From: Mike Godwin <mnemonic@eff.org>
To: cyberia-l@birds.wm.edu )
Message Hash: a687f5670e5fe64f703d24c123054a4313fb985b4078e6e3f8c767efdfd4333a
Message ID: <199402042259.RAA00682@eff.org>
Reply To: N/A
UTC Datetime: 1994-02-04 23:10:17 UTC
Raw Date: Fri, 4 Feb 94 15:10:17 PST
From: Mike Godwin <mnemonic@eff.org>
Date: Fri, 4 Feb 94 15:10:17 PST
To: cyberia-l@birds.wm.edu )
Subject: doj_escrow_intercept.procedures (fwd)
Message-ID: <199402042259.RAA00682@eff.org>
MIME-Version: 1.0
Content-Type: text/plain
Forwarded message:
From postmaster Fri Feb 4 17:49:23 1994
Date: Fri, 4 Feb 1994 17:47:39 -0500
From: Dan Brown <brown>
Message-Id: <199402042247.RAA00193@eff.org>
To: eff-board, eff-staff
Subject: doj_escrow_intercept.procedures
U.S. Department of Justice
Washington, D.C. 20530
February 4, 1994
AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO TITLE III
The following are the procedures for the release of escrowed key
components in conjunction with lawfully authorized interception of
communications encrypted with a key-escrow encryption method.
These procedures cover all electronic surveillance conducted
pursuant to Title III of the Omnibus crime Control and Safe
Streets Act of 1968, as amended (Title III), Title 18, United
States Code, Section 2510 et seq.
1) In each case there shall be a legal authorization for the
interception of wire and/or electronic communications.
2) All electronic surveillance court orders under Title III
shall contain provisions authorizing after-the-fact minimization,
pursuant to 18 U.S.C. 2518(5), permitting the interception and
retention of coded communications, including encrypted
communications.
3) In the event that federal law enforcement agents discover
during the course of any lawfully authorized interception that
communications encrypted with a key escrow encryption method are
being utilized, they may obtain a certification from the
investigative agency conducting the investigation, or the Attorney
General of the United States or designee thereof. Such
certification shall
(a) identify the law enforcement agency or other
authority conducting the interception and the person providing the
certification;
(b) certify that necessary legal authorization has been
obtained to conduct electronic surveillance regarding these
communications;
(c) specify the termination date of the period for which
interception has been authorized;
(d) identify by docket number or other suitable method
of specification the source of the authorization;
(e) certify that communications covered by that
authorization are being encrypted with a key-escrow encryption
method;
(f) specify the identifier (ID) number of the key escrow
encryption chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow
decryption device that will be used by the law enforcement agency
or other authority for decryption of the intercepted
communications.
4) The agency conducting the interception shall submit this
certification to each of the designated key component escrow
agents. If the certification has been provided by an investigative
agency, as soon thereafter as practicable, an attorney associated
with the United States Attorney's Office supervising the
investigation shall provide each of the key component escrow
agents with written confirmation of the certification.
5) Upon receiving the certification from the requesting
investigative agency, each key component escrow agent shall
release the necessary key component to the requesting agency. The
key components shall be provided in a manner that assures they
cannot be used other than in conjunction with the lawfully
authorized electronic surveillance for which they were requested.
6) Each of the key component escrow agents shall retain a
copy of the certification of the requesting agency, as well as the
subsequent confirmation of the United States Attorney's Office. In
addition, the requesting agency shall retain a copy of the
certification and provide copies to the following for retention in
accordance with normal record keeping requirements:
(a) the United States Attorney's Office supervising the
investigation, and
(b) the Department of Justice, Office of Enforcement
Operations.
7) Upon, or prior to, completion of the electronic
surveillance phase of the investigation, the ability of the
requesting agency to decrypt intercepted communications shall
terminate, and the requesting agency may not retain the key
components.
8) The Department of Justice shall, in each such case,
(a) ascertain the existence of authorizations for
electronic surveillance in cases for which escrowed key components
have been released;
(b) ascertain that key components for a particular key
escrow encryption chip are being used only by an investigative
agency authorized to conduct electronic surveillance of
communications encrypted with that chip; and
(c) ascertain that, no later than the completion of the
electronic surveillance phase of the investigation, the ability of
the requesting agency to decrypt intercepted communications is
terminated.
9) In reporting to the Administrative Office of the United
States Courts pursuant to 18 U.S.C. Section 2519(2), the Assistant
Attorney General for the Criminal Division shall, with respect to
any order for authorized electronic surveillance for which
escrowed encryption components were released and used for
decryption, specifically note that fact.
These procedures do not create, and are not intended to create,
any substantive rights for individuals intercepted through
electronic surveillance, and noncompliance with these procedures
shall not provide the basis for any motion to suppress or other
objection to the introduction of electronic surveillance evidence
lawfully acquired.
*************************************************************
U.S. Department of Justice
Washington, D.C. 20530
February 4, 1994
AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO STATE STATUTES
Key component escrow agents may only release escrowed key
components to law enforcement or prosecutorial authorities for use
in conjunction with lawfully authorized interception of
communications encrypted with a key-escrow encryption method.
These procedures apply to the release of key components to State
and local law enforcement or prosecutorial authorities for use in
conjunction with interceptions conducted pursuant to relevant
State statutes authorizing electronic surveillance, and Title III
of the Omnibus crime Control and Safe Streets Act of 1968, as
amended, Title 18, United States Code, Section 2510 et seq.
1) The state or local law enforcement or prosecutorial
authority must be conducting an interception of wire and/or
electronic communications pursuant to lawful authorization.
2) Requests for release of escrowed key components must be
submitted to the key component escrow agents by the principal
prosecuting attorney of the State, or of a political subdivision
thereof, responsible for the lawfully authorized electronic
surveillance.
3) The principal prosecuting attorney of such State or
political subdivision of such State shall submit with the request
for escrowed key components a certification that shall
(a) identify the law enforcement agency or other
authority conducting the interception and the prosecuting attorney
responsible therefor;
(b) certify that necessary legal authorization for
interception has been obtained to conduct electronic surveillance
regarding these communications;
(c) specify the termination date of the period for which
interception has been authorize;
(d) identify by docket number or other suitable method
of specification the source of the authorization;
(e) certify that communications covered by that
authorization are being encrypted with a key-escrow encryption
method;
(f) specify the identifier (ID) number of the key escrow
chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow
decryption device that will be used by the law enforcement agency
or other authority for decryption of the intercepted
communications.
4) Such certification must be submitted by the principal
prosecuting attorney of that State or political subdivision to
each of the designated key component escrow agents.
5) Upon receiving the certification from the principal
prosecuting attorney of the State or political subdivision, each
key component escrow agent shall release the necessary key
component to the intercepting State or local law enforcement
agency or other authority. The key components shall be provided in
a manner that assures they cannot be used other than in
conjunction with the lawfully authorized electronic surveillance
for which they were requested.
6) Each of the key component escrow agents shall retain a
copy of the certification of the principal prosecuting attorney of
the State or political subdivision. In addition, such prosecuting
attorney shall provide a copy of the certification to the
Department of Justice, for retention in accordance with normal
record keeping requirements.
7) Upon, or prior to, completion of the electronic
surveillance phase of the investigation, the ability of the
intercepting law enforcement agency or other authority to decrypt
intercepted communications shall terminate, and the intercepting
law enforcement agency or other authority may not retain the key
components.
8) The Department of Justice may, in each such case, make
inquiry to
(a) ascertain the existence of authorizations for
electronic surveillance in cases for which escrowed key components
have been released;
(b) ascertain that key components for a particular key
escrow encryption chip are being used only by an investigative
agency authorized to conduct electronic surveillance of
communications encrypted with that chip; and
(c) ascertain that, no later than the completion of the
electronic surveillance phase of the investigation, the ability of
the requesting agency to decrypt intercepted communications is
terminated.
9) In reporting to the Administrative Office of the United
States Courts pursuant to 18 U.S.C. Section 2519(2), the principal
prosecuting attorney of a State or of a political subdivision of a
State may, with respect to any order for authorized electronic
surveillance for which escrowed encryption components were
released and used for decryption, desire to note that fact.
These procedures do not create, and are not intended to create,
any substantive rights for individuals intercepted through
electronic surveillance, and noncompliance with these procedures
shall not provide the basis for any motion to suppress or other
objection to the introduction of electronic surveillance evidence
lawfully acquired.
*************************************************************
U.S. Department of Justice
Washington D.C. 20530
February 4, 1994
AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA
The following are the procedures for the release of escrowed key
components in conjunction with lawfully authorized interception of
communications encrypted with a key-escrow encryption method.
These procedures cover all electronic surveillance conducted
pursuant to the Foreign Intelligence Surveillance Act (FISA), Pub.
L. 95-511, which appears at Title 50, U.S. Code, Section 1801 et
seq.
1 ) In each case there shall be a legal authorization for the
interception of wire and/or electronic communications.
2) In the event that federal authorities discover during the
course of any lawfully authorized interception that communications
encrypted with a key-escrow encryption method are being utilized,
they may obtain a certification from an agency authorized to
participate in the conduct of the interception, or from the
Attorney General of the United States or designee thereof. Such
certification shall
(a) identify the agency participating in the conduct of
the interception and the person providing the certification;
to conduct electronic surveillance regarding these
communications;
(c) specify the termination date of the period for which
interception has been authorized;
(d) identify by docket number or other suitable method
of specification the source of the authorization;
(e) certify that communications covered by that
authorization are being encrypted with a key-escrow encryption
method;
(f) specify the identifier (ID) number of the key escrow
encryption chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow
decryption device that will be used by the agency participating in
the conduct of the interception for decryption of the intercepted
communications.
4) This certification shall be submitted to each of the
designated key component escrow agents. If the certification has
been provided by an agency authorized to participate in the
conduct of the interception, a copy shall be provided to the
Department of Justice, Office of Intelligence Policy and Review.
As soon as possible, an attorney associated with that office shall
provide each of the key component escrow agents with written
confirmation of the certification.
5) Upon receiving the certification, each key component
escrow agent shall release the necessary key component to the
agency participating in the conduct of the interception. The key
components shall be provided in a manner that assures they cannot
be used other than in conjunction with the lawfully authorized
electronic surveillance for which they were requested.
6) Each of the key component escrow agents shall retain a
copy of the certification, as well as the subsequent written
confirmation of the Department of Justice, Office of Intelligence
Policy and Review.
7) Upon, or prior to, completion of the electronic
surveillance phase of the investigation, the ability of the agency
participating in the conduct of the interception to decrypt
intercepted communications shall terminate, and such agency may
not retain the key components.
8) The Department of Justice shall, in each such case,
(a) ascertain the existence of authorizations for
electronic surveillance in cases for which escrowed key components
have been released;
(b) ascertain that key components for a particular key
escrow encryption chip are being used only by an agency authorized
to participate in the conduct of the interception of
communications encrypted with that chip; and
(c) ascertain that, no later than the completion of the
electronic surveillance phase of the investigation, the ability of
the agency participating in the conduct of the interception to
decrypt intercepted communications is terminated.
9) Reports to the House Permanent Select Committee on
Intelligence and the Senate Select Committee on Intelligence,
pursuant to Section 108 of FISA, shall, with respect to any order
for authorized electronic surveillance for which escrowed
encryption components were released and used for decryption,
specifically note that fact.
These procedures do not create, and are not intended to create,
any substantive rights for individuals intercepted through
electronic surveillance, and noncompliance with these procedures
shall not provide the basis for any motion to suppress or other
objection to the introduction of electronic surveillance evidence
lawfully acquired.
Return to February 1994
Return to “rcain@netcom.com (Robert Cain)”