September 23, 1997
The Honorable Thomas J. Bliley
2409 Rayburn HOB
Washington, DC 20515
Dear Chairman Bliley,
We write to express alarm about an unprecedented proposal that has been advanced to impose criminal penalties on the manufacturing or distribution of domestic encryption products that do not contain a government-mandated "back-door." The proposal, drafted in large part by the FBI, has already been adopted by the House Intelligence Committee, and may be offered soon in the Commerce Committee by Reps. Michael Oxley and Thomas Manton as an amendment to H.R. 695, the "Security and Freedom through Encryption (SAFE) Act." The SAFE Act was originally intended to loosen the export controls that have blocked U.S. companies from offering products with strong encryption on the global market. The Oxley-Manton amendment, however, changes fundamentally the nature of SAFE. Rather than liberalizing limitations on encryption, the amendment drastically increases the government's control over the use of both domestic and international encryption technologies.
We believe that this is a profound mistake. Never in peacetime has our government attempted so completely to monopolize a single form of communication; never has it required, in effect, a license to exercise the right to speak. But that is what this amendment would do. In our view, not only could this amendment make our citizens less secure, but it would also contravene fundamental principles of our constitutional tradition. We would no longer be a leader protecting individual rights internationally; we would instead become the architect of the most comprehensive surveillance plan the world has seen since the end of the Cold War.
We are law professors who believe this plan is as unconstitutional as it is unwise. We may individually differ in our reasons, but we have collected below at least some of the reasons that we take the position we do. We urge Congress not to take this step now. No showing has been made to justify so massive a change in our constitutional protections.
These freedoms are a basic part of the fabric of American constitutional law. The Supreme Court has upheld them in innumerable rulings, including McIntyre v. Ohio Elections Commission (affirming the right to anonymous political speech); Riley v. National Fed'n of the Blind ("Mandating speech that a speaker would not otherwise make necessarily alters the content of the speech."); Wooley v. Maynard (holding unconstitutional New Hampshire's requirement that cars display license plates bearing the state motto); West Virginia State Board of Education v. Barnette (holding that compelled recitation of pledge of allegiance violates the First Amendment) .
The amendment would undermine these constitutional rights to free speech. By imposing requirements on cryptographic programs — used by individuals and corporations to protect the privacy and security of their papers and telephone or e-mail conversations — it would in effect be mandating the code software writers may write. Only governmentally approved code could be used to transmit speech the speaker wants to protect; authors and speakers would be required to use this code to say what they wanted to say. This forced speech, we believe, takes the government's power too far.
We accept that law enforcement agencies, if they obtain a warrant based on a showing of probable cause, can intercept a person's communications and seize a person's data. But that power exists after a finding of probable cause has been made. This amendment regulates citizens before any finding of probable cause. It regulates the programs that citizens may use before they speak at all. It requires every citizen to fit his speech to a program essentially designed by the government, so that the government is better able to monitor the citizen's speech. This preemptive strike on free speech is without precedent in our constitutional tradition. We believe it is profoundly misguided. Under the theory of the amendment, the only permissible encrypted speech is governmentally licensed encrypted speech. But this, we believe, the government cannot require.
More fundamentally, the amendment does violence to our Fourth Amendment values by forcing all citizens to communicate in a way that limits their ability to protect their own privacy. In an effort to downplay the significance of its proposal, the FBI has argued that it is only seeking to ensure the ability to obtain plaintext of data that it has already obtained in encrypted form. On this basis, the FBI tries to argue that it is seeking no new authority. On the contrary, under current law and practice, if the government obtains access to encrypted data or communications using any of the surreptitious means now at its disposal, it has no power to assure access to the plaintext of that data. This country's Fourth Amendment has never guaranteed law enforcement's ability to search, seize, and understand every conversation, communication, or stored record of every citizen. We have never required that every person -- whether or not there is probable cause to believe they have committed a crime -- live in the legal equivalent of a glass house, just so the government can facilitate surveillance without the notice or consent of the searched.
The first is the lack of privacy protection against foreign government access to keys, whether stored in the U.S. or elsewhere. Few countries assure privacy protections comparable to ours. Yet the "mutual recognition" agreements essential to a global key recovery system will require the exchange of key information with foreign governments. When other countries request keys, many of these requests will be made on the basis of procedures far less strict than those required under U.S. law. In these cases, it will be difficult or impossible to determine whether the requesting country has complied with anything comparable to our warrant requirements. The risk is even worse when decryption information is held outside of the U.S., for it will be impossible to assure that adequate security precautions are followed by the other government's key recovery system. As a result, American citizens using encryption, both within the U.S. and outside of the U.S., will do so without the privacy protections provided under U.S. law, and without the technical security protections provided by encryption without a backdoor.
The second, and more fundamental problem, is the threat the proposal poses to the historic role of the United States as a defender of freedom. In countries throughout the world, the targets of surveillance include dissidents, religious groups, the press, and economic enterprises. We have long stood to protect the individual against such invasions by governmental surveillance. Ours is not the society of big brother. Yet in advancing this proposal, we would become the leader in establishing a new global surveillance society. Especially where political oppression exists, this will just increase the threats to liberty for these citizens, or for our citizens as they may interact with these countries. The risks of key escrow threaten the press, churches and other non-governmental organizations, as well as individual citizens.
Third, a global key escrow regime would be a threat to American economic security. Other countries will use key escrow as a tool for economic advantage. Following the American lead, other countries will be emboldened to criminalize strong encryption and establish a key escrow system along the lines of the proposed bill. As a condition of doing business, American companies will be required to hand over their keys, and in this way, foreign governments could gain the power to decrypt all business communications that cross their territory. This again would allow foreign governments to read confidential communications without any notice to the company that it is under surveillance.
University of Oregon School of Law
Kevin D. Ashley
University of Pittsburgh School of Law
Jack M. Balkin
Yale Law School
William E. Boyd
University of Arizona College of Law
Darryl K. Brown
University of Dayton School of Law
Dan L. Burk
Seton Hall University School of Law
Julie E. Cohen
University of Pittsburgh School of Law
Peter L. Fitzgerald
Stetson University College of Law
Eric M. Freedman
Hofstra University School of Law
A. Michael Froomkin
University of Miami School of Law
Llewellyn J. Gibbons
Franklin Pierce Law Center
University of Alabama School of Law
UCLA School of Law
University of Massachusetts
Northwestern University School of Law
University of Texas at Austin School of Law
Harvard Law School
Wayne State University
Henry H. Perritt
IIT Chicago-Kent College of Law
David G. Post
Temple University Law School
Stanford Law School
William D. Rich
University of Akron School of Law
Seton Hall University School of Law
Florida State University College of Law
University of California at Berkeley School of Law
Mark S. Scarberry
Pepperdine University School of Law
David E. Sorkin
John Marshall Law School
Ohio State University College of Law
Note: Institutional references are for identification only. The views expressed herein do not necessarily reflect the views of the organizations referenced.
Temple University School of Law
Columbia University School of Law
Cornell Law School
The URL for this page is: http://www.law.miami.edu/~froomkin/lawprof-letter.htm
Back to Michael Froomkin's (unofficial) homepage