Senate Judiciary Committee
Holds Hearing on Encryption
(March 17, 1998.) A Senate Committee heard criticism of FBI key escrow demands from industry leaders, legal scholars, and law enforcement today. It also heard from a minor Justice Department official who offered some hope that the Administration might be backing down slightly from its hard line against encryption.
The Senate Judiciary Committee's Subcommittee on the Constitution, Federalism, and Property Rights, held the hearing to "raise awareness about the important privacy interests that are at stake in the debate over encryption policy," said Chairman John Ashcroft (R-MO) at the start of the hearing.
"There has been an insistence that we turn over the keys to our individual privacy to the federal government, but there has been no talk about safeguards or privacy. Apparently, innocent citizens are expected to trust the bureaucracy no to abuse them as the IRS has done by shake down audits, or the FBI by handing over hundreds of sensitive files to political operatives in the White House." Ashcroft.
Rep. Bob Goodlatte (R-VA), the main sponsor of H 695 also testified. The "Security and Freedom through Encryption Act" (SAFE) guarantees the right to use strong encryption, unfettered by mandatory escrow. "The government should no more mandate that folks give the keys to their computer to another person, than it should mandate that folks give someone the keys to their house or their safety deposit box," said Goodlatte.
Administration Position on Encryption
The Administration was represented at the hearing by Robert Litt, a lesser official from the Department of Justice, who testified, "I think we are all looking at this point not to impose mandatory legislation." Responding to a question from Committee member Sen. Russ Feingold (D-WI), Litt claimed that he represented the position of the FBI, which is nominally a subdivision of the Justice Department.
Yet Litt reiterated that the Administration still wants people to use products that "allow for the plaintext of encrypted data to be recovered." (Presumably, by the FBI.) Meanwhile, FBI Director Louis Freeh has made no public statements indicating that he is willing to retreat.
The Committee next heard from industry representatives. Tom Perenty, Director of Data and Communications Security for software giant SyBase Inc., spoke on behalf of Sybase, Americans for Computer Privacy, and the Business Software Alliance. "One of the most important features computer users are demanding is the ability to protect their electronic information and to interact securely worldwide. Medical records. Employee evaluations. Information about credit cards, Internet sales, and bank accounts."
Bill Wiedemann, EVP of RedCreek Communications, a security products maker, criticized restraints on export of strong encryption products. "Controls ... have curtailed this market and have left some with the feeling that the Internet is not yet safe for communications and transactions."
James Fotis, Executive Director of the Law Enforcement Alliance of America came to rebut FBI arguments that mandatory key escrow is good for law enforcement. "If you think this is helping law enforcement, you are dead wrong." "Don't let 1998 be the start of 1984." He explained that "the threat to public safety comes from the lack of encryption; files that are not secure are ripe for theft and misuse."
Legal Objections to Key Escrow
Finally, the Committee heard from a panel which testified that mandatory key escrow would be unconstitutional. Professor Kathleen Sullivan, of Stanford University Law School, said that mandatory escrow violates the Fourth Amendment. It reads:
The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, ..."
She continued that it does not remove the constitutional deficiency to have a third party hold the key, nor to require a subpoena when the FBI wants to seize the key and encrypted data. "A dragnet is a dragnet, even if it is outsourced," Sullivan told Sen. Ashcroft. "It is no answer to say that the Fourth Amendment will be complied with at a later time."
The Committee also heard form Professor Richard Epstein, of the University of Chicago Law School. Epstein is the foremost legal expert on the Takings Clause of the 5th Amendment of Constitution, and the author of Takings: Private Property and the Power of Eminent Domain. The Takings Clause provides that:
"... nor shall private property be taken for public use without just compensation."
The problem with government proposals if the transfer of encryption keys is mandated, some keys will be lost or stolen, and large financial losses will ensue. But since the government proposals also entail immunizing the government and the escrow holders, these loses would go uncompensated. Hence, government takings of private property would result in loses that would not be compensated. This violates the Constitutional rights of the key owners, explained Epstein.
Cindy Cohn, attorney for Daniel J. Bernstein in Bernstein v. Dept. State, also appeared. She recently won a ruling from the U.S. District Court in San Francisco that encryption export restraints constitute an unconstitutional prior restraint of protected free speech under the First Amendment. The Justice Department has filed an appeal with Court of Appeals.
The final witness was Tim Casey of MCI, who said that not only are the proposed encryption restraints unconstitutional, they would "harm the ability of American business to compete with foreign companies" and "undermine the potential of the internet."