The McCain-Kerrey encryption bill, like the Administration draft
bill on which it is based, authorizes the government to obtain
private keys and other highly sensitive decryption information
without a court order and without notice to the individual whose
privacy is being compromised. These bills raise serious Fourth
and Fifth Amendment concerns. They do not merely preserve current
levels of government access, but rather seek to create a complex
and burdensome system that would deprive individuals of their
current privacy rights in the developing electronic environment.
The McCain-Kerrey Bill Expands Government Access Authority
The McCain-Kerrey bill, like the
Administration bill, would give the government secret access to
sensitive decryption keys without a court order. The bills require
any third-party holding decryption keys to surrender them in response
to a mere subpoena, issued without judicial approval and without
notice to the encryption user. Under current law, without this
legislation in effect, it is not clear that a trusted third party
could be compelled to surrender an escrowed key without a court
order, and certainly the government would
have no way today to enforce secrecy upon an escrow agent without
a court order.
The Administration's Approach Attempts to Make Surrender of
Constitutional Rights a Condition of Participation in Electronic
Commerce and Communication
The Administration and McCain-Kerrey bills essentially compel
encryption users to disclose their keys to third parties, where
the Administration believes they will be secretly available to
the government without meeting normal Fourth and Fifth Amendment
requirements. The sponsors of the legislation argue that their
approach is voluntary and that nobody would have to participate
in key recovery. We believe that the bills are essentially compulsory,
using a mixture of an unnecessary linkage between licensed certificate
authorities and key recovery, plus the federal procurement power,
the wide reach of federal funding in the education world, and
continued export controls tied to key recovery, to encourage encryption
users to escrow their keys.
Whether the legislation is truly voluntary or voluntary in name only, its goal is to produce a future in which many encryption users store their keys with third parties where they can be accessed without a court order and without notice.
The Administration's Approach Deprives Encryption Users of
Notice that their Keys Have Been Subpoenaed, Avoiding a Fundamental
Fourth Amendment Protection
We believe decryption keys are so central to the emerging world
of online association and commerce that the government should
be required to obtain the approval of a judge in order to compel
disclosure of a key. Even if the government can use a mere subpoena
to compel an encryption user who does not participate in key recovery
to disclose something as sensitive and central to privacy as a
decryption key, the government currently must provide notice by
serving the subpoena on the user, who can then obtain court review
of the subpoena before having to comply. The Administration key
recovery plan seeks to avoid this requirement, by using a combination
of mechanisms to migrate users into a system under which they
disclose their keys to third parties.
The Administration's Approach Avoids the Fifth Amendment Protection
Accorded to Unwritten Keys and Passwords
Under the Fifth Amendment, an individual cannot be compelled to
testify to his or her memorized key. Even if the private key is
written or stored on a computer and its production can be compelled
notwithstanding the Fifth Amendment, the government cannot compel
a person to disclose his or her memorized password, which will
often be necessary to use the private key. Again, by trying to
move users into key recovery, the Administration proposal and
the McCain-Kerrey bill seek to avoid this constitutional privilege.
Conclusion: Key Recovery as Proposed by the Administration
Is Not a Status Quo Proposal
Currently, contrary to the claims of the Administration, when
the govern-ment obtains access to encrypted data or communications
using any of the means at its disposal, the government is not
assured of having access to the necessary decryption information
without notice. Even if the government has a court order to obtain
access to communications from a telecommunications service provider,
the service provider may not have the keys to communications of
users.
The Administration and the McCain-Kerrey sponsors argue that they
are merely trying to preserve the status quo. By "status
quo," they must mean a world in which no one uses encryption.
That world has ceased to exist. Unescrowed, essentially unbreakable
encryption is widely available, and widely used, especially by
businesses for stored files and by businesses and individuals
for e-mail. Law enforcement has begun to encounter encryption,
especially in stored data.
The primary purpose of the Administration bill and the McCain-Kerrey bill is to get current and future users of encryption to participate in key recovery. Especially with respect to communications (as opposed to stored data), most encryption users currently do not escrow their keys, and in the future will not do so in the absence of a government scheme encouraging or compelling them to do so. Encryption users will voluntarily adopt key recovery mechanism for some applications, but not for others, based on need, risk, cost, and other market factors.
Therefore, currently there are situations in which the government
can obtain the private key it needs to read encrypted information
only from the individual encryption user, in which case the Fourth
and Fifth Amendments apply. This requires under the Fourth Amendment
at least notice to the encryption user. It may require a court
order. And in some cases, the Fifth Amendment limits the government's
access. That is the status quo.
-- Will this Effort to Circumvent the Constitution Be Permitted?
The Administration believes that it has found a way around basic
Fourth and Fifth Amendment rights. The Administration believes
that once decryption keys or other recovery information are lodged
with third parties, the keys can be treated like normal business
records, which are not protected by the Fourth and Fifth Amendments.
McCain-Kerrey adopts this view. We believe that stored encryption
keys should not be treated like ordinary business records but
are entitled to higher protection, even in the hands of third
parties. In addition, it is a difficult question whether the courts
would permit the Administration to create a system in which people
surrender their constitutional privacy rights as a condition of
fully participating in electronic commerce and communications.
In any case, whether or not the Administration is correct that
its attempted end run around the Constitution would withstand
judicial scrutiny, it is undeniable that the linkage of certificate
authorities and key escrow would create a system giving the government
secret subpoena access to decryption information that it cannot
obtain today under a mere subpoena with no notice to the encryption
user and no judicial approval. The system proposed in the Administration
and McCain-Kerrey bills is structured to get around the protections
of the Fourth and Fifth Amendments available under current practices.
These bills cannot be characterized as preserving current access.
The Administration and McCain-Kerrey bills would use a combination
of mechanisms to effectively compel encryption users to store
"spare" decryption keys or other "recovery information"
with third parties where the Administration believes they would
be available to the government without a court order.
The primary mechanism of promoting key recovery is the bills'
artificial linkage between certificate authorities and key recovery.
Admin. bill, § 203; McCain-Kerrey, § 405. Certificate
authorities ("CAs") are trustworthy entities such as
banks or credit card companies that can provide assurances of
identity in cyberspace. Key recovery involves an encryption user
storing a "spare" key or other decryption information
with a third party, where it can be retrieved in the event that
the user loses or forgets his or her key. There are some situations,
particularly involving stored data, where businesses will want
to escrow a spare key to ensure access to their data in the event
an employee dies or quits or forgets the key.
The marketplace is already developing certificate authority systems
and key escrow (or "data recovery") systems, sorting
out what works and what doesn't. Thus, there is no need for government
to encourage electronic commerce by regulating either CAs or escrow
agents. Yet the Administration and McCain-Kerrey bills create
a regulatory structure involving government licensing of CAs and
recovery agents.
Under the Administration and McCain-Kerrey bills, the price of
using a licensed CA for encryption purposes will be participation
in key recovery. The bills state that an encryption user cannot
obtain a certificate for encryption from a licensed certificate
authority without escrowing a copy of his or her private decryption
key or other "recovery information." Admin. bill, §203;
McCain-Kerrey, §405. Absent such a legislated requirement,
while most encryption users would want to use licensed CAs, many
would not want to escrow, especially for communications. There
is no logical linkage between the function of certificate authorities
and the totally separate issue of key escrow, but this is the
hook that the Administration has presently chosen to impose on
the digital world its desire for surreptitious access to decryption
keys.
In an effort to downplay the significance of its proposal, the
Administration has argued that it is only seeking to ensure the
ability to obtain plaintext of communications that it has already
obtained in encrypted form. On this basis, the Administration
tries to argue that it is seeking no new authority.
Contrary to the Administration's claim, under current law and
practice, if the government obtains access to encrypted data or
communications using any of the surreptitious means at its disposal,
it is not assured of having surreptitious access to the
necessary decryption information.
The government currently obtains data or communications in many
instances without the approval of a judge and without even the
use of a subpoena. Encrypted data or files can be provided by
an informant or disgruntled employee or undercover agent, who
obtains access with consent and copies the data and provides it
to the government. No court approval is required for use of informants
or undercover operatives. The government can dumpster dive along
with anybody else, and does, routinely obtaining documents from
garbage cans. In certain situations, businesses can intercept
the communications of their employees, service providers can intercept
the communications of their customers, and universities can intercept
the communications of their students, all without judicial approval,
and turn them over to the government. None of these mechanisms
guarantees access to decryption keys.
Even if the government has a court order to obtain access to communications
from a telecommunications service provider, the service provider
will not have the keys to communications of users. The government
cannot obtain the plaintext of those communications from anyone
other than a party to the communication.
Absent legislation, some users will escrow keys with third parties,
where they may be available to the government. But especially
with respect to communications (as opposed to stored data), most
people will not escrow keys in the absence of a government scheme
encouraging or compelling them to do so.
The Administration bill and the McCain-Kerrey bill prohibit an
escrow agent from disclosing the existence of a subpoena to the
person whose key or recovery information is being sought. Admin.
draft, §304; McCain-Kerrey, §110. In other words, the
very person with the most at stake could not be told that a subpoena
has been issued and is being complied with.
This denial of notice has several implications, and is the most
clear-cut example of how the Administration and McCain-Kerrey
bills avoid current constitutional procedures.
Notice is a central element of the Fourth Amendment. Just recently,
the Supreme Court reaffirmed that notice is a normally indispensable
element of the Fourth Amendment. Richards v. Wisconsin
(April 28, 1997); see also Wilson v. Arkansas, 514 U.S.
927 (1995). Subpoenas are issued on less than probable cause and
without prior judicial authorization. The courts have held that
the main mechanism making subpoenas permissible is the fact that
a subpoena recipient has notice and therefore can obtain prior
judicial review before having to comply. LaFave, Search and Seizure,
§ 4.13. By constructing a scheme that denies notice to the
encryption user -- the person whose interests are being compromised
and thus the person most likely to challenge a subpoena -- the
bills remove what courts have viewed as the most important protection
against abuse of the subpoena power.1
Denying notice has certain practical implications that contribute
to the insecurity of the Administration's proposal, even aside
from the constitutional concerns. Given the high likelihood of
mistaken disclosure of keys under a system as complex as that
contemplated by the Administration proposal, encryption users
should know that their key has been requested by someone claiming
to be an authorized government agent, so that they can determine
if the request for their keys was erroneous or the result of spoofing.
Subpoenas Are Issued Without Judicial Approval and Offer Little
Privacy Protection
The Administration and McCain-Kerrey bills would require escrow
agents to disclose other people's keys when presented with a subpoena.
Section 106(3) of McCain-Kerrey provides:
A key recovery agent, whether or not registered by the Secretary
under this Act, shall disclose recovery information to a Federal
or State government entity ... upon the receipt of a subpoena
... which is based upon a duly authorized warrant or court order
...; a subpoena authorized by or based on authority established
by Federal or State law, statute, precedent or rule; ... .
(Emphasis added.)
Few people realize how little protection a subpoena offers against
mistake, overreaching and abuse. In federal criminal investigations,
it is remarkably easy for the government to obtain a subpoena.
Subpoenas are issued without judicial approval. Whenever a grand
jury is created, subpoenas are issued in blank to the Assistant
United States Attorney, who fills them in and signs them without
even discussing them with the judge or grand jury. In many instances,
the documents produced are never actually seen by the grand jury.
Moreover, some law enforcement agencies such as the DEA and the
IRS have administrative subpoena authority, meaning that their
agents can issue subpoenas demanding release of documents even
without the approval of a prosecutor.
Furthermore, there are nearly two hundred grants of subpoena authority
to federal administrative agencies, virtually the entire alphabet
soup of the regulatory bureaucracy, which can issue subpoenas
in civil investigations of a wide range of regulatory matters,
again without judicial approval. A list of federal
grants of subpoena authority to administrative agencies is available
from CDT.
Such authorizations are generally very broad, empowering the government
agency to subpoena "any books, papers, correspondence, memoranda,
or other records that the Secretary deems relevant or material"
to an investigation. The investigative authority of administrative
agencies is nearly unlimited. According to the Supreme Court,
an administrative agency (or a grand jury) "can investigate
merely on suspicion that the law is being violated, or even just
because it wants assurance that it is not." United States
v. Morton Salt Co. 338 U.S. 632, 642-643 (1950).2
The following examples show the broad range of minor agencies
and administrative organizations and programs that have subpoena
power: The Secretary of Agriculture is empowered to issue subpoenas
in order to implement the Milk, Soybean, Mushroom, Lime, Fresh
Cut Flowers and Fresh Cut Greens, Pecan, Watermelon, Pork, Beef,
Fish and Seafood and Honey Promotion Programs. The Family and
Medical Leave Act grants subpoena power to the Secretary of Labor.
The Native American Graves Protection and Repatriation Act authorizes
the Secretary of Interior to issue subpoenas. In the course of
investigations and hearings into mismarked, substandard, counterfeit,
and other nonconforming fasteners, the Secretary of Commerce may
issue subpoenas.
In many instances, the subpoena authority can be delegated to
mid- and lower-level employees: Upon authority of the National
Transportation Safety Board, any member of the Board, any administrative
law judge employed by or assigned to the Board, or any officer
or employee duly designated by the Chairman, may... require
by subpoena... the production of such evidence as the Board or
such officer or employee deems advisable. 49 U.S.C. §
1903. For the purpose of inspections and investigations into possible
violations of the Motor Vehicle Odometer Requirements statute,
the Secretary of Transportation may authorize any officer or employee
of the Department of Transportation to issue subpoenas for the
production of "such books, papers, correspondence, memorandums,
contracts, agreements, or other records as the Secretary, or
such officer or employee, deems advisable."
The Administration proposal and the McCain-Kerrey bill also require
disclosure of recovery information in response to subpoenas issued
by any state or local government entity. There are over 15,000
state and local law enforcement agencies. In addition, there are
uncounted numbers of state and local agencies, boards, and other
bodies that have civil subpoena authority, all of which under
the Administration bill and the McCain-Kerrey bill would have
the power to compel escrow agents and recovery agents to disclose
keys or other decryption assistance held in trust on behalf of
their clients.
Finally, the Administration and McCain-Kerrey bills require that
keys be disclosed to foreign governments, with no defined standards,
upon the request of the U.S. government. Admin. bill, §302(A)(2);
McCain-Kerrey, §106(2)(b).
Is a Mere Subpoena Adequate to Compel Disclosure of a Private
Key?
The Administration argues that the subpoena access provision merely
preserves the status quo. The denial of notice, we believe, conclusively
rebuts this contention. But there is a broader question as to
whether a mere subpoena is sufficient to compel disclosure of
decryption information if served on either a third party or on
the encryption user. The compelled disclosure of decryption information
poses concerns quite different from those normally applied to
business records under United States v. Miller, 425 U.S.
435 (1976), and Fisher v. United States, 425 U.S. 391 (1976),
especially when participation in electronic commerce is conditioned
on participation in a key escrow or data recovery scheme accessible
to the government. In fact, current Fourth Amendment jurisprudence
suggests that the government cannot always use a mere subpoena
to compel even from a third party production of a person's private,
personal documents, in which category we would place a person's
decryption key. Fisher, 425 U.S. at 401 n. 7; 1 Beale,
Bryson, Felman & Elston, Grand Jury Law and Practice, §6.27
(1986 & 1996 Cum. Supp.).
Disclosure of keys as contemplated by the Administration also
raises serious questions under the Fifth Amendment's protection
against compelled self incrimination. Generally, the courts have
held that a voluntarily created document does not contain compelled
testimonial evidence. Almost all these cases, however, have arisen
in the context of business records. The leading case, Fisher
v. United States, supra, involved a subpoena of accountants'
workpapers relating to two taxpayers, which were in the possession
of the taxpayers' attorney. The Fisher Court itself recognized
that there may be some category of private papers that are protected
under the privilege against self-incrimination. Fisher,
425 U.S. at 414. The federal Circuit Courts of Appeal are split.
Two federal Appeal Courts have held that the Fifth Amendment bars
compelled disclosure of private, non-business papers. United
States v. Davis, 636 F.2d 1028 (5th Cir. 1981), cert. denied,
454 U.S. 862; In re Grand Jury Proceedings, 632 F. 2d 1033
(3d Cir. 1980). If anything, the privacy concerns reflected in
these cases may be even stronger with respect to private decryption
keys, which form such a central enabling role to the protection
of privacy itself in the digital age.
Even if the courts hold that a written key does not constitute
testimonial evidence, most people who use encryption store their
key under a memorized password. Here the Fifth Amendment law is
clearer. An individual cannot be compelled to reveal a memorized
password. Doe v. United States, 487 U.S. 201, 210 n. 9
(1988). This goes to the heart of the Fifth Amendment's protection
against compelled self-incrimination.
Key recovery as envisioned in the McCain-Kerrey and Administration
bills goes far beyond the status quo and does far more
than merely preserve current access. Currently, the law requires
at least that the government serve a subpoena on the encryption
user, giving the user notice and an opportunity to challenge the
request and protect against any mistake or fraud. In addition,
the Fourth and Fifth Amendments may require a judicial order (subpoenas
are issued without judicial approval), and the Fifth Amendment
likely prohibits compelled disclosure of memorized keys or passwords
from the user. The bills try to avoid these constitutional constraints
by creating a system in which people give their keys to third
parties where -- the government believes -- they would be accessible
under a mere subpoena issued and executed without judicial approval
and without notice to the person whose privacy is being compromised.
This may or may not be constitutional -- we believe it is not
-- but it certainly is a structure designed to give government
officials (and others appearing to be government officials) access
not available today.
NOTES
1 We do not contend that a grand
jury or an administrative agency issuing a subpoena to a third
party is required to give notice to the record subject or target.
To the contrary, there is generally no such requirement. See
SEC v. Jerry T. O'Brien, Inc., 467 U.S. 735 (1984).
Our focus here is on the attempt to force sensitive decryption
keys into the hands of third parties in the first place, in an
attempt to evade notice.
2 "[E]ven if one were to
regard the request for information . . . as caused by nothing
more than official curiosity, nevertheless law enforcing agencies
have a legitimate right to satisfy themselves that corporate behavior
is consistent with the law and the public interest. Id.,
338 U.S. at 652.