.
.
Jeffrey Hall and Mike Haslam
Although encryption can protect information from illegal access, it can also interfere with the lawful interception of communications by government officials. The goal of this report is to describe the effect of encryption technology and the government's new Escrowed Encryption Standard [EES] on law enforcement, mainly from the perspective of law enforcement. The information presented here was obtained from public documents and testimonials by law enforcement officials, from private conversations with people in the FBI and other law enforcement agencies, and from comments I received by people in law enforcement on an earlier version of this report. Some of this research was performed in conjunction with my earlier study of the FBI's proposal on Digital Telephony [DT, Denning].
The following summarizes the key points, which are discussed in greater depth in the sections that follow:
1. The Need for Wiretaps
Law enforcement views court-authorized interception of communications as essential for preventing and solving many serious and often violent crimes, including terrorism, organized crime, drugs, kidnapping, major white collar crime brought against the government, and political corruption [DT, DT Cases, Kallstrom]. In testimony before the Computer Systems Security and Privacy Board, James Kallstrom, former Chief of the FBI's Engineering Section, estimated that wiretaps are used in excess of 90% of all cases involving terrorism, often with the result of preventing a terrorist act. Similarly, in testimony before Congress, Donald Delaney, senior investigator with the New York Stat Police, warned that if we adoped an encoding standard that did not permit lawful intercepts, we would have havoc in the United States. For example, in a Chicago case code-named RUKBOM, the FBI successfully prevented the El Rukn street gang, which was acting on behalf of the Libyan government, from shooting down a commercial airliner using a stolen military weapons system [Kallstrom, DT Cases]. Examples of other terrorist attacks successfully prevented with the help of electronic surveillance include the bombing of a foreign consulate in the U.S. and a rocket attack against a U.S. ally.
Electronic surveillance is used against organized crime, widespread fraud, bribery, and extortion. It was used to help solve a case involving corruption associated with organized crime control of the International Longshoremen's Union, which cost the citizens of New York city 10-12 cents on every dollar spent on consumer items coming through the port of New York, and to help solve another case involving organized crime control over the construction trade of New York City, which had led to 3-5% of all construction contracts being escalated by that percentage [Kallstrom]. Evidence obtained from electronic surveillance in a case involving the Concrete and Cement Workers Union prevented an economic loss to the public of $585 million [DT Cases]. According to the FBI, the hierarchy of La Cosa Nostra has been neutralized or destabilized through the use of electronic surveillance, and thirty odd years of successes would be reversed if the ability to conduct court-authorized electronic surveillance was lost.
In the decade from 1982 to 1991, state and federal agencies were granted 7,467 court orders for interceptions under Title III of the Omnibus Crime Control and Safe Streets Act and equivalent state statutes. At the end of 1991, these had led to 35,851 arrests and 19,259 convictions. Convictions resulting from interceptions conducted in the last few years are still accumulating, as trials regarding those subjects are held. Because the number of arrests associated with wiretaps is a small fraction of all arrests each year, some people have questioned whether wiretaps are necessary or worthwhile given the availability of other investigative techniques.
By law, wiretapping cannot be used if other methods of investigation could reasonably be used instead. Such normal investigative methods usually include visual surveillance, interviewing subjects, the use of informers, telephone record analysis, and Dialed Number Recorders (DNRs). However, these techniques often have limited impact on an investigation. Continuous surveillance by police can create suspicion and therefore be hazardous; further, it cannot disclose the contents of telephone conversations. Questioning identified suspects or executing search warrants at their residence can substantially jeopardize an investigation before the full scope of the operation is revealed, and information can be lost through interpretation. Informants are useful and sought out by police, but the information they provide does not always reveal all of the players or the extent of an operation, and great care must be taken to ensure that the informants are protected. Moreover, because informants are often criminals themselves, they may not be believed in court. Telephone record analysis and DNRs are helpful, but do not reveal the contents of conversations or the identities of parties. Other methods of investigation that may be tried include undercover operations and stings. But while effective in some cases, undercover operations are difficult and dangerous, and stings do not always work. Law enforcers claim that no other method can take the place of wiretaps [Kallstrom].
Each court order must provide evidence for the need to wiretap by demonstrating that normal investigative procedures have been tried and have failed or reasonably appear unlikely to succeed or would be too dangerous [USC 18, DDKM]. This does not mean that the other methods are not used in those cases, as indeed they are, but only that they are inadequate to successfully investigate and prosecute the cases. Wiretaps not only provide information that cannot be obtained by other means, but yield evidence that is considerably more reliable and probative than that obtained by most other methods of investigation. A wiretap is also less dangerous than sending in a civilian informant or undercover agent who is wired since the risk of discovery puts that person's life in jeopardy. Finally, a wiretap may be less invasive of privacy than placing a bug in a subject's home or using an undercover agent to establish an intimate relationship with the subject.
Although the number of arrests from wiretaps is relatively small compared to the total of all arrests, those criminals that are arrested and convicted with the aid of wiretaps are often the leaders of major organized crime, drug trafficking, and terrorist groups. In reviewing a proposal for a wiretap, law enforcement agencies determine whether the subjects of the proposed interception are worthy targets of investigation and whether the interception is worth doing.
The law enforcement community views electronic surveillance
as essential to effective law enforcement, and law enforcement
as essential not only to public safety and our economic well-being,
but to a free society. In his remarks at the Computer Ethics Conference,
Alan McDonald of the FBI summed it up: "We have been fortunate
as a society to enjoy unparalleled freedom. It has resulted because
we live under a compact of ordered liberty. One need only consider
the number of countries where law enforcement is ineffective and
where the violence and corruption of organized crime reign to
see true diminishments of freedom, liberty, and personal privacy"
[McDonald].
2. The Threat of Encryption to Lawful Surveillance
Encryption has been available to criminals for a long time. Until recently, however, voice encryptors were extremely bulky and the quality of the voice low, so criminals who tried encryption would typically cease using it [Kallstrom]. But recent advances in encryption technology are leading to products such as the AT&T 3600 Telephone Security Device that are small, portable, easy-to-use, affordable, and have high quality audio. Law enforcers expect that criminals will flock to such devices, not only to hide their communications from the government, but to safeguard them from their competitors [Kallstrom, Meeks]. The effect could be that criminals are able to make their communications immune from government search and seizure even under probable cause of criminal activity.
The proliferation of such encryption products ultimately could be harmful to society if government officials do not have the means to decrypt lawfully intercepted communications, at least in most cases. On behalf of the National District Attorney's Association, President Robert Macy writes: "In an increasingly dangerous world, law enforcement cannot afford to be blindfolded by advanced technologies including encryption devices" [Macy]. Roy Kime, Legislative Counsel for the International Association of Chiefs of Police, makes the analogy that people in law enforcement are being "outgunned" by the criminals with respect to advances in technology [Kime]. In testimony before Congress, Donald Delaney, Senior Investigator with the New York State Police, said he believed that if we adopted an encryption standard that did not permit lawful intercepts, we would have havoc in the United States [Delaney]. Although there are no "dead bodies" as yet, Kallstrom believes there will be a "horror show" if the encryption that proliferates in the market does not factor in an equity for law enforcement [Kallstrom].
Criminals can use encryption to conceal stored information
as well as communications. In a child pornography case on the
West coast, encrypted data files have slowed down the investigation
of a large international ring dealing with child pornography and
the possible smuggling of children [Kallstrom]. However, although
law enforcement is concerned about the use of encryption to conceal
computer files, their primary concern is with communications,
particularly telephone conversations. This is because intercepts
play a much more important role in investigations than documents.
Real-time intercepts pick up the criminal dialogue, the plotting
and planning that glues crimes together. By revealing conversations
about possible future activities, wiretaps also may be used to
prevent crimes from occurring. Thus, while being able to decrypt
files is valuable, 99% of the issue today is telephone conversations
[Kallstrom]. In addition, while communications over high speed
computer networks are expected to become an issue, the primary
concern today is with voice, fax, and data over the public switched
network (telephone system).
3. Right of Citizens to Privacy from the government
The thought of the FBI wiretapping my communications appeals to me about as much as its searching my home and seizing my papers. But the Constitution does not give us absolute privacy from court-ordered searches and seizures, and for good reason. Lawlessness would prevail. Nowhere in the Constitution is the right to complete privacy assured to U.S. citizens, just as the right to complete freedom of speech is not granted.
The Clipper Chip is not about increasing government's
authority to invade the privacy of its citizens. All that key
escrow does is preserve the government's current ability to conduct
wiretaps under existing authorities. The government would have
the same ability to tap phones that it has had for a very long
time now. Without any cryptography at all, anybody can tap your
phone and listen in to your conversation. The Clipper Chip prevents
anybody but court-authorized law-enforcement agents to tap your
phone. Key escrow, in fact, helps insure your privacy by reinforcing
the existing requirement that every wiretap and every decryption
must be legally authorized. The key escrow system means that proof
of authority to tap must be certified and audited, so that illegal
wiretapping by a rogue prosecutor or police officer is, as a practical
matter, impossible.
4. Encryption Policy and the EES
Law enforcement seeks an encryption policy that takes into account the equities of public safety, effective law enforcement, and national security along with those of privacy, security, and industry success [Kallstrom]. They support the use of encryption by law abiding citizens and organizations to protect sensitive information, and recognize the importance of encryption to safeguarding information assets [Settle]. They generally favor strong encryption over weak or "dumbed down" encryption [Kallstrom]. To implement lawful interceptions of encrypted communications, they need a real-time or near real-time decryption capability in order to keep up with the traffic and prevent potential acts of violence. Since there can be hundreds of calls a day on a tapped line, any solution that imposes a high overhead per call is impractical.
These requirements for strong encryption and near real-time decryption led to the Escrowed Encryption Standard [EES] and its related key escrow system. Upon receiving a chip's unique key components from the two escrow agents, law enforcers can readily decrypt all conversations encrypted with the chip until the wiretap terminates, at which time all chip-related keys are destroyed. The escrow agents need not get involved in the decryption of each conversation, which would be overly cumbersome.
Law enforcers consider the EES to be the best known approach for addressing the dual need for secure communications and court-ordered access, at least for the intended initial application, namely voice, fax, and data encryption of telephone communications transmitted over the public switched network. The EES will significantly enhance communications security by making strong encryption available in a way that makes illegal wiretaps virtually impossible, while permitting those that are lawfully authorized. The key escrow mechanisms and procedures are being designed to provide a high level of protection for keys and to protect against compromises or abuses of keys, thereby assuring that no person or entity, including government, can improperly access one's EES communications. Although there is no evidence of widespread abuse of wiretaps by law enforcement officials, the EES will effectively thwart any potential abuse, thereby providing greater protection from illegal government wiretaps than currently exists.
The Presidential Decision Directive [PDD] on escrowed encryption is viewed as offering a balanced solution to the encryption problem that is consistent with basic tenets found in the Constitution and in the Bill of Rights, which does not grant an absolute right to privacy, but rather seeks to balance individual privacy with the need to protect society as a whole [McDonald]. William A. Bayse, Chief Scientist of the FBI, observed: "It is well recognized that Anglo-American law has historically balanced the personal privacy of the individual with the legitimate needs of Government. ... As can be seen from a review of the Fourth Amendment to the U.S. Constitution ..., an individual's privacy rights are not absolute, and they give way to more compelling Governmental rights when criminality is demonstrated or suspected." [Bayse]. Similarly, Alan McDonald noted "... the dictum of the Bill of Rights, and the Fourth Amendment in particular, is a balance between individual liberty and privacy and the legitimate need of Government to protect society as a whole-a balance to prevent the tyranny of absolutist Government and the tyranny of lawlessness and anarchy. ... The electronic surveillance statutes, like the Fourth Amendment, are founded on the concept of balancing fundamental individual and governmental interests-personal privacy and the public safety. ... Encryption technology creates no legal rights under our Constitution, the Fourth Amendment, or under our electronic surveillance statutes" [McDonald].
5. Criminal Use of Non-EES Encryption
Some people have argued that criminals will not use EES, but rather will use encryption methods that defeat law enforcement. While acknowledging that some criminals may use other means, law enforcers assume most vendors will not manufacture an encryption device unless they perceive a large, legal market [Kallstrom]. The hope is that the EES, or some other approach that takes into account the law enforcement equities, will proliferate in the legitimate encryption market in this country and become transparent, thereby cutting down on the availability and use of encryption that does not include the law enforcement equities [Kallstrom].
Virtually unbeakable encryption is available to criminals today, but it isn't easy for criminals to use, especially in telecommunications. Why? Because as long as encryption is not standardized and ubiquitous, using encryption means buying and distributing expensive gear to all the key members of the conspiracy. Up to now, only a few criminals have had the resources, sophisticaion, and discipline to use specialized encryption systems.
What worries law enforcement agencies - and what should worry them - is a world where unbreakable encryption is standardized and ubiquitous: a word where anybody who buys an $80 phone gets and "encrypt" button that interoperates with everyone else's; a world where every fax machine and every modem automatically encodes its transmissions without asking whether that is necessary. In such a world, every criminal will gain a guaranteed refuge from the police without lifting a finger.
There is some evidence that through market forces and government purchasing power, the EES may become the de facto national standard for telephone encryption. When AT&T announced its 3600 Telephone Security Device in Fall 1992, the device used a DES chip for encryption, and did not include a capability for law enforcement access. Priced at $1200, it would have been attractive to criminals, and could have led to the promulgation of encryption technology that would have posed a major threat to law enforcement. However, when the government announced the key escrow initiative on April 16, 1993, AT&T simultaneously announced that the TSD would use instead the new Mykotronx MYK-78 chip, aka "Clipper", which uses the EES. The government ordered several thousand of the modified devices.
Since EES products can be exported to most places, there is an additional incentive for vendors to incorporate the EES into their products rather than, say, the DES, which is subject to stricter export controls. However, there are other factors relating to the nature of the technology and to public acceptance that could interfere with widespread adoption of EES by vendors.
Criminals need to talk with many people outside their circle in order to carry out their activities, for example to rent or purchase needed goods and services. To conduct those conversations, which may be incriminating, they will either need to use an encryption method identical to that used by the other parties or else forego encryption entirely. Assuming EES dominates in the legitimate market, criminals may prefer to use it over communicating in the clear since the EES will at least protect them from their competitors. Criminals are often sloppy in protecting their conversations from law enforcement, making incriminating statements over the phone while acknowledging their phones may be tapped.
Even if criminals do not use the EES, the government's objective of making strong encryption available to the public in a way that is not harmful to society will be achieved. Criminals will not be able to take advantage of the strong algorithm to thwart law enforcement. Since it is extremely difficult to develop high quality, strong encryption products, law enforcement may be able to access many non-EES encrypted criminal communications.
If banks and corporations and government agencies buy key escrow encryption, criminals won't get a free ride. They'll have to build their own systems - as they do now. The only thing that will change is that criminals won't be able to use the encryption methods the government has developed and supported.
6. An International Problem
The U.S. government is out to protect its citizens. The government has proven itself to be the leader of the cryptography industry. Developing good encryption is very expensive and time consuming. It is a laborious and unglamorous process. One which, generally, only the government has been willing to pay for. The end product of all of the government's labor is the Clipper Chip. It is considered to be the most reliable encryption product available.
So why would the U.S. government not make everyone use it? It is in the entire country's best interest if those who are enemies of America cannot read anything transmitted electronically. Whether the information is personal, business, or governmental, it needs to be encrypted so that it can be read only by those to whom it is sent. If everyone were to use the Clipper Chip for their encryption, then they would be certain that they were being protected from foreign spies and hackers.
On the issue ofwhether the Clipper Chip will go abroad, if people are concerned that citizens of foreign countries will be hesitant to buy products that the U.S. will be allowed to listen to, there is a solution: the production of chips with a different family key for every foreign market. This way, the alternative family key can be disclosed to the foreign government without compromising the security of the U.S. chips (a concern of some of those opposed to the Clipper Chip). Also, two chips with different family keys would not be able to communicate in secure mode because they would not be able to recognize each other's LEAFs as valid. This way it is guaranteed that foreign governments cannot spy on American citizens, and the integrity of the Clipper Chip will remain intact.
The impact of encryption on effective law enforcement is an international problem, and U.S. law enforcers have observed other countries looking at solutions based on "dumbing down" the encryption or on key escrow. The U.S. government exercised strong leadership by recognizing the problem and developing a solution before it became serious. While the U.S. solution will not necessarily provide an international solution, it as a starting point for solving a global problem.
1. The Need for Wiretaps
Most violent crimes that claim the lives of American citizens are not premeditated and would not be affected by wirtetaps. Out of 15,000 arrests for murder every year, only 15 involve wiretaps [Seemann]. Granted, in other sorts of criminal activity there are more sucesses with wiretaps, i.e. terrorism, but these are hardly common occurances. They are just high profile instances that receive national attention and thus spur the public to make stricter laws.
What is of more concern is the higherarchy of possession of the family key. What government agency will have access or authority to use the family keys? Will state or local law enforcement agencies be able to declare "justifiable cause" for decoding individuals communications. The question is, who do you trust, and for most Americans the government isn't high on that list. Creating a government enforced cryptography system will only create more beauracracy, and more drains on taxpayers money. How can one justify creating only one form of encryption and then using taxpayer's money to fund those who may be spying on them? The restriction of freedom of choice, and the stiffling of any new developments in encryption software set a dangerous precedent.
Another concern is the questionable possesion of information. What is cause enough to allow a wiretap to be placed on someone's business? What about other information recovered? For example, if a prominent businessman is suspected of insider trading and a tap is placed on his phone, who gets to hear the information? What is the out come is that there are no illegal interactions going on but that he's cheating on his wife? If this information is leaked, who's held responsible for the outcome? Mass capabilities for spying open up new questions as to who is allowed access to private information on others. Before a government mandated chip can be used, there needs to be a readdressment of the entire structure of the law enforcement system.
2. Threat to lawful surveillance
There are many avenues of lawful surveillance that are currently being used that do not seem to be hindered by the encruption capabilities already out there. If this is already available to criminals, then what difference does the clipper chip make? Either they won't purchase it, and use what they presently have, or they'll find ways around it. Nothing will stop them from buying their own software and encrypting their message before they send it out through clipper. Thus, they'll have a doubly encrypted message that even if the government sees the first decoding, they won't be able to get past the second. The black market for such programs will be quite lucrative, and where there's money involved there will definitely be interest.
Again the question of trust comes into play, with regards to lawful surveillance. The clipper chip relies on a classified algorithm, thus it has never been tested by outside sources. Many experts believe that the NSA, who created the chip, might very well have created a way to eavesdrop without having to create the family key, thus circumventing the legal procedure. Granted, any information would be at best questionable in a court procedure, there are still many things that private businesses etc. do not want the government to know. I don't feel there is enough trust in the government to allow them to use a program that has not been tested by outside sources for such loopholes. And if they are there, how secure are they?
3. Rights of Citizens
The clipper chip may not be directly invading the privacy of every citizen, but it is unfairly biased against those who commit small infractions, or the bulk of society. The large criminal rings and terrorist groups that are supposed to be hindered by the clipper hcip are going to spend a small part of their profits and develop alternative encryption methods. Other groups that rely on privacy for their dealing but are not strictly illegal will find it very difficult to operate.
Newpaper sources are a prime example. Articles that rely on unnamed sources would be very difficult to write with the possibility that the government might decide to tap conversations. Granted, withholding the names of sources is illegal, but it is also wise if their life might be in danger. The government would become extremely powerful if they had the ability to find the identities of anonymous sources, or even insinuate that they can.
Another question that should be brought up again is who can authorize a search? Will one person be responsible or a committee? If a committee has to agree on whether a search is necessary, will the delay be enough to negate any benefits that the ease of creating the key may have? If there is only one person, or only a few, then the possibility of lobbying power comes into play. The old Potomac two-step will once again protect big businesses and leave smaller one out to dry. Favoritism, the American way, will become a standard, giving those already in power just a little more leverage.
4. Encryption policy and the EES
The Escrowed Encryption Standard might work in a utopia, but then again we wouldn't need it. Even if you agree that there needs to be avenues open for the government, the question is, who else is also following those paths? How secure are the family keys? If a determined Hacker is able to compromise the system, what then. Without other encryption systems available, its a little difficult to turn around and say "Sorry, but the keys slipped out". Will the government assume responsibility for anything that happens?
The security of the clipper chip itself is another questionable area. Sure, NSA says it works great but then again they wrote it. I would really be surprised if they admitted any error whatsoever. That's like saying version 1.1 of a program is perfect. Think about all of the possible things that can go wrong. What if messages are encoded and can't get unencoded? Without other encryption method, either you wait for the problem to be fixed by the government, or send unencoded documents.
5. Criminal Use of Non EES
Criminals are already using encryption programs, at least those who bother. Those who don't yet won't be apt to jump into using something made and monitored by the goverment. What they will do is look to foreign sources to supply them with similar products, and once again the government won't be able to decode the information. Does the government want to go as far as saying that people can't double encode their messages? I don't think that the public will stand for that strict of a restriction against their personal choice and protection.
For the amount of money that will be protected, or even gained, from having another encoding system, it will be well worth it for criminals to create their own systems. What will stop them from commissioning a pseudo clipper chip and thus negating any benefits the government had toward surveillance. The psuedo chips could send out bogus serial numbers, thus two chips who were in synch with each other, but out of synch with the government family key could communicate without fear of surveillance.
Another viable fear that many have with the chip is the possibility of either hackers or other criminals stealing the algorithm for the keys. The NSA says the keys are not reverse engineerable, but again no one's outside of that organization has been allowed to test the keys. By keeping them classified, they are preventing people from compromising them, but they're also losing years of debugging and modifications. If there is a loophole, and the keys are compromised, then individuals and businesses who were forced to use the keys are going to be at a great risk. Who will be held responsible? There is too great an uncertainty and too great a risk to mandate that this chip become the only encryption system. If the government doesn't trust it own citizens enough to create a design team to test the chip, then why should its citizens trust it to have access to all of their communications.
6. International Problem
The complexity of the international problem is much greater than that of just business complaints. Many have brought up the detriment to American businesses that mandating only one certain type of chip will bring. With the loss of the domestic market, there will be a large loss of capital to spur any development in encryption technology. Meanwhile, foreign governments will begin to create their own unbreakable technology, and many won't have qualms about giving it to persons willing to meet their price.
The U.S. government has proposed allowing foreign governments access to their own clipper chips and then giving them a copy of the family keys. No government trusts ours enought to believe that America would be giving them the only copy of the keys, and in the interests of their citizens would not accept such a situation. What about governments that the US doesn't support. Will this start to become a political issue, with countries with unstable governments becoming a battle ground for complete control over their citizens. What if the chip gets missused? Are we going to assume responsibility or eventually go into war over something that we created and sold to another country?
The technological difficulties might also prevent barriers to international communication. If two companies on either side of the Atlantic are able to communicate through the clipper chip, then which government will have access to their communications. It would hardly be in the interest of either government to allow their citizens' communications to be accessable to the government of any country they may contact. But, if only the country from which the chip was purchased has possession of the keys, then small countries could make a fortune by selling chips from their country and ignoring the family keys. There are too many questionable areas still to be answered and too much relying on trust to allow such a mandate to become a reality.
Click on icon to go back to abstract.
Click on icon to go to Sources and Acknowledgements.