Office of the Attorney General
Washington, D.C. 20530
July 18, 1997
Dear Member of Congress:
Congress is considering a variety of legislative proposals concerning the domestic use and
foreign export of encryption. Such proposals would, in effect, make it impossible for the Federal
Bureau of Investigation (FBI) and other federal, state, and local law enforcement agencies to
lawfully overhear criminal telephone conversations or gain access to electronically stored
evidence possessed by terrorists, child pornographers, and other criminals. Since these proposals
would seriously jeopardize public safety and national security, we collectively urge you to
support a different, balanced approach that strongly supports commercial and privacy interests
but maintains our ability to investigate and prosecute serious crimes.
We fully recognize that encryption is critical to communications security and privacy, and that
substantial commercial interests are at stake. Perhaps in recognition of these facts, all the bills
being considered allow market forces to shape the development of encryption products.
Although such market forces are important, we believe that commercial factors cannot, standing
alone, be relied upon to protect public safety and national security. Allowing cryptography-related market forces alone to play such a role would be akin to allowing market forces to
determine whether an unsafe airline should be allowed to fly. Obviously, the government cannot
abdicate its solemn responsibility to protect public safety and national security.
Currently, of course, encryption is not widely used, and most data is stored, and transmitted, in
the clear. As we move from a plaintext world to an encrypted one, we have a critical choice to
make: we can either (1) choose robust, unbreakable encryption that protects commerce and
privacy but gives criminals a powerful new weapon, or (2) choose robust, unbreakable encryption
that protects commerce and privacy and gives law enforcement the ability to protect public
safety. The choice should be obvious and it would be a mistake of historic proportions to do
nothing about the dangers to public safety posed by encryption without adequate safeguards for
law enforcement. Indeed, what will Congress and the Executive Branch say to the American
people when a crime or terrorism disaster occurs that could have been prevented?
Let there be no doubt: without encryption safeguards, all Americans will be endangered. No one
disputes this fact; not industry, not encryption users, no one. Yet those in favor of unbridled
market forces only pay lip-service to public safety and national security issues. This is not
enough. We must act to protect these critical values. This is why law enforcement at all levels
of government -- including the Justice Department, Treasury Department, the National
Association of Attorneys General, International Association of Chiefs of Police, the Major City
Chiefs, the National Sheriffs' Association, and the National District Attorneys Association -- are
so conscious about this issue.
We all agree that without adequate legislation, law enforcement in the United States will be
severely limited in its ability to combat the worst criminals and terrorists. Further, law
enforcement agrees that the widespread use of robust non-key recovery encryption ultimately will
devastate our ability to fight crime and prevent terrorism.
Simply stated, technology is rapidly developing to the point where powerful encryption will
become commonplace both for routine telephone communications and for stored computer data.
Without legislation that accommodates public safety and national security concerns, society's
most dangerous criminals, including drug kingpins, terrorists, and spies, will be able to
communicate safely and electronically store data without fear of discovery. Court orders to
conduct electronic surveillance and court-authorized search warrants will be ineffectual, and the
Fourth Amendment's carefully-struck balance between ensuring privacy and protecting public
safety will be forever altered by technology. Technology should not dictate public policy, and it
should promote, rather than defeat, public safety.
We are not suggesting the balance of the Fourth Amendment be tipped toward law enforcement
either. To the contrary, we only seek the status quo, not the lessening of any legal standard or the
expansion of any law enforcement authority. The Fourth Amendment protects the privacy and
liberties of our citizens but permits law enforcement to use tightly controlled investigative
techniques to obtain evidence of crimes. The result has been the freest country in the world with
the strongest economy.
Law enforcement has already confronted encryption in high-profile espionage, terrorist, and
criminal cases. For example:
* An international terrorist was plotting to blow up 11 U.S.-owned commercial airliners in the
Far East. His laptop computer which was seized during his arrest in Manila, contained encrypted
files concerning this terrorist plot.
* A subject in a child pornography case used encryption in transmitting obscene and
pornographic images of children over the Internet.
* A major international drug trafficking subject recently used a telephone encryption device to
frustrate court-approved electronic surveillance.
And this is just the tip of the iceberg. Convicted spy Aldrich Ames, for example, was told by the
Russian Intelligence Service to encrypt computer file information that was to be passed to them.
Further, today's international drug trafficking organizations are the most powerful, wealthiest and
ruthless organized crime organizations we have ever faced. We know from numerous past
investigations that they have utilized their virtual unlimited wealth to purchase sophisticated
electronic equipment to facilitate their illegal activities. This has included state of the art
communication and encryption devices. They have utilized this equipment as part of their
command and control process for their international criminal operations. It would be misguided
to think they will not take advantage of developing technology to further insulate their violent
and destructive activities.
Requests for cryptographic support pertaining to electronic surveillance interceptions from FBI
Field Offices and other law enforcement agencies have steadily risen over the past several years.
There has been an increase in the number of instances where the FBI's and DEA's court-authorized electronic efforts were frustrated by the use of encryption that did not allow for law
enforcement access.
There have also been numerous other cases where law enforcement, through the use of electronic
surveillance, has not only solved and successfully prosecuted serious crimes but has also been
able to prevent life-threatening criminal acts. For example, terrorists in New York were plotting
to bomb the United Nations building, the Lincoln and Holland Tunnels, and 26 Federal Plaza as
well as conduct assassinations of political figures. Court-authorized electronic surveillance
enabled the FBI to disrupt the plot as explosives were being mixed. Ultimately, the evidence
obtained was used to convict the conspirators. In another example, electronic surveillance was
used to stop and then convict two men who intended to kidnap, molest, and kill a child. In all of
these cases, the use of encryption might have seriously jeopardized public safety and resulted in
the loss of life.
To preserve law enforcement's abilities, and to preserve the balance so carefully established by
the Constitution, we believe any encryption legislation must accomplish four goals in addition to
promoting the widespread use of virtually uncrackable encryption. It must establish:
* A viable key management infrastructure that promotes electronic commerce and enjoys the
confidence of encryption users.
* A key management infrastructure that supports a key recovery scheme that will allow
encryption users access to their own data should the need arise, and that will permit law
enforcement to obtain court-ordered access to the plain text of encrypted communications and
data.
* An enforcement mechanism that criminalizes both improper use of encryption key recovery
information and the use of encryption for criminal purposes.
* A mandate that the federal government use key recovery encryption that is interoperable with
the private sector.
Only one bill, S.909 (the Kerrey/McCain bill) comes close to meeting these core public safety,
law enforcement, and national security needs. The other bills being considered by Congress, as
currently written, risk great harm to our ability to enforce the laws and protect our citizens. We
look forward to working to improve the Kerrey/McCain bill.
In sum, while encryption is certainly a commercial interest of great importance to this Nation, it
is not merely a commercial or business issue. Those of us charged with the protection of public
safety and national security, believe that the misuse of encryption technology will become a
matter of life and death in many instances. That is why we urge you to adopt a balanced
approach that accomplishes the goals mentioned above. Only this approach will allow police
departments, attorneys general, district attorneys, sheriffs, and federal authorities to continue to
use their most effective investigative techniques, with court approval, to fight crime and
espionage and prevent terrorism.
Sincerely yours,
Janet Reno
Go to . . . CCIPS Home Page || Justice Department Home Pages