[2289] in cryptography@c2.net mail archive
DoJ claims no mandatory crypto-backdoors
daemon@ATHENA.MIT.EDU (Declan McCullagh)
Wed Mar 18 11:20:23 1998
Date: Tue, 17 Mar 1998 21:20:38 -0500
To: cryptography@c2.net
From: Declan McCullagh <declan@well.com>
===
[Litt summarized this statement while testifying today. Profs. Epstein and
Sullivan's testimony is at www.computerprivacy.org. --Declan]
********
PREPARED STATEMENT OF
ROBERT S. LITT
PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL
BEFORE THE SENATE JUDICIARY COMMITTEE
SUBCOMMITTEE ON THE CONSTITUTION, FEDERALISM, AND PROPERTY
SUBJECT - PRIVACY IN A DIGITAL AGE: ENCRYPTION AND MANDATORY ACCESS
March 17, 1998
Thank you, Mr. Chairman and members of the Subcommittee, for this
opportunity to
discuss with you the important and complex issue of encryption. Encryption
holds
the promise of providing all of us with the ability to protect data and
communications from unlawful and unauthorized access, disclosure, and
alteration. Moreover, encryption can help prevent crime by protecting a wide
range of data as we and our valued information become more and more
connected to
each other and to potential adversaries through the spread of information
networks. As a result, the law enforcement community supports the development
and widespread use of strong encryption products and services.
At the same time, however, the widespread use of unbreakable encryption
presents
a tremendous potential threat to public safety and national security. Criminals
and terrorists have already begun using encryption to conceal their illegal
activities and to defeat important law enforcement and national security
objectives. In developing our Nation's encryption policy, we must carefully
balance the many different interests that the policy will affect. In seeking
that balance, it is essential to understand both the promise and the peril that
this technology holds, and to identify responsible ways forward that
advance all
of the competing interests.I want to begin, Mr. Chairman, by clarifying the
Clinton Administration's recent initiatives regarding encryption. For some
time,
the Administration's position has been to encourage the design,
manufacture, and
use of encryption products and services that allow for the plaintext of
encrypted data to be recovered. The Administration's approach has in fact found
support in the marketplace, in part because businesses and individuals need a
routinely available method to recover encrypted information. For example, a
company might find that one of its employees lost his encryption key, thus
accidentally depriving the business of critically important and time-sensitive
data. Or a business may find that a disgruntled employee has encrypted
confidential information and then absconded with the key. In this type of case,
a data recovery system promotes important private sector interests. Indeed, as
the Government implements encryption in our own information technology systems,
it also has a business need for plaintext recovery to assure that data and
information that we are statutorily required to maintain are in fact available
at all times. For these reasons, as well as to protect public safety, the
Administration has been affirmatively encouraging the development of data
recovery products, recognizing that only their widespread, ubiquitous use will
both provide greater protection for data and protect public safety.
In further support of this goal, two weeks ago we set in motion a process of
pursuing an intensive dialogue between industry and law enforcement. Our
goal in
this process is to bring the creative genius of America's technology leaders to
bear in developing technical, market-savvy solutions that will enable Americans
to realize the benefits of strong encryption while continuing to protect public
safety and national security. We do not harbor any illusions that there is one
magic technology, a silver bullet that addresses all the needs of the
marketplace.
But we think constructive dialogue in a variety of areas and fora is far
preferable to a stalemate that arises from a battle of wills and rhetoric;
working together is better than fighting legislative battles.
The Administration is not advocating any single product, technology, or even
technical approach. Rather, we are flexible -- provided that the resulting
solutions and arrangements preserve the Nation's ability to protect the public
safety and defend our national security. These are public interests of the
highest order, shared by the Congress and by all of our law-abiding citizens.
Industry has the technical know- how to develop commercially viable mechanisms
that maintain the government's ability to safeguard its citizens, while
protecting our citizens from unwarranted intrusions from any source. Now
let me
describe in a little more detail the important law enforcement and national
security interests that are at stake in the encryption debate. First, I
want to
reiterate that the Department of Justice supports the use of strong encryption.
Law enforcement's responsibilities and concerns include protecting privacy and
promoting secure commerce over our nation's information infrastructure. For
example, we prosecute those who violate the privacy of others by illegal
eavesdropping, hacking, or stealing confidential information. In the National
Information Infrastructure Protection Act of 1996, at the request of the
Administration, Congress provided further protection to the confidentiality of
stored data. And the Department of Justice helps promote the growth of
electronic commerce by enforcing the laws, including those that protect
intellectual property rights and that combat computer and communications fraud.
Moreover, the Department of Justice, like other government agencies, realizes
that our own information technology systems will increasingly require the
use of
strong encryption to provide appropriate security for the valuable and
sensitive
information that we hold on behalf of the American people. The Department, both
as an enforcer of the law and as a consumer of encryption technologies,
thus has
a keen interest in the success of American industry in this area.
However, I don't think that it can reasonably be disputed that the unchecked
spread of non-recoverable encryption will also endanger the public safety and
our national security. People think of encryption primarily in the context of
transmitted communications such as phone calls, and its effect on wiretaps.
Indeed, it is absolutely essential that law enforcement preserve the ability to
obtain the plaintext of information from lawfully authorized wiretaps and to
authenticate this information in court. Court-ordered wiretaps are an essential
tool for law enforcement in investigating and prosecuting some of our most
important matters involving narcotics dealing, terrorism and organized crime.
But I'd like to focus for a moment on a slightly different aspect here: data
stored on computers. It's very common, for example, for drug dealers or
terrorists, or any other criminals for that matter, to keep records of their
activities in notebooks or other written form. When I was an Assistant United
States Attorney, I prosecuted several cases in which we arrested drug dealers
and seized their "little black books" pursuant to search warrants or other
valid
legal authority. These notebooks provided invaluable evidence against the
defendant and helped us identify and prosecute other members of the drug ring.
Today, however, we might find that the defendant is using one of the
increasingly popular electronic organizers or personal information manager
software programs to keep his records instead of a notebook. Or we might find
that a swindler running a telemarketing scam has his records on a computer
instead of in file cabinets. The switch from written to digital records
does not
undermine law enforcement interests -- as long as the defendant hasn't
encrypted
the data. But if strong encryption becomes a standard feature, law enforcement
will lose its ability to obtain and use this evidence.
In fact, commonly available encryption products are already so strong that we
cannot break them.
The same problem exists with respect to other types of criminals also. Ramzi
Yousef, the mastermind of the World Trade Center bombing, used a laptop
computer. Pedophiles who exchange child pornography via computer are already
actively using encryption. White collar criminals and economic spies often use
computers to steal our businesses' valuable intellectual property. I can't
emphasize too strongly the danger that unbreakable, non-recoverable encryption
poses: as we move further into the digital age, as more and more data is stored
electronically rather than on paper, as very strong encryption becomes built
into more and more applications, and as it becomes easier and easier to use
this
encryption as a matter of routine, our national security and public safety will
be endangered -unless we act responsibly.
Some people have suggested that this is a mere resource problem for law
enforcement. They believe that law enforcement agencies should simply focus
their resources on cracking strong encryption codes, using high-speed computers
to try every possible key when we need lawful access to the plaintext of
data or
communications that is evidence of a crime. But that idea is simply unworkable,
because this kind of brute force decryption takes too long to be useful to
protect the public safety. For example, decrypting one single message that had
been encrypted with a 56-bit key took 14,000 Pentium-level computers over four
months; obviously, these kinds of resources are not available to the FBI, let
alone the Jefferson City Police Department.
Moreover, it is far easier to extend key lengths than to increase computer
power. Indeed, 128-bit encryption is already becoming commonplace. In this
environment, no one has been able to explain how brute force decryption will
permit law enforcement to fulfill its public safety responsibilities.
We believe that the most responsible solution is the development and widespread
use of encryption systems that, through a variety of technologies, permit
timely
access to plaintext by law enforcement authorities acting under lawful
authority. I will refer to these systems, collectively, as plaintext recovery
systems, although they can encompass a variety of technical approaches. The
concept of key recovery, where the key to encryption is held by a trusted third
party, is one such approach, but it is by no means the only one that would meet
law enforcement's goals.
Some have suggested that law enforcement's access to the plaintext of encrypted
data and communications that is evidence of a crime would violate
constitutional
rights. Although I will discuss in a moment the constitutionality of a
mandatory
recovery regime, let me begin by reiterating that no such mandatory
regimeexists, nor does the Administration seek one. Rather, the
Administration's
efforts have been to encourage the voluntary use of data recovery products. In
this context, there is no doubt that the government's efforts are
constitutional.
It is certainly difficult to understand how a voluntary regime might
violate the
Fourth Amendment. As with any kind of stored and transmitted data, it is
axiomatic that the government may obtain both encrypted text and decryption
keys
pursuant to lawful process, which may include a wiretap order, a search warrant
issued upon probable cause, a subpoena, or the consent of the party possessing
the particular item. Each of these comports with the Fourth Amendment, and
voluntary data recovery products do not change this analysis. Additionally, if
an individual's encryption key were stored with a third party, Congress require
by legislation that, to compel production of the key, law enforcement would
have
to meet a standard higher than that required by the Fourth Amendment, much as
the Electronic Communications Privacy Act requires a court order to obtain
transactional data. If Congress were to address this issue, we would be pleased
to work with you to determine the appropriate standard and mechanisms for
obtaining keys.
The Subcommittee has requested that I address the legal issues that might be
associated with a mandatory plaintext recovery regime. Again, let me restate
that the Administration does not advocate such an approach, and believes that a
voluntary solution is preferable. Nonetheless, I am prepared to discuss
hypothetical legislation prohibiting the manufacture, distribution and
import of
encryption products that do not contain plaintext recovery technologies, so
that
the capability to decrypt encrypted data and communications is available to law
enforcement upon presentation of valid legal authority.
In considering the Department's views on these issues, I would urge you to keep
several caveats in mind. first, the constitutional issues that such a regime
would present are undoubtedly novel ones. Indeed, the spectacular growth of the
digital world has created many confounding legal issues that the Congress, the
courts, the Administration, and our society at large are wrestling with. If
history is any guide, changes in technology can lead to changes in our
understanding of applicable constitutional doctrine. Moreover, these issues are
particularly difficult to address in the abstract, because mandatory plaintext
recovery could take a variety of forms. Nonetheless, and with these caveats, it
is the best judgment of the Department of Justice that a mandatory plaintext
recovery regime, if appropriately structured, could comport with constitutional
doctrine. Let me turn first to the Fourth Amendment. It should be
remembered at
the outset that the Fourth Amendment does not provide an absolute right of
privacy, but protects reasonable expectations of privacy by prohibiting
unreasonable searches and requiring that a warrant issue only upon a finding of
probable cause by a neutral and detached magistrate. A well-designed plaintext
recovery regime would ensure that users' reasonable expectations of privacy
were
preserved. Any legislation in this area, whether or not it imposed plaintext
recovery requirements, should not lessen the showing the government must
make to
obtain access to plaintext. If a search warrant for data was required
before, it
should be required under any new regime. By requiring the government to meet
current constitutional thresholds to obtain plaintext, such a regime would, in
our view, comply with the Fourth Amendment. Moreover, Congress could require
under such a regime that even if law enforcement obtains a search warrant for
data or communications, it would need additional authority, such as a court
order, to obtain the key or other information necessary to perform any
decryption if the information is encrypted.
Some have also argued that mandatory plaintext recovery regime would
violate the
Fifth Amendment's prohibition against compulsory self- incrimination. However,
the Fifth Amendment generally prohibits only disclosures that are compelled,
testimonial, and incriminating. If a manufacturer of an encryption product were
required to maintain information sufficient to allow law enforcement access to
plaintext, we believe that there would be no violation of the Fifth Amendment
because no disclosure at all would be compelled from the user of the encryption
product. If, on the other hand, a mandatory plaintext recovery regime required
the user of an encryption product to store his key (or other information needed
for recovery) with a third party in advance of using the product, we do not
believe that such an arguably compelled disclosure would be testimonial as that
term has been interpreted by the Supreme Court. In Doe v. United States, 489
U.S. 201 (1988), the Court held that an order compelling a person to execute a
form consenting to disclosure of foreign bank accounts did not violate the
Fifth
Amendment because the form was not testimonial. The compelled disclosure of
decryption information to a third party would not seem to be any more
testimonial. Moreover, we doubt whether such a disclosure would be
incriminating, because unless and until the encryption product is used in the
commission of a crime, the key would pose no threat of incrimination
against the
user.
Finally, it has been suggested that a statutory restriction on the manufacture,
import, and distribution of certain types of encryption products would violate
the First Amendment. Opponents of encryption restrictions sometimes argue that
the First Amendment protects the right of persons to speak in "code" --
i.e., to
speak in ciphertext -- and that a restriction on the distribution of products
that make a particular coded communication possible would be analogous to
placing a restriction on the use of a foreign language. This First Amendment
argument rests on the faulty premise that the creation or dissemination of
ciphertext itself is constitutionally protected. But, unlike a foreign
language,
the ciphertext that is created by strong encryption products cannot be
understood by the viewer or listener. When it is heard, such as on a wiretap of
a telephone, ciphertext simply takes the form of unintelligible static. In
written form, ciphertext may be in the form of letters, numerals and symbols,
but no human being can read or "understand" it: it does not contain characters
or words or symbols that represent or correspond to any other characters, words
or symbols. Accordingly, ciphertext is not like a foreign language, the use of
which can convey unique meaning and nuance to the listener or reader. Thus,
ciphertext itself -- as opposed to the underlying plaintext -- has none of the
properties of protected "speech" that the Supreme Court has traditionally
identified, and, accordingly, the dissemination of ciphertext should not be
entitled to First Amendment protection.
A second form of First Amendment argument focuses not on the ciphertext, but on
the underlying plaintext. Under this theory, a prohibition on the
manufacture or
distribution of nonrecoverable encryption products would inhibit an alleged
constitutional right of persons to obscure their communications in any manner
they see fit. Even if legislation would impose such a practical limitation on
the manner in which speakers may obscure their underlying communications, it
could be drafted so as to pass muster as a permissible time, place and manner
restriction -- particularly since any such restriction on the "tools" of speech
would be unrelated to any communicative impact of the underlying plaintext and
the controls would leave open ample and robust alternative channels or methods
for obscuring the underlying plaintext.
A related argument is that a communications infrastructure in which recoverable
encryption is the de facto standard will impermissibly chill a significant
quantum of speech because individuals' knowledge of law enforcement's
ability to
overhear and decipher communications and data will unduly deter them from
communicating. But under such a system, the government would have no greater
access to the content of private parties' communications than it currently has,
and it is well- settled that the government's exercise of its established
statutory powers to intercept and seize communications does not create such a
"chilling" effect on speech as to transgress the First Amendment, so long as
that power is exercised consistent with the Fourth Amendment, and for valid
reasons authorized by statute, such as to discover evidence of criminal
wrongdoing. See, e.q., United States v. Ramsey, 503 F.2d 524, 526 n.5 (7th Cir.
1974) (Stevens, J.) (rejecting argument that "the very existence of wiretapping
authority has a chilling effect on free speech and, therefore, violates the
First Amendment"); accord United States v. Moody, 977 F.2d 1425, 1432 (11th
Cir.
1992).
A final type of First Amendment argument often heard is that a restriction on
the manufacture and distribution of certain types of encryption products would
impermissibly restrict the ability of cryptographers, and others, to
disseminate
the computer code that is used by computers to transform plaintext into
ciphertext. But that argument is based on the mistaken premise that
dissemination of the code embedded in encryption products itself is necessarily
a form of expression protected by the First Amendment. Most such code is in the
form of "object code." Object code is simply an immense string of "0"s and
"l"s,
representing a bewildering concatenation of thousands or millions of high and
low voltage electrical impulses. As such, machine"readable" cryptographic
object
codes can reveal neither to possible "readers" neither the ideas they embody,
nor the manner in which the ideas are expressed. And this is especially true
where such object code is embedded in a product such as a semiconductor
chip, so
that even the "0"s and "l"s cannot be discerned. Therefore, a restriction
on the
dissemination of encryption products containing object code would not violate
the First Amendment.
The question would be somewhat more complicated with respect to source code --
i.e., the instructions to the computer that human beings write and revise. Some
persons do disseminate source code for communicative purposes. Nevertheless, we
believe that a restriction on the dissemination of certain encryption products
could be constitutional even as applied to those relatively infrequent cases in
which such products are in the form of software that is disseminated for
communicative reasons, because such a restriction could satisfy the
"intermediate"scrutiny that the First Amendment provides for incidental
restrictions on communicative conduct. As we have argued in litigation in the
export-control context, such intermediate scrutiny would be appropriate because
the government's reason for regulating source-code software would not be based
on any informational value that its dissemination might have. Instead,
regulation would be premised on the fact that such software -like all of the
"encryption products" that would be regulated -has physical, functional
properties that can cause a computer to encrypt information and thereby place
plaintext beyond the technical capabilities of law enforcement to recover.
Once again, I would like to emphasize that I have presented our constitutional
analysis of a mandatory plaintext recovery system to respond to the
Subcommittee's request for our views on the legal issues associated with such
systems. As I noted above, this constitutional analysis would depend
significantly on the nature of the particular system Congress mandated and the
findings which supported it; our analysis is entirely generic. Moreover, I
would emphasize again here that it is not the policy of the Administration to
seek mandatory plaintext recovery legislation; it is the Department of
Justice's
hope and expectation that the dialogue with industry that I spoke of earlier
will yield outcomes that make sense from both a business and a public policy
perspective.Those who argue against preserving lawful government access to
encrypted communications often say that the government should bow to the
inevitable and accept, even embrace, the spread of unbreakable encryption,
rather than trying to fight it. For example, one of my colleagues recently met
with a representative of a large computer company who is critical of the
Administration's encryption policy. This industry representative said that he
recognized that encryption poses a problem for law enforcement, but that we
should recognize that other technologies, such as cars, also create
problems for
law enforcement, yet we have managed. He said, "We don't ban cars, do we? Then
why are you trying to ban encryption?"
Of course, I hope it is clear by now that the Government is not trying to ban
encryption. Law enforcement supports the responsible spread of strong
encryption. Use of strong encryption will help deter crime and promote a safe
national information infrastructure.
But the more fundamental point raised by the analogy to the rise of the
automobile is that society"managed" the automobile, not by letting it develop
completely unfettered and without regard to public safety concerns, but
first by
recognizing that cars could cause substantial damage to the public safety, and
then by regulating the design, manufacture, and use of cars to protect the
public safety. Cars must be inspected for safety on a regular basis. Cars are
subject to minimum gasoline mileage requirements and maximum pollutant emission
requirements. Cars built today must include seat belts and air bags. Perhaps
most closely analogous, the laws of every jurisdiction in the United States
closely regulate every aspect of driving cars on the public streets and
highways, from driver's licenses to regulation of speed to direction and
flow of
traffic. Congress and the state legislatures recognized the public safety and
health threats posed by the technology of automotive transportation, even as
they recognized the dramatic benefits of mobility, productivity, and
industrialization that the automobile brought with it. Elected government
representatives of the people have consistently acknowledged and acted on their
sworn responsibilities by assessing the public safety issues at stake and then
regulating the technology accordingly.
Perhaps most relevant to the policy issues posed by encryption is the practice,
begun by most states about a hundred years ago, of requiring cars to be
registered and to bear license plates. More recently, federal law has required
all vehicles to bear a vehicle identification number, or VIN. As you may
recall,
it was the VIN in the Oklahoma City bombing case that led the FBI to the truck
rental office at which Timothy McVeigh rented the truck he used. We now
recognize that license plates and VIN's afford victims of accidents, victims of
car theft, and law enforcement officials with an essential means of identifying
vehicles and obtaining information on the movements of criminals. Just as
legislatures in the early 1900's acted to manage the risks posed by automotive
technology, government leaders today, as the 21st century approaches, must
bring
the same sensitivity to the need to preserve and advance public safety in the
face of encryption in the information age. And such a regulatory scheme, if
constructed properly, will, like license plates, have benefits for businesses
and consumers as well.
Of course, no analogy is perfect. Computers are not cars, and plaintext
recovery
is not a speed limit. But my broader point is an important one. The Framers of
our Constitution determined that individuals would not have an absolute
right of
privacy. The Constitution recognizes that there are certain circumstances in
which it is appropriate for law enforcement to obtain information that the
individual wants to keep private: for example, when a judge finds probable
cause
to believe that information is evidence of a crime. Decisions as to where that
line should be drawn are political and legal ones, not scientific or business
ones; they should be made by this Congress and the courts, not by
programmers or
marketers. Policy should regulate technology; technology should not regulate
policy. Just as in the first part of the twentieth century, the law had to take
account of the changes in society brought about by the automobile, the law will
have to take account of the changes brought about by encryption.
We at the Department of Justice look forward to continuing the productive
discussions we have had with this Subcommittee and the Congress on encryption
issues. We share the goal of arriving at a policy and marketplace that
appropriately balance the competing public and private interests in the spread
of strong encryption.
I would be pleased to answer any questions you may have.
#### END
--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo@vorlon.mit.edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------
