TESTIMONY
OF
ROBERT S. LITT
PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL
BEFORE THE
SUBCOMMITTEE ON THE CONSTITUTION,
FEDERALISM, AND PROPERTY RIGHTS
COMMITTEE ON THE JUDICIARY
UNITED STATES SENATE
CONCERNING
PRIVACY IN A DIGITAL AGE: ENCRYPTION AND MANDATORY ACCESS
PRESENTED ON
MARCH 17, 1998
Thank you, Mr. Chairman and members of the Committee, for
this opportunity to discuss with you the important and complex
issue of encryption. Encryption holds the promise of providing
all of us with the ability to protect data and communications
from unlawful and unauthorized access, disclosure, and
alteration. Moreover, encryption can help prevent crime by
protecting a wide range of data as we and our valued information
become more and more connected to each other and to potential
adversaries through the spread of information networks. As a
result, the law enforcement community supports the development
and widespread use of strong encryption products and services.
At the same time, however, the widespread use of unbreakable
encryption presents a tremendous potential threat to public
safety and national security. Criminals and terrorists have
already begun using encryption to conceal their illegal
activities and to defeat important law enforcement and national
security objectives. In developing our Nation's encryption
policy, we must carefully balance the many different interests
that the policy will affect. In seeking that balance, it is
essential to understand both the promise and the peril that this
technology holds, and to identify responsible ways forward that
advance all of the competing interests.
I want to begin, Mr. Chairman, by clarifying the Clinton
Administration's recent initiatives regarding encryption. For
some time, the Administration's position has been to encourage
the design, manufacture, and use of encryption products and
services that allow for the plaintext of encrypted data to be
recovered. The Administration's approach has in fact found
support in the marketplace, in part because businesses and
individuals need a routinely available method to recover
encrypted information. For example, a company might find that
one of its employees lost his encryption key, thus accidentally
depriving the business of critically important and time-sensitive
data. Or a business may find that a disgruntled employee has
encrypted confidential information and then absconded with the
key. In this type of case, a data recovery system promotes
important private sector interests. Indeed, as the Government
implements encryption in our own information technology systems,
it also has a business need for plaintext recovery to assure that
data and information that we are statutorily required to maintain
are in fact available at all times. For these reasons, as well
as to protect public safety, the Administration has been
affirmatively encouraging the development of data recovery
products, recognizing that only their widespread, ubiquitous use
will both provide greater protection for data and protect public
safety.
In further support of this goal, two weeks ago we set in
motion a process of pursuing an intensive dialogue between
industry and law enforcement. Our goal in this process is to
bring the creative genius of America's technology leaders to bear
in developing technical, market-savvy solutions that will enable
Americans to realize the benefits of strong encryption while
continuing to protect public safety and national security. We do
not harbor any illusions that there is one magic technology, a
silver bullet that addresses all the needs of the marketplace.
But we think constructive dialogue in a variety of areas and fora
is far preferable to a stalemate that arises from a battle of
wills and rhetoric; working together is better than fighting
legislative battles.
The Administration is not advocating any single product,
technology, or even technical approach. Rather, we are flexible
-- provided that the resulting solutions and arrangements
preserve the Nation's ability to protect the public safety and
defend our national security. These are public interests of the
highest order, shared by the Congress and by all of our
law-abiding citizens. Industry has the technical know-how to
develop commercially viable mechanisms that maintain the
government's ability to safeguard its citizens, while protecting
our citizens from unwarranted intrusions from any source.
Now let me describe in a little more detail the important
law enforcement and national security interests that are at stake
in the encryption debate. First, I want to reiterate that the
Department of Justice supports the use of strong encryption. Law
enforcement's responsibilities and concerns include protecting
privacy and promoting secure commerce over our nation's
information infrastructure. For example, we prosecute those who
violate the privacy of others by illegal eavesdropping, hacking,
or stealing confidential information. In the National
Information Infrastructure Protection Act of 1996, at the request
of the Administration, Congress provided further protection to
the confidentiality of stored data. And the Department of
Justice helps promote the growth of electronic commerce by
enforcing the laws, including those that protect intellectual
property rights and that combat computer and communications
fraud.
Moreover, the Department of Justice, like other government
agencies, realizes that our own information technology systems
will increasingly require the use of strong encryption to provide
appropriate security for the valuable and sensitive information
that we hold on behalf of the American people. The Department,
both as an enforcer of the law and as a consumer of encryption
technologies, thus has a keen interest in the success of American
industry in this area.
However, I don't think that it can reasonably be disputed
that the unchecked spread of non-recoverable encryption will also
endanger the public safety and our national security. People
think of encryption primarily in the context of transmitted
communications such as phone calls, and its effect on wiretaps.
Indeed, it is absolutely essential that law enforcement preserve
the ability to obtain the plaintext of information from lawfully
authorized wiretaps and to authenticate this information in
court. Court-ordered wiretaps are an essential tool for law
enforcement in investigating and prosecuting some of our most
important matters involving narcotics dealing, terrorism and
organized crime.
But I'd like to focus for a moment on a slightly different
aspect here: data stored on computers. It's very common, for
example, for drug dealers or terrorists, or any other criminals
for that matter, to keep records of their activities in notebooks
or other written form. When I was an Assistant United States
Attorney, I prosecuted several cases in which we arrested drug
dealers and seized their "little black books" pursuant to search
warrants or other valid legal authority. These notebooks
provided invaluable evidence against the defendant and helped us
identify and prosecute other members of the drug ring.
Today, however, we might find that the defendant is using
one of the increasingly popular electronic organizers or personal
information manager software programs to keep his records instead
of a notebook. Or we might find that a swindler running a
telemarketing scam has his records on a computer instead of in
file cabinets. The switch from written to digital records does
not undermine law enforcement interests -- as long as the
defendant hasn't encrypted the data. But if strong encryption
becomes a standard feature, law enforcement will lose its ability
to obtain and use this evidence. In fact, commonly available
encryption products are already so strong that we cannot break
them.
The same problem exists with respect to other types of
criminals also. Ramzi Yousef, the mastermind of the World Trade
Center bombing, used a laptop computer. Pedophiles who exchange
child pornography via computer are already actively using
encryption. White collar criminals and economic spies often use
computers to steal our businesses' valuable intellectual
property. I can't emphasize too strongly the danger that
unbreakable, non-recoverable encryption poses: as we move
further into the digital age, as more and more data is stored
electronically rather than on paper, as very strong encryption
becomes built into more and more applications, and as it becomes
easier and easier to use this encryption as a matter of routine,
our national security and public safety will be endangered --
unless we act responsibly.
Some people have suggested that this is a mere resource
problem for law enforcement. They believe that law enforcement
agencies should simply focus their resources on cracking strong
encryption codes, using high-speed computers to try every
possible key when we need lawful access to the plaintext of data
or communications that is evidence of a crime. But that idea is
simply unworkable, because this kind of brute force decryption
takes too long to be useful to protect the public safety. For
example, decrypting one single message that had been encrypted
with a 56-bit key took 14,000 Pentium-level computers over four
months; obviously, these kinds of resources are not available to
the FBI, let alone the Jefferson City Police Department.
Moreover, it is far easier to extend key lengths than to increase
computer power. Indeed, 128-bit encryption is already becoming
commonplace. In this environment, no one has been able to
explain how brute force decryption will permit law enforcement to
fulfill its public safety responsibilities.
We believe that the most responsible solution is the
development and widespread use of encryption systems that,
through a variety of technologies, permit timely access to
plaintext by law enforcement authorities acting under lawful
authority. I will refer to these systems, collectively, as
plaintext recovery systems, although they can encompass a variety
of technical approaches. The concept of key recovery, where the
key to encryption is held by a trusted third party, is one such
approach, but it is by no means the only one that would meet law
enforcement's goals.
Some have suggested that law enforcement's access to the
plaintext of encrypted data and communications that is evidence
of a crime would violate constitutional rights. Although I will
discuss in a moment the constitutionality of a mandatory recovery
regime, let me begin by reiterating that no such mandatory regime
exists, nor does the Administration seek one. Rather, the
Administration's efforts have been to encourage the voluntary use
of data recovery products. In this context, there is no doubt
that the government's efforts are constitutional.
It is certainly difficult to understand how a voluntary
regime might violate the Fourth Amendment. As with any kind of
stored and transmitted data, it is axiomatic that the government
may obtain both encrypted text and decryption keys pursuant to
lawful process, which may include a wiretap order, a search
warrant issued upon probable cause, a subpoena, or the consent of
the party possessing the particular item. Each of these comports
with the Fourth Amendment, and voluntary data recovery products
do not change this analysis. Additionally, if an individual's
encryption key were stored with a third party, Congress could
require by legislation that, to compel production of the key, law
enforcement would have to meet a standard higher than that
required by the Fourth Amendment, much as the Electronic
Communications Privacy Act requires a court order to obtain
transactional data. If Congress were to address this issue, we
would be pleased to work with you to determine the appropriate
standard and mechanisms for obtaining keys.
The Committee has requested that I address the legal issues
that might be associated with a mandatory plaintext recovery
regime. Again, let me restate that the Administration does not
advocate such an approach, and believes that a voluntary solution
is preferable. Nonetheless, I am prepared to discuss
hypothetical legislation prohibiting the manufacture,
distribution and import of encryption products that do not
contain plaintext recovery technologies, so that the capability
to decrypt encrypted data and communications is available to law
enforcement upon presentation of valid legal authority.
In considering the Department's views on these issues, I
would urge you to keep several caveats in mind. First, the
constitutional issues that such a regime would present are
undoubtedly novel ones. Indeed, the spectacular growth of the
digital world has created many confounding legal issues that the
Congress, the courts, the Administration, and our society at
large are wrestling with. If history is any guide, changes in
technology can lead to changes in our understanding of applicable
constitutional doctrine. Moreover, these issues are particularly
difficult to address in the abstract, because mandatory plaintext
recovery could take a variety of forms. Nonetheless, and with
these caveats, it is the best judgment of the Department of
Justice that a mandatory plaintext recovery regime, if
appropriately structured, could comport with constitutional
doctrine.
Let me turn first to the Fourth Amendment. It should be
remembered at the outset that the Fourth Amendment does not
provide an absolute right of privacy, but protects reasonable
expectations of privacy by prohibiting unreasonable searches and
requiring that a warrant issue only upon a finding of probable
cause by a neutral and detached magistrate. A well-designed
plaintext recovery regime would ensure that users' reasonable
expectations of privacy were preserved. Any legislation in this
area, whether or not it imposed plaintext recovery requirements,
should not lessen the showing the government must make to obtain
access to plaintext. If a search warrant for data was required
before, it should be required under any new regime. By requiring
the government to meet current constitutional thresholds to
obtain plaintext, such a regime would, in our view, comply with
the Fourth Amendment. Moreover, Congress could require under
such a regime that even if law enforcement obtains a search
warrant for data or communications, it would need additional
authority, such as a court order, to obtain the key or other
information necessary to perform any decryption if the
information is encrypted.
Some have also argued that mandatory plaintext recovery
regime would violate the Fifth Amendment's prohibition against
compulsory self-incrimination. However, the Fifth Amendment
generally prohibits only disclosures that are compelled,
testimonial, and incriminating. If a manufacturer of an
encryption product were required to maintain information
sufficient to allow law enforcement access to plaintext, we
believe that there would be no violation of the Fifth Amendment
because no disclosure at all would be compelled from the user of
the encryption product. If, on the other hand, a mandatory
plaintext recovery regime required the user of an encryption
product to store his key (or other information needed for
recovery) with a third party in advance of using the product, we
do not believe that such an arguably compelled disclosure would
be testimonial as that term has been interpreted by the Supreme
Court. In Doe v. United States, 489 U.S. 201 (1988), the Court
held that an order compelling a person to execute a form
consenting to disclosure of foreign bank accounts did not violate
the Fifth Amendment because the form was not testimonial. The
compelled disclosure of decryption information to a third party
would not seem to be any more testimonial. Moreover, we doubt
whether such a disclosure would be incriminating, because unless
and until the encryption product is used in the commission of a
crime, the key would pose no threat of incrimination against the
user.
Finally, it has been suggested that a statutory restriction
on the manufacture, import, and distribution of certain types of
encryption products would violate the First Amendment.
Opponents of encryption restrictions sometimes argue that the
First Amendment protects the right of persons to speak in "code"
-- i.e., to speak in ciphertext -- and that a restriction on the
distribution of products that make a particular coded
communication possible would be analogous to placing a
restriction on the use of a foreign language. This First
Amendment argument rests on the faulty premise that the creation
or dissemination of ciphertext itself is constitutionally
protected. But, unlike a foreign language, the ciphertext that
is created by strong encryption products cannot be understood by
the viewer or listener. When it is heard, such as on a wiretap
of a telephone, ciphertext simply takes the form of
unintelligible static. In written form, ciphertext may be in the
form of letters, numerals and symbols, but no human being can
read or "understand" it: it does not contain characters or words
or symbols that represent or correspond to any other characters,
words or symbols. Accordingly, ciphertext is not like a foreign
language, the use of which can convey unique meaning and nuance
to the listener or reader. Thus, ciphertext itself -- as opposed
to the underlying plaintext -- has none of the properties of
protected "speech" that the Supreme Court has traditionally
identified, and, accordingly, the dissemination of ciphertext
should not be entitled to First Amendment protection.
A second form of First Amendment argument focuses not on the
ciphertext, but on the underlying plaintext. Under this theory,
a prohibition on the manufacture or distribution of
nonrecoverable encryption products would inhibit an alleged
constitutional right of persons to obscure their communications
in any manner they see fit. Even if legislation would impose
such a practical limitation on the manner in which speakers may
obscure their underlying communications, it could be drafted so
as to pass muster as a permissible time, place and manner
restriction -- particularly since any such restriction on the
"tools" of speech would be unrelated to any communicative impact
of the underlying plaintext and the controls would leave open
ample and robust alternative channels or methods for obscuring
the underlying plaintext.
A related argument is that a communications infrastructure
in which recoverable encryption is the de facto standard will
impermissibly chill a significant quantum of speech because
individuals' knowledge of law enforcement's ability to overhear
and decipher communications and data will unduly deter them from
communicating. But under such a system, the government would
have no greater access to the content of private parties'
communications than it currently has, and it is well-settled that
the government's exercise of its established statutory powers to
intercept and seize communications does not create such a
"chilling" effect on speech as to transgress the First Amendment,
so long as that power is exercised consistent with the Fourth
Amendment, and for valid reasons authorized by statute, such as
to discover evidence of criminal wrongdoing. See, e.g., United
States v. Ramsey, 503 F.2d 524, 526 n.5 (7th Cir. 1974) (Stevens,
J.) (rejecting argument that "the very existence of wiretapping
authority has a chilling effect on free speech and, therefore,
. . . violates the First Amendment"); accord United States v.
Moody, 977 F.2d 1425, 1432 (11th Cir. 1992).
A final type of First Amendment argument often heard is that
a restriction on the manufacture and distribution of certain
types of encryption products would impermissibly restrict the
ability of cryptographers, and others, to disseminate the
computer code that is used by computers to transform plaintext
into ciphertext. But that argument is based on the mistaken
premise that dissemination of the code embedded in encryption
products itself is necessarily a form of expression protected by
the First Amendment. Most such code is in the form of "object
code." Object code is simply an immense string of "0"s and "1"s,
representing a bewildering concatenation of thousands or millions
of high and low voltage electrical impulses. As such, machine-"readable" cryptographic object codes can reveal to possible
"readers" neither the ideas they embody, nor the manner in which
the ideas are expressed. And this is especially true where such
object code is embedded in a product such as a semiconductor
chip, so that even the "0"s and "1"s cannot be discerned.
Therefore, a restriction on the dissemination of encryption
products containing object code would not violate the First
Amendment.
The question would be somewhat more complicated with respect
to source code -- i.e., the instructions to the computer that
human beings write and revise. Some persons do disseminate
source code for communicative purposes. Nevertheless, we believe
that a restriction on the dissemination of certain encryption
products could be constitutional even as applied to those
relatively infrequent cases in which such products are in the
form of software that is disseminated for communicative reasons,
because such a restriction could satisfy the "intermediate"
scrutiny that the First Amendment provides for incidental
restrictions on communicative conduct. As we have argued in
litigation in the export-control context, such intermediate
scrutiny would be appropriate because the government's reason for
regulating source-code software would not be based on any
informational value that its dissemination might have. Instead,
regulation would be premised on the fact that such software --
like all of the "encryption products" that would be regulated --
has physical, functional properties that can cause a computer to
encrypt information and thereby place plaintext beyond the
technical capabilities of law enforcement to recover.
Once again, I would like to emphasize that I have presented
our constitutional analysis of a mandatory plaintext recovery
system to respond to the Committee's request for our views on the
legal issues associated with such systems. As I noted above,
this constitutional analysis would depend significantly on the
nature of the particular system Congress mandated and the
findings which supported it; our analysis is entirely generic.
Moreover, I would emphasize again here that it is not the policy
of the Administration to seek mandatory plaintext recovery
legislation; it is the Department of Justice's hope and
expectation that the dialogue with industry that I spoke of
earlier will yield outcomes that make sense from both a business
and a public policy perspective.
Those who argue against preserving lawful government access
to encrypted communications often say that the government should
bow to the inevitable and accept, even embrace, the spread of
unbreakable encryption, rather than trying to fight it. For
example, one of my colleagues recently met with a representative
of a large computer company which is critical of the
Administration's encryption policy. This industry representative
said that he recognized that encryption poses a problem for law
enforcement, but that we should recognize that other
technologies, such as cars, also create problems for law
enforcement, yet we have managed. He said, "We don't ban cars,
do we? Then why are you trying to ban encryption?"
Of course, I hope it is clear by now that the Government is
not trying to ban encryption. Law enforcement supports the
responsible spread of strong encryption. Use of strong
encryption will help deter crime and promote a safe national
information infrastructure.
But the more fundamental point raised by the analogy to the
rise of the automobile is that society "managed" the automobile,
not by letting it develop completely unfettered and without
regard to public safety concerns, but first by recognizing that
cars could cause substantial damage to the public safety, and
then by regulating the design, manufacture, and use of cars to
protect the public safety. Cars must be inspected for safety on
a regular basis. Cars are subject to minimum gasoline mileage
requirements and maximum pollutant emission requirements. Cars
built today must include seat belts and air bags. Perhaps most
closely analogous, the laws of every jurisdiction in the United
States closely regulate every aspect of driving cars on the
public streets and highways, from driver's licenses to regulation
of speed to direction and flow of traffic. Congress and the
state legislatures recognized the public safety and health
threats posed by the technology of automotive transportation,
even as they recognized the dramatic benefits of mobility,
productivity, and industrialization that the automobile brought
with it. Elected government representatives of the people have
consistently acknowledged and acted on their sworn
responsibilities by assessing the public safety issues at stake
and then regulating the technology accordingly.
Perhaps most relevant to the policy issues posed by
encryption is the practice, begun by most states about a hundred
years ago, of requiring cars to be registered and to bear license
plates. More recently, federal law has required all vehicles to
bear a vehicle identification number, or VIN. As you may recall,
it was the VIN in the Oklahoma City bombing case that led the FBI
to the truck rental office at which Timothy McVeigh rented the
truck he used. We now recognize that license plates and VIN's
afford victims of accidents, victims of car theft, and law
enforcement officials with an essential means of identifying
vehicles and obtaining information on the movements of criminals.
Just as legislatures in the early 1900's acted to manage the
risks posed by automotive technology, government leaders today,
as the 21st century approaches, must bring the same sensitivity
to the need to preserve and advance public safety in the face of
encryption in the information age. And such a regulatory scheme,
if constructed properly, will, like license plates, have benefits
for businesses and consumers as well.
Of course, no analogy is perfect. Computers are not cars,
and plaintext recovery is not a speed limit. But my broader
point is an important one. The Framers of our Constitution
determined that individuals would not have an absolute right of
privacy. The Constitution recognizes that there are certain
circumstances in which it is appropriate for law enforcement to
obtain information that the individual wants to keep private:
for example, when a judge finds probable cause to believe that
information is evidence of a crime. Decisions as to where that
line should be drawn are political and legal ones, not scientific
or business ones; they should be made by this Congress and the
courts, not by programmers or marketers. Policy should regulate
technology; technology should not regulate policy. Just as in
the first part of the twentieth century, the law had to take
account of the changes in society brought about by the
automobile, the law will have to take account of the changes
brought about by encryption.
We at the Department of Justice look forward to continuing
the productive discussions we have had with this Committee and
the Congress on encryption issues. We share the goal of arriving
at a policy and marketplace that appropriately balance the
competing public and private interests in the spread of strong
encryption.
I would be pleased to answer any questions you may have.