Subcommittee on The Constitution, Federalism and Property Rights
on “Privacy and the Digital Age: Encryption and Mandatory Access”prepared by
Kathleen M. Sullivan
on behalf of the Americans for Computer Privacy
At the close of the Senate Judiciary subcommittee hearings on “Privacy and the Digital Age: Encryption and Mandatory Access,” its chairman, Senator Ashcroft, invited all participants to make further comments on the issues raised during the hearings. We wish to accept that invitation to offer some comments on the testimony and statement submitted to the Committee on behalf of the Department of Justice by Robert S. Litt, the Principal Associate Deputy Attorney General.
We find much to agree with in Mr. Litt’s statement. We applaud the decision of the Department of Justice not to seek immediate legislation on the question of mandatory access to private encrypted messages. We appreciate the recognition of the Department that important privacy interests must be respected in working out any long-term viable solution. And we agree that cooperative efforts between the Department of Justice and the affected industries and institutions could improve the harmonization of privacy and security interests. Nonetheless we think that Mr. Litt’s prepared statement and oral testimony do not do an adequate job in balancing the relevant interests, both on practical and constitutional grounds. Our joint comments express our concerns with the positions taken by the Department of Justice.
Practical and Administrative Concerns
As a practical matter, we think that reconciling the claims of privacy and security pose a more daunting challenge than Mr. Litt acknowledges. He writes: “The Administration’s approach [to escrowed key recovery] has found support in the marketplace, in part because businesses and individuals need a routinely available method to recover encrypted information.” (Testimony, page 2). This assertion, however, glosses over the very different objectives and requirements of private and law enforcement key recovery.
First, private parties have no need or desire for key recovery systems that operate without their knowledge and cooperation; yet that feature is one on which the Department of Justice insists. Second, private key recovery systems do not have to operate within the strict time limits, often measured in hours, that the government demands for its key recovery. Third, a private encryption system does not require the long-term storage of all communications once they are completed, which is one of the central demands of the government system. Fourth, private key recovery does not contemplate the sharing of keys with foreign governments, which is again part of the Department of Justice’s present demand.
The cumulative impact of these differences matters. The Ad Hoc Group of Cryptographers and Computer Sciences concluded that “the requirements of government key recovery are almost completely incompatible with those of commercial encryption users.” (Ad Hoc Group, The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption, at 7). Nothing in Mr. Litt’s written or oral statements explained how these profound differences are to be overcome, or how the widely different private approaches to key recovery could be meshed with a single government imperative. His observation of “marketplace support” may reflect the business decision of a few companies to seek to gain a leg up in the encryption business by complying with the government demands on the use of encryption in export markets. It does not reflect the strong conviction of the many suppliers and users of encryption services who remain deeply troubled by the inherent insecurities that mandatory government access introduces into all encryption systems.
Second, we disagree with the Department of Justice’s assessment of the ability of private industry to serve two masters by developing secure methods of mandatory access. Mr. Litt observes that industry wizards can always develop “market savvy” solutions to key recovery because of their “technical know-how” to deal with complex problems. But private industry is not able to perform miracles. Once it understands that trapdoor key recovery necessarily compromises the integrity of any encryption device, it can no more design around that problem than a skilled mathematician can square the circle or reduce pi to a simple fraction.
And even if private industry could design the impossible, it could not administer it consistent with the level of security that it demands. Any successful key recovery program requires the extensive cooperation of government agencies, none of whom have in place the massive technical infrastructure that is necessary to manage billions of keys to the massive and ever-expanding stream of encrypted data that is sent over the wires. Yet we have heard nothing to suggest that government has made the huge staffing and resource commitments without which any full-scale program of key recovery will quickly fail; nor is there any recognition that the government or its designated key-recovery agents might have to bear some financial liability when encrypted messages are compromised. The Department of Justice is worried about the possibility that it will be faulted if it does not foil some major terrorist incident without a key recovery system in place. It fails, however, to express equal concern at the possibility that the defective design or ineffective government administration of a mandatory access system could bring on the very catastrophe that it wishes to prevent.
Third, we believe that the Department of Justice has refused to acknowledge the major shortcomings in its surveillance system that will remain even if a comprehensive (but flawed) key recovery system could be put into place. The presence of this system will induce terrorist and criminal elements to find ways to transmit their information outside the system, and to use any of the hundreds of strong encryption devices that are now on the market, both in the United States and elsewhere. Even if constrained to use back door encryption systems, they could flood the system with thousands of false messages to throw law enforcement systems off the scent; they could use multiple layers of code so that the plaintext message recovered is unintelligible to outsiders without further information; and they could always treat the key escrow program as an object of its own attacks. We fear therefore that terrorist and criminal elements will be adept at evading or invading a system that can effectively compromise the legitimate activities or ordinary individuals and businesses. Yet nothing in Mr. Litt’s testimony offers reason to believe that trap door recovery will secure the ends of law enforcement against these dangers. What reason is there to believe that drug kingpins will store their “little black books” in a key recovery system when so many unbreakable systems are already freely available in the marketplace?
Our uneasiness about the practical soundness of the Justice Department’s position carries over to the analysis of its legal position. Initially Mr. Litt’s statement notes that the government is now pursuing “voluntary” cooperation with its programs. To the extent that this expression only means that the government has asked private software manufacturers to include back door keys in their encryption devices, we see no constitutional difficulties with this program as long as the private manufacturers are allowed to “just say no.” But the question of whether the government approach should be regarded as “voluntary” takes on a different coloration if the price for noncompliance with the government position is the loss of government contracts or grants, and when compliance with these government requests promises favorable treatment in a wide range of government programs. And we are even more worried about government requests that strong encryption be used not only in business with the government, but in all business that government contractors and grantees have with other parties. At this point the massive power that government has over all aspects of our economy gives its voluntary requests a far more ominous tone that could easily verge on institutional coercion. An additional concern raised by the Justice Department’s position is the prospect of uneven treatment of private and public entities, for we have no doubt that many government agencies (the military, the NSA, Social Security and Medicare operations) would refuse to turn over to the Department of Justice trapdoor keys for their sensitive information.
Our concerns are not eased when we look at some of the constitutional claims advanced in Mr. Litt’s testimony. Initially, we take issue with his optimistic assessment that no Fourth Amendment concern is warranted because “a well-designed plaintext recovery regime would ensure that users’ reasonable expectations of privacy were preserved.” In our view, the relevant set of reasonable expectations should not be shaped by private capitulation to government’s insistence on intrusive systems of surveillance. Rather, the original purpose of the reasonable expectations test was to augment private protection against trespassory invasions by requiring government additionally to respect the privacy of ordinary individuals who had made reasonable efforts to keep their information away from the prying eyes and ears of the government and other private parties. That is what the ordinary user of the telephone does by shutting the door to the booth; and that is what private individuals and businesses do when they encrypt their information for storage or transmission. Government may not bootstrap itself out of societal understandings that some areas of life deserve presumptive protection from government invasion simply by invading those areas. So long as internet users and businesses reasonably believe that backdoor entry degrades the protection that is afforded by strong encryption — just as reasonable expectations of privacy would be degraded if they had to store extra keys to their houses or duplicates of their private papers with government-designated third parties — they are entitled to the traditional protections provided by the Fourth Amendment against unreasonable searches and seizures.
Mr. Litt further claims that private individuals and firms need have no fear of the key recovery system because the government will be able to turn the key in the lock only after it complies with the all the requirements that it now faces to getting information, including, where appropriate, any needed search warrants. But that Department of Justice assurance is not responsive to the full set of risks introduced by mandatory government access. It does nothing to address the risks of unauthorized third parties gaining illicit access to confidential communications or data, or of some rogue law enforcement agents, unimpeded by any notice and knock conditions, conducting unauthorized searches of their own. Nor does it address the invasion of reasonable expectations worked by the mandatory surrender of privacy at the outset.
Most important, in his oral testimony, Mr. Litt conceded that forcing individuals to turn over their keys to a government-designated agent represents a seizure of that key, thus implicating the Fourth Amendment. If so, then we are baffled as to how he can defend the constitutionality of the system. General warrants and dragnet searches were the prime targets of the Fourth Amendment; they are not insulated from review when the government outsources its activities to chosen contractors who become for these purposes federal agents. The all-inclusive scope of the government-mandated seizure involved in mandatory key access necessarily runs afoul of the Fourth Amendment’s requirement that all searches be done only with probable cause on particular description of the items to be seized.
Mr. Litt’s statements also fail to quell our uneasiness about the government’s position on the potential violation of the Fifth Amendment’s privilege against self-incrimination. In his written statement, Mr. Litt suggests that there is no compulsion on a user of encryption if the government merely requires the manufacturer to build in a government-accessible key, ignoring the fact that any compulsion on the manufacturer will run also against the user through the purchase. Mr. Litt also suggests that even compelling the encryption user directly to supply a key to a third party is unproblematic because such a communication is no more testimonial than a compelled consent form authorizing a foreign bank to disclose bank records, such as the one the Court held permissible in Doe v. United States, 487 U.S. 201 (1988). This argument ignores important differences between compelled key access and the forced bank record access upheld in Doe. First, many communications encrypted on the internet will be private or personal, intended only for the unmediated view of the intended recipient, unlike bank records whose privacy one has waived by voluntarily surrendering information to the bank, see United States v. Miller, 425 U.S. 435 (1976). Second, the act of producing the key to any particular internet message is arguably more “testimonial” than generic authorization of access to unspecified and thus “hypothetical” bank accounts that was upheld in Doe. Finally, even if Mr. Litt were correct that any Fifth Amendment privilege claim against mandatory key access would ultimately fail as a technical matter because the compulsion on the user would be disaggregated from any incriminating testimony extracted from the third-party recovery agent, it is surely constitutionally troubling to design a system for the very purpose of making it impossible for any encryption user ever to assert a Fifth Amendment privilege with respect to an encrypted communication.
Mr. Litt similarly dismisses too readily, we think, important First Amendment concerns raised by mandatory key access. He suggests that encrypted communications do not count as speech at all because numeric code cannot be readily understood by lay observers. The First Amendment, however, has long been interpreted to protect complex scientific, artistic, musical, or mathematical notation as well as other forms of expression. As the Supreme Court recently noted, “a narrow, succinctly articulable message is not a condition of constitutional protection, which if confined to expressions conveying a “particularized message,” would never reach the unquestionably shielded painting of Jackson Pollock, music of Arnold Schonberg, or Jabberwocky verse of Lewis Carroll.Hurley v. Irish-American Gay Group of Boston, 115 S. Ct. 2338 (1995).
Mr. Litt further suggests that, even if encryption does count as speech, any mandatory key access scheme would merely be required to satisfy the intermediate scrutiny appropriate to “time, place or manner” regulations or “incidental restrictions on communicative conduct.” This is far from clear. For one thing, a total ban on a uniquely valuable medium of expression — here, the medium of securely encrypted internet communications — has never been considered a mere “manner” regulation. A manner regulation merely forces a speaker to shift to a substitute form of communication, but by definition an insecure communication cannot substitute for a secure one. A ban on unescrowed encryption thus resembles the total bans on sign-posting or leafleting that have been struck down as exceeding the limits of permissible manner regulation. For another, Mr. Litt ignores the compulsion of speech entailed by mandatory key access: a third-party must be given information the speaker otherwise would not disclose, and indeed under some versions of key access, that information would have to be textually embedded in each discrete communication the speaker chose to make. But the right to speak has long been thought to entail a strong presumptive right not to speak, including the right to speak anonymously. While compelled speech is permitted under certain circumstances, such as in food and drug labeling or securities exchange disclosures, compelling all users of the internet to disclose their keys at all times and for all purposes would involve compelled speech on an unprecedented and constitutionally troubling scale. Moreover, even if encryption regulation were considered content-neutral, as Mr. Litt suggests it should be, that would not eliminate all First Amendment concern. To the contrary, laws that significantly deter speech may well violate the First Amendment even if they do not prevent the speech altogether, as illustrated by numerous decisions invalidating laws restricting the receipt of payment for speech. It could hardly be argued that requiring letters to be posted in transparent glassine envelopes would be a permissible end run around the unconstitutionality of a ban on the sending of letters themselves.
Most troubling of all of Mr. Litt’s First Amendment arguments is his suggestion that mandatory key access will not “chill” speech because it gives government “no greater access to the content of private parties� communications than it currently has.” This argument suffers from the same fallacy as his argument under the heading of the Fourth Amendment that forced key disclosure to government-designated agents does not breach reasonable expectations of privacy. In either form, the argument assumes that a government unconstrained by knock-and-announce rules will never err or overreach in seeking keys, and that criminal interlopers will never take advantage of the expanded opportunities for theft or fraud opened up to them by the expansion of non-user-controlled key storage sites. If either assumption is relaxed, as in an imperfect world they must be, then there can be no question of a chilling effect on speech.
Finally, we think that one common thread explains why the Department of Justice has failed to attach adequate weight to the constitutional objections against its proposal. At the end of his testimony, Mr. Litt notes a conversation that he had with a representative of the computer industry who challenged him with this observation: “We don’t ban cars, do we? Then why are you trying to ban encryption?” Mr. Litt answered that challenge in two ways. First, he denied that the government seeks an outright ban, but he could not deny that the government proposals if adopted would operate to reduce the levels of private encryption and the security of any encryption still undertaken. Next Mr. Litt sought to justify the proposed government restrictions by enumerating the various types of regulation routinely allowed for automobiles: safety inspections, minimum gas mileage requirements; pollution emission requirements; seatbelts and airbags; drivers’ licenses and highway regulations. In his view, the same principles that allow extensive regulation of the automobile allow the proposed regulation of communication.
We believe that his analogy is fundamentally flawed because it overlooks the difference in level of scrutiny brought to different activities. The driving of an automobile, however important it may be in the lives of ordinary individuals, does not implicate the preferred freedom that the Bill of Rights accords to speech. Nor does driving a car on a public highway implicate Fourth Amendment liberties to the same extent as other activities conducted out of public view. The security of the person or of a person�s papers against government searches and seizures has long been accorded far more protection than the security of a driver of a car. Hence the scrutiny brought to the use of automobiles is often that of the rational basis test, a deferential standard under which the government is able to prevail by a showing of any reasonable connection between the regulations imposed and the public interest advanced. Indeed most of the regulations listed by Mr. Litt satisfy even greater amounts of scrutiny. Safety inspections and pollution controls help prevent tortious wrongs to other individuals; licensing requirements, speed limits and other safety rules protect each individual user of the highway from harms by others; airbags and seatbelts are also directed at fundamental safety concerns. And the most dubious item on his list, mandatory mileage controls, would at most require the computer and communications industry to increase output and reduce price, which they have done at a dizzying pace.
None of these highway safety regulations begins to touch the interests of individual privacy that lie at the core of the present dispute. Mr. Litt would be hard pressed to show that the government could make comprehensive searches of all automobiles on public highways on the suspicion that some tiny fraction of vehicles might be carrying drugs or contraband — a form of dragnet far more extensive than the limited border checkpoints and temporary roadblocks for sobriety checks that have previously been approved under the Fourth Amendment. Nor could government constitutionally make it a condition of traveling the public highways that all drivers file in advance a copy of their travel plans with a government-designated agent in order to facilitate the government�s possible location of a handful of wheelborne criminal suspects. Indeed the most that the government could glean from these highway cases is the possible authority to tag encrypted messages with license numbers so that they could be identified by source. Yet even here the First Amendment’s protection of anonymous speech and its prohibition against compelled speech might well be held to strike down those tracing efforts.
The issues raised by this hearing, however, go beyond these legal refinements. The Constitution today affords a high level of protection to privacy interests, which is implicitly denied by the government effort to analogize its mandatory access system to comprehensive regulation of the use of automobiles. Cars represent an area where the case for state regulation is at its peak. Mandatory access to private information represents that area where the government’s claims meet with far stiffer resistance. We think it only appropriate to express our grave misgivings with a Department of Justice position that supports regulation of private speech and communication that is more intensive and more intrusive than any scheme of automobile regulation now on the books. Its position represents a manifest inversion of constitutional priorities. Areas of great constitutional sensitivity deserve the highest levels of constitutional protection.