ROBERT S. LITT
PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL
BEFORE THE SENATE JUDICIARY COMMITTEE
March 17, 1998
At the same time, however, the widespread use of unbreakable encryption presents a tremendous potential threat to public safety and national security. Criminals and terrorists have already begun using encryption to conceal their illegal activities and to defeat important law enforcement and national security objectives. In developing our Nation's encryption policy, we must carefully balance the many different interests that the policy will affect. In seeking that balance, it is essential to understand both the promise and the peril that this technology holds, and to identify responsible ways forward that advance all of the competing interests.
I want to begin, Mr. Chairman, by clarifying the Clinton Administration's recent initiatives regarding encryption. For some time, the Administration's position has been to encourage the design, manufacture, and use of encryption products and services that allow for the plaintext of encrypted data to be recovered. The Administration's approach has in fact found support in the marketplace, in part because businesses and individuals need a routinely available method to recover encrypted information. For example, a company might find that one of its employees lost his encryption key, thus accidentally depriving the business of critically important and time-sensitive data. Or a business may find that a disgruntled employee has encrypted confidential information and then absconded with the key. In this type of case, a data recovery system promotes important private sector interests. Indeed, as the Government implements encryption in our own information technology systems, it also has a business need for plaintext recovery to assure that data and information that we are statutorily required to maintain are in fact available at all times. For these reasons, as well as to protect public safety, the Administration has been affirmatively encouraging the development of data recovery products, recognizing that only their widespread, ubiquitous use will both provide greater protection for data and protect public safety.
In further support of this goal, two weeks ago we set in motion a process of pursuing an intensive dialogue between industry and law enforcement. Our goal in this process is to bring the creative genius of America's technology leaders to bear in developing technical, market-savvy solutions that will enable Americans to realize the benefits of strong encryption while continuing to protect public safety and national security. We do not harbor any illusions that there is one magic technology, a silver bullet that addresses all the needs of the marketplace. But we think constructive dialogue in a variety of areas and fora is far preferable to a stalemate that arises from a battle of wills and rhetoric; working together is better than fighting legislative battles.
The Administration is not advocating any single product, technology, or even technical approach. Rather, we are flexible -- provided that the resulting solutions and arrangements preserve the Nation's ability to protect the public safety and defend our national security. These are public interests of the highest order, shared by the Congress and by all of our law-abiding citizens. Industry has the technical know- how to develop commercially viable mechanisms that maintain the government's ability to safeguard its citizens, while protecting our citizens from unwarranted intrusions from any source.
Now let me describe in a little more detail the important law enforcement and national security interests that are at stake in the encryption debate. First, I want to reiterate that the Department of Justice supports the use of strong encryption. Law enforcement's responsibilities and concerns include protecting privacy and promoting secure commerce over our nation's information infrastructure. For example, we prosecute those who violate the privacy of others by illegal eavesdropping, hacking, or stealing confidential information. In the National Information Infrastructure Protection Act of 1996, at the request of the Administration, Congress provided further protection to the confidentiality of stored data. And the Department of Justice helps promote the growth of electronic commerce by enforcing the laws, including those that protect intellectual property rights and that combat computer and communications fraud.
Moreover, the Department of Justice, like other government agencies, realizes that our own information technology systems will increasingly require the use of strong encryption to provide appropriate security for the valuable and sensitive information that we hold on behalf of the American people. The Department, both as an enforcer of the law and as a consumer of encryption technologies, thus has a keen interest in the success of American industry in this area.
However, I don't think that it can reasonably be disputed that the unchecked spread of non-recoverable encryption will also endanger the public safety and our national security. People think of encryption primarily in the context of transmitted communications such as phone calls, and its effect on wiretaps. Indeed, it is absolutely essential that law enforcement preserve the ability to obtain the plaintext of information from lawfully authorized wiretaps and to authenticate this information in court. Court-ordered wiretaps are an essential tool for law enforcement in investigating and prosecuting some of our most important matters involving narcotics dealing, terrorism and organized crime.
But I'd like to focus for a moment on a slightly different aspect here: data stored on computers. It's very common, for example, for drug dealers or terrorists, or any other criminals for that matter, to keep records of their activities in notebooks or other written form. When I was an Assistant United States Attorney, I prosecuted several cases in which we arrested drug dealers and seized their "little black books" pursuant to search warrants or other valid legal authority. These notebooks provided invaluable evidence against the defendant and helped us identify and prosecute other members of the drug ring.
Today, however, we might find that the defendant is using one of the increasingly popular electronic organizers or personal information manager software programs to keep his records instead of a notebook. Or we might find that a swindler running a telemarketing scam has his records on a computer instead of in file cabinets. The switch from written to digital records does not undermine law enforcement interests -- as long as the defendant hasn't encrypted the data. But if strong encryption becomes a standard feature, law enforcement will lose its ability to obtain and use this evidence. In fact, commonly available encryption products are already so strong that we cannot break them.
The same problem exists with respect to other types of criminals also. Ramzi Yousef, the mastermind of the World Trade Center bombing, used a laptop computer. Pedophiles who exchange child pornography via computer are already actively using encryption. White collar criminals and economic spies often use computers to steal our businesses' valuable intellectual property. I can't emphasize too strongly the danger that unbreakable, non-recoverable encryption poses: as we move further into the digital age, as more and more data is stored electronically rather than on paper, as very strong encryption becomes built into more and more applications, and as it becomes easier and easier to use this encryption as a matter of routine, our national security and public safety will be endangered -unless we act responsibly.
Some people have suggested that this is a mere resource problem for law enforcement. They believe that law enforcement agencies should simply focus their resources on cracking strong encryption codes, using high-speed computers to try every possible key when we need lawful access to the plaintext of data or communications that is evidence of a crime. But that idea is simply unworkable, because this kind of brute force decryption takes too long to be useful to protect the public safety. For example, decrypting one single message that had been encrypted with a 56-bit key took 14,000 Pentium-level computers over four months; obviously, these kinds of resources are not available to the FBI, let alone the Jefferson City Police Department. Moreover, it is far easier to extend key lengths than to increase computer power. Indeed, 128-bit encryption is already becoming commonplace. In this environment, no one has been able to explain how brute force decryption will permit law enforcement to fulfill its public safety responsibilities.
We believe that the most responsible solution is the development and widespread use of encryption systems that, through a variety of technologies, permit timely access to plaintext by law enforcement authorities acting under lawful authority. I will refer to these systems, collectively, as plaintext recovery systems, although they can encompass a variety of technical approaches. The concept of key recovery, where the key to encryption is held by a trusted third party, is one such approach, but it is by no means the only one that would meet law enforcement's goals.
Some have suggested that law enforcement's access to the plaintext of encrypted data and communications that is evidence of a crime would violate constitutional rights. Although I will discuss in a moment the constitutionality of a mandatory recovery regime, let me begin by reiterating that no such mandatory regimeexists, nor does the Administration seek one. Rather, the Administration's efforts have been to encourage the voluntary use of data recovery products. In this context, there is no doubt that the government's efforts are constitutional.
It is certainly difficult to understand how a voluntary regime might violate the Fourth Amendment. As with any kind of stored and transmitted data, it is axiomatic that the government may obtain both encrypted text and decryption keys pursuant to lawful process, which may include a wiretap order, a search warrant issued upon probable cause, a subpoena, or the consent of the party possessing the particular item. Each of these comports with the Fourth Amendment, and voluntary data recovery products do not change this analysis. Additionally, if an individual's encryption key were stored with a third party, Congress require by legislation that, to compel production of the key, law enforcement would have to meet a standard higher than that required by the Fourth Amendment, much as the Electronic Communications Privacy Act requires a court order to obtain transactional data. If Congress were to address this issue, we would be pleased to work with you to determine the appropriate standard and mechanisms for obtaining keys.
The Subcommittee has requested that I address the legal issues that might be associated with a mandatory plaintext recovery regime. Again, let me restate that the Administration does not advocate such an approach, and believes that a voluntary solution is preferable. Nonetheless, I am prepared to discuss hypothetical legislation prohibiting the manufacture, distribution and import of encryption products that do not contain plaintext recovery technologies, so that the capability to decrypt encrypted data and communications is available to law enforcement upon presentation of valid legal authority.
In considering the Department's views on these issues, I would urge you to keep several caveats in mind. first, the constitutional issues that such a regime would present are undoubtedly novel ones. Indeed, the spectacular growth of the digital world has created many confounding legal issues that the Congress, the courts, the Administration, and our society at large are wrestling with. If history is any guide, changes in technology can lead to changes in our understanding of applicable constitutional doctrine. Moreover, these issues are particularly difficult to address in the abstract, because mandatory plaintext recovery could take a variety of forms. Nonetheless, and with these caveats, it is the best judgment of the Department of Justice that a mandatory plaintext recovery regime, if appropriately structured, could comport with constitutional doctrine.
Let me turn first to the Fourth Amendment. It should be remembered at the outset that the Fourth Amendment does not provide an absolute right of privacy, but protects reasonable expectations of privacy by prohibiting unreasonable searches and requiring that a warrant issue only upon a finding of probable cause by a neutral and detached magistrate. A well-designed plaintext recovery regime would ensure that users' reasonable expectations of privacy were preserved. Any legislation in this area, whether or not it imposed plaintext recovery requirements, should not lessen the showing the government must make to obtain access to plaintext. If a search warrant for data was required before, it should be required under any new regime. By requiring the government to meet current constitutional thresholds to obtain plaintext, such a regime would, in our view, comply with the Fourth Amendment. Moreover, Congress could require under such a regime that even if law enforcement obtains a search warrant for data or communications, it would need additional authority, such as a court order, to obtain the key or other information necessary to perform any decryption if the information is encrypted.
Some have also argued that mandatory plaintext recovery regime would violate the Fifth Amendment's prohibition against compulsory self- incrimination. However, the Fifth Amendment generally prohibits only disclosures that are compelled, testimonial, and incriminating. If a manufacturer of an encryption product were required to maintain information sufficient to allow law enforcement access to plaintext, we believe that there would be no violation of the Fifth Amendment because no disclosure at all would be compelled from the user of the encryption product. If, on the other hand, a mandatory plaintext recovery regime required the user of an encryption product to store his key (or other information needed for recovery) with a third party in advance of using the product, we do not believe that such an arguably compelled disclosure would be testimonial as that term has been interpreted by the Supreme Court. In Doe v. United States, 489 U.S. 201 (1988), the Court held that an order compelling a person to execute a form consenting to disclosure of foreign bank accounts did not violate the Fifth Amendment because the form was not testimonial. The compelled disclosure of decryption information to a third party would not seem to be any more testimonial. Moreover, we doubt whether such a disclosure would be incriminating, because unless and until the encryption product is used in the commission of a crime, the key would pose no threat of incrimination against the user.
Finally, it has been suggested that a statutory restriction on the manufacture, import, and distribution of certain types of encryption products would violate the First Amendment. Opponents of encryption restrictions sometimes argue that the First Amendment protects the right of persons to speak in "code" -- i.e., to speak in ciphertext -- and that a restriction on the distribution of products that make a particular coded communication possible would be analogous to placing a restriction on the use of a foreign language. This First Amendment argument rests on the faulty premise that the creation or dissemination of ciphertext itself is constitutionally protected. But, unlike a foreign language, the ciphertext that is created by strong encryption products cannot be understood by the viewer or listener. When it is heard, such as on a wiretap of a telephone, ciphertext simply takes the form of unintelligible static. In written form, ciphertext may be in the form of letters, numerals and symbols, but no human being can read or "understand" it: it does not contain characters or words or symbols that represent or correspond to any other characters, words or symbols. Accordingly, ciphertext is not like a foreign language, the use of which can convey unique meaning and nuance to the listener or reader. Thus, ciphertext itself -- as opposed to the underlying plaintext -- has none of the properties of protected "speech" that the Supreme Court has traditionally identified, and, accordingly, the dissemination of ciphertext should not be entitled to First Amendment protection.
A second form of First Amendment argument focuses not on the ciphertext, but on the underlying plaintext. Under this theory, a prohibition on the manufacture or distribution of nonrecoverable encryption products would inhibit an alleged constitutional right of persons to obscure their communications in any manner they see fit. Even if legislation would impose such a practical limitation on the manner in which speakers may obscure their underlying communications, it could be drafted so as to pass muster as a permissible time, place and manner restriction -- particularly since any such restriction on the "tools" of speech would be unrelated to any communicative impact of the underlying plaintext and the controls would leave open ample and robust alternative channels or methods for obscuring the underlying plaintext.
A related argument is that a communications infrastructure in which recoverable encryption is the de facto standard will impermissibly chill a significant quantum of speech because individuals' knowledge of law enforcement's ability to overhear and decipher communications and data will unduly deter them from communicating. But under such a system, the government would have no greater access to the content of private parties' communications than it currently has, and it is well- settled that the government's exercise of its established statutory powers to intercept and seize communications does not create such a "chilling" effect on speech as to transgress the First Amendment, so long as that power is exercised consistent with the Fourth Amendment, and for valid reasons authorized by statute, such as to discover evidence of criminal wrongdoing. See, e.q., United States v. Ramsey, 503 F.2d 524, 526 n.5 (7th Cir. 1974) (Stevens, J.) (rejecting argument that "the very existence of wiretapping authority has a chilling effect on free speech and, therefore, violates the First Amendment"); accord United States v. Moody, 977 F.2d 1425, 1432 (11th Cir. 1992).
A final type of First Amendment argument often heard is that a restriction on the manufacture and distribution of certain types of encryption products would impermissibly restrict the ability of cryptographers, and others, to disseminate the computer code that is used by computers to transform plaintext into ciphertext. But that argument is based on the mistaken premise that dissemination of the code embedded in encryption products itself is necessarily a form of expression protected by the First Amendment. Most such code is in the form of "object code." Object code is simply an immense string of "0"s and "l"s, representing a bewildering concatenation of thousands or millions of high and low voltage electrical impulses. As such, machine"readable" cryptographic object codes can reveal neither to possible "readers" neither the ideas they embody, nor the manner in which the ideas are expressed. And this is especially true where such object code is embedded in a product such as a semiconductor chip, so that even the "0"s and "l"s cannot be discerned. Therefore, a restriction on the dissemination of encryption products containing object code would not violate the First Amendment.
The question would be somewhat more complicated with respect to source code -- i.e., the instructions to the computer that human beings write and revise. Some persons do disseminate source code for communicative purposes. Nevertheless, we believe that a restriction on the dissemination of certain encryption products could be constitutional even as applied to those relatively infrequent cases in which such products are in the form of software that is disseminated for communicative reasons, because such a restriction could satisfy the "intermediate"scrutiny that the First Amendment provides for incidental restrictions on communicative conduct. As we have argued in litigation in the export-control context, such intermediate scrutiny would be appropriate because the government's reason for regulating source-code software would not be based on any informational value that its dissemination might have. Instead, regulation would be premised on the fact that such software -like all of the "encryption products" that would be regulated -has physical, functional properties that can cause a computer to encrypt information and thereby place plaintext beyond the technical capabilities of law enforcement to recover.
Once again, I would like to emphasize that I have presented our constitutional analysis of a mandatory plaintext recovery system to respond to the Subcommittee's request for our views on the legal issues associated with such systems. As I noted above, this constitutional analysis would depend significantly on the nature of the particular system Congress mandated and the findings which supported it; our analysis is entirely generic. Moreover, I would emphasize again here that it is not the policy of the Administration to seek mandatory plaintext recovery legislation; it is the Department of Justice's hope and expectation that the dialogue with industry that I spoke of earlier will yield outcomes that make sense from both a business and a public policy perspective.
Those who argue against preserving lawful government access to encrypted communications often say that the government should bow to the inevitable and accept, even embrace, the spread of unbreakable encryption, rather than trying to fight it. For example, one of my colleagues recently met with a representative of a large computer company who is critical of the Administration's encryption policy. This industry representative said that he recognized that encryption poses a problem for law enforcement, but that we should recognize that other technologies, such as cars, also create problems for law enforcement, yet we have managed. He said, "We don't ban cars, do we? Then why are you trying to ban encryption?"
Of course, I hope it is clear by now that the Government is not trying to ban encryption. Law enforcement supports the responsible spread of strong encryption. Use of strong encryption will help deter crime and promote a safe national information infrastructure.
But the more fundamental point raised by the analogy to the rise of the automobile is that society"managed" the automobile, not by letting it develop completely unfettered and without regard to public safety concerns, but first by recognizing that cars could cause substantial damage to the public safety, and then by regulating the design, manufacture, and use of cars to protect the public safety. Cars must be inspected for safety on a regular basis. Cars are subject to minimum gasoline mileage requirements and maximum pollutant emission requirements. Cars built today must include seat belts and air bags. Perhaps most closely analogous, the laws of every jurisdiction in the United States closely regulate every aspect of driving cars on the public streets and highways, from driver's licenses to regulation of speed to direction and flow of traffic. Congress and the state legislatures recognized the public safety and health threats posed by the technology of automotive transportation, even as they recognized the dramatic benefits of mobility, productivity, and industrialization that the automobile brought with it. Elected government representatives of the people have consistently acknowledged and acted on their sworn responsibilities by assessing the public safety issues at stake and then regulating the technology accordingly.
Perhaps most relevant to the policy issues posed by encryption is the practice, begun by most states about a hundred years ago, of requiring cars to be registered and to bear license plates. More recently, federal law has required all vehicles to bear a vehicle identification number, or VIN. As you may recall, it was the VIN in the Oklahoma City bombing case that led the FBI to the truck rental office at which Timothy McVeigh rented the truck he used. We now recognize that license plates and VIN's afford victims of accidents, victims of car theft, and law enforcement officials with an essential means of identifying vehicles and obtaining information on the movements of criminals. Just as legislatures in the early 1900's acted to manage the risks posed by automotive technology, government leaders today, as the 21st century approaches, must bring the same sensitivity to the need to preserve and advance public safety in the face of encryption in the information age. And such a regulatory scheme, if constructed properly, will, like license plates, have benefits for businesses and consumers as well.
Of course, no analogy is perfect. Computers are not cars, and plaintext recovery is not a speed limit. But my broader point is an important one. The Framers of our Constitution determined that individuals would not have an absolute right of privacy. The Constitution recognizes that there are certain circumstances in which it is appropriate for law enforcement to obtain information that the individual wants to keep private: for example, when a judge finds probable cause to believe that information is evidence of a crime. Decisions as to where that line should be drawn are political and legal ones, not scientific or business ones; they should be made by this Congress and the courts, not by programmers or marketers. Policy should regulate technology; technology should not regulate policy. Just as in the first part of the twentieth century, the law had to take account of the changes in society brought about by the automobile, the law will have to take account of the changes brought about by encryption.
We at the Department of Justice look forward to continuing the productive discussions we have had with this Subcommittee and the Congress on encryption issues. We share the goal of arriving at a policy and marketplace that appropriately balance the competing public and private interests in the spread of strong encryption.
I would be pleased to answer any questions you may have.