============================================================= C D T P O L I C Y P O S T **************************************************** A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE from THE CENTER FOR DEMOCRACY AND TECHNOLOGY **************************************************** Volume 5, Number 19 August 20, 1999 ============================================================= CONTENTS: (1) Justice Department Proposes Secret Searches of Homes, Offices (2) If the Government Wants Your Data, It Should Come to You For It (3) Proposal Also Sets Standards for Access to Escrowed Keys (4) Subscription Information (5) About the Center for Democracy and Technology ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ari@cdt.org This document is also available at: http://www.cdt.org/publications/pp_5.19.html _______________________________________________________________________ (1) JUSTICE DEPARTMENT PROPOSES SECRET SEARCHES OF HOMES, OFFICES The Justice Department is planning to ask Congress for new authority allowing federal agents armed with search warrants to secretly break into homes and offices to obtain decryption keys or passwords or to implant "recovery devices" or otherwise modify computers to ensure that any encrypted messages or files can be read by the government. With this dramatic proposal, the Clinton Administration is basically saying: "If you don't give your key in advance to a third party, we will secretly enter your house to take it if we suspect criminal conduct." The full text of the Justice Department proposal, a section-by-section analysis prepared by DOJ lawyers, and related materials are available at: http://www.cdt.org/crypto/CESA. The proposal has been circulating within the Clinton Administration since late June. On August 5, the Office of Management and Budget circulated it for final interagency review. In the normal course, after all potentially interested agencies have been consulted, the proposal would be transmitted to Capitol Hill, where it could be introduced by any Member, or offered as an amendment to pending legislation. _______________________________________________________________________ (2) IF THE GOVERNMENT WANTS YOUR DATA, IT SHOULD COME TO YOU FOR IT The proposal is intended to eliminate a core element of our civil liberties. Normally, under the Fourth Amendment in the Bill of Rights, when the government wants to search your home or office, the government must obtain a court order issued by a judge based on a finding of probable cause to believe that a crime is being committed AND the government must provide you with contemporaneous notice of the search -- show you the warrant and leave an inventory of the items seized. This notice requirement has ancient roots. It is based on the notion that the judicial warrant (issued on the basis of the government agent's untested assertions presented to a judge in private) does not provide adequate protection against abuse. Notice is important because it gives you the opportunity to observe the conduct of the government agents and protect your rights. If the agents are exceeding the scope of the warrant, for example, you can even rush down to the courthouse and ask a judge to stop the search. And after the search, you can exercise your rights for return of your property and otherwise defend yourself. Over time, our society has tolerated exceptions to this rule. For example, the government can enter secretly to plant bugs to pick up oral communications or to bug your phone, but that is quite rare. Most wiretaps do not involve entry into the home. A few courts in a few cases have allowed so-called "sneak and peek" searches, in which government agents can enter surreptitiously, provided they don't take anything. And in the name of foreign counterintelligence, the government has long conducted "black bag jobs," such as the one in which they searched the home and computer of CIA employee Aldrich Ames. The new DOJ proposal is a huge expansion of these previously narrowly defined exceptions. The proposal takes extraordinary cases at the fringes of the law and makes them routine, given the increasingly ubiquitous nature of computers. Thus, the encryption debate, which up until now has been about privacy and security in cyberspace, is becoming a struggle over the sanctity of the home. _______________________________________________________________________ (3) PROPOSAL ALSO SETS STANDARDS FOR ACCESS TO ESCROWED KEYS The proposal also includes detailed procedures for government access to keys and other forms of decryption assistance stored with third parties. Again, the essence of the DOJ proposal is government access to keys without the knowledge or cooperation of the crypto user. The DOJ claims that these key recovery provisions provide greater protection for lawful users of encryption, by making it clear that a third party holding a decryption key or other recovery information cannot disclose it or use it except in accordance with the procedures set forth in the Act. The DOJ-drafted procedures are complicated and unique, turning on unanswered questions of what is "generally applicable law" and what is a "constitutionally protected expectation of privacy." They fall far short of protections proposed by Sen. Patrick J. Leahy (D-VT) in the Electronic Rights for the Twenty-First Century (E-RIGHTS) bill, S. 854, described at http://www.cdt.org/crypto/legis_106/ERIGHTS/ In any case, few individuals use third party key recovery, and there seems to be little individual or corporate interest in key recovery for communications, so even the strictest procedures for access to escrowed keys would be vastly outweighed by the proposed secret searches of homes and offices. In the small comfort department, the DOJ proposal makes it clear that key escrow or third party key recovery would not be mandatory. _______________________________________________________________________ (4) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center for Democracy and Technology, are received by Internet users, industry leaders, policymakers, the news media and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to majordomo@cdt.org In the BODY of the message (leave the SUBJECT LINE BLANK), type subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with NOTHING IN THE SUBJECT LINE and a BODY TEXT of: unsubscribe policy-posts _______________________________________________________________________ (5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info@cdt.org World Wide Web: http://www.cdt.org/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 5.19 ----------------------------------------------------------------------- Aleksandr Gembinski Webmaster etc. Center for Democracy and Technology 1634 Eye Street, NW 11th Floor Washington, DC 20006 (v) +1.202.637.9800 (f) +1.202.637.0968 http://www.cdt.org/ ========================================================================== [thanks to Bob Brost for forwarding this to me] ==========================================================================