Chipping Away at Privacy
by Shari Steele and Daniel J. Weitzner


On April 16, 1993, the Clinton Administration announced a national 
standard for encryption.  Under the Administration's Clipper Chip 
proposal, voice telephone conversations would be encrypted by chips 
built into the telephone units used by the caller and the call 
recipient.  Put simply, when a call is made, the two telephones involved 
communicate with one another and establish a unique key based on 
information contained on each of their chips.  The telephones then use 
that key to encrypt and decrypt the conversation.  In this way, anyone 
attempting to wiretap the telephone conversation would not be able to 
understand what was being said.

However, in order to provide a means for law enforcement officers to 
decrypt messages for court-authorized wiretaps, the Administration's 
proposal suggested that the keys be held in trust by a third party, who 
would only release keys when presented with valid warrants to perform 
wiretaps.  To further ensure that the keys would not be too easily 
obtained, the Administration's proposal suggested that each key be split 
in half, with each half of each key held by a different escrow agent.

The Clipper Chip, which was originally developed by the National 
Security Agency (NSA), does offer some measure of privacy to individuals 
while providing law enforcement officers with the means to conduct 
wiretaps.  However, there are some serious problems with the 
government's proposal.  First, the Administration has not established 
that the Clipper Chip offers maximum privacy protection.  An encryption 
algorithm cannot be trusted unless it can be tested, yet the 
Administration proposes to keep the Chip algorithm classified.  What 
will give people confidence in the safety of their keys?  Furthermore, 
while the use of the key escrow system is one way to balance privacy and 
law enforcement needs, the details of this scheme must be explored 
publicly before it is adopted.

But before we even begin to address these concerns, we need to start 
with one very basic question:  Is the Clipper Chip an attempt by the 
federal government to control the use of encryption?  A government-
mandated encryption standard raises profound constitutional questions.

Clipper Mandate Imminent?

So far, the Administration has not declared that use of the Clipper Chip 
will be mandatory, but several factors point in that direction:

*     The government has justified keeping the Clipper Chip encryption 
	algorithm secret by claiming that it is the only way to ensure 
	compliance with the proposed key escrow system.

Many parties have already questioned the need for a secret algorithm, 
especially given the existence of robust, public-domain encryption 
techniques.  The most common explanation given for use of a secret 
algorithm is the need to prevent users from bypassing the key escrow 
system proposed along with the Clipper Chip.  If the system is truly 
voluntary, then why go to such lengths to ensure compliance with the 
escrow procedure?

*     A voluntary system does not solve law enforcement's problems.

The major stated rationale for government intervention in the domestic 
encryption arena is to ensure that law enforcement officers have 
continued access to criminal communications.  Yet, a voluntary scheme 
seems inadequate to meet this goal.  Criminals who seek to avoid 
interception and decryption of their communications would simply use 
another system, free from escrow provisions.  Unless a government-
proposed encryption scheme is mandatory, it would fail to achieve its 
primary law enforcement purpose.  In a voluntary regime, only the law-
abiding would use the escrow system.

Any attempt to mandate a particular cryptographic standard for private 
communications, to require that encrypted messages use an escrow system, 
or to prohibit the use of specific encryption algorithms would raise 
fundamental constitutional questions.  In order to appreciate the 
importance of the concerns raised, we must recognize that we are 
entering an era in which most of society will rely on encryption to 
protect the privacy of their electronic communications.

Constitutional Concerns

If the Administration does intend to mandate the use of a particular 
encryption technology, such as the Clipper Chip, and to make the use of 
all other encryption technologies illegal, there are serious 
constitutional concerns.  A mandatory key escrow system violates the 
First, Fourth and Fifth Amendments of the Constitution.

*     A mandatory key escrow system violates the Fourth Amendment 
	prohibition against "unreasonable search and seizure."

Wiretapping and other electronic surveillance have always been 
recognized as exceptions to the fundamental Fourth Amendment prohibition 
against secret searches.  Even with a valid search warrant, law 
enforcement agents must "knock and announce" their intent to search a 
location before proceeding.  Failure to do so violates the Fourth 
Amendment.  Increasing reliance on advanced telecommunications requires 
that we re-examine the scope and application of the exception granted to 
wiretaps.

Until now, the law of search and seizure has made a sharp distinction 
between, on the one hand, seizures of papers and other items in a 
person's physical possession and, on the other hand, wiretapping of 
electronic communications.  Law enforcement officers must inform an 
owner, through the presentation of a valid warrant, before searching 
and/or seizing papers or personal effects.  Only in the exceptional case 
of wiretapping may law enforcement officers invade a person's privacy 
without simultaneously informing that person.

Today, the distinction between storage of information and communication 
of information is not so clear.  Instantaneous access to encryption 
keys, without notice to the communicating parties, may well constitute a 
secret search if law enforcement officers seize the "papers" (now in 
electronic form) of a virtual corporation or an individual.

*     A key escrow system forces a mass waiver of all users' Fifth 
	Amendment rights against self-incrimination.

The Fifth Amendment protects individuals facing criminal charges from 
having to reveal information that might incriminate them at trial.  So 
far, no court has determined whether or not the Fifth Amendment allows a 
defendant to refuse to disclose his or her cryptographic key.  As 
society and technology have changed, courts and legislatures have 
gradually adapted fundamental constitutional rights to new 
circumstances.  Such decisions require careful, deliberate action.  But 
the existence of a key escrow system would have the effect of waiving 
this right for every person who used the system in a single step.

*     Prohibition against use of certain cryptographic techniques is a 
	content-based restriction which violates individuals' right to 
	free speech guaranteed under the First Amendment.

Prohibiting the use of a particular form of cryptography for the express 
purpose of making communication intelligible to law enforcement officers 
is akin to prohibiting someone from speaking a language not understood 
by law enforcement officers.  And, while courts have upheld "time, place 
and manner" restrictions, such as laws that limit the volume of speakers 
from interfering with surrounding activities and confine demonstrators 
to certain physical areas, no court has ever upheld an outright ban on 
the use of a particular language.  Moreover, in order for a time, place 
and manner restriction to be a valid restraint on speech, a government 
must show that it is the "least restrictive means" of accomplishing the 
government's goal.  It is precisely this question -- the availability of 
alternatives that could solve law enforcement's actual problems -- that 
we must be able to explore before we can promote a solution such as key 
escrow.

Digital Privacy and Security Working Group

On May 14, 1993, the Digital Privacy and Security Working Group sent a 
list of over 100 questions to President Clinton, expressing the Group's 
concerns and asking that a public dialogue be initiated to discuss the 
issue further.  The Digital Privacy and Security Working Group is a 
coalition of over 50 organizations -- from computer software and 
hardware firms, to telecommunications companies and energy companies, to 
the American Civil Liberties Union and the Electronic Frontier 
Foundation -- that was formed over a decade ago and is chaired by EFF's 
Executive Director, Jerry Berman.  The Working Group identified several 
other aspects of the Administration's encryption proposal that warranted 
further discussion, including:

*     the security of the key escrow system;
*     the advisability of a government-developed and classified 
	algorithm;
*     the Clipper Chip's practicality and commercial acceptability;
*     the effect of the proposal on American competitiveness and the 
	balance of trade;
*     possible implications for the development of digital 
	communications; and,
*     the effect on the right to privacy and other constitutional 
	rights.

The Administration has agreed to slow down the process in order to 
enable a deliberate government policy on encryption to be developed 
before any one encryption technology is embraced.