The Senate Commerce Committee approved the McCain-Kerry "Secure Public Networks Act" (S. 909) on June 19-- a bill which would for the first time impose domestic restrictions on the ability of American citizens to use encryption technologies to protect their privacy and security inside the United States.

The main purpose of the Bill is to regulate certificate authorities (CAs). CAs are trustworthy entities such as bank or credit card companies that can provide assurances of identity in cyberspace by issuing certificate of encryption which links keys to encryption users. The Bill states that an encryption user cannot obtain a certificate for encryption without storing a copy of his or her private decryption key or other recovery information with the third party. The Bill requires CAs to release any encryption user's keys upon a mere subpoena without a judicial order. CAs are forbidden to inform encryption users of such a release.

The Bill also codifies a 56-bit key length limit on exports of any encryption products which does not use key recovery.

Persons whose recovery information is unlawfully obtained or used may bring a civil action against the U.S. government. Individuals NOT participating in key recovery are not similarly protected.

The Bill also creates fifteen new federal crimes regarding to the use of encryption.