|Encryption: A Free Society's Dilemma
A Discusion of Legislative Proposals
As the world moves towards the next millennium, and the technological prowess of nations continues to grow and expand exponentially, societies, and North America in particular, are racing in an attempt to ensure their legal and societal structures keep pace with their technological advancements.
Throughout history society has adapted to advancements in technology, but it takes time. Often, laws trail behind the technology leaving a void. More importantly, individuals frequently attempt to apply archaic legal doctrine to concepts and technologies that were in some cases nearly unimaginable at the time of the inception of the legal principle. Indeed, without understanding, and in some cases applying, the legal theory of the past it would be quite impossible for us to move into the future with any degree of coherence or uniformity. However, it would also be irresponsible for us to blindly accept the rationales of the past as the paradigms for the future.
One technological advancement which the government has recently attempted to regulate and control is the proliferation and improvement of encryption technology for voice and data communications and storage. While capability to encrypt data has been available to the public for many years, the level of encryption strength was such that law enforcement organizations, very determined or skillful hackers, and cryptologists could break the code..Now however, we have entered an era where military grade encryption that is virtually unbreakable is available for free via the Internet..
Not surprisingly, the government, civil libertarians, anarchists, and statists, have all begun to circle their wagons with regard to encryption law and policy over the past three or four years. The privacy concerns of libertarian groups have run head first into the domestic and international security concerns of government and law enforcement. The debate became most heated at the announcement of the Clinton Administration's proposed "Clipper" chip. This "Escrowed Encryption Standard" (EES) as it is called, involves the government as the third party holding the keys in escrow. In the event a court order is obtained, law enforcement can conduct surveillance on encrypted communications using the escrowed decryption key. However, due to an icy reception, the Administration altered the proposal allowing for commercial non-governmental key escrow agents. This would still allow government access to keys through a warrant. This new proposal has been dubbed Clipper II.
Now the Executive Branch and law enforcement have faced off with software industry executives who wish to export their encryption product which has been classified as a munitions. Recently however, the software industry and civil libertarians enlisted a new ally: the United States Congress. Three pieces of legislation, one in the House of Representatives (HR 3011) and two in the Senate (S.1587), and most recently the Pro-CODE Act of 1996, have been introduced in order to attempt to regulate and more importantly deregulate, encryption. The House version is entitled "Security and Freedom Through Encryption (SAFE) Act," and the Senate bills are entitled the "Encrypted Communications Act of 1996" (ECPA), and the Promotion of Commerce On-Line in the Digital Era," respectively.
It is important to note that the SAFE and Pro-CODE bills are virtually identical to the EPCA but they lack a few important provisions that the ECPA version contains. The EPCA and SAFE both modify Title 18 of the U.S. Code to clarify the status of encrypted communications, access to communications by law enforcement, and liability of third party key holders. However, the ECPA version contains articles regarding privacy guidelines including civil and criminal penalties for third party key holders, as well as limits and guidelines for law enforcement access to keys. It is for this reason that the focus will be on the EPCA in order to cover the widest possible range of issues that Congress has been, and will most certainly be, concerning itself with in the coming months.
Whether or not these legislative attempts ever reach a vote, the issues involved are likely to resurface repeatedly until a final legislative, executive and/or judicial decision is made. The following pages will analyze the ECPA and its legislative brethren, and evaluate the legal and policy consequences of these legislative attempts.
I am joined today. . . . in introducing a bill that is pro-business, pro-jobs, and pro-privacy. . . [that] would enhance global competitiveness of our high-tech industries, protect the high-paying good jobs in those industries and maximize the choice in encryption technology available for business and individuals to protect the privacy, confidentiality and security of their computer, telephone, and other wire and electronic communications.
The first part of the Senator's statement conspicuously leaves out any concerns about domestic or international security, ignoring the very debate that spawned the introduction of the bill in the first place. In fact, one would have to go to virtually the last page of Leahy's statement to find any reference to security, which amounted to one sentence: "While national and domestic security concerns must weigh heavily, we need to do a better job of balancing these concerns with American business' need for encryption and the economic opportunities for our high-tech industries that encryption technology provide." Moreover, in looking at the "Findings" section of the bill itself, one must go to finding number 11 out of 15 to find any mention of national security policy. The other two pieces of proposed legislation do not even mention national security.
Clearly, Senator Leahy and his co-sponsors are concerned with the privacy rights of Americans and the global competitiveness of U.S. companies. This fear has been substantiated even by the executive branch in studies by the U.S. Department of Commerce. There is in fact hard evidence that the intellectual property of U.S companies has been and continues to be a bona fide target of foreign intelligence and foreign corporations, thus making strong encryption a necessity for U.S. competitiveness. However, it is instructive for this analysis to note the considerable weight given to global competitiveness in comparison with the little consideration given to global and national security.
There has been criticism and praise for this legislation. The Electronic Frontier Foundation stated that the bill is a "good start." However, there has been a strong response from those who work closely with the government in advocating the Clipper technology. Dorothy Denning of Georgetown University stated that the bill will
. . .erode the ability of our law enforcement and intelligence agencies to carry out their missions. . .[w]ithin a few years, the successful execution of practically all court-ordered intercepts and searches and seizures is likely to depend on their ability to decrypt communications and stored information.
The purpose of the ECPA of 1996 (as well as the SAFE and Pro-CODE) is to ensure that Americans are able to have the maximum possible choice in encryption methods to protect security, confidentiality, and privacy of their lawful wire or electronic communications. In addition however, ECPA presents standards for non-mandatory key escrow.
The Senate bill is separated, for the most part into two main sections one domestic policy, and one national export policy. The domestic section focuses on privacy, the use of encryption within the U.S., and key escrow standards, and the export section deals with export of encryption products. It is important then to adhere to this topical division, and begin the analysis with the domestic use issues.
These legislative attempts make it very clear that all United States citizens will have the right to use encryption regardless of the length of the algorithm, encryption key length, or technique chosen. They also are unambiguous in their declaration that no person will be required to use any form of encryption or require any form of key escrow.  This would effectively bar any future for Clipper or any other form of mandatory key escrow, be it government or commercial.
An interesting and controversial issue with regard to the sections of the ECPA bill is the treatment of law enforcement and the requirements for release of decryption keys to investigative or law enforcement officers. Virtually all of §2802 is dedicated to the duties of commercial key holders, and the conditions under which they must turn over decryption keys. What is intriguing is that the legislature has avoided the issue of individual use of encryption (except to say that all personal use is completely legal), and whether or not an individual as opposed to a third party key holder must turn over the decryption key in the face of a court order or Attorney General certification.
This is without a doubt a very controversial issue in that it involves Constitutional rights under the Fifth Amendment. While a third party "key holder" has no Fifth Amendment rights with respect to another's private key, there is a question as to whether or not an individual has such a right in their encryption key.
In leaving this issue out of the proposed laws, the legislative sponsors ensure that there will be continued ambiguity with regard to whether or not the Fifth Amendment protects individuals from the compelled production of keys. This is not a new problem, in fact as recently as this year a Motion to Compel Discovery was filed with the Supreme Court of the State of New York in order to compel a man to provide the state with the decryption code for files suspected of containing bomb making information.
It is evident, in light of the contemporaneous nature of this issue, that Congress purposefully ignored the problem of warrants for the surrender of privately held keys to law enforcement because of the additional controversy such a provision would provoke. Rather than boldly stating that no individual will be compelled to produce a subpoenaed decryption key, it ignores the issue entirely. The only mention of criminal penalty for the encryption of files can be found in § 2804 which prevents the unlawful use of encryption to obstruct justice. It states that anyone who would ". . . willfully endeavor[ ] by means of encryption to obstruct, impede, or prevent the communication of information in furtherance to a felony. . . to an investigative or law enforcement officer shall. . ." be jailed for a period of not more than five years and/or fined under the title, or ten years for a second conviction. The House bill has a similar provision in HR 3011 Section 2805.
Ostensibly it appears to be a positive step in ensuring that police have at least one statute they can look to when investigating suspects who utilize encryption to hamper an investigation. However, closer scrutiny reveals that this section of the bill might do very little with regard to the decryption of files pursuant to a warrant. The bill criminalizes the use of encryption in furtherance of a crime, however, if the proof of the felony is encrypted, then the statute will do little good. If a file is encrypted, then law enforcement would have to prove that the file was encrypted to further a criminal enterprise, but that would likely be difficult without the contents of the file in the first place. How could the government make the connection between the encrypted file and the criminal act if it has no access to the file? Moreover, this section of the ECPA bill makes no temporal distinction regarding when an encrypted communication would be considered a violation.
This obstruction of justice provision makes no mention whatsoever of mandatory decryption. This would indicate that this section only criminalizes utilizing encryption in order to thwart an investigation in progress. While the bill sets forth specific sentencing guidelines for such a practice, it is in some ways superfluous. It is most likely that any court would find the use of encryption in furtherance of a felony to be obstruction of justice. This still does not solve the issue of what to do when a file has already been encrypted, before the investigation.
Some might argue that encrypting a document prior to any investigation is much like burning or shredding the document, equating criminalizing the use of encryption to making burning paper illegal. However, when one burns a document, the document no longer exists, the user has no further utility in it. Conversely, when a file is encrypted the file remains useful to the owner, and therefore would more accurately be considered the same as if the file were in a locked box to which the owner has the key (an analogy explained later), rather than a document that has been burned.
Why is it so important that law enforcement be able to obtain warrants in order to decrypt files? The answer is that without such a possibility, the power the police have to obtain evidence could be sharply diminished in the future. It is worth noting here that civil libertarians and government supporters get into heated debate about this issue, both in the philosophy and the facts related to the effect encryption has on the capabilities of law enforcement. Certainly, at present, encryption is not a large stumbling block in the vast majority of law enforcement investigations. To wildly protest that society is degrading into anarchy only serves to exacerbate the divide between the those on either side of the issue. Similarly, to dismiss predictions that what is now a minor inconvenience could turn into a very real problem for law enforcement and endanger our society in the future would be equally disingenuous and irresponsible. I have encountered both examples in my research.
The ECPA, official statements from Senators, and letters to the Vice President, have all alluded to concern about the balancing of national security and freedom to use encryption. However, this mention of concern for national security is borderline disingenuous in light of the complete failure to address the problems cryptography could present to law enforcement. In their November 8, 1995 letter, a Center for Democracy and Technology led coalition of information industry companies stated that they were ". . . commencing a process of collective fact-finding and policy deliberation, aimed at building consensus around a more comprehensive cryptography policy framework that meets the following criteria. . .," the last of the criteria listed was the "[r]espect for the legitimate needs of law enforcement and national security, while recognizing the reality that criminals will have access to virtually unbreakable encryption." From the language of the legislation now submitted in Congress, it is evident that the purported desire to respect the legitimate needs of law enforcement amounts to lip-service from self-interested companies. This is to be expected, however, it appears as thought the economic self-interest of corporate America, has lobbied strong enough to push national security and basic law enforcement concerns to the bottom of the priority list.
There are two law enforcement issues here that the ECPA and its sister legislation ignore. One is the continued ability of law enforcement organizations to conduct lawful surveillance of voice and data communications, and the other is the ability to gather evidence for a criminal trial. Both would be impossible if all voice and data communications were encrypted with strong encryption. This is to say that wiretaps as a means of surveillance would be virtually useless (this of course does not mean there are not other methods law enforcement can use, e.g. bugs, or Van Eck monitoring ). Moreover, if it is unconstitutional under the Fifth Amendment for warrants to compel the release of decryption keys, it will be very difficult if not impossible to decrypt files that could possibly be important evidence. Suffice to say that if the new version of the Windows operating system contained 128-bit encryption, search warrants for computer files will be a thing of the past, unless the government has some manner to obtain lawful access to the keys.
There really can be no question about the effect strong encryption will have, even though for some reason there are those who challenge that it will affect law enforcement in any substantial way. While one can argue that very few machines will be entirely secure , and that law enforcement will still have enough tools to do the job, cryptography will impede law enforcement from doing its job. The real debate becomes one of balancing societal interests with personal privacy. The societal interests are indeed substantial, FBI Director Freeh stated recently that "[i]f you think crime is bad now. . . just wait and see what happens if the FBI one day soon is no longer able to conduct court-approved electronic surveillance." Wiretaps may be rare, but it is a fact that wiretaps were instrumental in the capture of the terrorists responsible for the bombing of the World Trade Center in New York.
This is not paranoia, rather it is prediction based on current trends. As more and more people begin to use encryption, so then will criminals. If there is no way to curtail the use of this technology, and no mandatory key escrow, there could be significant problems for enforcement. Already, the Clinton Administration has scrapped the government mandatory key escrow for a commercial escrow version, and the only legislation proposed dealing with encryption has outlawed any version of mandatory escrow altogether. Mandatory key-escrow appears to be dead without much chance of rebirth.
The encryption of stored data as opposed to real time use of encryption to thwart surveillance is another issue that is increasingly important to law enforcement. There have been a few cases where law enforcement has been impeded in its execution of lawful warrants when files are encrypted. During the course of its "Innocent Images" investigation last year the FBI to tracked down pedophiles preying on children using America Online (AOL), encrypted material was encountered, although it is not known if the FBI was able to decrypt it. Another example is the use of PGP by a pedophile in California to encrypt files that the police suspect contains a diary of his contacts with young boys all over the country.
Crypto-Libertarians argue that there is no proof that the use of encryption has in fact really altered the outcome of a court case, or will have such a deleterious and harmful effect on society that they outweigh privacy. This argument can however be foolhardy. As mentioned earlier, an operating system as prevalent as Windows with strong encryption would without a doubt affect efforts to obtain criminal evidence. The question becomes at what point the decryption of child pornography files, or files related to terrorism or narcotics trafficking becomes more important than personal privacy. Looking to the Constitution, and specifically the Fifth Amendment, we can find that allowing the government to compel the decryption of files might be completely acceptable.
While a complete in depth discussion of the Fifth Amendment and the act of production doctrine is outside the scope of this legislative review, it is important to review what entitles one to Fifth Amendment protection. If a password is in your head, the government would have a very hard time showing it can leglly compel you to reveal it (but not impossible as later discussion shows). In Curcio v. United States (1957) the Supreme Court stated that the government cannot force someone to disclose the contents of his own mind if that information is incriminatory. However, if a key is written down it is a different issue entirely. Only testimonial disclosures are protected, therefore if the turning over of the key does not authenticate the document there is no protection.
This is the most complex problem with regard to a Fifth Amendment analysis. Surely, producing the key to an encrypted document at least tacitly, if not indisputably, links the suspect to the encrypted file. This could necessitate invokation of the act of production doctrine begetting act of production immunity. However, it would appear as though producing a key associated with an encrypted document conveys the very same facts about possession and authenticity that are associated with producing the document in plaintext.
Phillip Reitinger in his Compelled Production of Plaintext and Keys notes that the key itself must be viewed as an independent producible object. Obviously, this issue is incredibly intricate, which perhaps explains why Congress chose not to address it. However it does not erase the inherent risks of allowing standard operating system encryption to be an obstacle to lawful warrants.
It is important to note that the government does have the authority to grant immunity. Title 18, § 6002 allows compelled testimony in return for use immunity. This raises an interesting policy question: Are we willing to grant a terrorist such as the individual(s) responsible for the Oklahoma or World Trade Center bombing immunity in order to obtain the decryption key for information about possible future terrorist plots? This is of course an individual prosecutorial question, however, what once was a question regarding compelled speech for immunity, could become a more common compelled decryption key for a grant of immunity.
The issue of compelled speech raises interesting questions. As stated earlier, if a password is only contained in memory, the Supreme Court has stated that the government cannot compel testimony. In United States v. Doe 487 U.S. 201 (1988)(Doe II) the court allowed a defendant to be forced to sign a waiver allowing foreign banks to release account information. The Majority and the Dissent outwardly disagreed on whether the action is more like compelling the production of the key to a strong box, or the revelation of a wall safe combination. The Dissent states that a defendant ". . . may in some cases be forced to surrender a key to a strong box. . . ." The Court agrees that one can be compelled to produce a key for a box but not a safe combination.
If we apply this perspective to encryption keys it makes for an interesting analysis. It is perplexing that the Court would adhere to this theoretical bright line, simply because there is very little difference between a safe and a strong box. The only difference, and the thing that the Court most wants to protect, is that one key has a physical presence, while the other does not.
Let us assume then that this is the case, that one may be compelled to provide the government with a physical key. This would mean that if a decryption key were written down or saved on a computer hard drive then it can be equally subpoenaed and must be surrendered. There is nothing that separates the key on computer memory from a key on paper. Both are a relatively permanent and physical medium. One being graphite or ink on paper, the other being a compilation of ones and zeros presented as words or numbers.
Now, let us turn to the combination of a safe and the memorized phrase or decryption key. These are no more testimonial acts then the surrender of a physical key would be. The only possible incrimination remains in the contents of the safe or the encrypted document. The safe combination and decryption code reveal nothing more then a physical key, and therefore should be considered no different then the key to a box.
No doubt this notion would strike crypto-libertarians as a continued erosion of Constitutional protection. But is it really? The Supreme Court in Curcio made it clear that the contents of one's mind cannot be compelled to be disclosed. But can we equate ideas and thoughts with safe combinations and decryption keys? There is quite simply no difference between a key in your head and a key in your hand, except that one is in your head. It is still a key, and not any sort of statement, idea or expression. Why is producing a physical key not acting as a "witness against oneself" in the eyes of the Constitution, but producing a memorized key is considered tantamount to compelled confession?
Their answer is that the Court, and society as a whole, are afraid of expanding the government's power under the Constitution to compel one to reveal the contents of their mind, whether it be incriminating information or a decryption key. In light of the proposed bill's omission of this issue, the solution will be found in the Courts, unless new legislation is introduced, or the current document is amended.
The issue is ultimately one for society. It is a Constitutional balancing test. This balancing is an excellent example of what was discussed in the introduction regarding an unwillingness to view current issues in a contemporary light. It is wrong to consider decryption keys only in the context of safe combinations and strong boxes. While the theory and case law of the past is a vitally important tool, it is imperative that we view encryption technology in a contemporary light. Thus, we can better understand the full range of issues and problems that our legal system will be faced with in the future to make the proper decision. In short, we cannot abandon the rights that are considered of indelible importance to our citizenry, however we must not be blind to the changes and legal challenges that technology presents.
What is most intriguing from a sociological perspective is the ease with which the argument for protection from the "evil" government is accepted in the Crypto-Libertarian circles. It is as if it is some basic fact that the government is not to be trusted, and will, if given the chance abuse whatever powers we allow it to have over us. Certainly, this has been the case in many occasions, but is it the general rule?
I would feel quite uncomfortable giving the government the key to my front door to keep in case a search warrant were issued for my home. There is a certain degree of privacy and security that such a law would seem to invade. The same would go for a mandatory escrow system. However, I am comfortable with the fact that the government can, if a warrant is issued, break down my door. To assert that a warrant could be defective, or the wrong door broken down would be to focus on the anomaly and not the norm. It happens, (in fact it happened to an innocent family in St. Louis the day before this paper was uploaded), but we do not prohibit police search warrants because ocassionally innocent people are harassed. The societal cost for eliminating warrants would simply be too great. The government desires the ability to conduct surveillance not to invade one's privacy. Its purpose is to investigate, pursuant to a judicial order, a reasonable suspicion that a crime is taking place. Why are Crypto-Libertarians so set on taking this power away from the government?
The three proposed laws set forth the parameters for the sale and export of encryption products from the United States. Focusing on the ECPA specifically, it sets forth that it will be lawful for any person to sell any type of encryption regardless of encryption algorithm, or key length within the United States or its territories. Moreover, it vests the Secretary of Commerce with the control of export of hardware, software, and technology for information security. This power used to be held by the State Department and the National Security Agency. The other two bills have very similar provisions.
An issue that the bill does not address is First Amendment protection of encryption as protected speech or expression. Not that the bill should ostensibly invoke First Amendment protection, however there is no declaration of absolute rights to encryption. Indeed, ensuring that the domestic sale of all form of encryption and the export of encryption that is in the public domain will not be impeded is evidence that the sponsors of these legislative bills assume encryption to be protected.
One reason for the avoidance of the First Amendment issue is that if the Supreme Court were to find encryption protected as speech, then parts of the laws would be unconstitutional because they put restrictions on the export of encryption, as weak as they may be. The provisions that state that the encryption must be in the public domain in order to export place a restriction that could possibly violate First Amendment freedom.
Two very recent cases in particular have brought the issue of export of encryption to the court system: Karn v. United States Department of State (D.C. Cir. 1996) and Daniel J. Bernstein v. United States Department of State (N.D. Cal. 1996). Both Courts address the First Amendment issue, however the end result was different in each court. In Bernstein the Court ruled that encryption source code was protected as free speech. The Court reasoned that even if something such as source code is essentially functional, it may still be within the realm of speech. The Court went on to state that even technical information about hydrogen bomb construction was also speech, just as music and mathematical equations are speech, computer language communicates information.
The Karn Court did not trouble itself with this speech distinction and focused on the standard applied in First Amendment cases with regard to what the State Department regulation was aimed at. The Court determined that the barring of the export of encryption was a "content-neutral" decision. Had the decision been based on the contents of the source code the First Amendment would have been violated, however the State Department's decision was, in the Court's view, made on the determination of the medium on which the source code was to be exported, in this case a floppy disk. An example of this could be that while the instructions to make a hydrogen bomb are protected, the materials and construction of such a device are not. Similarly, the instructions to create a cryptographic software application are protected, but the code itself is the raw material and in some cases the constructed device itself.
It is important to note that the Karn Court refused to determine the dual-use nature of encryption, and whether or not the government's classification as a munitions was narrowly tailored. It stated that to address this issue would be to embroil itself in foreign policy decision. This was a responsible use of judicial restraint and the Court showed insight in not involving itself in a political issue. Certainly, the Court is entitled to determine the scope of First Amendment protection, however how the item should be classified is purely a policy, and therefore an Executive, decision. If a munition were considered protected by speech, the classification and export restriction would be inherently unconstitutional, but it is outside the scope of the Court's power to determine the correctness of such a policy determination unless the Constitution has in fact been violated.
There is obvious dissension then within the Courts as to how to classify the Constitutional protection of cryptographic software. The issue is bound to continue, perhaps until it reaches the Supreme Court. The government is in a precarious position however because it has allowed the export of encryption as text in a book. The Karn Court then went along with the government's claim that the export control was focused on the medium of export rather then the information itself. This rationale probably will not hold up to further scrutiny simply because the text from the book could be scanned and placed on a disk in a matter of seconds. It appears the government will have to change its theoretical argument and acknowledge the export of Applied Cryptography was a mistake, or be prepared to lose in further proceedings.
There are possible theoretical arguments for the government regulation of cryptography. The regulation of cryptographic code could be considered the regulation of a functioning application or device and not of the content of expression. The government could tailor its argument to follow its content-neutral claim by theorizing the only use of the source code is as an encryption device, the code itself serves no purpose but to allow a computer to encrypt a document. Whether the code is in a book, or on a disk, it could be argued that it is purely functional with little or no expressive element. That which is expressive could be explained in plain English and not in a functional code that is easily utilized. This would not preclude writing or explaining code, only the export of the source code itself which serves only the purpose of executing an encryption program.
A flaw in this argument is in the comparison to player piano scrolls. The government would have to argue that the scrolls are funtional pieces of equipment and serve only to play music and should not be protected by the First Amendment. The comparison that could be asserted by the government is that the notes to a song on paper are most certainly protected by the First Amendment, but when the notes are translated into a purely functional item, it is no longer protected. Similarly, encryption code itself is similar to the scroll, while discussion of encryption, or intructions on how it works or how to use it are protected.
The main argument for allowing the export of encryption is that strong encryption is available outside the U.S. and therefore the only purpose banning the export of encryption serves is to make it impossible for U.S. companies to compete globally. While it is true that the export revenues of U.S. corporations are curtailed, this global competitiveness argument is not a very good one (there is another much more persuasive argument for competition dealing with corporate security and the ability to use encryption to protect corporate secrets). This argument of global competition is often used by defense contractors who develop weapons and military hardware for the United States armed forces. A market limited to the United States is bound to end up being saturated with a product. Logically, defense related industry will look to export their product abroad, but often, the U.S. government restricts these exports.
The standard by which the ECPA, as well as SAFE and Pro-CODE, would measure whether or not an encryption product is exportable is whether there exists encryption with "similar capabilities" in the public domain abroad. It is important to note that there are many fighter aircraft produced abroad with "similar capabilities" as U.S. fighters. The Russian SU-27 and MIG-29 are highly effective fighter aircraft with similar capabilities as the F-16 and F-15 (excluding the F-15E and modern U.S. avionics suites). These aircraft are cheaper than their U.S. counterparts, and therefore have found buyers in nations the U.S. will not sell to, such as Cuba. Regardless of the ability of pariah nations to purchase similar aircraft elsewhere, the U.S. strictly limits who receives our aircraft regardless of the similar options they might have globally. This is the case despite the economic impact it might have on the U.S. defense industry.
It might appear to be overkill to compare a weapon of war to encryption technology, however there are significant threats inherent in allowing military grade encryption to be available globally. The argument for limiting the export of strong encryption is the same in theory as why we do not sell F-16's to Libya. While the Russian fighters might be similar in capabilities, they are not equal. Maintaining the operability of Russian fighters is enormous in comparison to U.S. equipment. Significantly more man-hours are required to keep the planes flying. Additionally, the sale of U.S. fighters almost invariably is accompanied with a maintenance package, much like a warranty when one buys a car. Russian contractors do not normally provide such services.
The argument is that just as nations will want to purchase American aircraft, they will want to purchase American encryption products. U.S. companies hold 75% of the global software market share.47 The question is will encryption technology made abroad be as inferior in quality to U.S. products, as foreign fighter aircraft are. There is a pgood argument that American technology would be king in the free international cryptography marketplace. The best example is the market share the Microsoft Windows operating system has in the global market. Certainly, if Microsoft were permitted to export 128-bit encryption as a standard option on its operating system, the majority of Windows users, which in effect is the majority of the worlds computer users, would use it.
The counter-argument is that there are plug-in programs that can be created abroad and that can be used with commercial software such as Windows. This is true, however, we must query whether such programs would be as widely used, be as easy to use, and be as good in quality as a bona fide Microsoft product. Of course, any smart criminal is going to use encryption that is unbreakable. Quite frankly there is no legislation that can stop the use of encryption by criminals. PGP and the like are going to be available on the Internet world-wide, as long as there is an Internet. Therefore no matter what the export policy is, criminals are going to use encryption. Prohibiting U.S. companies form exporting does nothing to stop crime, and everything to hurt competitiveness, or so the argument goes.
While the sophisticated international terrorist might use strong encryption obtained from the Internet, the majority of the public would most likely use a weaker product. A Microsoft product for example, that provides good protection, product support, and reliability. The fact that a determined government or wealthy and malicious individual might break the key probably would not stop most from using it. Moreover, terrorists are as likely to use normal consumer products and services, as esoteric encryption programs. Evidence for this can be found in arrests of the World Trade Center and Oklahoma bombing. Query whether criminals who return for the rental-truck deposit, or buy large amounts of fertilizer from one source would be saavy enough to acquire and utilize PGP. There is no doubt that sophisticated criminal enterprises will use cryptographic technology, but why make it easy for them?
The best argument for allowing strong cryptography to be exported serves a more important competitiveness aspect then simply revenues from export sales. Over the past few years government sponsored industrial espionage has become an important concern for corporations. For example there have been many allegations that France has conducted industrial espionage against foreign multinationals, calling into question an international escrow policy where France has private keys of foreign companies. These concerns are why the laws make clear that the Secretary of Commerce must authorize the export of encryption software or hardware to commercial users in any country to which exports have been approved for use by foreign financial institutions. The only restriction is if there is substantial evidence that the end-use of the software will not be diverted or modified for terrorists or foreign military use. These provisions were added because the encryption limit of 40-bits was terribly inadequate, and is easily cracked with a $400 investment in about five hours.
There is a large loop-hole in the language of all three proposed laws with regard to the provision that the Secretary of Commerce will determine if a level of encryption technology is in the "public domain" or "generally available." Even if legislation banning the export of a certain level of encryption were passed, the U.S. company could set up operations abroad to sell encryption software, and hardware. RSA Data Security, a leading developer of cryptographic software, has opened a subsidiary and entered into a development agreement with the Chinese government. In light of this, one can see an enormous hole in the provisions of the proposed legislations which limit export to only those products available abroad in the public domain. A U.S. company that uses a foreign subsidiary, or has a foreign partner could easily exploit any one of these laws by allowing them to distribute its software, thus putting it in the public domain for export from the U.S.
This can be avoided obviously through more restrictive language in the bills. If the Congress is willing to penalize U.S. and foreign companies who do business with Cuba, it could be willing to penalize U.S. companies who utilize foreign subsidiaries to sell encryption. Utilizing foreign subsidiaries to skirt export laws could be clearly defined in the statute as illegal. This is however highly unlikely, especially in light of current Congressional sentiments on the issue.
The best way to control the international proliferation of military grade encryption is through international cooperation. The United States is not the only nation concerned with the risks of the export of cryptographic products, and while crypto-libertarians dismiss any possibility for success, there have been some international accomplishments. Most recently in December 1995, the Organization for Economic Development (OECD) and the International Chamber of Commerce (ICC) sponsored a meeting in Paris. The meeting spearheaded the exchange of information of national encryption policies and dealt with the creation of an international commercial key escrow system.
One area of international cooperation with regard to encryption is in the area of cellular phones. The Europeans have classified Global System Mobile (GSM) which encrypts its systems with an algorithm called A5 as a non-exportable munitions. In fact, NATO has used its powers to limit GSM export under its COCOM agreement. This has prompted GSM companies to create A5X a weaker version of A5 that is easier to crack and exportable.
One interesting fact is that encryption might not actually be the technology that inhibits governments from conducting lawful surveillance on their citizens. Ironically, it is the progress of technology itself that might render a phone conversation wiretap proof. Data compression enables data to be hidden so the encryption isn't even required. If one scatters the bytes carrying voice or data through an unrelated audio or video file they can hide the data transfer or the conversation.
These above issues are the important underlying issues behind the language of the export language in the ECPA of 1996 § 2805. This bill will be altered as it travels from committee to committee through the legislative process, and without a doubt it is the above issues that will be debated at length before the Senate bill (or the House bill for that matter) goes to the floor for a vote.
There are a few beliefs, that I assert are facts, that must be established before proposing solutions for the encryption debate.
1. As long as there is an Internet, military grade encryption will be accessible to anyone with a computer, a modem, and an Internet connection.
2. The proliferation of unbreakable encryption will, if unchecked in any way, result in curtailed activities of law enforcement and interfere with the lawful surveillance tactics used by law enforcement organizations.
3. The United States Constitution provides only very basic protections with regard to the surrender of memorized keys and freedom to use some manner of encryption to ensure privacy in electronic communication of voice and data. These protections are not absolute, and do not therefore prohibit compelled decryption and restricted export of specific key lengths.
4. Unless U.S. companies are permitted to export encryption of at least 75-bits for security purposes, they will continue to suffer economic losses due to industrial espionage.
5. There are societal concerns that are important enough that we must act to balance Constitutional rights with the societal interests.
In looking at the very last belief, one might assert that it is in fact self-conflicting. This is to say that Constitutional rights are most certainly a part of societal interest, and they are always in balance because it is the Constitutional freedoms that make our society possible. However it is my assertion that blindly accepting the Constitutional rationales of the past could damage our future.
The proposed legislation deftly avoids these Constitutional issues by allowing all manner of encryption domestically, and only a loose and loopholed restriction on export. Ironically, while attempting to assure free export, it reserves the right for the Secretary of Commerce to block export of cryptographic products not available already outside the U.S. This is still a possible Constitutional violation if the First Amendment argument of Bernstein is correct and the right is absolute. Moreover, in its attempt to secure the competitiveness of U.S. companies, the bill has ignored the implications that its passage would have on law enforcement.
The Karn and Bernstein decisions are evidence of how this debate will be played out. If the export of encryption is found to be protected by the First Amendment, there is little the government can do. However if the courts rule that the government can regulate encryption hardware and software based on possible end-use, there may be enough of an opening for narrowly tailored export regulations crafted to adhere to a courts First Amendment ruling.
The first belief above states that there will be free availability of encryption as long as there is an Internet. This is the favorite argument of crypto-libertarians. It is very true, but it is in many ways naive. First, while child-pornography will always be available for as long as there is an Internet, at present we have no legislation pending to make it legal. The logical response to this assertion is that encryption, unlike child-pornography, is not per se illegal. True. But, it might be just as threatening to society as a whole. Moreover this proves the point that just because something is readily available or accessible doesn't mean we must ignore the dangers it could pose to society.
It was established earlier that encryption has indeed hindered law enforcement investigations. The challenges to law enforcement claims of possible impotence in the face of strong encryption are in some cases weak. Many crypto-libertarians assert the infrequent use of encryption to foil law enforcement, and relatively few examples where law enforcement has encountered unbreakable code. Frankly this is quite irrelevant. It will be used more and more frequently in the future, and with no limitations, FBI Director Freeh's comments regarding what will happen to the effectiveness of wiretaps, will come true. Debating what the effect is now, is counter-productive as to how we will deal with it in the future.
The Fifth Amendment argument is perhaps the weakest of Constitutional arguments. In Philip R. Reitinger's Compelled Production of Plaintext and Keys, a very strong argument is made for the lawfulness of compelling decryption keys. The Supreme Court has agreed that there are certain limitations to Fifth Amendment freedoms in past cases. Consider the required records doctrine which provides that certain records are not protected by the fifth Amendment due to the public interest involved. The Court in Shapiro v. United States stated:
". . .the privilege against self-incrimination", which exists as to private papers, does not protect individuals against being forced to produce records required by law to be kept in order that there may be suitable information of transactions which are appropriate subjects of governmental regulation and enforcement of restrictions validly established."
A Crypto-Libertarian would assert that certainly the government has no interest in private encrypted files. However, clearly the Supreme Court has allowed the exclusion of certain items from broad Fifth Amendment protection.
The United States government recently agreed to discontinue degrading the signal of Global Positioning System satellites over the next four to ten years. The military had been degrading the quality of the signal for public and commercial use, however the incredible range of uses that GPS can be applied to, land navigation, automobiles, boats, and more accurate avionics commercial aircraft. The government simply decided that the societal gains from GPS outweighed the possible harm. Certainly, allowing Iraq, China, or North Korea, to use U.S. GPS signals to guide their ballistic missiles is a definite threat. However, the good uses for GPS outweigh the possible negative effect of having a Chinese Silkworm programmed to land on the fifty yard line of the Los Angeles Coliseum by following U.S. GPS signals.
There is one thing that is important to mention however with regard to GPS. The military will continue degrading the signal until the Defense Department devises a way to protect GPS signals from manipulation by the enemy in times of national emergency. The moral of this story is that the government is prepared to allow the public use of potentially dangerous technology if the good outweighs the bad, so long as it retains the ability to protect its citizens from the disastrous. Perhaps, we can apply this logic to the encryption debate.
The benenificial uses of encryption, insofar as the protection of secrets and security of financial and corporate communications is concerned, is a very persuasive argument to outweigh the possible negatives. However, the government should be able to build in a safety net to protect society from those who would abuse this technology for destructive purposes. The broad distrust of government by Crypto-Libertarians is ridiculous and counter-productive. While it is necessary to be suspicious of government incursion of privacy and other Constitutional rights, it is folly to suspect the government of a grand scheme to abuse its citizen's with it's power. Repeated references to the surveillance of Martin Luther King, Jr., ignores the infrequency of such abuses. Compiling examples of government abuse, including the Waco and Ruby Ridge tragedies, are outweighed by the positive activities and victories of law enforcement organizations over the years.
The following legislative proposals will make no individual on either side of the debate happy, and they will certainly raise strong objections from extremists on both sides. However, I believe the following is a balance of domestic security concerns and secure private and commercial communication.
Proposal: Any person within the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States shall comply with lawful judicial orders to provide the plaintext of a decrypted document or the decryption key.
Rationale: The Fifth Amendment as discussed supra is not broadly applicable to encrypted documents. If a normal document is subpoenaed, if it exists it must be provided pursuant to the subpoena in usable form. If a document is encrypted, an individual must provide the means to decrypt it pursuant to a judicial order. The act of production immunity would only be necessary because the possession of the key demonstrates a connection between the possessor of the key and the underlying document. But the authentication of document can be proven if the government can show how it obtained the document. The following paragraph proposed by Reitinger illustrates this example:
If the government knows that I possess the key associated with the ciphertext, that key can be authenticated without relying on the act of production because proof of my possession of the key combined with the fact that the key does decrypt the cyphertext establishes that the key is what the government claims -- my key to the document.
Proposal: The Secretary of Commerce shall authorize the export of encryption higher than 56-bits under general license for non-military corporate end-users in foreign countries. Personal use shall be lawful under license so long as it is used in the course of conduct of corporate related duties and affairs. The Secretary shall be satisfied that the encryption product will not fall into the hands of foreign militaries, terrorists, or non-licensed individuals. The key length limit will be subject to change pursuant to the Congressional mandated annual Department of Commerce Minimum Key Length Study to be submitted to Congress annually for the determination of maximum key length for export.
Rationale: In light of the ineffectiveness of current encryption limits against rich and powerful companies and intelligence agencies, it is absolutely necessary that U.S. companies be permitted to utilize the strongest encryption possible to protect industrial secrets. However, such a use should be permitted only by government license certifying that the end-user will be a non-military commercial entity. It doesn't matter which agency, the distinctions made in the bills are largely ceremonial because both are Executive agencies that will rely on the NSA.
The proposed yearly Department of Commerce Study on Minimum Key Lengths would mimic the Blaze et. al. publication entitled Minimal Key Lengths For Symmetric Ciphers To Provide Adequate Commercial Security. This will serve to guide the Secretary in ensuring that an adequate level of security is available each year. As technology increases, a 64-bit program may no longer need to be licensed while a 90-bit key would still require a license.
Proposal: It shall be unlawful for any U.S. corporation to export encryption software stronger than 56-bits for public sale outside the United States, the District of Columbia, the Commonwealth of Puerto Rico, or any territory or possession of the United States. The key length will be subject to change pursuant to the annual Department of Commerce Minimum Key Length Study to be submitted to Congress annually.
Rationale: This would likely be the most controversial proposal because it would mean lost revenue for U.S. corporations. However, corporations will be protected from foreign espionage through licensed software. Moreover, they will still be permitted to produce strong encryption software for corporate clients under government license. The question is how many individuals will forgo using Microsoft Windows because it will only protect them against small-time hackers and not the government or intelligence agencies. Logic would say that the average individual in a foreign country would feel comfortable with using a better product, even if it is weaker than what is locally available. Again, the DOC yearly study will serve to provide guidelines to keep the law in line with technology.
Strong 128-bit encryption will always be available over the Internet, and foreign companies will no doubt produce strong encryption programs. However, if the U.S. corporations continue to provide strong encryption at the level of DES 56-bits, the foreign consumer will likely continue to use the U.S. program. This is likely because it would take a $10,000 investment and a year and a half to crack a DES key or $300,000 to crack it in 19 days (3 days with a custom built chip). This is probably enough to ensure the privacy and security of the vast majority of the public.
Proposal: It shall be lawful for any person within the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States to use any encryption, regardless of encryption algorithm selected, encryption length, key length chosen, or implementation or medium used.
It is evident that the above proposals would allow the use and sale of strong encryption within the United States. Provided that law enforcement has the ability to compel the production of a decryption key, it makes little difference what bit length is used. It also ensures that encrypted documents will not interfere with lawful warrants and subpoenas. The only concession is that domestically, law enforcement organizations would be powerless to conduct surveillance on those individuals using strong encryption.
This must be accepted by law enforcement for many reasons. First, it might be that the software industry will not bother incurring the cost of producing one product for export and one for domestic sale. Therefore, the 56-bit export limit might also become the domestic norm for basic software applications. Also, limiting the export of strong encryption would allow the NSA to continue to do its job abroad.66 Moreover, as mentioned earlier, compression technologies are likely to make even unencrypted communications difficult to tap. Finally, just as the government found it could allow the public to use GPS, so long as it could interfere in a national emergency, the government can allow the domestic use of strong encryption if it has other surveillance options in addition to a tap, and the continued ability to execute warrants and compel decryption of files.
In the face of strong encryption, the government should abandon key escrow and concentrate on perfecting the other technologies that allow police surveillance activities to be effective. Just as it has always done, the government will adapt with new technology, and continue to protect its citizens even if broad wiretapping is more difficult.
Any solution to the encryption issue will upset those on both sides of the issue. The challenge is to find a solution that protects society, yet allows the greatest amount of privacy protection for individuals and commercial enterprise. Allowing economic interests alone to drive such a sensitive policy is problematic. It appears as though that this what is essentially driving the proposed legislation. Even privacy issues seem to take the back seat when statements like "Encryption is good for American business and good business for Americans," are the norm.
By far the most disturbing thing is the perception that the government and law enforcement organizations cannot be trusted not to abuse their power excessively. While this does happen, the Clipper failure illustrates the paranoia that has set in with regard to government power. While it might be foolish to have every decryption key in one place, guarded by one agency, seeking a way to ensure the police can still do their job doesn't seem like a horribly oppressive perspective.
The proposals above are not bullet proof, there are still loop-holes. However, their purpose is not to provide an ultimate answer, rather, it is to provide an example of how the interests of all parties can be negotiated to an imperfect but livable solution that protects privacy, while ensuring the continued viability of our judicial system. If everyone were to use unbreakable cryptography, and not even a subpoena could force decryption, the effectiveness of the judicial system, and the gathering of evidence would be hampered. It is up to all of us to make sure this does not happen, while we still ensure our basic Constitutional freedoms are intact. Not an easy chore from any perspective, but one we must undertake together.