>    ``(2) in the case of a second or subsequent 
        offense under this section, shall be imprisoned for not more 
        than 10 years, or fined in the amount set forth in this title, 
        or both.''.</DELETED>
<DELETED>    (b) Conforming Amendment.--The table of chapters for part 
I of title 18, United States Code, is amended by inserting after the 
item relating to chapter 33 the following new item:</DELETED>

<DELETED>``122. Encrypted wire and electronic information...    2801''.

<DELETED>[SEC. 3. EXPORTS OF ENCRYPTION.</DELETED>

<DELETED>    [(a) Amendment to Export Administration Act of 1979.--
Section 17 of the Export Administration Act of 1979 (50 U.S.C. App. 
2416) is amended by adding at the end thereof the following new 
subsection:</DELETED>
<DELETED>    [``(g) Computers and Related Equipment.--</DELETED>
        <DELETED>    [``(1) General rule.--Subject to paragraphs (2), 
        (3), and (4), the Secretary shall have exclusive authority to 
        control exports of all computer hardware, software, and 
        technology for information security (including encryption), 
        except that which is specifically designed or modified for 
        military use, including command, control, and intelligence 
        applications.</DELETED>
        <DELETED>    [``(2) Items not requiring licenses.--No validated 
        license may be required, except pursuant to the Trading With 
        The Enemy Act or the International Emergency Economic Powers 
        Act (but only to the extent that the authority of such Act is 
        not exercised to extend controls imposed under this Act), for 
        the export or reexport of--</DELETED>
                <DELETED>    [``(A) any software, including software 
                with encryption capabilities--</DELETED>
                        <DELETED>    [``(i) that is generally 
                        available, as is, and is designed for 
                        installation by the purchaser; or</DELETED>
                        <DELETED>    [``(ii) that is in the public 
                        domain for which copyright or other protection 
                        is not available under title 17, United States 
                        Code, or that is available to the public 
                        because it is generally accessible to the 
                        interested public in any form; or</DELETED>
                <DELETED>    [``(B) any computing device solely because 
                it incorporates or employs in any form software 
                (including software with encryption capabilities) 
                exempted from any requirement for a validated license 
                under subparagraph (A).</DELETED>
        <DELETED>    [``(3) Software with encryption capabilities.--The 
        Secretary shall authorize the export or reexport of software 
        with encryption capabilities for nonmilitary end uses in any 
        country to which exports of software of similar capability are 
        permitted for use by financial institutions not controlled in 
        fact by United States persons, unless there is substantial 
        evidence that such software will be--</DELETED>
                <DELETED>    [``(A) diverted to a military end use or 
                an end use supporting international 
                terrorism;</DELETED>
                <DELETED>    [``(B) modified for military or terrorist 
                end use; or</DELETED>
                <DELETED>    [``(C) reexported without any 
                authorization by the United States that may be required 
                under this Act.</DELETED>
        <DELETED>    [``(4) Hardware with encryption capabilities.--The 
        Secretary shall authorize the export or reexport of computer 
        hardware with encryption capabilities if the Secretary 
        determines that a product offering comparable security is 
        commercially available outside the United States from a foreign 
        supplier, without effective restrictions.</DELETED>
        <DELETED>    [``(5) Definitions.--As used in this subsection--
        </DELETED>
                <DELETED>    [``(A) the term `encryption' means the 
                scrambling of wire or electronic information using 
                mathematical formulas or algorithms in order to 
                preserve the confidentiality, integrity, or 
                authenticity of, and prevent unauthorized recipients 
                from accessing or altering, such information;</DELETED>
                <DELETED>    [``(B) the term `generally available' 
                means, in the case of software (including software with 
                encryption capabilities), software that is offered for 
                sale, license, or transfer to any person without 
                restriction, whether or not for consideration, 
                including, but not limited to, over-the-counter retail 
                sales, mail order transactions, phone order 
                transactions, electronic distribution, or sale on 
                approval;</DELETED>
                <DELETED>    [``(C) the term `as is' means, in the case 
                of software (including software with encryption 
                capabilities), a software program that is not designed, 
                developed, or tailored by the software publisher for 
                specific purchasers, except that such purchasers may 
                supply certain installation parameters needed by the 
                software program to function properly with the 
                purchaser's system and may customize the software 
                program by choosing among options contained in the 
                software program;</DELETED>
                <DELETED>    [``(D) the term `is designed for 
                installation by the purchaser' means, in the case of 
                software (including software with encryption 
                capabilities) that--</DELETED>
                        <DELETED>    [``(i) the software publisher 
                        intends for the purchaser (including any 
                        licensee or transferee), who may not be the 
                        actual program user, to install the software 
                        program on a computing device and has supplied 
                        the necessary instructions to do so, except 
                        that the publisher may also provide telephone 
                        help line services for software installation, 
                        electronic transmission, or basic operations; 
                        and</DELETED>
                        <DELETED>    [``(ii) the software program is 
                        designed for installation by the purchaser 
                        without further substantial support by the 
                        supplier;</DELETED>
                <DELETED>    [``(E) the term `computing device' means a 
                device which incorporates one or more microprocessor-
                based central processing units that can accept, store, 
                process, or provide output of data; and</DELETED>
                <DELETED>    [``(F) the term `computer hardware', when 
                used in conjunction with information security, 
                includes, but is not limited to, computer systems, 
                equipment, application-specific assemblies, modules, 
                and integrated circuits.''.</DELETED>
<DELETED>    [(b) Continuation of Export Administration Act.--For 
purposes of carrying out the amendment made by subsection (a), the 
Export Administration Act of 1979 shall be deemed to be in 
effect.]</DELETED>

SEC. 3. EXPORTS OF ENCRYPTION.

    (a) Export Control of Encryption Products Not Controlled on the 
United States Munitions List.--The Secretary of Commerce, with the 
concurrence of the Secretary of Defense, shall have the authority to 
control the export of encryption products not controlled on the United 
States Munitions List. Decisions made by the Secretary of Commerce with 
the concurrence of the Secretary of Defense with respect to exports of 
encryption products under this section shall not be subject to judicial 
review.
    (b) License Exception For Certain Encryption Products.--Encryption 
products with encryption strength equal to or less than the level 
identified in subsection (d) shall be eligible for export under a 
license exception after a 1-time review, if the encryption product 
being exported does not include features that would otherwise require 
licensing under applicable regulations, is not destined for countries, 
end-users, or end-uses that the Secretary of Commerce has determined by 
regulation, with the concurrence of the Secretary of Defense, are 
ineligible to receive such products, and is otherwise qualified for 
export.
    (c) One-Time Product Review.--The Secretary of Commerce, with the 
concurrence of the Secretary of Defense, shall specify the information 
that must be submitted for the 1-time review referred to in subsection 
(b).
    (d) Eligible Encryption Levels.--
            (1) Initial eligibility level.--Not later than 30 days 
        after the date of the enactment of this Act, the President 
        shall notify the Congress of the maximum level of encryption 
        strength that could be exported from the United States under 
        license exception pursuant to this section without harm to the 
        national security of the United States. Such level shall not 
        become effective until 60 days after such notification.
            (2) Annual review of eligibility level.--Not later than 1 
        year after notifying the Congress of the maximum level of 
        encryption strength under paragraph (1), and annually 
        thereafter, the President shall notify the Congress of the 
        maximum level of encryption strength that could be exported 
        from the United States under license exception pursuant to this 
        section without harm to the national security of the United 
        States. Such level shall not become effective until 60 days 
        after such notification.
            (3) Calculation of 60-day period.--The 60-day period 
        referred to in paragraphs (1) and (2) shall be computed by 
        excluding--
                    (A) the days on which either House is not in 
                session because of an adjournment of more than 3 days 
                to a day certain or an adjournment of the Congress sine 
                die; and
                    (B) each Saturday and Sunday, not excluded under 
                subparagraph (A), when either House is not in session.
    (e) Excercise of Existing Authorities.--The Secretary of Commerce 
and the Secretary of Defense may exercise the authorities they have 
under other provisions of law to carry out this section.

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Security and Freedom Through 
Encryption (SAFE) Act''.

SEC. 2. SALE AND USE OF ENCRYPTION.

    (a) In General.--Part I of title 18, United States Code, is amended 
by inserting after chapter 123 the following new chapter:

        ``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

``2801. Definitions.
``2802. Freedom to use encryption.
``2803. Freedom to sell encryption.
``2804. Prohibition on mandatory key escrow.
``2805. Unlawful use of encryption in furtherance of a criminal act.
``Sec. 2801. Definitions
    ``As used in this chapter--
            ``(1) the terms `person', `State', `wire communication', 
        `electronic communication', `investigative or law enforcement 
        officer', and `judge of competent jurisdiction' have the 
        meanings given those terms in section 2510 of this title;
            ``(2) the terms `encrypt' and `encryption' refer to the 
        scrambling of wire communications, electronic communications, 
        or electronically stored information, using mathematical 
        formulas or algorithms in order to preserve the 
        confidentiality, integrity, or authenticity of, and prevent 
        unauthorized recipients from accessing or altering, such 
        communications or information;
            ``(3) the term `key' means the variable information used in 
        a mathematical formula, code, or algorithm, or any component 
        thereof, used to decrypt wire communications, electronic 
        communications, or electronically stored information, that has 
        been encrypted; and
            ``(4) the term `United States person' means--
                    ``(A) any United States citizen;
                    ``(B) any other person organized under the laws of 
                any State, the District of Columbia, or any 
                commonwealth, territory, or possession of the United 
                States; and
                    ``(C) any person organized under the laws of any 
                foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).
``Sec. 2802. Freedom to use encryption
    ``Subject to section 2805, it shall be lawful for any person within 
any State, and for any United States person in a foreign country, to 
use any encryption, regardless of the encryption algorithm selected, 
encryption key length chosen, or implementation technique or medium 
used.
``Sec. 2803. Freedom to sell encryption
    ``Subject to section 2805, it shall be lawful for any person within 
any State to sell in interstate commerce any encryption, regardless of 
the encryption algorithm selected, encryption key length chosen, or 
implementation technique or medium used.
``Sec. 2804. Prohibition on mandatory key escrow
    ``(a) Prohibition.--No person in lawful possession of a key to 
encrypted communications or information may be required by Federal or 
State law to relinquish to another person control of that key.
    ``(b) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or 
law enforcement officer, or any member of the intelligence community as 
defined in section 3 of the National Security Act of 1947 (50 U.S.C. 
401a), acting under any law in effect on the effective date of this 
chapter, to gain access to encrypted communications or information.
``Sec. 2805. Unlawful use of encryption in furtherance of a criminal 
              act
    ``Any person who, in the commission of a felony under a criminal 
statute of the United States, knowingly and willfully encrypts 
incriminating communications or information relating to that felony 
with the intent to conceal such communications or information for the 
purpose of avoiding detection by law enforcement agencies or 
prosecution--
            ``(1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 5 years, or fined in the 
        amount set forth in this title, or both; and
            ``(2) in the case of a second or subsequent offense under 
        this section, shall be imprisoned for not more than 10 years, 
        or fined in the amount set forth in this title, or both.''.
    (b) Conforming Amendment.--The table of chapters for part I of 
title 18, United States Code, is amended by inserting after the item 
relating to chapter 123 the following new item:

``125. Encrypted wire and electronic information............    2801''.

SEC. 3. EXPORTS OF ENCRYPTION.

    (a) Amendment to Export Administration Act of 1979.--Section 17 of 
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended 
by adding at the end thereof the following new subsection:
    ``(g) Computers and Related Equipment.--
            ``(1) General rule.--Subject to paragraphs (2), (3), and 
        (4), the Secretary shall have exclusive authority to control 
        exports of all computer hardware, software, and technology for 
        information security (including encryption), except that which 
        is specifically designed or modified for military use, 
        including command, control, and intelligence applications.
            ``(2) Items not requiring licenses.--No validated license 
        may be required, except pursuant to the Trading With The Enemy 
        Act or the International Emergency Economic Powers Act (but 
        only to the extent that the authority of such Act is not 
        exercised to extend controls imposed under this Act), for the 
        export or reexport of--
                    ``(A) any software, including software with 
                encryption capabilities--
                            ``(i) that is generally available, as is, 
                        and is designed for installation by the 
                        purchaser; or
                            ``(ii) that is in the public domain for 
                        which copyright or other protection is not 
                        available under title 17, United States Code, 
                        or that is available to the public because it 
                        is generally accessible to the interested 
                        public in any form; or
                    ``(B) any computing device solely because it 
                incorporates or employs in any form software (including 
                software with encryption capabilities) exempted from 
                any requirement for a validated license under 
                subparagraph (A).
            ``(3) Software with encryption capabilities.--The Secretary 
        shall authorize the export or reexport of software with 
        encryption capabilities for nonmilitary end uses in any country 
        to which exports of software of similar capability are 
        permitted for use by financial institutions not controlled in 
        fact by United States persons, unless there is substantial 
        evidence that such software will be--
                    ``(A) diverted to a military end use or an end use 
                supporting international terrorism;
                    ``(B) modified for military or terrorist end use; 
                or
                    ``(C) reexported without any authorization by the 
                United States that may be required under this Act.
            ``(4) Hardware with encryption capabilities.--The Secretary 
        shall authorize the export or reexport of computer hardware 
        with encryption capabilities if the Secretary determines that a 
        product offering comparable security is commercially available 
        outside the United States from a foreign supplier, without 
        effective restrictions.
            ``(5) Definitions.--As used in this subsection--
                    ``(A) the term `encryption' means the scrambling of 
                wire or electronic information using mathematical 
                formulas or algorithms in order to preserve the 
                confidentiality, integrity, or authenticity of, and 
                prevent unauthorized recipients from accessing or 
                altering, such information;
                    ``(B) the term `generally available' means, in the 
                case of software (including software with encryption 
                capabilities), software that is offered for sale, 
                license, or transfer to any person without restriction, 
                whether or not for consideration, including, but not 
                limited to, over-the-counter retail sales, mail order 
                transactions, phone order transactions, electronic 
                distribution, or sale on approval;
                    ``(C) the term `as is' means, in the case of 
                software (including software with encryption 
                capabilities), a software program that is not designed, 
                developed, or tailored by the software publisher for 
                specific purchasers, except that such purchasers may 
                supply certain installation parameters needed by the 
                software program to function properly with the 
                purchaser's system and may customize the software 
                program by choosing among options contained in the 
                software program;
                    ``(D) the term `is designed for installation by the 
                purchaser' means, in the case of software (including 
                software with encryption capabilities) that--
                            ``(i) the software publisher intends for 
                        the purchaser (including any licensee or 
                        transferee), who may not be the actual program 
                        user, to install the software program on a 
                        computing device and has supplied the necessary 
                        instructions to do so, except that the 
                        publisher may also provide telephone help line 
                        services for software installation, electronic 
                        transmission, or basic operations; and
                            ``(ii) the software program is designed for 
                        installation by the purchaser without further 
                        substantial support by the supplier;
                    ``(E) the term `computing device' means a device 
                which incorporates one or more microprocessor-based 
                central processing units that can accept, store, 
                process, or provide output of data; and
                    ``(F) the term `computer hardware', when used in 
                conjunction with information security, includes, but is 
                not limited to, computer systems, equipment, 
                application-specific assemblies, modules, and 
                integrated circuits.''.
    (b) Continuation of Export Administration Act.--For purposes of 
carrying out the amendment made by subsection (a), the Export 
Administration Act of 1979 shall be deemed to be in effect.

SEC. 4. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

    (a) Collection of Information by Attorney General.--The Attorney 
General shall compile, and maintain in classified form, data on the 
instances in which encryption (as defined in section 2801 of title 18, 
United States Code) has interfered with, impeded, or obstructed the 
ability of the Department of Justice to enforce the criminal laws of 
the United States.
    (b) Availability of Information to the Congress.--The information 
compiled under subsection (a), including an unclassified summary 
thereof, shall be made available, upon request, to any Member of 
Congress.

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Security and Freedom Through 
Encryption (SAFE) Act''.

SEC. 2. SALE AND USE OF ENCRYPTION.

    (a) In General.--Part I of title 18, United States Code, is amended 
by inserting after chapter 121 the following new chapter:

        ``CHAPTER 122--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

``2801. Definitions.
``2802. Freedom to use encryption.
``2803. Freedom to sell encryption.
``2804. Prohibition on mandatory key escrow.
``2805. Unlawful use of encryption in furtherance of a criminal act.
``Sec. 2801. Definitions
    ``As used in this chapter--
            ``(1) the terms `person', `State', `wire communication', 
        `electronic communication', `investigative or law enforcement 
        officer', `judge of competent jurisdiction', and `electronic 
        storage' have the meanings given those terms in section 2510 of 
        this title;
            ``(2) the terms `encrypt' and `encryption' refer to the 
        scrambling of wire or electronic information using mathematical 
        formulas or algorithms in order to preserve the 
        confidentiality, integrity, or authenticity of, and prevent 
        unauthorized recipients from accessing or altering, such 
        information;
            ``(3) the term `key' means the variable information used in 
        a mathematical formula, code, or algorithm, or any component 
        thereof, used to decrypt wire or electronic information that 
        has been encrypted; and
            ``(4) the term `United States person' means--
                    ``(A) any United States citizen;
                    ``(B) any other person organized under the laws of 
                any State, the District of Columbia, or any 
                commonwealth, territory, or possession of the United 
                States; and
                    ``(C) any person organized under the laws of any 
                foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).
``Sec. 2802. Freedom to use encryption
    ``Subject to section 2805, it shall be lawful for any person within 
any State, and for any United States person in a foreign country, to 
use any encryption, regardless of the encryption algorithm selected, 
encryption key length chosen, or implementation technique or medium 
used.
``Sec. 2803. Freedom to sell encryption
    ``Subject to section 2805, it shall be lawful for any person within 
any State to sell in interstate commerce any encryption, regardless of 
the encryption algorithm selected, encryption key length chosen, or 
implementation technique or medium used.
``Sec. 2804. Prohibition on mandatory key escrow
    ``(a) Prohibition.--No person in lawful possession of a key to 
encrypted information may be required by Federal or State law to 
relinquish to another person control of that key.
    ``(b) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or 
law enforcement officer, acting under any law in effect on the 
effective date of this chapter, to gain access to encrypted 
information.
``Sec. 2805. Unlawful use of encryption in furtherance of a criminal 
              act
    ``Any person who willfully uses encryption in furtherance of the 
commission of a criminal offense for which the person may be prosecuted 
in a court of competent jurisdiction--
            ``(1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 5 years, or fined in the 
        amount set forth in this title, or both; and
            ``(2) in the case of a second or subsequent offense under 
        this section, shall be imprisoned for not more than 10 years, 
        or fined in the amount set forth in this title, or both.''.
    (b) Conforming Amendment.--The table of chapters for part I of 
title 18, United States Code, is amended by inserting after the item 
relating to chapter 33 the following new item:

``122. Encrypted wire and electronic information............    2801''.

SEC. 3. EXPORTS OF ENCRYPTION.

    (a) Amendment to Export Administration Act of 1979.--Section 17 of 
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended 
by adding at the end thereof the following new subsection:
    ``(g) Certain Consumer Products, Computers, and Related 
Equipment.--
            ``(1) General rule.--Subject to paragraphs (2), (3), and 
        (4), the Secretary shall have exclusive authority to control 
        exports of all computer hardware, software, and technology for 
        information security (including encryption), except that which 
        is specifically designed or modified for military use, 
        including command, control, and intelligence applications.
            ``(2) Items not requiring licenses.--No validated license 
        may be required, except pursuant to the Trading With The Enemy 
        Act or the International Emergency Economic Powers Act (but 
        only to the extent that the authority of such Act is not 
        exercised to extend controls imposed under this Act), for the 
        export or reexport of--
                    ``(A) any consumer product commercially available 
                within the United States or abroad which--
                            ``(i) includes encryption capabilities 
                        which are inaccessible to the end user; and
                            ``(ii) is not designed for military or 
                        intelligence end use;
                    ``(B) any component or subassembly designed for use 
                in a consumer product described in subparagraph (A) 
                which itself contains encryption capabilities and is 
                not capable of military or intelligence end use in its 
                condition as exported;
                    ``(C) any software, including software with 
                encryption capabilities--
                            ``(i) that is generally available, as is, 
                        and is designed for installation by the 
                        purchaser;
                            ``(ii) that is in the public domain for 
                        which copyright or other protection is not 
                        available under title 17, United States Code, 
                        or that is available to the public because it 
                        is generally accessible to the interested 
                        public in any form; or
                            ``(iii) that is customized for an otherwise 
                        lawful use by a specific purchaser or group of 
                        purchasers;
                    ``(D) any computing device solely because it 
                incorporates or employs in any form--
                            ``(i) software (including software with 
                        encryption capabilities) that is exempted from 
                        any requirement for a validated license under 
                        subparagraph (C); or
                            ``(ii) software that is no more technically 
                        complex in its encryption capabilties than 
                        software that is exempted from any requirement 
                        for a validated license under subparagraph (C) 
                        but is not designed for installation by the 
                        purchaser;
                    ``(E) any computer hardware that is generally 
                available, solely because it has encryption 
                capabilities; or
                    ``(F) any software or computing device solely on 
                the basis that it incorporates or employs in any form 
                interface mechanisms for interaction with other 
                hardware and software, including hardware, and 
                software, with encryption capabilities.
            ``(3) Software with encryption capabilities.--The Secretary 
        shall authorize the export or reexport of software with 
        encryption capabilities for nonmilitary end uses in any country 
        to which exports of software of similar capability are 
        permitted for use by financial institutions not controlled in 
        fact by United States persons, unless there is substantial 
        evidence that such software will be--
                    ``(A) diverted to a military end use or an end use 
                supporting international terrorism;
                    ``(B) modified for military or terrorist end use; 
                or
                    ``(C) reexported without any authorization by the 
                United States that may be required under this Act.
            ``(4) Hardware with encryption capabilities.--The Secretary 
        shall authorize the export or reexport of computer hardware 
        with encryption capabilities if the Secretary determines that a 
        product offering comparable security is commercially available 
        outside the United States from a foreign supplier, without 
        effective restrictions.
            ``(5) Definitions.--As used in this subsection--
                    ``(A) the term `encryption' means the scrambling of 
                wire or electronic information using mathematical 
                formulas or algorithms in order to preserve the 
                confidentiality, integrity, or authenticity of, and 
                prevent unauthorized recipients from accessing or 
                altering, such information;
                    ``(B) the term `generally available' means--
                            ``(i) in the case of software (including 
                        software with encryption capabilities), 
                        software that is offered for sale, license, or 
                        transfer to any person without restriction, 
                        whether or not for consideration, including, 
                        but not limited to, over-the-counter retail 
                        sales, mail order transactions, phone order 
                        transactions, electronic distribution, or sale 
                        on approval; and
                            ``(ii) in the case of hardware with 
                        encryption capabilities, hardware that is 
                        offered for sale, license, or transfer to any 
                        person without restriction, whether or not for 
                        consideration, including, but not limited to, 
                        over-the-counter retail sales, mail order 
                        transactions, phone order transactions, 
                        electronic distribution, or sale on approval;
                    ``(C) the term `as is' means, in the case of 
                software (including software with encryption 
                capabilities), a software program that is not designed, 
                developed, or tailored by the software publisher for 
                specific purchasers, except that such purchasers may 
                supply certain installation parameters needed by the 
                software program to function properly with the 
                purchaser's system and may customize the software 
                program by choosing among options contained in the 
                software program;
                    ``(D) the term `is designed for installation by the 
                purchaser' means, in the case of software (including 
                software with encryption capabilities) that--
                            ``(i) the software publisher intends for 
                        the purchaser (including any licensee or 
                        transferee), who may not be the actual program 
                        user, to install the software program on a 
                        computing device and has supplied the necessary 
                        instructions to do so, except that the 
                        publisher may also provide telephone help line 
                        services for software installation, electronic 
                        transmission, or basic operations; and
                            ``(ii) the software program is designed for 
                        installation by the purchaser without further 
                        substantial support by the supplier;
                    ``(E) the term `computing device' means a device 
                which incorporates one or more microprocessor-based 
                central processing units that can accept, store, 
                process, or provide output of data; and
                    ``(F) the term `computer hardware', when used in 
                conjunction with information security, includes, but is 
                not limited to, computer systems, equipment, 
                application-specific assemblies, modules, and 
                integrated circuits.''.
    (b) Continuation of Export Administration Act.--For purposes of 
carrying out the amendment made by subsection (a), the Export 
Administration Act of 1979 shall be deemed to be in effect.

SEC. 4. SENSE OF CONGRESS REGARDING INTERNATIONAL COOPERATION.

    (a) Findings.--The Congress finds that--
            (1) implementing export restrictions on widely available 
        technology without the concurrence of all countries capable of 
        producing, transshipping, or otherwise transferring that 
        technology is detrimental to the competitiveness of the United 
        States and should only be imposed on technology and countries 
        in order to protect the United States against a compelling 
        national security threat; and
            (2) the President has not been able to come to agreement 
        with other encryption producing countries on export controls on 
        encryption and has imposed excessively stringent export 
        controls on this widely available technology.
    (b) Sense of Congress.--It is the sense of the Congress that the 
President should immediately take the necessary steps to call an 
international conference for the purpose of coming to an agreement with 
encryption producing countries on policies which will ensure that the 
free use and trade of this technology does not hinder mutual security.

[[SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    [[(a) Short Title.--This Act may be cited as the ``Security and 
Freedom through Encryption (`SAFE') Act of 1997''.
    [[(b) Table of Contents.--The table of contents is as follows:

[[Sec. 1. Short title; table of contents.
[[Sec. 2. Statement of policy.
                 [[TITLE I--DOMESTIC USES OF ENCRYPTION

[[Sec. 101. Definitions.
[[Sec. 102. Lawful use of encryption.
[[Sec. 103. Voluntary private sector participation in key management 
                            infrastructure.
[[Sec. 104. Unlawful use of encryption.
                   [[TITLE II--GOVERNMENT PROCUREMENT

[[Sec. 201. Federal purchases of encryption products.
[[Sec. 202. Encryption products purchased with Federal funds.
[[Sec. 203. Networks established with Federal funds.
[[Sec. 204. Product labels.
[[Sec. 205. No private mandate.
[[Sec. 206. Implementation.
                   [[TITLE III--EXPORTS OF ENCRYPTION

[[Sec. 301. Exports of encryption.
[[Sec. 302. License exception for certain encryption products.--
[[Sec. 303. License exception for telecommunications products.
[[Sec. 304. Review for certain institutions.
[[Sec. 305. Encryption industry and information security board.
                   [[TITLE IV--LIABILITY LIMITATIONS

[[Sec. 401. Compliance with court order.
[[Sec. 402. Compliance defense.
[[Sec. 403. Reasonable care defense.
[[Sec. 404. Good faith defense.
[[Sec. 405. Sovereign immunity.
[[Sec. 406. Civil action, generally.
                  [[TITLE V--INTERNATIONAL AGREEMENTS

[[Sec. 501. Sense of congress.
[[Sec. 502. Failure to negotiate.
[[Sec. 503. Report to congress.
                  [[TITLE VI--MISCELLANEOUS PROVISIONS

[[Sec. 601. Effect on law enforcement activities.
[[Sec. 602. Interpretation.
[[Sec. 603. Severability.

[[SEC. 2. STATEMENT OF POLICY.

    [[It is the policy of the United States to protect public computer 
networks through the use of strong encryption technology, to promote 
and improve the export of encryption products developed and 
manufactured in the United States, and to preserve public safety and 
national security.

                 [[TITLE I--DOMESTIC USES OF ENCRYPTION

[[SEC. 101. DEFINITIONS.

    [[For purposes of this Act:
            [[(1) Attorney for the government.--The term ``attorney for 
        the Government'' has the meaning given such term in Rule 54(c) 
        of the Federal Rules of Criminal Procedure, and also includes 
        any duly authorized attorney of a State who is authorized to 
        prosecute criminal offenses within such State.
            [[(2) Certificate authority.--The term ``certificate 
        authority'' means a person trusted by one or more persons to 
        create and assign public key certificates.
            [[(3) Communications.--The term ``communications'' means 
        any wire communications or electronic communications as those 
        terms are defined in paragraphs (1) and (12) of section 2510 of 
        title 18, United States Code.
            [[(4) Court of competent jurisdiction.--The term ``court of 
        competent jurisdiction'' means any court of the United States 
        organized under Article III of the Constitution of the United 
        States, the court organized under the Foreign Intelligence 
        Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), or a court 
        of general criminal jurisdiction of a State authorized pursuant 
        to the laws of such State to enter orders authorizing searches 
        and seizures.
            [[(5) Data network service provider.--The term ``data 
        network service provider'' means a person offering any service 
        to the general public that provides the users thereof with the 
        ability to transmit or receive data, including communications.
            [[(6) Decryption.--The term ``decryption'' means the 
        retransformation or unscrambling of encrypted data, including 
        communications, to its readable plaintext version. To 
        ``decrypt'' data, including communications, is to perform 
        decryption.
            [[(7) Decryption information.--The term ``decryption 
        information'' means information or technology that enables one 
        to readily retransform or unscramble encrypted data from its 
        unreadable and incomprehensible format to its readable 
        plaintext version.
            [[(8) Electronic storage.--The term ``electronic storage'' 
        has the meaning given that term in section 2510(17) of title 
        18, United States Code.
            [[(9) Encryption.--The term ``encryption'' means the 
        transformation or scrambling of data, including communications, 
        from plaintext to an unreadable or incomprehensible format, 
        regardless of the technique utilized for such transformation or 
        scrambling and irrespective of the medium in which such data, 
        including communications, occur or can be found, for the 
        purposes of protecting the content of such data, including 
        communications. To ``encrypt'' data, including communications, 
        is to perform encryption.
            [[(10) Encryption product.--The term ``encryption product'' 
        means any software, technology, or mechanism, that can be used 
        to encrypt or decrypt, or has the capability of encrypting or 
        decrypting any data, including communications.
            [[(11) Foreign availability.--The term ``foreign 
        availability'' has the meaning applied to foreign availability 
        of encryption products subject to controls under the Export 
        Administration Regulations, as in effect on September 1, 1997.
            [[(12) Government.--The term ``Government'' means the 
        Government of the United States and any agency or 
        instrumentality thereof, or the government of any State.
            [[(13) Investigative or law enforcement officer.--The term 
        ``investigative or law enforcement officer'' has the meaning 
        given that term in section 2510(7) of title 18, United States 
        Code.
            [[(14) Key recovery agent.--The term ``key recovery agent'' 
        means a person trusted by another person or persons to hold and 
        maintain sufficient decryption information to allow for the 
        immediate decryption of the encrypted data or communications of 
        another person or persons for whom that information is held, 
        and who holds and maintains that information as a business or 
        governmental practice, whether or not for profit. The term 
        ``key recovery agent'' includes any person who holds his or her 
        decryption information.
            [[(15) National security.--The term ``national security'' 
        means the national defense, foreign relations, or economic 
        interests of the United States.
            [[(16) Plaintext.--The term ``plaintext'' means the 
        readable or comprehensible format of data, including 
        communications, prior to its being encrypted or after it has 
        been decrypted.
            [[(17) Plainvoice.--The term ``plainvoice'' means 
        communication specific plaintext.
            [[(18) Secretary.--The term ``Secretary'' means the 
        Secretary of Commerce, unless otherwise specifically 
        identified.
            [[(19) State.--The term ``State'' has the meaning given 
        that term in section 2510(3) of title 18, United States Code.
            [[(20) Telecommunications carrier.--The term 
        ``telecommunications carrier'' has the meaning given that term 
        in section 102(8) of the Communications Assistance for Law 
        Enforcement Act (47 U.S.C. 1001(8)).
            [[(21) Telecommunications system.--The term 
        ``telecommunications system'' means any equipment, technology, 
        or related software used in the movement, switching, 
        interchange, transmission, reception, or internal signaling of 
        data, including communications over wire, fiber optic, radio 
        frequency, or other medium.
            [[(22) United States person.--The term ``United States 
        person'' means--
                    [[(A) any citizen of the United States;
                    [[(B) any other person organized under the laws of 
                any State; and
                    [[(C) any person organized under the laws of any 
                foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).

[[SEC. 102. LAWFUL USE OF ENCRYPTION.

    [[Except as otherwise provided by this Act or otherwise provided by 
law, it shall be lawful for any person within any State and for any 
United States person to use any encryption product, regardless of 
encryption algorithm selected, encryption key length chosen, or 
implementation technique or medium used.

[[SEC. 103. VOLUNTARY PRIVATE SECTOR PARTICIPATION IN KEY MANAGEMENT 
              INFRASTRUCTURE.

    [[(a) Use is Voluntary.--The use of certificate authorities or key 
recovery agents is voluntary.
    [[(b) Regulations.--The Secretary shall promulgate regulations 
establishing standards for creating key management infrastructures. 
Such regulations should--
            [[(1) allow for the voluntary participation by private 
        persons and non-Federal entities; and
            [[(2) promote the development of certificate authorities 
        and key recovery agents.
    [[(c) Registration of Certificate Authorities and Key Recovery 
Agents.--Certificate authorities and key recovery agents meeting the 
standards established by the Secretary may be registered by the 
Secretary if they so choose, and may identify themselves as meeting the 
standards of the Secretary.

[[SEC. 104. UNLAWFUL USE OF ENCRYPTION.

    [[(a) In General.--Part I of title 18, United States Code, is 
amended by inserting after chapter 121 the following new chapter:

        ``CHAPTER 122--ENCRYPTED DATA, INCLUDING COMMUNICATIONS

``Sec.
[[``2801. Unlawful use of encryption in furtherance of a criminal act.
[[``2802. Privacy protection.
[[``2803. Unlawful sale of encryption.
[[``2804. Encryption products manufactured and intended for use in the 
                            United States.
[[``2805. Injunctive relief and proceedings.
[[``2806. Court order access to plaintext.
[[``2807. Notification procedures.
[[``2808. Lawful use of plaintext or decryption information.
[[``2809. Identification of decryption information.
[[``2810. Unlawful export of certain encryption products.
[[``2811. Definitions.
[[``Sec. 2801. Unlawful use of encryption in furtherance of a criminal 
              act
    [[``(a) Prohibited Acts.--Whoever knowingly uses encryption in 
furtherance of the commission of a criminal offense for which the 
person may be prosecuted in a district court of the United States 
shall--
            [[``(1) in the case of a first offense under this section, 
        be imprisoned for not more than 5 years, or fined under this 
        title, or both; and
            [[``(2) in the case of a second or subsequent offense under 
        this section, be imprisoned for not more than 10 years, or 
        fined under this title, or both.
    [[``(b) Consecutive Sentence.--Notwithstanding any other provision 
of law, the court shall not place on probation any person convicted of 
a violation of this section, nor shall the term of imprisonment imposed 
under this section run concurrently with any other term of imprisonment 
imposed for the underlying criminal offense.
    [[``(c) Probable Cause Not Constituted By Use of Encryption.--The 
use of encryption alone shall not constitute probable cause to believe 
that a crime is being or has been committed.
[[``Sec. 2802. Privacy protection
    [[``(a) In General.--It shall be unlawful for any person to 
intentionally--
            [[``(1) obtain or use decryption information without lawful 
        authority for the purpose of decrypting data, including 
        communications;
            [[``(2) exceed lawful authority in decrypting data, 
        including communications;
            [[``(3) break the encryption code of another person without 
        lawful authority for the purpose of violating the privacy or 
        security of that person or depriving that person of any 
        property rights;
            [[``(4) impersonate another person for the purpose of 
        obtaining decryption information of that person without lawful 
        authority;
            [[``(5) facilitate or assist in the encryption of data, 
        including communications, knowing that such data, including 
        communications, are to be used in furtherance of a crime; or
            [[``(6) disclose decryption information in violation of a 
        provision of this chapter.
    [[``(b) Criminal Penalty.--Whoever violates this section shall be 
imprisoned for not more than 10 years, or fined under this title, or 
both.
[[``Sec. 2803. Unlawful sale of encryption
    [[``Whoever, after January 31, 2000, sells in interstate or foreign 
commerce any encryption product that does not include features or 
functions permitting duly authorized persons immediate access to 
plaintext or immediate decryption capabilities shall be imprisoned for 
not more than 5 years, fined under this title, or both.
[[``Sec. 2804. Encryption products manufactured and intended for use in 
              the United States
    [[``(a) Public Network Service Providers.--After January 31, 2000, 
public network service providers offering encryption products or 
encryption services shall ensure that such products or services enable 
the immediate decryption or access to plaintext of the data, including 
communications, encrypted by such products or services on the public 
network upon receipt of a court order or warrant, pursuant to section 
2806.
    [[``(b) Manufacturers, Distributors, and Importers.--After January 
31, 2000, it shall be unlawful for any person to manufacture for 
distribution, distribute, or import encryption products intended for 
sale or use in the United States, unless that product--
            [[``(1) includes features or functions that provide an 
        immediate access to plaintext capability, through any means, 
        mechanism, or technological method that--
                    [[``(A) permits immediate decryption of the 
                encrypted data, including communications, upon the 
                receipt of decryption information by an authorized 
                party in possession of a facially valid order issued by 
                a court of competent jurisdiction; and
                    [[``(B) allows the decryption of encrypted data, 
                including communications, without the knowledge or 
                cooperation of the person being investigated, subject 
                to the requirements set forth in section 2806;
            [[``(2) can be used only on systems or networks that 
        include features or functions that provide an immediate access 
        to plaintext capability, through any means, mechanism, or 
        technological method that--
                    [[``(A) permits immediate decryption of the 
                encrypted data, including communications, upon the 
                receipt of decryption information by an authorized 
                party in possession of a facially valid order issued by 
                a court of competent jurisdiction; and
                    [[``(B) allows the decryption of encrypted data, 
                including communications, without the knowledge or 
                cooperation of the person being investigated, subject 
                to the requirements set forth in section 2806; or
            [[``(3) otherwise meets the technical requirements and 
        functional criteria promulgated by the Attorney General under 
        subsection (c).
    [[``(c) Attorney General Criteria.--
            [[``(1) Publication of requirements.--Within 180 days after 
        the date of the enactment of this chapter, the Attorney General 
        shall publish in the Federal Register technical requirements 
        and functional criteria for complying with the decryption 
        requirements set forth in this section.
            [[``(2) Procedures for advisory opinions.--Within 180 days 
        after the date of the enactment of this chapter, the Attorney 
        General shall promulgate procedures by which data network 
        service providers and encryption product manufacturers, 
        sellers, re-sellers, distributors, and importers may obtain 
        advisory opinions as to whether an encryption product intended 
        for sale or use in the United States after January 31, 2000, 
        meets the requirements of this section and the technical 
        requirements and functional criteria promulgated pursuant to 
        paragraph (1).
            [[``(3) Particular methodology not required.--Nothing in 
        this chapter or any other provision of law shall be construed 
        as requiring the implementation of any particular decryption 
        methodology in order to satisfy the requirements of subsections 
        (a) and (b), or the technical requirements and functional 
        criteria required by the Attorney General under paragraph (1).
    [[``(d) Use of Prior Products Lawful.--After January 31, 2000, it 
shall not be unlawful to use any encryption product purchased or in use 
prior to such date.
[[``Sec. 2805. Injunctive relief and proceedings
    [[``(a) Injunction.--Whenever it appears to the Secretary or the 
Attorney General that any person is engaged in, or is about to engage 
in, any act that constitutes, or would constitute, a violation of 
section 2804, the Attorney General may initiate a civil action in a 
district court of the United States to enjoin such violation. Upon the 
filing of the complaint seeking injunctive relief by the Attorney 
General, the court shall automatically issue a temporary restraining 
order against the party being sued.
    [[``(b) Burden of Proof.--In a suit brought by the Attorney General 
under subsection (a), the burden shall be upon the Government to 
establish by a preponderance of the evidence that the encryption 
product involved does not comport with the requirements set forth by 
the Attorney General pursuant to section 2804 providing for immediate 
access to plaintext by Federal, State, or local authorities.
    [[``(c) Closing of Proceedings.--(1) Upon motion of the party 
against whom injunction is being sought--
            [[``(A) any or all of the proceedings under this section 
        shall be closed to the public; and
            [[``(B) public disclosure of the proceedings shall be 
        treated as contempt of court.
    [[``(2) Upon a written finding by the court that public disclosure 
of information relevant to the prosecution of the injunction or 
relevant to a determination of the factual or legal issues raised in 
the case would cause irreparable or financial harm to the party against 
whom the suit is brought, or would otherwise disclose proprietary 
information of any party to the case, all proceedings shall be closed 
to members of the public, except the parties to the suit, and all 
transcripts, motions, and orders shall be placed under seal to protect 
their disclosure to the general public.
    [[``(d) Advisory Opinion As Defense.--It is an absolute defense to 
a suit under this subsection that the party against whom suit is 
brought obtained an advisory opinion from the Attorney General pursuant 
to section 2804(c) and that the product at issue in the suit comports 
in every aspect with the requirements announced in such advisory 
opinion.
    [[``(e) Basis for Permanent Injunction.--The court shall issue a 
permanent injunction against the distribution of, and any future 
manufacture of, the encryption product at issue in the suit filed under 
subsection (a) if the court finds by a preponderance of the evidence 
that the product does not meet the requirements set forth by the 
Attorney General pursuant to section 2804 providing for immediate 
access to plaintext by Federal, State, or local authorities.
    [[``(f) Appeals.--Either party may appeal, to the appellate court 
with jurisdiction of the case, any adverse ruling by the district court 
entered pursuant to this section. For the purposes of appeal, the 
parties shall be governed by the Federal Rules of Appellate Procedure, 
except that the Government shall file its notice of appeal not later 
than 30 days after the entry of the final order on the docket of the 
district court. The appeal of such matter shall be considered on an 
expedited basis and resolved as soon as practicable.
[[``Sec. 2806. Court order access to plaintext
    [[``(a) Court Order.--(1) A court of competent jurisdiction shall 
issue an order, ex parte, granting an investigative or law enforcement 
officer immediate access to the plaintext of encrypted data, including 
communications, or requiring any person in possession of decryption 
information to provide such information to a duly authorized 
investigative or law enforcement officer--
            [[``(A) upon the application by an attorney for the 
        Government that--
                    [[``(i) is made under oath or affirmation by the 
                attorney for the Government; and
                    [[``(ii) provides a factual basis establishing the 
                relevance that the plaintext or decryption information 
                being sought has to a law enforcement or foreign 
                counterintelligence investigation then being conducted 
                pursuant to lawful authorities; and
            [[``(B) if the court finds, in writing, that the plaintext 
        or decryption information being sought is relevant to an 
        ongoing lawful law enforcement or foreign counterintelligence 
        investigation and the investigative or law enforcement officer 
        is entitled to such plaintext or decryption information.
    [[``(2) The order issued by the court under this section shall be 
placed under seal, except that a copy may be made available to the 
investigative or law enforcement officer authorized to obtain access to 
the plaintext of the encrypted information, or authorized to obtain the 
decryption information sought in the application. Such order shall also 
be made available to the person responsible for providing the plaintext 
or the decryption information, pursuant to such order, to the 
investigative or law enforcement officer.
    [[``(3) Disclosure of an application made, or order issued, under 
this section, is not authorized, except as may otherwise be 
specifically permitted by this section or another order of the court.
    [[``(b) Other Orders.--An attorney for the Government may make 
application to a district court of the United States for an order under 
subsection (a), upon a request from a foreign country pursuant to a 
Mutual Legal Assistance Treaty with such country that is in effect at 
the time of the request from such country.
    [[``(c) Record of Access Required.--(1) There shall be created an 
electronic record, or similar type record, of each instance in which an 
investigative or law enforcement officer, pursuant to an order under 
this section, gains access to the plaintext of otherwise encrypted 
information, or is provided decryption information, without the 
knowledge or consent of the owner of the data, including 
communications, who is the user of the encryption product involved.
    [[``(2) The court issuing the order under this section shall 
require that the electronic or similar type of record described in 
paragraph (1) is maintained in a place and a manner that is not within 
the custody or control of an investigative or law enforcement officer 
gaining the access or provided the decryption information. The record 
shall be tendered to the court, upon notice from the court.
    [[``(3) The court receiving such electronic or similar type of 
record described in paragraph (1) shall make the original and a 
certified copy of the record available to the attorney for the 
Government making application under this section, and to the attorney 
for, or directly to, the owner of the data, including communications, 
who is the user of the encryption product.
    [[``(d) Authority to Intercept Communications Not Increased.--
Nothing in this chapter shall be construed to enlarge or modify the 
circumstances or procedures under which a Government entity is entitled 
to intercept or obtain oral, wire, or electronic communications or 
information.
    [[``(e) Construction.--This chapter shall be strictly construed to 
apply only to a Government entity's ability to decrypt data, including 
communications, for which it has previously obtained lawful authority 
to intercept or obtain pursuant to other lawful authorities that would 
otherwise remain encrypted.
[[``Sec. 2807. Notification procedures
    [[``(a) In General.--Within a reasonable time, but not later than 
90 days after the filing of an application for an order under section 
2806 which is granted, the court shall cause to be served, on the 
persons named in the order or the application, and such other parties 
whose decryption information or whose plaintext has been provided to an 
investigative or law enforcement officer pursuant to this chapter as 
the court may determine that is in the interest of justice, an 
inventory which shall include notice of--
            [[``(1) the fact of the entry of the order or the 
        application;
            [[``(2) the date of the entry of the application and 
        issuance of the order; and
            [[``(3) the fact that the person's decryption information 
        or plaintext data, including communications, have been provided 
        or accessed by an investigative or law enforcement officer.
The court, upon the filing of a motion, may make available to that 
person or that person's counsel, for inspection, such portions of the 
plaintext, applications, and orders as the court determines to be in 
the interest of justice. On an ex parte showing of good cause to a 
court of competent jurisdiction, the serving of the inventory required 
by this subsection may be postponed.
    [[``(b) Admission into Evidence.--The contents of any encrypted 
information that has been obtained pursuant to this chapter or evidence 
derived therefrom shall not be received in evidence or otherwise 
disclosed in any trial, hearing, or other proceeding in a Federal or 
State court unless each party, not less than 10 days before the trial, 
hearing, or proceeding, has been furnished with a copy of the order, 
and accompanying application, under which the decryption or access to 
plaintext was authorized or approved. This 10-day period may be waived 
by the court if the court finds that it was not possible to furnish the 
party with the information described in the preceding sentence within 
10 days before the trial, hearing, or proceeding and that the party 
will not be prejudiced by the delay in receiving such information.
    [[``(c) Contempt.--Any violation of the provisions of this section 
may be punished by the court as a contempt thereof.
    [[``(d) Motion to Suppress.--Any aggrieved person in any trial, 
hearing, or proceeding in or before any court, department, officer, 
agency, regulatory body, or other authority of the United States or a 
State may move to suppress the contents of any decrypted data, 
including communications, obtained pursuant to this chapter, or 
evidence derived therefrom, on the grounds that --
            [[``(1) the plaintext was unlawfully decrypted or accessed;
            [[``(2) the order of authorization or approval under which 
        it was decrypted or accessed is insufficient on its face; or
            [[``(3) the decryption was not made in conformity with the 
        order of authorization or approval.
Such motion shall be made before the trial, hearing, or proceeding 
unless there was no opportunity to make such motion, or the person was 
not aware of the grounds of the motion. If the motion is granted, the 
plaintext of the decrypted data, including communications, or evidence 
derived therefrom, shall be treated as having been obtained in 
violation of this chapter. The court, upon the filing of such motion by 
the aggrieved person, may make available to the aggrieved person or 
that person's counsel for inspection such portions of the decrypted 
plaintext, or evidence derived therefrom, as the court determines to be 
in the interests of justice.
    [[``(e) Appeal by United States.--In addition to any other right to 
appeal, the United States shall have the right to appeal from an order 
granting a motion to suppress made under subsection (d), or the denial 
of an application for an order under section 2806, if the United States 
attorney certifies to the court or other official granting such motion 
or denying such application that the appeal is not taken for purposes 
of delay. Such appeal shall be taken within 30 days after the date the 
order was entered on the docket and shall be diligently prosecuted.
    [[``(f) Civil Action for Violation.--Except as otherwise provided 
in this chapter, any person described in subsection (g) may in a civil 
action recover from the United States Government the actual damages 
suffered by the person as a result of a violation described in that 
subsection, reasonable attorney's fees, and other litigation costs 
reasonably incurred in prosecuting such claim.
    [[``(g) Covered Persons.--Subsection (f) applies to any person 
whose decryption information--
            [[``(1) is knowingly obtained without lawful authority by 
        an investigative or law enforcement officer;
            [[``(2) is obtained by an investigative or law enforcement 
        officer with lawful authority and is knowingly used or 
        disclosed by such officer unlawfully; or
            [[``(3) is obtained by an investigative or law enforcement 
        officer with lawful authority and whose decryption information 
        is unlawfully used to disclose the plaintext of the data, 
        including communications.
    [[``(h) Limitation.--A civil action under subsection (f) shall be 
commenced not later than 2 years after the date on which the unlawful 
action took place, or 2 years after the date on which the claimant 
first discovers the violation, whichever is later.
    [[``(i) Exclusive Remedies.--The remedies and sanctions described 
in this chapter with respect to the decryption of data, including 
communications, are the only judicial remedies and sanctions for 
violations of this chapter involving such decryptions, other than 
violations based on the deprivation of any rights, privileges, or 
immunities secured by the Constitution.
    [[``(j) Technical Assistance By Providers.--A provider of 
encryption technology or network service that has received an order 
issued by a court pursuant to this chapter shall provide to the 
investigative or law enforcement officer concerned such technical 
assistance as is necessary to execute the order. Such provider may, 
however, move the court to modify or quash the order on the ground that 
its assistance with respect to the decryption or access to plaintext 
cannot be performed in a timely or reasonable fashion. The court, upon 
notice to the Government, shall decide such motion expeditiously.
    [[``(k) Reports to Congress.--In May of each year, the Attorney 
General, or an Assistant Attorney General specifically designated by 
the Attorney General, shall report in writing to Congress on the number 
of applications made and orders entered authorizing Federal, State, and 
local law enforcement access to decryption information for the purposes 
of reading the plaintext of otherwise encrypted data, including 
communications, pursuant to this chapter. Such reports shall be 
submitted to the Committees on the Judiciary of the House of 
Representatives and of the Senate, and to the Permanent Select 
Committee on Intelligence for the House of Representatives and the 
Select Committee on Intelligence for the Senate.
[[``Sec. 2808. Lawful use of plaintext or decryption information
    [[``(a) Authorized Use of Decryption Information.--
            [[``(1) Criminal investigations.--An investigative or law 
        enforcement officer to whom plaintext or decryption information 
        is provided may use such plaintext or decryption information 
        for the purposes of conducting a lawful criminal investigation 
        or foreign counterintelligence investigation, and for the 
        purposes of preparing for and prosecuting any criminal 
        violation of law.
            [[``(2) Civil redress.--Any plaintext or decryption 
        information provided under this chapter to an investigative or 
        law enforcement officer may not be disclosed, except by court 
        order, to any other person for use in a civil proceeding that 
        is unrelated to a criminal investigation and prosecution for 
        which the plaintext or decryption information is authorized 
        under paragraph (1). Such order shall only issue upon a showing 
        by the party seeking disclosure that there is no alternative 
        means of obtaining the plaintext, or decryption information, 
        being sought and the court also finds that the interests of 
        justice would not be served by nondisclosure.
    [[``(b) Limitation.--An investigative or law enforcement officer 
may not use decryption information obtained under this chapter to 
determine the plaintext of any data, including communications, unless 
it has obtained lawful authority to obtain such data, including 
communications, under other lawful authorities.
    [[``(c) Return of Decryption Information.--An attorney for the 
Government shall, upon the issuance of an order of a court of competent 
jurisdiction--
            [[``(1)(A) return any decryption information to the person 
        responsible for providing it to an investigative or law 
        enforcement officer pursuant to this chapter; or
            [[``(B) destroy such decryption information, if the court 
        finds that the interests of justice or public safety require 
        that such decryption information should not be returned to the 
        provider; and
            [[``(2) within 10 days after execution of the court's order 
        to destroy the decryption information--
                    [[``(A) certify to the court that the decryption 
                information has either been returned or destroyed 
                consistent with the court's order; and
                    [[``(B) notify the provider of the decryption 
                information of the destruction of such information.
    [[``(d) Other Disclosure of Decryption Information.--Except as 
otherwise provided in section 2806, a key recovery agent may not 
disclose decryption information stored with the key recovery agent by a 
person unless the disclosure is--
            [[``(1) to the person, or an authorized agent thereof;
            [[``(2) with the consent of the person, including pursuant 
        to a contract entered into with the person;
            [[``(3) pursuant to a court order upon a showing of 
        compelling need for the information that cannot be accommodated 
        by any other means if--
                    [[``(A) the person who supplied the information is 
                given reasonable notice, by the person seeking the 
                disclosure, of the court proceeding relevant to the 
                issuance of the court order; and
                    [[``(B) the person who supplied the information is 
                afforded the opportunity to appear in the court 
                proceeding and contest the claim of the person seeking 
                the disclosure;
            [[``(4) pursuant to a determination by a court of competent 
        jurisdiction that another person is lawfully entitled to hold 
        such decryption information, including determinations arising 
        from legal proceedings associated with the incapacity, death, 
        or dissolution of any person; or
            [[``(5) otherwise permitted by a provision of this chapter 
        or otherwise permitted by law.
[[``Sec. 2809. Identification of decryption information
    [[``(a) Identification.--To avoid inadvertent disclosure, any 
person who provides decryption information to an investigative or law 
enforcement officer pursuant to this chapter shall specifically 
identify that part of the material provided that discloses decryption 
information as such.
    [[``(b) Responsibility of Investigative or Law Enforcement 
Officer.--The investigative or law enforcement officer receiving any 
decryption information under this chapter shall maintain such 
information in facilities and in a method so as to reasonably assure 
that inadvertent disclosure does not occur.
[[``Sec. 2810. Unlawful export of certain encryption products
    [[``Whoever, after January 31, 2000, knowingly exports an 
encryption product that does not include features or functions 
providing duly authorized persons immediate access to plaintext or 
immediate decryption capabilities, as required under law, shall be 
imprisoned for not more than 5 years, fined under this title, or both.
[[``Sec. 2811. Definitions
    [[``The definitions set forth in section 101 of the Security and 
Freedom through Encryption (`SAFE`) Act of 1997 shall apply to this 
chapter.''.
    [[(b) Conforming Amendment.--The table of chapters for part I of 
title 18, United States Code, is amended by inserting after the item 
relating to chapter 121 the following new item:

[[``122. Encrypted data, including communications...........    2801''.

                   [[TITLE II--GOVERNMENT PROCUREMENT

[[SEC. 201. FEDERAL PURCHASES OF ENCRYPTION PRODUCTS.

    [[After January 1, 1999, any encryption product or service 
purchased or otherwise procured by the United States Government to 
provide the security service of data confidentiality for a Federal 
computer system shall include a technique enabling immediate decryption 
by an authorized party without the knowledge or cooperation of the 
person using such encryption products or services.

[[SEC. 202. ENCRYPTION PRODUCTS PURCHASED WITH FEDERAL FUNDS.

    [[After January 1, 1999, any encryption product or service 
purchased directly with Federal funds to provide the security service 
of data confidentiality shall include a technique enabling immediate 
decryption by an authorized party without the knowledge or cooperation 
of the person using such encryption product or service unless the 
Secretary, with the concurrence of the Attorney General, determines 
implementing this requirement would not promote the purposes of this 
Act.

[[SEC. 203. NETWORKS ESTABLISHED WITH FEDERAL FUNDS.

    [[After January 1, 1999, any communications network established 
with the use of Federal funds shall use encryption products which 
include techniques enabling immediate decryption by an authorized party 
without the knowledge or cooperation of the person using such 
encryption products or services unless the Secretary, with the 
concurrence of the Attorney General, determines implementing this 
requirement would not promote the purposes of this Act.

[[SEC. 204. PRODUCT LABELS.

    [[An encryption product may be labeled to inform users that the 
product is authorized for sale to or for use in transactions and 
communications with the United States Government under this title.

[[SEC. 205. NO PRIVATE MANDATE.

    [[The United States Government may not mandate the use of 
encryption standards for the private sector other than for use with 
computer systems, networks, or other systems of the United States 
Government, or systems or networks created using Federal funds.

[[SEC. 206. IMPLEMENTATION.

    [[(a) Exclusion.--Nothing in this title shall apply to encryption 
products and services used solely for access control, authentication, 
integrity, nonrepudiation, digital signatures, or other similar 
purposes.
    [[(b) Rulemaking.--The Secretary, in consultation with the Attorney 
General and other affected agencies, may through rules provide for the 
orderly implementation of this title and the effective use of secure 
public networks.

                   [[TITLE III--EXPORTS OF ENCRYPTION

[[SEC. 301. EXPORTS OF ENCRYPTION.

    [[(a) Coordination of Executive Branch Agencies Required.--The 
Secretary, in close coordination with the Secretary of Defense and any 
other executive branch department or agency with responsibility for 
protecting the national security, shall have the authority to control 
the export of encryption products not controlled on the United States 
Munitions List.
    [[(b) Decisions Not Subject to Judicial Review.--Decisions made by 
the Secretary pursuant to subsection (a) with respect to exports of 
encryption products under this title shall not be subject to judicial 
review.

[[SEC. 302. LICENSE EXCEPTION FOR CERTAIN ENCRYPTION PRODUCTS.

    [[(a) License Exception.--After January 31, 2000, encryption 
products, without regard to encryption strength, shall be eligible for 
export under a license exception if such encryption product--
            [[(1) is submitted to the Secretary for a 1-time product 
        review;
            [[(2) does not include features or functions that would 
        otherwise require licensing under applicable regulations;
            [[(3) is not destined for countries, end users, or end uses 
        that the Secretary, in coordination with the Secretary of 
        Defense and other executive branch departments or agencies with 
        responsibility for protecting the national security, by 
        regulation, has determined should be ineligible to receive such 
        products, and is otherwise qualified for export; and
            [[(4)(A) includes features or functions providing an 
        immediate access to plaintext capability, if there is lawful 
        authority for such immediate access; or
            [[(B) includes features or functions providing an immediate 
        decryption capability of the encrypted data, including 
        communications, upon the receipt of decryption information by 
        an authorized party, and such decryption can be accomplished 
        without unauthorized disclosure.
    [[(b) Enabling of Decryption Capabilities.--The features or 
functions described in subsection (a)(4) need not be enabled by the 
manufacturer before or at the time of export for purposes of this 
title. Such features or functions may be enabled by the purchaser or 
end user.
    [[(c) Responsibilities of the Secretary.--The Secretary, in close 
coordination with the Secretary of Defense and other executive branch 
departments or agencies with responsibility for protecting the national 
security, shall--
            [[(1) specify, by regulation, the information that must be 
        submitted for the 1-time review referred to in this section; 
        and
            [[(2) make all export determinations under this title 
        within 30 days following the date of submission to the 
        Secretary of--
                    [[(A) the completed application for a license 
                exception; and
                    [[(B) the encryption product intended for export 
                that is to be reviewed as required by this section.
    [[(d) Exercise of Other Authorities.--The Secretary, and the 
Secretary of Defense, may exercise the authorities they have under 
other provisions of law, including the Export Administration Act of 
1979, as continued in effect under the International Emergency Economic 
Powers Act, to carry out this section.
    [[(e) Presumption in Favor of Exports.--There shall be a 
presumption in favor of export of encryption products under this title.
    [[(f) Waiver Authority.--The President may by Executive order waive 
any provision of this title, or the applicability of any such provision 
to a person or entity, if the President determines that the waiver is 
in the interests of national security or public safety and security. 
The President shall submit a report to the relevant committees of the 
Congress not later than 15 days after such determination. The report 
shall include the factual basis upon which such determination was made. 
The report may be in classified format.
    [[(g) Relevant Committees.--The relevant committees of the Congress 
described in subsection (f) are the Committee on International 
Relations, the Committee on the Judiciary, the Committee on National 
Security, and the Permanent Select Committee on Intelligence of the 
House of Representatives, and the Committee on Foreign Relations, the 
Committee on the Judiciary, the Committee on Armed Services, and the 
Select Committee on Intelligence of the Senate.

[[SEC. 303. LICENSE EXCEPTION FOR TELECOMMUNICATIONS PRODUCTS.

    [[After a 1-time review as described in section 302, the Secretary 
shall authorize for export under a license exception voice encryption 
products that do not contain decryption or access to plainvoice 
features or functions otherwise required in section 302, if the 
Secretary, after consultation with relevant executive branch 
departments or agencies, determines that--
            [[(1) information recovery requirements for such exports 
        would disadvantage United States exporters; and
            [[(2) such exports under a license exception would not 
        create a risk to the foreign policy, non-proliferation, or 
        national security of the United States.

[[SEC. 304. REVIEW FOR CERTAIN INSTITUTIONS.

    [[The Secretary, in consultation with other executive branch 
departments or agencies, shall establish a procedure for expedited 
review of export license applications involving encryption products for 
use by qualified banks, financial institutions, subsidiaries of 
companies owned or controlled by United States persons, or other users 
specifically authorized by the Secretary.

[[SEC. 305. ENCRYPTION INDUSTRY AND INFORMATION SECURITY BOARD.

    [[(a) Encryption Industry and Information Security Board 
Established.--There is hereby established an Encryption Industry and 
Information Security Board. The Board shall undertake an advisory role 
for the President.
    [[(b) Purposes.--The purposes of the Board are--
            [[(1) to provide a forum to foster communication and 
        coordination between industry and the Federal Government on 
        matters relating to the use of encryption products;
            [[(2) to promote the export of encryption products 
        manufactured in the United States;
            [[(3) to encourage research and development of products 
        that will foster electronic commerce;
            [[(4) to recommend policies enhancing the security of 
        public networks;
            [[(5) to promote the protection of intellectual property 
        and privacy rights of individuals using public networks;
            [[(6) to enable the United States to effectively and 
        continually understand the benefits and risks to its national 
        security, law enforcement, and public safety interests by 
        virtue of the proliferation of strong encryption on the global 
        market;
            [[(7) to evaluate and make recommendations regarding the 
        further development and use of encryption;
            [[(8) to advance the development of international standards 
        regarding interoperability and global use of encryption 
        products; and
            [[(9) to evaluate the foreign availability of encryption 
        products and their threat to United States industry.
    [[(c) Membership.--(1) The Board shall be composed of 13 members, 
as follows:
            [[(A) The Secretary, or the Secretary's designee, who shall 
        chair the Board.
            [[(B) The Attorney General, or the Director of the Federal 
        Bureau of Investigation, or a respective designee.
            [[(C) The Secretary of Defense, or the Secretary's 
        designee.
            [[(D) the Director of Central Intelligence, or his or her 
        designee.
            [[(E) The Special Assistant to the President for National 
        Security Affairs, or his or her designee.
            [[(F) Two private sector individuals, appointed by the 
        President, who have expertise in consumer and privacy interests 
        relating to or affected by information security technology.
            [[(G) Six representatives from the private sector who have 
        expertise in the development, operation, marketing, law, or 
        public policy relating to information security or technology.
    [[(2) The six private sector representatives described in paragraph 
(1)(G) shall be appointed as follows:
                    [[(A) Two by the Speaker of the House of 
                Representatives.
                    [[(B) One by the Minority Leader of the House of 
                Representatives.
                    [[(C) Two by the Majority Leader of the Senate.
                    [[(D) One by the Minority Leader of the Senate.
    [[(e) Meetings.--The Board shall meet at such times and in such 
places as the Secretary may prescribe, but not less frequently than 
every four months. The Federal Advisory Committee Act (5 U.S.C. App.) 
does not apply to the Board or to meetings held by the Board under this 
section.
    [[(f) Findings and Recommendations.--The chair of the Board shall 
convey the findings and recommendations of the Board to the President 
and to the Congress within 30 days after each meeting of the Board. The 
recommendations of the Board are not binding upon the President.
    [[(g) Foreign Availability.--The consideration of foreign 
availability by the Board shall include computer software that is 
distributed over the Internet or advertised for sale, license, or 
transfer, including over-the-counter retail sales, mail order 
transactions, telephone order transactions, electronic distribution, or 
sale on approval.

                   [[TITLE IV--LIABILITY LIMITATIONS

[[SEC. 401. COMPLIANCE WITH COURT ORDER.

    [[(a) No Liability For Compliance.--Subject to subsection (b), no 
civil or criminal liability under this Act, or under any other 
provision of law, shall attach to any person for disclosing or 
providing--
            [[(1) the plaintext of encrypted data, including 
        communications;
            [[(2) the decryption information of such encrypted data, 
        including communications; or
            [[(3) technical assistance for access to the plaintext of, 
        or decryption information for, encrypted data, including 
        communications.
    [[(b) Exception.--Subsection (a) shall not apply to a person who 
provides plaintext or decryption information to another and is not 
authorized by court order to disclose such plaintext or decryption 
information.

[[SEC. 402. COMPLIANCE DEFENSE.

    [[Compliance with the provisions of sections 2806, 2807, 2808, or 
2809 of title 18, United States Code, as added by section 104(a) of 
this Act, or any regulations authorized thereunder, shall provide a 
complete defense for any civil action for damages based upon activities 
covered by this Act, other than an action founded on contract.

[[SEC. 403. REASONABLE CARE DEFENSE.

    [[The participation by person in the key management infrastructure 
established by regulation for United States Government information 
security operations under section 103 shall be treated as evidence of 
reasonable care or due diligence in any proceeding where the 
reasonableness of one's actions is an element of the claim at issue.

[[SEC. 404. GOOD FAITH DEFENSE.

    [[An objectively reasonable reliance on the legal authority 
provided by this Act and the amendments made by this Act, requiring or 
authorizing access to the plaintext of otherwise encrypted data, 
including communications, or to the decryption information that will 
allow the immediate decryption of data, including communications, that 
is otherwise encrypted, shall be a complete defense to any criminal or 
civil action that may be brought under the laws of the United States or 
any State.

[[SEC. 405. SOVEREIGN IMMUNITY.

    [[Except as otherwise specifically provided otherwise, nothing in 
this Act or the amendments made by this Act, or any regulations 
promulgated thereunder, modifies or amends the sovereign immunity of 
the United States.

[[SEC. 406. CIVIL ACTION, GENERALLY.

    [[A civil action may be brought against any person who, regardless 
of that person's participation in the key management infrastructure to 
be established by regulations promulgated by the Secretary pursuant to 
section 103, violates or acts in a manner that is inconsistent with or 
violates the provisions or intent of this Act or the amendments made by 
this Act.

                  [[TITLE V--INTERNATIONAL AGREEMENTS

[[SEC. 501. SENSE OF CONGRESS.

    [[It is the sense of Congress that--
            [[(1) the President should conduct negotiations with 
        foreign governments for the purposes of mutual recognition of 
        any key management infrastructures, and their component parts, 
        that exist or are developed; and
            [[(2) such mutual recognition agreements will safeguard the 
        privacy of the citizens of the United States, prevent economic 
        espionage, and enhance the information security needs of the 
        United States.

[[SEC. 502. FAILURE TO NEGOTIATE.

    [[The President may consider a government's refusal to negotiate 
mutual recognition agreements described in section 501 when considering 
the participation of the United States in any cooperation or assistance 
program with that country.

[[SEC. 503. REPORT TO CONGRESS.

    [[(a) Report to Congress.--The President shall report annually to 
the Congress on the status of the international effort outlined by 
section 501.
    [[(b) First Report.--The first report required under subsection (a) 
shall be submitted in unclassified form no later than December 15, 
1998.

                  [[TITLE VI--MISCELLANEOUS PROVISIONS

[[SEC. 601. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

    [[(a) Collection of Information by Attorney General.--The Attorney 
General shall compile, and maintain in classified form, data on the 
instances in which encryption has interfered with, impeded, or 
obstructed the ability of the Department of Justice to enforce the 
criminal laws of the United States.
    [[(b) Availability of Information to the Congress.--The information 
compiled under subsection (a), including an unclassified summary 
thereof, shall be made available, upon request, to any Member of 
Congress.

[[SEC. 602. INTERPRETATION.

    [[Nothing contained in this Act or the amendments made by this Act 
shall be deemed to--
            [[(1) preempt or otherwise affect the application of the 
        Arms Export Control Act (22 U.S.C. 2751 et seq.), the Export 
        Administration Act of 1979 (50 U.S.C. App. 2401 et seq.), or 
        the International Emergency Economic Powers Act (50 U.S.C. 1701 
        et seq.) or any regulations promulgated thereunder;
            [[(2) affect foreign intelligence activities of the United 
        States; or
            [[(3) negate or diminish any intellectual property 
        protections under the laws of the United States or of any 
        State.

[[SEC. 603. SEVERABILITY.

    [[If any provision of this Act or the amendments made by this Act, 
or the application thereof, to any person or circumstances is held 
invalid by a court of the United States, the remainder of this Act or 
such amendments, and the application thereof, to other persons or 
circumstances shall not be affected thereby.]]

(SECTION 1. SHORT TITLE.

    (This Act may be cited as the ``Security and Freedom Through 
Encryption (SAFE) Act''.

(SEC. 2. SALE AND USE OF ENCRYPTION.

    ((a) In General.--Part I of title 18, United States Code, is 
amended by inserting after chapter 123 the following new chapter:

       (``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

<star>``2801. Definitions.
<star>``2802. Assistance for law enforcement.
<star>``2803. Freedom to sell encryption.
<star>``2804. Prohibition on mandatory key escrow.
<star>``2805. Unlawful use of encryption in furtherance of a criminal 
                            act.
<star>``2806. Liability limitations.
(``Sec. 2801. Definitions
    (``As used in this chapter--
            (``(1) the terms `person', `State', `wire communication', 
        `electronic communication', and `investigative or law 
        enforcement officer' have the meanings given those terms in 
        section 2510 of this title;
            (``(2) the terms `encrypt' and `encryption' refer to the 
        scrambling of wire communications, electronic communications, 
        or electronically stored information, using mathematical 
        formulas or algorithms in order to preserve the 
        confidentiality, integrity, or authenticity of, and prevent 
        unauthorized recipients from accessing or altering, such 
        communications or information;
            (``(3) the term `key' means the variable information used 
        in a mathematical formula, code, or algorithm, or any component 
        thereof, used to decrypt wire communications, electronic 
        communications, or electronically stored information, that has 
        been encrypted; and
            (``(4) the term `United States person' means--
                    (``(A) any United States citizen;
                    (``(B) any other person organized under the laws of 
                any State; and
                    (``(C) any person organized under the laws of any 
                foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).
(``Sec. 2802. Assistance for law enforcement
    (``(a) National Electronic Technologies Center.--
            (``(1) Establishment.--There is established in the 
        Department of Justice a National Electronic Technologies Center 
        (in this subsection referred to as the `NET Center').
            (``(2) Director.--The NET Center shall have a Director, who 
        shall be appointed by the Attorney General.
            (``(3) Duties.--The duties of the NET Center shall be--
                    (``(A) to serve as a center for Federal, State, and 
                local law enforcement authorities for information and 
                assistance regarding decryption and other access 
                requirements;
                    (``(B) to serve as a center for industry and 
                government entities to exchange information and 
                methodology regarding information security techniques 
                and technologies;
                    (``(C) to examine encryption techniques and methods 
                to facilitate the ability of law enforcement to gain 
                efficient access to plaintext of communications and 
                electronic information;
                    (``(D) to conduct research to develop efficient 
                methods, and improve the efficiency of existing 
                methods, of accessing plaintext of communications and 
                electronic information;
                    (``(E) to investigate and research new and emerging 
                techniques and technologies to facilitate access to 
                communications and electronic information, including --
                            (``(i) reverse-steganography;
                            (``(ii) decompression of information that 
                        previously has been compressed for 
                        transmission; and
                            (``(iii) de-multiplexing; and
                    (``(F) to obtain information regarding the most 
                current hardware, software, telecommunications, and 
                other capabilities to understand how to access 
                information transmitted across networks.
            (``(4) Equal access.--State and local law enforcement 
        agencies and authorities shall have access to information, 
        services, resources, and assistance provided by the NET Center 
to the same extent that Federal law enforcement agencies and 
authorities have such access.
            (``(5) Personnel.--The Director may appoint such personnel 
        as the Director considers appropriate to carry out the duties 
        of the NET Center.
            (``(6) Assistance of other federal agencies.--Upon the 
        request of the Director of the NET Center, the head of any 
        department or agency of the Federal Government may, to assist 
        the NET Center in carrying out its duties under this 
        subsection--
                    (``(A) detail, on a reimbursable basis, any of the 
                personnel of such department or agency to the NET 
                Center; and
                    (``(B) provide to the NET Center facilities, 
                information, and other non-personnel resources.
            (``(7) Private industry assistance.--The NET Center may 
        accept, use, and dispose of gifts, bequests, or devises of 
        money, services, or property, both real and personal, for the 
        purpose of aiding or facilitating the work of the Center. 
        Gifts, bequests, or devises of money and proceeds from sales of 
        other property received as gifts, bequests, or devises shall be 
        deposited in the Treasury and shall be available for 
        disbursement upon order of the Director of the NET Center.
            (``(8) Advisory board.--
                    (``(A) Establishment.--There is established the 
                Advisory Board of the Strategic NET Center for 
                Excellence in Information Security (in this paragraph 
                referred to as the `Advisory Board'), which shall be 
                comprised of members who have the qualifications 
                described in subparagraph (B) and who are appointed by 
                the Attorney General. The Attorney General shall 
                appoint a chairman of the Advisory Board.
                    (``(B) Qualifications.--Each member of the Advisory 
                Board shall have experience or expertise in the field 
                of encryption, decryption, electronic communication, 
                information security, electronic commerce, or law 
                enforcement.
                    (``(C) Duties.--The duty of the Advisory Board 
                shall be to advise the NET Center and the Federal 
                Government regarding new and emerging technologies 
                relating to encryption and decryption of communications 
                and electronic information.
            (``(9) Implementation plan.--Within 2 months after the date 
        of the enactment of the Security and Freedom Through Encryption 
        (SAFE) Act, the Attorney General shall, in consultation and 
        cooperation with other appropriate Federal agencies and 
        appropriate industry participants, develop and cause to be 
        published in the Federal Register a plan for establishing the 
        NET Center. The plan shall--
                    (``(A) specify the physical location of the NET 
                Center and the equipment, software, and personnel 
                resources necessary to carry out the duties of the NET 
                Center under this subsection;
                    (``(B) assess the amount of funding necessary to 
                establish and operate the NET Center; and
                    (``(C) identify sources of probable funding for the 
                NET Center, including any sources of in-kind 
                contributions from private industry.
    (``(b) Freedom of Use.--Subject to section 2805, it shall be lawful 
for any person within any State, and for any United States person in a 
foreign country, to use any encryption, regardless of the encryption 
algorithm selected, encryption key length chosen, or implementation 
technique or medium used. No Federal or State law or regulation may 
condition the issuance of certificates of authentication or 
certificates of authority for any encryption product upon any escrowing 
or other sharing of private encryption keys, whether with private 
agents or government entities, or establish a licensing, labeling, or 
other regulatory scheme for any encryption product that requires key 
escrow as a condition of licensing or regulatory approval.
(``Sec. 2803. Freedom to sell encryption
    (``Subject to section 2805, it shall be lawful for any person 
within any State to sell in interstate commerce any encryption, 
regardless of the encryption algorithm selected, encryption key length 
chosen, or implementation technique or medium used.
(``Sec. 2804. Prohibition on mandatory key escrow
    (``(a) Prohibition.--No person in lawful possession of a key to 
encrypted communications or information may be required by Federal or 
State law to relinquish to another person control of that key.
    (``(b) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or 
law enforcement officer, or any member of the intelligence community as 
defined in section 3 of the National Security Act of 1947 (50 U.S.C. 
401a), acting under any law in effect on the effective date of this 
chapter, to gain access to encrypted communications or information.
(``Sec. 2805. Unlawful use of encryption in furtherance of a criminal 
              act
    (``Any person who, in the commission of a felony under a criminal 
statute of the United States, knowingly and willfully encrypts 
incriminating communications or information relating to that felony 
with the intent to conceal such communications or information for the 
purpose of avoiding detection by law enforcement agencies or 
prosecution--
            (``(1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 10 years, or fined in the 
        amount set forth in this title, or both; and
            (``(2) in the case of a second or subsequent offense under 
        this section, shall be imprisoned for not more than 20 years, 
        or fined in the amount set forth in this title, or both.
(``Sec. 2806. Liability limitations
    (``No person shall be subject to civil or criminal liability for 
providing access to the plaintext of encrypted communications or 
electronic information to any law enforcement official or authorized 
government entity, pursuant to judicial process.''.
    ((b) Study.--Within 6 months after the date of the enactment of 
this Act, the National Telecommunications and Information 
Administration shall conduct a study, and prepare and submit to the 
Congress and the President a report regarding such study, that--
            ((1) assesses the effect that establishment of a mandatory 
        system for recovery of encryption keys for encrypted 
        communications and information would have on--
                    ((A) electronic commerce;
                    ((B) data security;
                    ((C) privacy in interstate commerce; and
                    ((D) law enforcement authorities and activities; 
                and
            ((2) assesses other possible methods for providing access 
        to encrypted communications and information to further law 
        enforcement activities.
    ((c) Conforming Amendment.--The table of chapters for part I of 
title 18, United States Code, is amended by inserting after the item 
relating to chapter 123 the following new item:

<star>``125. Encrypted wire and electronic information......    2801''.

(SEC. 3. EXPORTS OF ENCRYPTION.

    ((a) Amendment to Export Administration Act of 1979.--Section 17 of 
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended 
by adding at the end thereof the following new subsection:
    (``(g) Computers and Related Equipment.--
            (``(1) General rule.--Subject to paragraphs (2), (3), and 
        (4), the Secretary shall have exclusive authority to control 
        exports of all computer hardware, software, and technology for 
        information security (including encryption), except that which 
        is specifically designed or modified for military use, 
        including command, control, and intelligence applications.
            (``(2) Items not requiring licenses.--No validated license 
        may be required, except pursuant to the Trading With The Enemy 
        Act or the International Emergency Economic Powers Act (but 
        only to the extent that the authority of such Act is not 
        exercised to extend controls imposed under this Act), for the 
        export or reexport of--
                    (``(A) any software, including software with 
                encryption capabilities--
                            (``(i) that is generally available, as is, 
                        and is designed for installation by the 
                        purchaser; or
                            (``(ii) that is in the public domain for 
                        which copyright or other protection is not 
                        available under title 17, United States Code, 
                        or that is available to the public because it 
                        is generally accessible to the interested 
                        public in any form; or
                    (``(B) any computing device solely because it 
                incorporates or employs in any form software (including 
                software with encryption capabilities) exempted from 
                any requirement for a validated license under 
                subparagraph (A).
            (``(3) Software with encryption capabilities.--The 
        Secretary shall authorize the export or reexport of software 
        with encryption capabilities for nonmilitary end uses in any 
        country to which exports of software of similar capability are 
        permitted for use by financial institutions not controlled in 
        fact by United States persons, unless there is substantial 
        evidence that such software will be--
                    (``(A) diverted to a military end use or an end use 
                supporting international terrorism;
                    (``(B) modified for military or terrorist end use; 
                or
                    (``(C) reexported without any authorization by the 
                United States that may be required under this Act.
            (``(4) Hardware with encryption capabilities.--The 
        Secretary shall authorize the export or reexport of computer 
        hardware with encryption capabilities if the Secretary 
        determines that a product offering comparable security is 
        commercially available outside the United States from a foreign 
        supplier, without effective restrictions.
            (``(5) Definitions.--As used in this subsection--
                    (``(A) the term `encryption' means the scrambling 
                of wire or electronic information using mathematical 
                formulas or algorithms in order to preserve the 
                confidentiality, integrity, or authenticity of, and 
                prevent unauthorized recipients from accessing or 
                altering, such information;
                    (``(B) the term `generally available' means, in the 
                case of software (including software with encryption 
                capabilities), software that is offered for sale, 
                license, or transfer to any person without restriction, 
                whether or not for consideration, including, but not 
                limited to, over-the-counter retail sales, mail order 
                transactions, phone order transactions, electronic 
                distribution, or sale on approval;
                    (``(C) the term `as is' means, in the case of 
                software (including software with encryption 
                capabilities), a software program that is not designed, 
                developed, or tailored by the software publisher for 
                specific purchasers, except that such purchasers may 
                supply certain installation parameters needed by the 
                software program to function properly with the 
                purchaser's system and may customize the software 
                program by choosing among options contained in the 
                software program;
                    (``(D) the term `is designed for installation by 
                the purchaser' means, in the case of software 
                (including software with encryption capabilities) 
                that--
                            (``(i) the software publisher intends for 
                        the purchaser (including any licensee or 
                        transferee), who may not be the actual program 
                        user, to install the software program on a 
                        computing device and has supplied the necessary 
                        instructions to do so, except that the 
                        publisher may also provide telephone help line 
                        services for software installation, electronic 
                        transmission, or basic operations; and
                            (``(ii) the software program is designed 
                        for installation by the purchaser without 
                        further substantial support by the supplier;
                    (``(E) the term `computing device' means a device 
                which incorporates one or more microprocessor-based 
                central processing units that can accept, store, 
                process, or provide output of data; and
                    (``(F) the term `computer hardware', when used in 
                conjunction with information security, includes, but is 
                not limited to, computer systems, equipment, 
                application-specific assemblies, modules, and 
                integrated circuits.''.
    ((b) Continuation of Export Administration Act.--For purposes of 
carrying out the amendment made by subsection (a), the Export 
Administration Act of 1979 shall be deemed to be in effect.

(SEC. 4. TREATMENT OF ENCRYPTION IN INTERSTATE AND FOREIGN COMMERCE.

    ((a) Inquiry Regarding Impediments to Trade.--Within 180 days after 
the date of the enactment of this Act, the Secretary of Commerce shall 
complete an inquiry to--
            ((1) identify any domestic and foreign impediments to trade 
        in encryption products and services and the manners in which 
        and extent to which such impediments inhibit the development of 
        interstate and foreign commerce; and
            ((2) identify import restrictions imposed by foreign 
        nations that constitute unfair trade barriers to providers of 
        encryption products or services.
The Secretary shall submit a report to the Congress regarding the 
results of such inquiry by such date.
    ((b) Removal of Impediments to Trade.--Within 1 year after such 
date of enactment, the Secretary of Commerce, in consultation with the 
Attorney General, shall prescribe such regulations as may be necessary 
to reduce the impediments to trade in encryption products and services 
identified in the inquiry pursuant to subsection (a) for the purpose of 
facilitating the development of interstate and foreign commerce. Such 
regulations shall be designed to--
            ((1) promote the sale and distribution in foreign commerce 
        of encryption products and services manufactured in the United 
        States; and
            ((2) strengthen the competitiveness of domestic providers 
        of encryption products and services in foreign commerce.
    ((c) International Agreements.--
            ((1) Report to president.--Upon the completion of the 
        inquiry under subsection (a), the Secretary of Commerce shall 
        submit a report to the President regarding reducing any 
        impediments to trade in encryption products and services that 
        are identified by the inquiry and could, in the determination 
        of the Secretary, require international negotiations for such 
        reduction.
            ((2) Negotiations.--The President shall take all actions 
        necessary to conduct negotiations with other countries for the 
        purposes of (A) concluding international agreements on the 
        promotion of encryption products and services, and (B) 
        achieving mutual recognition of countries' export controls, in 
        order to meet the needs of countries to preserve national 
        security, safeguard privacy, and prevent commercial espionage. 
        The President may consider a country's refusal to negotiate 
        such international export and mutual recognition agreements 
        when considering the participation of the United States in any 
        cooperation or assistance program with that country. The 
        President shall submit a report to the Congress regarding the 
        status of international efforts regarding cryptography not 
        later than December 31, 2000.
    ((d) Definitions.--For purposes of this section, the following 
definitions shall apply:
            ((1) Communication.--The term ``communication'' includes 
        wire communication and electronic communication.
            ((2) Decrypt; decryption.--The terms ``decrypt'' and 
        ``decryption'' refer to the electronic retransformation of 
        communications or electronically stored information that has 
        been encrypted into the original form of the communication or 
        information.
            ((3) Electronic communication.--The term ``electronic 
        communication'' has the meaning given such term in section 2510 
        of title 18, United States Code.
            ((4) Encrypt; encryption.--The terms ``encrypt'' and 
        ``encryption'' have the meanings given such terms in section 
        2801 of title 18, United States Code (as added by section 2 of 
        this Act).
            ((5) Encryption product.--The term ``encryption product'' 
        means any product, software, or technology that can be used to 
        encrypt and decrypt communications or electronic information 
        and any product, software, or technology with encryption 
        capabilities;
            ((6) Wire communication.--The term ``wire communication'' 
        has the meaning given such term in section 3 of the 
        Communications Act of 1934 (47 U.S.C. 153).

(SEC. 5. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

    ((a) Collection of Information by Attorney General.--The Attorney 
General shall compile, and maintain in classified form, data on the 
instances in which encryption (as defined in section 2801 of title 18, 
United States Code) has interfered with, impeded, or obstructed the 
ability of the Department of Justice to enforce the criminal laws of 
the United States.
    ((b) Availability of Information to the Congress.--The information 
compiled under subsection (a), including an unclassified summary 
thereof, shall be made available, upon request, to any Member of 
Congress.)
            Amend the title so as to read: ``A bill to amend title 18, 
        United States Code, to affirm the rights of United States 
        persons to use and sell encryption.''.