Testimony of
Daniel J. Weitzner, Deputy Director

on behalf of the

Center for Democracy and Technology

On Privacy and Security Policy Issues Raised by
Commercial Key Escrow Systems

September 7, 1995
National Institute of Standards and Technology Gaithersburg, MD

I. Introduction

My name is Daniel Weitzner, Deputy Director of the Center for Democracy and Technology. The Center is pleased to have opportunity to provide comments on the Administrations proposed private key escrow policies. The Center for Democracy and Technology is an independent, non-profit public interest policy organization in Washington, DC. The Center's mission is to develop and implement public policies to protect and advance individual liberty and democratic values in new digital communications media. The Center achieves its goals through policy development, public education, and coalition building. CDT also coordinates the Digital Privacy and Security Working Group (DPSWG), an ad hoc coalition of more than 50 computer, communications, and public interest organizations and associations working on communications privacy issues. In the past, members of the Working Group have strongly opposed the Administration's Clipper Chip and worked on the Digital Telephony bill now passed into law.

CDT is pleased that the Administration has made the commitment to develop a comprehensive communications security policy. The original announcement to base such a policy on the private key escrow principles espoused in the Vice President' letter of July 1994 had great promise. As we will illustrate below, however, the policy announced in September 1995 falls far short of the goals outlined by the Vice President and the needs of individual users and the industry. Indeed, without substantial modification, the policy offers little to users, the market, or privacy advocates. However, we remain committed to working with the Administration and the Congress to develop a comprehensive and balanced encryption policy that will meet user privacy needs and the legitimate interests of law enforcement agencies. We continue to believe that the Gore letter contained the road map for such a policy and hope that the current efforts can be redirected along those lines.

II. The Promise of the Gore Letter: Potential for policy breakthrough to meet the needs users, industry, and law enforcement

With the explosive growth of the Internet and other interactive media, United States encryption policy has gone from a relatively unnoticed backwater of national security policy, to a highly visible and highly contentious area of technology policy of great concern to many industry groups and privacy advocates alike. In this transition, there have been some missteps, including the Clipper Chip initiative. After an unsuccessful effort to build support for the Clipper Chip in the market and the policy arena, the Clinton Administration announced its intention to develop a new encryption policy that would strike a more reasonable balance between the needs of users, the demands of the computer and communications marketplace, and the legitimate needs of law enforcement.

The move away from reliance on the Clipper Chip marked an important turning point in the development of encryption policy. First announced in a letter from Vice President Al Gore to Congresswoman Maria Cantwell on July 20, 1994, the Administration made a commitment to develop a policy framework that would promote the development of encryption systems that would meet the following criteria:

1. Implementation in hardware or software: After the hardware-only Clipper solution, the Administration recognized that any system must, according to the Gore letter, be "implementable in software, firmware, hardware, or any combination thereof."

2. Public, unclassified algorithms: In order to assure users that their communications are truly secure, systems must employ encryption algorithms that are public, and thus subject to scrutiny by the broadest possible technical community. Thus, the Vice President promised that the new policy "would not rely upon a classified algorithm."

3. Voluntary: Although the Clipper Chip was always described as a voluntary technology, considerable fears arose that its use might one day become mandatory. The Gore letter asserted that any new policy must be based on purely voluntary standards.

4. Fourth Amendment privacy safeguards: Electronic surveillance constitutes an invasion of the most private realms of individual activity. In order to protect individuals from unnecessary or excessive invasions by law enforcement agencies, Congress and the courts have instituted careful safeguards in the realm of traditional electronic surveillance through the telephone. The Vice President's letter called for the extension of these protections in the form of "safeguards to provide for key disclosure only under legal authorization and should have audit procedures to ensure the integrity of the system."

5. Statutory liability rules to protect users: In order to encourage users to trust private escrow systems, "escrow holders should be strictly liable for releasing keys without legal authorization," according to the Gore letter.

6. Multiple escrow agents: Users must be free to chose their own escrow agents, unlike the Clipper proposal, so the Vice President declared that "a new key escrow encryption system must permit the use of private-sector key escrow agents as one option.... Having a number of escrow agents would give individuals and businesses more choices and flexibility in meeting their needs for secure communications."

   III. Current Administration Proposal Fails to Meet High Standards Set out by the Vice President

   The policy announced by the Administration in its September 1, 1995 paper, unfortunately fails to meet many of the criteria that the Vice President himself announced just one year ago in the above mentioned letter. On hearing that the Administration had set out to develop a new encryption policy based on the principles outlined in the Gore letter, the Center for Democracy and Technology was guardedly optimistic that a genuine policy breakthrough was possible. However, having had the opportunity to review the current proposal, every principle, except the first (software implementation) and second (public algorithms), thoughtfully outlined in the July 1994 letter is violated or, in one case, left in doubt, by the September 1995 policy statement.

   The September 1995 policy statement diverges from the July 1994 letter in the following critical respects. In our view, these divergences represent fundamental defects in the proposed policy and must be corrected.

   • Not Voluntary: The current proposal effectively compels all domestic users to use key escrow systems if they ever intend to communicate internationally. Point 6 of the export criteria requires that an exportable system must not interoperate with any system that non-escrow systems. Thus, in order for a user in the United States to communicate with anyone who uses a United States-made system on the Internet but outside of the United States, the American user must employ a key escrow system. Domestic users are not legally compelled to use key escrow products, but the proposed policy forces, in practice, all but the most insular Internet user is propelled toward a key escrow system. A policy based on such compulsion can hardly be called voluntary.

   • Inadequate Security: Point 1 precludes export of systems with key lengths beyond 64 bits. Though this key size is larger than what is currently exportable, it is a level of security already judged inadequate for some applications. Given the rate at which computing power increases, even a 64 bit key would be subject to attach before long.

     The premise of the key escrow policy is to provide law enforcement and national security agencies a "front door" to be used to decrypt messages when the agency obtains proper legal authorization. Yet, the architects of the current policy apparently are not willing to trust that key escrow systems will meet law enforcement needs inasmuch as the key length limit suggests that the Administration is intent on maintaining an extra-legal method of decrypting communications. The Gore letter contains no suggestion that key escrow systems would also be subject to key length limits but the Administration seems to have lost faith in its own proposal. Such a half-hearted effort cannot be the basis of a long-lasting policy.

   • No privacy protection for users of escrowed systems: The ten export principles make no mention of privacy safeguards which the Vice President previously recognized as necessary to safeguard individual privacy and Fourth Amendment principles. Any escrow policy must contain safeguards against abuse and statutory liability provisions for the operators of private escrow systems.

   • Fails to Promote International Interoperability: Points 6 and 10 of the export criteria raise grave doubts as to the likelihood that the current proposal will give rise to a secure global communications environment. Point 10 forces users in other countries (and their governments) to accept United States-based escrow of all keys until bilateral access agreements are entered into. Such tactics seem unlikely to produce satisfactory international agreements, and hold global communications security hostage to the completion of such agreements.

   IV. Recommendations to Restore Current Process to Principles of Gore Letter

   The Administration's September 1 paper leaves many privacy concerns unanswered or simply rejected, and falls far short of the goals set in the Gore letter of July 1994. However, CDT still believes that the Administration has embarked on a serious process which, along with appropriate Congressional involvement, can lead to a long-lasting resolution to the encryption policy morass that exists today. CDT recommends the following steps be taken immediately to supplement the September 1 policy framework.

   A. Legislation to protect user privacy, address legitimate law enforcement needs, and guarantee voluntariness

   Encryption is now a key enabling technology in the development of the National and Global Information Infrastructure. The growth of electronic commerce, the protection of intellectual property, and the very viability of cyberspace as an economic, social, cultural and political arena depend on the widespread availability of strong encryption. As such, encryption policy can no longer be made in the closed halls Executive Branch national security policy.

   Like the Clipper Chip before it, the proposed key escrow policy framework places the National Security Agency in control of private sector computer security policy. Such a role for the NSA is both detrimental to the growth of the information infrastructure and contrary to the principles of the Computer Security Act of 1987. The Computer Security Act clearly established that neither military nor law enforcement agencies are the proper protectors of personal privacy. When considering the law, Congress asked, "whether it is proper for a super-secret agency [the NSA] that operates without public scrutiny to involve itself in domestic activities...?" The answer was a clear "no."

   As important as the principle of civilian control was in 1987, it is even more critical today. The more individuals around the country come to depend on secure communications to protect their privacy, the more important it is to conduct privacy and security policy dialogues in public, civilian forums.

   If encryption policy is to be based on private key escrow as proposed by the Administration, legislative action is required to assure:

   1. Complete voluntariness: No government action should compel individuals or corporations to use key escrow systems;

   2. User choice of among multiple private escrow agents: Any entity that meets statutory criteria should be allowed to be an escrow agent. Free market mechanisms should be allowed to meet the varying needs of users;

   3. User choice of encryption algorithm: Different users with different applications will need varying degrees of security and should be allowed to chose the level and type of encryption appropriate to their needs. Individual choice and market innovation, not government fiat, should guide choice of encryption algorithm;

   4. Statutory framework for law enforcement access and agent liability for improper disclosure: Under law, a private escrow agent could only legally disclose a users to those who are approved by the user, or to an authorized law enforcement agency, upon presentation of a 4th Amendment warrant. Private escrow agents (PEAs) would operate under a statutory framework which requires a PEA to hold private keys for users under a special standard of care and creates remedies in the event of unauthorized disclosure.

      In providing assistance to enable law enforcement to decrypt communications, the PEA may not disclose the target's private key to law enforcement. However, as stated in the ten criteria and as much as is technically feasible, law enforcement should be assured speedy, uninterrupted access to decrypted communications once the surveillance is judicially approved.

   5. Audit trails for law enforcement access: PEA's would be legally required to configure their systems in such a way to create a trusted and complete audit trail of all key access events. This audit function would provide key holders with the ability to seek damages from the PEA if necessary and could act as a check on law enforcement activity.

   B. Export Control Reform

   1. Full Export Authorization: Private key escrow systems that meet these principles should be fully exportable, under Commerce Department jurisdiction.

   2. End key-size limitations: All properly escrowed encryption systems must be eligible for export, regardless of key size. Since escrow systems would give law enforcement and national security agencies access to all communications, there can no longer be any justification for limiting key size.

   V. Conclusion

   As measured by the demands of privacy and security, and by the standards set out in the 1994 Gore letter, the current key escrow policy proposals fall short of the mark. However, CDT remains committed to working within the process set out by the Administration, and with the Congress, toward a speedy resolution of all of these critical encryption policy issues.

   For more information, please contact:

   Daniel Weitzner, CDT Deputy Director djw@cdt.org
   Jonah Seiger, CDT Policy Analyst jseiger@cdt.org.

   ---

   Return to the CDT Crypto Page
   Return to the CDT Home Page