The main proposal in the government's effort, drafted by Sen. Judd Gregg, R-N.H., seeks to essentially build a back door into all encryption software by requiring users to submit a copy of their private keys to the government or other so-called trusted third party. Such keys would be readily available to law enforcement and intelligence officials during investigations and would allow them to decrypt messages at will.

Gregg's proposal is part of a broader effort by the Bush administration to tighten physical and electronic security in the aftermath of the terror attacks on New York and Washington three weeks ago. U.S. Attorney General John Ashcroft is pushing a sweeping anti-terror bill that, among other things, proposes expanding law enforcement's wiretapping abilities to allow for more digital surveillance of suspected terrorists.

As for Gregg's key escrow proposal, cryptographers and other security experts say it is a flawed idea. In addition to it being impossible to implement on a wide scale, the damage to the "trust" factor for online business-to-business commerce and e-commerce in general would be staggering.

Critics are also quick to point out that no evidence has surfaced that the terrorists who perpetrated the recent attacks used encryption. And they contend there is little chance that terrorists willing to conduct brazen suicide attacks would abide by a law requiring them to provide authorities with a copy of their private keys.

But the most oft-cited argument against new limitations on encryption software is the potential chilling effect it could have on the nation's e-commerce system. "Encryption makes e-commerce work," said William Whyte, director of cryptographic research at Ntru Cryptosystems Inc., in Burlington, Mass. "It makes the stock markets work. You're restricting e-commerce [by restricting encryption]. E-commerce depends on people having trust in their systems, and they can't have that trust without encryption."

Nearly every online marketplace and trading site on the Internet relies on encryption to ensure the integrity of its financial data, as do online banking sites. Many in the financial services industry attacked Gregg's plan as unworkable.

"How will they handle the private keys of each individual [public-key infrastructure]? What happens at key recovery?" asked one security specialist for a large investment company who asked to remain anonymous. "I doubt it will happen. You'd have to send an updated private key each time. [That's] massive amounts of data and storage."

There is also the question of how to secure the system holding the millions of private keys. If such a system were ever breached, the results could be disastrous.

Gregg's proposal, which has also drawn the ire of several of his colleagues in the Senate, has many in the cryptographic community recalling the government's past attempts at regulating the sale and manufacture of encryption software.

"I thought we got beyond the government doing this," said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc., in Cupertino, Calif., and a noted cryptographer. "The problem isn't cryptography. If you think it is, you're not paying attention. This is dangerous. It could certainly affect the security of e-commerce and reduce the amount of people who do things like that online."

Aides say Gregg has discussed the proposal with several other senators and Ashcroft and believes that it has a solid base of support.

"He hasn't even really discerned how it will work yet," said Brian Hart, an aide to Gregg. "He wants a quasi-judicial entity appointed by the Supreme Court to oversee this and hold the keys. He doesn't want law enforcement to hold the keys. We don't need some sheriff giving the key to his buddy. It may be that we just go to each individual and borrow the key for 10 minutes when we need it."

Still, the possibility of governmental regulation of cryptography also has some vendors wondering where that would leave them and their products.