Remarks of Barry Steinhardt Associate Director of the American Civil Liberties Union (ACLU).
Security and Freedom Through Encryption (SAFE) Forum on July 1, 1996 at Stanford University.
First, let me thank Jerry Berman and his staff at CDT for organizing this important forum. I also want to salute the members of Congress and Industry representative who participated in the forum and who have supported legislative actions to ensure the rights of Americans to engage in private and secure communications using encryption.
There are disadvantages to being on the last panel of the day. Virtually every argument that can be made against government restrictions on encryption technology has already been made. In truth, speakers like Phil Zimmerman, Matt Blaze, Whitfield Diffie, who have been pioneers in the development of encryption technology, are far more qualified than me to explain the very practical problems with the export controls and the various iterations of Clipper.
But there is also an advantage to being last. Now that all of the facts and public policy arguements are out on the table, I can engage in the luxury of attempting to put this issue in a broader political and historical perspective.
The debate over encryption policy needs to be seen as part of a larger set of issues about the power and authority government in the digital age.
From a civil liberties perspective, computer mediated communications are very much adouble edged sword. On the one side, the vast and detailed information flowing across the world, in a form that can be easily stored, intercepted and correlated, poses grave threats to individual privacy and autonomy. On the other side, the technology itself offers solutions ,like encryption, which create new opportunities to protect the privacy of our communications and most initmate information.
The double edge of this sword has not gone unnoticed by law enforcement and the intelligence agencies. The Clinton Administration's has been especially vigorous in efforts to expand the power of the Federal Government to snoop on private communications and data -- both by taking advantage of new technology and by seeking government control of the technologies which might thwart the new surveillance.
The White House has not simply given us Clipper versions 1 through 3. The Administration pushed for sweeping expansions of FBI wiretapping authority in numerous bills, including the recently passed anti-terrorism legislation..
Most prominently, In 1995, the Justice Department and the intelligence agencies persuaded Congress to pass the digital telephony legislation that -- for the first time in our history -- endorsed the radical notion that the government could require an entire industry to alter its technology so the government could continue to snoop. The digital telephony legislation is akin to requiring contractors to place listening devices in the walls of the new homes they build so the bugs could be turned on one day if the government wants to listen in. As a follow up to the legislation, the Administration is proposing to require the nation's phone companies to provide it with sufficient access to enable the FBI and other law enforcement agencies to intercept communications, i.e. wiretap, 1 out of every 100 telephone lines in the nation's largest cities and other, undefined prime target areas.
This is a capacity that is believed to be greater than anything the KGB ever commanded in the Soviet Union.
To date, the Congress has wisely resisted the Administration's request for $500 million dollars to fund this program.
All of this legislative activity has taken place against a backdrop of increased use of existing surveillance powers. The Clinton administration set a record for most crime related wiretaps in a year and , for the most wiretaps placed for intelligence purposes.The latter does not even require the same probable cause showing.
Wiretapping is extraordinarily destructive of individual privacy. It is the worse sort of general search, which necessarily captures not only the communications of its specific targets, but those of countless others who happen to come in contact with the targets or use the same lines.
Indeed, while the number of wiretaps has been increasing in recent years, their efficiency has been plummeting. According to the government's own figures, the proportion of incriminating conversations snared by a wiretap (as opposed to so-called innocent or irrelevant conversations) nosedived from 25 percent to 17 percent in the decade between 1984 and 1994. In the early 1970's, the government says, the proportion of incriminating conversations snagged by wiretaps was approximately 50 percent -- nearly three times the efficiency rating the government earns today.
Another way of looking at it shows that, on average today, each time a law enforcement wiretap is placed, 83 percent of the conversations the government eavesdrops on will be innocent or non-incriminating even by its own reckoning.
This 17 percent efficiency rating is simply unacceptable from a privacy perspective. Would we as a society accept such a low rating on physical searches? Consider the following analogy: If you lived on a block with six houses, and the police had probable cause to believe that drugs are in one of the houses, under the 17 percent efficiency standard it would be perfectly acceptable for them to search your house and the houses of four of your innocent neighbors to find the drugs that might be in the sixth house.
This kind of indiscriminate physical search would, of course, be completely unacceptable and no court would ever permit it. Yet, the FBI seems to think that efficiency standard is just fine when it comes to eavesdropping on our conversations.
Moreover, although the FBI would have us believe that more wiretapping is needed to save the country from terrorists and prevent another Oklahoma City, the numbers simply do not support the agency. Wiretapping is almost never used to investigate bombings, arson or firearms violations. Indeed, the last time a wiretap was requested by a law enforcement agency to investigate one of these crimes was in 1988. In the past 11 years, fewer than 0.2 percent of all law enforcement wiretap requests were made in connection with such crimes. Instead 83 percent of all electronic surveillance intercepts are used to investigate gambling and drug offenses..
To assuage the American public, already jittery from federal law enforcement abuses at Waco and Ruby Ridge and now Filegate, the FBI assures us that it will still have to go to court and demonstrate probable cause to a judge before it is allowed to engage in electronic surveillance. What it neglects to mention, however, is that its requests for wiretaps are almost never turned down by the courts: no request for a "Title III" intercept has been rejected since 1988; no request for a foreign intelligence intercept has been turned down since 1979.
The encryption issue is directly related to the government's desire to continue and increase its wiretapping. In many respects, government control of encryption technology, through restrictions on the its strength and the introduction of a key escrow system available to the government, are the lynch pin of the new era of wiretapping.
Much of the recent debate over encryption has focused on issues related to stored data. It is plain, however, that from the perspective of the Administration, that they are equally -- I would venture to say perhaps more -- preoccupied with the interception of real time communications or, in more old fashioned terms, wiretapping.
The Attorney General, The FBI and the NSA know well that any expansion of their authority to wiretap could easily be frustrated by the increased use of strong encryption.
This emphasis has been plain, not only, in the Administration's desire to expand its wiretapping capacity and pass the digital telephony law, but from the comments of key administration figures. The day after the Digital Telephony law passed FBI Director Freeh publicly worried that the law might not work if without additional measures to restrict encryption.
Only 10 days ago, Attorney General Janet Reno spoke here in Northern California to the Commonwealth Club of California on then topic of " Law Enforcement in Cyberspace". The Attorney General identified the " widespread use of encryption" as the first among four major challenges to law enforcement in Information Age.
The Attorney General said:
" Encryption, as a practical matter, diminishes the power of law enforcement to do its job ... . The consequences of our losing the ability to wiretap would be enormous."
The combination of the increasingly voracious appetite of the Federal police and intelligence agencies for wiretapping and other forms of intrusive and general surveillance makes this a particularly propitious time for the friends of liberty on and off the Internet to make a stand.
We now seem to have the political momentum, but we must be careful not to ask too little from the Congress.
It is undeniably important that the export controls be lifted. But we must also resist calls for key escrow schemes that will begin as voluntary measures, but inevitably end with a push for mandating government access to the keys to decryption.
"Voluntary" key escrow is a Trojan horse. The only chance such schemes have of working is if they are mandatory and the Intelligence community knows that. At last week's Senate hearing the Electronic Privacy Information Center (EPIC) cited a number of documents it had obtained under the Freedom of Information Act (FOIA) which make this point plain.
One briefing document obtained by EPIC and titled "Encryption: The Threat, Applications and Potential Solutions," and sent to the National Security Council in February 1993, the FBI, NSA and DO concluded that:
Technical solutions, such as they are, will only work if they are incorporated into all encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required.
Another undated FBI report titled "Impact of Emerging Telecommunications Technologies on Law Enforcement" observes that "[although the export of encryption products by the United States is controlled, domestic use is not regulated." The report concludes that "a national policy embodied in legislation is needed." Such a policy, according to the FBI, must ensure "real-time decryption by law enforcement" and "prohibit cryptography that cannot meet the Government standard.
We are now at a historic crossroads. We can use emerging technologies to protect our personal privacy or we can allow law enforcement agencies to use scare tactics about terrorism to con us into a further erosion of our Constitutional rights against unwarranted and generalized searches that have little law enforcement value.
[ Censorship | Privacy/Encryption | ACLU v. Reno | Cyber-Liberties Updates | Cyber-Liberties Home ]
Copyright 1996, The American Civil Liberties Union
Related Issues
Stay informed
Sign up to be the first to hear about how to take action.
By completing this form, I agree to receive occasional emails per the terms of the ACLU's privacy statement.
By completing this form, I agree to receive occasional emails per the terms of the ACLU's privacy statement.