[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

key escrow arguments (fwd)

This is a very well-written article, so I am forwarding this to
[email protected] and [email protected] so everyone can see
it.  Apologies in advance to those seeing double or triple copying due
to the forwards.


 From: "David W. Crawford" <[email protected]>
 Subject: key escrow arguments (fwd)
 Forwarded message:
 From [email protected] Thu Sep 18 23:31:28 1997
 Date: Thu, 18 Sep 1997 17:39:21 -0700 (PDT)
 From: Phil Agre <[email protected]>
 To: [email protected]
 Subject: key escrow arguments
 Date: Thu, 18 Sep 1997 13:08:56 -0400
 From: Andrew Grosso <[email protected]>
 [Published last year in the Federal Bar Journal.]
 by Andrew Grosso
      (This article is a revised version of a talk given by the
 author at the 1996 RSA Data Security Conference, held in San
 Francisco, California.  Mr. Grosso is a former federal prosecutor
 who now has his own law practice in Washington, D.C.  His e-mail
 address is [email protected])
      I would like to start by telling a war story.  Some years ago,
 while I was an Assistant U.S. Attorney, I was asked to try a case
 which had been indicted by one of my colleagues.  For reasons
 which will become clear, I refer to this case as "the Dank case."
      The defendant was charged with carrying a shotgun.  This
 might not seem so serious, but the defendant had a prior record.  In
 fact, he had six prior convictions, three of which were considered
 violent felonies.  Because of that, this defendant was facing a
 mandatory fifteen years imprisonment, without parole.  Clearly, he
 needed an explanation for why he was found in a park at night
 carrying a shotgun.  He came up with one.
      The defendant claimed that another person, called "Dank,"
 forced him to carry the gun.  "Dank," it seems, came up to him in
 the park, put the shotgun in his hands, and then pulled out a
 handgun and put the handgun to the defendant's head.  "Dank" then
 forced the defendant to walk from one end of the park to other,
 carrying this shotgun.  When the police showed up, "Dank" ran
 away, leaving the defendant holding the bag, or, in this case, the
      The jurors chose not to believe the defendant's story,
 although they spent more time considering it than I would like to
 admit.  After the trial,  the defendant's story became known in my
 office as "the Dank defense."  As for  myself, I referred to it as "the
 devil made me do it."
      I tell you this story because it reminds me of the federal
 government's efforts to justify domestic control of encryption.
 Instead, of "Dank,"  it has become, "drug dealers made me do it;"
 or "terrorists made me do it;" or "crypto anarchists made me do it."
 There is as much of a rationale basis behind these claims as there
 was behind my defendant's story of "Dank."  Let us examine some
 of the arguments the government has advanced.
      It is said that wiretapping is indispensable to law
 enforcement.  This is not the case.  Many complex and difficult
 criminal investigations have been successfully concluded, and
 successfully argued to a jury, where no audio tapes existed of the
 defendants incriminating themselves.  Of those significant cases,
 cited by the government, where audio tapes have proved
 invaluable, such as in the John Gotti trial, the tapes have been
 made through means of electronic surveillance other than wire
 tapping, for example, through the use of consensual monitoring or
 room bugs.  The unfetted use of domestic encryption could have no
 effect on such surveillance.
      It is also said that wiretapping is necessary to prevent
 crimes.  This, also, is not the case.  In order to obtain a court order
 for a wire tap, the government must first possess probable cause
 that a crime is being planned or is in progress.  If the government
 has such probable cause concerning a crime yet in the planning
 stages, and has sufficient detail about the plan to tap an individual's
 telephone, then the government almost always has enough
 probable cause to prevent the crime from being committed.  The
 advantage which the government gains by use of a wiretap is the
 chance to obtain additional evidence which can later be used to
 convict the conspirators or perpetrators. Although such convictions
 are desirable, they must not be confused with the ability to prevent
 the crime.
      The value of mandating key escrow encryption is further
 eroded by the availability of super encryption, that is, using an
 additional encryption where the key is not available to the
 government.  True, the government's mandate would make such
 additional encryption illegal; however the deterrence effect of such
 legislation is dubious at best.  An individual planning a terrorist
 act, or engaging in significant drug importation, will be little
 deterred by prohibitions on the means for encoding his telephone
 conversations.  The result is that significant crimes will not be
 affected or discouraged.
      In a similar vein, the most recent estimates of the national
 cost for implementing the Digital Telephony law, which requires
 that commercial telecommunications companies wiretap our
 nation's communications network for the government's benefit, is
 approximately three billion dollars.  Three billion dollars will buy
 an enormous number of police man hours, officer training, and
 crime fighting equipment.  It is difficult to see that this amount of
 money, by being spent on wire tapping the nation,  is being spent
 most advantageously with regard to law enforcement's needs.
      Finally, the extent of the federal government's ability to
 legislate in this area is limited.  Legislation for the domestic
 control of encryption must be based upon the commerce clause of
 the U.S. Constitution.  That clause would not prohibit an individual
 in, say, the state of California from purchasing an encryption
 package manufactured in California, and using that package to
 encode data on the hard drive of his computer, also located in
 California.  It is highly questionable whether the commerce clause
 would prohibit the in-state use of an encryption package which had
 been obtained from out of state, where all the encryption in done
 in-state and the encrypted data is maintained in- state.  Such being
 the case, the value of domestic control of encryption to law
 enforcement is doubtful.
      Now let us turn to the disadvantages of domestic control of
 encryption.  Intentionally or not, such control would shift the
 balance which exists between the individual and the state.  The
 individual would no longer be free to conduct his personal life, or
 his business, free from the risk that the government may be
 watching every move.  More to the point, the individual would be
 told that he would no longer be allowed to even try to conduct his
 life in such a manner.  Under our constitution, it has never been the
 case that the state had the right to obtain evidence in a criminal
 investigation.  Rather, under our constitution, the state was given
 the right to attempt to obtain such evidence.  The distinction is
 crucial:  it is the difference between the operation of a free society,
 and the operation of a totalitarian state.
      Our constitution is based upon the concept of ordered
 liberty.  That is, there is a balance between law and order, on the
 one hand, and the liberty of the individual on the other.  This is
 clearly seen in our country's bill of rights, and the constitutional
 protections afforded our accused:  evidence improperly obtained is
 suppressed; there is a ban on the use of involuntary custodial
 interrogation, including torture, and any questioning of the accused
 without a lawyer; we require unanimous verdicts for convictions;
 and double jeopardy and bills of attainder are prohibited.  In other
 words, our system of government expressly tolerates a certain level
 of crime and disorder in order to preserve liberty and individuality.
 It is difficult to conceive that the same constitution which is
 prepared to let a guilty man go free, rather than admit an illegally
 seized murder weapon into evidence at trial, can be interpreted to
 permit whole scale, nationwide, mandatory surveillance of our
 nation's telecommunications system for law enforcement purposes.
 It is impossible that the philosophy upon which our system of
 government was founded could ever be construed to accept such a
      I began this talk with a war story, and I would like to end it
 with another war story.  While a law student, I had the opportunity
 to study in London for a year.  While there, I took one week, and
 spent it touring the old Soviet Union.  The official Soviet tour
 guide I was assigned was an intelligent woman.  As a former
 Olympic athlete, she had been permitted in the 1960's to travel to
 England to compete in international tennis matches.  At one point
 in my tour, she asked me why I was studying in London.  I told her
 that I wanted to learn what it was like to live outside of my own
 country, so I chose to study in a country where I would have little
 trouble with the language.  I noticed a strange expression on her
 face as I said this.  It was not until my tour was over and I looked
 back on that conversation that I realized why my answer had
 resulted in her having that strange look.  What I had said to her was
 that I had chosen to go to overseas to study; further, I had said that
 I had chosen where to go.  That I could make such decisions  was a
 right which she and the fellow citizens did not have.  Yes, she had
 visited England, but it was because her government chose her to
 go, and it was her government which decided where she should go.
 In her country, at that time, her people had order, but they had no
      In our country, the domestic control of encryption
 represents a shift in the balance of our liberties.  It is a shift not
 envisioned by our constitution.  If  ever to be taken, it must be
 based upon a better defense than what "Dank," or law enforcement,
 can provide.