Thank you Mr. Chairman and members of the Committee for providingme with this opportunity to discuss with you an issue of extremeimportance and of great concern to all of law enforcement, bothdomestically and abroad -- the serious threat to public safety posedby the proliferation and use of robust encryption products that donot allow for timely law enforcement access and decryption.
First and foremost, the law enforcement community fully supports abalanced encryption policy that satisfies both the commercial needsof industry and law abiding individuals for robust encryptionproducts while at the same time satisfying law enforcement's publicsafety needs. On the one hand, encryption is extremely beneficialwhen used legitimately to protect commercially sensitive informationand communications. On the other, the potential use of such robustencryption products by a vast array of criminals and terrorists toconceal their criminal communications and information poses anextremely serious and, in my view, unacceptable threat to publicsafety. Recently, the President of the International Association ofChiefs of Police sent a letter to President Clinton expressingsupport for a balanced encryption policy that addresses the publicsafety concerns of law enforcement. Additionally, the NationalSheriff's Association enacted a resolution last month also expressingtheir support for a balanced encryption policy and opposing anylegislative efforts that would undercut the adoption of such abalanced policy.
Since 1992, when AT&T; announced its plan to sell a small,portable telephone device that would provide users with low-cost butrobust voice encryption, public policy issues concerning encryptionhave increasingly has been debated in the United States. Since then,people concerned about privacy, commerce, computer security, lawenforcement, national security, and public safety have participatedin the dialogue regarding cryptography. On the international front,this past December, the multi-national Organization for EconomicCooperation and Development (OECD) meeting in Paris, France, convenedan Experts Group to draft global cryptography principles, thusreflecting an increased global interest in and concern about the useand availability of encryption that can be used to endanger anation's public safety and national security.
In addition, several Members of Congress have also joined thispublic discussion by introducing legislation which essentially wouldremove existing export controls on encryption and which would promotethe widespread availability and use of any type of encryption productregardless of the impact on public safety and national security.However, the impact of these bills, should they be enacted, has notbeen lost on other Members of Congress as reflected in the letters tothe sponsors of both Senate encryption bills by the Chairman andVice-Chairman of the Senate Select Committee on Intelligence.Senators Specter and Kerrey indicated in their letters that they hadconcerns regarding these bills and expressed the opinion, which Ifully endorse, that there is a "... need to balance U.S. economiccompetitiveness with the need to safeguard national securityinterests." To that balance, I would also add public safety andeffective law enforcement.
Without question, the use of strong cryptography is important ifthe Global Information Infrastructure (GII) is to fulfill itspromise. Data must be protected -- both in transit and in storage --if the GII is to be used for personal communications, financialtransactions, medical care, the development of new intellectualproperty, and a virtually limitless number of other applications. Oursupport for robust encryption stems from a commitment to protectingprivacy and commerce.
But we are also mindful of our principal mission responsibilities:protecting America's public safety and national security in themyriad of criminal, terrorist, and espionage cases that confront usevery day. Notwithstanding the accepted benefits of encryption, wehave long argued that the proliferation of unbreakable encryption --because of its ability to completely prevent our Nation's lawenforcement agencies from understanding seized computer files andintercepted criminal communications which have been encrypted andthen being able to promptly act to combat dangerous criminal,terrorist, and espionage activities as well as successfully prosecutethem -- would seriously and fundamentally threaten these critical andcentral public safety interests. The only acceptable answer thatserves all of our societal interests is to foster the use of"socially-responsible" encryption products, products that providerobust encryption, but which also permit timely law enforcement andnational security access and decryption pursuant to court order or asotherwise authorized by law.
Law enforcement is already beginning to encounter the harmfuleffects of conventional encryption in some of our most importantinvestigations:
- In the Aldrich Ames spy case, where Ames was told byhis Soviet handlers to encrypt computer file information to them.
- In a child pornography case, where one of the subjects usedencryption in transmitting obscene and pornographic images ofchildren over the Internet.
- In a major drug-trafficking case, where one of the subjects ofone of the court-ordered wiretaps used a telephone encryption devicewhich frustrated the surveillance.
- Some of the anti-Government Militia groups are now advocatingthe use of encryption as a means of preventing law enforcement fromproperly investigating them.
It is important to understand, as one can see from the cases Ihave cited, that conventional encryption not only can preventelectronic surveillance efforts, which in terms of numbers areconducted sparingly, but it also can prevent police officers on adaily basis from conducting basic searches and seizures of computersand files. Without an ability to promptly decrypt encrypted criminalor terrorist communications and computer files, we in the lawenforcement community will not be able to effectively investigate orprosecute society's most dangerous felons or, importantly, save livesin kidnappings and in numerous other life and death cases. We simplywill not be able to effectively fulfill our mission of protecting theAmerican public.
In a very fundamental way, conventional encryption has the effectof upsetting the delicate legal balance of the Fourth Amendment,since when a judge issues a search warrant it will be of no practicalvalue when this type of encryption is encountered.Constitutionally-effective search and seizure law assumes, and theAmerican public fully expects, that with warrant in hand lawenforcement officers will be able to quickly act upon seizedmaterials to solve and prevent crimes, and that prosecutors will beable to put understandable evidence before a jury. Conventionalencryption virtually destroys this centuries old legal principle.
There is now an emerging opinion throughout much of the world thatthere is only one solution to this national and international publicsafety threat posed by conventional encryption -- that is, key escrowencryption. Key escrow encryption is not just the only solution; itis, in fact, a very good solution because it effectively balancesfundamental societal concerns involving privacy, informationsecurity, electronic commerce, public safety, and national security.On the one hand, it permits very strong, unbreakable encryptionalgorithms to be used, which is essential for the growth of commerceover the GII and for privacy and information security domesticallyand internationally. On the other hand, it permits law enforcementand national security agencies to protect the American public fromthe tyranny of crime and terrorism. We believe, as do many othersthroughout the world, that technology should serve society, not ruleit: and that technology should be designed to promote public safety,not defeat it. Key escrow encryption is that beneficial and balancedtechnological solution.
American manufacturers that employ encryption in their hardwareand software products are undoubtedly the technology leaders in theworld. American industry has the capability of meeting all ofsociety's basic needs, including public safety and national security,and we, as responsible government leaders, should be sending a clearsignal to industry encouraging them to do so. Key escrow encryptionis "win-win" technology for societies worldwide. I know you agreethat it would be irresponsible for the United States, as the world'stechnology leader, to move towards the adoption of a national policythat would knowingly and consciously unleash on a widespread basisunbreakable, non-key escrow encryption products that put citizens inthe U.S. and worldwide at risk.
Unfortunately, in recent months, the nearly exclusive focus of thepublic discussion concerning the encryption issue has been on itscommercial aspects, particularly with regard to removing exportcontrols. This narrow focus ignores the very real threat thatconventional, non-key escrow encryption poses both domestically andinternationally to public safety. We continue actively to seekindustry's cooperation, assistance, and great expertise in producingkey escrow encryption products as a critical part of an overall,balanced, and comprehensive encryption policy that would logicallyinclude an appropriate relaxation of export controls for key escrowproducts.
As for export controls, we have had ongoing discussions withindustry, and industry has articulated the view that export controlsneedlessly hurt U.S. competitiveness overseas. But once again we needto carefully consider the facts and balance a number of competinginterests. Although some strong encryption products can be foundoverseas, they are simply not ubiquitous, and, as of yet, they havenot become embedded in the basic operating systems and applicationsfound overseas.
Importantly, when the U.S. recently let it be known that it wasconsidering allowing the export of encryption stronger than that nowpermitted, several of our close allies expressed strong concerns thatwe would be flooding the global market with unbreakable cryptography,increasing the likelihood of its use by criminal organizations andterrorists throughout Europe and the world, and thereby imperilingthe public safety in their countries. Ironically, the relaxation ofexport controls in the U.S. may well lead to the imposition of importcontrols overseas. The international implications and likelyreactions of foreign governments to the U.S. unilaterally liftingsuch export controls must be fully considered.
Given the fact that the use and availability of robust encryptionis an issue of concern internationally, it is important to understandwhat steps other countries are taking to address these concerns.Recently, France, Russia and Israel have established domesticrestrictions on the import, manufacturer, sale and use of encryptionproducts, as not to endanger their public safety and nationalsecurity. The European Union is moving towards the adoption of a keyrecovery-based key management infrastructure similar to that proposedfor use within the United States. This plan, based upon the conceptof using a "Trusted Third Party," allows for encryption keys to beescrowed with an independent but non-governmental party, thusallowing for lawful government access to such escrowed key pursuantto proper legal authority.
Lastly, we have heard the oft-repeated argument that the "genie isout of the bottle," and that attempts to influence the future use ofcryptography are futile. This is simply not true; and we stronglydisagree. If strong, key escrow encryption products proliferates bothoverseas and domestically which will not interoperate (at least inthe long-term) with non-key escrow products, then escrowed encryptionproducts will become the worldwide standard and will be used byalmost everyone, including the criminal elements, in countriesparticipating in the GII. It is worth noting that we have nevercontended that a key escrow regime, whether voluntarily ormandatorily implemented, would prevent all criminals from obtainingnon-key escrowed encryption products. But even criminals need tocommunicate with others nationally and internationally, including notjust their criminal confederates but also legitimate organizationssuch as banks. Accessible, key escrow encryption products clearlywill be used by most if widely available, inexpensive, easy to use,and interoperable worldwide.
In closing, if one considers the broad range of public safetyresponsibilities that fall upon the law enforcement community, thereis only one responsible course of action that we as governmentleaders must embark upon -- to promote socially responsibleencryption products, products that contain robust cryptography butwhich also provide for timely law enforcement access and decryption-- that is, key escrow encryption. The entire law enforcementcommunity believes not only that the removal of export controls forencryption products that are non law enforcement accessible isunwise, but that such an action would jeopardize our nationalsecurity and the interests and safety of law-abiding citizensworldwide.
We look forward to working with you and your staff on thisdifficult issue and would be pleased to answer any questions youmight have.
Return toEPIC CryptoPages