From: Ernest Hua <hua@chromatic.com>
To: cypherpunks@Algebra.COM
Message Hash: 1b736ab3a6a97243aa8597900a4a7f8a7863b0dcf91cd586c3e24e3a5a140948
Message ID: <199709192116.OAA03098@ohio.chromatic.com>
Reply To: N/A
UTC Datetime: 1997-09-19 21:23:47 UTC
Raw Date: Sat, 20 Sep 1997 05:23:47 +0800
From: Ernest Hua <hua@chromatic.com>
Date: Sat, 20 Sep 1997 05:23:47 +0800
To: cypherpunks@Algebra.COM
Subject: key escrow arguments (fwd)
Message-ID: <199709192116.OAA03098@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain
This is a very well-written article, so I am forwarding this to
cypherpunks@algebra.com and cryptography@c2.net so everyone can see
it. Apologies in advance to those seeing double or triple copying due
to the forwards.
Ern
From: "David W. Crawford" <dc@panix.com>
Subject: key escrow arguments (fwd)
Forwarded message:
From rre-request@weber.ucsd.edu Thu Sep 18 23:31:28 1997
Date: Thu, 18 Sep 1997 17:39:21 -0700 (PDT)
From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: key escrow arguments
Date: Thu, 18 Sep 1997 13:08:56 -0400
From: Andrew Grosso <agrosso@ACCESS.DIGEX.NET>
[Published last year in the Federal Bar Journal.]
THE LAW ENFORCEMENT ARGUMENT FOR MANDATORY
KEY ESCROW ENCRYPTION: THE "DANK" CASE
REVISITED
by Andrew Grosso
(This article is a revised version of a talk given by the
author at the 1996 RSA Data Security Conference, held in San
Francisco, California. Mr. Grosso is a former federal prosecutor
who now has his own law practice in Washington, D.C. His e-mail
address is agrosso@acm.org.)
I would like to start by telling a war story. Some years ago,
while I was an Assistant U.S. Attorney, I was asked to try a case
which had been indicted by one of my colleagues. For reasons
which will become clear, I refer to this case as "the Dank case."
The defendant was charged with carrying a shotgun. This
might not seem so serious, but the defendant had a prior record. In
fact, he had six prior convictions, three of which were considered
violent felonies. Because of that, this defendant was facing a
mandatory fifteen years imprisonment, without parole. Clearly, he
needed an explanation for why he was found in a park at night
carrying a shotgun. He came up with one.
The defendant claimed that another person, called "Dank,"
forced him to carry the gun. "Dank," it seems, came up to him in
the park, put the shotgun in his hands, and then pulled out a
handgun and put the handgun to the defendant's head. "Dank" then
forced the defendant to walk from one end of the park to other,
carrying this shotgun. When the police showed up, "Dank" ran
away, leaving the defendant holding the bag, or, in this case, the
shotgun.
The jurors chose not to believe the defendant's story,
although they spent more time considering it than I would like to
admit. After the trial, the defendant's story became known in my
office as "the Dank defense." As for myself, I referred to it as "the
devil made me do it."
I tell you this story because it reminds me of the federal
government's efforts to justify domestic control of encryption.
Instead, of "Dank," it has become, "drug dealers made me do it;"
or "terrorists made me do it;" or "crypto anarchists made me do it."
There is as much of a rationale basis behind these claims as there
was behind my defendant's story of "Dank." Let us examine some
of the arguments the government has advanced.
It is said that wiretapping is indispensable to law
enforcement. This is not the case. Many complex and difficult
criminal investigations have been successfully concluded, and
successfully argued to a jury, where no audio tapes existed of the
defendants incriminating themselves. Of those significant cases,
cited by the government, where audio tapes have proved
invaluable, such as in the John Gotti trial, the tapes have been
made through means of electronic surveillance other than wire
tapping, for example, through the use of consensual monitoring or
room bugs. The unfetted use of domestic encryption could have no
effect on such surveillance.
It is also said that wiretapping is necessary to prevent
crimes. This, also, is not the case. In order to obtain a court order
for a wire tap, the government must first possess probable cause
that a crime is being planned or is in progress. If the government
has such probable cause concerning a crime yet in the planning
stages, and has sufficient detail about the plan to tap an individual's
telephone, then the government almost always has enough
probable cause to prevent the crime from being committed. The
advantage which the government gains by use of a wiretap is the
chance to obtain additional evidence which can later be used to
convict the conspirators or perpetrators. Although such convictions
are desirable, they must not be confused with the ability to prevent
the crime.
The value of mandating key escrow encryption is further
eroded by the availability of super encryption, that is, using an
additional encryption where the key is not available to the
government. True, the government's mandate would make such
additional encryption illegal; however the deterrence effect of such
legislation is dubious at best. An individual planning a terrorist
act, or engaging in significant drug importation, will be little
deterred by prohibitions on the means for encoding his telephone
conversations. The result is that significant crimes will not be
affected or discouraged.
In a similar vein, the most recent estimates of the national
cost for implementing the Digital Telephony law, which requires
that commercial telecommunications companies wiretap our
nation's communications network for the government's benefit, is
approximately three billion dollars. Three billion dollars will buy
an enormous number of police man hours, officer training, and
crime fighting equipment. It is difficult to see that this amount of
money, by being spent on wire tapping the nation, is being spent
most advantageously with regard to law enforcement's needs.
Finally, the extent of the federal government's ability to
legislate in this area is limited. Legislation for the domestic
control of encryption must be based upon the commerce clause of
the U.S. Constitution. That clause would not prohibit an individual
in, say, the state of California from purchasing an encryption
package manufactured in California, and using that package to
encode data on the hard drive of his computer, also located in
California. It is highly questionable whether the commerce clause
would prohibit the in-state use of an encryption package which had
been obtained from out of state, where all the encryption in done
in-state and the encrypted data is maintained in- state. Such being
the case, the value of domestic control of encryption to law
enforcement is doubtful.
Now let us turn to the disadvantages of domestic control of
encryption. Intentionally or not, such control would shift the
balance which exists between the individual and the state. The
individual would no longer be free to conduct his personal life, or
his business, free from the risk that the government may be
watching every move. More to the point, the individual would be
told that he would no longer be allowed to even try to conduct his
life in such a manner. Under our constitution, it has never been the
case that the state had the right to obtain evidence in a criminal
investigation. Rather, under our constitution, the state was given
the right to attempt to obtain such evidence. The distinction is
crucial: it is the difference between the operation of a free society,
and the operation of a totalitarian state.
Our constitution is based upon the concept of ordered
liberty. That is, there is a balance between law and order, on the
one hand, and the liberty of the individual on the other. This is
clearly seen in our country's bill of rights, and the constitutional
protections afforded our accused: evidence improperly obtained is
suppressed; there is a ban on the use of involuntary custodial
interrogation, including torture, and any questioning of the accused
without a lawyer; we require unanimous verdicts for convictions;
and double jeopardy and bills of attainder are prohibited. In other
words, our system of government expressly tolerates a certain level
of crime and disorder in order to preserve liberty and individuality.
It is difficult to conceive that the same constitution which is
prepared to let a guilty man go free, rather than admit an illegally
seized murder weapon into evidence at trial, can be interpreted to
permit whole scale, nationwide, mandatory surveillance of our
nation's telecommunications system for law enforcement purposes.
It is impossible that the philosophy upon which our system of
government was founded could ever be construed to accept such a
regime.
I began this talk with a war story, and I would like to end it
with another war story. While a law student, I had the opportunity
to study in London for a year. While there, I took one week, and
spent it touring the old Soviet Union. The official Soviet tour
guide I was assigned was an intelligent woman. As a former
Olympic athlete, she had been permitted in the 1960's to travel to
England to compete in international tennis matches. At one point
in my tour, she asked me why I was studying in London. I told her
that I wanted to learn what it was like to live outside of my own
country, so I chose to study in a country where I would have little
trouble with the language. I noticed a strange expression on her
face as I said this. It was not until my tour was over and I looked
back on that conversation that I realized why my answer had
resulted in her having that strange look. What I had said to her was
that I had chosen to go to overseas to study; further, I had said that
I had chosen where to go. That I could make such decisions was a
right which she and the fellow citizens did not have. Yes, she had
visited England, but it was because her government chose her to
go, and it was her government which decided where she should go.
In her country, at that time, her people had order, but they had no
liberty.
In our country, the domestic control of encryption
represents a shift in the balance of our liberties. It is a shift not
envisioned by our constitution. If ever to be taken, it must be
based upon a better defense than what "Dank," or law enforcement,
can provide.
end
Return to September 1997
Return to “Ernest Hua <hua@chromatic.com>”
1997-09-19 (Sat, 20 Sep 1997 05:23:47 +0800) - key escrow arguments (fwd) - Ernest Hua <hua@chromatic.com>