EFF comments to the NIST CSSPAB

[Dave Farber <farber () central cis upenn edu>]

May 27, 1993


Before the 

COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD  20899



COMMENTS OF THE ELECTRONIC FRONTIER FOUNDATION

Regarding 

Key Escrow Chip Cryptographic Technology and Government Cryptographic
Policies and Regulations


        The Electronic Frontier Foundation (EFF) commends the Computer
System Security and Privacy Advisory Board for offering the public the
opportunity to comment on developments in cryptography and communications
privacy policy.  Recent Administration proposals, including use of the
Clipper Chip and establishment of a government-controlled key escrow
system, raise questions that cut to the core of privacy protection in the
age of digital communication technology.  The questions noted by the
Advisory Board in its Notice of Open Meeting (58 FR 28855) reflect a broad
range of concerns, from civil liberties to global competitiveness.  The
Digital Privacy and Security Working Group -- a cooperative effort of civil
liberties organizations and corporate users and developers of communication
technology which is chaired by the EFF -- has also submitted over one
hundred questions to the Administration.  (These questions are being
submitted to the Advisory Board under separate cover on behalf of the
Working Group.)  That there are so many questions demonstrates the need for
a comprehensive review of cryptography and privacy policy.  

        We are encouraged that the Administration has expressed a
willingness to undertake such a review.  However, it has become clear that
plans for rapid introduction of the Clipper Chip could unacceptably distort
this important policy review.  The Administration has made no secret of the
fact that it hopes to use government purchasing power to promote Clipper as
a de facto standard for encryption.  With Clipper on the market, the policy
process will be biased toward a long-term solution such as Clipper with key
escrow.  Moreover, the rush to introduce Clipper is already forcing a hasty
policy review which may fail to provide adequate public dialogue on the
fundamental privacy questions which must be resolved to reach a
satisfactory cryptography policy.  Based on the depth and complexity of
questions raised by this review, EFF believes that no solution, with
Clipper Chip or otherwise, should be adopted by the government until the
comprehensive cryptography review initiated by the Administration is
complete.

        EFF is a nonprofit, public interest organization whose public
policy mission is to insure that the new electronic highways emerging from
the convergence of telephone, cable, broadcast, and other communications
technologies enhance free speech and privacy rights, and are open and
accessible to all segments of society.  

        In these comments, we will elaborate on questions 1, 2, and 3
listed in the Advisory Board's Notice.  We offer these comments primarily
to raise additional questions that must be answered during the course of
the Administration's policy review.


A.  WILL PARTICULAR ENCRYPTION TECHNOLOGIES BE MANDATED OR PROSCRIBED?: A
THRESHOLD QUESTION

        Unraveling the current encryption policy tangle must begin with one
threshold question: will there come a day when the federal government
controls the domestic use of encryption through mandated key escrow schemes
or outright prohibitions against the use of particular encryption
technologies?  Is Clipper the first step in this direction?  A mandatory
encryption regime raises profound constitutional questions, some of which
we will discuss below.  So far, the Administration has not declared that
use of Clipper will be mandatory, but several factors point in that
direction:

1.  Secrecy of the algorithm justified by need to ensure key escrow 
compliance:

        Many parties have already questioned the need for a secret
algorithm, especially given the existence of robust, public-domain
encryption techniques.  The most common explanation given for use of a
secret algorithm is the need to prevent users from by-passing the key
escrow system proposed along with the Clipper Chip.  If the system is truly
voluntary, then why go to such lengths to ensure compliance with the escrow
procedure?  

2.  How does a voluntary system solve law enforcement's problems?

        The major stated rationale for government intervention in the
domestic encryption arena is to ensure that law enforcement has access to
criminal communications, even if they are encrypted.  Yet, a voluntary
scheme seems inadequate to meet this goal.  Criminals who seek to avoid
interception and decryption of their communications would simply use
another system, free from escrow provisions.  Unless a government-proposed
encryption scheme is mandatory, it would fail to achieve its primary law
enforcement purpose.  In a voluntary regime, only the law-abiding would use
the escrow system.  


B.  POLICY CONCERNS ABOUT GOVERNMENT-RUN KEY ESCROW SYSTEM

        Even if government-proposed encryption standards remain voluntary,
the use of key escrow systems still raises serious concerns:

1. Is it wise to rely on government agencies, or government-selected
private institutions to protect the communications privacy of all who would
someday use a system such as Clipper?

2.  Will the public ever trust a secret algorithm with an escrow system
enough to make such a standard widely used?


C.  CONSTITUTIONAL IMPLICATIONS OF GOVERNMENT CONTROLS ON USE OF ENCRYPTION

        Beyond the present voluntary system is the possibility that
specific government controls on domestic encryption could be enacted.  Any
attempt to mandate a particular cryptographic standard for private
communications, a requirement that an escrow system be used, or a
prohibition against the use of specific encryption algorithms, would raise
fundamental constitutional questions.  In order to appreciate the
importance of the concerns raised, we must recognize that we are entering
an era in which most of society will rely on encryption to protect the
privacy of their electronic communications.  The following questions arise:

1.  Does a key escrow system force a mass waiver of all users' Fifth
Amendment right against self-incrimination?

        The Fifth Amendment protects individuals facing criminal charges
from having to reveal information which might incriminate them at trial. 
So far, no court has determined whether or not the Fifth Amendment allows a
defendant to refuse to disclose his or her cryptographic key.  As society
and technology have changed, courts and legislatures have gradually adapted
fundamental constitutional rights to new circumstances.  The age of digital
communications brings many such challenges to be resolved.  Such decisions
require careful, deliberate action.  But the existence of a key escrow
system would have the effect of waiving this right for every person who
used the system in a single step.  We believe that this question certainly
deserves more discussion.  

2.  Does a mandatory key escrow system violate the Fourth Amendment
prohibition against "unreasonable search and seizure"?

        In the era where people work for "virtual corporations" and conduct
personal and political lives in cyberspace, the distinction between
communication of information and storage of information is increasingly
vague.  The organization in which one works or lives may constitute a
single virtual space, but be physically dispersed.  So, the papers and
files of the organization or individual may be moved within the
organization by means of telecommunications technology.  Until now, the law
of search and seizure has made a sharp distinction between, on the one
hand, seizures of papers and other items in a person's physical possession,
and on the other hand, wiretapping of communications.  Seizure of papers or
personal effects must be conducted with the owner's knowledge, upon
presentation of a search warrant.  Only in the exceptional case of
wiretapping, may a person's privacy be invaded by law enforcement without
simultaneously informing the target.  Instantaneous access to encryption
keys, without prior notice to the communicating parties, may well
constitute a secret search, if the target is a virtual organization or an
individual whose "papers" are physically dispersed.  Under the Fourth
Amendment, secret searches are unconstitutional.

3.  Does prohibition against use of certain cryptographic techniques
infringe individuals' right to free speech?

        Any government restriction on or control of speech is to be
regarded with the utmost scrutiny.  Prohibiting the use of a particular
form of cryptography for the express purpose of making communication
intelligible to law enforcement is akin to prohibiting anyone from speaking
a language not understood by law enforcement.  Some may argue that
cryptography limitations are controls on the "time, place and manner" of
speech, and therefore subject to a more lenient legal standard.  However,
time, place and manner restrictions that have been upheld by courts include
laws which limit the volume of speakers from interfering with surrounding
activities, or those which confine demonstrators to certain physical areas.
 No court has ever upheld an outright ban on the use of a particular
language.  Moreover, even a time, place and manner restriction must be
shown to be the "least restrictive means" of accomplishing the government's
goal. It is precisely this question -- the availability of alternatives
which could solve law enforcement's actual problems -- that must be
explored before a solution such as Clipper is promoted.


D.  PUBLIC PROCESS FOR CRYPTOGRAPHY POLICY

        As this Advisory Board is well aware, the Computer Security Act of
1987 clearly established that neither military nor law enforcement agencies
are the proper protectors of personal privacy.  When considering the law,
Congress asked, "whether it is proper for a super-secret agency [the NSA]
that operates without public scrutiny to involve itself in domestic
activities...?"  The answer was a clear "no."  Recent Administration
announcements regarding the Clipper Chip suggest that the principle
established in the 1987 Act has been circumvented.  For example, this
Advisory Board was not consulted with until after public outcry over the
Clipper announcements.  Not only does the initial failure to consult eschew
the guidance of the 1987 Act, but also it ignored the fact that this
Advisory Board was already in the process of conducting a cryptography
review.

        As important as the principle of civilian control was in 1987, it
is even more critical today.  The more individuals around the country come
to depend on secure communications to protect their privacy, the more
important it is to conduct privacy and security policy dialogues in public,
civilian forums.


CONCLUSION

The EFF thanks the Advisory Board for the opportunity to comment on these
critical public policy issues.  In light of the wide range of difficult
issues raised in this inquiry, we encourage the Advisory Board to call on
the Administration to delay the introduction of Clipper-based products
until a thorough, public dialogue on encryption and privacy policy has been
completed. 



Respectfully Submitted,



Electronic Frontier Foundation

Jerry Berman
Executive Director
jberman () eff org

Daniel J. Weitzner 
Senior Staff Counsel
djw () eff org

Here is the cover to CSSPAB submission from EFF coordinated Privacy and
Security Working Group for your information. All of you already have the
questions. Note NAM, ICA, ORACLE, etc have added their names to submitters.
Sent Yesterday, May 27.

The Digital Privacy and Security Working Group, whose members are listed
below, submitted the following questions to the Clinton Administration
regarding Clipper and Cryptography Policy.  The Working Group hereby
submits this set of questions for the consideration of the Computer System
Security and Privacy Advisory Board.

Members of the Digital Privacy and Security Working Group:

abcd, The Microcomputer Industry Association
Advanced Network & Services, Inc.
American Civil Liberties Union
Apple Computer, Inc.
AT&T 
Business Software Alliance
Cavanagh Associates, Inc.
Cellular Telephone Industry Association
Computer Professionals for Social Responsibility
Computer & Business Equipment Manufacturers Association
Computer & Communications Industry Association
Crest Industries, Inc.
Digital Equipment Corporation
EDUCOM
Electronic Frontier Foundation
Electronic Mail Association
Hewlett-Packard Company
IBM
Information Technology Association of America
Information Industry Association
International Communication Association
Iris Associates
Lotus Development Corporation
McCaw Cellular Communications
MCI
Microsoft Corporation
National Association of Manufacturers
Oracle 
RSA Data Security, Inc.
Software Publishers Association
Sun Microsystems, Inc.
Telecommunications Industry Association
Toolmaker, Inc.
Trusted Information Systems
United States Telephone Association