3 Needs for Access to Encrypted Information
Information protected for confidentiality (i.e., encrypted information) is stored or communicated for later use by certain parties with the authorization of the original protector. However, it may happen for various legitimate and lawfully authorized reasons that other parties may need to recover this information as well. This chapter discusses needs for access to encrypted information under exceptional circumstances for legitimate and lawfully authorized purposes from the perspectives of businesses, individuals, law enforcement, and national security. Businesses and individuals may want access to encrypted data or communications for their own purposes and thus may cooperate in using products to facilitate such access, while law enforcement and national security authorities may want access to the encrypted data or communications of criminals and parties hostile to the United States.
It is useful to conceptualize data communications and data storage using the language of transactions. For example, one individual may telephone another; the participants in the transaction are usually referred to as the calling party and the called party. Or, a person makes a purchase; the participants are called the buyer and seller. Or, a sender mails something to the recipient. Adopting this construct, consider communications in which the first party (Party A) sends a message and the second party (Party B) receives it. ''Party" does not necessarily imply a person; a
"party" can be a computer system, a communication system, a software process. In the case of data storage, Party A stores the data, while Party B retrieves it. Note that Party A and Party B can be the same party (as is the case when an individual stores a file for his or her own later use).
Under some circumstances, a third party may be authorized for access to data stored or being communicated. For example, law enforcement authorities may be granted legal authorization to obtain surreptitious access to a telephone conversation or a stored data file or record without the knowledge of Parties A or B. The employer of Party A may have the legal right to read all data files for which Party A is responsible or to monitor all communications in which Party A participates. Party A might inadvertently lose access to a data file and wish to recover that access.
In cases when the data involved is unencrypted, the procedures needed to obtain access can be as simple as identifying the relevant file name or as complex as seeking a court order for legal authorization. But when the data involved is encrypted, the procedures needed to obtain access will require the possession of certain critical pieces of information, such as the relevant cryptographic keys.
Third-party access has many twists and turns. When it is necessary for clarity of exposition or meaning, this report uses the phrase "exceptional access" to stress that the situation is not one that was included within the intended bounds of the original transaction, but is an unusual subsequent event. Exceptional access refers to situations in which an authorized party needs and can obtain the plaintext of encrypted data (for storage or communications). The word "exceptional" is used in contrast to the word ''routine" and connotes something unusual about the circumstances under which access is required.
Exceptional access can be divided into three generic categories:
• Government exceptional access refers to the case in which government has a need for access to information under specific circumstances authorized by law. For example, a person might store data files that law enforcement authorities need to prosecute or investigate a crime. Alternatively, two people may be communicating with each other in the planning or commission of a serious crime. Government exceptional access thus refers to the government's need to obtain the relevant information under circumstances authorized by law, and requires a court order (for access to voice or data communications) or a subpoena or search warrant (for access to stored records). Government exceptional access is the focus of Section 3.2. The related signals intelligence need is discussed in Section 3.3.
• Employer (or corporate) exceptional access refers to the case in which
an employer (i.e., the corporate employer) has the legal right to access to information encrypted by an employee. If an employee who has encrypted a file is indisposed on a certain day, for example, the company may need exceptional access to the contents of the file. Alternatively, an employee may engage in communications whose content the company may have a legitimate need to know (e.g., the employee may be leaking proprietary information). Employer exceptional access would then refer to the company's requirement to obtain the key necessary to obtain the contents of the file or communications, and may require the intervention of another institutional entity. Employer or corporate exceptional access is the focus of Section 3.5.
•· End-user exceptional access refers to the case in which the parties primarily intended to have access to plaintext have lost the means to obtain such access. For example, a single user may have stored a file for later retrieval, but encrypted it to ensure that no other party would have access to it while it was in storage. However, the user might also lose or forget the key used to encrypt that file. End-user exceptional access refers to such a user's requirement to obtain the proper key, and may require that the individual who has lost a key prove his identify to a party holding the backup key and verify his authorization to obtain a duplicate copy of his key. End-user exceptional access is also discussed in Section 3.5.
The need for exceptional access when the information stored or communicated is encrypted has led to an examination of a concept generically known as escrowed encryption (the subject of Chapter 5), which, loosely speaking, uses agents other than the parties participating in the communication or data storage to hold copies of or otherwise have access to relevant cryptographic keys "in escrow" so that needs for end-user, corporate, and government exceptional access can be met; these agents are called escrow agents.
3.2 LAW ENFORCEMENT: INVESTIGATION AND PROSECUTION
Obtaining information (both evidence and intelligence) has always been a central element in the conduct of law enforcement investigations and prosecutions. Accordingly, criminals have always wished to protect the information relevant to their activities from law enforcement authorities.
3.2.1 The Value of Access to Information for Law Enforcement
Many criminals keep records related to their activities; such records can be critical to the investigation and prosecution of criminal activity.
• The El Rukn Gang in Chicago, acting as a surrogate for the Libyan government and in support of terrorism, planned to shoot down a commercial airliner within the United States using a stolen military weapon. This act of terrorism was prevented through the use of telephone wiretaps.
• The 1988 "Ill Wind" public corruption and Defense Department fraud investigation relied heavily on court-ordered telephone wiretaps. To date, this investigation has resulted in the conviction of 65 individuals and more than a quarter of a billion dollars in fines, restitutions, and recoveries.
• Numerous drug trafficking and money laundering investigations, such as the "Polar Cap" and "Pizza Connection" cases, utilized extensive telephone wiretaps in the successful prosecution of large-scale national and international drug trafficking organizations. "Polar Cap" resulted in the arrest of 33 subjects and the recovery of $50 million in assets seized. Additionally, in a 1992 Miami raid, which directly resulted from wiretaps, agents confiscated 15,000 pounds of cocaine and arrested 22 subjects.
• The investigation of convicted spy Aldrich Ames relied heavily on wiretaps ordered under Foreign Intelligence Surveillance Act authority.
• In a 1990 "Sexual Exploitation of Children'' investigation, the FBI relied heavily on wiretaps to prevent violent individuals from abducting, torturing, and murdering a child in order to make a "snuff murder" film.
SOURCE: Federal Bureau of Investigation.
For example, criminals engaged in white-collar crimes such as fraud often leave paper trails that detail fraudulent activities; drug dealers often keep accounting records of clients, drop-offs, supplies, and income. Reconstruction of these paper trails is often a critical element in building a case against these individuals. The search-and-seizure authority of law enforcement to obtain paper records is used in a large fraction of criminal cases.
As for communications, law enforcement officials believe that wiretapping is a crucial source of information that could not be obtained in any other way or obtained only at high risk (Box 3.1). For example, the Federal Bureau of Investigation (FBI) has testified that
[w]ithout law enforcement's ability to effectively execute court orders for electronic surveillance, the country would be unable to protect itself against foreign threats, terrorism, espionage, violent crime, drug trafficking, kidnapping, and other crimes. We may be unable to intercept a terrorist before he sets off a devastating bomb; unable to thwart a for-
eign spy before he can steal secrets that endanger the entire country; and unable to arrest drug traffickers smuggling in huge amounts of drugs that will cause widespread violence and death. Court-approved electronic surveillance is of immense value, and often is the only way to prevent or solve the most serious crimes facing today's society.1
Criminals often discuss their past criminal activity and plans for future criminal activity with other parties. Obtaining "inside information" on such activities is often a central element of building a case against the perpetrators. A defendant who describes in his own words how he committed a crime or the extent to which he was involved in it gives prosecutors a powerful weapon that juries tend to perceive as fair.2
Other methods of obtaining "inside information" have significant risks associated with them:
• Informants are often used to provide inside information. However, the credibility of informants is often challenged in court, either because the informants have shady records themselves or because they may have made a deal with prosecutors by agreeing to serve as informants in return for more lenient treatment.3By contrast, challenges to evidence obtained through wiretaps are based far more frequently on their admissibility in court rather than their intrinsic credibility. Informants may also be difficult to find when a criminal group is small in size.
• Surreptitiously planted listening devices are also used to obtain inside information. However, they generally obtain only one side of a conversation (use of a speaker-phone presents an exception). Further, since listening devices require the use of an agent to plant them, installation of such devices is both highly intrusive (arguably more so than wiretapping) for the subject of the device and risky for the planting agent. Requests for the use of such devices are subject to the same judicial oversight and review as wiretaps.
1Statement of James K. Kallstrom, Special Agent in Charge, Special Operations Division, New York Field Division, Federal Bureau of Investigation, on "Security Issues in Computers and Communications," before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology, U.S. House of Representatives, May 3,1994.
2 For example, see Edward Walsh, "Reynolds Guilty on All Counts," Washington Post, August 23, 1995, p. 1.
3See, for example, Sharon Walsh, "Whistle-Blower Quandary: Will Testimony Fly?," Washington Post, August 23, 1995, p. F3; Richard Perez-Pena, "An Informer's Double Life: Blows Come from 2 Sides," New York Times, October 15, 1995, p. 35; Joseph P. Fried, "Undermining a Bomb-Trial Witness," New York Times, April 9, 1995, p. 42; and Stephen Labaton, "The Price Can Be High for Talk That's Cheap," New York Times, Week in Review, April 2, 1995, p. 3.
This discussion is not intended to suggest that wiretaps are a perfect source of information and always useful to law enforcement. An important difficulty in using wiretaps is that context is often difficult for listeners to establish when they are monitoring a telephone conversation that assumes shared knowledge between the communicators.4
Because of the legal framework regulating wiretaps, and the fact that communications are by definition transient whereas records endure, wiretapping is used in far fewer criminal cases than is seizure of records. Although the potential problems of denying law enforcement access to communications has been the focus of most of the public debate, encryption of data files in a way that denies law enforcement authorities access to data files relevant to criminal activity arguably presents a much larger threat to their capabilities.
3.2.2 The Legal Framework Governing Surveillance
An evolving legal framework governs the authority of government authorities to undertake surveillance of communications that take place within the United States or that involve U.S. persons. Surveillance within the United States is authorized only for certain legislatively specified purposes: the enforcement of certain criminal statutes and the collection of foreign intelligence. A more extended description of this framework (with footnoted references) is contained in Appendix D.
Domestic Communications Surveillance for Domestic Law Enforcement Purposes
Communications surveillance can involve surveillance for traffic analysis and/or surveillance for content; these separate activities are governed by different laws and regulations. Traffic analysis, a technique that establishes patterns of connections and communications, is performed with the aid of pen registers that record the numbers dialed from a target telephone, and trap-and-trace devices that identify the numbers of telephones from which calls are placed to the target telephone. Orders for the
4 Indeed, in some instances, wiretap evidence has been used to exculpate defendants. See, for example, Peter Marks, "When the Best Defense Is the Prosecution's Own Tapes," New York Times, June 30, 1995, p. D20. According to Roger Shuy, professor of linguistics at Georgetown University, there are many difficulties in ascribing meaning to particular utterances that may be captured on tape recordings of conversations. See Roger Shuy, Language Crimes, Blackwell Publishers, Cambridge, Mass., 1993. Shuy's book is mostly focused on tapes made by "wires" carried by informants or "bugs" placed near a subject, but the basic principle is the same.
use of these devices may be requested by any federal attorney and granted by any federal district judge or magistrate, and are granted on a more or less pro forma basis.
Surveillance of communications for content for purposes of domestic law enforcement is governed by Title 18, U.S. Code, Sections 2510-2521, concerning "wire and electronic communications interceptions and interception of all communications," generally known as Title III. These sections of the U.S. Code govern the use of listening devices (usually known as "bugs"); wiretaps of communications involving human speech (called "oral communications" in Title III) carried over a wire or wire-like cable, including optical fiber; and other forms of electronically transmitted communication, including various forms of data, text, and video that may be communicated between or among people as well as computers or communications devices. Under Title III, only certain federal crimes may be investigated (e.g., murder, kidnapping, child molestation, racketeering, narcotics offenses) through the interception of oral communications. In addition, 37 states have passed laws that are similar to Title III, but they include such additional restrictions as allowing only a fixed number of interceptions per year (Connecticut) or only for drug-related crimes (California). State wiretaps account for the majority of wiretaps in the United States.
Surveillance of oral communications governed under Title III in general requires a court order (i.e., a warrant) granted at the discretion of a judge.5Because electronic surveillance of oral communications is both inherently intrusive and clandestine, the standards for granting a warrant for such surveillance are more stringent than those required by the Fourth Amendment. These additional requirements are specified in Title III and are enforced by criminal and civil penalties applicable to law enforcement officials or private citizens, and by a statutory exclusionary rule that violations of the central features of requirements may lead to suppression of evidence in a later trial, even if such evidence meets the relevant Fourth Amendment test.
Because of the resources required, the administrative requirements for the application procedure, and the legal requirement that investigators exhaust other means of obtaining information, wiretaps are not often used. Approximately 1,000 orders (both federal and state) are authorized yearly (a number small compared to the number of felonies investigated,
5Emergency intercepts may be performed without a warrant in certain circumstances, such as physical danger to a person or conspiracy against the national security. There has been "virtually no use" of the emergency provision, and its constitutionality has not been tested in court (Wayne R. LaFave and Jerold H. Israel, Criminal Procedure, West Publishing Company, St. Paul, Minn., 1992, p. 254).
even if such felonies are limited to those specified in Title III as eligible for investigation with wiretaps).6About 2,500 conversations are intercepted per order, and the total number of conversations intercepted is a very small fraction of the annual telephone traffic in the United States.
Surveillance of nonvoice communications, including fax and electronic communications, is also governed by Title III.7The standard for obtaining an intercept order for electronic communications is less stringent than that for intercepting voice communications. For example, any federal felony may be investigated through electronic interception. In addition, the statutory exclusionary rule of Title III for oral and wire communications does not apply to electronic communications.
Despite the legal framework outlined above, it is nevertheless possible that unauthorized or unlawful surveillance, whether undertaken by rogue law enforcement officials or overzealous private investigators, occurs. Concerns over such activity are often expressed by critics of the current Administration policy, and they focus on two scenarios:
• With current telephone technology, it is sometimes technically possible for individuals (e.g., private investigators, criminals, rogue law enforcement personnel) to undertake wiretaps on their own initiative (e.g., by placing alligator clips on the proper terminals in the telephone box of an apartment building). Such wiretaps would subject the personnel involved to Title III criminal penalties, but detection of such wiretaps might well be difficult. On the other hand, it is highly unlikely that such a person could obtain the cooperation of major telephone service providers without a valid warrant or court order, and so these wiretaps would have to be conducted relatively close to the target's telephone, and not in a telephone switching office.
• Information obtained through a wiretap in violation of Title III can
6Some analysts critical of the U.S. government position on wiretaps have suggested that the actual distribution of crimes investigated under Title III intercept or surveillance orders may be somewhat inconsistent with government claims of the high value of such orders. (See, for example, testimony of David B. Kopel, Cato Institute, "Hearings on Wiretapping and Other Terrorism Proposals," Committee on the Judiciary, U.S. Senate, May 24, 1995; also available on-line at http://www.cato.org/ct5-24-5.html.) For example, Table D.3 in Appendix D indicates that no cases involving arson, explosives, or weapons were investigated using Title III wiretaps in 1988. The majority of Title III orders have involved drug and gambling crimes.
7Note that when there is no reasonable expectation of privacy, law enforcement officials are not required to undertake any special procedure to monitor such communications. For example, a law enforcement official participating in an on-line "chat" group is not required to identify himself as such, nor must he obtain any special permission at all to monitor the traffic in question. However, as a matter of policy, the FBI does not systematically monitor electronic forums such as Internet relay chats.
be suppressed in court, but such evidence may still be useful in the course of an investigation. Specifically, such evidence may cue investigators regarding specific areas that would be particularly fruitful to investigate, and if the illegal wiretap is never discovered, a wiretap that provides no court-admissible evidence may still prove pivotal to an investigation.8(Even if it is discovered, different judges apply the doctrine of discarding "the fruit of the poisonous tree" with different amounts of rigor.)
The extent to which these and similar scenarios actually occur is hard to determine. Information provided by the FBI to the committee indicates a total of 187 incidents of various types (including indictments/complaints and convictions/pretrial diversions) involving charges of illegal electronic surveillance (whether subsequently confirmed or not) over the past 5 fiscal years (1990 through 1994).9
Domestic Communications Surveillance for Foreign Intelligence Purposes
The statute governing interception of electronic communications for purposes of protecting national security is known as the Foreign Intelligence Surveillance Act (FISA), which has been codified as Sections 1801 to 1811 in Title 18 of the U.S. Code. Passed in 1978, FISA was an attempt to balance Fourth Amendment rights against the constitutional responsibility of the executive branch to maintain national security. FISA is relevant only to communications occurring at least partly within the United States (wholly, in the case of radio communications), although listening stations used by investigating officers may be located elsewhere, and FISA surveillance may be performed only against foreign powers or their agents. Interception of communications, when the communications occur entirely outside the United States, whether or not the participants include U.S. persons, is not governed by FISA, Title III, or any other statute. However, when a U.S. person is outside the United States, Executive Order 12333 governs any communications intercepts targeted against such individuals.
8Such concerns are raised by reports of police misconduct as described in Chapter 1.
9The committee recognizes the existence of controversy over the question of whether such reports should be taken at face value. For example, critics of the U.S. government who believe that law enforcement authorities are capable of systematically abusing wiretap authority argue that law enforcement authorities would not be expected to report figures that reflected such abuse. Alternatively, it is also possible that cases of improper wiretaps are in fact more numerous than reported and have simply not come to the attention of the relevant authorities. The committee discussed such matters and concluded that it had no reason to believe that the information it received on this subject from law enforcement authorities was in any way misleading.
The basic framework of FISA is similar to that of Title III, with certain important differences, among which are the following:
• The purpose of FISA surveillance is to obtain foreign intelligence information, defined in terms of U.S. national security, including defense against attack, sabotage, terrorism, and clandestine intelligence activities, among others. The targeted communications need not relate to any crime or be relevant as evidence in court proceedings.
• In most instances, a FISA surveillance application requires a warrant based on probable cause that foreign intelligence information will be collected.10 Surveillance of a U.S. person (defined as a U.S. citizen, U.S. corporation or association, or legal resident alien) also requires probable cause showing that the person is acting as a foreign agent. Political and other activities protected by the First Amendment may not serve as the basis for treating a U.S. person as a foreign agent.
• Targets of FISA surveillance might never be notified that communications have been intercepted.
Since 1979, there have been an average of over 500 FISA orders per year. In 1992, 484 were issued. Other information about FISA intercepts is classified.
3.2.3 The Nature of the Surveillance Needs of Law Enforcement
In cooperation with the National Technical Investigators Association, the FBI has articulated a set of requirements for its electronic surveillance needs (Box 3.2). Of course, access to surveillance that does not meet all of these requirements is not necessarily useless. For example, surveillance that does not meet the transparency requirement may still be quite useful in certain cases (e.g., if the subjects rationalize the lack of transparency as "static on the line"). The basic point is that these requirements constitute a set of continuous metrics by which the quality of a surveillance capability can be assessed, rather than a list that defines what is or is not useful surveillance.
Of these requirements, the real-time requirement is perhaps the most demanding. The FBI has noted that
10Surveillance may take place without a court order for up to 1 year if the Attorney General certifies that there is very little likelihood of intercepting communications involving U.S. persons and that the effort will target facilities used exclusively by foreign powers. Under limited circumstances, emergency surveillance may be performed before a warrant is obtained (Clifford S. Fishman, Wiretapping and Eavesdropping: Cumulative Supplement, Clark Boardman Callaghan, Deerfield, Ill., November 1994, sections 361, 366).
• Prompt and expeditious access both to the contents of the electronic communications and "setup" information necessary to identify the calling and called parties
• Real-time, full-time monitoring capability for intercepts. Such capability is particularly important in an operational context, in which conversations among either criminal conspirators (e.g., regarding a decision to take some terrorist action) or criminals and innocent third parties (e.g., regarding a purchase order for explosives from a legitimate dealer) may have immediate significance
• Delivery of intercepted communications to specified monitoring facilities
• Transparent access to the communications, i.e., access that is undetectable to all parties to the communications (except to the monitoring parties) and implementation of safeguards to restrict access to intercept information
• Verification that the intercepted communications are associated with the intercept subject
• Capabilities for some number of simultaneous intercepts to be determined through a cooperative industry/law enforcement effort
• Reliability of the services supporting the intercept at the same (or higher) level of the reliability of the communication services provided to the intercept subject
• A quality of service for the intercept that complies with the performance standards of the service providers
SOURCE: Law Enforcement Requirements for the Surveillance of Electronic Communications, Federal Bureau of Investigation in cooperation with the National Technical Investigators Association, June 1994.
[s]ome encryption products put at risk efforts by federal, state and local law enforcement agencies to obtain the contents of intercepted communications by precluding real-time decryption. Real-time decryption is often essential so that law enforcement can rapidly respond to criminal activity and, in many instances, prevent serious and life-threatening criminal acts.11
11 Statement of James K. Kallstrom, Special Agent in Charge, Special Operations Division, New York Field Division, Federal Bureau of Investigation, on "Security Issues in Computers and Communications," before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology, U.S. House of Representatives, May 3, 1994. An illustrative example is an instance in which the FBI was wiretapping police officers who were allegedly guarding a drug shipment. During that time, the FBI overheard a conversation between the police chief and several other police officials that the FBI believes indicated a plot to murder a certain individual who had previously filed a police brutality complaint against the chief. (However, the FBI was unable to decode the police chief's "street slang and police jargon" in time to prevent the murder.) See Paul Keegan, "The Thinnest Blue Line," New York Times Magazine, March 31, 1996, pp. 32-35.
Real-time surveillance is generally less important for crimes that are prosecuted or investigated than for crimes that are prevented because of the time scales involved. Prosecutions and investigations take place on the time scales of days or more, whereas prevention may take place on the time scale of hours. In some instances, the longer time scale is relevant: because Title III warrants can be issued only when "probable cause" exists that a crime has been committed, the actual criminal act is committed before the warrant is issued, and thus prevention is no longer an issue. In other instances, information obtained under a valid Title III warrant issued to investigate a specific criminal act can be used to prevent a subsequent criminal act, in which case the shorter time scale may be relevant. The situation is similar under FISA, in which warrants need not necessarily be obtained in connection with any criminal activity. A good example is terrorism cases, in which it is quite possible that real-time surveillance could provide actionable information useful in thwarting an imminent terrorist act.
3.2.4 The Impact of Cryptography and New Media on Law Enforcement (Stored and Communicated Data)
Cryptography can affect information collection by law enforcement officials in a number of ways. However, for perspective, it is important to keep in mind a broader contextnamely that advanced information technologies (of which cryptography is only one element) have potential impacts across many different dimensions of law enforcement; Box 3.3 provides some discussion of this point.
As far as the committee has been able to determine, criminal use of digitally encrypted voice communications has not presented a significant problem to law enforcement to date.12 On rare occasions, law enforcement officials conducting a wiretap have encountered "unknown signals" that could be encrypted traffic or simply a data stream that was unrecognizable to the intercept equipment. (For example, a high-speed fax transmission might be transported on a particular circuit; a monitoring agent
12In this regard, it is important to distinguish between "voice scramblers" and encrypted voice communications. Voice scramblers are a relatively old and widely available technology for concealing the contents of a voice communication; they transform the analog waveform of a voice and have nothing to do with encryption per se. True encryption is a transformation of digitally represented data. Voice scramblers have been used by criminals for many years, whereas devices for digital encryption remain rare.
might be unable to distinguish between the signal of the fax and an encrypted voice signal with the equipment available to him.)
The lack of criminal use of encryption in voice communications most likely reflects the lack of use of encryption by the general public. Moreover, files are more easily encrypted than communications, simply because the use of encrypted communications presumes an equally sophisticated partner, whereas only one individual must be knowledgeable to encrypt files. As a general rule, criminals are most likely to use what is available to the general public, and the encryption available to and usable by the public has to date been minimal. At the same time, sophisticated and wealthy criminals (e.g., those associated with drug cartels) are much more likely to have access to and to use cryptography.13
In data communications, one of the first publicized instances of law enforcement use of a Title III intercept order to monitor a suspect's electronic mail occurred in December 1995, when the customer of an on-line service provider was the subject of surveillance during a criminal investigation.14E-mail is used for communications; a message is composed at one host, sent over a communications link, and stored at another host. Two opportunities exist to obtain the contents of an e-mail messagethe first while the message is in transit over the communications link, and the second while it is resident on the receiving host. From a technical perspective, it is much easier to obtain the message from the receiving host, and this is what happened in the December 1995 instance. (Appendix D contains more detail on how electronic communications are treated under Title III.)
Federal law enforcement authorities believe that encryption of communications (whether voice or data) will be a significant problem in the future. FBI Director Louis Freeh has argued that "unless the issue of encryption is resolved soon, criminal conversations over the telephone and other communications devices will become indecipherable by law enforcement. This, as much as any issue, jeopardizes the public safety and national security of this country. Drug cartels, terrorists, and kidnappers will use telephones and other communications media with impunity
13For example, police raids in Colombia on offices of the Cali cartel resulted in the seizure of advanced communications devices, including radios that distort voices, videophones to provide visual authentication of callers' identities, and devices for scrambling computer modem transmissions. The Colombian defense minister was quoted as saying that the CIA had told him that the technological sophistication of the Cali cartel was about equal to that of the KGB at the time of the Soviet Union's collapse. See James Brooke, "Crackdown Has Cali Drug Cartel on the Run," New York Times, June 27, 1995, p. Al.
14See Gautam Naik, "U.S., Using E-Mail Tap, Charges Three with Operating CellularFraud Ring," Wall Street Journal, January 2, 1996, p. B16.
As acknowledged in the main text, encryption in ubiquitous use would create certain difficulties for law enforcement. Nevertheless, it is important to place into context the overall impact on law enforcement of the digital information technologies that enable encryption and other capabilities that are not the primary subject of this report. Chapter 2 suggested how encryption capabilities can be a positive force for more effective law enforcement (e.g., secure police communications). But information technology is increasingly ubiquitous and could appear in a variety f other applications less obvious than encryption. For example:
• Video technology has become increasingly inexpensive. Thus, it is easy to imagine police cruisers with video cameras that are activated upon request when police are responding to an emergency call. Monitoring those cameras at police headquarters would provide a method for obtaining timely information regarding the need of the responding officers for backup. Equipping individual police officers with even smaller video cameras attached to their uniforms and recording such transmissions would provide objective evidence to corroborate (or refute) an officer's description of what he saw at a crime scene.
• The number of users of cellular telephones and wide-area wireless communications services will grow rapidly. As such technologies enable private citizens to act as responsible eyes and ears that observe and report emergencies in progress, law enforcement officials will be able to respond more quickly. (See, for example, Chana Schoenberger, ''The Pocket-Size Protector; Feeling Safe, not Stylish, with Cellular Phones," Washington Post, August 29, 1995, p. B5.)
• Electronically mediated sting operations help to preserve cover stories of law enforcement officials. For example, the Cybersnare sting operation resulted in the arrest of six individuals who allegedly stole cellular telephone numbers en masse
knowing that their conversations are immune from our most valued investigative technique."15 In addition, the initial draft of the digital telephony bill called for telephone service providers to deliver the plaintext of any encrypted communications they carried, a provision that was dropped in later drafts of the bill.16
15 See the Prepared Statement of Louis J. Freeh, Director, Federal Bureau of Investigation, for the Federal Drug Law Enforcement Hearing before the House Judiciary Committee, Subcommittee on Crime, U.S. House of Representatives, March 30, 1995.
16 The final bill provides that "a telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."
from major companies, resulting in millions of dollars of industry losses. Cybersnare was based on an underground bulletin board that appealed to cellular telephone and credit card thieves. Messages were posted offering for sale cellular telephone "cloning" equipment and stolen cellular telephone numbers, and included contact telephone numbers that were traced to the individuals in question. (See Gautam Naik, "Secret Service Agents Arrest Six Hackers in Cellular-Phone Sting in Cyberspace," Wall Street Journal, September 12, 1995, p. B6.)
• The locations of automobiles over a metropolitan area could be tracked automatically, either passively or actively. An active technique might rely on a coded beacon that would localize the position of the automobile on which it was mounted. A passive technique might rely on automatic scanning for license plates that were mounted on the roofs of cars. As an investigative technique, the ability to track the location of a particular automobile over a period of time could be particularly important.
Even today, information technology enables law enforcement officials to conduct instant background checks for handgun purchases and arrest records when a person is stopped for a traffic violation. Retail merchants guard against fraud by using information technology to check driving records when cars are rented and credit checks for big purchases. The Department of the Treasury uses sophisticated information technology to detect suspicious patterns that might indicate large-scale money laundering by organized crime.
All such possibilities involve important social as well as technical issues. For example, the first two examples featured above seem relatively benign, while the last two raise serious entrapment and privacy issues. Even the ''instant background checks" of gun buyers have generated controversy. The mention of these applications (potential and actual) is not meant as endorsement, recommendation, or even suggestion; they do, however, place into better context the potentialities of information technology in some overall sense to improve the capabilities of law enforcement while at the same time illustrating that concerns about excessive government power are not limited to the issue of cryptography.
Encrypted Data Files
Encryption by criminals of computer-based records that relate to their criminal activity is likely to pose a significant problem for law enforcement in the future. FBI Director Freeh has noted publicly17two instances in which encrypted files have already posed a problem for law enforcement authorities: a terrorist case in the Philippines involving a plan to blow up a U.S. airliner as well as a plan to assassinate the Pope in late 1994,18 and the "Innocent Images" child pornography case of 1995 in
17Speech of FBI Director Louis Freeh, before the International Cryptography Institute 1995 conference, Washington, D.C., September 21, 1995.
18A general discussion of this case is found in Phillip Shenon, "World Trade Center Suspect Linked to Plan to Blow Up 2 Planes," New York Times, March 26, 1995, p. 37.
which encrypted images stood in the way of grand jury access procedures.19Furthermore, Director Freeh told the committee that the use of stored records in criminal prosecutions and investigations was much more frequent than the use of wiretaps.
The problem of encrypted data files is similar to the case in which a criminal keeps books or records in a code or a language that renders them unusable to anyone elsein both instances, the cooperation of the criminal (or someone else with access to the key) is necessary to decipher the records. The physical records as well as any recorded version of the key, if such a record exists, are available through a number of standard legal mechanisms, including physical search warrants and subpoenas. On the other hand, while the nature of the problem itself is the same in both instances, the ease and convenience of electronic encryption, especially if performed automatically, may increase the frequency with which encryption is encountered and/or the difficulties faced by law enforcement in cryptanalyzing the material in question without the cooperation of the criminal.
Finally, the problem of exceptional access to stored encrypted information is more easily solved than the problem of exceptional access to encrypted communications. The reason is that for file decryption, the time constraints are generally less stringent. A file may have existed for many days or weeks or even years, and the time within which decryption is necessary (e.g., to build a criminal case) is measured on the time scale of investigatory activities; by contrast, the relevant time scale in the case of decrypting communications may be the time scale of operations, which might be as short as minutes or hours.
3.3 NATIONAL SECURITY AND SIGNALS INTELLIGENCE20
Cryptography is a two-edged sword for U.S. national security interests. Cryptography is important in maintaining the security of U.S. classified information (Appendix I), and the U.S. government has developed its own cryptographic systems to meet these needs. At the same time, the use of cryptography by foreign adversaries also hinders U.S. acquisition
19A general discussion of the Innocent Images case is found in Kara Swisher, "On-Line Child Pornography Charged as 12 Are Arrested," Washington Post, September 14, 1995, p. 1.
20One note on terminology: In the signals intelligence community, the term "access" is used to refer to obtaining the desired signals, whether those signals are encrypted or not. This use conflicts with the usage adopted in this report, in which "access" generally means obtaining the information contained in a signal (or message or file).
of communications intelligence. This section discusses the latter. (Appendix F contains a short primer on intelligence.)
3.3.1 The Value of Signals Intelligence2l
Signals intelligence (SIGINT) is a critically important arm of U.S. intelligence, along with imagery intelligence (IMINT) and intelligence information collected directly by people, i.e., human intelligence (HUMINT). SIGINT also provides timely tip-off and guidance to IMINT and HUMINT collectors and is, in turn, tipped off by them. As in the case of law enforcement, the information contained in a communications channel treated by an opponent as secure is likely to be free of intentional deception.
The committee has received both classified and unclassified assessments of the current value of SIGINT and finds that the level of reporting reflects a continuing capability to produce both tactical and strategic information on a wide range of topics of national intelligence interest. SIGINT production is responding to the priorities established by Presidential Decision Directive 35. As publicly described by President Bill Clinton in remarks made to the staff of the CIA and intelligence community, the priorities are as follows:
• "First, the intelligence need of our military during an operation ...,
• Second, political, economic and military intelligence about countries hostile to the United States. We must also compile all-source information on major political and economic powers with weapons of mass destruction who are potentially hostile to us,
• Third, intelligence about specific trans-national threats to our security, such as weapons proliferation, terrorism, drug trafficking, organized crime, illicit trade practices and environmental issues of great gravity."22
SIGINT is one valuable component of the overall U.S. intelligence capability. It makes important contributions to ensure an informed, alert, and secure environment for U.S. war fighters and policy makers.
21This report deals only with the communications intelligence (COMINT) aspects of SIGINT; see Appendix F for a discussion of electronic intelligence (ELINT) and its relationship to COMINT.
22Office of the Press Secretary, The White House, "Remarks by the President to Staff of the CIA and Intelligence Community," Central Intelligence Agency, McLean, Va., July 14, 1995.
SIGINT Support of Military Operations
SIGINT is important to both tactical and strategic intelligence. Tactical intelligence provides operational support to forces in the field, whether these forces are performing military missions or international law enforcement missions (e.g., as in drug eradication raids in Latin America conducted in cooperation with local authorities). The tactical dimensions were most recently demonstrated in the Gulf War through a skillfully orchestrated interaction of SIGINT, IMINT, and HUMINT that demonstrated the unequaled power of U.S. intelligence. SIGINT produced timely command and control intelligence and specific signal information to support electronic warfare; IMINT provided precise locating information to permit precision bombing, together with HUMINT; SIGINT and IMINT provided the field commands with an unprecedented degree of battlefield awareness.
History also demonstrates many instances in which SIGINT has proven decisive in the conduct of tactical military operations. These instances are more easily identified now because the passage of time has made the information less sensitive.
• The American naval victory at the Battle of Midway and the destruction of Japanese merchant shipping resulted, in part, from Admiral C.W. Nimitz's willingness to trust the SIGINT information he received from his intelligence staff. General George Marshall wrote that as a result of this SIGINT information, "we were able to concentrate our limited forces to meet [the Japanese] naval advance on Midway when otherwise we almost certainly would have been some 3,000 miles out of place."23
• The shoot-down in April 1943 of the commander-in-chief of the Japanese Navy, Admiral Isoroku Yamamoto, was the direct result of a signals intercept that provided his detailed itinerary for a visit to the Japanese front lines.24
• The U.S. Navy was able to compromise the operational code used by German U-boats in the Atlantic in 1944, with the result that large numbers of such boats were sunk.25
• Allied intercepts of German army traffic were instrumental in the defense of the Anzio perimeter in Italy in February 1944, a defense that some analysts believe was a turning point in the Italian campaign; these intercepts provided advance knowledge of the German timing, direction,
23A good discussion of these topics is given in David Kahn, The Codebreakers, MacMillan, New York, 1967, pp. 561-573 (Midway) and pp. 593-594 (merchant shipping).
24See Kahn, The Codebreakers, 1967, pp. 595-601.
25 Kahn, The Codebreakers, 1967, pp. 504-507.
and weight of assault, and enabled Allied generals to concentrate their resources in the appropriate places.26
While these examples are 50 years old, the nature of warfare is not so different today as to invalidate the utility of successful SIGINT. A primary difference between then and now is that the speed of warfare has increased substantially, placing a higher premium on real-time or nearreal-time intercepts. Since the end of World War II, SIGINT has provided tactical support to every military operation involving U.S. forces.
Other types of tactical intelligence to which SIGINT can contribute include indications and warning efforts (detecting an adversary's preparations to undertake armed hostilities); target identification, location, and prioritization (what targets should be attacked, where they are, and how important they are); damage assessment (how much damage an attacked target sustained); and learning the enemy's rules of engagement (under what circumstances an adversary is allowed to engage friendly forces).
SIGINT Support of Strategic Intelligence
Strategic (or national) intelligence is intended to provide analytical support to senior policy makers rather than field commanders. In this role, strategic or national intelligence serves foreign policy, national security, and national economic objectives. Strategic intelligence focuses on foreign political and economic events and trends, as well as on strategic military concerns such as plans, doctrine, scientific and technical resources, weapon system capabilities, and nuclear program development. History also demonstrates the importance of SIGINT in a diplomatic, counterintelligence, and foreign policy context:
• In the negotiations following World War I over a treaty to limit the tonnage of capital ships (the Washington Conference on Naval Arms Limitations), the U.S. State Department was able to read Japanese diplomatic traffic instructing its diplomats. One particular decoded intercept provided the bottom line in the Japanese position, information that was useful in gaining Japanese concessions.27
• Recently, Director of Central Intelligence John Deutch unveiled the so-called VENONA material, decrypted Soviet intelligence service messages of the mid-1940s that revealed Soviet espionage against the U.S.
26See Ralph Bennett, Ultra and Mediterranean Strategy, William Morrow and Company, New York, 1989, pp. 265-269.
27See Kahn, The Codebreakers, 1967, pp. 358-359.
atomic program.28Intelligence about the Cuban missile crisis has been released. Although primarily a story about U-2 photography, the role of SIGINT is included as well.
• Decrypted intercepts of allied communications in the final months of World War II played a major role in assisting the United States to achieve its goals at the conference called to decide on the United Nations charter. American policy makers knew the negotiating positions of nearly all of the participating nations and thus were able to control the debate to a considerable degree.29
• During the Cold War, SIGINT provided information about adversary military capabilities, weapons production, command and control, force structure and operational planning, weapons testing, and activities of missile forces and civil defense.
In peacetime as in combat, each of the intelligence disciplines can contribute critical information in support of national policy. Former Director of Central Intelligence Admiral Stansfield Turner has pointed out that "[e]lectronic intercepts may be even more useful [than human agents] in discerning intentions. For instance, if a foreign official writes about plans in a message and the United States intercepts it, or if he discusses it and we record it with a listening device, those verbatim intercepts are likely to be more reliable than second-hand reports from an agent."30He also noted that "as we increase emphasis on securing economic intelligence, we will have to spy on the more developed countriesour allies and friends with whom we compete economicallybut to whom we turn first for political and military assistance in a crisis. This means that rather than instinctively reaching for human, on-site spying, the United States will want to look to those impersonal technical systems, primarily satellite photography and intercepts."31
Today, the United States conducts the largest SIGINT operation in the world in support of information relevant to conventional military threats; the proliferation of weapons of mass destruction; terrorism; enforcement
28Center for Cryptologic History, National Security Agency, Introductory History of VENONA and Guide to the Translations, Fort George G. Meade, Md., undated. VENONA material is also available from the Web site of the National Security Agency at http:// www.nsa.gov:8080/docs/venona/venona.html.
29Stephen Schlesinger, "Cryptanalysis for Peacetime: Codebreaking and the Birth and Structure of the United Nations," Cryptologia, Volume 19(3), July 1995, pp. 217-235.
30Stansfield Turner, "Intelligence for a New World Order," Foreign Affairs, Fall 1991, pp. 150-166.
31Turner, "Intelligence for a New World Order," 1991, pp. 150-166.
of international sanctions; protection of U.S. economic and trade interests; and political and economic developments abroad.
• U.S. intelligence has been used to uncover unfair trade practices (as determined by U.S. law and custom) of other nations whose industries compete with U.S. businesses, and has helped the U.S. government to ensure the preservation of a level economic playing field. According to the National Security Agency (NSA), the economic benefits of SIGINT contributions to U.S. industry taken as a whole have totaled tens of billions of dollars over the last several years.
• In sanctions monitoring and enforcement, intelligence intercepts of Serbian communications are reported to have been the first indication for U.S. authorities that an F-16 pilot enforcing a no-fly zone over Serbia and shot down in June 1995 was in fact alive,32and an important element in his rescue. If the pilot had indeed been captured, U.S. options in Serbia could have been greatly constrained.
• SIGINT that has been made public or that has been tacitly acknowledged includes information about the shoot-down of the Korean airliner KAL 007 on September 1, 1983, and the bombing of La Belle Discotheque in West Berlin ordered by Libya in April 1986.
• In foreign policy, accurate and timely intelligence has been, and remains, vital to U.S. efforts to avert conflicts between nations.
• In September 1988, President Ronald Reagan made the decision to disclose NSA decrypts of Iraqi military communications "to prove that, despite their denials, Iraqi armed forces had used poison gas against the Kurds."33
The information provided by SIGINT has helped to produce information on weapons proliferation, providing indications of violations of treaties or embargo requirements. SIGINT has collected information on international terrorism and foreign drug trafficking, thereby assisting in the detection of drug shipments intended for delivery to the United States. Similarly, such information will continue to be a source of important economic intelligence.
In conducting these intelligence-gathering operations, a wide variety of sources may be targeted, including the communications of governments, nongovernment institutions, and individuals. For example, banking is an international enterprise, and the U.S. government may need to
32 Daniel Williams, "'I'm Ready to Get the Hell Out of Here,'" Washington Post, July 9, 1995, p. A1.
33 Christopher Andrew, For the President's Eyes Only, HarperCollins, New York, 1995.
know about flows of money for purposes of counterterrorism or sanctions monitoring.
Although the value of SIGINT to military operations and to law enforcement is generally unquestioned, senior decision makers have a wide range of opinions on the value of strategic and/or political intelligence. Some decision makers are voracious consumers of intelligence reports. They believe that the reports they receive provide advance notice of another party's plans and intentions, and that their own decisions are better for having such information. These decision makers find that almost no amount of information is too much and that any given piece of information has the potential to be helpful.
To illustrate the value of SIGINT to some senior policy makers, it is helpful to recall President Clinton's remarks to the intelligence community on July 14, 1995, at the CIA: he said that "in recent months alone you warned us when Iraq massed its troops against the Kuwaiti border. You provided vital support to our peacekeeping and humanitarian missions in Haiti and Rwanda. You helped to strike a blow at a Colombian drug cartel. You uncovered bribes that would have cheated American companies out of billions of dollars." On a previous occasion, then-President George Bush gave his evaluation of SIGINT when he said that ".. . over the years I've come to appreciate more and more the full value of SIGINT. As President and Commander-in-Chief, I can assure you, signals intelligence is a prime factor in the decision making process by which we chart the course of this nation's foreign affairs."34
Some policy makers, generally less senior than the President, have stated that while intelligence reports are occasionally helpful, they do not in general add much to their decision-making ability because they contribute to information overload, are not sufficiently timely in the sense that the information is revealed shortly in any event, lack necessary context-setting information, or do not provide much information beyond that available from open sources. Even among the members of the committee who have served in senior government positions, this range of opinion is represented.35
The perceived value of strategic SIGINT (as with many other types of intelligence) depends largely on the judgment and position of the particu-
34 Public Papers of the Presidents, U.S. Government Printing Office, Washington, D.C., 1991, as quoted by Andrew in For the President's Eyes Only, 1995, p. 526.
35 For an open-source report on the value of intelligence as perceived by different policy makers, see David E. Sanger, "Emerging Role for the C.I.A.: Economic Spy," New York Times, October 15, 1995, p. 1; and David E. Sanger, "When Spies Look Out for the Almighty Buck," New York Times, October 22, 1995, p. 4.
lar individuals whom the intelligence community is serving. These individuals change over time as administrations come and go, but intelligence capabilities are built up over a time scale longer than the election cycle. The result is that the intelligence community gears itself to serve those decision makers who will demand the most from it, and is loath to surrender sources and/or capabilities that may prove useful to decision makers.
Since the benefits of strategic intelligence are so subjective, formal cost-benefit analysis cannot be used to justify a given level of support for intelligence. Rather, intelligence tends to be supported on a "level-ofeffort" basis, that is, a political judgment about what is "reasonable," given other defense and nondefense pressures on the overall national budget.
3.3.2 The Impact of Cryptography on Signals Intelligence
Cryptography poses a threat to SIGINT for two separate but related reasons:
• Strong cryptography can prevent any given message from being read or understood. Strong cryptography used primarily by foreign governments with the discipline to use those products on a regular and consistent basis presents the United States with a formidable challenge. Some encrypted traffic regularly intercepted by the United States is simply undecipherable by any known means.
• Even weak cryptography, if practiced on a widespread basis by foreign governments or other entities, increases the cost of exploitation dramatically.36 When most messages that are intercepted are unencrypted, the cost to determine whether an individual message is interesting is quite low. However, if most intercepted messages are encrypted, each one has to be cryptanalyzed individually, because the interceptor does not know if it is interesting or not.37
According to Administration officials who testified to the committee,
36This point is echoed in Susan Landau et al., Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy, 1994, p. 25.
37For example, assume that 1 out of every 1,000 messages is interesting and that the cost of intercepting a message is X and the cost of decrypting a message is Y. Thus, each interesting message is acquired at a cost of 1,000 X + Y. However, if every message is encrypted, the cost of each interesting message is 1,000 (X + Y), which is approximately 1,000 Y larger. In other words, the cryptanalyst must do 1,000 times more work for each interesting message.
the acquisition and proper use of cryptography by a foreign adversary could impair the national security interests of the United States in a number of ways:
• Cryptography used by adversaries on a wide scale would significantly increase the cost and difficulty of intelligence gathering across the full range of U.S. national security interests.
• Cryptography used by governments and foreign companies can increase an adversary's capability to conceal the development of missile delivery systems and weapons of mass destruction.
• Cryptography can improve the ability of an adversary to maintain the secrecy of its military operations to the detriment of U.S. or allied military forces that might be similarly engaged.
The above comments suggest that the deployment of strong cryptography that is widely used will diminish the capabilities of those responsible for SIGINT. Today, there is a noticeable trend toward better and cheaper encryption that is steadily closing the window of exploitation of unencrypted communications. The growth of strong encryption will reduce the availability of such intelligence. Using capabilities and techniques developed during the Cold War, the SIGINT system will continue its efforts to collect against countries and other entities newly hostile to the United States. Many governments and parties in those nations, however, will be potential customers for advanced cryptography as it becomes available on world markets. In the absence of improved cryptanalytic methods, cooperative arrangements with foreign governments, and new ways of approaching the information collection problem, it is likely that losses in traditional SIGINT capability would result in a diminished effectiveness of the U.S. intelligence community.
3.4 SIMILARITIES IN AND DIFFERENCES BETWEEN FOREIGN POLICY/NATIONAL SECURITY AND LAW ENFORCEMENT NEEDS FOR COMMUNICATIONS MONITORING
It is instructive to consider the similarities in and differences between national security and law enforcement needs for communications monitoring.
• Secrecy. Both foreign policy and law enforcement authorities regard surreptitiously intercepted communications as a more reliable source than information produced through other means. Surveillance targets
usually believe (however falsely) that their communications are private; therefore, eavesdropping must be surreptitious and the secrecy of monitoring maintained. Thus, the identity and/or nature of specific SIGINT sources are generally very sensitive pieces of information, and are divulged only for good cause.
• Timeliness. For support of tactical operations, near-real-time information may be needed (e.g., when a crime or terrorist operation is imminent, when hostile forces are about to be engaged).
• Resources available to targets. Many parties targeted for electronic surveillance for foreign policy reasons or by law enforcement authorities lack the resources to develop their own security products, and are most likely to use what they can purchase on the commercial market.
• Allocation of resources for collection. The size of the budget allocated to law enforcement and to the U.S. intelligence community is not unlimited. Available resources constrain both the amount of surveillance law enforcement officials can undertake and the ability of the U.S. SIGINT system to respond to the full range of national intelligence requirements levied upon it.
Electronic surveillance, although in many cases critical, is only one of the tools available to U.S. law enforcement. Because it is manpower intensive, it is a tool used sparingly; thus, it represents a relatively small percentage of the total investment. The average cost of a wiretap order is $57,000 (see Appendix D) or approximately one-half of a full-time-equivalent agent-year.
The U.S. SIGINT system is a major contributor to the overall U.S. intelligence collection capability and represents a correspondingly large percentage of the foreign intelligence budget. Although large, the U.S. system is by no means funded to ''vacuum clean" the world's communications. It is sized to gather the most potentially lucrative foreign signals and targeted very selectively to collect and analyze only those communications most likely to yield information relating to high-priority intelligence needs.
• Perceptions of the problem. The volume of electronic traffic and the use of encryption are both expected to grow, but how the growth of one will compare to that of the other is unclear at present. If the overall growth in the volume of unencrypted electronic traffic lags the growth in the use of cryptography, those conducting surveillance for law enforcement or foreign policy reasons may perceive a loss in access because the fraction of intercepts available to them will decrease, even if the absolute amount of information intercepted has increased as the result of larger volumes of information. Of course, if the communicating parties take special care to encrypt their sensitive communications, the absolute amount of useful information intercepted may decrease as well.
• Protection of sources. While the distinction is not hard and fast, law enforcement authorities conducting an electronic surveillance are generally seeking specific items of evidence that relate to a criminal act and that can be presented in open court, which implies that the source of such information (i.e., the wiretap) will be revealed (and possibly challenged for legal validity). By contrast, national security authorities are usually seeking a body of intelligence information over a longer period of time and are therefore far more concerned with preserving the secrecy of sources and methods.
• Definition of interests. There is a consensus, expressed in law, about the specific types of domestic crimes that may be investigated through the use of wiretapping. Even internationally, there is some degree of consensus about what activities are criminal; the existence of this consensus enables a considerable amount of law enforcement cooperation on a variety of matters. National security interests are defined differently and are subject to refinement in a changing world, and security interests often vary from nation to nation. However, a community of interest among NATO allies and between the United States and the major nations of the free world makes possible fruitful intelligence relationships, even though the United States may at times target a nation that is both ally and competitor.
• Volume of potentially relevant communications. The volume of communications of interest to law enforcement authorities is small compared to the volume of interest to national security authorities.
• Legal framework. Domestic law enforcement authorities are bound by constitutional protections and legislation that limit their ability to conduct electronic surveillance. National security authorities operate under far fewer legal constraints in monitoring the communications of foreign parties located outside the United States.
• Perceptions of vulnerability to surveillance. Parties targeted by national security authorities are far more likely to take steps to protect their communications than are most criminals.
3.5 BUSINESS AND INDIVIDUAL NEEDS FOR EXCEPTIONAL ACCESS TO PROTECTED INFORMATION
As noted above in Section 3.1, an employer may need access to data that has been encrypted by an employee. Corporations that use cryptography for confidentiality must always be concerned with the risk that keys will be lost, corrupted, required in some emergency situation, or be
otherwise unavailable, and they have a valid interest in defending their interests in the face of these eventualities.38
Cryptography can present problems for companies attempting to satisfy their legitimate business interests in access to stored and communicated information:
• Stored data. For entirely legitimate business reasons, an employee might encrypt business records, but due to circumstances such as vacation or sick leave, the employer might need to read the contents of these records without the employee's immediate assistance. Then again, an employee might simply forget the relevant password to an encrypted file, or an employee might maliciously refuse to provide the key (e.g., if he has a grudge against his employer), or might keep records that are related to improper activities but encrypt them to keep them private; a business undertaking an audit to uncover or investigate these activities might well need to read these records without the assistance of the employee. For example, in a dispute over alleged wrongdoing of his superiors, a Washington, D.C., financial analyst changed the password on the city's computer and refused to share it.39In another incident, the former chief financial officer of an insurance company, Golden Eagle Group Ltd., installed a password known only to himself and froze out operations. He demanded a personal computer that he claimed was his, his final paycheck, a letter of reference, and a $100 feepresumably for revealing the password.40While technical fixes for these problems are relatively easy, they do demonstrate the existence of motivation to undertake such actions. Furthermore, it is poor management practice that allows a single employee to control critical data, but that issue is beyond the scope of this study.
• Communications. A number of corporations provided input to the committee indicating that for entirely legitimate business reasons (e.g., for resolution of a dispute between the corporation and a customer), an employer might need to learn about the content of an employee's communications. Alternatively, an employee might use company communications facilities as a means for conducting improper activities (e.g., leaking company-confidential information, stealing corporate assets, engaging in
38While users may lose or corrupt keys used for user authentication, the procedures needed in this event are different than if the keys in question are for encryption. For example, a lost authentication key creates a need to revoke the key, so that another party that comes into possession of the authentication key cannot impersonate the original owner. By contrast, an encryption key that is lost creates a need to recover the key.
39Peter G. Neumann, Computer-Related Risks, Addison-Wesley, New York, 1995, p. 154.
40Neumann, Computer-Related Risks, 1995, p. 154.
kickback or fraud schemes, inappropriately favoring one supplier over another). A business undertaking an audit to uncover or investigate these activities might well need to monitor these communications without the consent of the employee (Box 3.4)41 but would be unable to do so if the communications were encrypted. In other instances, a company might wish to assist law enforcement officials in investigating information crimes against it42but would not be able to do so if it could not obtain access to unsanctioned employee-encrypted files or communications. Many, though certainly not all, businesses require prospective employees to agree as a condition of employment that their communications are subject to employer monitoring under various circumstances.43
It is a generally held view among businesses that provisions for corporate exceptional access to stored data are more important than such provisions for communications.44For individuals, the distinction is even
41For example, employees with Internet access may spend so much time on nonworkrelated Internet activities that their productivity is impaired. Concerns about such problems have led some companies to monitor the Internet activities of their employees, and spawned products that covertly monitor and record Internet use. See Laurie Flynn, "Finding On-line Distractions, Employers Strive to Keep Workers in Line," New York Times, November 6, 1995, p. D5.
42A number of examples of such cooperation can be found in Peter Schweizer, Friendly Spies, Atlantic Monthly Press, New York, 1993.
43The legal ramifications of employer access to on-the-job communications of employees are interesting, though outside the scope of this report. For example, a company employee may communicate with another company employee using cryptography that denies employer access to the content of those communications; such use may be contrary to explicit company policy. May an employee who has violated company policy in this manner be discharged legally? In general, employer access to on-the-job communications raises many issues of ethics and privacy, even if such access is explicitly permitted by contract or policy.
44This distinction becomes somewhat fuzzy when considering technologies such as email that serve the purpose of communications but that also involve data storage. Greater clarity is possible if one distinguishes between the electronic bits of a message in transit (e.g., on a wire) and the same bits that are at rest (e.g., in a file). With e-mail, the message is sent and then stored; thus, e-mail can be regarded as a stored communication. These comments suggest that a need for exceptional access to e-mail is much more similar to that for storage than for communications, because it is much more likely that a need will arise to read an e-mail message after it has been stored than while it is in transit. A likely scenario of exceptional access to e-mail is that a user may receive e-mail encrypted with a public key for which he no longer has the corresponding private key (that would enable him to decrypt incoming messages). While this user could in principle contact the senders and inform them of a new public key, an alternative would be to develop a system that would permit him to obtain exceptional access without requiring such actions.
• A major Fortune 1000 corporation was the subject of various articles in the relevant trade press. These articles described conditions within the corporation (e.g., employee morale) that were based on information supplied by employees of this corporation acting in an unauthorized manner and contrary to company policy; moreover, these articles were regarded by corporate management as being highly embarrassing to the company. The employees responsible were identified through a review of tapes of all their telephone conversations in the period immediately preceding publication of the damaging articles, and were summarily dismissed. As a condition of employment, these employees had given their employer permission to record their telephone calls.
• Executives at a major Fortune 1000 corporation had made certain accommodations in settling the accounts of a particular client that, while legal, materially distorted an accounting audit of the books of that client. A review of the telephone conversations in the relevant period indicated that these executives had done so knowingly, and they were dismissed. As a condition of employment, these executives had given their employer permission to record their telephone calls.
• Attempting to resolve a dispute about the specific terms of a contract to sell oil at a particular price, a multinational oil company needed to obtain all relevant records. Given the fact that oil prices fluctuate significantly on a minute-by-minute basis, most such trades are conducted and agreed to by telephone. All such calls are recorded, in accordance with contracts signed by traders as a condition of employment. Review of these voice records provided sufficient information to resolve the dispute.
• A multinational company was notified by a law enforcement agency in Nation A regarding its suspicions that an employee of the company was committing fraud against the company. This employee was a national of Nation B. The company began an investigation of this individual in cooperation with law enforcement authorities in Nation B, and in due course, legal authorization for a wiretap on this individual using company facilities was obtained. The company cooperated with these law enforcement authorities in the installation of the wiretap.
SOURCE: Anonymous testimony to the Committee to Study National Cryptography Policy.
sharper. Private individuals as well as businesses have a need to retrieve encrypted data that is stored and for which they may have lost or forgotten the key. For example, a person may have lost the key to an encrypted will or financial statement and wish to retrieve the data. However, it is much more difficult to imagine circumstances under which a person might have a legitimate need for the real-time monitoring of communications.
3.6 OTHER TYPES OF EXCEPTIONAL ACCESS TO PROTECTED INFORMATION
The discussion of exceptional access above involves only the question of encryption for confidentiality. While it is possible to imagine legitimate needs for exceptional access to encrypted data (for purposes of ensuring secrecy), it is nearly impossible to imagine a legitimate need for exceptional access to cryptography used for the purposes of user authentication, data integrity, or nonrepudiation. In a business context, these cryptographic capabilities implement or support longstanding legal precepts that are essential to the conduct of commerce.
• Without unforgeable digital signatures, the concept of a binding contract is seriously weakened.
• Without trusted digitally notarized documents, questions of time precedence might not be legally resolvable.
• Without unforgeable integrity checks, the notion of a certifiably accurate and authentic copy of digital documents is empty.
• Without strong authentication and unquestionable nonrepudiation, the analog of registered delivery in postal systems is open to suspicion.45
With exceptional access to the cryptography implementing such features or to the private keys associated with them, the legal protection that such features are intended to provide might well be called into question. At a minimum, there would likely be a questioning of the validity or integrity of the protective safeguards, and there might be grounds for legal challenge. For example, a businessperson might have to demonstrate to the satisfaction of a court or jury that he has properly and adequately protected the private keys used to digitally sign his contracts.
It is conceivable that the government, for national security purposes, might seek exceptional access to such capabilities for offensive information warfare (see Chapter 2); however, public policy should not promote these capabilities, because such access could well undermine public confidence in such cryptographic mechanisms.
45 In fact, digital signatures and nonrepudiation provide a stronger guarantee than does registered delivery; the former can be used to assure the delivery of the contents of an "envelope," whereas postal registered delivery can only be used to assure the delivery of the envelope.
In general, cryptography for confidentiality involves a party undertaking an encryption (to protect information by generating ciphertext from plaintext) and a party authorized by the encryptor to decrypt the ciphertext and thus recover the original plaintext. In the case of information that is communicated, these parties are in general different individuals. In the case of information that is stored, the first party and the second party are in general the same individual. However, circumstances can and do arise in which third parties (i.e., decrypting parties that are not originally authorized or intended by the encrypting party to recover the information involved) may need access to such information. These needs for exceptional access to encrypted information may arise from businesses, individuals, law enforcement, and national security, and these needs are different depending on the parties in question. Encryption that renders such information confidential threatens the ability of these third parties to obtain the necessary access.
How the needs for confidentiality and exceptional access are reconciled in a policy context is the subject of Part II.