Personal tools
denning.html
CFP'93 - To Tap or Not to Tap
by Dorothy E. Denning
Georgetown University
Computer Science Department
Washington DC 20057
202-687-5703
denning@cs.georgetown.edu
12/1/92
Copyright (c) 1992 Dorothy E. Denning
(This article was originally published in the March 1993 issue of Communications of the ACM, Vol. 36, No. 3, pg. 24)
Under current law in the U.S., the government is authorized to intercept the wire, electronic, or oral communications of a criminal subject upon obtaining a special court order which has been designed by Congress and approved by the Supreme Court. When served with a court order, service providers and operators are obligated under statute to assist in the execution of a court-authorized tap or microphone installation. To obtain this order, Congress and the Supreme Court have specified that law enforcement must demonstrate that there is probable cause to believe that the subject under investigation is committing some specific, serious felony and that communications concerning the offense will be obtained through the intercepts. Before issuing a court order, a judge must review a lengthy affidavit that sets forth all the evidence and agree with the assertions contained therein. The affidavit must also demonstrate that other investigative techniques have been tried without success, that they won't work, or that they would be too dangerous. In the decade from 1982-1991, state and federal agencies conducted 7,467 taps, which have thus far led to 19,259 convictions. Convictions resulting from interceptions conducted in the last few years are still accumulating, as trials regarding those subjects are held.
The ability of law enforcement to draw upon this investigative tool is now at risk. Methods that have been used to intercept analogue voice communications carried over copper wires do not work with many of the new digital-based technologies and services such as ISDN (Integrated Services Digital Network), fiber optic transmissions, and the increasing number of mobile telecommunication networks and architectures. Although it is technically feasible to intercept digital communications, not all systems have been designed or equipped to meet the intercept requirements of law enforcement. According to the FBI, numerous court orders have not been sought, executed, or fully carried out because of technological problems. To address these problems, the Department of Justice is seeking Digital Telephony legislation that would require the service providers and operators to meet their statutory assistance requirements by maintaining the capability to intercept particular communications so as to permit law enforcement to perform its monitoring function at a remote government monitoring facility in real time.
The proposed legislation has stimulated a lively debate. Much of the debate has focused on concerns that the proposal, if enacted, could hold back technology, jeopardize security and privacy, make U.S. products non-competitive, burden the country with unjustifiable and unnecessary costs, and ultimately fail to meet the stated objectives if criminals encrypt their communications.
This article presents the case for the proposed Digital Telephony legislation and responds to the above concerns. Although the Digital Telephony proposal does not address encryption, the possibility of regulating cryptography will be discussed following the section on the proposed legislation.
THE DIGITAL TELEPHONY PROPOSAL
To ensure law enforcement's continued ability to conduct court-authorized taps, the Administration, at the request of the Department of Justice and the FBI, proposed Digital Telephony legislation11. The version submitted to Congress in September 1992 would require providers of electronic communications services and private branch exchange (PBX) operators to ensure that the government's ability to lawfully intercept communications is not curtailed or prevented entirely by the introduction of advanced technology. Service providers would be responsible for providing the government, in real time, the communication signals of the individual(s) named in a court order such that the signals could be transferred to a remote government monitoring facility, without detection by the subject, and without degradation of service. Providers of services within the public switched network would be given 18 months to comply and PBX operators 3 years. The Attorney General would have the authority to grant exceptions and waivers and seek civil penalties and injunctive relief to enforce the provisions. A fine of up to $10,000 a day could be levied for non-compliance. Government systems would be exempt on the grounds that law enforcement has the necessary cooperation to access the premises. The proposal is strongly supported as a critical public safety measure by state and local law enforcement (who conduct the majority of wiretaps), the National Association of Attorney Generals, the National Association of District Attorneys, and numerous law enforcement associations.
Although the proposed legislation does not expand the authority of the government to lawfully acquire the contents of communications, it arguably places greater constraints and demands on service providers and operators. The current law (Title 18, United States Code, Section 2518(4)) states that service providers are required to furnish the responsible law enforcement official with all information, facilities, and technical assistance necessary to perform the intercept unobtrusively and with a minimum of interference. It does not say explicitly that the providers must build and use systems that ensure timely interception is possible. This is not surprising since the emerging technological advances and attendant difficulties would not have been anticipated in 1968 when the legislation was enacted, but it leaves open to interpretation the meaning of the word "assist" and the exact requirements placed on service providers and operators in today's digital world.
When the FBI first encountered the intercept problems, they attempted to educate the telecommunications industry concerning the problems. They sought voluntary cooperation and a commitment to address the problems. But after meeting with industry officials for more than two years, they concluded that industry was not committed to resolving the problems without a mandate and that legislation was necessary to clarify the responsibilities of service providers and operators, to ensure that all providers and operators comply, and to provide a mechanism whereby industry could justify the development costs. Legislation would ensure that all service providers remain on the same competitive "level playing field."
The proposed Digital Telephony legislation was not introduced in the last (1992) session of Congress because time ran out. Meanwhile, the FBI is continuing its discussions with industry through two technical committees, one with representatives from the telecommunications industry, the other with representatives from the computer industry, and many companies are working hard to meet law enforcement's needs.
The next subsections address major concerns that have been expressed by some computer scientists, civil libertarians, and people in the telecommunications industry. Many of these concerns are articulated in a white paper 2 issued by the Electronic Frontier Foundation (EFF) on behalf of an ad- hoc coalition of representatives from industry and public interest groups, including AT&T, IBM, and ACLU.
Technology Advancement
Concern 1. The proposal would hold back technology and stymie innovation.
Some people are concerned that requiring technology modifications to support taps would prevent full use of new technologies. Janlori Goldman of the ACLU has called this a "dumbing down" and stated that "if the government wants to engage in surveillance, it must bear the burden of keeping pace with new developments"3.
I see no technological reason why any of the new technologies, including digital technologies, cannot support an intercept capability. In many cases the intercept capability would likely parallel or draw upon the maintenance and security features used by the telephone companies to ensure their systems are functioning properly and are not abused. At the very least, the intercept capability can be programmed into the switches where the bit stream for a connection must be isolated anyway so that it can be routed to its correct destination (for interception, a duplicate copy of the bit stream can be routed to a remote government monitoring facility). But whereas this modification would be relatively straightforward for the service providers to make, it would be impossible for the government to do on their own since they lack access to the switches. Also, because of the complexities of switches and switch software, the government has no desire to engage in self help and interject itself into the arena of networks or central office switching and thereby perhaps inadvertently disrupt service on a widespread basis.
Another reason for not asking the government to implement their own surveillance mechanisms is that the providers can do so surgically, and hence less intrusively. For example, where ISDN or bundled fibre optic transmissions are involved, service providers can isolate an individual communications channel, whereas the government might have to intercept everything travelling over a line or link supporting simultaneous transmission of multiple, commingled communications in order to extract the desired channel. The FBI has stated that law enforcement does not want access to the communications of anyone outside the ambit of the court order.
In short, the Digital Telephony proposal would not require the communications industry to "dumb down" technology; rather, it would require industry to use technology to make networks "smarter."
Security and Privacy
Concern 2. Providing an intercept capability would jeopardize security and privacy, first because the remote monitoring capability would make the systems vulnerable to attack, and second because the intercept capability itself would introduce a new vulnerability into the systems.
The first part of this concern relating to the remote monitoring capability seems to have arisen from a misinterpretation of the requirement for remote monitoring. Sec. 2. (1) of the proposed bill states that "Providers of electronic communication services and private branch exchange operators shall provide ... the capacity for the government to intercept wire and electronic communications when authorized by law: ... (4) at a government monitoring facility remote from the target facility and remote from the system of the electronic communication services provider or private branch exchange operator." Some people have mistakenly interpreted this as a requirement for law enforcement to be able to electronically, and independently, enter a computer switch from a remote location to initiate a tap. If this were the case, then an unauthorized person might be able to come in through the connection and tap into a line. The FBI has made it clear, however, that they are not asking for the capability to initiate taps in this fashion, but rather for a tap initiated by the service provider to be routed to a pre- defined remote location over a leased line. In the specification of the requirements for the government monitoring facility, the proposal states: "Normally, the government leases a line from the electronic communication services provider's or private branch exchange operator's switch to another location owned or operated by the government. ... The legislation does not establish any independent 'dial-up' authority by which criminal law enforcement agencies could effectuate interceptions without the affirmative assistance of the providers or operators. The providers and operators will continue to make the necessary interconnections or issue the necessary switch program instructions to effectuate an interception." Indeed, the requirement set forth in the legislation memorializes longstanding practice and procedure. Since the connection to a remote government monitoring facility would support an outgoing data stream only, it could not be used to break into a switch and, therefore, does not impose any new or additional danger to the security of the systems and the privacy of the people who rely on them for their communications.
This misinterpretation of the remote monitoring requirement also led to a concern that law enforcement would abuse the wiretapping capability and surreptitiously perform unauthorized taps. Because the only people who would have access to the systems for activating a tap would be employees of the service providers, who have been strict about requiring court orders, the possibility of law enforcement performing unauthorized taps seems even less likely than with present technology.
The second part of the concern, that the intercept capability itself could introduce a new vulnerability, is at least potentially more serious. If the intercept capability is programmed into the switches and an unauthorized person can break into a switch, then that person might be able to eavesdrop on a line or find out if a particular line is being tapped. Indeed, "hackers" have broken into poorly protected computer switches and eavesdropped on lines. But the switches can and must be designed and operated to prevent such breakins independent of any intercept capabilities. Security is essential not only to protect against unlawful eavesdropping but to ensure reliable service and protect against other types of abuses. The Administration, the Department of Justice, and the FBI all are strong advocates for security in telecommunications networks.
To protect against possible abuses by employees of the service providers, access to the software for activating an intercept should be minimized and well-protected through appropriate authentication mechanisms and access controls. The intercept control software might be left off the system and installed in an isolated partition only when needed prior to executing an authorized tap. With newer, advanced technology and proper overall security measures, it should be possible to provide greater protection against abuse than is presently provided.
Competitiveness
Concern 3. Implementing the intercept requirements could harm the competitiveness of U.S. products in the global market.
This concern, which arose in conjunction with the preceding concerns about holding back technology and security, is based on an assumption that it would take U.S. companies longer to bring their products to market, and other countries would not want to buy products that increased the vulnerability of their systems. However, because the products can be designed to operate with a high level of security and because other governments (many of which run or oversee their nation's telecommunications networks) might desire similar features in their telecommunications systems, the Digital Telephony proposal would be competition neutral. In fact, several other countries have expressed an interest in obtaining such products. U.S. companies could have a competitive advantage if they take the lead now, and indeed might be at a disadvantage if they fail to act and companies outside the U.S. do. Under the proposed legislation, foreign communications companies would have to comply with the U.S. law and standards if they seek to provide service in the U.S., thereby preventing any unfair competition in this country.
Cost and Benefits
Concern 4. The cost could be enormous and is not obviously justifiable by the perceived benefits.
The cost of compliance is a major concern. The existing law states that the service providers and operators shall be compensated for "expenses" incurred in assisting with a tap. The proposed law leaves open who would bear the capital expenses of modifications and engineering costs required to maintain the intercept capability.
The FBI, in consultation with industry, has estimated the cumulative costs for a switched-based software solution to be in the range $150-$250 million, and the maximum development costs to be $300 million or approximately 1.5% of the telecommunications industry's yearly acquisition budget of $22 billion11. However, these costs are highly speculative and actual costs could be considerably lower if the service providers pursue a combination non-switch/switch-based solution. In addition, whatever the costs, they likely would be amortized over several years. Some people have suggested that the government should pay the costs, but a privately funded approach is more likely to encourage market forces to bring forth the most cost-effective solutions. In either case, this is a societal cost that will be paid for one way or the other by the citizenry to ensure effective law enforcement and the public safety.
The benefits that derive from the use of electronic surveillance are difficult to quantify. Because wiretapping has been used infrequently (less than 1000 taps per year), some people have argued that it is not essential that the crimes could be solved by other means that would be less costly. But by law, wiretapping can only be used when normal investigative procedures have been tried and have failed or when they appear unlikely to succeed or too dangerous. Also, according to the FBI, many serous crimes can only be solved or prevented by electronic surveillance.
According to the FBI, electronic surveillance has been essential in preventing serious and often violent criminal activities including Organized Crime, drug trafficking, extortion, terrorism, kidnaping, and murder. While the benefits to society of preventing such crimes and saving human lives are incalculable, the economic benefits alone are estimated to be billions of dollars per year11. During the period 1985-1991, court-ordered electronic surveillance conducted just by the FBI led to 7,324 convictions, almost $300 million in fines being levied, over $750 million in recoveries, restitutions, and court-ordered forfeitures, and close to $2 billion in prevented potential economic loss. Since the FBI conducts fewer than one-third of all intercepts, the total benefits derived from electronic surveillance by all law enforcement agencies is considerably higher.
One area where electronic surveillance has played a major role is in combatting Organized Crime. In 1986, the President's Commission on Organized Crime estimated that organized crime reduces the output of the U.S. economy by $18.2 billion a year (1986 dollars), costs workers 414,000 jobs, raises consumer prices by 0.3%, and lowers per capita personal income by $77.22 (1986 dollars)6. Although the impact of law enforcement's successful investigations of Organized Crime on these losses has not been thoroughly studied, in 1988, David Williams of the Office of Special Investigations, General Accounting Office, testified before U.S. Senate hearings on organized crime that "Evidence gathered through electronic surveillance... has had a devastating impact on organized crime." According to the FBI, the hierarchy of Organized Crime has been neutralized or destabilized through the use of electronic surveillance, and thirty odd years of successes would be reversed if the ability to conduct court-authorized electronic surveillance was lost.
Almost two thirds of all court orders for electronic surveillance are used to fight the war on drugs, and electronic surveillance has been critical in identifying and then dismantling major drug trafficking organizations. Although the benefits of these operations are difficult to quantify, their impact on the economy and people's lives is potentially enormous. In 1988, the Public Health Service estimated the health, labor, and crime costs of drug abuse at $58.3 billion7. The FBI estimates that the war on drugs and its continuing legacy of violent street crime in the form of near daily drive-by murders would be substantially, if not totally, lost if law enforcement were to lose its capability for electronic surveillance.
Electronic surveillance has been used to investigate aggravated governmental fraud and corruption. A recent military-procurement fraud case ("Ill-Wind") involving persons in the Department of Defense and defense contractors has so far led to 59 convictions and nearly $250 million in fines, restitutions, and recoveries ordered.
The use of electronic surveillance has successfully prevented several terrorist attacks, including the bombing of a foreign consulate in the U.S., a rocket attack against a U.S. ally, and the acquisition of a surface-to-air missile that was to be used in an act that likely would have led to numerous deaths. By intercepting voice, fax, and communications on a local bulletin board system, the FBI prevented the proposed kidnaping and murder of young child for the purpose of making a "snuff murder" film. Wiretapping also has been used to obtain evidence against "hackers" who broke into computer systems. This case illustrates how wiretapping, which is popularly regarded as an anti-privacy tool, actually helps protect the privacy and proprietary interests of law-abiding citizens by helping to convict those who violate those interests.
Aside from preventing and solving serious crime, wiretapping yields evidence that is considerably more reliable than that obtained by many other methods such as informants, and is less dangerous for law enforcement officials than breaking and entering to install bugs in homes or offices. It is critical in those situations where the crime leaders are not present at the places where the illegal transactions take place, as is the case with major drug cartels directed by distant drug chieftains.
The societal and economic benefits of authorized electronic surveillance will increase as telecommunication services and facilities continue to expand and electronic commerce comes into widespread use, bringing with it more possibilities for fraud and other types of crimes.
Some people are troubled that the citizens would have to pay for the wiretapping capability, possibly through their phone bills. In an open letter to several Congressional committees, Joseph Truitt wrote: "What an insult to be forced to pay for the privilege of being tapped!"9. However, through tax revenues and telephone company security office budgets, law enforcement has always been able to carry out investigations and conduct electronic surveillance, and unless a person is subject of a court order, that person will not be paying to be intercepted. As citizens, we have always paid for law enforcement, knowing fully well that it will be used against us if we ever engage in criminal activities. This is one of the costs of protecting society from people who do not respect the laws. One could equally say: "What an insult to be forced to pay for the privilege of being arrested!"
Compliance
Concern 5. It is unclear who must comply with the proposed legislation and what compliance means.
The EFF expressed a concern that the proposal was overly broad, covering "just about everyone" including businesses, universities, and other organizations owning local and wide area networks; providers of electronic mail and information services such as Prodigy and Compuserve; operators of networks such as the Internet; and owners of computer bulletin boards2. They raised questions about the conditions under which exemptions might be granted and the requirements for compliance. An earlier report published by the General Accounting Office10 also asked for greater clarity about what is meant by full compliance, for example, response time for executing a court order.
In response, the FBI points out that the existing legislation already imposes an assistance obligation upon electronic communication service providers which includes all of the foregoing named service entities, and that the reason the requirements are stated in generic terms is because historically these have sufficed and law enforcement's requirements, including those for a timely response, have been met. With respect to exemptions, the proposed legislation states that the Attorney General may grant exemptions for whole classes of systems where no serious criminal activity is likely to take place, for example, hospital telephone systems, and grant waivers for providers and operators who cannot comply or need additional time. The FBI has also indicated that interceptions would normally be sought at a point close to the target, such that intra-network interceptions would be very infrequent generally, and that information networks such as Compuserve and Prodigy would likely be considered for exemption. Although the proposed legislation allows for stiff fines, the legislative history background materials state that "this provision is not expected to be used."
CRYPTOGRAPHY
It is now possible to purchase at reasonable cost a telephone security device that encrypts communications and to acquire software that encrypts data transmitted over computer networks. Even if law enforcement retains its capability to intercept communications, this capability ultimately could be diminished if criminals begin to hide their communications through encryption and law enforcement is unable to obtain access to the "plaintext" or unscrambled communications. If encryption becomes cheap and ubiquitous, this could pose a serious threat to effective law enforcement and hence to the public's safety.
The Digital Telephony proposal does not address encryption, leaving open the question of how best to deal with it. Currently, the use of cryptography in this country is unregulated, though export of the technology is regulated. Cryptography is regulated in some of the major European countries.
This section explores the possibility of regulating cryptography use. For an introduction to cryptography and the methods referenced here, see for example, my book1.
Possible Approaches
In order to assess whether cryptography can or should be regulated, we need some idea of how it might be done. Our knowledge of available options is quite limited, however, since the possibility of regulating cryptography in the U.S. has thus far received little public discussion. The following three possibilities are offered as a starting point for discussion:
- Weak cryptography
- Escrowed private keys
- Direct access to session keys
Weak Cryptography
This approach would require that cryptographic systems be sufficiently weak that the government could break them, preferably in real time since timeliness is crucial for preventing many crimes such as murder and terrorist attacks. While weak cryptography would offer adequate protection against most eavesdropping when the consequences of disclosure are not particularly damaging, it could be unacceptable in many contexts such as protecting corporate communications that are seriously threatened by industrial espionage.
It is worth noting, however, that the general migration from analog to digital communications itself provides a high level of protection in the area of telecommunications, since such communications are only understandable with the aid of very sophisticated technology unlike the relative ease with which eavesdroppers can understand analog intercepts. Thus, it is not obvious that most individuals and organizations would either need or demand strong encryption, especially since most do not use any form of encryption at present. However, history shows that methods which are secure today may be blown apart tomorrow, so this may not be a dependable long-term solution.
Escrowed Private Keys
Ron Rivest has proposed using high-security encryption with "escrowed secret keys"8. Each user would be required to register his or her secret key with an independent trustee, and cryptographic products would be designed to operate only with keys that are certified as being properly escrowed. The trustee could be some neutral entity such as the U.S. Postal Service, a bank, or the clerks of the Federal Courts. It would be extremely difficult to subvert the system since someone would need the cooperation of the telecommunications provider (to get the communication stream) and the trustee (to get the key), both of which would require a court order.
Additional protection can be obtained by distributing the power of the trustee. For example, two trustees could be used, and the keys could be stored with the first trustee encrypted under a key known only to the second. Alternatively, using Silvio Micali's "fair public-key cryptography," each user's private key could be split into, say, five pieces, and each piece given to a different trustee4. The splitting is done in such a way that all five pieces are required to reconstruct the original key, but each one can be independently verified, and the set of five can be verified as a whole without putting them all together.
In order to implement an approach based on escrowed keys, methods would be needed for registering and changing keys that belong to individuals and organizations and for gaining access to the transient "session keys" that are used to encrypt actual communications. Key registration might be incorporated into the sale and licensing of cryptographic products. To facilitate law enforcement's access to session keys, the protocols used to distribute or negotiate session keys during the start of a communications could be standardized. Once law enforcement has acquired the private keys on a given line, they would then be able to acquire the session keys by intercepting the key initialization protocol.
One drawback to this approach is the overhead and bureaucracy associated with key registration. Another is that it is limited to cryptographic systems that require more-or-less permanent private keys. Although some such as the RSA public-key cryptosystem fit this description, others do not.
Direct Access to Session Keys
Ultimately a session key is needed to decrypt a communications stream, and this approach would give the service provider direct access to the session key when an intercept has been established in response to a court order. The service provider can then make the session key available to law enforcement along with the communications stream.
One way of making the session key available to the provider is for the provider to participate in the protocol used to set up the key. For example, the following three-way extension of the Diffie- Hellman public-key distribution protocol could be used to establish a session key that would be known only to the two communicants and the service provider: Each party independently generates a random exponent x and computes y = g^x mod p for a given g and prime p. All three parties then pass their value of y to the right (imagine they are in a circle). Next, using the received value of y, they compute z = y^x mod p and pass it to the right. Finally, using the received value of z, they compute the shared session key k = z^x mod p, which will be the value g raised to all three exponents. An eavesdropper, who sees only the values of y and z, cannot compute k because he or she will lack the requisite exponent.
If a court order has been issued and an intercept activated, the component or module operating on behalf of the service provider would pass the key on to the remote government monitoring facility before destroying it. Obviously, this component would have to be designed with great care in order to make sure that keys are not improperly disclosed and that they are immediately destroyed when no intercept has been activated.
This approach has the advantage over the preceding ones of allowing the use of a strong cryptosystem while not requiring the use and registration of permanent keys. It has the disadvantage of requiring the service provider to be brought into the loop during the key negotiation protocol, which might also be difficult or costly to implement.
The cost of regulating the use of cryptography following either of these last two approaches is unknown. A feasibility study would be needed to examine the requirements in greater detail and estimate the costs.
Protecting Privacy and Proprietary Interests
The last two approaches suggest that it is possible to regulate cryptography without compromising the privacy and proprietary interests of the citizens. Some people have argued, however, that the citizens have a right to absolute communications secrecy from everyone, including the government, under all circumstances, and that requiring people to make the plaintext of their encrypted communications available to the government directly or indirectly would be tantamount to forbidding them from having a private conversation in a secret place or using an obscure foreign language, or to making them carry a microphone. These absolutist positions, however, contort the concept of privacy and do not represent valid analogies.
Our laws, as embodied in the Constitution and Bill of Rights, common law, tort law, and legislation, reflect a "social contract" that strikes a balance between our rights to privacy and to an orderly society. This contract does not grant us absolute privacy in all areas. For example, whereas we are protected against unreasonable searches and seizures by the Fourth Amendment, we are not immune from searches and seizures when there is probable cause we have committed a crime and a judge has issued a warrant. When Congress enacted wiretapping legislation and the Supreme Court ruled that wiretapping with a warrant was permitted, law enforcement was empowered to intercept communications, whether they were encrypted or not. Now that encryption is becoming an issue, it would seem appropriate for Congress to set an encryption policy.
Viewed narrowly, cryptography offers the possibility for absolute communications protection or privacy that is not available to us in any other area of our lives. Our physical beings are constantly at risk, and our premises, cars, safes, and lockers can be illegally broken into or lawfully searched. We live with this risk and indeed benefit from it whenever we lock ourselves out of our homes, cars, and so forth. It is unclear that we need an absolute level of protection or privacy for our communications that surpasses that in every other areas of our lives. Indeed, our speech in many regards and areas is already subject to balanced regulation (e.g., slander, libel, obscenity, falsely yelling "fire" in a theater).
Although illegal eavesdropping poses a threat to corporate security, the communications network is not the weak link. Employees and former employees have posed a bigger threat. If companies themselves do not regulate cryptography, their employees would have a means of transmitting company secrets outside the company with impunity and without detection. The military-procurement fraud case mentioned earlier was solved only because law enforcement was able to tap the communications of a Pentagon employee. Thus, corporate security is not necessarily best served by an encryption system that offers absolute secrecy to its employees.
Competitiveness
Some people have argued that regulating cryptography in this country would harm the competitiveness of U.S. products overseas. No other country would want to buy products based on weak encryption algorithms or with built-in mechanisms for registering private keys or making session keys available to the service providers.
Like the basic intercept capability issue, it is not only conceivable but likely that other countries will be interested in products that allow their governments to decrypt communications when authorized by law. Foreign governments, for example, would be loathe to see terrorists operate and communicate in their country with impunity behind the shield of absolutely secure cryptographic devices. U.S. companies could take the lead in developing products that meet the security needs of customers and the legitimate needs of law enforcement and governments abroad.
Enforcing Cryptography Regulation
Many people have voiced a concern that criminals would violate cryptography regulations and use cryptosystems that the government could not decrypt, thereby also obtaining an absolute privacy beyond that of law-abiding citizens. This is typically expressed as "if encryption is outlawed, only outlaws will have encryption." Because products are being designed, sold, and given away in the absence of any regulation, this outcome is indeed possible.
Cryptography can be embedded in a device such as a "secure phone" or security device attached to a standard phone that encrypts communications transmitted between phones (or fax machines), or it can be embedded in software packages or modules that run on computers and encrypt the communications transmitted over computer networks. It seems easier to regulate and control telephone encryption devices than software. For example, if an approach based on escrowed keys is adopted, then the keys that are embedded in the products could be given to one or more trustees at the time of sale, and the products could be designed so that the keys could not be changed without bringing the product in for service or negotiating a new key with a trustee online. Similarly, if an approach based on direct access to session keys is adopted, a suitable key negotiation protocol could be built into the products. Although criminals could develop their own non-compliant products, it is likely that most criminals would use commercial off-the-shelf products rather than developing their own.
Software encryption, performed on personal computers or servers, could be much more difficult to regulate, especially since strong cryptographic methods have been distributed through networks such as the Internet and cryptographic algorithms can be implemented by any competent programmer. But enforcing cryptography regulations on software may be less critical for law enforcement since electronic surveillance has typically focused on telephone calls or conversations. Thus, it would be a mistake to make the difficulty of controlling software encryption an excuse for not regulating cryptography.
Although it would be practically impossible to prevent the use of non-compliant products, the work factor required to acquire and use these products may be sufficiently high to deter their use. But even if they are used, if there is probable cause that a person is involved with some serious crime and a warrant is issued for that person's communications, then legislation could also provide grounds for arresting that person if he or she violated the laws governing cryptography as a separate offense. However, it would be important to not lose sight of the purpose of cryptography regulation and to not expend resources enforcing it for its own sake.
If private encryption is allowed to proceed without some reasonable accommodation, it will logically lead to situations where someone is arrested outright when probable cause for a criminal act is demonstrated. This could lead to premature cessation of investigations where critical evidence would not be obtained.
CONCLUSIONS
Granger Morgan has observed that the controversy over the proposed Digital Telephony legislation is symbolic of a broader set of conflicts arising from several competing national interests: individual privacy, security for organizations, effective domestic law enforcement, effective international intelligence gathering, and secure world-wide reliable communications5. Because the balance between these becomes hard wired into the design of our telecommunications system, it is difficult to adjust the balance in response to changing world conditions and changing values. Technology has been drifting in a direction that could shift the balance away from effective law enforcement and intelligence gathering toward absolute individual privacy and corporate security. Since the consequences of doing so would pose a serious threat to society, I am not content to let this happen without careful consideration and public discussion.
With respect to wiretapping, we can take the steps necessary to ensure law enforcement's continued ability to intercept and interpret electronic communications when authorized by court order, or let this capability gradually fade away as new technologies are deployed and cryptographic products become widely available. The consequence of this choice will affect our personal safety, our right to live in a society where lawlessness is not tolerated, and the ability of law enforcement to prevent serious and often violent criminal activity.
While the societal and economic benefits that would come from the proposed Digital Telephony legislation are difficult to quantify, the economic benefits of maintaining effective law enforcement through its capability of conducting authorized intercepts are estimated to be in the billions and many lives would likely be saved. These benefits are likely to increase with the growth in telecommunications. By comparison, the cumulative costs of complying with the proposed Digital Telephony legislation are roughly estimated to be in the range $150-250 million. Although the benefits might not be fully realized if the intercept capability would, as has been suggested, thwart technological progress, compromise security and privacy, or harm competitiveness, these are unlikely outcomes as discussed in the preceding sections. Indeed, effective law enforcement is crucial for protecting the privacy of law abiding citizens and the business interests of companies.
If we fail to enact legislation that will ensure a continued capability for court-ordered electronic surveillance, we cannot be guaranteed that all service providers will provide this capability voluntarily. Systems fielded without an adequate provision for court-ordered intercepts would become sanctuaries for criminality wherein Organized Crime leaders, drug dealers, terrorists, and other criminals could conspire and act with impunity. Eventually, we could find ourselves with an increase in major crimes against society, a greatly diminished capacity to fight them, and no timely solution.
Less is known about the implications of regulating cryptography since no specific legislative or other proposal has been seriously considered. Although government regulation of cryptography may be somewhat cumbersome and subject to evasion, we should give it full consideration. Regulated encryption would provide considerably greater security and privacy than no encryption, which has been the norm for most personal and corporate communications. We must balance our competing interests in a way that ensures effective law enforcement and intelligence gathering, while protecting individual privacy and corporate security.
ACKNOWLEDGEMENTS
I am deeply grateful to the following people for providing constructive comments on earlier versions of this article, for helpful discussions, and for their willingness to debate those points they disagreed with: William A. Bayse, Kier Boyd, Julia Dederer, Peter Denning, Jack Edwards, Carl Ellison, Mike Godwin, Lance Hoffman, Phil Karn, Bruce Koball, Steve Lipner, Alan McDonald, Donn Parker, Ron Rivest, Marc Rotenberg, Jeff Smith, James Sylvester, and Willis Ware.
REFERENCES
1. Denning, Dorothy E., Cryptography and Data Security, Addison-Wesley,
1982.
2. Electronic Frontier Foundation, "Analysis of the FBI Proposal Regarding
Digital Telephony," Sept. 17, 1992.
3. Goldman, Janlori, "Why Cater to Luddites," The Washington Times, May 24,
1992.
4. Micali, Silvio, "Fair Public-Key Cryptosystems," Laboratory for Computer
Science, MIT, August 21, 1992.
5. Morgan, M. Granger, "Viewpoint," The Institute, IEEE, Nov. 1992.
6. President's Commision on Organized Crime, "The Impact: Organized Crime
Today," 1986.
7. Rice, D. et al., "The Economic Cost of Alcohol and Drug Abuse and Mental
Illness: 1985," U.S. Dept. of Health and Human Services, Table 1, page 2, 1990.
8. Rivest, Ronald L., "Response to NIST's Proposal," Comm. ACM, Vol. 35,
No. 7, July 1992, pp. 41-47.
9. Truitt, Joseph, Open letter of Sept. 17, 1992 to congress protesting
proposed FBI Digital Telephony bill, Computer Privacy Digest, Vol. 1, Issue
081, Sept. 23, 1992.
10. United States General Accounting Office, "FBI Advanced Communications
Technologies Pose Wiretapping Challenges," Briefing Report to the Chairman,
Subcommittee on Telecommunications and Finance, Committee on Energy and
Commerce, House of Representatives, GAO/IMTEC-92-68BR, July 1992.
11. United States Department of Justice, Federal Bureau of Investigation,
"Digital Telephony," 1992.
 Return to CPSR conferences page. |
 Return to the CPSR home page. |
 Send mail to webmaster. |
Created before October 2004
Member login
Not a member yet?