1994-05-06 - EFF’s Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94

Header Data

From: Stanton McCandlish <mech@eff.org>
To: risks@csl.sri.com (RISKS Digest)
Message Hash: 285a55e3d332ef9f38cfb83c05ba7ce81a07160ff449e6abdf8e0ad7fc87de2a
Message ID: <199405061610.MAA06408@eff.org>
Reply To: N/A
UTC Datetime: 1994-05-06 16:13:55 UTC
Raw Date: Fri, 6 May 94 09:13:55 PDT

Raw message

From: Stanton McCandlish <mech@eff.org>
Date: Fri, 6 May 94 09:13:55 PDT
To: risks@csl.sri.com (RISKS Digest)
Subject: EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94
Message-ID: <199405061610.MAA06408@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


  


Testimony 

of

Jerry J. Berman, Executive Director
Electronic Frontier Foundation

before the 

Committee on Science, Space and Technology

Subcommittee on Technology, Environment and 
Aviation

U.S. House of Representatives


Hearing on 

Communications and Computer Surveillance, Privacy 
and Security


May 3, 1994

Mr. Chairman and Members of the Committee

	I want to thank you for the opportunity to testify today on 
communications 
and computer surveillance, privacy, and security policy.  The Electronic 
Frontier Foundation (EFF) is a public interest membership organization 
dedicated to achieving the democratic potential of new communications 
and computer technology and works to protect civil liberties in new 
digital environments.  EFF also coordinates the Digital Privacy and 
Security Working Group (DPSWG), a coalition of more than 50 computer, 
communications, and public interest organizations and associations 
working on communications privacy issues.  The Working Group has 
strongly opposed the Administration's clipper chip and digital telephony 
proposals. 
	EFF is especially pleased that this subcommittee has taken an 
interest in these issues.  It is our belief that Administration policy 
developed in this area threatens individual privacy rights, will thwart 
the development of the information infrastructure, and does not even 
meet the stated needs of law enforcement and national security agencies.  
A fresh and comprehensive look at these issues is needed.


I.	Background on digital privacy and security policy
-------------------------------------------------------

	From the beginning of the 1992 Presidential campaign, President 
Clinton and Vice President Gore committed themselves to support the 
development of the National Information Infrastructure.  They recognize 
that the "development of the NII can unleash an information revolution 
that will change forever the way people live, work, and interact with 
each other."  They also know that the information infrastructure can 
only realize its potential if users feel confident about security 
measures available. 
	If allowed to reach its potential, this information infrastructure 
will carry vital personal information, such as health care records, 
private communications among friends and families, and personal 
financial transactions.  The business community will transmit valuable 
information such as plans for new products, proprietary financial data, 
and other strategic communications.  If communications in the new 
infrastructure are vulnerable, all of our lives and businesses would be 
subject to both damaging and costly invasion.
	In launching its Information Infrastructure Task Force (IITF) the 
Clinton Administration recognized this when it declared that:

   The trustworthiness and security of communications channels and    
   networks are essential to the success of the NII....  Electronic  
   information systems can create new vulnerabilities.  For example, 
   electronic files can be broken into and copied from remote locations, 
   and cellular phone conversations can be monitored easily.  Yet these 
   same systems, if properly designed, can offer greater security than 
   less advanced communications channels.  [_Agenda_for_Action_, 9]

Cryptography -- technology which allows encoding and decoding of 
messages -- is an absolutely essential part of the solution to 
information security and privacy needs in the Information Age.  Without 
strong cryptography, no one will have the confidence to use networks to 
conduct business, to engage in commercial transactions electronically, 
or to transmit sensitive personal information.  As the Administration 
foresees, we need

   network standards and transmission codes that facilitate 
   interconnection and interoperation between networks, and ensure the 
   privacy of persons and the security of information carried.... 
   [_Agenda_for_Action_, 6]

While articulating these security and privacy needs, the Administration 
has also emphasized that  the availability of strong encryption poses 
challenges to law enforcement and national security efforts.  Though the 
vast majority of those who benefit from encryption will be law abiding 
citizens, some criminals will find ways to hide behind new technologies. 


II.	Current cryptography policy fails to meet the needs of 
------------------------------------------------------------
       the growing information infrastructure 
----------------------------------------------

	As a solution to the conflict between the need for user privacy 
and the desire to ensure law enforcement access, the Administration has 
proposed that individuals and organizations who use encryption deposit a 
copy of their private key -- the means to decode any communications they 
send -- with the federal government. 
	 In our view, this is not a balanced solution but one that 
undermines the need for security and privacy without resolving important 
law enforcement concerns.  It is up to the Congress to send the 
Administration back to the drawing board.

A.	Current Export Controls and New Clipper Proposal Stifle Innovation
------------------------------------------------------------------------

	Two factors are currently keeping strong encryption out of the 
reach of United States citizens and corporations.  First, general 
uncertainty about what forms of cryptography will and will not be legal 
to produce in the future.  Second, export controls make it economically 
impossible for US manufacturers that build products for the global 
marketplace to incorporate strong encryption for either the domestic or 
foreign markets.  Despite this negative impact on the US market, export 
controls are decreasingly successful at limiting the foreign 
availability of strong encryption.  A recent survey shows that of the 
more than 260 foreign encryption products now available globally, over 
80 offer encryption which is stronger than what US companies are allowed 
to export.  Export controls do constrain the US market, but the 
international market appears to be meeting its security needs without 
help from US industry.  The introduction of Clipper fails to address the 
general uncertainty in the cryptography market.  Announcement of a key 
escrow policy alone is not sufficient to get the stalled US cryptography 
market back on track.

B.	The secrecy of the Clipper/Skipjack algorithm reduces public trust            
------------------------------------------------------------------------
      and casts doubt on the voluntariness of the whole system
--------------------------------------------------------------

	Many parties have already questioned the need for a secret 
algorithm, especially given the existence of robust, public-domain 
encryption techniques.  The most common explanation given for use of a 
secret algorithm is the need to prevent users from bypassing the key 
escrow system proposed along with the Clipper Chip.  Clipper has always 
been presented by the Administration as a voluntary option.  But if the 
system is truly voluntary, why go to such lengths to ensure compliance 
with the escrow procedure?  

C.	Current plans for escrow system offer inadequate technical 
----------------------------------------------------------------
      security and insufficient legal protections for users
-----------------------------------------------------------

	The implementation of a nationwide key escrow system is clearly a 
complex task.  But preliminary plans available already indicate several 
areas of serious concern:

1.	_No_legal_rights_for_escrow_users_:  As currently written, the 
escrow procedures insulate the government escrow agents from any legal 
liability for unauthorized or negligent release of an individual's key.  
This is contrary to the very notion of an escrow system, which 
ordinarily would provide a legal remedy for the depositor whose 
deposit is released without authorization.  If anything, escrow agents 
should be subject to strict liability for unauthorized disclosure of 
keys.

2.	_No_stability_in_escrow_rules_:  The Administration has 
specifically declared that it will not seek to have the escrow 
procedures incorporated into legislation or official regulations.  
Without formalization of rules, users have no guaranty that subsequent 
administrations will follow the same rules or offer the users the same 
degree of protection.  This will greatly reduce the trust in the system.

3.	_Fixed_Key_:  A cardinal rule of computer security is that 
encryption keys must be changed often.  Since the Clipper keys are 
locked permanently into the chips, the keys can never be changed.  This 
is a major technical weakness of the current proposal.

4.	_Less_intrusive,_more_secure_escrow_alternatives_are_available_: 
The Clipper proposal represents only one of many possible kinds of key 
escrow systems.  More security could be provided by having more 
than two escrow agents.  And, in order to increase public trust, some 
or all of these agents could be non-governmental agencies, with the 
traditional fiduciary duties of an escrow agent.  

D.	Escrow Systems Threaten Fundamental Constitutional Values
---------------------------------------------------------------

	The Administration, Congress, and the public ought to have the 
opportunity to consider the implications of limitations on cryptography 
from a constitutional perspective.  A delicate balance between 
constitutional privacy rights and the needs of law enforcement has been 
crafted over the history of this country.  We must act carefully as we 
face the constitutional challenges posed by new communication 
technologies.
	Unraveling the current encryption policy tangle must begin with 
one threshold question: will there come a day when the federal 
government controls the domestic use of encryption through mandated key 
escrow schemes or outright prohibitions against the use of particular 
encryption technologies?  Is Clipper the first step in this direction?  
A mandatory encryption regime raises profound constitutional questions.
	In the era where people work for "virtual corporations" and 
conduct personal and political lives in "cyberspace," the distinction 
between _communication_ of information and _storage_ of information is 
increasingly vague.  The organization in which one works may constitute 
a single virtual space, but be physically dispersed.  So, the papers and 
files of the organization or individual may be moved within the 
organization by means of telecommunications technology.  Instantaneous 
access to encryption keys, without prior notice to the communicating 
parties, may well constitute a secret search, if the target is a 
virtual corporation or an individual whose "papers" are physically 
dispersed.
	Wiretapping and other electronic surveillance has always been 
recognized as an exception to the fundamental Fourth Amendment 
prohibition against secret searches.  Even with a valid search warrant, 
law enforcement agents must "knock and announce" their intent to search 
a premises before proceeding.  Failure to do so violates the Fourth 
Amendment.  Until now, the law of search and seizure has made a sharp 
distinction between, on the one hand, _seizures_of_papers_ and other 
items in a person's physical possession, and on the other hand, 
_wiretapping_of_communications_.  Seizure of papers or personal effects 
must be conducted with the owner's knowledge, upon presentation of a 
search warrant.  Only in the exceptional case of wiretapping, may a 
person's privacy be invaded by law enforcement without simultaneously 
informing that person.  
	Proposals to regulate the use of cryptography for the sake of law 
enforcement efficiency should be viewed carefully in the centuries old 
tradition of privacy protection.

E.	Voluntary escrow system will not meet law enforcement needs
-----------------------------------------------------------------

	Finally, despite all of the troubling aspects of the Clipper 
proposal, it is by no means clear that it will even solve the problems 
that law enforcement has identified.  The major stated rationale for 
government intervention in the domestic encryption arena is to ensure 
that law enforcement has access to criminal communications, even if they 
are encrypted.  Yet, a voluntary scheme seems inadequate to meet this 
goal.  Criminals who seek to avoid interception and decryption of their 
communications would simply use another system, free from escrow 
provisions.  Unless a government-proposed encryption scheme is 
mandatory, it would fail to achieve its primary law enforcement purpose.  
In a voluntary regime, only the law-abiding would use the escrow system.  

III.	Recent policy developments indicate that Administration policy is 
-----------------------------------------------------------------------
      bad for the NII, contrary to the Computer Security Act, and 
-----------------------------------------------------------------
      requires Congressional oversight
--------------------------------------

	Along with the Clipper Chip proposal, the Administration announced 
a comprehensive review of cryptography and privacy policy.  Almost 
immediately after the Clipper announcement, the Digital Privacy and 
Security Working Group began discussions with the Administration on 
issues raised by the Clipper proposal and by cryptography in general.  
Unfortunately, this dialogue has been largely one-sided.  EFF and many 
other groups have provided extensive input to the Administration, yet 
the Administration has not reciprocated -- the promised policy report 
has not been forthcoming.  Moreover, the National Security Agency and 
the Federal Bureau of Investigation are proceeding unilaterally to 
implement their own goals in this critical policy area.
	Allowing these agencies to proceed unilaterally would be a grave 
mistake. As this subcommittee is well aware, the Computer Security Act 
of 1987 clearly established that neither military nor law enforcement 
agencies are the proper protectors of personal privacy.  When 
considering the law, Congress asked, "whether it is proper for a super-
secret agency [the NSA] that operates without public scrutiny to involve 
itself in domestic activities...?"  The answer was a clear "no."  Recent 
Administration announcements regarding the Clipper Chip suggest that the 
principle established in the 1987 Act has been circumvented. 
	As important as the principle of civilian control was in 1987, it 
is even more critical today.  The more individuals around the country 
come to depend on secure communications to protect their privacy, the 
more important it is to conduct privacy and security policy dialogues in 
public, civilian forums.
	The NII can grow into the kind of critical, national resource 
which this Administration seeks to promote only if major changes in 
current cryptography and privacy policy.  In the absence of such 
changes, digital technology will continue to rapidly render our 
commercial activities and communications -- and, indeed, much of our 
personal lives -- open to scrutiny by strangers.  The Electronic 
Frontier Foundation believes that Americans must be allowed access 
to the cryptographic tools necessary to protect their own privacy.
	We had hoped that the Administration was committed to making these 
changes, but several recent developments lead us to fear that the effort 
has been abandoned, leaving individual agencies to pursue their own 
policy agendas instead of being guided by a comprehensive policy.  The 
following issues concern us:

*	Delayed Cryptography Policy Report
----------------------------------------

The policy analysis called for along with the April 16, 1993 
Presidential Decision Directive has not been released, though it was 
promised to have been completed by early fall of 1993.  We had hoped 
that this report would be the basis for public dialogue on the important 
privacy, competitiveness, and law enforcement issues raised by 
cryptography policy.  To date, none of the Administration's policy 
rationale has been revealed to the public, despite the fact that 
agencies in the Executive Branch are proceeding with their own plan

*	Escrowed Encryption Federal Information Processing Standard (FIPS)      
------------------------------------------------------------------------
      approved against overwhelming weight of public comments
-------------------------------------------------------------

The Presidential Decision Directive also called for consideration of a 
Federal Information Processing Standard (FIPS) for key-escrow 
encryption systems.  This process was to have been one of several 
forums whereby those concerned about the proposed key-escrow system 
could voice opinions.  EFF, as well as over 225 of our individual 
members, raised a number of serious concerns about the draft FIPS in 
September of this 1993.  EFF expressed its opposition to government 
implementation of key-escrow systems as proposed.  We continue to 
oppose the deployment of Skipjack family escrow encryption systems 
both because they violate fundamental First, Fourth, and Fifth 
amendment principles, and because they fail to offer users adequate 
security and flexibility.

Despite overwhelming opposition from over 300 commenters, the 
Department of Commerce recently approved FIPS 185.

*	Large-Scale Skipjack Deployment Announced
-----------------------------------------------

At the December 9, 1993 meeting of the Computer Systems Security and 
Privacy Advisory Board, an NSA official announced plans to deploy from 
10,000 to 70,000 Skipjack devices in the Defense Messaging System in 
the near future.  The exact size of the order was said to be dependent 
only on budget constraints.  The Administration is on record in the 
national press promising that no large-scale Skipjack deployment would 
occur until a final report of the Administration Task Force was 
complete.  Ten thousand units was set as the upper limit of initial 
deployment.  Skipjack deployment at the level planned in the Defense 
Messaging System circumvents both the FIPS notice and comments process 
which has been left in a state of limbo, as well as the Administration's 
promise of a comprehensive policy framework. 

*	New FBI Digital Telephony Legislation Proposed
----------------------------------------------------

The FBI recently proposed a new "Digital Telephony" bill.  After initial 
analysis, we strongly oppose the bill, which would require all common 
carriers to construct their networks to deliver to law enforcement 
agencies, in real time, both the contents of all communications on their 
networks and the "signaling" or transactional information. 

	In short, the bill lays the groundwork for turning the National 
Information Infrastructure into a nation-wide surveillance system, to be 
used by law enforcement with few technical or legal safeguards.  This 
image is not hyperbole, but a real assessment of the power of the 
technology and inadequacy of current legal and technical privacy 
protections for users of communications networks. 

	Although the FBI suggests that the bill is primarily designed to 
maintain status quo wiretap capability in the face of technological 
changes, in fact, it seeks vast new surveillance and monitoring tools. 

	Lengthy delays on the promised policy report, along with these 
unilateral steps toward Clipper/Skipjack deployment, lead us to believe 
that Administration policy is stalled by the Cold War-era national 
security concerns that have characterized cryptography policy for the 
last several decades.
	EFF believes that it would be a disastrous error to allow national 
information policy -- now a critical component of domestic policy -- to 
be dictated solely by backward-looking national-security priorities and 
unsubstantiated law-enforcement claims.  The directions set by this 
Administration will have a major impact on privacy, information 
security, and the fundamental relationship between the government and 
individual autonomy.  This is why the Administration must take action--
and do so before the aforementioned agencies proceed further--to ensure 
that cryptography policy is restructured to serve the 
interests of privacy and security in the National Information 
Infrastructure. We still believe the Administration can play the 
leadership role it was meant to play in shaping this policy. If it does 
not, the potential of the NII, and of fundamental civil liberties in the 
information age, will be threatened.

IV.	Congressional oversight of cryptography & privacy policy is 
-----------------------------------------------------------------
      urgently needed to right the balance between privacy, 
-----------------------------------------------------------
      competitiveness & law enforcement needs
---------------------------------------------

	All participants in this debate recognize that the need for 
privacy and security is real, and that new technologies pose real 
challenges for law enforcement and national security operations.  
However, the solutions now on the table cripple the NII, pose grave 
threats to privacy, and fail to even meet law enforcement objectives.  
In our judgment, the Administration has failed, thus far, to articulate 
a comprehensive set of policies which will advance the goals upon 
which we all agree.
	Congress must act now to ensure that cryptography policy is 
developed in the context of the broader goal of promoting the 
development of an advanced, interoperable, secure, information 
infrastructure.  
	In order to meet the privacy and security needs of the growing 
infrastructure, Congress should seek a set of public policies which 
promote the widespread availability of cryptographic systems according 
to the following criteria:

*	Use Voluntary Standards to Promote Innovation and Meet 
------------------------------------------------------------
      Diverse Needs: 
--------------------

The National Information Infrastructure stretches to 
encompass devices as diverse as super computers, handheld personal 
digital assistants and other wireless communications devices, and plain 
old telephones.  Communication will be carried over copper wires, fiber 
optic cables, and satellite links.  The users of the infrastructure will 
range from elementary school children to federal agencies.  Encryption 
standards must be allowed to develop flexibly to meet the wide-ranging 
needs all components of the NII.  In its IITF Report, the Administration 
finds that standards also must be compatible with the large installed 
base of communications technologies, and flexible and adaptable enough 
to meet user needs at affordable costs. [_AA_, 9]  The diverse uses of 
the NII require that any standard which the government seeks to promote 
as a broadly deployed solution should be implementable in software as 
well as hardware and based on widely available algorithms.

*	Develop Trusted Algorithms and End-to-End Security:  
---------------------------------------------------------

Assuring current and future users of the NII that their communications 
are 
secure and their privacy is protected is a critical task.  This means 
that the 
underlying algorithms adopted must have a high level of public trust and 
the overall systems put in place must be secure.

*	Encourage National and International Interoperability:  
------------------------------------------------------------

The promise of the NII is seamless national and international 
communications of all types.  Any cryptographic standard offered for 
widespread use must allow US corporations and individuals to function as 
part of the global economy and global communications infrastructure.

*	Seek Reasonable Cooperation with Law Enforcement and National      
-------------------------------------------------------------------
      Security Needs:  
---------------------

New technologies pose new challenges to law enforcement and national 
security surveillance activities.  American industry is committed to 
working with law enforcement to help meet its legitimate surveillance 
needs, but the development of the NII should not be stalled on this 
account.

*	Promote Constitutional Rights of Privacy and Adhere to Traditional 
------------------------------------------------------------------------
Fourth Amendment Search and Seizure Rules:  
------------------------------------------

New technology can either be a threat or an aid to protection of 
fundamental privacy rights.  Government policy should promote 
technologies which enable individuals to protect their privacy and be 
sure that those technologies are governed by laws which respect the 
long history of constitutional search and seizure restraints.

*	Maintain Civilian Control over Public Computer and 
--------------------------------------------------------
      Communications Security:  
------------------------------

In accordance with the Computer Security Act of 1987, development of 
security and privacy standards should be directed by the civilian

V.	Conclusion
----------------

	Among the most important roles that the federal government has in 
NII deployment are setting standards and guaranteeing privacy and 
security.  Without adequate security and privacy, the NII will never 
realize it economic or social potential.  Cryptography policy must, of 
course, take into account the needs of law enforcement and national 
security agencies, but cannot be driven by these concerns alone.  The 
Working Group, along with other industry and public interest 
organizations, is committed to working with the Administration to 
solving the privacy and security questions raised by the growing NII.  
This must be done based on the principles of voluntary standards, 
promotion of innovation, concern for law enforcement needs, and 
protection of constitutional rights of privacy.

          ***************





Thread