TESTIMONY OF ROBERT S. LITT
PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL
BEFORE THE SUBCOMMITTEE ON THE CONSTITUTION,
FEDERALISM, AND PROPERTY RIGHTS COMMITTEE
ON THE JUDICIARY UNITED STATES SENATE
CONCERNING PRIVACY IN A DIGITAL AGE: ENCRYPTION AND MANDATORY
ACCESS
PRESENTED ON
MARCH 17, 1998
Thank you, Mr. Chairman and members of the Committee, for this opportunity
to discuss with you the important and complex issue of encryption. Encryption
holds the promise of providing all of us with the ability to protect data
and communications from unlawful and unauthorized access, disclosure, and
alteration. Moreover, encryption can help prevent crime by protecting a
wide range of data as we and our valued information become more and more
connected to each other and to potential adversaries through the spread
of information networks. As a result, the law enforcement community supports
the development and widespread use of strong encryption products and services.
At the same time, however, the widespread use of unbreakable encryption
presents a tremendous potential threat to public safety and national security.
Criminals and terrorists have already begun using encryption to conceal
their illegal activities and to defeat important law enforcement and national
security objectives. In developing our Nation's encryption policy, we must
carefully balance the many different interests that the policy will affect.
In seeking that balance, it is essential to understand both the promise
and the peril that this technology holds, and to identify responsible ways
forward that advance all of the competing interests.
I want to begin, Mr. Chairman, by clarifying the Clinton Administration's
recent initiatives regarding encryption. For some time, the Administration's
position has been to encourage the design, manufacture, and use of encryption
products and services that allow for the plaintext of encrypted data to
be recovered. The Administration's approach has in fact found support in
the marketplace, in part because businesses and individuals need a routinely
available method to recover encrypted information. For example, a company
might find that one of its employees lost his encryption key, thus accidentally
depriving the business of critically important and time-sensitive data.
Or a business may find that a disgruntled employee has encrypted confidential
information and then absconded with the key. In this type of case, a data
recovery system promotes important private sector interests. Indeed, as
the Government implements encryption in our own information technology
systems, it also has a business need for plaintext recovery to assure that
data and information that we are statutorily required to maintain are in
fact available at all times. For these reasons, as well as to protect public
safety, the Administration has been affirmatively encouraging the development
of data recovery products, recognizing that only their widespread, ubiquitous
use will both provide greater protection for data and protect public safety.
In further support of this goal, two weeks ago we set in motion a process
of pursuing an intensive dialogue between industry and law enforcement.
Our goal in this process is to bring the creative genius of America's technology
leaders to bear in developing technical, market-savvy solutions that will
enable Americans to realize the benefits of strong encryption while continuing
to protect public safety and national security. We do not harbor any illusions
that there is one magic technology, a silver bullet that addresses all
the needs of the marketplace. But we think constructive dialogue in a variety
of areas and fora is far preferable to a stalemate that arises from a battle
of wills and rhetoric; working together is better than fighting legislative
battles.
The Administration is not advocating any single product, technology, or
even technical approach. Rather, we are flexible -- provided that the resulting
solutions and arrangements preserve the Nation's ability to protect the
public safety and defend our national security. These are public interests
of the highest order, shared by the Congress and by all of our law-abiding
citizens. Industry has the technical know-how to develop commercially viable
mechanisms that maintain the government's ability to safeguard its citizens,
while protecting our citizens from unwarranted intrusions from any source.
Now let me describe in a little more detail the important law enforcement
and national security interests that are at stake in the encryption debate.
First, I want to reiterate that the Department of Justice supports the
use of strong encryption. Law enforcement's responsibilities and concerns
include protecting privacy and promoting secure commerce over our nation's
information infrastructure. For example, we prosecute those who violate
the privacy of others by illegal eavesdropping, hacking, or stealing confidential
information. In the National Information Infrastructure Protection Act
of 1996, at the request of the Administration, Congress provided further
protection to the confidentiality of stored data. And the Department of
Justice helps promote the growth of electronic commerce by enforcing the
laws, including those that protect intellectual property rights and that
combat computer and communications fraud.
Moreover, the Department of Justice, like other government agencies, realizes
that our own information technology systems will increasingly require the
use of strong encryption to provide appropriate security for the valuable
and sensitive information that we hold on behalf of the American people.
The Department, both as an enforcer of the law and as a consumer of encryption
technologies, thus has a keen interest in the success of American industry
in this area.
However, I don't think that it can reasonably be disputed that the unchecked
spread of non-recoverable encryption will also endanger the public safety
and our national security. People think of encryption primarily in the
context of transmitted communications such as phone calls, and its effect
on wiretaps. Indeed, it is absolutely essential that law enforcement preserve
the ability to obtain the plaintext of information from lawfully authorized
wiretaps and to authenticate this information in court. Court-ordered wiretaps
are an essential tool for law enforcement in investigating and prosecuting
some of our most important matters involving narcotics dealing, terrorism
and organized crime.
But I'd like to focus for a moment on a slightly different aspect here:
data stored on computers. It's very common, for example, for drug dealers
or terrorists, or any other criminals for that matter, to keep records
of their activities in notebooks or other written form. When I was an Assistant
United States Attorney, I prosecuted several cases in which we arrested
drug dealers and seized their "little black books" pursuant to search warrants
or other valid legal authority. These notebooks provided invaluable evidence
against the defendant and helped us identify and prosecute other members
of the drug ring.
Today, however, we might find that the defendant is using one of the increasingly
popular electronic organizers or personal information manager software
programs to keep his records instead of a notebook. Or we might find that
a swindler running a telemarketing scam has his records on a computer instead
of in file cabinets. The switch from written to digital records does not
undermine law enforcement interests -- as long as the defendant hasn't
encrypted the data. But if strong encryption becomes a standard feature,
law enforcement will lose its ability to obtain and use this evidence.
In fact, commonly available encryption products are already so strong that
we cannot break them.
The same problem exists with respect to other types of criminals also.
Ramzi Yousef, the mastermind of the World Trade Center bombing, used a
laptop computer. Pedophiles who exchange child pornography via computer
are already actively using encryption. White collar criminals and economic
spies often use computers to steal our businesses' valuable intellectual
property. I can't emphasize too strongly the danger that unbreakable, non-recoverable
encryption poses: as we move further into the digital age, as more and
more data is stored electronically rather than on paper, as very strong
encryption becomes built into more and more applications, and as it becomes
easier and easier to use this encryption as a matter of routine, our national
security and public safety will be endangered -- unless we act responsibly.
Some people have suggested that this is a mere resource problem for law
enforcement. They believe that law enforcement agencies should simply focus
their resources on cracking strong encryption codes, using high-speed computers
to try every possible key when we need lawful access to the plaintext of
data or communications that is evidence of a crime. But that idea is simply
unworkable, because this kind of brute force decryption takes too long
to be useful to protect the public safety. For example, decrypting one
single message that had been encrypted with a 56-bit key took 14,000 Pentium-level
computers over four months; obviously, these kinds of resources are not
available to the FBI, let alone the Jefferson City Police Department. Moreover,
it is far easier to extend key lengths than to increase computer power.
Indeed, 128-bit encryption is already becoming commonplace. In this environment,
no one has been able to explain how brute force decryption will permit
law enforcement to fulfill its public safety responsibilities.
We believe that the most responsible solution is the development and widespread
use of encryption systems that, through a variety of technologies, permit
timely access to plaintext by law enforcement authorities acting under
lawful authority. I will refer to these systems, collectively, as plaintext
recovery systems, although they can encompass a variety of technical approaches.
The concept of key recovery, where the key to encryption is held by a trusted
third party, is one such approach, but it is by no means the only one that
would meet law enforcement's goals.
Some have suggested that law enforcement's access to the plaintext of encrypted
data and communications that is evidence of a crime would violate constitutional
rights. Although I will discuss in a moment the constitutionality of a
mandatory recovery regime, let me begin by reiterating that no such mandatory
regime exists, nor does the Administration seek one. Rather, the Administration's
efforts have been to encourage the voluntary use of data recovery products.
In this context, there is no doubt that the government's efforts are constitutional.
It is certainly difficult to understand how a voluntary regime might violate
the Fourth Amendment. As with any kind of stored and transmitted data,
it is axiomatic that the government may obtain both encrypted text and
decryption keys pursuant to lawful process, which may include a wiretap
order, a search warrant issued upon probable cause, a subpoena, or the
consent of the party possessing the particular item. Each of these comports
with the Fourth Amendment, and voluntary data recovery products do not
change this analysis. Additionally, if an individual's encryption key were
stored with a third party, Congress could require by legislation that,
to compel production of the key, law enforcement would have to meet a standard
higher than that required by the Fourth Amendment, much as the Electronic
Communications Privacy Act requires a court order to obtain transactional
data. If Congress were to address this issue, we would be pleased to work
with you to determine the appropriate standard and mechanisms for obtaining
keys.
The Committee has requested that I address the legal issues that might
be associated with a mandatory plaintext recovery regime. Again, let me
restate that the Administration does not advocate such an approach, and
believes that a voluntary solution is preferable. Nonetheless, I am prepared
to discuss hypothetical legislation prohibiting the manufacture, distribution
and import of encryption products that do not contain plaintext recovery
technologies, so that the capability to decrypt encrypted data and communications
is available to law enforcement upon presentation of valid legal authority.
In considering the Department's views on these issues, I would urge you
to keep several caveats in mind. First, the constitutional issues that
such a regime would present are undoubtedly novel ones. Indeed, the spectacular
growth of the digital world has created many confounding legal issues that
the Congress, the courts, the Administration, and our society at large
are wrestling with. If history is any guide, changes in technology can
lead to changes in our understanding of applicable constitutional doctrine.
Moreover, these issues are particularly difficult to address in the abstract,
because mandatory plaintext recovery could take a variety of forms. Nonetheless,
and with these caveats, it is the best judgment of the Department of Justice
that a mandatory plaintext recovery regime, if appropriately structured,
could comport with constitutional doctrine.
Let me turn first to the Fourth Amendment. It should be remembered at the
outset that the Fourth Amendment does not provide an absolute right of
privacy, but protects reasonable expectations of privacy by prohibiting
unreasonable searches and requiring that a warrant issue only upon a finding
of probable cause by a neutral and detached magistrate. A well-designed
plaintext recovery regime would ensure that users' reasonable expectations
of privacy were preserved. Any legislation in this area, whether or not
it imposed plaintext recovery requirements, should not lessen the showing
the government must make to obtain access to plaintext. If a search warrant
for data was required before, it should be required under any new regime.
By requiring the government to meet current constitutional thresholds to
obtain plaintext, such a regime would, in our view, comply with the Fourth
Amendment. Moreover, Congress could require under such a regime that even
if law enforcement obtains a search warrant for data or communications,
it would need additional authority, such as a court order, to obtain the
key or other information necessary to perform any decryption if the information
is encrypted.
Some have also argued that mandatory plaintext recovery regime would violate
the Fifth Amendment's prohibition against compulsory self-incrimination.
However, the Fifth Amendment generally prohibits only disclosures that
are compelled, testimonial, and incriminating. If a manufacturer of an
encryption product were required to maintain information sufficient to
allow law enforcement access to plaintext, we believe that there would
be no violation of the Fifth Amendment because no disclosure at all would
be compelled from the user of the encryption product. If, on the other
hand, a mandatory plaintext recovery regime required the user of an encryption
product to store his key (or other information needed for recovery) with
a third party in advance of using the product, we do not believe that such
an arguably compelled disclosure would be testimonial as that term has
been interpreted by the Supreme Court. In Doe v. United States,
489 U.S. 201 (1988), the Court held that an order compelling a person to
execute a form consenting to disclosure of foreign bank accounts did not
violate the Fifth Amendment because the form was not testimonial. The compelled
disclosure of decryption information to a third party would not seem to
be any more testimonial. Moreover, we doubt whether such a disclosure would
be incriminating, because unless and until the encryption product is used
in the commission of a crime, the key would pose no threat of incrimination
against the user.
Finally, it has been suggested that a statutory restriction on the manufacture,
import, and distribution of certain types of encryption products would
violate the First Amendment. Opponents of encryption restrictions sometimes
argue that the First Amendment protects the right of persons to speak in
"code" -- i.e., to speak in ciphertext -- and that a restriction
on the distribution of products that make a particular coded communication
possible would be analogous to placing a restriction on the use of a foreign
language. This First Amendment argument rests on the faulty premise that
the creation or dissemination of ciphertext itself is constitutionally
protected. But, unlike a foreign language, the ciphertext that is created
by strong encryption products cannot be understood by the viewer or listener.
When it is heard, such as on a wiretap of a telephone, ciphertext simply
takes the form of unintelligible static. In written form, ciphertext may
be in the form of letters, numerals and symbols, but no human being can
read or "understand" it: it does not contain characters or words or symbols
that represent or correspond to any other characters, words or symbols.
Accordingly, ciphertext is not like a foreign language, the use of which
can convey unique meaning and nuance to the listener or reader. Thus, ciphertext
itself -- as opposed to the underlying plaintext -- has none of the properties
of protected "speech" that the Supreme Court has traditionally identified,
and, accordingly, the dissemination of ciphertext should not be entitled
to First Amendment protection.
A second form of First Amendment argument focuses not on the ciphertext,
but on the underlying plaintext. Under this theory, a prohibition on the
manufacture or distribution of nonrecoverable encryption products would
inhibit an alleged constitutional right of persons to obscure their
communications in any manner they see fit. Even if legislation would impose
such a practical limitation on the manner in which speakers may obscure
their underlying communications, it could be drafted so as to pass muster
as a permissible time, place and manner restriction -- particularly since
any such restriction on the "tools" of speech would be unrelated to any
communicative impact of the underlying plaintext and the controls would
leave open ample and robust alternative channels or methods for obscuring
the underlying plaintext.
A related argument is that a communications infrastructure in which recoverable
encryption is the de facto standard will impermissibly chill a significant
quantum of speech because individuals' knowledge of law enforcement's ability
to overhear and decipher communications and data will unduly deter them
from communicating. But under such a system, the government would have
no greater access to the content of private parties' communications than
it currently has, and it is well-settled that the government's exercise
of its established statutory powers to intercept and seize communications
does not create such a "chilling" effect on speech as to transgress the
First Amendment, so long as that power is exercised consistent with the
Fourth Amendment, and for valid reasons authorized by statute, such as
to discover evidence of criminal wrongdoing. See, e.g., United
States v. Ramsey, 503 F.2d 524, 526 n.5 (7th Cir. 1974) (Stevens, J.)
(rejecting argument that "the very existence of wiretapping authority has
a chilling effect on free speech and, therefore, . . . violates the First
Amendment"); accord United States v. Moody, 977 F.2d 1425,
1432 (11th Cir. 1992).
A final type of First Amendment argument often heard is that a restriction
on the manufacture and distribution of certain types of encryption products
would impermissibly restrict the ability of cryptographers, and others,
to disseminate the computer code that is used by computers to transform
plaintext into ciphertext. But that argument is based on the mistaken premise
that dissemination of the code embedded in encryption products itself is
necessarily a form of expression protected by the First Amendment. Most
such code is in the form of "object code." Object code is simply an immense
string of "0"s and "1"s, representing a bewildering concatenation of thousands
or millions of high and low voltage electrical impulses. As such, machine-"readable"
cryptographic object codes can reveal to possible "readers" neither the
ideas they embody, nor the manner in which the ideas are expressed. And
this is especially true where such object code is embedded in a product
such as a semiconductor chip, so that even the "0"s and "1"s cannot be
discerned. Therefore, a restriction on the dissemination of encryption
products containing object code would not violate the First Amendment.
The question would be somewhat more complicated with respect to source
code -- i.e., the instructions to the computer that human beings write
and revise. Some persons do disseminate source code for communicative purposes.
Nevertheless, we believe that a restriction on the dissemination of certain
encryption products could be constitutional even as applied to those relatively
infrequent cases in which such products are in the form of software that
is disseminated for communicative reasons, because such a restriction could
satisfy the "intermediate" scrutiny that the First Amendment provides for
incidental restrictions on communicative conduct. As we have argued in
litigation in the export-control context, such intermediate scrutiny would
be appropriate because the government's reason for regulating source-code
software would not be based on any informational value that its dissemination
might have. Instead, regulation would be premised on the fact that such
software -- like all of the "encryption products" that would be regulated
-- has physical, functional properties that can cause a computer
to encrypt information and thereby place plaintext beyond the technical
capabilities of law enforcement to recover.
Once again, I would like to emphasize that I have presented our constitutional
analysis of a mandatory plaintext recovery system to respond to the Committee's
request for our views on the legal issues associated with such systems.
As I noted above, this constitutional analysis would depend significantly
on the nature of the particular system Congress mandated and the findings
which supported it; our analysis is entirely generic. Moreover, I would
emphasize again here that it is not the policy of the Administration to
seek mandatory plaintext recovery legislation; it is the Department of
Justice's hope and expectation that the dialogue with industry that I spoke
of earlier will yield outcomes that make sense from both a business and
a public policy perspective.
Those who argue against preserving lawful government access to encrypted
communications often say that the government should bow to the inevitable
and accept, even embrace, the spread of unbreakable encryption, rather
than trying to fight it. For example, one of my colleagues recently met
with a representative of a large computer company which is critical of
the Administration's encryption policy. This industry representative said
that he recognized that encryption poses a problem for law enforcement,
but that we should recognize that other technologies, such as cars, also
create problems for law enforcement, yet we have managed. He said, "We
don't ban cars, do we? Then why are you trying to ban encryption?"
Of course, I hope it is clear by now that the Government is not trying
to ban encryption. Law enforcement supports the responsible spread of strong
encryption. Use of strong encryption will help deter crime and promote
a safe national information infrastructure.
But the more fundamental point raised by the analogy to the rise of the
automobile is that society "managed" the automobile, not by letting it
develop completely unfettered and without regard to public safety concerns,
but first by recognizing that cars could cause substantial damage to the
public safety, and then by regulating the design, manufacture, and use
of cars to protect the public safety. Cars must be inspected for safety
on a regular basis. Cars are subject to minimum gasoline mileage requirements
and maximum pollutant emission requirements. Cars built today must include
seat belts and air bags. Perhaps most closely analogous, the laws of every
jurisdiction in the United States closely regulate every aspect of driving
cars on the public streets and highways, from driver's licenses to regulation
of speed to direction and flow of traffic. Congress and the state legislatures
recognized the public safety and health threats posed by the technology
of automotive transportation, even as they recognized the dramatic benefits
of mobility, productivity, and industrialization that the automobile brought
with it. Elected government representatives of the people have consistently
acknowledged and acted on their sworn responsibilities by assessing the
public safety issues at stake and then regulating the technology accordingly.
Perhaps most relevant to the policy issues posed by encryption is the practice,
begun by most states about a hundred years ago, of requiring cars to be
registered and to bear license plates. More recently, federal law has required
all vehicles to bear a vehicle identification number, or VIN. As you may
recall, it was the VIN in the Oklahoma City bombing case that led the FBI
to the truck rental office at which Timothy McVeigh rented the truck he
used. We now recognize that license plates and VIN's afford victims of
accidents, victims of car theft, and law enforcement officials with an
essential means of identifying vehicles and obtaining information on the
movements of criminals. Just as legislatures in the early 1900's acted
to manage the risks posed by automotive technology, government leaders
today, as the 21st century approaches, must bring the same sensitivity
to the need to preserve and advance public safety in the face of encryption
in the information age. And such a regulatory scheme, if constructed properly,
will, like license plates, have benefits for businesses and consumers as
well.
Of course, no analogy is perfect. Computers are not cars, and plaintext
recovery is not a speed limit. But my broader point is an important one.
The Framers of our Constitution determined that individuals would not have
an absolute right of privacy. The Constitution recognizes that there are
certain circumstances in which it is appropriate for law enforcement to
obtain information that the individual wants to keep private: for example,
when a judge finds probable cause to believe that information is evidence
of a crime. Decisions as to where that line should be drawn are political
and legal ones, not scientific or business ones; they should be made by
this Congress and the courts, not by programmers or marketers. Policy should
regulate technology; technology should not regulate policy. Just as in
the first part of the twentieth century, the law had to take account of
the changes in society brought about by the automobile, the law will have
to take account of the changes brought about by encryption.
We at the Department of Justice look forward to continuing the productive
discussions we have had with this Committee and the Congress on encryption
issues. We share the goal of arriving at a policy and marketplace that
appropriately balance the competing public and private interests in the
spread of strong encryption.
I would be pleased to answer any questions you may have.
Go to . . . CCIPS
Home Page || Justice Department Home
Page
Updated page April 12 , 1999
usdoj-crm/mis/mdf