James Fotis Testifies Before the Subcommittee on the Constitution, Federalism and Property Rights

Testimony of James J. Fotis
Executive Director
Law Enforcement Alliance of America
Before the Subcommittee on the Constitution, Federalism and Property Rights
of the Senate Judiciary Committee

On Behalf Of The
Americans For Computer Privacy Coalition

March 17, 1998

Good morning and thank you Mr. Chairman and members of the subcommittee, for providing me with this opportunity to discuss the important and complex issue of encryption. My name is Jim Fotis and I am the Executive Director of the Law Enforcement Alliance of America more commonly known as LEAA. LEAA is the nation’s largest coalition of law enforcement professionals and crime victims representing over 65,000 Americans. I am testifying on behalf of American’s for Computer Privacy, a broad-based coalition working to ensure that the privacy of American communications is preserved and protected in the information age. I am also a retired police officer.

And as a retired officer I urge citizens to protect themselves from attacks and thefts in a variety of ways, such as purchasing a dead bolt or high-tech security system for their house or car, or reminding them to park in well-lit lots and be aware of their surroundings. I advocate the same protections for their intellectual property and digital files and encryption are the “dead-bolts”that lock those files.

However, the Administration and FBI Director Freeh have stated that encryption “poses a threat to public safety.” On the contrary, the threat to public safety comes from the lack of encryption; files that are not secure are ripe for theft and misuse.

Without encryption, the electronic networks that control such critical functions as prison records, the air traffic control system, and the public telephone system would be vulnerable. Many governmental agencies utilize encryption. If cryptography can help protect nationally critical information systems and networks against unauthorized penetration (which it can), it also supports the national security of the United States as well as the security of the individual.

The federal government should also be interested in helping to defend U.S. business interests against compromises of information or security leaks. The Justice Department reported computer security breeches cost U.S. business and consumers $7 billion dollars a year.

In today’s market, businesses and individuals transmit considerable amounts of confidential information, including items such as financial records and assets, project and merger proposals, medical records, trade secrets, and research and development information through electronic channels. More significantly, U.S. businesses are competing on a worldwide basis making them potential targets for competitors, foreign governments or vandals. So if by using encryption we can reduce computer theft crimes and lower economic espionage it is a net gain for law enforcement.

I work with crime victims every day; we have to give them the power to protect themselves against these unwanted attacks, physical or informational. As a police officer I swore to protect this nation, its citizens and its laws, but the current Administration’s policy flies in the face of our founding fathers, running afoul of the first, fourth, fifth and tenth amendments. Since when did we decide our citizens are guilty until proven innocent? Because that is essentially what you are saying when you mandate backdoor access to their files. As an officer, I cannot and will not support a policy that potentially victimizes law-abiding citizens.

Proposed legislation would require purchasers of encryption to turn over a “key”to a third party. That third party might in turn be ordered to turn that key over to the government. So much for Fourth-Amendment guarantees of “the right of people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.” If we as law enforcement need to search your computer files or read your e-mail, we should have to go through the same procedures as we would for tangible or real property, meaning we would have to show the court “probable cause”to obtain a search warrant.

Even scarier than the blatant erosion of our 4th amendment right is the fact those supporting this legislation have chosen to ignore a report issued by the world’s top cryptographers entitled “The Risk of Key Recovery, Key Escrow and Trusted Third Party Encryption.” It stated clearly that “the field of cryptography has no experience in deploying secure systems of this scope and complexity.” Implying such systems involve security risks and could potentially cost billions of dollars. The 1996 National Research Committee, (NRC) report also warned third party key recovery introduced “a system weakness”, putting crucial infrastructures at risk and questioned whether it could actually work on a large scale. As lawmakers and law enforcement professionals we have a duty to protect, not jeopardize our constituents business and private information. But by concentrating too much power in untested key recovery centers, we make the nation vulnerable to attack by terrorists and abuse by those entrusted with the power

And now to answer the question I know many of you are waiting to ask, yes, encryption sometimes provides a shield for some criminal activity. But the simple fact is that more than 500 strong encryption products are readily available and in use around the world today. If the Administration is trying to prevent criminal access to encryption, then they are too late. We must strive to keep the political debate focused on criminal behavior and criminal punishment, and to communicate the shared opinion of most law enforcement professionals that encryption restrictions are not an effective crime deterrent.

Meanwhile, state-of-the-art software applications have thwarted an incalculable number of crimes, protecting millions of dollars and thousands of people as well as giving street cops in departments such as the Delaware State Police fast access to reliable information before they approach a vehicle, house or suspect, allowing them to accurately assess potentially dangerous situations. Police are able to connect directly to national and state databases, police computers and the National Crime Information Computer. Unlike traditional police radio transmissions, information running over these networks is secure since the systems use encryption that is inherent in their design. In addition to other benefits, this technology allows officers to stay silent, unlike radio transmission that can be picked up on scanners by people attempting to keep track of police whereabouts, for instance drug dealers or burglars.

Now, the FBI is going to say that this will mean unbreakable codes, translating into the creation of more crime. This is simply wrong. For preventing sabotage, you need a system that does not have well known limits and vulnerabilities. If everybody uses the same type encryption, sooner or later someone will find vulnerability and figure out how to break it. Therefore, to be safe, you need different systems.

The FBI says it is trying to stop crime. The problem is you can’t stop crime by focusing on inanimate objects — you must focus on the criminal. The criminal, terrorist or college hacker is still out there and using the very weapons our government won’t allow us access to. Simply put, you are mandating that criminals outgun us. It’s like giving the American public a rubber baseball bat to fight a robber with a gun. If you think this is helping law enforcement you are dead wrong.

The Cold War has ended, but a new war has emerged — a war for control of our new found infrastructure. And the only way to win this war and protect our constitutional rights is through strong encryption. Let’s not allow 1998 to become the start of Orwell’s 1984.

I thank you for the opportunity to testify and look forward to your questions.