| Committee/Subcommittee: | Activity: | |
| Senate Commerce, Science, and Transportation | Referral, Reporting | |
***NONE***
***NONE***
| Sen Abraham, Spencer - 4/14/1999 | Sen Burns, Conrad R. - 4/14/1999 |
| Sen Feingold, Russell D. - 7/20/1999 | Sen Hutchison, Kay Bailey - 6/22/1999 |
| Sen Kerry, John F. - 4/14/1999 | Sen Leahy, Patrick J. - 4/14/1999 |
| Sen Wyden, Ron - 4/14/1999 |
TABLE OF CONTENTS:
Title I: Domestic Encryption Provisions
Title II: Government Procurement
Title III: Advanced Encryption Standard
Title IV: Improvement of Governmental Technological
Capability
Title V: Export of Encryption Products
Promote Reliable On-Line Transactions to Encourage Commerce and Trade (PROTECT) Act of 1999 - Title I: Domestic Encryption Provisions - Prohibits the Federal Government or any State from establishing any conditions, ties, or links between those encryption products, standards, and services used for confidentiality and those used for authenticity or integrity purposes. Defines encryption as the scrambling of electronic communications or information to preserve its confidentiality, integrity, or authenticity, and to prevent unauthorized recipients from accessing or altering such communications or information.
(Sec. 102) Makes the development, sale, and use of encryption lawful in the United States unless otherwise provided in this Act.
(Sec. 103) Prohibits a Federal or State government from requiring an encryption key (solution) or other access to plaintext communications or information in the building of computer hardware or software.
Title II: Government Procurement - Authorizes any Federal department, agency, or instrumentality (entity) to purchase encryption products for use by Federal officers and employees. Requires the interoperability of such product with other commercially-available encryption products. Prohibits any Federal entity from requiring any person in the private sector to use a particular encryption product or methodology.
Title III: Advanced Encryption Standard - Directs the National Institutes of Standards and Technology (NIST) to complete the Advanced Encryption Standard (AES) process initiated on January 2, 1997, and to make a final selection of one or more new private sector-developed encryption algorithms by January 1, 2002.
(Sec. 302) Prohibits the Secretary of Commerce from promulgating or enforcing any regulation, adopting any standard, or carrying out any policy that: (1) establishes an encryption standard for use by businesses and entities other than for computer systems operated by a Federal entity; or (2) imposes government-designed encryption standards on the private sector by restricting the export of encryption products.
Title IV: Improvement of Governmental Technological Capability - Amends the National Institutes of Standards and Technology Act to direct NIST to: (1) obtain information regarding the most current information security hardware, software, telecommunications and other electronic capabilities; (2) research and develop new technologies to facilitate lawful access to such information and prevent unwanted intrusions; (3) provide assistance in responding to information security threats and vulnerabilities; and (4) facilitate the development and adoption of best information security practices by Federal entities and the private sector.
(Sec. 402) Requires the Computer System Security and Privacy Advisory Board to provide a forum between industry and the Federal Government on information security issues, and to foster the aggregation and dissemination of developments in information security technologies.
(Sec. 403) Authorizes appropriations to ensure that U.S. law enforcement agencies and agencies responsible for national security are able to complete any authorized missions or goals regardless of technological advancements in encryption and digital technology.
Title V: Export of Encryption Products - Gives the Secretary exclusive authority to control the exportation of encryption products.
(Sec. 502) Protects presidential authority to control the export of products, including encryption products, under the Trading With the Enemy Act and the International Emergency Economic Powers Act. Authorizes the Secretary to prohibit the export of an encryption product for reasons such as possible terrorist use or threats to the national security.
(Sec. 503) Authorizes the export, without an export license or export license exception, of any encryption product that utilizes a key length of 64 bits or less.
(Sec. 504) Identifies encryption products which shall be exportable under export license exceptions. Makes encryption products and related computer services eligible for such exception after a one-time technical review. Provides time limits for consideration of exporters' requests for such exceptions.
(Sec. 505) Provides conditions under which encryption products shall be exportable under license exceptions, including such product's general, public, or foreign availability. Establishes an Encryption Export Advisory Board to evaluate and make recommendations with respect to exception applications based on such availability. Allows: (1) judicial review of the Secretary's decision disapproving a Board's finding concerning such availability; and (2) the President to override any Board determination when such export or re-export would harm U.S. national security, including capabilities in fighting drug trafficking, terrorism, or espionage. Requires exporters' requests for license exceptions, including the one-time technical review, to be processed within 15 days.
(Sec. 506) Prohibits the Secretary, upon adoption of the AES, from imposing U.S. encryption export controls on encryption products if the encryption algorithm and key length employed were incorporated in the AES or have an equivalent strength. Makes such product exportable without a license or license exception, and without other restrictions other than those prescribed under this Act.
(Sec. 507) Prohibits the Secretary from imposing any reporting requirement on any encryption product not subject to U.S. export controls or exported under a license exception.