------------------------------------------------------------------------------
_____ _____ _______
/ ____| __ \__ __| ____ ___ ____ __
| | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_
| | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/
| |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_
\_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/
The Center for Democracy and Technology /____/ Volume 4, Number 6
----------------------------------------------------------------------------
A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
CDT POLICY POST Volume 4, Number 6 March 20, 1998
CONTENTS: (1) Support for Encryption Reform Pops Up in Unusual Places
(2) FBI Tells Phone Cpmpanies to Prepare for Thousands of Wiretaps
at Once
(3) Broad FCC Proceeding on CALEA Likely
(4) How to Subscribe/Unsubscribe
(5) About CDT, Contacting us
** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of
|PLEASE SEE END OF THIS DOCUMENT FOR SUBSCRIPTION INFORMATION|
_____________________________________________________________________________
1) FIGHT FOR ENCRYPTION REFORM FINDS FRIENDS IN NEW PLACES
Support for the fight to deregulate encryption technologies popped up in
some unusual corners of Capitol Hill this week.
In a hearing held Tuesday by Sen. Jon Kyl's Judiciary Subcommittee on
Technology, Terrorism and Government Information, former Senate Armed
Services chairman Sam Nunn testified that there's a lot of 'unrealistic'
government thinking going on about encryption, and it's 'vital' that the
policy deadlock over encryption be resolved soon.
The same day, in a hearing before Sen. Ashcroft's Judiciary subcommittee on
the Constitution, a Justice Department representative said that the
Administration is not looking for mandatory domestic controls on encryption
-- 'at this time.' Two prominent constitutional scholars also argued at the
Ashcroft hearing that key recovery of the type contemplated by the FBI and
Clinton Administration is inconsistent with fundamental free expression and
privacy rights embodied in the Bill of Rights.
It remains to be seen whether the law enforcement community will ultimately
embrace the statements of Sen. Nunn and the Administration representative.
But CDT finds it encouraging that voices within the national security and
legal communities are raising doubts in Congress about the wisdom of
mandating a 'backdoor' to all encrypted information.
Sen. Kyl's hearing focused on the general steps that the federal government
should take to protect 'critical' domestic infrastructures from both
foreign and domestic threats. Even though the hearing was meant to discuss
threats to a wide range of critical infrastructures (such as transport,
financial services, telecom, water, etc.) the only issue the witnesses
really dealt with was the Internet and other telecommunications
infrastructures.
Nunn, the co-chair (with former Dep. Attorney General Jamie Gorelick) of
the President's Advisory Committee on Critical Infrastructure Protection,
testified that the stalemate over encryption policy must be resolved for
two key reasons:
* Strong encryption is critical to the security of domestic
infrastructures, and
* failure to resolve the deadlock between government and the industry has
lead to such a high level of mistrust on industry's part that it is
difficult to make any progress on any other infrastructure protection
issues, which also require a high degree of cooperation.
With surprising directness, Nunn went on to say that he saw several
barriers to resolving the encryption issue. First, he said, there are a
large number of 'unrealistic' assumptions among law enforcement officials
about the problems they'd have if the Internet industry isn't forced to
adopt key recovery. Nunn warned law enforcement that:
* It's unrealistic to assume that government can control technology.
* Key recovery can't work except by global agreement.
* Law enforcement needs lots of help with new technologies, no matter
whether they get mandatory key recovery or not.
* Law enforcement's nostalgia for the 'good old days' of easy wiretapping
is mistaken and unrealistic.
Nunn also sounded the alarm about constitutional limits on the degree to
which the Pentagon can, or should, get involved in domestic law enforcement
matters such as the investigation of attacks on domestic infrastructures
like airports or power grids. Former CIA Director John Deutch has said that
he believes that the Department of Defense can get involved in such
investigations. Nunn suggested instead that large number of DoD employees
should be detailed to the FBI or the Justice Department to provide
technical assistance in emergency situations or difficult investigations.
Nunn's views are consistent with the views CDT expressed in a letter it
sent March 17 Sen. Jon Kyl's Subcommittee. The letter urged the
subcommittee to examine carefully proposals by the President's Commission
on Critical Infrastructure Protection (PCCIP) that would mandate the use of
'key recovery' systems.
'We urge you to oppose any initiatives for building new surveillance
capabilities into the non-government information and communications
infrastructure,' the letter said. 'We also urge you to avoid measures that
would infringe upon the right of anonymity, which has an important role in
preserving free and open communications under our Constitution. First
Amendment principles, not national security values, should govern the
design of communications systems for the public.' For a copy of the
letter, see: http://www.cdt.org/crypto/jonkyl.html
Earlier in the day, Justice Department and constitutional experts presented
dramatically different views of the Bill of Rights' application to the
encryption debate. While Justice defended the constitutionality of domestic
encryption controls, two leading legal scholars presented a sweeping
assessment of how domestic controls violate the protections of the First,
Fourth, and Fifth Amendments. A RealAudio transcript of the hearing is
available at http://www.computerprivacy.org
Justice Department representative Robert Litt testified that as a matter of
official policy the Administration is 'not looking for any mandatory
controls domestically at this time.' This policy apparently applies to the
FBI as well. It's worth noting, however, that Reuters reported Wednesday
that the FBI 'hopes voluntary concessions by manufacturers of encryption
technology will give it the same capabilities' as legislation to force
mandatory key recovery would. The Reuters article is available at
http://www.crypto.com
Later in the hearing, leading constitutional scholars Richard Epstein of
the University of Chicago and Kathleen Sullivan of Stanford testified that
key recovery of the type contemplated by the FBI and Clinton Administration
is inconsistent with fundamental free expression and privacy rights
embodied in the Bill of Rights. While falling short of calling encryption
controls clearly unconstitutional under current Supreme Court doctrine,
Epstein and Sullivan presented a broad Constitutional case against
encryption controls. The testimony of Professors Sullivan and Epstein is
available through CDT's Web site at http://www.cdt.org/crypto
________________________________________________________________________________
2) FBI TELLS PHONE COMPANIES TO PREPARE FOR THOUSANDS OF WIRETAPS AT ONCE
On March 12, 1998, the FBI published in the Federal Register its 'final'
capacity notice under CALEA. http://www.fbi.gov/calea/calea1.htm
The notice is yet another example of how CALEA is mired in controversy
caused by the FBI's unwillingness to prioritize its needs and its
persistent efforts to use CALEA to expand its surveillance reach.
The notice is designed to specify the amount of extra capacity that
telecommunications carriers should install in order to ensure that law
enforcement agencies can carry out multiple interceptions at one time.
As a result of a number of accounting devices used by the FBI, the notice
produces capacity requirements far in excess of historical patterns. Under
CALEA, the FBI is supposed to pay for any capacity installed to meet law
enforcement needs. The FBI, however, is trying to avoid paying the full
cost of capacity, which would mean that the cost gets passed on to
telephone subscribers.
The March 12 notice is 'final' in name only. It leaves many questions
unanswered and open to further clarification or negotiation.
________________________________________________________________________________
3) BROAD FCC PROCEEDING ON CALEA LIKELY
Closed door negotiations on CALEA between the FBI and the telephone
industry seem to have broken down. CDT and other privacy groups had
objected to the existence of the negotiations, on the ground that they
violated CALEA principles of public accountability and privacy protection
The breakdown of the negotiations sets the stage for a FCC proceeding. The
Attorney General has threatened to challenge the industry plan for failure
to provide additional surveillance capabilities sought by the FBI. CDT and
other privacy groups are already on record arguing that the industry's
standard already goes too far in expanding law enforcement capabilities and
failing to protect privacy.
_______________________________________________________________________________
(4) SUBSCRIPTION INFORMATION
Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list. CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 13,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.
To subscribe to CDT's Policy Post list, send mail to
majordomo@cdt.org
in the BODY of the message (leave the SUBJECT LINE BLANK), type
subscribe policy-posts
If you ever wish to remove yourself from the list, send mail to the above
address with NOTHING IN THE SUBJECT LINE AND a BODY TEXT of:
unsubscribe policy-posts
_____________________________________________________________________________
(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: http://www.cdt.org/
Snail Mail: The Center for Democracy and Technology
1634 Eye Street NW * Suite 1100 * Washington, DC 20006
(v) +1.202.637.9800 * (f) +1.202.637.0968
----------------------------------------------------------------------------
End Policy Post 4.6 3/20/98
----------------------------------------------------------------------------
