18 March 1998
Date: Tue, 17 Mar 1998 20:53:53 -0500 To: cryptography@c2.net From: Alan Davidson <abd@cdt.org> Subject: Some Notes on Today's Senate Hearings For those interested, here are some notes on today's Senate hearings on encryption and critical infrastructures. -- Alan Alan Davidson, Staff Counsel 202.637.9800 (v) Center for Democracy and Technology 202.637.0968 (f) 1634 Eye St. NW, Suite 1100 <abd@cdt.org> Washington, DC 20006 PGP key via finger (1) Legal Scholars Argue Encryption Controls Unconstitutional; Administration Backs Off Domestic Controls (For Now) The Department of Justice and constitutional experts presented dramatically different views of the Bill of Rights in today's Senate Judiciary subcommittee hearing on encryption. While the DOJ defended the constitutionality of domestic encryption controls, two leading legal scholars presented a sweeping assessment of how domestic controls violate the protections of the First, Fourth, and Fifth Amendments. A RealAudio transcript of the hearing before Senator Ashcroft's Constitution Subcommittee is available at http://www.computerprivacy.org DOJ representative Robert Litt testified that as a matter of official policy the Administration is "not looking for any mandatory controls domestically at this time." This policy apparently applies to the FBI as well. (For an interesting aside, see today's Reuters story on the hearing: "The bureau hopes voluntary concessions by manufacturers of encryption technology will give it the same capabilities [as legislation], officials said." -- available at http://www.crypto.com) Litt went on to provide a chilling outline of why the Administration believes criminalization of non-recoverable encryption would be constitutional. Later in the hearing, leading constitutional scholars Richard Epstein of the University of Chicago and Kathleen Sullivan of Stanford testified that key recovery of the type contemplated by the FBI and Clinton Administration is inconsistent with fundamental free expression and privacy rights embodied in the Bill of Rights. While falling short of calling encryption controls clearly unconstitutional under current Supreme Court doctrine, Epstein and Sullivan presented a broad Constitutional case against encryption controls, based on: * First Amendment principles prohibiting bans on an entire medium of speech, like encryption; protecting anonymous speech; and protecting the speech interest in publishing encryption source code. * Fourth Amendment protections prohibiting the generalized seizure created by key recovery without appropriate legal process. * Fifth Amendment protections protecting against self-incrimination (implicated by the compelled production of key information); and prohibiting uncompensated "takings" like those created by the additional risks and costs imposed on users by key recovery. Attorney Cindy Cohn, lead counsel in Professor Dan Bernstein's challenge to US export controls on encryption, also testified on the first amendment interests that have been recognized in encryption source code. See http://www.eff.org/ for more details. The testimony of Professors Sullivan and Epstein is available through CDT's Web site at http://www.cdt.org/crypto (2) Sam Nunn a Friend to Encryption Advocates? Also in the Senate Judiciary Committee today, Senator Kyl's Technology Subcommittee held hearings on "Protecting America's Critical Infrastructures: The new policy directive". As expected, Senators Kyl and Feinstein used the hearing as an opportunity to call for the development and deployment of greater surveillance technologies for the information infrastructure. Danny Weitzner of CDT, who attended the hearing, notes that encryption advocates may have "found a new friend" in ex-Senator Sam Nunn, who now co-chairs a new critical infrastructure protection advisory group. Nunn testified that it is vital that the current stalemate over encryption policy be resolved soon because: 1) strong encryption is critical to the security of domestic infrastructures; and 2) failure to resolve the deadlock between government and industry has lead to such a high level of mistrust by industry that it is difficult to make any progress on any other infrastructure protection issues since those issues require a high degree of cooperation.
[Added by JYA:] [Congressional Record: March 17, 1998 (Digest)] Tuesday, March 17, 1998 Daily Digest Senate Committee Meetings PRIVACY IN THE DIGITAL AGE Committee on the Judiciary: Subcommittee on Constitution, Federalism, and Property Rights concluded hearings to examine the use of encryption and mandatory access in digital communications, focusing on proposals to balance privacy rights with law enforcement concerns, after receiving testimony from Representative Goodlatte; Robert S. Litt, Deputy Assistant Attorney General, Department of Justice; James J. Fotis, Law Enforcement Alliance of America, Falls Church, Virginia; Thomas Parenty, SyBase, Inc., Emeryville, California, Kathleen M. Sullivan, Stanford Law School, Stanford, California, and Richard A. Epstein, University of Chicago Law School, Chicago, Illinois, all on behalf of Americans for Computer Privacy; Bill Weidemann, RedCreek Communications, Newark, California; Cindy A. Cohn, McGlashan and Sarrail, San Mateo, California; and Tim D. Casey, MCI Communications, Washington, D.C. CRITICAL INFRASTRUCTURE PROTECTION Committee on the Judiciary: Subcommittee on Technology, Terrorism, and Government Information resumed hearings to examine the need for a national strategy and policies to protect the critical infrastructures of the United States, receiving testimony from former Senator Nunn and Jamie S. Gorelick, each a Co-Chair of the Advisory Committee to the President's Commission on Critical Infrastructure Protection; and Lt. Gen. David J. Kelley, Director, and Brig. Gen. James Hylton, Director of Operations, both of the Defense Information Systems Agency, Department of Defense. Hearings were recessed subject to call.