[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[H.R. 850 Reported in House (RH)]





                                                 Union Calendar No. 149

106th CONGRESS

  1st Session

                               H. R. 850

             [Report No. 106-117, Parts I, II, III, IV, V]

_______________________________________________________________________

                                 A BILL

 To amend title 18, United States Code, to affirm the rights of United 
States persons to use and sell encryption and to relax export controls 
                             on encryption.

_______________________________________________________________________

                             July 23, 1999

     Reported from the Committee on Armed Services with amendments

                             July 23, 1999

 Reported from the Permanent Select Committee on Intelligence with an 
 amendment, committed to the Committee of the Whole House on the State 
                of the Union, and ordered to be printed
                                                 Union Calendar No. 149
106th CONGRESS
  1st Session
                                H. R. 850

             [Report No. 106-117, Parts I, II, III, IV, V]

 To amend title 18, United States Code, to affirm the rights of United 
States persons to use and sell encryption and to relax export controls 
                             on encryption.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           February 25, 1999

  Mr. Goodlatte (for himself, Ms. Lofgren, Mr. Armey, Mr. DeLay, Mr. 
 Watts of Oklahoma, Mr. Davis of Virginia, Mr. Cox, Ms. Pryce of Ohio, 
Mr. Blunt, Mr. Gephardt, Mr. Bonior, Mr. Frost, Ms. DeLauro, Mr. Lewis 
of Georgia, Mr. Gejdenson, Mr. Sensenbrenner, Mr. Gekas, Mr. Coble, Mr. 
   Smith of Texas, Mr. Gallegly, Mr. Bryant, Mr. Chabot, Mr. Barr of 
 Georgia, Mr. Hutchinson, Mr. Pease, Mr. Cannon, Mr. Rogan, Mrs. Bono, 
 Mr. Bachus, Mr. Conyers, Mr. Frank of Massachusetts, Mr. Boucher, Mr. 
Nadler, Ms. Jackson-Lee of Texas, Ms. Waters, Mr. Meehan, Mr. Delahunt, 
 Mr. Wexler, Mr. Ackerman, Mr. Andrews, Mr. Archer, Mr. Ballenger, Mr. 
 Barcia, Mr. Barrett of Nebraska, Mr. Barrett of Wisconsin, Mr. Barton 
of Texas, Mr. Bilbray, Mr. Blumenauer, Mr. Boehner, Mr. Brady of Texas, 
     Mr. Brady of Pennsylvania, Ms. Brown of Florida, Mr. Brown of 
  California, Mr. Burr of North Carolina, Mr. Burton of Indiana, Mr. 
  Camp, Mr. Campbell, Mrs. Capps, Mr. Chambliss, Mrs. Chenoweth, Mrs. 
  Christian-Christensen, Mrs. Clayton, Mr. Clement, Mr. Clyburn, Mr. 
     Collins, Mr. Cook, Mr. Cooksey, Mrs. Cubin, Mr. Cummings, Mr. 
 Cunningham, Mr. Davis of Illinois, Mr. Deal of Georgia, Mr. DeFazio, 
 Mr. Deutsch, Mr. Dickey, Mr. Dooley of California, Mr. Doolittle, Mr. 
Doyle, Mr. Dreier, Mr. Duncan, Ms. Dunn, Mr. Ehlers, Mrs. Emerson, Mr. 
English, Ms. Eshoo, Mr. Ewing, Mr. Farr of California, Mr. Filner, Mr. 
 Ford, Mr. Fossella, Mr. Franks of New Jersey, Mr. Gillmor, Mr. Goode, 
 Mr. Goodling, Mr. Gordon, Mr. Green of Texas, Mr. Gutknecht, Mr. Hall 
of Texas, Mr. Hastings of Washington, Mr. Herger, Mr. Hill of Montana, 
 Mr. Hobson, Mr. Hoekstra, Mr. Holden, Ms. Hooley of Oregon, Mr. Horn, 
  Mr. Houghton, Mr. Inslee, Mr. Istook, Mr. Jackson of Illinois, Mr. 
    Jefferson, Ms. Eddie Bernice Johnson of Texas, Mrs. Johnson of 
Connecticut, Mr. Kanjorski, Mr. Kasich, Mrs. Kelly, Ms. Kikpatrick, Mr. 
   Kind, Mr. Kingston, Mr. Knollenberg, Mr. Kolbe, Mr. Lampson, Mr. 
 Largent, Mr. Latham, Ms. Lee, Mr. Lewis of Kentucky, Mr. Linder, Mr. 
Lucas of Oklahoma, Mr. Luther, Ms. McCarthy of Missouri, Mr. McDermott, 
 Mr. McGovern, Mr. McIntosh, Mr. Maloney of Connecticut, Mr. Manzullo, 
    Mr. Markey, Mr. Martinez, Mr. Matsui, Mrs. Meek of Florida, Mr. 
    Metcalf, Mr. Mica, Ms. Millender-McDonald, Mr. George Miller of 
  California, Mr. Moakley, Mr. Moran of Virginia, Mrs. Morella, Mrs. 
Myrick, Mrs. Napolitano, Mr. Neal of Massachusetts, Mr. Nethercutt, Mr. 
 Norwood, Mr. Nussle, Mr. Olver, Mr. Packard, Mr. Pallone, Mr. Pastor, 
 Mr. Peterson of Minnesota, Mr. Pickering, Mr. Pombo, Mr. Pomeroy, Mr. 
  Price of North Carolina, Mr. Quinn, Mr. Radanovich, Mr. Rahall, Mr. 
 Rangel, Mr. Reynolds, Ms. Rivers, Mr. Rohrabacher, Ms. Ros-Lehtinen, 
   Mr. Rush, Mr. Salmon, Ms. Sanchez, Mr. Sanders, Mr. Sanford, Mr. 
 Scarborough, Mr. Schaffer, Mr. Sessions, Mr. Shays, Mr. Sherman, Mr. 
Shimkus, Mr. Smith of Washington, Mr. Smith of New Jersey, Mr. Souder, 
  Ms. Stabenow, Mr. Stark, Mr. Sununu, Mr. Tanner, Mrs. Tauscher, Mr. 
   Tauzin, Mr. Taylor of North Carolina, Mr. Thomas, Mr. Thompson of 
Mississippi, Mr. Thune, Mr. Tiahrt, Mr. Tierney, Mr. Upton, Mr. Vento, 
   Mr. Walsh, Mr. Wamp, Mr. Watkins, Mr. Weller, Mr. Whitfield, Mr. 
 Wicker, Ms. Woolsey, and Mr. Wu) introduced the following bill; which 
was referred to the Committee on the Judiciary, and in addition to the 
 Committee on International Relations, for a period to be subsequently 
   determined by the Speaker, in each case for consideration of such 
 provisions as fall within the jurisdiction of the committee concerned

                             April 27, 1999

              Reported from the Committee on the Judiciary

                             April 27, 1999

  Referral to the Committee on International Relations extended for a 
               period ending not later than July 2, 1999

                             April 27, 1999

   Referred to the Committees on Armed Services and Commerce and the 
  Permanent Select Committee on Intelligence for a period ending not 
                        later than July 2, 1999

                              July 2, 1999

       Reported from the Committee on Commerce with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

                              July 2, 1999

  Referral to the Committee on International Relations extended for a 
               period ending not later than July 16, 1999

                              July 2, 1999

 Referral to the Committee on Armed Services and the Permanent Select 
 Committee on Intelligence extended for a period ending not later than 
                             July 23, 1999

                             July 16, 1999

  Referral to the Committee on International Relations extended for a 
               period ending not later than July 19, 1999

                             July 19, 1999

    Reported from the Committee on International Relations with an 
                               amendment
 [Strike out all after the enacting clause and insert the part printed 
                           in boldface roman]

                             July 23, 1999

     Reported from the Committee on Armed Services with amendments
 [Strike out all after the enacting clause and insert the part printed 
                      in italic and bold brackets]

                             July 23, 1999

   Additional sponsors: Mr. Hall of Ohio, Mr. Forbes, Mr. Holt, Mr. 
Gibbons, Mr. Calvert, Ms. Slaughter, Mr. Bonilla, Mr. Diaz-Balart, Mr. 
Engel, Mr. Hilliard, Mr. King, Mr. LaHood, Ms. McKinney, Mr. Ney, Mrs. 
   Northup, Mr. Riley, Mr. Serrano, Mr. Stenholm, Mr. Tancredo, Mr. 
 Hansen, Mr. Moran of Kansas, Mr. Sam Johnson of Texas, Mr. Hilleary, 
Mr. Gary Miller of California, Ms. Norton, Mr. Sweeney, Mr. Baker, Mr. 
   Crane, Mr. McInnis, Mr. Weldon of Florida, Mr. Wise, Mr. Ose, Mr. 
 Baldacci, Mr. Minge, Mr. Underwood, Mr. DeMint, Mr. Walden of Oregon, 
Mr. Hayes, Mr. Foley, Mr. Terry, Mr. Shows, Mr. Ryan of Wisconsin, Mr. 
   Etheridge, Mr. Watt of North Carolina, Mr. Crowley, Mr. Udall of 
Colorado, Mr. Hoeffel, Mr. Fletcher, Mr. Baird, Mr. Talent, Mr. Kennedy 
of Rhode Island, Mr. Udall of New Mexico, Mr. Sawyer, Mr. Menendez, and 
                              Mr. Hinchey
 Deleted sponsors: Mr. Holden (added February 25, 1999; deleted April 
 21, 1999), and Mr. Hastings of Florida (added March 16, 1999; deleted 
                             June 10, 1999)

                             July 23, 1999

 Reported from the Permanent Select Committee on Intelligence with an 
 amendment, committed to the Committee of the Whole House on the State 
                of the Union, and ordered to be printed
 [Strike out all after the enacting clause and insert the part printed 
                          in boldface italic]

_______________________________________________________________________

                                 A BILL


 
 To amend title 18, United States Code, to affirm the rights of United 
States persons to use and sell encryption and to relax export controls 
                             on encryption.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Security And Freedom 
through Encryption (SAFE) Act''.</DELETED>

<DELETED>SEC. 2. SALE AND USE OF ENCRYPTION.</DELETED>

<DELETED>    (a) In General.--Part I of title 18, United States Code, 
is amended by inserting after chapter 123 the following new 
chapter:</DELETED>

         <DELETED>``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC 
                         INFORMATION</DELETED>

<DELETED>``Sec.
<DELETED>``2801. Definitions.
<DELETED>``2802. Freedom to use encryption.
<DELETED>``2803. Freedom to sell encryption.
<DELETED>``2804. Prohibition on mandatory key escrow.
<DELETED>``2805. Unlawful use of encryption in furtherance of a 
                            criminal act.
<DELETED>``Sec. 2801. Definitions</DELETED>
<DELETED>    ``As used in this chapter--</DELETED>
        <DELETED>    ``(1) the terms `person', `State', `wire 
        communication', `electronic communication', `investigative or 
        law enforcement officer', and `judge of competent jurisdiction' 
        have the meanings given those terms in section 2510 of this 
        title;</DELETED>
        <DELETED>    ``(2) the term `decrypt' means to retransform or 
        unscramble encrypted data, including communications, to its 
        readable form;</DELETED>
        <DELETED>    ``(3) the terms `encrypt', `encrypted', and 
        `encryption' mean the scrambling of wire communications, 
        electronic communications, or electronically stored 
        information, using mathematical formulas or algorithms in order 
        to preserve the confidentiality, integrity, or authenticity of, 
        and prevent unauthorized recipients from accessing or altering, 
        such communications or information;</DELETED>
        <DELETED>    ``(4) the term `key' means the variable 
        information used in a mathematical formula, code, or algorithm, 
        or any component thereof, used to decrypt wire communications, 
        electronic communications, or electronically stored 
        information, that has been encrypted; and</DELETED>
        <DELETED>    ``(5) the term `key recovery information' means 
        information that would enable obtaining the key of a user of 
        encryption;</DELETED>
        <DELETED>    ``(6) the term `plaintext access capability' means 
        any method or mechanism which would provide information in 
        readable form prior to its being encrypted or after it has been 
        decrypted;</DELETED>
        <DELETED>    ``(7) the term `United States person' means--
        </DELETED>
                <DELETED>    ``(A) any United States citizen;</DELETED>
                <DELETED>    ``(B) any other person organized under the 
                laws of any State, the District of Columbia, or any 
                commonwealth, territory, or possession of the United 
                States; and</DELETED>
                <DELETED>    ``(C) any person organized under the laws 
                of any foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).</DELETED>
<DELETED>``Sec. 2802. Freedom to use encryption</DELETED>
<DELETED>    ``Subject to section 2805, it shall be lawful for any 
person within any State, and for any United States person in a foreign 
country, to use any encryption, regardless of the encryption algorithm 
selected, encryption key length chosen, or implementation technique or 
medium used.</DELETED>
<DELETED>``Sec. 2803. Freedom to sell encryption</DELETED>
<DELETED>    ``Subject to section 2805, it shall be lawful for any 
person within any State to sell in interstate commerce any encryption, 
regardless of the encryption algorithm selected, encryption key length 
chosen, or implementation technique or medium used.</DELETED>
<DELETED>``Sec. 2804. Prohibition on mandatory key escrow</DELETED>
<DELETED>    ``(a) General Prohibition.--Neither the Federal Government 
nor a State may require that, or condition any approval on a 
requirement that, a key, access to a key, key recovery information, or 
any other plaintext access capability be--</DELETED>
        <DELETED>    ``(1) built into computer hardware or software for 
        any purpose;</DELETED>
        <DELETED>    ``(2) given to any other person, including a 
        Federal Government agency or an entity in the private sector 
        that may be certified or approved by the Federal Government or 
        a State to receive it; or</DELETED>
        <DELETED>    ``(3) retained by the owner or user of an 
        encryption key or any other person, other than for encryption 
        products for use by the Federal Government or a 
        State.</DELETED>
<DELETED>    ``(b) Prohibition on Linkage of Different Uses of 
Encryption.--Neither the Federal Government nor a State may--</DELETED>
        <DELETED>    ``(1) require the use of encryption products, 
        standards, or services used for confidentiality purposes, as a 
        condition of the use of such products, standards, or services 
        for authenticity or integrity purposes; or</DELETED>
        <DELETED>    ``(2) require the use of encryption products, 
        standards, or services used for authenticity or integrity 
        purposes, as a condition of the use of such products, 
        standards, or services for confidentiality purposes.</DELETED>
<DELETED>    ``(c) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or 
law enforcement officer, or any member of the intelligence community as 
defined in section 3 of the National Security Act of 1947 (50 U.S.C. 
401a), acting under any law in effect on the effective date of this 
chapter, to gain access to encrypted communications or 
information.</DELETED>
<DELETED>``Sec. 2805. Unlawful use of encryption in furtherance of a 
              criminal act</DELETED>
<DELETED>    ``(a) Encryption of Incriminating Communications or 
Information Unlawful.--Any person who, in the commission of a felony 
under a criminal statute of the United States, knowingly and willfully 
encrypts incriminating communications or information relating to that 
felony with the intent to conceal such communications or information 
for the purpose of avoiding detection by law enforcement agencies or 
prosecution--</DELETED>
        <DELETED>    ``(1) in the case of a first offense under this 
        section, shall be imprisoned for not more than 5 years, or 
        fined in the amount set forth in this title, or both; 
        and</DELETED>
        <DELETED>    ``(2) in the case of a second or subsequent 
        offense under this section, shall be imprisoned for not more 
        than 10 years, or fined in the amount set forth in this title, 
        or both.</DELETED>
<DELETED>    ``(b) Use of Encryption Not a Basis for Probable Cause.--
The use of encryption by any person shall not be the sole basis for 
establishing probable cause with respect to a criminal offense or a 
search warrant.''.</DELETED>
<DELETED>    (b) Conforming Amendment.--The table of chapters for part 
I of title 18, United States Code, is amended by inserting after the 
item relating to chapter 123 the following new item:</DELETED>

<DELETED>``125. Encrypted wire and electronic information...    2801''.

<DELETED>SEC. 3. EXPORTS OF ENCRYPTION.</DELETED>

<DELETED>    (a) Amendment to Export Administration Act of 1979.--
Section 17 of the Export Administration Act of 1979 (50 U.S.C. App. 
2416) is amended by adding at the end thereof the following new 
subsection:</DELETED>
<DELETED>    ``(g) Certain Consumer Products, Computers, and Related 
Equipment.--</DELETED>
        <DELETED>    ``(1) General rule.--Subject to paragraphs (2) and 
        (3), the Secretary shall have exclusive authority to control 
        exports of all computer hardware, software, computing devices, 
        customer premises equipment, communications network equipment, 
        and technology for information security (including encryption), 
        except that which is specifically designed or modified for 
        military use, including command, control, and intelligence 
        applications.</DELETED>
        <DELETED>    ``(2) Items not requiring licenses.--After a one-
        time, 15-day technical review by the Secretary, no export 
        license may be required, except pursuant to the Trading with 
        the enemy Act or the International Emergency Economic Powers 
        Act (but only to the extent that the authority of such Act is 
        not exercised to extend controls imposed under this Act), for 
        the export or reexport of--</DELETED>
                <DELETED>    ``(A) any computer hardware or software or 
                computing device, including computer hardware or 
                software or computing devices with encryption 
                capabilities--</DELETED>
                        <DELETED>    ``(i) that is generally 
                        available;</DELETED>
                        <DELETED>    ``(ii) that is in the public 
                        domain for which copyright or other protection 
                        is not available under title 17, United States 
                        Code, or that is available to the public 
                        because it is generally accessible to the 
                        interested public in any form; or</DELETED>
                        <DELETED>    ``(iii) that is used in a 
                        commercial, off-the-shelf, consumer product or 
                        any component or subassembly designed for use 
                        in such a consumer product available within the 
                        United States or abroad which--</DELETED>
                                <DELETED>    ``(I) includes encryption 
                                capabilities which are inaccessible to 
                                the end user; and</DELETED>
                                <DELETED>    ``(II) is not designed for 
                                military or intelligence end 
                                use;</DELETED>
                <DELETED>    ``(B) any computing device solely because 
                it incorporates or employs in any form--</DELETED>
                        <DELETED>    ``(i) computer hardware or 
                        software (including computer hardware or 
                        software with encryption capabilities) that is 
                        exempted from any requirement for a license 
                        under subparagraph (A); or</DELETED>
                        <DELETED>    ``(ii) computer hardware or 
                        software that is no more technically complex in 
                        its encryption capabilities than computer 
                        hardware or software that is exempted from any 
                        requirement for a license under subparagraph 
                        (A) but is not designed for installation by the 
                        purchaser;</DELETED>
                <DELETED>    ``(C) any computer hardware or software or 
                computing device solely on the basis that it 
                incorporates or employs in any form interface 
                mechanisms for interaction with other computer hardware 
                or software or computing devices, including computer 
                hardware and software and computing devices with 
                encryption capabilities;</DELETED>
                <DELETED>    ``(D) any computing or telecommunication 
                device which incorporates or employs in any form 
                computer hardware or software encryption capabilities 
                which--</DELETED>
                        <DELETED>    ``(i) are not directly available 
                        to the end user; or</DELETED>
                        <DELETED>    ``(ii) limit the encryption to be 
                        point-to-point from the user to a central 
                        communications point or link and does not 
                        enable end-to-end user encryption;</DELETED>
                <DELETED>    ``(E) technical assistance and technical 
                data used for the installation or maintenance of 
                computer hardware or software or computing devices with 
                encryption capabilities covered under this subsection; 
                or</DELETED>
                <DELETED>    ``(F) any encryption hardware or software 
                or computing device not used for confidentiality 
                purposes, such as authentication, integrity, electronic 
                signatures, nonrepudiation, or copy 
                protection.</DELETED>
        <DELETED>    ``(3) Computer hardware or software or computing 
        devices with encryption capabilities.--After a one-time, 15-day 
        technical review by the Secretary, the Secretary shall 
        authorize the export or reexport of computer hardware or 
        software or computing devices with encryption capabilities for 
        nonmilitary end uses in any country--</DELETED>
                <DELETED>    ``(A) to which exports of computer 
                hardware or software or computing devices of comparable 
                strength are permitted for use by financial 
                institutions not controlled in fact by United States 
                persons, unless there is substantial evidence that such 
                computer hardware or software or computing devices will 
                be--</DELETED>
                        <DELETED>    ``(i) diverted to a military end 
                        use or an end use supporting international 
                        terrorism;</DELETED>
                        <DELETED>    ``(ii) modified for military or 
                        terrorist end use; or</DELETED>
                        <DELETED>    ``(iii) reexported without any 
                        authorization by the United States that may be 
                        required under this Act; or</DELETED>
                <DELETED>    ``(B) if the Secretary determines that a 
                computer hardware or software or computing device 
                offering comparable security is commercially available 
                outside the United States from a foreign supplier, 
                without effective restrictions.</DELETED>
        <DELETED>    ``(4) Definitions.--As used in this subsection--
        </DELETED>
                <DELETED>    ``(A)(i) the term `encryption' means the 
                scrambling of wire communications, electronic 
                communications, or electronically stored information, 
                using mathematical formulas or algorithms in order to 
                preserve the confidentiality, integrity, or 
                authenticity of, and prevent unauthorized recipients 
                from accessing or altering, such communications or 
                information;</DELETED>
                <DELETED>    ``(ii) the terms `wire communication' and 
                `electronic communication' have the meanings given 
                those terms in section 2510 of title 18, United States 
                Code;</DELETED>
                <DELETED>    ``(B) the term `generally available' 
                means, in the case of computer hardware or computer 
                software (including computer hardware or computer 
                software with encryption capabilities)--</DELETED>
                        <DELETED>    ``(i) computer hardware or 
                        computer software that is--</DELETED>
                                <DELETED>    ``(I) distributed through 
                                the Internet;</DELETED>
                                <DELETED>    ``(II) offered for sale, 
                                license, or transfer to any person 
                                without restriction, whether or not for 
                                consideration, including, but not 
                                limited to, over-the-counter retail 
                                sales, mail order transactions, phone 
                                order transactions, electronic 
                                distribution, or sale on 
                                approval;</DELETED>
                                <DELETED>    ``(III) preloaded on 
                                computer hardware or computing devices 
                                that are widely available for sale to 
                                the public; or</DELETED>
                                <DELETED>    ``(IV) assembled from 
                                computer hardware or computer software 
                                components that are widely available 
                                for sale to the public;</DELETED>
                        <DELETED>    ``(ii) not designed, developed, or 
                        tailored by the manufacturer for specific 
                        purchasers or users, except that any such 
                        purchaser or user may--</DELETED>
                                <DELETED>    ``(I) supply certain 
                                installation parameters needed by the 
                                computer hardware or software to 
                                function properly with the computer 
                                system of the user or purchaser; 
                                or</DELETED>
                                <DELETED>    ``(II) select from among 
                                options contained in the computer 
                                hardware or computer software; 
                                and</DELETED>
                        <DELETED>    ``(iii) with respect to which the 
                        manufacturer of that computer hardware or 
                        computer software--</DELETED>
                                <DELETED>    ``(I) intended for the 
                                user or purchaser, including any 
                                licensee or transferee, to install the 
                                computer hardware or software and has 
                                supplied the necessary instructions to 
                                do so, except that the manufacturer of 
                                the computer hardware or software, or 
                                any agent of such manufacturer, may 
                                also provide telephone or electronic 
                                mail help line services for 
                                installation, electronic transmission, 
                                or basic operations; and</DELETED>
                                <DELETED>    ``(II) the computer 
                                hardware or software is designed for 
                                such installation by the user or 
                                purchaser without further substantial 
                                support by the manufacturer;</DELETED>
                <DELETED>    ``(C) the term `computing device' means a 
                device which incorporates one or more microprocessor-
                based central processing units that can accept, store, 
                process, or provide output of data;</DELETED>
                <DELETED>    ``(D) the term `computer hardware' 
                includes, but is not limited to, computer systems, 
                equipment, application-specific assemblies, smart 
                cards, modules, integrated circuits, and printed 
                circuit board assemblies;</DELETED>
                <DELETED>    ``(E) the term `customer premises 
                equipment' means equipment employed on the premises of 
                a person to originate, route, or terminate 
                communications;</DELETED>
                <DELETED>    ``(F) the term `technical assistance' 
                includes instruction, skills training, working 
                knowledge, consulting services, and the transfer of 
                technical data;</DELETED>
                <DELETED>    ``(G) the term `technical data' includes 
                blueprints, plans, diagrams, models, formulas, tables, 
                engineering designs and specifications, and manuals and 
                instructions written or recorded on other media or 
                devices such as disks, tapes, or read-only memories; 
                and</DELETED>
                <DELETED>    ``(H) the term `technical review' means a 
                review by the Secretary of computer hardware or 
                software or computing devices with encryption 
                capabilities, based on information about the product's 
                encryption capabilities supplied by the manufacturer, 
                that the computer hardware or software or computing 
                device works as represented.''.</DELETED>
<DELETED>    (b) No Reinstatement of Export Controls on Previously 
Decontrolled Products.--Any encryption product not requiring an export 
license as of the date of enactment of this Act, as a result of 
administrative decision or rulemaking, shall not require an export 
license on or after such date of enactment.</DELETED>
<DELETED>    (c) Applicability of Certain Export Controls.--</DELETED>
        <DELETED>    (1) In general.--Nothing in this Act shall limit 
        the authority of the President under the International 
        Emergency Economic Powers Act, the Trading with the enemy Act, 
        or the Export Administration Act of 1979, to--</DELETED>
                <DELETED>    (A) prohibit the export of encryption 
                products to countries that have been determined to 
                repeatedly provide support for acts of international 
                terrorism; or</DELETED>
                <DELETED>    (B) impose an embargo on exports to, and 
                imports from, a specific country.</DELETED>
        <DELETED>    (2) Specific denials.--The Secretary may prohibit 
        the export of specific encryption products to an individual or 
        organization in a specific foreign country identified by the 
        Secretary, if the Secretary determines that there is 
        substantial evidence that such encryption products will be used 
        for military or terrorist end-use.</DELETED>
        <DELETED>    (3) Definition.--As used in this subsection and 
        subsection (b), the term ``encryption'' has the meaning given 
        that term in section 17(g)(5)(A) of the Export Administration 
        Act of 1979, as added by subsection (a) of this 
        section.</DELETED>
<DELETED>    (d) Continuation of Export Administration Act.--For 
purposes of carrying out the amendment made by subsection (a), the 
Export Administration Act of 1979 shall be deemed to be in 
effect.</DELETED>

<DELETED>SEC. 4. EFFECT ON LAW ENFORCEMENT ACTIVITIES.</DELETED>

<DELETED>    (a) Collection of Information by Attorney General.--The 
Attorney General shall compile, and maintain in classified form, data 
on the instances in which encryption (as defined in section 2801 of 
title 18, United States Code) has interfered with, impeded, or 
obstructed the ability of the Department of Justice to enforce the 
criminal laws of the United States.</DELETED>
<DELETED>    (b) Availability of Information to the Congress.--The 
information compiled under subsection (a), including an unclassified 
summary thereof, shall be made available, upon request, to any Member 
of Congress.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Security And Freedom through 
Encryption (SAFE) Act''.

SEC. 2. DEFINITIONS.

    For purposes of this Act, the following definitions shall apply:
            (1) Computer hardware.--The term ``computer hardware'' 
        includes computer systems, equipment, application-specific 
        assemblies, smart cards, modules, integrated circuits, printed 
        circuit board assemblies, and devices that incorporate 1 or 
        more microprocessor-based central processing units that are 
        capable of accepting, storing, processing, or providing output 
        of data.
            (2) Encrypt and encryption.--The terms ``encrypt'' and 
        ``encryption'' means the scrambling (and descrambling) of wire 
        communications, electronic communications, or electronically 
        stored information, using mathematical formulas or algorithms 
        to preserve the confidentiality, integrity, or authenticity of, 
        and prevent unauthorized recipients from accessing or altering, 
        such communications or information.
            (3) Encryption product.--The term ``encryption product''--
                    (A) means computer hardware, computer software, or 
                technology with encryption capabilities; and
                    (B) includes any subsequent version of or update to 
                an encryption product, if the encryption capabilities 
                are not changed.
            (4) Key.--The term ``key'' means the variable information 
        used in a mathematical formula, code, or algorithm, or any 
        component thereof, used to decrypt wire communications, 
        electronic communications, or electronically stored 
        information, that has been encrypted.
            (5) Key recovery information.--The term ``key recovery 
        information'' means information that would enable obtaining the 
        key of a user of encryption.
            (6) Person.--The term ``person'' has the meaning given the 
        term in section 2510 of title 18, United States Code.
            (7) Secretary.--The term ``Secretary'' means the Secretary 
        of Commerce.
            (8) State.--The term ``State'' means any State of the 
        United States and includes the District of Columbia and any 
        commonwealth, territory, or possessions of the United States.
            (9) United states person.--The term ``United States 
        person'' means any--
                    (A) United States citizen; or
                    (B) legal entity that--
                            (i) is organized under the laws of the 
                        United States, or any States, the District of 
                        Columbia, or any commonwealth, territory, or 
                        possession of the United States; and
                            (ii) has its principal place of business in 
                        the United States.
            (10) Wire communication; electronic communication.--The 
        terms ``wire communication'' and ``electronic communication'' 
        have the meanings given such terms in section 2510 of title 18, 
        United States Code.

SEC. 3. ENSURING DEVELOPMENT AND DEPLOYMENT OF ENCRYPTION IS A 
              VOLUNTARY PRIVATE SECTOR ACTIVITY.

    (a) Statement of Policy.--It is the policy of the United States 
that the use, development, manufacture, sale, distribution, and 
importation of encryption products, standards, and services for 
purposes of assuring the confidentiality, authenticity, or integrity of 
electronic information shall be voluntary and market driven.
    (b) Limitation on Regulation.--Neither the Federal Government nor a 
State may establish any conditions, ties, or links between encryption 
products, standards, and services used for confidentiality, and those 
used for authenticity or integrity purposes.

SEC. 4. PROTECTION OF DOMESTIC SALE AND USE OF ENCRYPTION.

    Except as otherwise provided by this Act, it is lawful for any 
person within any State, and for any United States person in a foreign 
country, to develop, manufacture, sell, distribute, import, or use any 
encryption product, regardless of the encryption algorithm selected, 
encryption key length chosen, existence of key recovery, or other 
plaintext access capability, or implementation or medium used.

SEC. 5. PROHIBITION ON MANDATORY GOVERNMENT ACCESS TO PLAINTEXT.

    (a) In General.--No department, agency, or instrumentality of the 
United States or of any State may require that, set standards for, 
condition any approval on, create incentives for, or tie any benefit to 
a requirement that, a decryption key, access to a key, key recovery 
information, or any other plaintext access capability be--
            (1) required to be built into computer hardware or software 
        for any purpose;
            (2) given to any other person (including a department, 
        agency, or instrumentality of the United States or an entity in 
        the private sector that may be certified or approved by the 
        United States or a State); or
            (3) retained by the owner or user of an encryption key or 
        any other person, other than for encryption products for the 
        use of the United States Government or a State government.
    (b) Protection of Existing Access.--Subsection (a) does not affect 
the authority of any investigative or law enforcement officer, or any 
member of the intelligence community (as defined in section 3 of the 
National Security Act of 1947 (50 U.S.C. 401a)), acting under any law 
in effect on the date of the enactment of this Act, to gain access to 
encrypted communications or information.

SEC. 6. UNLAWFUL USE OF ENCRYPTION IN FURTHERANCE OF A CRIMINAL ACT.

    (a) Encryption of Incriminating Communications or Information 
Unlawful.--Any person who, in the commission of a felony under a 
criminal statute of the United States, knowingly and willfully encrypts 
incriminating communications or information relating to that felony 
with the intent to conceal such communications or information for the 
purpose of avoiding detection by law enforcement agencies or 
prosecution--
            (1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 5 years, or fined under 
        title 18, United States Code, or both; and
            (2) in the case of a second or subsequent offense under 
        this section, shall be imprisoned for not more than 10 years, 
        or fined under title 18, United States Code, or both.
    (b) Use of Encryption Not a Basis for Probable Cause.--The use of 
encryption by any person shall not be the sole basis for establishing 
probable cause with respect to a criminal offense or a search warrant.

SEC. 7. EXPORTS OF ENCRYPTION.

    (a) Amendment to Export Administration Act of 1979.--Section 17 of 
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended 
by adding at the end the following new subsection:
    ``(g) Certain Consumer Products, Computers, and Related 
Equipment.--
            ``(1) General rule.--Subject to paragraphs (2), (3), and 
        (4), the Secretary shall have exclusive authority to control 
        exports of all computer hardware, software, computing devices, 
        customer premises equipment, communications network equipment, 
        and technology for information security (including encryption), 
        except that which is specifically designed or modified for 
        military use, including command, control, and intelligence 
        applications.
            ``(2) Critical infrastructure protection products.--
                    ``(A) Identification.--Not later than 90 days after 
                the date of the enactment of the Security And Freedom 
                through Encryption (SAFE) Act, the Assistant Secretary 
                of Commerce for Communications and Information and the 
                National Telecommunications and Information 
                Administration shall issue regulations that identify, 
                define, or determine which products and equipment 
                described in paragraph (1) are designed for improvement 
                of network security, network reliability, or data 
                security.
                    ``(B) NTIA responsibility.--Not later than the 
                expiration of the 2-year period beginning on the date 
                of the enactment of the Security And Freedom through 
                Encryption (SAFE) Act, all authority of the Secretary 
                under this subsection and all determinations and 
                reviews required by this section, with respect to 
                products and equipment described in paragraph (1) that 
                are designed for improvement of network security, 
                network reliability, or data security through the use 
                of encryption, shall be exercised through and made by 
                the Assistant Secretary of Commerce for Communications 
                and Information and the National Telecommunications and 
                Information Administration. The Secretary may, at any 
                time, assign to the Assistant Secretary and the NTIA 
                authority of the Secretary under this section with 
                respect to other products and equipment described in 
                paragraph (1).
            ``(3) Items not requiring licenses.--After a one-time 
        technical review by the Secretary of not more than 30 working 
        days, which shall include consultation with the Secretary of 
        Defense, the Secretary of State, the Attorney General, and the 
        Director of Central Intelligence, no export license may be 
        required, except pursuant to the Trading with the Enemy Act or 
        the International Emergency Economic Powers Act (but only to 
        the extent that the authority of such Act is not exercised to 
        extend controls imposed under this Act), for the export or 
        reexport of--
                    ``(A) any computer hardware or software or 
                computing device, including computer hardware or 
                software or computing devices with encryption 
                capabilities--
                            ``(i) that is generally available;
                            ``(ii) that is in the public domain for 
                        which copyright or other protection is not 
                        available under title 17, United States Code, 
                        or that is available to the public because it 
                        is generally accessible to the interested 
                        public in any form; or
                            ``(iii) that is used in a commercial, off-
                        the-shelf, consumer product or any component or 
                        subassembly designed for use in such a consumer 
                        product available within the United States or 
                        abroad which--
                                    ``(I) includes encryption 
                                capabilities which are inaccessible to 
                                the end user; and
                                    ``(II) is not designed for military 
                                or intelligence end use;
                    ``(B) any computing device solely because it 
                incorporates or employs in any form--
                            ``(i) computer hardware or software 
                        (including computer hardware or software with 
                        encryption capabilities) that is exempted from 
                        any requirement for a license under 
                        subparagraph (A); or
                            ``(ii) computer hardware or software that 
                        is no more technically complex in its 
                        encryption capabilities than computer hardware 
                        or software that is exempted from any 
                        requirement for a license under subparagraph 
                        (A) but is not designed for installation by the 
                        purchaser;
                    ``(C) any computer hardware or software or 
                computing device solely on the basis that it 
                incorporates or employs in any form interface 
                mechanisms for interaction with other computer hardware 
                or software or computing devices, including computer 
                hardware and software and computing devices with 
                encryption capabilities;
                    ``(D) any computing or telecommunication device 
                which incorporates or employs in any form computer 
                hardware or software encryption capabilities which--
                            ``(i) are not directly available to the end 
                        user; or
                            ``(ii) limit the encryption to be point-to-
                        point from the user to a central communications 
                        point or link and does not enable end-to-end 
                        user encryption;
                    ``(E) technical assistance and technical data used 
                for the installation or maintenance of computer 
                hardware or software or computing devices with 
                encryption capabilities covered under this subsection; 
                or
                    ``(F) any encryption hardware or software or 
                computing device not used for confidentiality purposes, 
                such as authentication, integrity, electronic 
                signatures, nonrepudiation, or copy protection.
            ``(4) Computer hardware or software or computing devices 
        with encryption capabilities.--After a one-time technical 
        review by the Secretary of not more than 30 working days, which 
        shall include consultation with the Secretary of Defense, the 
        Secretary of State, the Attorney General, and the Director of 
        Central Intelligence, the Secretary shall authorize the export 
        or reexport of computer hardware or software or computing 
        devices with encryption capabilities for nonmilitary end uses 
        in any country--
                    ``(A) to which exports of computer hardware or 
                software or computing devices of comparable strength 
                are permitted for use by financial institutions not 
                controlled in fact by United States persons, unless 
                there is substantial evidence that such computer 
                hardware or software or computing devices will be--
                            ``(i) diverted to a military end use or an 
                        end use supporting international terrorism;
                            ``(ii) modified for military or terrorist 
                        end use;
                            ``(iii) reexported without any 
                        authorization by the United States that may be 
                        required under this Act; or
                            ``(iv)(I) harmful to the national security 
                        of the United States, including capabilities of 
                        the United States in fighting drug trafficking, 
                        terrorism, or espionage, (II) used in illegal 
                        activities involving the sexual exploitation 
                        of, abuse of, or sexually explicit conduct with 
                        minors (including activities in violation of 
                        chapter 110 of title 18, United States Code, 
                        and section 2423 of such title), or (III) used 
                        in illegal activities involving organized 
                        crime; or
                    ``(B) if the Secretary determines that a computer 
                hardware or software or computing device offering 
                comparable security is commercially available in such 
                country from a foreign supplier, without effective 
                restrictions.
            ``(5) Definitions.--For purposes of this subsection--
                    ``(A) the term `computer hardware' has the meaning 
                given such term in section 2 of the Security And 
                Freedom through Encryption (SAFE) Act;
                    ``(B) the term `computing device' means a device 
                which incorporates one or more microprocessor-based 
                central processing units that can accept, store, 
                process, or provide output of data;
                    ``(C) the term `customer premises equipment' means 
                equipment employed on the premises of a person to 
                originate, route, or terminate communications;
                    ``(D) the term `data security' means the 
                protection, through techniques used by individual 
                computer and communications users, of data from 
                unauthorized penetration, manipulation, or disclosure;
                    ``(E) the term `encryption' has the meaning given 
                such term in section 2 of the Security And Freedom 
                through Encryption (SAFE) Act;
                    ``(F) the term `generally available' means, in the 
                case of computer hardware or computer software 
                (including computer hardware or computer software with 
                encryption capabilities)--
                            ``(i) computer hardware or computer 
                        software that is--
                                    ``(I) distributed through the 
                                Internet;
                                    ``(II) offered for sale, license, 
                                or transfer to any person without 
                                restriction, whether or not for 
                                consideration, including, but not 
                                limited to, over-the-counter retail 
                                sales, mail order transactions, phone 
                                order transactions, electronic 
                                distribution, or sale on approval;
                                    ``(III) preloaded on computer 
                                hardware or computing devices that are 
                                widely available for sale to the 
                                public; or
                                    ``(IV) assembled from computer 
                                hardware or computer software 
                                components that are widely available 
                                for sale to the public;
                            ``(ii) not designed, developed, or tailored 
                        by the manufacturer for specific purchasers or 
                        users, except that any such purchaser or user 
                        may--
                                    ``(I) supply certain installation 
                                parameters needed by the computer 
                                hardware or software to function 
                                properly with the computer system of 
                                the user or purchaser; or
                                    ``(II) select from among options 
                                contained in the computer hardware or 
                                computer software; and
                            ``(iii) with respect to which the 
                        manufacturer of that computer hardware or 
                        computer software--
                                    ``(I) intended for the user or 
                                purchaser, including any licensee or 
                                transferee, to install the computer 
                                hardware or software and has supplied 
                                the necessary instructions to do so, 
                                except that the manufacturer of the 
                                computer hardware or software, or any 
                                agent of such manufacturer, may also 
                                provide telephone or electronic mail 
                                help line services for installation, 
                                electronic transmission, or basic 
                                operations; and
                                    ``(II) the computer hardware or 
                                software is designed for such 
                                installation by the user or purchaser 
                                without further substantial support by 
                                the manufacturer;
                    ``(G) the term `network reliability' means the 
                prevention, through techniques used by providers of 
                computer and communications services, of the 
                malfunction, and the promotion of the continued 
                operations, of computer or communications network;
                    ``(H) the term `network security' means the 
                prevention, through techniques used by providers of 
                computer and communications services, of unauthorized 
                penetration, manipulation, or disclosure of information 
                of a computer or communications network;
                    ``(I) the term `technical assistance' includes 
                instruction, skills training, working knowledge, 
                consulting services, and the transfer of technical 
                data;
                    ``(J) the term `technical data' includes 
                blueprints, plans, diagrams, models, formulas, tables, 
                engineering designs and specifications, and manuals and 
                instructions written or recorded on other media or 
                devices such as disks, tapes, or read-only memories; 
                and
                    ``(K) the term `technical review' means a review by 
                the Secretary of computer hardware or software or 
                computing devices with encryption capabilities, based 
                on information about the product's encryption 
                capabilities supplied by the manufacturer, that the 
                computer hardware or software or computing device works 
                as represented.''.
    (b) Transfer of Authority to National Telecommunications and 
Information Administration.--Section 103(b) of the National 
Telecommunications and Information Administration Organization Act (47 
U.S.C. 902(b)) is amended by adding at the end the following new 
paragraph:
            ``(4) Export of communications transaction technologies.--
        In accordance with section 17(g)(2) of the Export 
        Administration Act of 1979 (50 U.S.C. App. 2416(g)(2)), the 
        Secretary shall assign to the Assistant Secretary and the NTIA 
        the authority of the Secretary under such section 17(g), with 
        respect to products and equipment described in paragraph (1) of 
        such section that are designed for improvement of network 
        security, network reliability, or data security, that (after 
        the expiration of the 2-year period beginning on the date of 
        the enactment of the Security And Freedom through Encryption 
        (SAFE) Act) is to be exercised by the Assistant Secretary and 
        the NTIA.''.
    (c) No Reinstatement of Export Controls on Previously Decontrolled 
Products.--Any encryption product not requiring an export license as of 
the date of enactment of this Act, as a result of administrative 
decision or rulemaking, shall not require an export license on or after 
such date of enactment.
    (d) Applicability of Certain Export Controls.--
            (1) In general.--Nothing in this Act shall limit the 
        authority of the President under the International Emergency 
        Economic Powers Act, the Trading with the Enemy Act, or the 
        Export Administration Act of 1979, to--
                    (A) prohibit the export of encryption products to 
                countries that have been determined to repeatedly 
                provide support for acts of international terrorism; or
                    (B) impose an embargo on exports to, and imports 
                from, a specific country.
            (2) Specific denials.--The Secretary of Commerce may 
        prohibit the export of specific encryption products to an 
        individual or organization in a specific foreign country 
        identified by the Secretary, if the Secretary determines that 
        there is substantial evidence that such encryption products 
        will be--
                    (A) used for military or terrorist end-use or 
                modified for military or terrorist end use;
                    (B) harmful to United States national security, 
                including United States capabilities in fighting drug 
                trafficking, terrorism, or espionage;
                    (C) used in illegal activities involving the sexual 
                exploitation of, abuse of, or sexually explicit conduct 
                with minors (including activities in violation of 
                chapter 110 of title 18, United States Code, and 
                section 2423 of such title); or
                    (D) used in illegal activities involving organized 
                crime.
            (3) Other export controls.--An encryption product is 
        subject to any export control imposed on that product for any 
        reason other than the existence of encryption capability. 
        Nothing in this Act or the amendments made by this Act alters 
        the ability of the Secretary of Commerce to control exports of 
        products for reasons other than encryption.
    (e) Continuation of Export Administration Act.--For purposes of 
carrying out the amendment made by subsection (a), the Export 
Administration Act of 1979 shall be deemed to be in effect.

SEC. 8. GOVERNMENT PROCUREMENT OF ENCRYPTION PRODUCTS.

    (a) Statement of Policy.--It is the policy of the United States--
            (1) to permit the public to interact with government 
        through commercial networks and infrastructure; and
            (2) to protect the privacy and security of any electronic 
        communication from, or stored information obtained from, the 
        public.
    (b) Purchase of Encryption Products by Federal Government.--Any 
department, agency, or instrumentality of the United States may 
purchase encryption products for internal use by officers and employees 
of the United States to the extent and in the manner authorized by law.
    (c) Prohibition of Requirement for Citizens To Purchase Specified 
Products.--No department, agency, or instrumentality of the United 
States, nor any department, agency, or political subdivision of a 
State, may require any person in the private sector to use any 
particular encryption product or methodology, including products with a 
decryption key, access to a key, key recovery information, or any other 
plaintext access capability, to communicate with, or transact business 
with, the government.

SEC. 9. NATIONAL ELECTRONIC TECHNOLOGIES CENTER.

    Part A of the National Telecommunications and Information 
Administration Organization Act is amended by inserting after section 
105 (47 U.S.C. 904) the following new section:

``SEC. 106. NATIONAL ELECTRONIC TECHNOLOGIES CENTER.

    ``(a) Establishment.--There is established in the NTIA a National 
Electronic Technologies Center (in this section referred to as the `NET 
Center').
    ``(b) Director.--The NET Center shall have a Director, who shall be 
appointed by the Assistant Secretary.
    ``(c) Duties.--The duties of the NET Center shall be--
            ``(1) to serve as a center for industry and government 
        entities to exchange information and methodology regarding data 
        security techniques and technologies;
            ``(2) to examine encryption techniques and methods to 
        facilitate the ability of law enforcement to gain efficient 
        access to plaintext of communications and electronic 
        information;
            ``(3) to conduct research to develop efficient methods, and 
        improve the efficiency of existing methods, of accessing 
        plaintext of communications and electronic information;
            ``(4) to investigate and research new and emerging 
        techniques and technologies to facilitate access to 
        communications and electronic information, including --
                    ``(A) reverse-steganography;
                    ``(B) decompression of information that previously 
                has been compressed for transmission; and
                    ``(C) de-multiplexing;
            ``(5) to obtain information regarding the most current 
        computer hardware and software, telecommunications, and other 
        capabilities to understand how to access information 
        transmitted across computer and communications networks; and
            ``(6) to serve as a center for Federal, State, and local 
        law enforcement authorities for information and assistance 
        regarding decryption and other access requirements.
    ``(d) Equal Access.--State and local law enforcement agencies and 
authorities shall have access to information, services, resources, and 
assistance provided by the NET Center to the same extent that Federal 
law enforcement agencies and authorities have such access.
    ``(e) Personnel.--The Director may appoint such personnel as the 
Director considers appropriate to carry out the duties of the NET 
Center.
    ``(f) Assistance of Other Federal Agencies.--Upon the request of 
the Director of the NET Center, the head of any department or agency of 
the Federal Government may, to assist the NET Center in carrying out 
its duties under this section--
            ``(1) detail, on a reimbursable basis, any of the personnel 
        of such department or agency to the NET Center; and
            ``(2) provide to the NET Center facilities, information, 
        and other non-personnel resources.
    ``(g) Private Industry Assistance.--The NET Center may accept, use, 
and dispose of gifts, bequests, or devises of money, services, or 
property, both real and personal, for the purpose of aiding or 
facilitating the work of the Center. Gifts, bequests, or devises of 
money and proceeds from sales of other property received as gifts, 
bequests, or devises shall be deposited in the Treasury and shall be 
available for disbursement upon order of the Director of the NET 
Center.
    ``(h) Advisory Board.--
            ``(1) Establishment.--There is established the Advisory 
        Board of the NET Center (in this subsection referred to as the 
        ``Advisory Board''), which shall be comprised of 11 members who 
        shall have the qualifications described in paragraph (2) and 
        who shall be appointed by the Assistant Secretary not later 
        than 6 months after the date of the enactment of this Act. The 
        chairman of the Advisory Board shall be designated by the 
        Assistant Secretary at the time of appointment.
            ``(2) Qualifications.--Each member of the Advisory Board 
        shall have experience or expertise in the field of encryption, 
        decryption, electronic communication, information security, 
        electronic commerce, or law enforcement.
            ``(3) Duties.--The duty of the Advisory Board shall be to 
        advise the NET Center and the Federal Government regarding new 
        and emerging technologies relating to encryption and decryption 
        of communications and electronic information.
    ``(i) Implementation Plan.--Within 2 months after the date of the 
enactment of this Act, the Assistant Secretary, in consultation and 
cooperation with other appropriate Federal agencies and appropriate 
industry participants, develop and cause to be published in the Federal 
Register a plan for establishing the NET Center. The plan shall--
            ``(1) specify the physical location of the NET Center and 
        the equipment, software, and personnel resources necessary to 
        carry out the duties of the NET Center under this section;
            ``(2) assess the amount of funding necessary to establish 
        and operate the NET Center; and
            ``(3) identify sources of probable funding for the NET 
        Center, including any sources of in-kind contributions from 
        private industry.''.

SEC. 10. STUDY OF NETWORK AND DATA SECURITY ISSUES.

    Part C of the National Telecommunications and Information 
Administration Organization Act is amended by adding at the end the 
following new section:

``SEC. 156. STUDY OF NETWORK RELIABILITY AND SECURITY AND DATA SECURITY 
              ISSUES.

    ``(a) In General.--The NTIA shall conduct an examination of--
            ``(1) the relationship between--
                    ``(A) network reliability (for communications and 
                computer networks), network security (for such 
                networks), and data security issues; and
                    ``(B) the conduct, in interstate commerce, of 
                electronic commerce transactions, including through the 
                medium of the telecommunications networks, the 
                Internet, or other interactive computer systems;
            ``(2) the availability of various methods for encrypting 
        communications; and
            ``(3) the effects of various methods of providing access to 
        encrypted communications and to information to further law 
        enforcement activities.
    ``(b) Specific Issues.--In conducting the examination required by 
subsection (a), the NTIA shall--
            ``(1) analyze and evaluate the requirements under 
        paragraphs (3) and (4) of section 17(g) of the Export 
        Administration Act of 1979 (50 U.S.C. App. 2416(g); as added by 
        section 7(a) of this Act) for products referred to in such 
        paragraphs to qualify for the license exemption or mandatory 
        export authorization under such paragraphs, and determine--
                    ``(A) the scope and applicability of such 
                requirements and the products that, at the time of the 
                examination, qualify for such license exemption or 
                export authorization; and
                    ``(B) the products that will, 12 months after the 
                examination is conducted, qualify for such license 
                exemption or export authorization; and
            ``(2) assess possible methods for providing access to 
        encrypted communications and to information to further law 
        enforcement activities.
    ``(c) Reports.--Within one year after the date of enactment of this 
section, the NTIA shall submit to the Congress and the President a 
detailed report on the examination required by subsections (a) and (b). 
Annually thereafter, the NTIA shall submit to the Congress and the 
President an update on such report.
    ``(d) Definitions.--For purposes of this section--
            ``(1) the terms `data security', `encryption', `network 
        reliability', and `network security' have the meanings given 
        such terms in section 17(g)(5) of the Export Administration Act 
        of 1979 (50 U.S.C. App. 2416(g)(5)); and
            ``(2) the terms `Internet' and `interactive computer 
        systems' have the meanings provided by section 230(e) of the 
        Communications Act of 1934 (47 U.S.C. 230(e)).''.

SEC. 11. TREATMENT OF ENCRYPTION IN INTERSTATE AND FOREIGN COMMERCE.

    (a) Inquiry Regarding Impediments to Commerce.--Within 180 days 
after the date of the enactment of this Act, the Secretary of Commerce 
shall complete an inquiry to--
            (1) identify any domestic and foreign impediments to trade 
        in encryption products and services and the manners in which 
        and extent to which such impediments inhibit the development of 
        interstate and foreign commerce; and
            (2) identify import restrictions imposed by foreign nations 
        that constitute trade barriers to providers of encryption 
        products or services.
The Secretary shall submit a report to the Congress regarding the 
results of such inquiry by such date.
    (b) Removal of Impediments to Trade.--Within 1 year after such date 
of enactment, the Secretary shall prescribe such regulations as may be 
necessary to reduce the impediments to trade in encryption products and 
services identified in the inquiry pursuant to subsection (a) for the 
purpose of facilitating the development of interstate and foreign 
commerce. Such regulations shall be designed to--
            (1) promote the sale and distribution, including through 
        electronic commerce, in foreign commerce of encryption products 
        and services manufactured in the United States; and
            (2) strengthen the competitiveness of domestic providers of 
        encryption products and services in foreign commerce, including 
        electronic commerce.
    (c) International Agreements.--
            (1) Report to president.--Upon the completion of the 
        inquiry under subsection (a), the Secretary shall submit a 
        report to the President regarding reducing any impediments to 
        trade in encryption products and services that are identified 
        by the inquiry and could, in the determination of the 
        Secretary, require international negotiations for such 
        reduction.
            (2) Negotiations.--The President shall take all actions 
        necessary to conduct negotiations with other countries for the 
        purposes of (A) concluding international agreements on the 
        promotion of encryption products and services, and (B) 
        achieving mutual recognition of countries' export controls, in 
        order to meet the needs of countries to preserve national 
        security, safeguard privacy, and prevent commercial espionage. 
        The President may consider a country's refusal to negotiate 
        such international export and mutual recognition agreements 
        when considering the participation of the United States in any 
        cooperation or assistance program with that country. The 
        President shall submit a report to the Congress regarding the 
        status of international efforts regarding cryptography not 
        later than December 31, 2000.

SEC. 12. COLLECTION OF INFORMATION ON EFFECT OF ENCRYPTION ON LAW 
              ENFORCEMENT ACTIVITIES.

    (a) Collection of Information by Attorney General.--The Attorney 
General shall compile, and maintain in classified form, data on the 
instances in which encryption (as defined in section 2801 of title 18, 
United States Code) has interfered with, impeded, or obstructed the 
ability of the Department of Justice to enforce the criminal laws of 
the United States.
    (b) Availability of Information to the Congress.--The information 
compiled under subsection (a), including an unclassified summary 
thereof, shall be made available, upon request, to any Member of 
Congress.

SEC. 13. PROHIBITION ON TRANSFERS TO PLA AND COMMUNIST CHINESE MILITARY 
              COMPANIES.

    (a) Prohibition.--Whoever knowingly and willfully transfers to the 
People's Liberation Army or to any Communist Chinese military company 
any encryption product that utilizes a key length of more than 56 
bits--
            (1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 5 years, or fined under 
        title 18, United States Code, or both; and
            (2) in the case of second or subsequent offense under this 
        section, shall be imprisoned for not more than 10 years, or 
        fined under title 18, United States Code, or both.
    (b) Definitions.--For purposes of this section:
            (1) Communist chinese military company.--(A) Subject to 
        subparagraph (B), the term ``Communist Chinese military 
        company'' has the meaning given that term in section 1237(b)(4) 
        of the Strom Thurmond National Defense Authorization Act for 
        Fiscal Year 1999 (50 U.S.C. 1701 note).
            (B) At such time as the determination and publication of 
        persons are made under section 1237(b)(1) of the Strom Thurmond 
        National Defense Authorization Act for Fiscal Year 1999, the 
        term ``Communist Chinese military company'' shall mean the list 
        of those persons so published, as revised under section 
        1237(b)(2) of that Act.
            (2) People's liberation army.--The term ``People's 
        Liberation Army'' has the meaning given that term in section 
        1237(c) of the Strom Thurmond National Defense Authorization 
        Act for Fiscal Year 1999.

SEC. 14. FAILURE TO DECRYPT INFORMATION OBTAINED UNDER COURT ORDER.

    Whoever is required by an order of any court to provide to the 
court or any other party any information in such person's possession 
which has been encrypted and who, having possession of the key or such 
other capability to decrypt such information into the readable or 
comprehensible format of such information prior to its encryption, 
fails to provide such information in accordance with the order in such 
readable or comprehensible form--
            (1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 5 years, or fined under 
        title 18, United States Code, or both; and
            (2) in the case of second or subsequent offense under this 
        section, shall be imprisoned for not more than 10 years, or 
        fined under title 18 United States Code, or both.

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Security And Freedom through 
Encryption (SAFE) Act''.

SEC. 2. SALE AND USE OF ENCRYPTION.

    (a) In General.--Part I of title 18, United States Code, is amended 
by inserting after chapter 123 the following new chapter:

        ``CHAPTER 125--ENCRYPTED WIRE AND ELECTRONIC INFORMATION

``Sec.
``2801. Definitions.
``2802. Freedom to use encryption.
``2803. Freedom to sell encryption.
``2804. Prohibition on mandatory key escrow.
``2805. Unlawful use of encryption in furtherance of a criminal act.
``Sec. 2801. Definitions
    ``As used in this chapter--
            ``(1) the terms `person', `State', `wire communication', 
        `electronic communication', `investigative or law enforcement 
        officer', and `judge of competent jurisdiction' have the 
        meanings given those terms in section 2510 of this title;
            ``(2) the term `decrypt' means to retransform or unscramble 
        encrypted data, including communications, to its readable form;
            ``(3) the terms `encrypt', `encrypted', and `encryption' 
        mean the scrambling of wire communications, electronic 
        communications, or electronically stored information, using 
        mathematical formulas or algorithms in order to preserve the 
        confidentiality, integrity, or authenticity of, and prevent 
        unauthorized recipients from accessing or altering, such 
        communications or information;
            ``(4) the term `key' means the variable information used in 
        a mathematical formula, code, or algorithm, or any component 
        thereof, used to decrypt wire communications, electronic 
        communications, or electronically stored information, that has 
        been encrypted; and
            ``(5) the term `key recovery information' means information 
        that would enable obtaining the key of a user of encryption;
            ``(6) the term `plaintext access capability' means any 
        method or mechanism which would provide information in readable 
        form prior to its being encrypted or after it has been 
        decrypted;
            ``(7) the term `United States person' means--
                    ``(A) any United States citizen;
                    ``(B) any other person organized under the laws of 
                any State, the District of Columbia, or any 
                commonwealth, territory, or possession of the United 
                States; and
                    ``(C) any person organized under the laws of any 
                foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).
``Sec. 2802. Freedom to use encryption
    ``Subject to section 2805, it shall be lawful for any person within 
any State, and for any United States person in a foreign country, to 
use any encryption, regardless of the encryption algorithm selected, 
encryption key length chosen, or implementation technique or medium 
used.
``Sec. 2803. Freedom to sell encryption
    ``Subject to section 2805, it shall be lawful for any person within 
any State to sell in interstate commerce any encryption, regardless of 
the encryption algorithm selected, encryption key length chosen, or 
implementation technique or medium used.
``Sec. 2804. Prohibition on mandatory key escrow
    ``(a) General Prohibition.--Neither the Federal Government nor a 
State may require that, or condition any approval on a requirement 
that, a key, access to a key, key recovery information, or any other 
plaintext access capability be--
            ``(1) built into computer hardware or software for any 
        purpose;
            ``(2) given to any other person, including a Federal 
        Government agency or an entity in the private sector that may 
        be certified or approved by the Federal Government or a State 
        to receive it; or
            ``(3) retained by the owner or user of an encryption key or 
        any other person, other than for encryption products for use by 
        the Federal Government or a State.
    ``(b) Exception for Government National Security and Law 
Enforcement Purposes.--The prohibition contained in subsection (a) 
shall not apply to any department, agency, or instrumentality of the 
United States, or to any department, agency, or political subdivision 
of a State, that has a valid contract with a nongovernmental entity 
that is assisting in the performance of national security or law 
enforcement activity.
    ``(c) Exception for Access for Law Enforcement Purposes.--
Subsection (a) shall not affect the authority of any investigative or 
law enforcement officer, or any member of the intelligence community as 
defined in section 3 of the National Security Act of 1947 (50 U.S.C. 
401a), acting under any law in effect on the effective date of this 
chapter, to gain access to encrypted communications or information.
``Sec. 2805. Unlawful use of encryption in furtherance of a criminal 
              act
    ``(a) Encryption of Incriminating Communications or Information 
Unlawful.--Any person who, in the commission of a felony under a 
criminal statute of the United States, knowingly and willfully encrypts 
incriminating communications or information relating to that felony 
with the intent to conceal such communications or information for the 
purpose of avoiding detection by law enforcement agencies or 
prosecution--
            ``(1) in the case of a first offense under this section, 
        shall be imprisoned for not more than 5 years, or fined in the 
        amount set forth in this title, or both; and
            ``(2) in the case of a second or subsequent offense under 
        this section, shall be imprisoned for not more than 10 years, 
        or fined in the amount set forth in this title, or both.
    ``(b) Use of Encryption Not a Basis for Probable Cause.--The use of 
encryption by any person shall not be the sole basis for establishing 
probable cause with respect to a criminal offense or a search 
warrant.''.
    (b) Conforming Amendment.--The table of chapters for part I of 
title 18, United States Code, is amended by inserting after the item 
relating to chapter 123 the following new item:

``125. Encrypted wire and electronic information............    2801''.

SEC. 3. EXPORTS OF ENCRYPTION.

    (a) Amendment to Export Administration Act of 1979.--Section 17 of 
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended 
by adding at the end thereof the following new subsection:
    ``(g) Certain Consumer Products, Computers, and Related 
Equipment.--
            ``(1) General rule.--Subject to paragraphs (2) and (3), the 
        Secretary shall have exclusive authority to control exports of 
        all computer hardware, software, computing devices, customer 
        premises equipment, communications network equipment, and 
        technology for information security (including encryption), 
        except that which is specifically designed or modified for 
        military use, including command, control, and intelligence 
        applications.
            ``(2) Items not requiring licenses.--After a 1-time 
        technical review by the Secretary, which shall be completed not 
        later than 30 working days after submission of the product 
        concerned for such technical review, no export license may be 
        required, except pursuant to the Trading with the enemy Act or 
        the International Emergency Economic Powers Act (but only to 
        the extent that the authority of such Act is not exercised to 
        extend controls imposed under this Act), for the export or 
        reexport of--
                    ``(A) any computer hardware or software or 
                computing device, including computer hardware or 
                software or computing devices with encryption 
                capabilities--
                            ``(i) that is generally available;
                            ``(ii) that is in the public domain for 
                        which copyright or other protection is not 
                        available under title 17, United States Code, 
                        or that is available to the public because it 
                        is generally accessible to the interested 
                        public in any form; or
                            ``(iii) that is used in a commercial, off-
                        the-shelf, consumer product or any component or 
                        subassembly designed for use in such a consumer 
                        product available within the United States or 
                        abroad which--
                                    ``(I) includes encryption 
                                capabilities which are inaccessible to 
                                the end user; and
                                    ``(II) is not designed for military 
                                or intelligence end use;
                    ``(B) any computing device solely because it 
                incorporates or employs in any form--
                            ``(i) computer hardware or software 
                        (including computer hardware or software with 
                        encryption capabilities) that is exempted from 
                        any requirement for a license under 
                        subparagraph (A); or
                            ``(ii) computer hardware or software that 
                        is no more technically complex in its 
                        encryption capabilities than computer hardware 
                        or software that is exempted from any 
                        requirement for a license under subparagraph 
                        (A) but is not designed for installation by the 
                        purchaser;
                    ``(C) any computer hardware or software or 
                computing device solely on the basis that it 
                incorporates or employs in any form interface 
                mechanisms for interaction with other computer hardware 
                or software or computing devices, including computer 
                hardware and software and computing devices with 
                encryption capabilities;
                    ``(D) any computing or telecommunication device 
                which incorporates or employs in any form computer 
                hardware or software encryption capabilities which--
                            ``(i) are not directly available to the end 
                        user; or
                            ``(ii) limit the encryption to be point-to-
                        point from the user to a central communications 
                        point or link and does not enable end-to-end 
                        user encryption;
                    ``(E) technical assistance and technical data used 
                for the installation or maintenance of computer 
                hardware or software or computing devices with 
                encryption capabilities covered under this subsection; 
                or
                    ``(F) any encryption hardware or software or 
                computing device not used for confidentiality purposes, 
                such as authentication, integrity, electronic 
                signatures, nonrepudiation, or copy protection.
            ``(3) Computer hardware or software or computing devices 
        with encryption capabilities.--After a 1-time technical review 
        by the Secretary, which shall be completed not later than 30 
        working days after submission of the product concerned for such 
        technical review, the Secretary shall authorize the export or 
        reexport of computer hardware or software or computing devices 
        with encryption capabilities for nonmilitary end uses in any 
        country--
                    ``(A) to which exports of computer hardware or 
                software or computing devices of comparable strength 
                are permitted for use by financial institutions not 
                controlled in fact by United States persons, unless 
                there is credible evidence that such computer hardware 
                or software or computing devices will be--
                            ``(i) diverted to a military end use or an 
                        end use supporting international terrorism;
                            ``(ii) modified for military or terrorist 
                        end use; or
                            ``(iii) reexported without any 
                        authorization by the United States that may be 
                        required under this Act; or
                    ``(B) if the Secretary determines that a computer 
                hardware or software or computing device offering 
                comparable security is commercially available outside 
                the United States from a foreign supplier, without 
                effective restrictions.
            ``(4) Exports to major drug-transit and illicit drug 
        producing countries.--The Secretary, before approving any 
        export or reexport of encryption products to any major drug-
        transit country or major illicit drug producing country 
        identified under section 490(h) of the Foreign Assistance Act 
        of 1961, shall consult with the Attorney General of the United 
        States, the Director of the Federal Bureau of Investigation, 
        and the Administrator of the Drug Enforcement Administration on 
        the potential impact of such export or reexport on the flow of 
        illicit drugs into the United States. This paragraph shall not 
        authorize the denial of an export of an encryption product, or 
        of the issuance of a specific export license, for which such 
        denial is not otherwise appropriate, solely because the country 
        of destination is a major drug-transit country or major illicit 
        drug producing country.
            ``(5) Definitions.--As used in this subsection--
                    ``(A)(i) the term `encryption' means the scrambling 
                of wire communications, electronic communications, or 
                electronically stored information, using mathematical 
                formulas or algorithms in order to preserve the 
                confidentiality, integrity, or authenticity of, and 
                prevent unauthorized recipients from accessing or 
                altering, such communications or information;
                    ``(ii) the terms `wire communication' and 
                `electronic communication' have the meanings given 
                those terms in section 2510 of title 18, United States 
                Code;
                    ``(B) the term `generally available' means, in the 
                case of computer hardware or computer software 
                (including computer hardware or computer software with 
                encryption capabilities)--
                            ``(i) computer hardware or computer 
                        software that is--
                                    ``(I) distributed through the 
                                Internet;
                                    ``(II) offered for sale, license, 
                                or transfer to any person without 
                                restriction, whether or not for 
                                consideration, including, but not 
                                limited to, over-the-counter retail 
                                sales, mail order transactions, phone 
                                order transactions, electronic 
                                distribution, or sale on approval;
                                    ``(III) preloaded on computer 
                                hardware or computing devices that are 
                                widely available for sale to the 
                                public; or
                                    ``(IV) assembled from computer 
                                hardware or computer software 
                                components that are widely available 
                                for sale to the public;
                            ``(ii) not designed, developed, or tailored 
                        by the manufacturer for specific purchasers or 
                        users, except that any such purchaser or user 
                        may--
                                    ``(I) supply certain installation 
                                parameters needed by the computer 
                                hardware or software to function 
                                properly with the computer system of 
                                the user or purchaser; or
                                    ``(II) select from among options 
                                contained in the computer hardware or 
                                computer software;
                            ``(iii) with respect to which the 
                        manufacturer of that computer hardware or 
                        computer software--
                                    ``(I) intended for the user or 
                                purchaser, including any licensee or 
                                transferee, to install the computer 
                                hardware or software and has supplied 
                                the necessary instructions to do so, 
                                except that the manufacturer of the 
                                computer hardware or software, or any 
                                agent of such manufacturer, may also 
                                provide telephone or electronic mail 
                                help line services for installation, 
                                electronic transmission, or basic 
                                operations; and
                                    ``(II) the computer hardware or 
                                software is designed for such 
                                installation by the user or purchaser 
                                without further substantial support by 
                                the manufacturer; and
                            ``(iv) offered for sale, license, or 
                        transfer to any person without restriction, 
                        whether or not for consideration, including, 
                        but not limited to, over-the-counter retail 
                        sales, mail order transactions, phone order 
                        transactions, electronic distribution, or sale 
                        on approval;
                    ``(C) the term `computing device' means a device 
                which incorporates one or more microprocessor-based 
                central processing units that can accept, store, 
                process, or provide output of data;
                    ``(D) the term `computer hardware' includes, but is 
                not limited to, computer systems, equipment, 
                application-specific assemblies, smart cards, modules, 
                integrated circuits, and printed circuit board 
                assemblies;
                    ``(E) the term `customer premises equipment' means 
                equipment employed on the premises of a person to 
                originate, route, or terminate communications;
                    ``(F) the term `technical assistance' includes 
                instruction, skills training, working knowledge, 
                consulting services, and the transfer of technical 
                data;
                    ``(G) the term `technical data' includes 
                blueprints, plans, diagrams, models, formulas, tables, 
                engineering designs and specifications, and manuals and 
                instructions written or recorded on other media or 
                devices such as disks, tapes, or read-only memories; 
                and
                    ``(H) the term `technical review' means a review by 
                the Secretary of computer hardware or software or 
                computing devices with encryption capabilities, based 
                on information about the product's encryption 
                capabilities supplied by the manufacturer, that the 
                computer hardware or software or computing device works 
                as represented.''.
    (b) No Reinstatement of Export Controls on Previously Decontrolled 
Products.--Any encryption product not requiring an export license as of 
the date of enactment of this Act, as a result of administrative 
decision or rulemaking, shall not require an export license on or after 
such date of enactment.
    (c) Applicability of Certain Export Controls.--
            (1) In general.--Nothing in this Act shall limit the 
        authority of the President under the International Emergency 
        Economic Powers Act, the Trading with the enemy Act, or the 
        Export Administration Act of 1979, to--
                    (A) prohibit the export of encryption products to 
                countries that have been determined to repeatedly 
                provide support for acts of international terrorism;
                    (B) prohibit the export or reexport of any 
                encryption product with an encryption strength of more 
                than 56 bits to any military unit of the People's 
                Republic of China, including the People's Liberation 
                Army (as defined in section 1237(c) of the Strom 
                Thurmond National Defense Authorization Act for Fiscal 
                Year 1999 (50 U.S.C. 1701 note)); or
                    (C) impose an embargo on exports to, and imports 
                from, a specific country.
            (2) Specific denials.--The Secretary of Commerce may 
        prohibit the export of specific encryption products to an 
        individual or organization in a specific foreign country or 
        countries identified by the Secretary, if the Secretary, in 
        consultation with the Secretary of Defense, the Secretary of 
        State, the Attorney General, the Director of the Federal Bureau 
        of Investigation, the Administrator of the Drug Enforcement 
        Administration, and the Director of Central Intelligence, 
        determines that there is credible evidence that such encryption 
        products will be used--
                    (A) for military or terrorist end-use;
                    (B) to facilitate the import of illicit drugs into 
                the United States;
                    (C) in the manufacture of weapons of mass 
                destruction or otherwise to assist in the proliferation 
                of weapons of mass destruction; or
                    (D) for illegal activities involving the sexual 
                exploitation of, abuse of, or sexually explicit conduct 
                with minors.
            (3) Other export controls.--Any encryption product is 
        subject to export controls for any reason other than the 
        existence of encryption capability, including export controls 
        imposed on high performance computers. Nothing in this Act or 
        the amendments made by this Act alters the ability of the 
        Secretary of Commerce to control exports for reasons other than 
        encryption capabilities.
            (4) Definition.--As used in this subsection and subsection 
        (b), the term ``encryption'' has the meaning given that term in 
        section 17(g)(5)(A) of the Export Administration Act of 1979, 
        as added by subsection (a) of this section.
    (d) Continuation of Export Administration Act.--For purposes of 
carrying out the amendment made by subsection (a), the Export 
Administration Act of 1979 shall be deemed to be in effect.

SEC. 4. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

    (a) Collection of Information by Attorney General.--The Attorney 
General shall compile, and maintain in classified form, data on the 
instances in which encryption (as defined in section 2801 of title 18, 
United States Code) has interfered with, impeded, or obstructed the 
ability of the Department of Justice to enforce the criminal laws of 
the United States.
    (b) Availability of Information to the Congress.--The information 
compiled under subsection (a), including an unclassified summary 
thereof, shall be made available, upon request, to any Member of 
Congress.

[SECTION 1. SHORT TITLE.

    [This Act may be cited as the ``Protection of National Security and 
Public Safety Act''.

[SEC. 2. EXPORTS OF ENCRYPTION.

    [(a) Authority to Control Exports.--The President shall control the 
export of all dual-use encryption products.
    [(b) Authority to Deny Export for National Security Reasons.--
Notwithstanding any provision of this Act, the President may deny the 
export of any encryption product on the basis that its export is 
contrary to the national security interests of the United States.
    [(c) Decisions Not Subject to Judicial Review.--Any decision made 
by the President or his designee with respect to the export of 
encryption products under this Act shall not be subject to judicial 
review.

[SEC. 3. LICENSE EXCEPTION FOR CERTAIN ENCRYPTION PRODUCTS.

    [Encryption products with encryption strength equal to or less than 
the level identified in section 5 shall be eligible for export under a 
license exception if--
            [(1) such encryption product is submitted for a 1-time 
        technical review;
            [(2) such encryption product does not require licensing 
        under otherwise applicable regulations;
            [(3) such encryption product is not intended for a country, 
        end user, or end use that is by regulation ineligible to 
        receive such product, and the encryption product is otherwise 
        qualified for export; and
            [(4) the exporter, at the time of submission of the product 
        for technical review, provides the names and addresses of its 
        distribution chain partners.

[SEC. 4. ONE-TIME PRODUCT REVIEW.

    [The President shall specify the information that must be submitted 
for the 1-time review referred to in section 3.

[SEC. 5. ELIGIBILITY LEVELS.

    [(a) Initial Eligibility Level.--Not later than 180 days after the 
date of the enactment of this Act, the President shall notify the 
Congress of the maximum level of encryption strength that may be 
exported from the United States under license exception pursuant to 
section 3 without harm to the national security interests of the United 
States. Such level shall not become effective until 30 days after such 
notification.
    [(b) Periodic Review of Eligibility Level.--The President shall, at 
the end of each successive 180-day period after the notice provided to 
the Congress under subsection (a), notify the Congress of the maximum 
level of encryption strength, which may not be lower than that in 
effect under this section during that 180-day period, that may be 
exported from the United States under a license exception pursuant to 
section 3 without harm to the national security interests of the United 
States. Such level shall not become effective until 30 days after such 
notification.

[SEC. 6. ENCRYPTION LICENSES REQUIRED.

    [(a) United States Products Exceeding Certain Bit Length.--An 
export license is required for the export of any encryption product 
designed or manufactured within the United States with an encryption 
strength exceeding the maximum level eligible for a license exception 
under section 3.
    [(b) Requirements for Export License Application.--To apply for an 
export license, the applicant shall submit--
            [(1) the product for technical review;
            [(2) a certification identifying--
                    [(A) the intended end use of the product; and
                    [(B) the expected end user of the product;
            [(3) in instances where the export is to a distribution 
        chain partner--
                    [(A) proof that the distribution chain partner has 
                contractually agreed to abide by all laws and 
                regulations of the United States concerning the export 
                and reexport of encryption products designed or 
                manufactured within the United States; and
                    [(B) the name and address of the distribution chain 
                partner; and
            [(4) any other information required by the President.
    [(c) Post-Export Reporting.--
            [(1) Unauthorized use.--Any exporter of encryption products 
        that are designed or manufactured within the United States 
        shall submit a report to the Secretary at any time the exporter 
        has reason to believe that any such product exported pursuant 
        to this section is being diverted to a use or user not approved 
        at the time of export.
            [(2) Distribution chain partners.--All exporters of 
        encryption products that are designed and manufactured within 
        the United States, and all distribution chain partners of such 
        exporters, shall submit to the Secretary a report which shall 
        specify--
                    [(A) the particular product sold;
                    [(B) the name and address of the end user of the 
                product; and
                    [(C) the intended use of the product sold.

[SEC. 7. WAIVER AUTHORITY.

    [(a) In General.--The President may by Executive order waive the 
applicability of any provision of section 3 to a person or entity if 
the President determines that the waiver is necessary to protect the 
national security interests of the United States. The President shall, 
not later than 15 days after making such determination, submit a report 
to the committees referred to in subsection (c) that includes the 
factual basis upon which such determination was made. The report may be 
in classified format.
    [(b) Waivers for Certain Classes of End Users.--The President may 
by Executive order waive the licensing requirements of section 6 for 
specific classes of end users identified as being eligible for receipt 
of encryption commodities and software under license exception in 
section 740.17 of title 15, Code of Federal Regulations, as in effect 
on July 17, 1999. The President shall, not later than 15 days after 
issuing such a waiver, submit a report to the committees referred to in 
subsection (c) that includes the factual basis upon which such waiver 
was made. The report may be in classified format.
    [(c) Committees.--The committees referred to in subsections (a) and 
(b) are the Committee on International Relations, the Committee on 
Armed Services, and the Permanent Select Committee on Intelligence of 
the House of Representatives, and the Committee on Foreign Relations, 
the Committee on Armed Services, and the Select Committee on 
Intelligence of the Senate.

[SEC. 8. ENCRYPTION INDUSTRY AND INFORMATION SECURITY BOARD.

    [(a) Encryption Industry and Information Security Board 
Established.--There is hereby established an Encryption Industry and 
Information Security Board. The Board shall undertake an advisory role 
for the President on the matter of foreign availability of encryption 
products.
    [(b) Membership.--(1) The Board shall be composed of 12 members, as 
follows:
            [(A) The Secretary, or the Secretary's designee.
            [(B) The Attorney General, or his or her designee.
            [(C) The Secretary of Defense, or his or her designee.
            [(D) The Director of Central Intelligence, or his or her 
        designee.
            [(E) The Director of the Federal Bureau of Investigation, 
        or his or her designee.
            [(F) The Special Assistant to the President for National 
        Security Affairs, or his or her designee, who shall chair the 
        Board.
            [(G) Six representatives from the private sector who have 
        expertise in the development, operation, marketing, law, or 
        public policy relating to information security or technology. 
        Members under this subparagraph shall each serve for 5-year 
        terms.
    [(2) The six private sector representatives described in paragraph 
(1)(G) shall be appointed as follows:
                    [(A) Two by the Speaker of the House of 
                Representatives.
                    [(B) One by the Minority Leader of the House of 
                Representatives.
                    [(C) Two by the Majority Leader of the Senate.
                    [(D) One by the Minority Leader of the Senate.
    [(c) Meetings.--The Board shall meet at such times and in such 
places as the Secretary may prescribe, but not less frequently than 
every four months.
    [(d) Findings and Recommendations.--The chair of the Board shall 
convey the findings and recommendations of the Board to the President 
and to the Congress within 30 days after each meeting of the Board. The 
recommendations of the Board are not binding upon the President.
    [(e) Limitation.--The Board shall have no authority to review any 
export determination made pursuant to this Act.
    [(f) Termination.--This section shall cease to be effective 10 
years after the date of the enactment of this Act.

[SEC. 9. MARKET SHARE SURVEY.

    [The Secretary shall, at least once every 6 months, conduct a 
market share survey of foreign markets for encryption products. The 
Secretary shall publish the results of the survey in the Federal 
Register. The publication shall include an assessment of the market 
share of each foreign encryption product in each market surveyed and a 
description of the general characteristics of each encryption product.

[SEC. 10. DEFINITIONS.

    [In this Act:
            [(1) Encryption.--The term ``encryption'' means the 
        transformation or scrambling of data, for the purpose of 
        protecting such data, from plaintext to an unreadable or 
        incomprehensible format, regardless of the techniques used for 
        such transformation or scrambling and regardless of the medium 
        in which such data occur or can be found.
            [(2) Export and exporter.--The term ``export'' includes 
        reexport, the term ``exporter'' includes ``reexporter''.
            [(3) Secretary.--The term ``Secretary'' means the Secretary 
        of Commerce.]

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title.--This Act may be cited as the ``Encryption for the 
National Interest Act''.
    (b) Table of Contents.--The table of contents is as follows:

Sec. 1. Short title; table of contents.
Sec. 2. Statement of policy.
Sec. 3. Congressional findings.
                  TITLE I--DOMESTIC USES OF ENCRYPTION

Sec. 101. Definitions.
Sec. 102. Lawful use of encryption.
Sec. 103. Unlawful use of encryption.
                    TITLE II--GOVERNMENT PROCUREMENT

Sec. 201. Federal purchases of encryption products.
Sec. 202. Networks established with Federal funds.
Sec. 203. Government contract authority.
Sec. 204. Product labels.
Sec. 205. No private mandate.
Sec. 206. Exclusion.
                    TITLE III--EXPORTS OF ENCRYPTION

Sec. 301. Exports of encryption.
Sec. 302. License exception for certain encryption products.
Sec. 303. Discretionary authority.
Sec. 304. Expedited review authority.
Sec. 305. Encryption licenses required.
Sec. 306. Encryption Industry and Information Security Board.
                    TITLE IV--LIABILITY LIMITATIONS

Sec. 401. Compliance with court order.
Sec. 402. Compliance defense.
Sec. 403. Good faith defense.
                   TITLE V--INTERNATIONAL AGREEMENTS

Sec. 501. Sense of Congress.
Sec. 502. Failure to negotiate.
Sec. 503. Report to Congress.
                   TITLE VI--MISCELLANEOUS PROVISIONS

Sec. 601. Effect on law enforcement activities.
Sec. 602. Interpretation.
Sec. 603. FBI technical support.
Sec. 604. Severability.

SEC. 2. STATEMENT OF POLICY.

    It is the policy of the United States to protect public computer 
networks through the use of strong encryption technology, to promote 
the export of encryption products developed and manufactured in the 
United States, and to preserve public safety and national security.

SEC. 3. CONGRESSIONAL FINDINGS.

    The Congress finds the following:
            (1) Information security technology, encryption, is--
                    (A) fundamental to secure the flow of intelligence 
                information to national policy makers;
                    (B) critical to the President and national command 
                authority of the United States;
                    (C) necessary to the Secretary of State for the 
                development and execution of the foreign policy of the 
                United States;
                    (D) essential to the Secretary of Defense's 
                responsibilities to ensure the effectiveness of the 
                Armed Forces of the United States;
                    (E) invaluable to the protection of the citizens of 
                the United States from fraud, theft, drug trafficking, 
                child pornography; kidnapping, and money laundering; 
                and
                    (F) basic to the protection of the nation's 
                critical infrastructures, including electrical grids, 
                banking and financial systems, telecommunications, 
                water supplies, and transportation.
            (2) The goal of any encryption legislation should be to 
        enhance and promote the global market strength of United States 
        encryption manufacturers, while guaranteeing that national 
        security and public safety obligations of the Government can 
        still be accomplished.
            (3) It is essential to the national security interests of 
        the United States that United States encryption products 
        dominate the global market.
            (4) Widespread use of unregulated encryption products poses 
        a significant threat to the national security interests of the 
        United States.
            (5) Leaving the national security and public safety 
        responsibilities of the Government to the marketplace alone is 
        not consistent with the obligations of the Government to 
        protect the public safety and to defend the Nation.
            (6) In order for the United States position in the global 
        market to benefit the national security interests of the United 
        States, it is imperative that the export of encryption products 
        be subject to a dynamic and constructive export control regime.
            (7) Export of commercial items are best managed through a 
        regulatory structure which has flexibility to address 
        constantly changing market conditions.
            (8) Managing sensitive dual-use technologies, such as 
        encryption products, is challenging in any regulatory 
        environment due to the difficulty in balancing competing 
        interests in national security, public safety, privacy, fair 
        competition within the industry, and the dynamic nature of the 
        technology.
            (9) There is a widespread perception that the executive 
        branch has not adequately balanced the equal and competing 
        interests of national security, public safety, privacy, and 
        industry.
            (10) There is a perception that the current encryption 
        export control policy has done more to disadvantage United 
        States business interests than to promote and protect national 
        security and public safety interests.
            (11) A balance can and must be achieved between industry 
        interests, national security, law enforcement requirements, and 
        privacy needs.
            (12) A court order process should be required for access to 
        plaintext, where and when available, and criminal and civil 
        penalties should be imposed for misuse of decryption 
        information.
            (13) Timely access to plaintext capability is--
                    (A) necessary to thwarting potential terrorist 
                activities;
                    (B) extremely useful in the collection of foreign 
                intelligence;
                    (C) indispensable to force protection requirements;
                    (D) critical to the investigation and prosecution 
                of criminals; and
                    (E) both technically and economically possible.
            (14) The United States Government should encourage the 
        development of those products that would provide a capability 
        allowing law enforcement (Federal, State, and local), with a 
        court order only, to gain timely access to the plaintext of 
        either stored data or data in transit.
            (15) Unless law enforcement has the benefit of such market 
        encouragement, drug traffickers, spies, child pornographers, 
        pedophiles, kidnappers, terrorists, mobsters, weapons 
        proliferators, fraud schemers, and other criminals will be able 
        to use encryption software to protect their criminal activity 
        and hinder the criminal justice system.
            (16) An effective regulatory approach to manage the 
        proliferation of encryption products which have dual-use 
        capabilities must be maintained and greater confidence in the 
        ability of the executive branch to preserve and promote the 
        competitive advantage of the United States encryption industry 
        in the global market must be provided.

                  TITLE I--DOMESTIC USES OF ENCRYPTION

SEC. 101. DEFINITIONS.

    For purposes of this Act:
            (1) Attorney for the government.--The term ``attorney for 
        the Government'' has the meaning given such term in Rule 54(c) 
        of the Federal Rules of Criminal Procedure, and also includes 
        any duly authorized attorney of a State who is authorized to 
        prosecute criminal offenses within such State.
            (2) Authorized party.--The term ``authorized party'' means 
        any person with the legal authority to obtain decryption 
        information or plaintext of encrypted data, including 
        communications.
            (3) Communications.--The term ``communications'' means any 
        wire communications or electronic communications as those terms 
        are defined in paragraphs (1) and (12) of section 2510 of title 
        18, United States Code.
            (4) Court of competent jurisdiction.--The term ``court of 
        competent jurisdiction'' means any court of the United States 
        organized under Article III of the Constitution of the United 
        States, the court organized under the Foreign Intelligence 
        Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), or a court 
        of general criminal jurisdiction of a State authorized pursuant 
        to the laws of such State to enter orders authorizing searches 
        and seizures.
            (5) Data network service provider.--The term ``data network 
        service provider'' means a person offering any service to the 
        general public that provides the users thereof with the ability 
        to transmit or receive data, including communications.
            (6) Decryption.--The term ``decryption'' means the 
        retransformation or unscrambling of encrypted data, including 
        communications, to its readable plaintext version. To 
        ``decrypt'' data, including communications, is to perform 
        decryption.
            (7) Decryption information.--The term ``decryption 
        information'' means information or technology that enables one 
        to readily retransform or unscramble encrypted data from its 
        unreadable and incomprehensible format to its readable 
        plaintext version.
            (8) Electronic storage.--The term ``electronic storage'' 
        has the meaning given that term in section 2510(17) of title 
        18, United States Code.
            (9) Encryption.--The term ``encryption'' means the 
        transformation or scrambling of data, including communications, 
        from plaintext to an unreadable or incomprehensible format, 
        regardless of the technique utilized for such transformation or 
        scrambling and irrespective of the medium in which such data, 
        including communications, occur or can be found, for the 
        purposes of protecting the content of such data, including 
        communications. To ``encrypt'' data, including communications, 
        is to perform encryption.
            (10) Encryption product.--The term ``encryption product'' 
        means any software, technology, commodity, or mechanism, that 
        can be used to encrypt or decrypt or has the capability of 
        encrypting or decrypting any data, including communications.
            (11) Foreign availability.--The term ``foreign 
        availability'' has the meaning applied to foreign availability 
        of encryption products subject to controls under the Export 
        Administration Regulations, as in effect on July 1, 1999.
            (12) Government.--The term ``Government'' means the 
        Government of the United States and any agency or 
        instrumentality thereof, or the government of any State, and 
        any of its political subdivisions.
            (13) Investigative or law enforcement officer.--The term 
        ``investigative or law enforcement officer'' has the meaning 
        given that term in section 2510(7) of title 18, United States 
        Code.
            (14) National security.--The term ``national security'' 
        means the national defense, intelligence, or foreign policy 
        interests of the United States.
            (15) Plaintext.--The term ``plaintext'' means the readable 
        or comprehensible format of that data, including 
        communications, which has been encrypted.
            (16) Plainvoice.--The term ``plainvoice'' means 
        communication specific plaintext.
            (17) Secretary.--The term ``Secretary'' means the Secretary 
        of Commerce, unless otherwise specifically identified.
            (18) State.--The term ``State'' has the meaning given that 
        term in section 2510(3) of title 18, United States Code.
            (19) Telecommunications carrier.--The term 
        ``telecommunications carrier'' has the meaning given that term 
        in section 3 of the Communications Act of 1934 (47 U.S.C. 153).
            (20) Telecommunications system.--The term 
        ``telecommunications system'' means any equipment, technology, 
        or related software used in the movement, switching, 
        interchange, transmission, reception, or internal signaling of 
        data, including communications over wire, fiber optic, radio 
        frequency, or any other medium.
            (21) United states person.--The term ``United States 
        person'' means--
                    (A) any citizen of the United States;
                    (B) any other person organized under the laws of 
                any State; and
                    (C) any person organized under the laws of any 
                foreign country who is owned or controlled by 
                individuals or persons described in subparagraphs (A) 
                and (B).

SEC. 102. LAWFUL USE OF ENCRYPTION.

    Except as otherwise provided by this Act or otherwise provided by 
law, it shall be lawful for any person within any State and for any 
United States person to use any encryption product, regardless of 
encryption algorithm selected, encryption bit length chosen, or 
implementation technique or medium used.

SEC. 103. UNLAWFUL USE OF ENCRYPTION.

    (a) In General.--Part I of title 18, United States Code, is amended 
by inserting after chapter 123 the following new chapter:

        ``CHAPTER 125--ENCRYPTED DATA, INCLUDING COMMUNICATIONS

``Sec.
``2801. Unlawful use of encryption in furtherance of a criminal act.
``2802. Privacy protection.
``2803. Court order access to plaintext or decryption information.
``2804. Notification procedures.
``2805. Lawful use of plaintext or decryption information.
``2806. Identification of decryption information.
``2807. Definitions.
``Sec. 2801. Unlawful use of encryption in furtherance of a criminal 
              act
    ``(a) Prohibited Acts.--Whoever knowingly uses encryption in 
furtherance of the commission of a criminal offense for which the 
person may be prosecuted in a district court of the United States 
shall--
            ``(1) in the case of a first offense under this section, be 
        imprisoned for not more than 5 years, or fined under this 
        title, or both; and
            ``(2) in the case of a second or subsequent offense under 
        this section, be imprisoned for not more than 10 years, or 
        fined under this title, or both.
    ``(b) Consecutive Sentence.--Notwithstanding any other provision of 
law, the court shall not place on probation any person convicted of a 
violation of this section, nor shall the term of imprisonment imposed 
under this section run concurrently with any other term of imprisonment 
imposed for the underlying criminal offense.
    ``(c) Probable Cause Not Constituted by Use of Encryption.--The use 
of encryption by itself shall not establish probable cause to believe 
that a crime is being or has been committed.
``Sec. 2802. Privacy protection
    ``(a) In General.--It shall be unlawful for any person to 
intentionally--
            ``(1) obtain or use decryption information without lawful 
        authority for the purpose of decrypting data, including 
        communications;
            ``(2) exceed lawful authority in decrypting data, including 
        communications;
            ``(3) break the encryption code of another person without 
        lawful authority for the purpose of violating the privacy or 
        security of that person or depriving that person of any 
        property rights;
            ``(4) impersonate another person for the purpose of 
        obtaining decryption information of that person without lawful 
        authority;
            ``(5) facilitate or assist in the encryption of data, 
        including communications, knowing that such data, including 
        communications, are to be used in furtherance of a crime; or
            ``(6) disclose decryption information in violation of a 
        provision of this chapter.
    ``(b) Criminal Penalty.--Whoever violates this section shall be 
imprisoned for not more than 10 years, or fined under this title, or 
both.
``Sec. 2803. Court order access to plaintext or decryption information
    ``(a) Court Order.--(1) A court of competent jurisdiction shall 
issue an order, ex parte, granting an investigative or law enforcement 
officer timely access to the plaintext of encrypted data, including 
communications, or requiring any person in possession of decryption 
information to provide such information to a duly authorized 
investigative or law enforcement officer--
            ``(A) upon the application by an attorney for the 
        Government that--
                    ``(i) is made under oath or affirmation by the 
                attorney for the Government; and
                    ``(ii) provides a factual basis establishing the 
                relevance that the plaintext or decryption information 
                being sought has to a law enforcement, foreign 
                counterintelligence, or international terrorism 
                investigation then being conducted pursuant to lawful 
                authorities; and
            ``(B) if the court finds, in writing, that the plaintext or 
        decryption information being sought is relevant to an ongoing 
        lawful law enforcement, foreign counterintelligence, or 
        international terrorism investigation and the investigative or 
        law enforcement officer is entitled to such plaintext or 
        decryption information.
    ``(2) The order issued by the court under this section shall be 
placed under seal, except that a copy may be made available to the 
investigative or law enforcement officer authorized to obtain access to 
the plaintext of the encrypted information, or authorized to obtain the 
decryption information sought in the application. Such order shall, 
subject to the notification procedures set forth in section 2804, also 
be made available to the person responsible for providing the plaintext 
or the decryption information, pursuant to such order, to the 
investigative or law enforcement officer.
    ``(3) Disclosure of an application made, or order issued, under 
this section, is not authorized, except as may otherwise be 
specifically permitted by this section or another order of the court.
    ``(b) Record of Access Required.--(1) There shall be created an 
electronic record, or similar type record, of each instance in which an 
investigative or law enforcement officer, pursuant to an order under 
this section, gains access to the plaintext of otherwise encrypted 
information, or is provided decryption information, without the 
knowledge or consent of the owner of the data, including 
communications, who is the user of the encryption product involved.
    ``(2) The court issuing the order under this section may require 
that the electronic or similar type of record described in paragraph 
(1) is maintained in a place and a manner that is not within the 
custody or control of an investigative or law enforcement officer 
gaining the access or provided the decryption information. The record 
shall be tendered to the court, upon notice from the court.
    ``(3) The court receiving such electronic or similar type of record 
described in paragraph (1) shall make the original and a certified copy 
of the record available to the attorney for the Government making 
application under this section, and to the attorney for, or directly 
to, the owner of the data, including communications, who is the user of 
the encryption product, pursuant to the notification procedures set 
forth in section 2804.
    ``(c) Authority To Intercept Communications Not Increased.--Nothing 
in this chapter shall be construed to enlarge or modify the 
circumstances or procedures under which a Government entity is entitled 
to intercept or obtain oral, wire, or electronic communications or 
information.
    ``(d) Construction.--This chapter shall be strictly construed to 
apply only to a Government entity's ability to decrypt data, including 
communications, for which it has previously obtained lawful authority 
to intercept or obtain pursuant to other lawful authorities, which 
without an order issued under this section would otherwise remain 
encrypted.
``Sec. 2804. Notification procedures
    ``(a) In General.--Within a reasonable time, but not later than 90 
days after the filing of an application for an order under section 2803 
which is granted, the court shall cause to be served, on the persons 
named in the order or the application, and such other parties whose 
decryption information or whose plaintext has been provided to an 
investigative or law enforcement officer pursuant to this chapter, as 
the court may determine is in the interest of justice, an inventory 
which shall include notice of--
            ``(1) the fact of the entry of the order or the 
        application;
            ``(2) the date of the entry of the application and issuance 
        of the order; and
            ``(3) the fact that the person's decryption information or 
        plaintext data, including communications, has been provided or 
        accessed by an investigative or law enforcement officer.
The court, upon the filing of a motion, may make available to that 
person or that person's counsel, for inspection, such portions of the 
plaintext, applications, and orders as the court determines to be in 
the interest of justice.
    ``(b) Postponement of Inventory for Good Cause.--(1) On an ex parte 
showing of good cause by an attorney for the Government to a court of 
competent jurisdiction, the serving of the inventory required by 
subsection (a) may be postponed for an additional 30 days after the 
granting of an order pursuant to the ex parte motion.
    ``(2) No more than 3 ex parte motions pursuant to paragraph (1) are 
authorized.
    ``(c) Admission Into Evidence.--The content of any encrypted 
information that has been obtained pursuant to this chapter or evidence 
derived therefrom shall not be received in evidence or otherwise 
disclosed in any trial, hearing, or other proceeding in a Federal or 
State court, other than the court organized pursuant to the Foreign 
Intelligence Surveillance Act of 1978, unless each party, not less than 
10 days before the trial, hearing, or proceeding, has been furnished 
with a copy of the order, and accompanying application, under which the 
decryption or access to plaintext was authorized or approved. This 10-
day period may be waived by the court if the court finds that it was 
not possible to furnish the party with the information described in the 
preceding sentence within 10 days before the trial, hearing, or 
proceeding and that the party will not be prejudiced by the delay in 
receiving such information.
    ``(d) Construction.--The provisions of this chapter shall be 
construed consistent with--
            ``(1) the Classified Information Procedures Act (18 U.S.C. 
        App.); and
            ``(2) the Foreign Intelligence Surveillance Act of 1978 (50 
        U.S.C. 1801 et seq.).
    ``(e) Contempt.--Any violation of the provisions of this section 
may be punished by the court as a contempt thereof.
    ``(f) Motion To Suppress.--Any aggrieved person in any trial, 
hearing, or proceeding in or before any court, department, officer, 
agency, regulatory body, or other authority of the United States or a 
State, other than the court organized pursuant to the Foreign 
Intelligence Surveillance Act of 1978, may move to suppress the 
contents of any decrypted data, including communications, obtained 
pursuant to this chapter, or evidence derived therefrom, on the grounds 
that --
            ``(1) the plaintext was decrypted or accessed in violation 
        of this chapter;
            ``(2) the order of authorization or approval under which it 
        was decrypted or accessed is insufficient on its face; or
            ``(3) the decryption was not made in conformity with the 
        order of authorization or approval.
Such motion shall be made before the trial, hearing, or proceeding 
unless there was no opportunity to make such motion, or the person was 
not aware of the grounds of the motion. If the motion is granted, the 
plaintext of the decrypted data, including communications, or evidence 
derived therefrom, shall be treated as having been obtained in 
violation of this chapter. The court, upon the filing of such motion by 
the aggrieved person, may make available to the aggrieved person or 
that person's counsel for inspection such portions of the decrypted 
plaintext, or evidence derived therefrom, as the court determines to be 
in the interests of justice.
    ``(g) Appeal by United States.--In addition to any other right to 
appeal, the United States shall have the right to appeal from an order 
granting a motion to suppress made under subsection (f), or the denial 
of an application for an order under section 2803, if the attorney for 
the Government certifies to the court or other official granting such 
motion or denying such application that the appeal is not taken for 
purposes of delay. Such appeal shall be taken within 30 days after the 
date the order was entered on the docket and shall be diligently 
prosecuted.
    ``(h) Civil Action for Violation.--Except as otherwise provided in 
this chapter, any person described in subsection (i) may, in a civil 
action, recover from the United States Government the actual damages 
suffered by the person as a result of a violation described in that 
subsection, reasonable attorney's fees, and other litigation costs 
reasonably incurred in prosecuting such claim.
    ``(i) Covered Persons.--Subsection (h) applies to any person whose 
decryption information--
            ``(1) is knowingly obtained without lawful authority by an 
        investigative or law enforcement officer;
            ``(2) is obtained by an investigative or law enforcement 
        officer with lawful authority and is knowingly used or 
        disclosed by such officer unlawfully; or
            ``(3) is obtained by an investigative or law enforcement 
        officer with lawful authority and whose decryption information 
        is unlawfully used to disclose the plaintext of the data, 
        including communications.
    ``(j) Limitation.--A civil action under subsection (h) shall be 
commenced not later than 2 years after the date on which the unlawful 
action took place, or 2 years after the date on which the claimant 
first discovers the violation, whichever is later.
    ``(k) Exclusive Remedies.--The remedies and sanctions described in 
this chapter with respect to the decryption of data, including 
communications, are the only judicial remedies and sanctions for 
violations of this chapter involving such decryptions, other than 
violations based on the deprivation of any rights, privileges, or 
immunities secured by the Constitution.
    ``(l) Technical Assistance by Providers.--A provider of encryption 
technology or network service that has received an order issued by a 
court pursuant to this chapter shall provide to the investigative or 
law enforcement officer concerned such technical assistance as is 
necessary to execute the order. Such provider may, however, move the 
court to modify or quash the order on the ground that its assistance 
with respect to the decryption or access to plaintext cannot be 
performed in fact, or in a timely or reasonable fashion. The court, 
upon notice to the Government, shall decide such motion expeditiously.
    ``(m) Reports to Congress.--In May of each year, the Attorney 
General, or an Assistant Attorney General specifically designated by 
the Attorney General, shall report in writing to Congress on the number 
of applications made and orders entered authorizing Federal, State, and 
local law enforcement access to decryption information for the purposes 
of reading the plaintext of otherwise encrypted data, including 
communications, pursuant to this chapter. Such reports shall be 
submitted to the Committees on the Judiciary of the House of 
Representatives and of the Senate, and to the Permanent Select 
Committee on Intelligence for the House of Representatives and the 
Select Committee on Intelligence for the Senate.
``Sec. 2805. Lawful use of plaintext or decryption information
    ``(a) Authorized Use of Decryption Information.--
            ``(1) Criminal investigations.--An investigative or law 
        enforcement officer to whom plaintext or decryption information 
        is provided may only use such plaintext or decryption 
        information for the purposes of conducting a lawful criminal 
        investigation, foreign counterintelligence, or international 
        terrorism investigation, and for the purposes of preparing for 
        and prosecuting any criminal violation of law.
            ``(2) Civil redress.--Any plaintext or decryption 
        information provided under this chapter to an investigative or 
        law enforcement officer may not be disclosed, except by court 
        order, to any other person for use in a civil proceeding that 
        is unrelated to a criminal investigation and prosecution for 
        which the plaintext or decryption information is authorized 
        under paragraph (1). Such order shall only issue upon a showing 
        by the party seeking disclosure that there is no alternative 
        means of obtaining the plaintext, or decryption information, 
        being sought and the court also finds that the interests of 
        justice would not be served by nondisclosure.
    ``(b) Limitation.--An investigative or law enforcement officer may 
not use decryption information obtained under this chapter to determine 
the plaintext of any data, including communications, unless it has 
obtained lawful authority to obtain such data, including 
communications, under other lawful authorities.
    ``(c) Return of Decryption Information.--An attorney for the 
Government shall, upon the issuance of an order of a court of competent 
jurisdiction--
            ``(1)(A) return any decryption information to the person 
        responsible for providing it to an investigative or law 
        enforcement officer pursuant to this chapter; or
            ``(B) destroy such decryption information, if the court 
        finds that the interests of justice or public safety require 
        that such decryption information should not be returned to the 
        provider; and
            ``(2) within 10 days after execution of the court's order 
        to return or destroy the decryption information--
                    ``(A) certify to the court that the decryption 
                information has either been returned or destroyed 
                consistent with the court's order; and
                    ``(B) if applicable, notify the provider of the 
                decryption information of the destruction of such 
                information.
    ``(d) Other Disclosure of Decryption Information.--Except as 
otherwise provided in section 2803, decryption information or the 
plaintext of otherwise encrypted data, including communications, shall 
not be disclosed by any person unless the disclosure is--
            ``(1) to the person encrypting the data, including 
        communications, or an authorized agent thereof;
            ``(2) with the consent of the person encrypting the data, 
        including pursuant to a contract entered into with the person;
            ``(3) pursuant to a court order upon a showing of 
        compelling need for the information that cannot be accommodated 
        by any other means if--
                    ``(A) the person who supplied the information is 
                given reasonable notice, by the person seeking the 
                disclosure, of the court proceeding relevant to the 
                issuance of the court order; and
                    ``(B) the person who supplied the information is 
                afforded the opportunity to appear in the court 
                proceeding and contest the claim of the person seeking 
                the disclosure;
            ``(4) pursuant to a determination by a court of competent 
        jurisdiction that another person is lawfully entitled to hold 
        such decryption information, including determinations arising 
        from legal proceedings associated with the incapacity, death, 
        or dissolution of any person; or
            ``(5) otherwise permitted by law.
``Sec. 2806. Identification of decryption information
    ``(a) Identification.--To avoid inadvertent disclosure of 
decryption information, any person who provides decryption information 
to an investigative or law enforcement officer pursuant to this chapter 
shall specifically identify that part of the material that discloses 
decryption information as such.
    ``(b) Responsibility of Investigative or Law Enforcement Officer.--
The investigative or law enforcement officer receiving any decryption 
information under this chapter shall maintain such information in a 
facility and in a method so as to reasonably assure that inadvertent 
disclosure does not occur.
``Sec. 2807. Definitions
    ``The definitions set forth in section 101 of the Encryption for 
the National Interest Act shall apply to this chapter.''.
    (b) Conforming Amendment.--The table of chapters for part I of 
title 18, United States Code, is amended by inserting after the item 
relating to chapter 121 the following new item:

``125. Encrypted data, including communications.............    2801''.

                    TITLE II--GOVERNMENT PROCUREMENT

SEC. 201. FEDERAL PURCHASES OF ENCRYPTION PRODUCTS.

    (a) Decryption Capabilities.--The President may, consistent with 
the provisions of subsection (b), direct that any encryption product or 
service purchased or otherwise procured by the United States Government 
to provide the security service of data confidentiality for a computer 
system owned and operated by the United States Government shall include 
recoverability features or functions that enable the timely decryption 
of encrypted data, including communications, or timely access to 
plaintext by an authorized party without the knowledge or cooperation 
of the person using such encryption products or services.
    (b) Consistency With Intelligence Services and Military 
Operations.--The President shall ensure that all encryption products 
purchased or used by the United States Government are supportive of, 
and consistent with, all statutory obligations to protect sources and 
methods of intelligence collection and activities, and supportive of, 
and consistent with, those needs required for military operations and 
the conduct of foreign policy.

SEC. 202. NETWORKS ESTABLISHED WITH FEDERAL FUNDS.

    The President may direct that any communications network 
established for the purpose of conducting the business of the Federal 
Government shall use encryption products that--
            (1) include features and functions that enable the timely 
        decryption of encrypted data, including communications, or 
        timely access to plaintext, by an authorized party without the 
        knowledge or cooperation of the person using such encryption 
        products or services; and
            (2) are supportive of, and consistent with, all statutory 
        obligations to protect sources and methods of intelligence 
        collection and activities, and supportive of, and consistent 
        with, those needs required for military operations and the 
        conduct of foreign policy.

SEC. 203. GOVERNMENT CONTRACT AUTHORITY.

    The President may require as a condition of any contract by the 
Government with a private sector vendor that any encryption product 
used by the vendor in carrying out the provisions of the contract with 
the Government include features and functions that enable the timely 
decryption of encrypted data, including communications, or timely 
access to plaintext, by an authorized party without the knowledge or 
cooperation of the person using such encryption products or services.

SEC. 204. PRODUCT LABELS.

    An encryption product may be labeled to inform Government users 
that the product is authorized for sale to or for use by Government 
agencies or Government contractors in transactions and communications 
with the United States Government under this title.

SEC. 205. NO PRIVATE MANDATE.

    The United States Government may not require the use of encryption 
standards for the private sector except as otherwise authorized by 
section 204.

SEC. 206. EXCLUSION.

    Nothing in this title shall apply to encryption products and 
services used solely for access control, authentication, integrity, 
nonrepudiation, digital signatures, or other similar purposes.

                    TITLE III--EXPORTS OF ENCRYPTION

SEC. 301. EXPORTS OF ENCRYPTION.

    (a) Authority To Control Exports.--The President shall control the 
export of all dual-use encryption products.
    (b) Authority To Deny Export for National Security Reasons.--
Notwithstanding any provision of this title, the President may deny the 
export of any encryption product on the basis that its export is 
contrary to the national security.
    (c) Decisions Not Subject to Judicial Review.--Any decision made by 
the President or his designee with respect to the export of encryption 
products under this title shall not be subject to judicial review.

SEC. 302. LICENSE EXCEPTION FOR CERTAIN ENCRYPTION PRODUCTS.

    (a) License Exception.--Upon the enactment of this Act, any 
encryption product with an encryption strength of 64 bits or less shall 
be eligible for export under a license exception if--
            (1) such encryption product is submitted for a 1-time 
        technical review;
            (2) such encryption product does not require licensing 
        under otherwise applicable regulations;
            (3) such encryption product is not intended for a country, 
        end user, or end use that is by regulation ineligible to 
        receive such product, and the encryption product is otherwise 
        qualified for export;
            (4) the exporter, within 180 days after the export of the 
        product, submits a certification identifying--
                    (A) the intended end use of the product; and
                    (B) the name and address of the intended recipient 
                of the product, where available;
            (5) the exporter, within 180 days of the export of the 
        product, provides the names and addresses of its distribution 
        chain partners; and
            (6) the exporter, at the time of submission of the product 
        for technical review, provides proof that its distribution 
        chain partners have contractually agreed to abide by all laws 
        and regulations of the United States concerning the export and 
        reexport of encryption products designed or manufactured within 
        the United States.
    (b) One-Time Technical Review.--(1) The technical review referred 
to in subsection (a) shall be completed within no longer than 45 days 
after the submission of all of the information required under paragraph 
(2).
    (2) The President shall specify the information that must be 
submitted for the 1-time technical review referred to in this section.
    (3) An encryption product may not be exported during the technical 
review of that product under this section.
    (c) Periodic Review of License Exception Eligibility Level.--(1) 
Not later than 180 days after the date of the enactment of this Act, 
the President shall notify the Congress of the maximum level of 
encryption strength, which may not be lower than 64-bit, that may be 
exported from the United States under license exception pursuant to 
this section consistent with the national security.
    (2) The President shall, at the end of each successive 180-day 
period after the notice provided to the Congress under paragraph (1), 
notify the Congress of the maximum level of encryption strength, which 
may not be lower than that in effect under this section during that 
180-day period, that may be exported from the United States under a 
license exception pursuant to this section consistent with the national 
security.
    (d) Factors Not To Be Considered.--A license exception for the 
exports of an encryption product under this section may be allowed 
whether or not the product contains a method of decrypting encrypted 
data.

SEC. 303. DISCRETIONARY AUTHORITY.

    Notwithstanding the requirements of section 305, the President may 
permit the export, under a license exception pursuant to the conditions 
of section 302, of encryption products with an encryption strength 
exceeding the maximum level eligible for a license exception under 
section 302, if the export is consistent with the national security.

SEC. 304. EXPEDITED REVIEW AUTHORITY.

    The President shall establish procedures for the expedited review 
of commodity classification requests, or export license applications, 
involving encryption products that are specifically approved, by 
regulation, for export.

SEC. 305. ENCRYPTION LICENSES REQUIRED.

    (a) United States Products Exceeding Certain Bit Length.--Except as 
permitted under section 303, in the case of all encryption products 
with an encryption strength exceeding the maximum level eligible for a 
license exception under section 302, which are designed or manufactured 
within the United States, the President may grant a license for export 
of such encryption products, under the following conditions:
            (1) There shall not be any requirement, as a basis for an 
        export license, that a product contains a method of--
                    (A) gaining timely access to plaintext; or
                    (B) gaining timely access to decryption 
                information.
            (2) The export license applicant shall submit--
                    (A) the product for technical review;
                    (B) a certification, under oath, identifying--
                            (i) the intended end use of the product; 
                        and
                            (ii) the expected end user or class of end 
                        users of the product;
                    (C) proof that its distribution chain partners have 
                contractually agreed to abide by all laws and 
                regulations of the United States concerning the export 
                and reexport of encryption products designed or 
                manufactured within the United States; and
                    (D) the names and addresses of its distribution 
                chain partners.
    (b) Technical Review for License Applicants.--(1) The technical 
review described in subsection (a)(3)(A) shall be completed within 45 
days after the submission of all the information required under 
paragraph (2).
    (2) The information to be submitted for the technical review shall 
be the same as that required to be submitted pursuant to section 
302(b)(2).
    (3) An encryption product may not be exported during the technical 
review of that product under this section.
    (c) Post-Export Reporting.--
            (1) Unauthorized use.--All exporters of encryption products 
        that are designed or manufactured within the United States 
        shall submit a report to the Secretary at any time the exporter 
        has reason to believe any such exported product is being 
        diverted to a use or a user not approved at the time of export.
            (2) Pirating.--All exporters of encryption products that 
        are designed or manufactured within the United States shall 
        report any pirating of their technology or intellectual 
        property to the Secretary as soon as practicable after 
        discovery.
            (3) Distribution chain partners.--All exporters of 
        encryption products that are designed or manufactured within 
        the United States, and all distribution chain partners of such 
        exporters, shall submit to the Secretary a report which shall 
        specify--
                    (A) the particular product sold;
                    (B) the name and address of--
                            (i) the ultimate end user of the product, 
                        if known; or
                            (ii) the name and address of the next 
                        purchaser in the distribution chain; and
                    (C) the intended use of the product sold.
    (d) Exercise of Other Authorities.--The Secretary, the Secretary of 
Defense, and the Secretary of State may exercise the authorities they 
have under other provisions of law, including the Export Administration 
Act of 1979, as continued in effect under the International Emergency 
Economic Powers Act, to carry out this title.
    (e) Waiver Authority.--
            (1) In general.--The President may by Executive order waive 
        any provision of this title, or the applicability of any such 
        provision to a person or entity, if the President determines 
        that the waiver is necessary to advance the national security. 
        The President shall, not later than 15 days after making such 
        determination, submit a report to the committees referred to in 
        paragraph (2) that includes the factual basis upon which such 
        determination was made. The report may be in classified format.
            (2) Committees.--The committees referred to in paragraph 
        (1) are the Committee on International Relations, the Committee 
        on Armed Services, and the Permanent Select Committee on 
        Intelligence of the House of Representatives, and the Committee 
        on Foreign Relations, the Committee on Armed Services, and the 
        Select Committee on Intelligence of the Senate.
            (3) Decisions not subject to judicial review.--Any 
        determination made by the President under this subsection shall 
        not be subject to judicial review.

SEC. 306. ENCRYPTION INDUSTRY AND INFORMATION SECURITY BOARD.

    (a) Encryption Industry and Information Security Board 
Established.--There is hereby established an Encryption Industry and 
Information Security Board. The Board shall undertake an advisory role 
for the President.
    (b) Purposes.--The purposes of the Board are--
            (1) to provide a forum to foster communication and 
        coordination between industry and the Federal Government on 
        matters relating to the use of encryption products;
            (2) to enable the United States to effectively and 
        continually understand the benefits and risks to its national 
        security, law enforcement, and public safety interests by 
        virtue of the proliferation of strong encryption on the global 
        market;
            (3) to evaluate and make recommendations regarding the 
        further development and use of encryption;
            (4) to advance the development of international standards 
        regarding interoperability and global use of encryption 
        products;
            (5) to promote the export of encryption products 
        manufactured in the United States;
            (6) to recommend policies enhancing the security of public 
        networks;
            (7) to encourage research and development of products that 
        will foster electronic commerce;
            (8) to promote the protection of intellectual property and 
        privacy rights of individuals using public networks; and
            (9) to evaluate the availability and market share of 
        foreign encryption products and their threat to United States 
        industry.
    (c) Membership.--(1) The Board shall be composed of 12 members, as 
follows:
            (A) The Secretary, or the Secretary's designee.
            (B) The Attorney General, or his or her designee.
            (C) The Secretary of Defense, or the Secretary's designee.
            (D) The Director of Central Intelligence, or his or her 
        designee.
            (E) The Director of the Federal Bureau of Investigation, or 
        his or her designee.
            (F) The Special Assistant to the President for National 
        Security Affairs, or his or her designee, who shall chair the 
        Board.
            (G) Six representatives from the private sector who have 
        expertise in the development, operation, marketing, law, or 
        public policy relating to information security or technology. 
        Members under this subparagraph shall each serve for 5-year 
        terms.
    (2) The six private sector representatives described in paragraph 
(1)(G) shall be appointed as follows:
                    (A) Two by the Speaker of the House of 
                Representatives.
                    (B) One by the Minority Leader of the House of 
                Representatives.
                    (C) Two by the Majority Leader of the Senate.
                    (D) One by the Minority Leader of the Senate.
    (e) Meetings.--The Board shall meet at such times and in such 
places as the Secretary may prescribe, but not less frequently than 
every four months. The Federal Advisory Committee Act (5 U.S.C. App.) 
does not apply to the Board or to meetings held by the Board under this 
section.
    (f) Findings and Recommendations.--The chair of the Board shall 
convey the findings and recommendations of the Board to the President 
and to the Congress within 30 days after each meeting of the Board. The 
recommendations of the Board are not binding upon the President.
    (g) Limitation.--The Board shall have no authority to review any 
export determination made pursuant to this title.
    (h) Foreign Availability.--The consideration of foreign 
availability by the Board shall include computer software that is 
distributed over the Internet or advertised for sale, license, or 
transfer, including over-the-counter retail sales, mail order 
transactions, telephone order transactions, electronic distribution, or 
sale on approval and its comparability with United States products and 
its use in United States and foreign markets.
    (i) Termination.--This section shall cease to be effective 10 years 
after the date of the enactment of this Act.

                    TITLE IV--LIABILITY LIMITATIONS

SEC. 401. COMPLIANCE WITH COURT ORDER.

    (a) No Liability for Compliance.--Subject to subsection (b), no 
civil or criminal liability under this Act, or under any other 
provision of law, shall attach to any person for disclosing or 
providing--
            (1) the plaintext of encrypted data, including 
        communications;
            (2) the decryption information of such encrypted data, 
        including communications; or
            (3) technical assistance for access to the plaintext of, or 
        decryption information for, encrypted data, including 
        communications.
    (b) Exception.--Subsection (a) shall not apply to a person who 
provides plaintext or decryption information to another in violation of 
the provisions of this Act.

SEC. 402. COMPLIANCE DEFENSE.

    Compliance with the provisions of sections 2803, 2804, 2805, or 
2806 of title 18, United States Code, as added by section 103(a) of 
this Act, or any regulations authorized by this Act, shall provide a 
complete defense for any civil action for damages based upon activities 
covered by this Act, other than an action founded on contract.

SEC. 403. GOOD FAITH DEFENSE.

    An objectively reasonable reliance on the legal authority provided 
by this Act and the amendments made by this Act, authorizing access to 
the plaintext of otherwise encrypted data, including communications, or 
to decryption information that will allow the timely decryption of 
data, including communications, that is otherwise encrypted, shall be 
an affirmative defense to any criminal or civil action that may be 
brought under the laws of the United States or any State.

                   TITLE V--INTERNATIONAL AGREEMENTS

SEC. 501. SENSE OF CONGRESS.

    It is the sense of Congress that--
            (1) the President should conduct negotiations with foreign 
        governments for the purposes of establishing binding export 
        control requirements on strong nonrecoverable encryption 
        products; and
            (2) such agreements should safeguard the privacy of the 
        citizens of the United States, prevent economic espionage, and 
        enhance the information security needs of the United States.

SEC. 502. FAILURE TO NEGOTIATE.

    The President may consider a government's refusal to negotiate 
agreements described in section 501 when considering the participation 
of the United States in any cooperation or assistance program with that 
country.

SEC. 503. REPORT TO CONGRESS.

    (a) Report to Congress.--The President shall report annually to the 
Congress on the status of the international effort outlined by section 
501.
    (b) First Report.--The first report required under subsection (a) 
shall be submitted in unclassified form no later than September 1, 
2000.

                   TITLE VI--MISCELLANEOUS PROVISIONS

SEC. 601. EFFECT ON LAW ENFORCEMENT ACTIVITIES.

    (a) Collection of Information by Attorney General.--The Attorney 
General shall compile, and maintain in classified form, data on--
            (1) the instances in which encryption has interfered with, 
        impeded, or obstructed the ability of the Department of Justice 
        to enforce the laws of the United States; and
            (2) the instances where the Department of Justice has been 
        successful in overcoming any encryption encountered in an 
        investigation.
    (b) Availability of Information to the Congress.--The information 
compiled under subsection (a), including an unclassified summary 
thereof, shall be submitted to Congress annually beginning October 1, 
2000.

SEC. 602. INTERPRETATION.

    Nothing contained in this Act or the amendments made by this Act 
shall be deemed to--
            (1) preempt or otherwise affect the application of the Arms 
        Export Control Act (22 U.S.C. 2751 et seq.), the Export 
        Administration Act of 1979 (50 U.S.C. App. 2401 et seq.), or 
        the International Emergency Economic Powers Act (50 U.S.C. 1701 
        et seq.) or any regulations promulgated thereunder;
            (2) affect foreign intelligence activities of the United 
        States; or
            (3) negate or diminish any intellectual property 
        protections under the laws of the United States or of any 
        State.

SEC. 603. FBI TECHNICAL SUPPORT.

    There are authorized to be appropriated for the Technical Support 
Center in the Federal Bureau of Investigation, established pursuant to 
section 811(a)(1) of the Antiterrorism and Effective Death Penalty Act 
of 1996 (Public Law 104-132)--
            (1) $25,000,000 for fiscal year 2000 for building and 
        personnel costs;
            (2) $20,000,000 for fiscal year 2001 for personnel and 
        equipment costs;
            (3) $15,000,000 for fiscal year 2002; and
            (4) $15,000,000 for fiscal year 2003.

SEC. 604. SEVERABILITY.

    If any provision of this Act or the amendments made by this Act, or 
the application thereof, to any person or circumstances is held invalid 
by a court of the United States, the remainder of this Act or such 
amendments, and the application thereof, to other persons or 
circumstances shall not be affected thereby.
            Amend the title so as to read: ``A bill to protect national 
        security and public safety through the balanced use of export 
        controls on encryption products.''.