Note: for index of full report see: http://jya.com/nrcindex.htm

---------

[Head note all pages: May 30, 1996, Prepublication Copy
Subject to Further Editorial Correction]


                              3

          Needs for Access to Encrypted Information


   Information protected for confidentiality (i.e., encrypted
information) is stored or communicated for later use by
certain parties with the authorization of the original
protector. However, it may happen for various legitimate and
lawfully authorized reasons that other parties may need to
recover this information as well. This chapter discusses needs
for access to encrypted information under exceptional
circumstances for legitimate and lawfully authorized purposes
from the perspectives of businesses, individuals, law
enforcement, and national security. Businesses and individuals
may want access to encrypted data or communications for their
own purposes, and thus may cooperate in using products to
facilitate such access, while law enforcement and national
security authorities may want access to the encrypted data or
communications of criminals and parties hostile to the United
States.


                       3.1 TERMINOLOGY

   It is useful to conceptualize data communications and data
storage using the language of transactions. For example, one
individual may telephone another; the participants in the
transaction are usually referred to as the calling party and
the called party. Or, a person makes a purchase; the
participants are called the buyer and seller. Or, a sender
mails something to the recipient. Adopting this construct,
consider communications in which the first party (Party A)
sends a message and the second party (Party B) receives it.
"Party" does not necessarily imply a person; a "party" can be
a computer system, a communication system, a software process.
In the case of data storage, Party A stores the data, while
Party B retrieves it. Note that Party A and Party B can be the
same party (as is the case when an individual stores a file
for his or her own later use).

   Under some circumstances, a third party may be authorized
for access to data stored or being communicated. For example,
law enforcement authorities may be granted legal authorization
to obtain surreptitious access to a telephone conversation or
a stored data file or record without the knowledge of Parties
A or B. The employer of Party A may have the legal right to
read all data files for which Party A is responsible or to
monitor all communications in which Party A participates.
Party A might inadvertently lose access to a data file and
wish to recover that access.

   In cases when the data involved is unencrypted, the
procedures needed to obtain access can be as simple as
identifying the relevant file name or as complex as seeking a
court order for legal authorization. But when the data
involved is encrypted, the procedures needed to obtain access
will require the possession of certain critical pieces of
information, such as the relevant cryptographic keys.

   Third-party access has many twists and turns. When it is
necessary for clarity of exposition or meaning, this report
uses the phrase "exceptional access" to stress that the
situation is not one that was included within the intended
bounds of the original transaction, but is an unusual
subsequent event. Exceptional access refers to situations in
which an authorized party needs and can obtain the plaintext
of encrypted data (for storage or communications). The word
"exceptional" is used in contrast to the word "routine" and
connotes something unusual about the circumstances under which
access is required.

   Exceptional access can be divided into three generic
categories:

   +    *Government exceptional access* refers to the case in
which government has a need for access to information under
specific circumstances authorized by law. For example, a
person might store data files that law enforcement authorities
need to prosecute or investigate a crime. Alternatively, two
people may be communicating with each other in the planning or
commission of a serious crime. Government exceptional access
thus refers to the government's need to obtain the relevant
information under circumstances authorized by law, and
requires a court order (for access to voice or data
communications) or a subpoena or search warrant (for access to
stored records). Government exceptional access is the focus of
Section 3.2.

   +    *Employer (or corporate) exceptional access* refers to
the case in which an employer (i.e., the corporate employer)
has the legal right to access to information encrypted by an
employee. If an employee who has encrypted a file is
indisposed on a certain day, for example, the company may need
exceptional access to the contents of the file. Alternatively,
an employee may engage in communications whose content the
company may have a legitimate need to know (e.g., the employee
may be leaking proprietary information). Employer exceptional
access would then refer to the company's requirement to obtain
the key necessary to obtain the contents of the file or
communications, and may require the intervention of another
institutional entity. Employer or corporate exceptional access
is the focus of Section 3.5.

   +    *End-user exceptional access* refers to the case in
which the parties primarily intended to have access to
plaintext have lost the means to obtain such access. For
example, a single user may have stored a file for later
retrieval, but encrypted it to ensure that no other party
would have access to it while it was in storage. However, the
user might also lose or forget the key used to encrypt that
file. End-user exceptional access refers to such a user's
requirement to obtain the proper key, and may require that the
individual who has lost a key prove his identify to a party
holding the backup key and verify his authorization to obtain
a duplicate copy of his key. End-user exceptional access is
also discussed in Section 3.5.

   The need for exceptional access when the information stored
or communicated is encrypted has led to an examination of a
concept generically known as escrowed encryption (the subject
of Chapter 5), which, loosely speaking, uses agents other than
the parties participating in the communication or data storage
to hold copies of or otherwise have access to relevant
cryptographic keys "in escrow" so that needs for end-user,
corporate, and government exceptional access can be met; these
agents are called escrow agents.


     3.2 LAW ENFORCEMENT: INVESTIGATION AND PROSECUTION


   Obtaining information (both evidence and intelligence) has
always been a central element in the conduct of law
enforcement investigations and prosecutions. Accordingly,
criminals have always wished to protect the information
relevant to their activities from law enforcement authorities.


          3.2.1 The Value of Access to Information
                     for Law Enforcement

   Many criminals keep records related to their activities;
such records can be critical to the investigation and
prosecution of criminal activity. For example, criminals
engaged in white-collar crimes such as fraud often leave paper
trails that detail fraudulent activities; drug dealers often
keep accounting records of clients, drop-offs, supplies, and
income. Reconstruction of these paper trails is often a
critical element in building a case against these individuals.
The search-and-seizure authority of law enforcement to obtain
paper records is used in a large fraction of criminal cases.
Law enforcement officials believe that wiretapping is a
crucial source for information that could not be obtained in
any other way or obtained only at high risk (Box 3.2). For
example, the FBI has testified that

   [w]ithout law enforcement's ability to effectively execute
   court orders for electronic surveillance, the country would
   be unable to protect itself against foreign threats,
   terrorism, espionage, violent crime, drug trafficking,
   kidnapping, and other crimes. We may be unable to intercept
   a terrorist before he sets off a devastating bomb; unable
   to thwart a foreign spy before he can steal secrets that
   endanger the entire country; and unable to arrest drug
   traffickers smuggling in huge amounts of drugs that will
   cause widespread violence and death. Court-approved
   electronic surveillance is of immense value, and often is
   the only way to prevent or solve the most serious crimes
   facing today's society.(1)

   Criminals often discuss their past criminal activity and
plans for future criminal activity with other parties.
Obtaining "inside information" on such activities is often a
central element of building a case against the perpetrators.
A defendant that describes in his own words how he committed
a crime or the extent to which he was involved in it gives
prosecutors a powerful weapon that juries tend to perceive as
fair.(2)

   Other methods of obtaining "inside information" have
significant risks associated with them:

   +    Informants are often used to provide inside
information. However, the credibility of informants is often
challenged in court, either because the informants have shady
records themselves or because they may have made a deal with
prosecutors by agreeing to serve as informants in return for
more lenient treatment.(3) By contrast, challenges to evidence
obtained through wiretaps are far more frequently based on
their admissibility in court rather than their intrinsic
credibility. Informants may also be more difficult to find
when a criminal group is small in size.

   +    Surreptitiously planted listening devices are also
used to obtain inside information. However, they generally
obtain only one side of a conversation (use of a speaker-phone
presents an exception). Further, since listening devices
require the use of an agent to plant them, installation of
such devices is both highly intrusive (arguably more so than
wiretapping) for the subject of the device and risky for the
planting agent. Requests for the use of such devices are
subject to the same judicial oversight and review as wiretaps.

   This discussion is not intended to suggest that wiretaps
are a perfect source of information and always useful to law
enforcement. An important difficulty in using wiretaps is that
context is often difficult for listeners to establish when
they are monitoring a telephone conversation that assumes
shared knowledge between the communicators.(4)

   Because of the legal framework regulating wiretaps, and the
fact that communications are by definition transient whereas
records endure, wiretapping is used in far fewer criminal
cases than is seizure of records. Although the potential
problems of denying law enforcement access to communications
has been the focus of most of the public debate, encryption of
data files in a way that denies law enforcement authorities
access to data files relevant to criminal activity arguably
presents a much larger threat to their capabilities.

----------

   (1)  Statement of James K. Kallstrom, Special Agent in
Charge, Special Operations Division, New York Field Division,
Federal Bureau of Investigation on "Security Issues in
Computers and Communications," before the Subcommittee on
Technology, Environment, and Aviation of the Committee on
Science, Space, and Technology, U.S. House of Representatives,
May 3, 1994.

   (2)  For example, see Edward Walsh, "Reynolds Guilty on All
Counts," *Washington Post*, August 23, 1995, p. 1.

   (3)  See for example, Sharon Walsh, "Whistle-Blower
Quandry: Will Testimony Fly?," *Washington Post*, August 23,
1995, p. F-3; Richard Perez-Pena, "An Informer's Double Life:
Blows Come from 2 Sides," *New York Times*, October 15, 1995,
p. 35; Joseph P. Fried, "Undermining a Bomb-Trial Witness,"
*New York Times*, April 9, 1995, p. 42; and Stephen Labaton,
"The Price Can Be High for Talk That's Cheap," *New York
Times*, Week in Review, April 2, 1995, p. 3.

   (4)  Indeed, in some instances, wiretap evidence has been
used to *exculpate* defendants. See for example, Peter Marks,
"When the Best Defense is the Prosecution's Own Tapes," *New
York Times*, June 30, 1995, p. D-20. According to Roger Shuy,
professor of linguistics at Georgetown University, there are
many difficulties in ascribing meaning to particular
utterances that may be captured on tape recordings of
conversations. See Roger Shuy, *Language Crimes*, Blackwell
Publishers, Cambridge, Mass., 1993. Shuy's book is mostly
focused on tapes made by "wires" carried by informants or
"bugs" placed near a subject, but the basic principle is the
same.

____________________________________________________________


      3.2.2 The Legal Framework Governing Surveillance

   An evolving legal framework governs the authority of
government authorities to undertake surveillance of
communications that take place within the United States or
that involve U.S. persons. Surveillance within the United
States is authorized only for certain legislatively specified
purposes: the enforcement of certain criminal statutes and the
collection of foreign intelligence. A more extended
description of this framework (with footnoted references) is
contained in Appendix D.


Domestic Communications Surveillance
for Domestic Law Enforcement Purposes

   Communications surveillance can involve surveillance for
traffic analysis and/or surveillance for content; these
separate activities are governed by different laws and
regulations. Traffic analysis, a technique that establishes
patterns of connections and communications, is performed with
the aid of pen registers that record the numbers dialed from
a target telephone, and trap-and-trace devices that identify
the numbers of telephones from which calls are placed to the
target telephone. Orders for the use of these devices may be
requested by any federal attorney and granted by any federal
district judge or magistrate, and are granted on a more or
less pro forma basis.

   Surveillance of communications for content for purposes of
domestic law enforcement is governed by Title 18, United
States Code, Sections 2510-2521 concerning "wire and
electronic communications interceptions and interception of
all communications," generally known as Title III. These
sections of the U.S. code govern the use of listening devices
(usually known as "bugs"); wiretaps of communications
involving human speech (called "oral communications" in Title
III) carried over a wire or wire-like cable, including optical
fiber; and other forms of electronically transmitted
communication, including various forms of data, text, and
video that may be communicated between or among people as well
as computers or communications devices. Under Title III, only
certain federal crimes may be investigated (e.g., murder,
kidnapping, child molestation, racketeering, narcotics
offenses) through the interception of oral communications. In
addition, 37 states have passed laws that are similar to Title
III, but they include such additional restrictions as allowing
only a fixed number of interceptions per year (Connecticut) or
only for drugrelated crimes (California). State wiretaps
account for the majority of wiretaps in the United States.

   Surveillance of oral communications governed under Title
III in general requires a court order (i.e., a warrant)
granted at the discretion of a judge.(5) Because electronic
surveillance of oral communications is both inherently
intrusive and clandestine, the standards for granting a
warrant for such surveillance are more stringent than those
required by the Fourth Amendment. These additional
requirements are specified in Title III and are enforced by
criminal and civil penalties applicable to law enforcement
officials or private citizens, and by a statutory exclusionary
rule that violations of the central features of requirements
may lead to suppression of evidence in a later trial, even if
such evidence meets the relevant Fourth Amendment test.

   Because of the resources required, the administrative
requirements for the application procedure, and the legal
requirement that investigators exhaust other means of
obtaining information, wiretaps are not often used.
Approximately 1,000 orders (both federal and state) are
authorized yearly (a number small compared to the number of
felonies investigated, even if such felonies are limited to
those specified in Title III as eligible for investigation
with wiretaps).(6) About 2,500 conversations are intercepted
per order, and the total number of conversations intercepted
is a very small fraction of the annual telephone traffic in
the United States.

   Surveillance of nonvoice communications, including fax and
electronic communications, is also governed by Title III.(7)
The standard for obtaining an intercept order for electronic
communications is less stringent than that for intercepting
voice communications. For example, any federal felony may be
investigated through electronic interception. In addition, the
statutory exclusionary rule of Title III for oral and wire
communications does not apply to electronic communications.

   Despite the legal framework outlined above, it is
nevertheless possible that unauthorized or unlawful
surveillance, whether undertaken by rogue law enforcement
officials or overzealous private investigators, also occurs.
Concerns over such activity are often expressed by critics of
the current administration policy, and they focus on two
scenarios:

   +    With current telephone technology, it is sometimes
technically possible for individuals (e.g., private
investigators, criminals, rogue law enforcement personnel) to
undertake wiretaps on their own initiative (e.g., by placing
alligator clips on the proper terminals in the telephone box
of an apartment building). Such wiretaps would subject the
personnel involved to Title III criminal penalties, but
detection of such wiretaps might well be difficult. On the
other hand, it is highly unlikely that such a person could
obtain the cooperation of major telephone service providers
without a valid warrant or court order, and so these wiretaps
would have to be conducted relatively close to the target's
telephone, and not in a telephone switching office.

   +    Information obtained through a wiretap in violation of
Title III can be suppressed in court, but such evidence may
still be useful in the course of an investigation.
Specifically, such evidence may cue investigators regarding
specific areas that would be particularly fruitful to
investigate, and if the illegal wiretap is never discovered,
a wiretap that provides no court-admissible evidence may still
prove pivotal to an investigation.(8) (Even if it is
discovered, different judges apply the doctrine of discarding
"the fruit of the poisonous tree" with different amounts of
rigor.)

   The extent to which these and similar scenarios actually
occur is hard to determine. Information provided by the FBI to
the committee indicates a total of 187 incidents of various
types (including indictment/complaints and convictions/
pretrial diversions) involving charges of illegal electronic
surveillance (whether subsequently confimed or not) over the
past 5 fiscal years (1990 through 1994).(9)

----------

   (5)  Emergency intercepts may be performed without a
warrant in certain circumstances, such as physical danger to
a person or conspiracy against the national security. There
has been "virtually no use" of the emergency provision, and
its constitutionality has not been tested in court. Wayne R.
LaFave and Jerold H. Israel, *Criminal Procedure*, West
Publishing Company, St. Paul, Minnesota, 1992, p. 254.

   (6)  Some analysts critical of the U.S. government position
on wiretaps have suggested that the actual distribution of
crimes investigated under Title Ill intercept or surveillance
orders may be somewhat inconsistent government claims of the
high value of such orders. (See, for example, testimony of
David B. Kopel, Cato Institute, "Hearings on Wiretapping and
Other Terrorism Proposals," Committee on the Judiciary, U.S.
Senate, May 24, 1995, also available on line at
http://www.cato.org/ct5-24-5.html.) For example, Table D.3 in
Appendix D indicates that no cases involving arson,
explosives, or weapons were investigated using Title III
wiretaps in 1988. The majority of Title III orders have
involved drug and gambling crimes.

   (7)  Note that when there is no reasonable expectation of
privacy, law enforcement officials are not required to
undertake any special procedure to monitor such
communications. For example, a law enforcement official
participating in an on line "chat" group is not required to
identify himself as such, nor must he obtain any special
permission at all monitor the traffic in question. However, as
a matter of policy, the FBI does not systematically monitor
electronic forums such as Internet relay chats.

   (8)  Such concerns are raised by reports of police
misconduct as described in Chapter 1.

   (9)  The committee recognizes the existence of controversy
over the question of whether such reports should be taken at
face value. For example, critics of the U.S. government who
believe that law enforcement authorities are capable of
systematically abusing wiretap authority argue that law
enforcement authorities would not be expected to report
figures that reflected such abuse. Alternatively, it is also
possible that cases of improper wiretaps are in fact more
numerous than reported and have simply not come to the
attention of the relevant authorities. The committee discussed
such matters and concluded that it had no reason to believe
that the information it received on this subject from law
enforcement authorities was in any way misleading.

____________________________________________________________


Domestic Communications Surveillance
for Foreign Intelligence Purposes

   The statute governing interception of electronic
communications for purposes of protecting national security is
known as the Foreign Intelligence Surveillance Act (FISA),
which has been codified as Sections 1801 to 1811 in Title 18
of the U.S. Code. Passed in 1978, FISA was an attempt to
balance Fourth Amendment rights against the constitutional
responsibility of the executive branch to maintain national
security. FISA is relevant only to communications occurring at
least partly within the United States (wholly, in the case of
radio communications), although listening stations used by
investigating officers may be located elsewhere, and FISA
surveillance may be performed only against foreign powers or
their agents. Interception of communications, when the
communications occur entirely outside the United States,
whether or not the participants include U.S. persons, is not
governed by FISA, Title III, or any other statute. However,
when a U.S. person is outside the United States, Executive
Order 12333 governs any communications intercepts targeted
against such individuals.

   The basic framework of FISA is similar to that of Title
III, with certain important differences, among which are the
following:

   +    The purpose of FISA surveillance is to obtain foreign
intelligence information, defined in terms of U.S. national
security, including defense against attack, sabotage,
terrorism, and clandestine intelligence activities, among
others. The targeted communications need not relate to any
crime or be relevant as evidence in court proceedings.

   +    In most instances, a FISA surveillance application
requires a warrant based on probable cause that foreign
intelligence information will be collected.(10) Surveillance
of a U.S. person (defined as a U.S. citizen, U.S. corporation
or association, or legal resident alien) also requires
probable cause showing that the person is acting as a foreign
agent. Political and other activities protected by the First
Amendment may not serve as the basis for treating a U.S.
person as a foreign agent.

   +    Targets of FISA surveillance might never be notified
that communications have been intercepted.

   Since 1979, there have been an average of over 500 FISA
orders per year. In 1992, 484 were issued. Other information
about FISA intercepts is classified.

----------

   (10) Surveillance may take place without a court order for
up to 1 year if the Attorney General certifies that there is
very little likelihood of intercepting communications
involving U.S. persons and that the effort will target
facilities used exclusively by foreign powers. Under limited
circumstances, emergency surveillance may be performed before
a warrant is obtained. Clifford S. Fishman, *Wiretapping and
Eavesdropping: Cumulative Supplement*, Clark Boardman
Callaghan, Deerfield, Ill., November 1994 sections 361, 366.

____________________________________________________________


           3.2.3 The Nature of Surveillance Needs
                     of Law Enforcement

   In cooperation with the National Technical Investigators
Association, the FBI has articulated a set of requirements for
its electronic surveillance needs (Box 3.3). Of course, access
to surveillance that does not meet all of these requirements
is not necessarily useless. For example, surveillance that
does not meet the transparency requirement may still be quite
useful in certain cases (e.g., if the subjects rationalize the
lack of transparency as "static on the line"). The basic point
is that these requirements constitute a set of continuous
metrics by which the quality of a surveillance capability can
be assessed, rather than a list that defines what is or is not
useful surveillance. Of these requirements, the real-time
requirement is perhaps the most demanding. The FBI has noted
that

   [s]ome encryption products put at risk efforts by federal,
   state and local law enforcement agencies to obtain the
   contents of intercepted communications by precluding
   real-time decryption. Real-time decryption is often
   essential so that law enforcement can rapidly respond to
   criminal activity and, in many instances, prevent serious
   and life-threatening criminal acts.(11)

   Real-time surveillance is generally less important for
crimes that are prosecuted or investigated than for crimes
that are prevented because of the time scales involved.
Prosecutions and investigations take place on the time scales
of days or more, whereas prevention may take place on the time
scale of hours. In some instances, the longer time scale is
relevant: because Title III warrants can be issued only when
"probable cause" exists that a crime has been committed, the
actual criminal act is committed before the warrant is issued,
and thus prevention is no longer an issue. In other instances,
information obtained under a valid Title III warrant issued to
investigate a specific criminal act can be used to prevent a
subsequent criminal act, in which case the shorter time scale
may be relevant. The situation is similar under FISA, in which
warrants need not necessarily be obtained in connection with
any criminal activity. A good example is terrorism cases, in
which it is quite possible that real-time surveillance could
provide actionable information useful in thwarting an imminent
terrorist act.

----------

   (11) Statement of James K. Kallstrom, Special Agent in
Charge, Special Operations Division, New York Field Division,
Federal Bureau of Investigation on "Security Issues in
Computers and Communications," before the Subcommittee on
Technology, Environment, and Aviation of the Committee on
Science, Space, and Technology, U.S. House of Representatives,
May 3, 1994. An illustrative example is an instance in which
the FBI was wiretapping police officers who were allegedly
guarding a drug shipment. During that time, the FBI overheard
a conversation between the police chief and several other
police officials that the FBI believes indicated a plot to
murder a certain individual who had previously filed a police
brutality complaint against the chief. (However, the FBI was
unable to decode the police chief's "street slang and police
jargon" in time to prevent the murder.) See Paul Keegan, "The
Thinnest Blue Line," *New York Times Magazine*, March 31,
1996, pp. 32-35.

____________________________________________________________


       3.2.4 The Impact of Cryptography and New Media
      on Law Enforcement (Stored and Communicated Data)

   Cryptography can affect information collection by law
enforcement officials in a number of ways. However, for
perspective, it is important to keep in mind a broader context
-- namely that advanced information technologies (of which
cryptography is only one element) have potential impacts
across many different dimensions of law enforcement; Box 3.4
provides some discussion of this point.


Encrypted Communications

             As far as the committee has been able to determine,
criminal use of digitally encrypted voice communications has
not presented a significant problem to law enforcement to
date.(12) On rare occasions, law enforcement officials
conducting a wiretap have encountered "unknown signals" that
could be encrypted traffic or simply a data stream that was
unrecognizable to the intercept equipment. (For example, a
high-speed fax transmission might be transported on a
particular circuit; a monitoring agent might be unable to
distinguish between the signal of the fax and an encrypted
voice signal with the equipment available to him.)

   The lack of criminal use of encryption in voice
communications most likely reflects the lack of use of
encryption by the general public. Moreover, files are more
easily encrypted than communications, simply because the use
of encrypted communications presumes an equally sophisticated
partner, whereas only one individual must be knowledgeable to
encrypt files. As a general rule, criminals are most likely to
use what is available to the general public, and the
encryption available to and usable by the public has to date
been minimal. At the same time, sophisticated and wealthy
criminals (e.g., those associated with drug cartels) are much
more likely to have access to and to use cryptography.(13)

   In data communications, one of the first publicized
instances of law enforcement use of a Title III intercept
order to monitor a suspect's electronic mail occurred in
December 1995, when the customer of an on-line service
provider was the subject of surveillance during a criminal
investigation.(14) E-mail is used for communications; a
message is composed at one host, sent over a communications
link, and stored at another host. Two opportunities exist to
obtain the contents of an e-mail message -- the first while
the message is in transit over the communications link, and
the second while it is resident on the receiving host. From a
technical perspective, it is much easier to obtain the message
from the receiving host, and this is what happened in the
December 1995 instance. (Appendix D contains more detail on
how electronic communications are treated under Title III.)

   Federal law enforcement authorities believe that encryption
of communications (whether voice or data) will be a
significant problem in the future. FBI Director Louis Freeh
has argued that "unless the issue of encryption is resolved
soon, criminal conversations over the telephone and other
communications devices will become indecipherable by law
enforcement. This, as much as any issue, jeopardizes the
public safety and national security of this country. Drug
cartels, terrorists, and kidnappers will use telephones and
other communications media with impunity knowing that their
conversations are immune from our most valued investigative
technique." l5 In addition, the initial draft of the digital
telephony bill called for telephone service providers to
deliver the plaintext of any encrypted communications they
carried, a provision that was dropped in later drafts of the
bill.(16)

----------

   (12) In this regard, it is important to distinguish between
"voice scramblers" and encrypted voice communications. Voice
scramblers are a relatively old and widely availab]e
technology for concealing the contents of a voice
communication; they transform the analog waveform of a voice
and have nothing to do with encryption per se. True encryption
is a transformation of digitally represented data. Voice
scramblers have been used by criminals for many years, whereas
devices for digital encryption remain rare.

   (13) For example, police raids in Colombia on offices of
the Cali cartel resulted in the seizure of advanced
communications devices, including radios that distort voices,
videophones to provide visual authentication of callers'
identities, and devices for scrambling computer modem
transmissions. The Colombian defense minister was quoted as
saying that the CIA had told him that the technological
sophistication of the Cali cartel was about equal to that of
the KGB at the time the Soviet Union's collapse. See James
Brooke, "Crackdown Has Cali Drug Cartel on the Run," *New York
Times*, June 27, 1995, p. A-1.

   (14) See Gautam Naik, "U.S., Using E-Mail Tap, Charges
Three with Operating Cellular-Fraud Ring," *Wall Street
Journal*, January 2, 1996, p. B-16.

   (15) See the Prepared Statement of Louis J. Freeh,
Director, Federal Bureau of Investigation, for the Federal
Drug Law Enforcement Hearing before the House Judiciary
Committee, Subcommittee on Crime, U.S. House of
Representatives, March 30, 1995.

   (16) The final bill provides that "a telecommunications
carrier shall not be responsible for decrypting, or ensuring
the government's ability to decrypt, any communication
encrypted by a subscriber or customer, unless the encryption
was provided by the carrier and the carrier possesses the
information necessary to decrypt the communication."

____________________________________________________________


Encrypted Data Files

   Encryption by criminals of computer-based records that
relate to their criminal activity is likely to pose a
significant problem for law enforcement in the future. FBI
Director Freeh has noted publicly(17) two instances in which
encrypted files have already posed a problem for law
enforcement authorities: a terrorist case in the Philippines
involving a plan to blow up a U.S. airliner as well as a plan
to assassinate the Pope in late 1994,(18) and the "Innocent
Images" child pornography case of 1995 in which encrypted
images stood in the way of grand jury access procedures.(19)
Furthermore, Director Freeh told the committee that the use of
stored records in criminal prosecutions and investigations was
much more frequent than the use of wiretaps.

   The problem of encrypted data files is similar to the case
in which a criminal keeps books or records in a code or a
language that renders them unusable to anyone else -- in both
instances, the cooperation of the criminal (or someone else
with access to the key) is necessary to decipher the records.
The physical records as well as any recorded version of the
key, if such a record exists, are available through a number
of standard legal mechanisms, including physical search
warrants and subpoenas. On the other hand, while the nature of
the problem itself is the same in both instances, the ease and
convenience of electronic encryption, especially if performed
automatically, may increase the frequency with which
encryption is encountered and/or the difficulties faced by law
enforcement in cryptanalyzing the material in question without
the cooperation of the criminal.

   Finally, the problem of exceptional access to stored
encrypted information is more easily solved than the problem
of exceptional access to encrypted communications. The reason
is that for file decryption, the time constraints are
generally less stringent. A file may have existed for many
days or weeks or even years, and the time within which
decryption is necessary (e.g., to build a criminal case) is
measured on the time scale of investigatory activities; by
contrast, the relevant time scale in the case of decrypting
communications may be the time scale of operations, which
might be as short as minutes or hours.

----------

   (17) Speech of FBI Director Louis Freeh, before the
International Cryptography Institute, Washington, D.C.,
September 21, 1995.

   (18) A general discussion of this case is found in Phillip
Shenon, "World Trade Center Suspect Linked to Plan to Blow Up
2 Planes," *New York Times*, March 26, 1995, p. 37.

   (19) A general discussion of the Innocent Images case is
found in Kara Swisher, "On-Line Child Pornography Charged As
12 Are Arrested," *Washington Post*, September 14, 1995, p. 1.

____________________________________________________________


      3.3 NATIONAL SECURITY AND SIGNALS INTELLIGENCE(20)


   Cryptography is a two-edged sword for U.S. national
security interests. Cryptography is important in maintaining
the security of U.S. classified information (Appendix I), and
the U.S. government has developed its own cryptographic
systems to meet these needs. At the same time, the use of
cryptography by foreign adversaries also hinders U.S.
acquisition of communications intelligence. This section
discusses the latter. (Appendix F contains a short primer on
intelligence.)


         3.3.1 The Value of Signals Intelligence(21)

   Signals intelligence (SIGINT) is a critically important arm
of U.S. intelligence, along with imagery intelligence (IMINT)
and intelligence information collected directly by people,
i.e., human intelligence (HUMINT). SIGINT also provides timely
tip-off and guidance to IMINT and HUMINT collectors and is, in
turn, tipped off by them. As in the case of law enforcement,
the information contained in a communications channel treated
by an opponent as secure is likely to be free of intentional
deception.

   The committee has received both classified and unclassified
assessments of the current value of SIGINT and finds that the
level of reporting reflects a continuing capability to produce
both tactical and strategic information on a wide range of
topics of national intelligence interest. SIGINT production is
responding to the priorities established by Presidential
Decision Directive 35. As publicly described by President Bill
Clinton in remarks made to the staff of the CIA and
Intelligence Community, the priorities are as follows:

   +    "First, the intelligence need of our military during
an operation ...,

   +    Second, political, economic and military intelligence
about countries hostile to the United States. We must also
compile all-source information on major political and economic
powers with weapons of mass destruction who are potentially
hostile to us,

   +    Third, intelligence about specific trans-national
threats to our security, such as weapons proliferation,
terrorism, drug trafficking, organized crime, illicit trade
practices and environmental issues of great gravity."(22)

   SIGINT is one valuable component of the overall U.S.
intelligence capability. It makes important contributions to
ensure an informed, alert, and secure environment for U.S. war
fighters and policy makers.

----------

   (20) One note on terminology: In the signals intelligence
community, the tenn "access" is used to refer to obtaining the
desired signals, whether those signals are encrypted or not.
This use conflicts with the usage adopted in this report, in
which "access" generally means obtaining the information
contained in a signal (or message or file).

   (21) This report deals only with the communications
intelligence (COMINT) aspects of SIGINT; see Appendix F for a
discussion of electronic intelligence (ELINT) and its
relationship to COMINT.

   (22) Office of the Press Secretary, The White House,
"Remarks by the President to Staff of the CIA and Intelligence
Community," Central Intelligence Agency, McLean, Virginia,
July 14, 1995.

____________________________________________________________


SIGINT Support of Military Operations

   SIGINT is important to both tactical and strategic
intelligence. Tactical intelligence provides operational
support to forces in the field, whether these forces are
performing military missions or international law enforcement
missions (e.g., as in drug eradication raids in Latin America
conducted in cooperation with local authorities). The tactical
dimensions were most recently demonstrated in the Gulf War
through a skillfully orchestrated interaction of SIGINT,
IMINT, and HUMINT that demonstrated the unequaled power of
U.S. intelligence. SIGINT produced timely command and control
intelligence and specific signal information to support
electronic warfare; IMINT provided precise locating
information to permit precision bombing, together with HUMINT;
SIGINT and IMINT provided the field commands with an
unprecedented degree of battlefield awareness.

   History also demonstrates many instances in which SIGINT
has proven decisive in the conduct of tactical military
operations. These instances are more easily identified now
because the passage of time has made the information less
sensitive.

   +    The American naval victory at the Battle of Midway and
the destruction of Japanese merchant shipping resulted, in
part, from Admiral C.W. Nimitz's willingness to trust the
SIGINT information he received from his intelligence staff.
General George Marshall wrote that as the result of this
SIGINT information, "we were able to concentrate our limited
forces to meet [the Japanese] naval advance on Midway when
otherwise we almost certainly would have been some 3,000 miles
out of place."(23)

   +    The shoot-down in April 1943 of the commander-in-chief
of the Japanese Navy, Admiral Isoroku Yamamoto, was the direct
result of a signals intercept that provided his detailed
itinerary for a visit to the Japanese front lines.(24)

   +    The U.S. Navy was able to compromise the operational
code used by German U-boats in the Atlantic in 1944, with the
result that large numbers of such boats were sunk.(25)

   +    Allied intercepts of German army traffic were
instrumental in the defense of the Anzio perimeter in Italy in
February 1944, a defense that some analysts believe was a
tuming point in the Italian campaign; these intercepts
provided advance knowledge of the German timing, direction,
and weight of assault, and enabled Allied generals to
concentrate their resources in the appropriate places.(26)

   While these examples are 50 years old, the nature of
warfare is not so different today as to invalidate the utility
of successful SIGINT. A primary difference between then and
now is that the speed of warfare has increased substantially,
placing a higher premium on real-time or near-real-time
intercepts. Since the end of World War II, SIGINT has provided
tactical support to every military operation involving U.S.
forces.

   Other types of tactical intelligence to which SIGINT can
contribute include indications and warning efforts (detecting
an adversary's preparations to undertake armed hostilities);
target identification, location, and prioritization (what
targets should be attacked, where they are, and how important
they are); damage assessment (how much damage an attacked
target sustained); and learning the enemy's rules of
engagement (under what circumstances an adversary is allowed
to engage friendly forces).

----------

   (23) A good discussion of these topics is given in Kahn,
*The Codebreakers*, 1967, pp. 561-573 (Midway) and pp. 593-594
(merchant shipping).

   (24) See Kahn, *The Codebreakers*, 1967, pp. 595-601.

   (25) Kahn, *The Codebreakers*, 1967, pp 504-507.

   (26) See Ralph Bennett, *Ultra and Mediterranean Strategy*,
William Morrow and Company, New York, 1989, pp. 265-269.

   (27) See Kahn. *The Codebreakers*, 1967, pp. 358-359.

____________________________________________________________


SIGINT Support of Strategic Intelligence

   Strategic (or national) intelligence is intended to provide
analytical support to senior policy makers, rather than field
commanders. In this role, strategic or national intelligence
serves foreign policy, national security, and national
economic objectives. Strategic intelligence focuses on foreign
political and economic events and trends, as well as on
strategic military concerns such as plans, doctrine,
scientific and technical resources, weapon system
capabilities, and nuclear program development. History also
demonstrates the importance of SIGINT in a diplomatic,
counter-intelligence, and foreign policy context:

   +    In the negotiations following World War I over a
treaty to limit the tonnage of capital ships (the Washington
Conference on Naval Arms Limitations), the U.S. State
Department was able to read Japanese diplomatic traffic
instructing its diplomats. One particular decoded intercept
provided the bottom line in the Japanese position, information
that was useful in gaining Japanese concessions.(27)

   +    Recently Director of Central Intelligence John Deutch
unveiled the so-called VENONA material, decrypted Soviet
intelligence service messages of the mid-1940s that revealed
Soviet espionage against the U.S. atomic program.(28)
Intelligence about the Cuban missile crisis has been released.
Although primarily a story about U-2 photography, the role of
SIGINT is included as well.

   +    Decrypted intercepts of allied communications in the
final months of World War II played a major role in assisting
the United States to achieve its goals at the conference
called to decide on the United Nations charter. American
policy makers knew the negotiating positions of nearly all of
the participating nations and thus were able to control the
debate to a considerable degree.(29)

   +    During the Cold War, SIGINT provided information about
adversary military capabilities, weapons production, command
and control, force structure and operational planning, weapons
testing, and activities of missile forces and civil defense.

   In peacetime as in combat, each of the intelligence
disciplines can contribute critical information in support of
national policy. Former Director of Central Intelligence
Admiral Stansfield Turner has pointed out that "[e]lectronic
intercepts may be even more useful [than human agents] in
discerning intentions. For instance, if a foreign official
writes about plans in a message and the United States
intercepts it, or if he discusses it and we record it with a
listening device, those verbatim intercepts are likely to be
more reliable than second-hand reports from an agent."(30) He
also noted that "as we increase emphasis on securing economic
intelligence, we will have to spy on the more developed
countries -- our allies and friends with whom we compete
economically -- but to whom we turn first for political and
military assistance in a crisis. This means that rather than
instinctively reaching for human, on-site spying, the United
States will want to look to those impersonal technical
systems, primarily satellite photography and intercepts."(31)

   Today, the United States conducts the largest SIGINT
operation in the world in support of information relevant to
conventional military threats; the proliferation of weapons of
mass destruction; terrorism; enforcement of international
sanctions; protection of U.S. economic and trade interests;
and political and economic developments abroad.

   +    U.S. intelligence has been used to uncover unfair
trade practices (as determined by U.S. law and custom) of
other nations whose industries compete with U.S. businesses,
and has helped the U.S. government to ensure the preservation
of a level economic playing field. According to the NSA, the
economic benefits of SIGINT contributions to U.S. industry
taken as a whole have totaled tens of billions of dollars over
the last several years.

   +    In sanctions-monitoring and enforcement, intelligence
intercepts of Serbian communications are reported to have been
the first indication for U.S. authorities that an F-16 pilot
enforcing a no-fly zone over Serbia and shot down in June 1995
was in fact alive,(32) and an important element in his rescue.
If the pilot had indeed been captured, U.S. options in Serbia
could have been greatly constrained.

   +    SIGINT that has been made public or that has been
tacitly acknowledged includes information about the shoot-down
of the Korean airliner KAL 007 on September 1, 1983, and the
bombing of La Belle Discotheque in West Berlin ordered by
Libya in April 1986.

   +    In foreign policy, accurate and timely intelligence
has been, and remains vital to, U.S. efforts to avert
conflicts between nations.

   +    In September 1988, President Ronald Reagan made the
decision to disclose NSA decrypts of Iraqi military
communications "to prove that, despite their denials, Iraqi
armed forces had used poison gas against the Kurds."(33)

   The information provided by SIGINT has helped to produce
information on weapons proliferation, providing indications of
violations of treaties or embargo requirements. SIGINT has
collected information on international terrorism and foreign
drug trafficking, thereby assisting in the detection of drug
shipments intended for delivery to the United States.

   Similarly, such information will continue to be a source of
important economic intelligence.

   In conducting these intelligence-gathering operations, a
wide variety of sources may be targeted, including the
communications of governments, nongovernment institutions, and
individuals. For example, banking is an international
enterprise, and the U.S. government may need to know about
flows of money for purposes of counter-terrorism or sanctions
monitoring.

   Although the value of SIGINT to military operations and to
law enforcement is generally unquestioned, senior decision
makers have a wide range of opinions on the value of strategic
and/or political intelligence. Some decision makers are
voracious consumers of intelligence reports. They believe that
the reports they receive provide advance notice of another
party's plans and intentions, and that their own decisions are
better for having such information. These decision makers find
that almost no amount of information is too much, and any
given piece of information has the potential to be helpful.

   To illustrate the value of SIGINT to some senior policy
makers, it is helpful to recall President Clinton's remarks to
the intelligence community on July 14, 1995, at the CIA: he
said that "in recent months alone you warned us when Iraq
massed its troops against the Kuwaiti border. You provided
vital support to our peacekeeping and humanitarian missions in
Haiti and Rwanda. You helped to strike a blow at a Colombian
drug cartel. You uncovered bribes that would have cheated
American companies out of billions of dollars." On a previous
occasion, then-President George Bush gave his evaluation of
SIGINT when he said that "... over the years I've come to
appreciate more and more the full value of SIGINT. As
President and Commander-in-Chief, I can assure you, signals
intelligence is a prime factor in the decision making process
by which we chart the course of this nation's foreign
affairs."(34)

   Some policy makers, generally less senior than the
President, have stated that while intelligence reports are
occasionally helpful, they do not in general add much to their
decision-making ability because they contribute to information
overload, are not sufficiently timely in the sense that the
information is revealed shortly in any event, lack necessary
context-setting information, or do not provide much
information beyond that available from open sources. Even
among the members of the committee who have served in senior
government positions, this range of opinion is
represented.(35)

   The perceived value of strategic SIGINT (as with many other
types of intelligence) depends largely on the judgment and
position of the particular individuals whom the intelligence
community is serving. These individuals change over time as
administrations come and go, but intelligence capabilities are
built up over a time scale longer than the election cycle. The
result is that the intelligence community gears itself to
serve those decision makers who will demand the most from it,
and is loath to surrender sources and/or capabilities that may
prove useful to decision makers.

   Since the benefits of strategic intelligence are so
subjective, formal cost-benefit analysis caImot be used to
justify a given level of support for intelligence. Rather,
intelligence tends to be supported on a "level-of-effort"
basis, that is, a political judgment about what is
"reasonable," given other defense and nondefense pressures on
the overall national budget.

----------

   (28) Center for Cryptologic History, National Security
Agency, *Introductory History of VENONA and Guide to the
Translations*, Fort George G. Meade, Maryland, undated. VENONA
material is also available from the Web site of the National
Security Agency at
http://www.nsa.gov:8080/docs/venona/venona.html.

   (29) Stephen Schlesinger, "Cryptanalysis for Peacetime:
Codebreaking and the Birth and Structure of the United
Nations," *Cryptologia*, Volume 19(3), July 1995, pp. 217-235.

   (30) Stansfield Turner, "Intelligence for a New World
Order," *Foreign Affairs*, Fall 1991, pp. 150-166.

   (31) Turner, "Intelligence for a New World Order," 1991,
pp. 150-166.

   (32) Daniel Williams, "'I'm Ready to Get the Hell Out of
Here,"' *Washington Post*, July 9, 1995, p. A-1.

   (33) Christopher Andrew, *For the President's Eyes Only*,
HarperCollins, New York, 1995.

   (34) *Public Papers of the Presidents*, U.S. Government
Printing, Office, Washington, D.C., 1991, as quoted by Andrew
in *For the President's Eyes Only*, 1995, p. 526.

   (35) For an open-source report on the value of intelligence
as perceived by different policy makers, see David E. Sanger,
"Emerging Role for the C.l.A.: Economic Spy," *New York
Times*, October 15, 1995, p. 1; David E. Sanger, "When Spies
Look Out for the Almighty Buck," *New York Times*, October 22,
1995, p. 4.

____________________________________________________________


          3.3.2 The Impact of Cryptography on SIGINT

   Cryptography poses a threat to SIGINT for two separate but
related reasons:

   +    Strong cryptography can prevent any given message from
being read or understood. Strong cryptography used primarily
by foreign governments with the discipline to use those
products on a regular and consistent basis presents the United
States with a formidable challenge. Some encrypted traffic
regularly intercepted by the United States is simply
undecipherable by any known means.

   +    Even weak cryptography, if practiced on a widespread
basis by foreign governments or other entities, increases the
cost of exploitation dramatically.(36) When most messages that
are intercepted are unencrypted, the cost to determine whether
an individual message is interesting is quite low. However, if
most intercepted messages are encrypted, each one has to be
cryptanalyzed individually, because the interceptor does not
know if it is interesting or not.(37)

   According to administration officials who testified to the
committee, the acquisition and proper use of cryptography by
a foreign adversary could impair the national security
interests of the United States in a number of ways:

   +    Cryptography used by adversaries on a wide scale would
significantly increase the cost and difficulty of intelligence
gathering across the full range of U.S. national security
interests.

   +    Cryptography used by governments and foreign companies
can increase an adversary's capability to conceal the
development of missile delivery systems and weapons of mass
destruction.

   +    Cryptography can improve the ability of an adversary
to maintain the secrecy of its military operations to the
detriment of U.S. or allied military forces that might be
similarly engaged.

   The above comments suggest that the deployment of strong
cryptography that is widely used will diminish the
capabilities of those responsible for SIGINT. Today, there is
a noticable trend toward better and cheaper encryption that is
steadily closing the window of exploitation of unencrypted
communications. The growth of strong encryption will reduce
the availability of such intelligence. Using capabilities and
techniques developed during the Cold War, the SIGINT system
will continue its efforts to collect against countries and
other entities newly hostile to the United States. Many
governments and parties in those nations, however, will be
potential customers for advanced cryptography as it becomes
available on world markets. In the absence of improved
cryptanalytic methods, cooperative arrangements with foreign
governments, and new ways of approaching the information
collection problem, it is likely that losses in traditional
SIGINT capability would result in a diminished effectiveness
of the U.S. intelligence community.

----------

   (36) This point is echoed in Susan Landau et al., *Codes,
Keys, and Conflicts: Issues in U.S. Crypto Policy*, 1994, p.
25.

   (37) For example, assume that 1 out of every 1,000 messages
is interesting, and the cost of intercepting a message is X
and the cost of decrypting a message is Y. Thus, each
interesting message is acquired at a cost of 1,000 X + Y.
However, if every message is encrypted, the cost of each
interesting message is 1,000 (X + Y), which is approximately
1,000 Y larger. In other words, the cryptanalyst must do 1,000
times more work for each interesting message.

____________________________________________________________


             3.4 SIMILARITIES IN AND DIFFERENCES
          BETWEEN FOREIGN POLICY/NATIONAL SECURITY
                  AND LAW ENFORCEMENT NEEDS
                FOR COMMUNICATIONS MONITORING


   It is instructive to consider the similarities in and
differences between national security and law enforcement
needs for communications monitoring.


                     3.4. 1 Similarities

   +    *Secrecy*. Both foreign policy and law enforcement
authorities regard surreptitiously intercepted communications
as a more reliable source than information produced through
other means. Surveillance targets usually believe (however
falsely) that their communications are private; therefore,
eavesdropping must be surreptitious and the secrecy of
monitoring maintained. Thus, the identity and/or nature of
specific SIGINT sources are generally very sensitive pieces of
information, and are divulged only for good cause.

   +    *Timeliness*. For support of tactical operations,
near-real-time information may be needed (e.g., when a crime
or terrorist operation is imminent, when hostile forces are
about to be engaged).

   +    *Resources available to targets*. Many parties
targeted for electronic surveillance for foreign policy
reasons or by law enforcement authorities lack the resources
to develop their own security products, and are most likely to
use what they can purchase on the commercial market.

   +    *Allocation of resources for collection*. The size of
the budget allocated to law enforcement and to the U.S.
intelligence community is not unlimited. Available resources
constrain both the amount of surveillance law enforcement
officials can undertake and the ability of the U.S. SIGINT
system to respond to the full range of national intelligence
requirements levied upon it.

        --     Electronic surveillance, although in many cases
        critical, is only one of the tools available to U.S.
        law enforcement. Because it is manpower intensive, it
        is a tool used sparingly; thus, it represents a
        relatively small percentage of the total investment.
        The average cost of a wiretap order is $57,000 (see
        Appendix D) or approximately one-half of a
        full-time-equivalent agent-year.

        --     The U.S. SIGINT system is a major contributor
        to the overall U.S. intelligence collection capability
        and represents a correspondingly large percentage of
        the foreign intelligence budget. Although large, the
        U.S. system is by no means funded to "vacuum clean"
        the world's communications. It is sized to gather the
        most potentially lucrative foreign signals and
        targeted very selectively to collect and analyze only
        those communications most likely to yield information
        relating to highest priority intelligence needs.

   +    Perceptions of the problem. The volume of electronic
traffic and the use of encryption are both expected to grow,
but how the growth of one will compare to that of the other is
unclear at present. If the overall growth in the volume of
unencrypted electronic traffic lags the growth in the use of
cryptography, those conducting surveillance for law
enforcement or foreign policy reasons may perceive a loss in
access because the fraction of intercepts available to them
will decrease, even if the absolute amount of information
intercepted has increased as the result of larger volumes of
information. Of course, if the communicating parties take
special care to encrypt their sensitive communications, the
absolute amount of useful information intercepted may decrease
as well.


                      3.4.2 Differences

   +    *Protection of sources*. While the distinction is not
hard and fast, law enforcement authorities conducting an
electronic surveillance are generally seeking specific items
of evidence that relate to a criminal act and that can be
presented in open court, which implies that the source of such
information (i.e., the wiretap) will be revealed (and possibly
challenged for legal validity). By contrast, national security
authorities are usually seeking a body of intelligence
information over a longer period of time and are therefore far
more concerned with preserving the secrecy of sources and
methods.

   +    *Definition of interests*. There is a consensus,
expressed in law, about the specific types of domestic crimes
that may be investigated through the use of wiretapping. Even
internationally, there is some degree of consensus about what
activities are criminal; the existence of this consensus
enables a considerable amount of law enforcement cooperation
on a variety of matters. National security interests are
defined differently and are subject to refinement in a
changing world, and security interests often vary from nation
to nation. However, a community of interest among NATO allies
and between the United States and the major nations of the
free world makes possible fruitful intelligence relationships,
even though the United States may at times target a nation
that is both ally and competitor.

   +    *Volume of potentially relevant communications*. The
volume of communications of interest to law enforcement
authorities is small compared to the volume of interest to
national security authorities.

   +    *Legal framework*. Domestic law enforcement
authorities are bound by constitutional protections and
legislation that limit their ability to conduct electronic
surveillance. National security authorities operate under far
fewer legal constraints in monitoring the communications of
foreign parties located outside the United States.

   +    *Perceptions of vulnerability to surveillance*.
Parties targeted by national security authorities are far more
likely to take steps to protect their communications than are
most criminals.



            3.5 BUSINESS AND INDIVIDUAL NEEDS FOR
         EXCEPTIONAL ACCESS TO PROTECTED INFORMATION


   As noted above in Section 3.1, an employer may need access
to data that has been encrypted by an employee. Corporations
that use cryptography for confidentiality must always be
concerned with the risk that keys will be lost, corrupted,
required in some emergency situation, or otherwise be
unavailable, and they have a valid interest in defending their
interests in the face of these eventualities.(38)
             Cryptography can present problems for companies attempting
to satisfy their legitimate business interests in access to
stored and communicated information:

   +    *Stored data*. For entirely legitimate business
reasons, an employee might encrypt business records, but due
to circumstances such as vacation or sick leave, the employer
might need to read the contents of these records without the
employee's immediate assistance. Then again, an employee might
simply forget the relevant password to an encrypted file, or
an employee might maliciously refuse to provide the key (e.g.,
if he has a grudge against his employer), or might keep
records that are related to improper activities but encrypt
them to keep them private; a business undertaking an audit to
uncover or investigate these activities might well need to
read these records without the assistance of the employee. For
example, in a dispute over alleged wrongdoing of his
superiors, a Washington, D.C., financial analyst changed the
password on the city's computer and refused to share it.(39)
In another incident, the former chief financial officer of an
insurance company, Golden Eagle Group Ltd, installed a
password known only to himself and froze out operations. He
demanded a personal computer that he claimed was his, his
final paycheck, a letter of reference, and a $100 fee --
presumably for revealing the password.(40) While technical
fixes for these problems are relatively easy, they do
demonstrate the existence of motivation to undertake such
actions. Furthermore, it is poor management practice that
allows a single employee to control critical data, but that is
beyond the scope of this study.

   +    Communications. A number of corporations provided
input to the committee indicating that for entirely legitimate
business reasons (e.g., for resolution of a dispute between
the corporation and a customer), an employer might need to
learn about the content of an employee's communications.
Alternatively, an employee might use company communications
facilities as a means for conducting improper activities
(e.g., leaking company-confidential information, stealing
corporate assets, engaging in kickback or fraud schemes,
inappropriately favoring one supplier over another). A
business undertaking an audit to uncover or investigate these
activities might well need to monitor these communications
without the consent of the employee (Box 3.1)(41) but would be
unable to do so if the communications were encrypted. In other
instances, a comparly might wish to assist law enforcement
officials in investigating information crimes against it(42)
but would not be able to do so if it could not obtain access
to unsanctioned employee-encrypted files or communications.
Many, though certainly not all, businesses require prospective
employees to agree as a condition of employment that their
communications are subject to employer monitoring under
various circumstallces.(43)

   It is a generally held view among businesses that
provisions for corporate exceptional access to stored data are
more important than such provisions for communications.(44)
For individuals, the distinction is even sharper. Private
individuals as well as businesses have a need to retrieve
encrypted data that is stored and for which they may have lost
or forgotten the key. For example, a person may have lost the
key to an encrypted will or financial statement and wish to
retrieve the data. However, it is much more difficult to
imagine circumstances under which a person might have a
legitimate need for the real-time monitoring of
communications.

----------

   (38) While users may lose or corrupt keys used for user
authentication, the procedures needed in this event are
different than if the keys in question are for encryption. For
example, a lost authentication key creates a need to revoke
the key, so that another party that comes into possession of
the authentication key cannot impersonate the original owner.
By contrast, an encryption key that is lost creates a need to
recover the key.

   (39) Peter G. Neumann, *Computer-Related Risks*,
Addison-Wesley, New York, 1995, p. 154.

   (40) Neumann, *Computer-Related Risks*, 1995, p. 154.

   (41) For example, employees with Internet access may spend
so much time on nonwork-related Internet activities that their
productivity is impaired. Concerns such problems have about
led some companies to monitor the Internet activities of their
employees, and spawned products that covertly monitor and
record Internet use. See Laurie Flynn, "Finding On-Line
Distractions, Employers Strive to Keep Workers in Line," *New
York Times*, November 6, 1995, p. D-5.

   (42) A number of examples of such cooperation can be found
in Peter Schweizer, *Friendly Spies*, The Atlantic Monthly
Press, New York, 1993.

   (43) The legal ramifications of employer access to
on-thejob communications of employees are interesting, though
outside the scope of this report. For example, a company
employee may communicate with another company employee using
cryptography that denies employer access to the content of
those communications; such use may be contrary to explicit
company policy. May an employee who has violated company
policy in this manner be discharged legally? In general,
employer access to on-thejob communications raises many issues
of ethics and privacy, even if such access is explicitly
permitted by contract or policy.

   (44) This distinction becomes somewhat fuzzy when
considering technologies such as e-mail that serve the purpose
of communications but that also involve data storage. Greater
clarity is possible if one distinguishes between the
electronic bits of a message in transit (e.g., on a wire) and
the same bits that are at rest (e.g., in a file). With e-mail,
the message is sent and then stored; thus, e-mail can be
regarded as a stored communication. These comments suggest
that a need for exceptional access to e-mail is much more
similar to that for storage than for communications, because
it is much more likely that a need will arise to read an e-
mail message after it has been stored than while it is in
transit. A likely scenario of exceptional access to email is
that a user may receive e-mail encrypted with a public key for
which he no longer has the corresponding private key (that
would enable him to decrypt incoming messages). While this
user could in principle contact the senders and inform them of
a new public key, an alternative would be to develop a system
that would permit him to obtain exceptional access without
requiring such actions.

____________________________________________________________


            3.6 OTHER TYPES OF EXCEPTIONAL ACCESS
                  TO PROTECTED INFORMATION


   The discussion of exceptional access above involves only
the question of encryption for confidentiality. While it is
possible to imagine legitimate needs for exceptional access to
encrypted data (for purposes of ensuring secrecy), it is
nearly impossible to imagine a legitimate need for exceptional
access to cryptography used for the purposes of user
authentication, data integrity, or nonrepudiation. In a
business context, these cryptographic capabilities implement
or support long-standing legal precepts that are essential to
the conduct of commerce.

   +    Without unforgeable digital signatures, the concept of
a binding contract is seriously weakened.

   +    Without trusted digitally notarized documents,
questions of time precedence might not be legally resolvable.

   +    Without unforgeable integrity checks, the notion of a
certifiably accurate and authentic copy of digital documents
is empty.

   +    Without strong authentication and unquestionable
nonrepudiation, the analog of registered delivery in postal
systems is open to suspicion.(45)

   With exceptional access to the cryptography implementing
such features or to the private keys associated with them, the
legal protection that such features are intended to provide
might well be called into question. At a minimum, there would
likely be a questioning of the validity or integrity of the
protective safeguards, and there might be grounds for legal
challenge. A businessperson might have to demonstrate, for
example, that he has properly and adequately protected the
private keys used to digitally sign his contracts to the
satisfaction of a court or jury.

   It is conceivable that the government, for national
security purposes, might seek exceptional access to such
capabilities for offensive information warfare (see Chapter
2); however, public policy should not promote these
capabilities, because such access could well undermine public
confidence in such cryptographic mechanisms.

---------

   (45) In fact, digital signatures and nonrepudiation provide
a stronger guarantee than does registered delivery; the former
can be used to assure the delivery of the contents of an
"envelope," whereas postal registered delivery can only be
used to assure the delivery of the envelope.

____________________________________________________________


                          3.7 RECAP


   In general, cryptography for confidentiality involves a
party undertaking an encryption (to protect information by
generating ciphertext from plaintext) and a party authorized
by the encryptor to decrypt the ciphertext and thus recover
the original plaintext. In the case of information that is
communicated, these parties are in general different
individuals. In the case of information that is stored, the
first party and the second party are in general the same
individual. However, circumstances can and do arise in which
third parties (i.e., decrypting parties that are not
originally authorized or intended by the encrypting party to
recover the information involved) may need access to such
information. These needs for exceptional access to encrypted
information may arise from businesses, individuals, law
enforcement, and national security, and these needs are
different depending on the parties in question. Encryption
that renders such information confidential threatens the
ability of these third parties to obtain the necessary access.

   How the needs for confidentiality and exceptional access
are reconciled in a policy context is the subject of Part II.

____________________________________________________________

           BOX 3.1 Examples of Business Needs for
            Exceptional Access to Communications

   +    A major Fortune 1000 corporation was the subject of
various articles in the relevant trade press. These articles
described conditions within the corporation (e.g., employee
morale) that were based on information supplied by employees
of this corporation acting in an unauthorized manner and
contrary to company policy; moreover, these articles were
regarded by corporate management as being highly embarrassing
to the company. The employees responsible were identified
through a review of tapes of all their telephone conversations
in the period immediately preceding publication of the
damaging articles, and were summarily dismissed. As a
condition of employment, these employees had given their
employer permission to record their telephone calls.

   +    Executives at a major Fortune 1000 corporation had
made certain accommodations in settling the accounts of a
particular client that, while legal, materially distorted an
accounting audit of the books of that client. A review of the
telephone conversations in the relevant period indicated that
these executives had done so knowingly, and they were
dismissed. As a condition of employment, these executives had
given their employer permission to record their telephone
calls.

   +    Attempting to resolve a dispute about the specific
terms of a contract to sell oil at a particular price, a
multinational oil company needed to obtain all relevant
records. Given the fact that oil prices fluctuate
significantly on a minute-by-minute basis, most such trades
are conducted and agreed to by telephone. All such calls are
recorded, in accordance with contracts signed by traders as a
condition of employment. Review of these voice records
provided sufficient information to resolve the dispute.

   +    A multinational company was notified by a law
enforcement agency in Nation A regarding its suspicions that
an employee of the company was committing fraud against the
company. This employee was a national of Nation B. The company
began an investigation of this individual in cooperation with
law enforcement authorities in Nation B, and in due course,
legal authorization for a wiretap on this individual using
company facilities was obtained. The company cooperated with
these law enforcement authorities in the installation of the
wiretap.

----------

SOURCE: Anonymous testimony to the committee.

____________________________________________________________

        BOX 3.2 Examples of the Utility of Wiretapping

   +    The El Rukn Gang in Chicago, acting as a surrogate for
the Libyan government and in support of terrorism, planned to
shoot down a commercial airliner within the United States
using a stolen military weapon. This act of terrorism was
prevented through the use of telephone wiretaps.

   +    The 1988 "Ill Wind" public corruption and defense
department fraud investigation relied heavily on court-ordered
telephone wiretaps. To date, this investigation has resulted
in the conviction of 65 individuals and more than a quarter of
a billion dollars in fines, restitutions, and recoveries.

   +    Numerous drug trafficking and money laundering
investigations, such as the "Polar Cap" and "Pizza Connection"
cases, utilized extensive telephone wiretaps in the successful
prosecution of large-scale national and international drug
trafficking organizations. "Polar Cap" resulted in the arrest
of 33 subjects and the recovery of $50 million in assets
seized. Additionally, in a 1992 Miami raid, which directly
resulted from wiretaps, agents confiscated 15,000 pounds of
cocaine and arrested 22 subjects.

   +    The investigation of convicted spy Aldrich Ames relied
heavily on wiretaps ordered under FISA authority.

   +    In a 1990 "Sexual Exploitation of Children"
investigation, the FBI relied heavily on wiretaps to prevent
violent individuals from abducting, torturing, and murdering
a child in order to make a "Snuff Murder" film.

----------

SOURCE: Federal Bureau of Investigation.

____________________________________________________________

            BOX 3.3 Law Enforcement Requirements
      for the Surveillance of Electronic Communications

   +    Prompt and expeditious access both to the contents of
the electronic communications and "setup" information
necessary to identify the calling and called parties.

   +    Real-time, full-time monitoring capability for
intercepts. Such capability is particularly important in an
operational context, in which conversations among either
criminal conspirators (e.g., regarding a decision to take some
terrorist action) or criminals and innocent third parties
(e.g.. regarding a purchase order for explosives from a
legitimate dealer) may have immediate significance.

   +    Delivery of intercepted communications to specified
monitoring facilities.

   +    Transparent access to the communications, i.e., access
that is undetectable to all parties to the communications
(except to the monitoring parties) and implementation of
safeguards to restrict access to intercept information.

   +    Verification that the intercepted communications are
associated with the intercept subject.

   +    Capabilities for some number of simultaneous
intercepts to be determined through a cooperative industry/law
enforcement effort.

   +    Reliability of the services supporting the intercept
at the same (or higher) level of the reliability of the
communication services provided to the intercept subject.

   +    A quality of service for the intercept that complies
with the performance standards of the service providers.

----------

SOURCE: Law Enforcement Requirements for the Surveillance of
Electronic Communications*, FBI in cooperation with the
National Technical Investigators Association, June 1994.

____________________________________________________________

          BOX 3.4 How Noncryptography Applications
   of Information Technology Could Benefit Law Enforcement

   As acknowledged elsewhere in the main text, encryption in
ubiquitous use would create certain difficulties for law
enforcement. Nevertheless, it is important to place into
context the overall impact on law enforcement of the digital
information technologies that enable encryption and other
capabilities that are not the primary subject of this report.
Chapter 2 suggested how encryption capabilities can be a
positive force for more effective law enforcement (e.g.,
secure police communications). But information technology is
increasingly ubiquitous and could appear in a variety of other
applications less obvious than encryption. For example:

   +    Video technology has become increasingly inexpensive.
Thus, it is easy to imagine police cruisers with video cameras
that are activated upon request when police are responding to
an emergency call. Monitoring those cameras at police
headquarters would provide a method for obtaining timely
information regarding the need of the responding officers for
backup. Equipping individual police officers with even smaller
video cameras attached to their uniforms and recording such
transmissions would provide objective evidence to corroborate
(or refute) an officer's description of what he saw at a crime
scene.

   +    The number of users of cellular telephones and
wide-area wireless communications services will grow rapidly.
As such technologies enable private citizens to act as
responsible eyes and ears that observe and report emergencies
in progress, law enforcement officials will be able to respond
more quickly. (See, for example, Chana Schoenberger, "The
Pocket-Size Protector; Feeling Safe, not Stylish, with
Cellular Phones," *Washington Post*, August 29, 1995, page
B-5.)

   +    Electronically mediated sting operations help to
preserve cover stories of law enforcement officials. For
example, the Cybersnare sting operation resulted in the arrest
of six individuals who allegedly stole cellular telephone
numbers en masse from major companies, resulting in millions
of dollars of industry losses. Cybersnare was based on an
underground bulletin board that appealed to cellular telephone
and credit card thieves. Messages were posted offering for
sale cellular telephone "cloning" equipment and stolen
cellular telephone numbers, and included contact telephone
numbers that were traced to the individuals in question. (See
Gautam Naik, "Secret Service Agents Arrest Six Hackers in
Cellular-Phone Sting in Cyberspace," *Wall Street Journal*,
September 12, 1995, page B6.)

   +    The locations of automobiles over a metropolitan area
could be tracked automatically, either passively or actively.
An active technique might rely on a coded beacon that would
localize the position of the automobile on which it was
mounted. A passive technique might rely on automatic scanning
for license plates that were mounted on the roofs of cars. As
an investigative technique, the ability to track the location
of a particular automobile over a period of time could be
particularly important.

   Even today, information technology enables law enforcement
officials to conduct instant background checks for handgun
purchases and arrest records when a person is stopped for a
traffic violation. Retail merchants guard against fraud by
using information technology to check driving records when
cars are rented and credit checks for big purchases. The
Department of the Treasury uses sophisticated information
technology to detect suspicious patterns that might indicate
large-scale money laundering by organized crime.

   All such possibilities involve important social as well as
technical issues. For example, the first two examples featured
above seem relatively benign, while the last two raises
serious entrapment and privacy issues. Even the "instant
background checks" of gun buyers have generated controversy.
The mention of these applications (potential and actual) is
not meant as endorsement, recommendation, or even suggestion;
they do, however, place into better context the potentialities
of information technology in some overall sense to improve the
capabilities of law enforcement while at the same time
illustrating that concerns about excessive government power
are not limited to the issue of cryptography.

____________________________________________________________

[End Chapter 3]


