From: John Gilmore <gnu@toad.com>
To: cypherpunks
Message Hash: 1d2a2c45a4c0a85f90df4daab787d1010e446c6ce5fa1e066e0fde67b0fc1c49
Message ID: <9508020134.AA07797@toad.com>
Reply To: N/A
UTC Datetime: 1995-08-02 01:34:35 UTC
Raw Date: Tue, 1 Aug 95 18:34:35 PDT
From: John Gilmore <gnu@toad.com>
Date: Tue, 1 Aug 95 18:34:35 PDT
To: cypherpunks
Subject: NRC Panel, Law Enforcement questions
Message-ID: <9508020134.AA07797@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
To: gnu, crypto@nas.edu (Herb Lin)
Date: Tue, 01 Aug 1995 18:07:59 -0700
From: John Gilmore <gnu@toad.com>
This is more organized. Let me know if you want any more work done on it.
John Gilmore
for the Cypherpunks
POLITICAL PROCESS
It appears that law enforcement bureaucrats (such as Mr. Freeh) are
seizing on irrelevant publicity in order to push their agendas. An
example is in using the Oklahoma bombing to lobby Congress for the
authority to limit the use of encryption (encryption played no part in
the Oklahoma bombing). This makes the FBI/DoJ position look like it
can't actually support itself on the facts. If the facts would
support you, why use irrelevant publicity INSTEAD of real facts?
Why does the FBI refuse to reveal its political manipulations on this issue
to the public?
Agent Kallstrom asked rhetorically at the Clipper debate held at the
New York City Bar Association if the audiance would want key escrow if
a daughter of theirs had been kidnapped to make a snuff pornographic
film. Official Bureau records indicate that such films are at the
very least extremely rare and probably nonexistant. Why do Bureau
spokesmen use graphic description of non-existant crimes as a way of
whipping up public sentiment for key escrow? Is it the opinion of the
bureau that Clipper would be of use in most kidnapping cases, given
that probable cause to issue a wiretap warrant would probably also be
sufficient to get a warrant to search the premises of the perpetrators
for the victim? Does the Bureau feel that Agent Kallstrom's comment
was an appropriate way to conduct a reasoned discussion?
Give a precis of the top fifty violations of civil rights or the
political process by the FBI since 1950. Rank them by magnitude of
the intrusion and by the number of people directly affected. For
example, the FBI campaign against the Free Speech Movement's right to
speak and petition the government; the McCarthy era; the campaign
against CISPES; COINTELPRO; against civil rights organizations;
political assassination (e.g., Fred Hampton).
How did Mr. Hoover stay in power for his 40-year reign? Be specific
about the threats that might have removed him from absolute leadership
of the FBI, and what steps he took to counteract these threats.
Detail all political figures, including everyone ever elected to
Congress, every President, every Cabinet-level officer, and every
judge at all levels, who have been subjected to wiretaps or any other
kind of covert surveillance by the FBI or any other agency in the
Executive Branch. Estimate how many records of such surveillance have
been destroyed.
Detail all cases in which political figures were pressured,
threatened, blackmailed, or simply "informed" or "implied to" about
their covert surveillance. What prompted these actions against
political figures, and what results did they have?
Why should we trust the FBI to "not listen in" when it has the
technical capability to do so, a history of having done so for reasons
inimical to democratic governance, and a bureacratic appetite for
power, money, and control?
What five things about your agency would the American public be most
surprised to learn? Most pleased? Most displeased? What five things
about your agency would Congress be most surprised to learn? The
President?
Do the domestic LEAs (law enforcement agencies), or their agents,
monitor the various crypto/net security and TLA forums on the Net? If
so, which and by what legal authority?
Do LEAs, or their agents, log the names of posters to the crypto/net
security and TLA forums? If so, by what legal authority?
Do LEAs, or their agents, monitor non-governmental crypto/net security
wizards? If so, who and by what legal authority?
Do LEAs use crypto/net security industry informers? Names?
Do LEAs run stings in crypto/net security, among crypto/net security
zines, orgs, corps, manufacturers? Targets, names, dates, locations?
Do LEAs have confidential crypto/net security-access agreements with
software and hardware corps. Names?
Do LEAs run agents-provocateurs in crypto/net security? Names,
locations?
Do LEAs, or their agents, sniff the Net for crypto -- periodically,
continually? How, where, who?
Do LEAs, or their agents, sniff remailers? Which?
Do LEAs, or their agents, run remailers? Which?
Does Federal policy allow law enforcement agents to purport to run an
anonymous remailer, e.g. as part of a sting operation?
LAW ENFORCEMENT POLICY
As the FBI sees it, describe the proper place and powers of a national
law enforcement organization in an open society, without regard to
today's laws, court decisions, or the Constitution. If we were
forming a new country, and could make it up as we went along, what
national law enforcment structure and powers would contribute the most
to our society?
Rank in order of priority, according to agency policy:
-- National security
-- Threats to a specific group or individual
-- Constitutional rights of citizens
-- Statutory rights of citizens
-- Statutory limits on the activities of agencies
-- Constitutional limits on the powers of government
-- Democratic oversight and accountability
-- Budgetary considerations
-- Maintaining secrecy
-- Prosecution of a criminal
-- Preventing a crime
-- Prosecuting or impeding a criminal organization
-- Exposure of corruption within government
-- Exposure of corruption within private industry
-- ... ?
In what order would your agency sacrifice each of these to pursue or
preserve another? Give examples from actual cases wherever possible.
Does the FBI five-year FOIA backlog render it a secret national police
organization? How can a law enforcement organization be answerable to
its citizens if they cannot determine what it is doing until five years
later?
How does a law enforcement organization such as the FBI justify
breaking the law itself, by systematically withholding non-exempt
documents requested by citizens under the FOIA?
What effect have anti-drug efforts over the last 30 years had upon the
traditional roles of intelligence and law enforcement?
To what extent is drug trafficking considered of interest to intelligence
organizations? Why? Be specific.
Wiretaps can be used by the police to obtain both evidence and
intelligence. By "evidence" I'm referring to information which can be
presented in a courtroom. By "intelligence" I mean information which
is not presented in the courtroom, but which might be helpful to law
enforcement in other ways. As citizens, our main protection against
illegal wiretaps is our ability to have improperly acquired evidence
thrown out of court. What protection do we have from other illegal
wiretaps -- surveillance designed to gather intelligence, not
evidence? Who oversees the police and the FBI to make sure that they
follow the rules? How do we know that law enforcement people don't
use illegal wiretaps to go "fishing"?
What is the relationship between the FBI's campaign to limit or
eliminate the exclusionary rule and its campaign to increase its
technical capabilities for wiretapping? It seems that the combination
of these initiatives would result in the FBI being able to perform and
`get away with' massive intrusions into personal privacy, for
illegitimate reasons, even if they were later judged to be in
violation of law or the constitution.
What is the FBI's opinion on the optimal level (from their point of
view) of wiretapping/surveilance if money were no object? How many
wiretaps would the Bureau execute per year if it could do exactly
as it desired, without budgetary or court-imposed restraints?
What trends does the government foresee in the expected cost of
wiretaps in the future?
Does the DoJ expect that the number of wiretaps and electronic
surveillances will go up if the cost (currently high) goes down?
What do the FBI and its ilk know about using tracking technologies
such as video cameras, road pricing sensors, and other alternatives to
conventional electronic surveillance?
What do the FBI and its ilk know about the use of mechanical aids to
wiretaps (such as voice recognition technology for keywords;
voiceprint recoginition to ID wanted suspects)?
Has your agency ever exchanged intelligence with governments of other
countries? Specify.
Has your agency ever exchanged technology with governments of other
countries? Specify.
Has your agency ever given non-public technology to a private corporation?
Specify. How are the beneficiaries of such gifts selected?
How frequently has your agency provided non-public information to
private organizations (such as corporations)? How frequently have you
refused to do so? Who, when, where and why? Does your agency expect
to serve private clients in the foreseeable future, either directly or
indirectly? How is policy formed on this issue? How are
beneficiaries selected?
The burgeoning of privatization of domestic "intelligence"-gathering
has blossomed as LEAs activities have been diminished and as foreign
targets for TLAs have been reduced. As the need for their services
have dropped, ex-TLA-employees have moved to security, investigative
and "anti-terrorist" firms and public service organizations. Knoll
Associates, Wackenhut, Kissinger Associates, say, or the welter of
organizations and firms in the tri-coastal, Great Lakes and DC-beltway
regions, often benefit from continuing close contact with former
colleagues who remain active in TLAs. TLAs could easily pass
prohibited current intelligence to the domestic private market,
paralleling their use of front organizations internationally. Today,
information on militia groups is being provided by private
organizations, sometimes in the same forum as the officials who cannot
admit to surveilling those targeted groups. E.g. the Charlie Rose
Show from April, 1995, featuring James Fox (former NYC FBI SAIC).
Also, a NY Times piece on April 24, 1995 gives capsule descriptions of
several "right wing movement" sites and groups, and credits the
material to a mix of private and public organizations. The
intelligence-gathering, tracking and surveilling of dissident groups,
of all persuasions, by private means -- for profit, for ideological or
for humanitarian reasons -- is a provocative, perhaps civil
liberties-threatening, development, a heritage of the national
security culture, wherein a large number of very able people and
techniques and knowledge and equipment and organization, seem to be
shifting inexorably to new markets of ready, frightened consumers. As
your agency campaigns for more intrusive surveillance technology and
methods, what impact on society do you foresee as the people who know
these technologies and methods move into the private sector, where
there are fewer rules and easier ways to avoid being caught?
CIVIL RIGHTS
Does the FBI believe that citizens have the right to use whatever
encryption system(s) they desire to use?
Does the FBI believe that the FBI has the right to use whatever
encryption system(s) it desires to use?
Does the FBI believe that private citizens who have special needs or
duties to protect confidential or privileged information -- e.g.,
lawyers, doctors, psychologists, accountants, financial advisors,
bankers, security advisors -- have the right to use whatever
encryption system(s) they desire to use for their own legal, ethical,
or business reasons?
Does the FBI believe that ordinary private citizens who do not belong
to a privileged class have less of a right to use whatever encryption
system(s) they desire to use than do lawyers, doctors, accountants,
financial advisors, bankers, or security advisors?
Does the FBI believe that members of non-mainstream religious groups
or "cults" have the right to use whatever encryption system(s) they
desire to use in transmitting their religious or political beliefs?
Does the FBI believe that individuals who believe strongly in their
rights under the First and Second Amendments to the Constitution have
the right to use whatever encryption system(s) they desire to use?
If wiretap or surveillance is really illegal, then the info gleaned is
likely tainted. The problem isn't that the rules don't prohibit agencies
from doing it. The problem is that there isn't an effective mechanism
to detect cheating. Suppose the FBI puts an illegal wiretap on
someone, and finds out that they're going to commit a crime. When the
crime takes place, they're on the scene. How did they know? "An
anonymous tip", or simply that the officer happened to be there. How
can you prove it was something different? An illegal wiretap could be
used to get hints on where admissible evidence can be `independently'
gathered. Or what if they don't find evidence of a crime, and they
leave the guy alone? His privacy's been violated illegally. I once
spoke with someone from INS who told me that random surveillance on
certain people is done. He told me that there are lists of people who
get "dropped in on" from time to time, mostly people have had some
sort of drug problems with the police. Other people might get on the
list by being friends with someone already on the list, with
"friendship" being determined by telco records. So if you call
someone on the list often, you might end up there yourself. How
should we protect society against LEA `cheating' in a
clipper/digital-telephony world?
I worked for several years lobbying at INS and DOJ on business
immigration issues, and INS is hardly the bastion of proper police
procedures... Not to mention the fact that aliens have fewer rights
than citizens of the US. INS gets away with a lot of illegal stuff
because on the whole the alien won't litigate the circumstances of
their being caught, because they're too busy fighting the deportation
itself... that is if they even bother to hire an atty. Aliens in
exclusion proceedings don't even have the right to counsel and in both
exclusion and deportation the burden of proof lies not with the
prosecution, but the defense (guilty until proven innocent). For
example, the first thing an alien gets in the deportation process is
the OSC, the Order to Show Cause why they shouldn't be
deported...which presumes that they're deportable. INS gets away with
a lot of crap because there are several legal limbo zones at play.
How can we protect aliens and suspected aliens' civil rights if law
enforcement agencies are given broader powers to make illegal
searches?
In drug cases there is massive and flagrant fabrication of informants.
Judges have been winking at this for some time. If they need an
"informant" they will pull some petty crook out of stir, and tell him
if he reads his lines right, they will let him go. Sometimes the same
"informant" turns up in case after case, even though the cases have no
connection with each other. Are these fabricated informants to cover
up illegal wiretaps? Or is it 100% fabrication, such as cases where
someone is merely suspected rather than known (on the basis of
illegally obtained evidence) to have committed a crime? How can this
be avoided if we give increased wiretapping powers?
The ACLU won a court case which forced the LAPD to stop political
surveillance of civilians. This surveillance had been going on for
decades, it simply came out in the 80s. The book "The Squad," by
Michael Milan, 1989 covers it. Much of the material has also been
covered by Dave Emory in his radio broadcasts. There's also a book
called something like "LA Secret Police" or "Los Angeles Secret
Police". A newspaper article stated that, just before they were
required to destroy the files, the LAPD intelligence unit had given
copies of all the files to an ex-cop who now ran a private right wing
intelligence clearing house. He put them all in a database and made
them available to other groups like the B'nai Brith. That cop was
hunted down, and either was extradited or self-surrendered for trial.
The San Francisco Chronicle covered it pretty well. This was "Western
Goals." The Association of Chiefs of Police moved *its* files
offshore a few years back to avoid U.S. laws about such police data
bases. If LEAs are given more power to invisibly search citizens,
legally or illegally, how would you prevent the information obtained
by ILLEGAL searches from being retained or passed into private hands?
Is caller ID blocking (*67) effective when calling the police? Or can
the police determine the calling phone, location, or identity anyway?
On the other hand, in some states police have lobbied for the power to
provide fake Caller-ID on calls _from_ the PD. They claimed it was
necessary to handle undercover investigations. Why should police agencies
be given the power of anonymity when ordinary citizens cannot be trusted
with it?
MOTIVATION FOR ENCRYPTION CONTROL
Why does the FBI *really* want to control encryption? It clearly has
nothing to do with terrorism. The palpable fear among the citizens is
that it has a lot to do with social control, enforcement of narrow
morality, decreased civil rights, increased federal agency authority
and budget, and authoritarianism.
Why is the FBI so upset about encryption? What real-world events have
caused this upset? Or is it a case of "we think it's coming so we are
starting the political machinations now"?
HISTORY - WIRETAPS AND ENCRYPTION
If a legal wiretap encounters encrypted communications, detail what
steps are taken to try to decrypt the communications.
Provide the details of all wiretap orders in which encryption was
encountered. In which of them was encryption a problem for law
enforcement? In what percentage of wiretap orders is encryption
encountered at all?
Detail all court cases in which encryption has made it harder to get a
conviction (or in which the accused was not convicted). What percentage
of total court cases do these represent?
Detail all investigations in which encryption has made it harder to file
charges (or in which charges were never filed). What percentage of total
investigations do these represent?
Detail all illegal wiretaps known to your agency. [This question
should be asked of the telephone companies, too -- right at the
company-president level. Recall the way in which telegrams were
handed over to the NSA for *years* on the orders of the heads of the
telegraph companies...]
Summarize all wiretaps under the Foreign Intelligence Surveillance Act.
How many, in what years, against what targets? How many are fixed
permanent wiretaps (e.g. on the lines into an embassy), and how many
are temporary (e.g. against a suspected undercover foreign agent's
residence or office)? How many US citizens have been wiretapped
under FISA, for what length of time, and for what reasons?
I heard a rumor that the FISA court actually turned down a wiretap
request. Provide full details.
Detail all wiretaps known to your agency which were authorized by
means OTHER THAN the FISA and which do not appear in the annually
reported wiretap statistics. I.e. who else has authorized the
placement of wiretaps, and for what purpose?
Are the alleged crimes for which encryption poses a law-enforcement
challenge victimless crimes, in which all parties to the alleged crime
were happy with the situation before the Law stepped in? To what
extent does encryption pose a problem in settling real controversies
as opposed to government-mandated moral codes?
Has the FBI ever done a wiretap that encountered a Clipper chip?
Give details of what happened, if so.
Provide the details of all wiretap orders in which encryption was used
but law enforcement was able to do its work anyway.
Detail all investigations in which encryption was used but charges were
filed anyway.
Detail all court cases in which encryption was used but the accused
_was_ convicted, or in which conviction failed for reasons other than
encryption.
During the Digital Telephony bill debate, the Administration stated or
alluded that one reason the FBI needs total control of wiretapping is
the unreliability of telephone company personnel. (I.e. -- "if we tap
Jimmy Big-Tuna Vinchenzo at the CO, his spies will tip him off..").
Provide specifics on exactly how many legal taps have been "blown" by
actions of telephone company employees. Cite specifics on these
cases. Name telephone company folks charged with obstruction of
justice in these cases. {Talk is cheap; but to charge someone, they
need SOME hard facts...}
How many subpoenas for telephone billing records are made by Federal
law enforcement agencies each month? Under what circumstances do LEAs
order the production of this information? Give statistics on the
motivations for why these private records are being produced, e.g.
"50% fishing expedition, 22% the subject is in custody for a crime
(break down by which crimes), 5% the subject is suspected of a crime
(break down), 10% the subject is not suspected of a crime but there
may be evidence of someone else's crime in their phone records".
Describe other tools & technologies available to criminal
organizations that pose LE problems of similar magnitude to the
perceived problems with cryptography. Describe how the FBI plans to
control & restrict those tools & technologies.
Describe tools & technologies available to criminal organizations that
do not pose significant LE problems.
FBI/NSA INTERACTIONS
Detail all interactions between the FBI and the NSA, two organizations
that in the ordinary course of business would have very litle to say to
each other.
In what ways have the FBI and NSA attempted to manipulate public
policy to increase their joint power?
Detail in what ways have the FBI and NSA cooperated in doing the
actual work of either agency (FBI: apprehending and prosecuting
criminals; NSA: intercepting foreign communications of diplomatic and
military interest)?
Detail in what ways the FBI and NSA have cooperated, which have not
been directly related to the direct job of each agency (as specified
above)?
It has been documented (by Bamford and others) that through the early 1980s,
the NSA intercepted domestic long-distance telephone traffic by means of
simple dishes, mounted alongside legitimate telephone-company microwave
receivers. Now that most such long-distance links have been converted to
fiber-optics, is the NSA still able to intercept this traffic? How?
How is the NSA affected by the passage of the Digital Telephony bill? Did
the NSA play any role in the progress of this bill? Will the expected
modifications to the telephone system have any uses to the NSA? How?
BUDGET
What's the five-year -- 1995-2000 -- budget for all
crypto/net security ops?
LAW ENFORCEMENT SOURCES AND MONITORING
What are your agency's sources of information? Which of these are
considered the most important, and for what reasons and purposes?
What is the current type and extent of your agency's monitoring of the
Internet? What is the type and extent of your agency's monitoring of
other public communications media (i.e. radio, newspapers, etc.), both
here and abroad? What sorts of intelligence come from these channels?
How will your agency's methods be changed by the advent of the GII?
How might your agency's mission be changed by the advent of the GII?
If strong encryption comes into widespread use within the U.S., which
of your sources would be compromised? How much? If strong encryption
is banned or controlled within the U.S., what new information would
become available? What communications would remain unmonitorable?
Why? Speculate out to five or ten years.
Science Fiction author Vernor Vinge once wrote, "Sufficiently advanced
communication is indistinguishable from noise." Is this true? How and to
what extent can encrypted communications be reliably distinguished from
other types of information or noise, both today and in the future?
What are the special challenges involved in compromising a key-escrowed
encryption system? Has the NSA or any other intelligence agency, in the
U.S. or abroad, ever gone up against a key-escrowed system, or a system which
presented similar challenges and vulnerabilities? With what results? If
you were ordered to crack a clipper-like system, how would you proceed?
GOVERNMENT'S OWN USE OF ENCRYPTION
Are your agency's internal communications encrypted? Are your agency's
communications with other agencies of the U.S. Government? Other
governments? Are these communications susceptible to subpoena? How?
Are any of the internal communications of the U.S. Government encrypted?
Which, and using what methods? Does your agency have the ability to monitor
or decipher these communications? Does anyone? What information can your
agency access concerning members of the U.S. Government? How has this
information been used? How is it protected?
INTELLIGENCE POLICY
What is the strategic, tactical, economic or competitive value of
intelligence? How is this value quantified and assessed? I have been
told that a battlefield commander may profitably expend up to 75% of
his resources on the acquisition of data about an enemy. How much of
a corporation's resources, for example, would be well spent on the
acquisition of various sorts of intelligence about potential
competitors and/or customers? How much of a political candidate's
resources would be well spent on acquiring data about opposing
candidates and other organizations? In the coming "information age",
how much of our society's total economic activity might we expect to
become devoted to snooping in general?
What is your agency's assessment of the surveillance and
crypto-analytic capabilities available to large corporations, both
inside and outside the U.S.? What level of intelligence-gathering and
analysis capabilities might a large company be reasonably expected to
be able to acquire if competitive pressures were to dictate a strong
effort in that direction?
What are the most powerful possible uses of intelligence, past,
present and future? What sorts of research has your agency done, or
is it currently doing, concerning possible future uses for
intelligence information? Does your agency employ any psychologists?
Sociologists? For what purposes?
THE FINAL QUESTION
What questions *should* we have asked you to recommend a good crypto
policy for the country?
Return to August 1995
Return to “John Gilmore <gnu@toad.com>”