Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 79
Page 79 3 Needs for Access to Encrypted Information Information protected for confidentiality (i.e., encrypted information) is stored or communicated for later use by certain parties with the authorization of the original protector. However, it may happen for various legitimate and lawfully authorized reasons that other parties may need to recover this information as well. This chapter discusses needs for access to encrypted information under exceptional circumstances for legitimate and lawfully authorized purposes from the perspectives of businesses, individuals, law enforcement, and national security. Businesses and individuals may want access to encrypted data or communications for their own purposes and thus may cooperate in using products to facilitate such access, while law enforcement and national security authorities may want access to the encrypted data or communications of criminals and parties hostile to the United States. 3.1 TERMINOLOGY It is useful to conceptualize data communications and data storage using the language of transactions. For example, one individual may telephone another; the participants in the transaction are usually referred to as the calling party and the called party. Or, a person makes a purchase; the participants are called the buyer and seller. Or, a sender mails something to the recipient. Adopting this construct, consider communications in which the first party (Party A) sends a message and the second party (Party B) receives it. ''Party" does not necessarily imply a person; a
OCR for page 80
Page 80 "party" can be a computer system, a communication system, a software process. In the case of data storage, Party A stores the data, while Party B retrieves it. Note that Party A and Party B can be the same party (as is the case when an individual stores a file for his or her own later use). Under some circumstances, a third party may be authorized for access to data stored or being communicated. For example, law enforcement authorities may be granted legal authorization to obtain surreptitious access to a telephone conversation or a stored data file or record without the knowledge of Parties A or B. The employer of Party A may have the legal right to read all data files for which Party A is responsible or to monitor all communications in which Party A participates. Party A might inadvertently lose access to a data file and wish to recover that access. In cases when the data involved is unencrypted, the procedures needed to obtain access can be as simple as identifying the relevant file name or as complex as seeking a court order for legal authorization. But when the data involved is encrypted, the procedures needed to obtain access will require the possession of certain critical pieces of information, such as the relevant cryptographic keys. Third-party access has many twists and turns. When it is necessary for clarity of exposition or meaning, this report uses the phrase "exceptional access" to stress that the situation is not one that was included within the intended bounds of the original transaction, but is an unusual subsequent event. Exceptional access refers to situations in which an authorized party needs and can obtain the plaintext of encrypted data (for storage or communications). The word "exceptional" is used in contrast to the word ''routine" and connotes something unusual about the circumstances under which access is required. Exceptional access can be divided into three generic categories: • Government exceptional access refers to the case in which government has a need for access to information under specific circumstances authorized by law. For example, a person might store data files that law enforcement authorities need to prosecute or investigate a crime. Alternatively, two people may be communicating with each other in the planning or commission of a serious crime. Government exceptional access thus refers to the government's need to obtain the relevant information under circumstances authorized by law, and requires a court order (for access to voice or data communications) or a subpoena or search warrant (for access to stored records). Government exceptional access is the focus of Section 3.2. The related signals intelligence need is discussed in Section 3.3. • Employer (or corporate) exceptional access refers to the case in which
OCR for page 81
Page 81 an employer (i.e., the corporate employer) has the legal right to access to information encrypted by an employee. If an employee who has encrypted a file is indisposed on a certain day, for example, the company may need exceptional access to the contents of the file. Alternatively, an employee may engage in communications whose content the company may have a legitimate need to know (e.g., the employee may be leaking proprietary information). Employer exceptional access would then refer to the company's requirement to obtain the key necessary to obtain the contents of the file or communications, and may require the intervention of another institutional entity. Employer or corporate exceptional access is the focus of Section 3.5. •· End-user exceptional access refers to the case in which the parties primarily intended to have access to plaintext have lost the means to obtain such access. For example, a single user may have stored a file for later retrieval, but encrypted it to ensure that no other party would have access to it while it was in storage. However, the user might also lose or forget the key used to encrypt that file. End-user exceptional access refers to such a user's requirement to obtain the proper key, and may require that the individual who has lost a key prove his identify to a party holding the backup key and verify his authorization to obtain a duplicate copy of his key. End-user exceptional access is also discussed in Section 3.5. The need for exceptional access when the information stored or communicated is encrypted has led to an examination of a concept generically known as escrowed encryption (the subject of Chapter 5), which, loosely speaking, uses agents other than the parties participating in the communication or data storage to hold copies of or otherwise have access to relevant cryptographic keys "in escrow" so that needs for end-user, corporate, and government exceptional access can be met; these agents are called escrow agents. 3.2 LAW ENFORCEMENT: INVESTIGATION AND PROSECUTION Obtaining information (both evidence and intelligence) has always been a central element in the conduct of law enforcement investigations and prosecutions. Accordingly, criminals have always wished to protect the information relevant to their activities from law enforcement authorities. 3.2.1 The Value of Access to Information for Law Enforcement Many criminals keep records related to their activities; such records can be critical to the investigation and prosecution of criminal activity.
OCR for page 82
Page 82 BOX 3.1 Examples of the Utility of Wiretaping • The El Rukn Gang in Chicago, acting as a surrogate for the Libyan government and in support of terrorism, planned to shoot down a commercial airliner within the United States using a stolen military weapon. This act of terrorism was prevented through the use of telephone wiretaps. • The 1988 "Ill Wind" public corruption and Defense Department fraud investigation relied heavily on court-ordered telephone wiretaps. To date, this investigation has resulted in the conviction of 65 individuals and more than a quarter of a billion dollars in fines, restitutions, and recoveries. • Numerous drug trafficking and money laundering investigations, such as the "Polar Cap" and "Pizza Connection" cases, utilized extensive telephone wiretaps in the successful prosecution of large-scale national and international drug trafficking organizations. "Polar Cap" resulted in the arrest of 33 subjects and the recovery of $50 million in assets seized. Additionally, in a 1992 Miami raid, which directly resulted from wiretaps, agents confiscated 15,000 pounds of cocaine and arrested 22 subjects. • The investigation of convicted spy Aldrich Ames relied heavily on wiretaps ordered under Foreign Intelligence Surveillance Act authority. • In a 1990 "Sexual Exploitation of Children'' investigation, the FBI relied heavily on wiretaps to prevent violent individuals from abducting, torturing, and murdering a child in order to make a "snuff murder" film. SOURCE: Federal Bureau of Investigation. For example, criminals engaged in white-collar crimes such as fraud often leave paper trails that detail fraudulent activities; drug dealers often keep accounting records of clients, drop-offs, supplies, and income. Reconstruction of these paper trails is often a critical element in building a case against these individuals. The search-and-seizure authority of law enforcement to obtain paper records is used in a large fraction of criminal cases. As for communications, law enforcement officials believe that wiretapping is a crucial source of information that could not be obtained in any other way or obtained only at high risk (Box 3.1). For example, the Federal Bureau of Investigation (FBI) has testified that [w]ithout law enforcement's ability to effectively execute court orders for electronic surveillance, the country would be unable to protect itself against foreign threats, terrorism, espionage, violent crime, drug trafficking, kidnapping, and other crimes. We may be unable to intercept a terrorist before he sets off a devastating bomb; unable to thwart a for-
OCR for page 83
Page 83 eign spy before he can steal secrets that endanger the entire country; and unable to arrest drug traffickers smuggling in huge amounts of drugs that will cause widespread violence and death. Court-approved electronic surveillance is of immense value, and often is the only way to prevent or solve the most serious crimes facing today's society.1 Criminals often discuss their past criminal activity and plans for future criminal activity with other parties. Obtaining "inside information" on such activities is often a central element of building a case against the perpetrators. A defendant who describes in his own words how he committed a crime or the extent to which he was involved in it gives prosecutors a powerful weapon that juries tend to perceive as fair.2 Other methods of obtaining "inside information" have significant risks associated with them: • Informants are often used to provide inside information. However, the credibility of informants is often challenged in court, either because the informants have shady records themselves or because they may have made a deal with prosecutors by agreeing to serve as informants in return for more lenient treatment.3By contrast, challenges to evidence obtained through wiretaps are based far more frequently on their admissibility in court rather than their intrinsic credibility. Informants may also be difficult to find when a criminal group is small in size. • Surreptitiously planted listening devices are also used to obtain inside information. However, they generally obtain only one side of a conversation (use of a speaker-phone presents an exception). Further, since listening devices require the use of an agent to plant them, installation of such devices is both highly intrusive (arguably more so than wiretapping) for the subject of the device and risky for the planting agent. Requests for the use of such devices are subject to the same judicial oversight and review as wiretaps. 1Statement of James K. Kallstrom, Special Agent in Charge, Special Operations Division, New York Field Division, Federal Bureau of Investigation, on "Security Issues in Computers and Communications," before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology, U.S. House of Representatives, May 3,1994. 2 For example, see Edward Walsh, "Reynolds Guilty on All Counts," Washington Post, August 23, 1995, p. 1. 3See, for example, Sharon Walsh, "Whistle-Blower Quandary: Will Testimony Fly?," Washington Post, August 23, 1995, p. F3; Richard Perez-Pena, "An Informer's Double Life: Blows Come from 2 Sides," New York Times, October 15, 1995, p. 35; Joseph P. Fried, "Undermining a Bomb-Trial Witness," New York Times, April 9, 1995, p. 42; and Stephen Labaton, "The Price Can Be High for Talk That's Cheap," New York Times, Week in Review, April 2, 1995, p. 3.
OCR for page 84
Page 84 This discussion is not intended to suggest that wiretaps are a perfect source of information and always useful to law enforcement. An important difficulty in using wiretaps is that context is often difficult for listeners to establish when they are monitoring a telephone conversation that assumes shared knowledge between the communicators.4 Because of the legal framework regulating wiretaps, and the fact that communications are by definition transient whereas records endure, wiretapping is used in far fewer criminal cases than is seizure of records. Although the potential problems of denying law enforcement access to communications has been the focus of most of the public debate, encryption of data files in a way that denies law enforcement authorities access to data files relevant to criminal activity arguably presents a much larger threat to their capabilities. 3.2.2 The Legal Framework Governing Surveillance An evolving legal framework governs the authority of government authorities to undertake surveillance of communications that take place within the United States or that involve U.S. persons. Surveillance within the United States is authorized only for certain legislatively specified purposes: the enforcement of certain criminal statutes and the collection of foreign intelligence. A more extended description of this framework (with footnoted references) is contained in Appendix D. Domestic Communications Surveillance for Domestic Law Enforcement Purposes Communications surveillance can involve surveillance for traffic analysis and/or surveillance for content; these separate activities are governed by different laws and regulations. Traffic analysis, a technique that establishes patterns of connections and communications, is performed with the aid of pen registers that record the numbers dialed from a target telephone, and trap-and-trace devices that identify the numbers of telephones from which calls are placed to the target telephone. Orders for the 4 Indeed, in some instances, wiretap evidence has been used to exculpate defendants. See, for example, Peter Marks, "When the Best Defense Is the Prosecution's Own Tapes," New York Times, June 30, 1995, p. D20. According to Roger Shuy, professor of linguistics at Georgetown University, there are many difficulties in ascribing meaning to particular utterances that may be captured on tape recordings of conversations. See Roger Shuy, Language Crimes, Blackwell Publishers, Cambridge, Mass., 1993. Shuy's book is mostly focused on tapes made by "wires" carried by informants or "bugs" placed near a subject, but the basic principle is the same.
OCR for page 85
Page 85 use of these devices may be requested by any federal attorney and granted by any federal district judge or magistrate, and are granted on a more or less pro forma basis. Surveillance of communications for content for purposes of domestic law enforcement is governed by Title 18, U.S. Code, Sections 2510-2521, concerning "wire and electronic communications interceptions and interception of all communications," generally known as Title III. These sections of the U.S. Code govern the use of listening devices (usually known as "bugs"); wiretaps of communications involving human speech (called "oral communications" in Title III) carried over a wire or wire-like cable, including optical fiber; and other forms of electronically transmitted communication, including various forms of data, text, and video that may be communicated between or among people as well as computers or communications devices. Under Title III, only certain federal crimes may be investigated (e.g., murder, kidnapping, child molestation, racketeering, narcotics offenses) through the interception of oral communications. In addition, 37 states have passed laws that are similar to Title III, but they include such additional restrictions as allowing only a fixed number of interceptions per year (Connecticut) or only for drug-related crimes (California). State wiretaps account for the majority of wiretaps in the United States. Surveillance of oral communications governed under Title III in general requires a court order (i.e., a warrant) granted at the discretion of a judge.5Because electronic surveillance of oral communications is both inherently intrusive and clandestine, the standards for granting a warrant for such surveillance are more stringent than those required by the Fourth Amendment. These additional requirements are specified in Title III and are enforced by criminal and civil penalties applicable to law enforcement officials or private citizens, and by a statutory exclusionary rule that violations of the central features of requirements may lead to suppression of evidence in a later trial, even if such evidence meets the relevant Fourth Amendment test. Because of the resources required, the administrative requirements for the application procedure, and the legal requirement that investigators exhaust other means of obtaining information, wiretaps are not often used. Approximately 1,000 orders (both federal and state) are authorized yearly (a number small compared to the number of felonies investigated, 5Emergency intercepts may be performed without a warrant in certain circumstances, such as physical danger to a person or conspiracy against the national security. There has been "virtually no use" of the emergency provision, and its constitutionality has not been tested in court (Wayne R. LaFave and Jerold H. Israel, Criminal Procedure, West Publishing Company, St. Paul, Minn., 1992, p. 254).
OCR for page 86
Page 86 even if such felonies are limited to those specified in Title III as eligible for investigation with wiretaps).6About 2,500 conversations are intercepted per order, and the total number of conversations intercepted is a very small fraction of the annual telephone traffic in the United States. Surveillance of nonvoice communications, including fax and electronic communications, is also governed by Title III.7The standard for obtaining an intercept order for electronic communications is less stringent than that for intercepting voice communications. For example, any federal felony may be investigated through electronic interception. In addition, the statutory exclusionary rule of Title III for oral and wire communications does not apply to electronic communications. Despite the legal framework outlined above, it is nevertheless possible that unauthorized or unlawful surveillance, whether undertaken by rogue law enforcement officials or overzealous private investigators, occurs. Concerns over such activity are often expressed by critics of the current Administration policy, and they focus on two scenarios: • With current telephone technology, it is sometimes technically possible for individuals (e.g., private investigators, criminals, rogue law enforcement personnel) to undertake wiretaps on their own initiative (e.g., by placing alligator clips on the proper terminals in the telephone box of an apartment building). Such wiretaps would subject the personnel involved to Title III criminal penalties, but detection of such wiretaps might well be difficult. On the other hand, it is highly unlikely that such a person could obtain the cooperation of major telephone service providers without a valid warrant or court order, and so these wiretaps would have to be conducted relatively close to the target's telephone, and not in a telephone switching office. • Information obtained through a wiretap in violation of Title III can 6Some analysts critical of the U.S. government position on wiretaps have suggested that the actual distribution of crimes investigated under Title III intercept or surveillance orders may be somewhat inconsistent with government claims of the high value of such orders. (See, for example, testimony of David B. Kopel, Cato Institute, "Hearings on Wiretapping and Other Terrorism Proposals," Committee on the Judiciary, U.S. Senate, May 24, 1995; also available on-line at http://www.cato.org/ct5-24-5.html.) For example, Table D.3 in Appendix D indicates that no cases involving arson, explosives, or weapons were investigated using Title III wiretaps in 1988. The majority of Title III orders have involved drug and gambling crimes. 7Note that when there is no reasonable expectation of privacy, law enforcement officials are not required to undertake any special procedure to monitor such communications. For example, a law enforcement official participating in an on-line "chat" group is not required to identify himself as such, nor must he obtain any special permission at all to monitor the traffic in question. However, as a matter of policy, the FBI does not systematically monitor electronic forums such as Internet relay chats.
OCR for page 87
Page 87 be suppressed in court, but such evidence may still be useful in the course of an investigation. Specifically, such evidence may cue investigators regarding specific areas that would be particularly fruitful to investigate, and if the illegal wiretap is never discovered, a wiretap that provides no court-admissible evidence may still prove pivotal to an investigation.8(Even if it is discovered, different judges apply the doctrine of discarding "the fruit of the poisonous tree" with different amounts of rigor.) The extent to which these and similar scenarios actually occur is hard to determine. Information provided by the FBI to the committee indicates a total of 187 incidents of various types (including indictments/complaints and convictions/pretrial diversions) involving charges of illegal electronic surveillance (whether subsequently confirmed or not) over the past 5 fiscal years (1990 through 1994).9 Domestic Communications Surveillance for Foreign Intelligence Purposes The statute governing interception of electronic communications for purposes of protecting national security is known as the Foreign Intelligence Surveillance Act (FISA), which has been codified as Sections 1801 to 1811 in Title 18 of the U.S. Code. Passed in 1978, FISA was an attempt to balance Fourth Amendment rights against the constitutional responsibility of the executive branch to maintain national security. FISA is relevant only to communications occurring at least partly within the United States (wholly, in the case of radio communications), although listening stations used by investigating officers may be located elsewhere, and FISA surveillance may be performed only against foreign powers or their agents. Interception of communications, when the communications occur entirely outside the United States, whether or not the participants include U.S. persons, is not governed by FISA, Title III, or any other statute. However, when a U.S. person is outside the United States, Executive Order 12333 governs any communications intercepts targeted against such individuals. 8Such concerns are raised by reports of police misconduct as described in Chapter 1. 9The committee recognizes the existence of controversy over the question of whether such reports should be taken at face value. For example, critics of the U.S. government who believe that law enforcement authorities are capable of systematically abusing wiretap authority argue that law enforcement authorities would not be expected to report figures that reflected such abuse. Alternatively, it is also possible that cases of improper wiretaps are in fact more numerous than reported and have simply not come to the attention of the relevant authorities. The committee discussed such matters and concluded that it had no reason to believe that the information it received on this subject from law enforcement authorities was in any way misleading.
OCR for page 88
Page 88 The basic framework of FISA is similar to that of Title III, with certain important differences, among which are the following: • The purpose of FISA surveillance is to obtain foreign intelligence information, defined in terms of U.S. national security, including defense against attack, sabotage, terrorism, and clandestine intelligence activities, among others. The targeted communications need not relate to any crime or be relevant as evidence in court proceedings. • In most instances, a FISA surveillance application requires a warrant based on probable cause that foreign intelligence information will be collected.10 Surveillance of a U.S. person (defined as a U.S. citizen, U.S. corporation or association, or legal resident alien) also requires probable cause showing that the person is acting as a foreign agent. Political and other activities protected by the First Amendment may not serve as the basis for treating a U.S. person as a foreign agent. • Targets of FISA surveillance might never be notified that communications have been intercepted. Since 1979, there have been an average of over 500 FISA orders per year. In 1992, 484 were issued. Other information about FISA intercepts is classified. 3.2.3 The Nature of the Surveillance Needs of Law Enforcement In cooperation with the National Technical Investigators Association, the FBI has articulated a set of requirements for its electronic surveillance needs (Box 3.2). Of course, access to surveillance that does not meet all of these requirements is not necessarily useless. For example, surveillance that does not meet the transparency requirement may still be quite useful in certain cases (e.g., if the subjects rationalize the lack of transparency as "static on the line"). The basic point is that these requirements constitute a set of continuous metrics by which the quality of a surveillance capability can be assessed, rather than a list that defines what is or is not useful surveillance. Of these requirements, the real-time requirement is perhaps the most demanding. The FBI has noted that 10Surveillance may take place without a court order for up to 1 year if the Attorney General certifies that there is very little likelihood of intercepting communications involving U.S. persons and that the effort will target facilities used exclusively by foreign powers. Under limited circumstances, emergency surveillance may be performed before a warrant is obtained (Clifford S. Fishman, Wiretapping and Eavesdropping: Cumulative Supplement, Clark Boardman Callaghan, Deerfield, Ill., November 1994, sections 361, 366).
OCR for page 89
Page 89 BOX 3.2 Law Enforcement Requirements for the Surveillance of Electronic Communications • Prompt and expeditious access both to the contents of the electronic communications and "setup" information necessary to identify the calling and called parties • Real-time, full-time monitoring capability for intercepts. Such capability is particularly important in an operational context, in which conversations among either criminal conspirators (e.g., regarding a decision to take some terrorist action) or criminals and innocent third parties (e.g., regarding a purchase order for explosives from a legitimate dealer) may have immediate significance • Delivery of intercepted communications to specified monitoring facilities • Transparent access to the communications, i.e., access that is undetectable to all parties to the communications (except to the monitoring parties) and implementation of safeguards to restrict access to intercept information • Verification that the intercepted communications are associated with the intercept subject • Capabilities for some number of simultaneous intercepts to be determined through a cooperative industry/law enforcement effort • Reliability of the services supporting the intercept at the same (or higher) level of the reliability of the communication services provided to the intercept subject • A quality of service for the intercept that complies with the performance standards of the service providers SOURCE: Law Enforcement Requirements for the Surveillance of Electronic Communications, Federal Bureau of Investigation in cooperation with the National Technical Investigators Association, June 1994. [s]ome encryption products put at risk efforts by federal, state and local law enforcement agencies to obtain the contents of intercepted communications by precluding real-time decryption. Real-time decryption is often essential so that law enforcement can rapidly respond to criminal activity and, in many instances, prevent serious and life-threatening criminal acts.11 11 Statement of James K. Kallstrom, Special Agent in Charge, Special Operations Division, New York Field Division, Federal Bureau of Investigation, on "Security Issues in Computers and Communications," before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology, U.S. House of Representatives, May 3, 1994. An illustrative example is an instance in which the FBI was wiretapping police officers who were allegedly guarding a drug shipment. During that time, the FBI overheard a conversation between the police chief and several other police officials that the FBI believes indicated a plot to murder a certain individual who had previously filed a police brutality complaint against the chief. (However, the FBI was unable to decode the police chief's "street slang and police jargon" in time to prevent the murder.) See Paul Keegan, "The Thinnest Blue Line," New York Times Magazine, March 31, 1996, pp. 32-35.
OCR for page 100
Page 100 know about flows of money for purposes of counterterrorism or sanctions monitoring. Although the value of SIGINT to military operations and to law enforcement is generally unquestioned, senior decision makers have a wide range of opinions on the value of strategic and/or political intelligence. Some decision makers are voracious consumers of intelligence reports. They believe that the reports they receive provide advance notice of another party's plans and intentions, and that their own decisions are better for having such information. These decision makers find that almost no amount of information is too much and that any given piece of information has the potential to be helpful. To illustrate the value of SIGINT to some senior policy makers, it is helpful to recall President Clinton's remarks to the intelligence community on July 14, 1995, at the CIA: he said that "in recent months alone you warned us when Iraq massed its troops against the Kuwaiti border. You provided vital support to our peacekeeping and humanitarian missions in Haiti and Rwanda. You helped to strike a blow at a Colombian drug cartel. You uncovered bribes that would have cheated American companies out of billions of dollars." On a previous occasion, then-President George Bush gave his evaluation of SIGINT when he said that ".. . over the years I've come to appreciate more and more the full value of SIGINT. As President and Commander-in-Chief, I can assure you, signals intelligence is a prime factor in the decision making process by which we chart the course of this nation's foreign affairs."34 Some policy makers, generally less senior than the President, have stated that while intelligence reports are occasionally helpful, they do not in general add much to their decision-making ability because they contribute to information overload, are not sufficiently timely in the sense that the information is revealed shortly in any event, lack necessary context-setting information, or do not provide much information beyond that available from open sources. Even among the members of the committee who have served in senior government positions, this range of opinion is represented.35 The perceived value of strategic SIGINT (as with many other types of intelligence) depends largely on the judgment and position of the particu- 34 Public Papers of the Presidents, U.S. Government Printing Office, Washington, D.C., 1991, as quoted by Andrew in For the President's Eyes Only, 1995, p. 526. 35 For an open-source report on the value of intelligence as perceived by different policy makers, see David E. Sanger, "Emerging Role for the C.I.A.: Economic Spy," New York Times, October 15, 1995, p. 1; and David E. Sanger, "When Spies Look Out for the Almighty Buck," New York Times, October 22, 1995, p. 4.
OCR for page 101
Page 101 lar individuals whom the intelligence community is serving. These individuals change over time as administrations come and go, but intelligence capabilities are built up over a time scale longer than the election cycle. The result is that the intelligence community gears itself to serve those decision makers who will demand the most from it, and is loath to surrender sources and/or capabilities that may prove useful to decision makers. Since the benefits of strategic intelligence are so subjective, formal cost-benefit analysis cannot be used to justify a given level of support for intelligence. Rather, intelligence tends to be supported on a "level-ofeffort" basis, that is, a political judgment about what is "reasonable," given other defense and nondefense pressures on the overall national budget. 3.3.2 The Impact of Cryptography on Signals Intelligence Cryptography poses a threat to SIGINT for two separate but related reasons: • Strong cryptography can prevent any given message from being read or understood. Strong cryptography used primarily by foreign governments with the discipline to use those products on a regular and consistent basis presents the United States with a formidable challenge. Some encrypted traffic regularly intercepted by the United States is simply undecipherable by any known means. • Even weak cryptography, if practiced on a widespread basis by foreign governments or other entities, increases the cost of exploitation dramatically.36 When most messages that are intercepted are unencrypted, the cost to determine whether an individual message is interesting is quite low. However, if most intercepted messages are encrypted, each one has to be cryptanalyzed individually, because the interceptor does not know if it is interesting or not.37 According to Administration officials who testified to the committee, 36This point is echoed in Susan Landau et al., Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy, 1994, p. 25. 37For example, assume that 1 out of every 1,000 messages is interesting and that the cost of intercepting a message is X and the cost of decrypting a message is Y. Thus, each interesting message is acquired at a cost of 1,000 X + Y. However, if every message is encrypted, the cost of each interesting message is 1,000 (X + Y), which is approximately 1,000 Y larger. In other words, the cryptanalyst must do 1,000 times more work for each interesting message.
OCR for page 102
Page 102 the acquisition and proper use of cryptography by a foreign adversary could impair the national security interests of the United States in a number of ways: • Cryptography used by adversaries on a wide scale would significantly increase the cost and difficulty of intelligence gathering across the full range of U.S. national security interests. • Cryptography used by governments and foreign companies can increase an adversary's capability to conceal the development of missile delivery systems and weapons of mass destruction. • Cryptography can improve the ability of an adversary to maintain the secrecy of its military operations to the detriment of U.S. or allied military forces that might be similarly engaged. The above comments suggest that the deployment of strong cryptography that is widely used will diminish the capabilities of those responsible for SIGINT. Today, there is a noticeable trend toward better and cheaper encryption that is steadily closing the window of exploitation of unencrypted communications. The growth of strong encryption will reduce the availability of such intelligence. Using capabilities and techniques developed during the Cold War, the SIGINT system will continue its efforts to collect against countries and other entities newly hostile to the United States. Many governments and parties in those nations, however, will be potential customers for advanced cryptography as it becomes available on world markets. In the absence of improved cryptanalytic methods, cooperative arrangements with foreign governments, and new ways of approaching the information collection problem, it is likely that losses in traditional SIGINT capability would result in a diminished effectiveness of the U.S. intelligence community. 3.4 SIMILARITIES IN AND DIFFERENCES BETWEEN FOREIGN POLICY/NATIONAL SECURITY AND LAW ENFORCEMENT NEEDS FOR COMMUNICATIONS MONITORING It is instructive to consider the similarities in and differences between national security and law enforcement needs for communications monitoring. 3.4.1 Similarities • Secrecy. Both foreign policy and law enforcement authorities regard surreptitiously intercepted communications as a more reliable source than information produced through other means. Surveillance targets
OCR for page 103
Page 103 usually believe (however falsely) that their communications are private; therefore, eavesdropping must be surreptitious and the secrecy of monitoring maintained. Thus, the identity and/or nature of specific SIGINT sources are generally very sensitive pieces of information, and are divulged only for good cause. • Timeliness. For support of tactical operations, near-real-time information may be needed (e.g., when a crime or terrorist operation is imminent, when hostile forces are about to be engaged). • Resources available to targets. Many parties targeted for electronic surveillance for foreign policy reasons or by law enforcement authorities lack the resources to develop their own security products, and are most likely to use what they can purchase on the commercial market. • Allocation of resources for collection. The size of the budget allocated to law enforcement and to the U.S. intelligence community is not unlimited. Available resources constrain both the amount of surveillance law enforcement officials can undertake and the ability of the U.S. SIGINT system to respond to the full range of national intelligence requirements levied upon it. Electronic surveillance, although in many cases critical, is only one of the tools available to U.S. law enforcement. Because it is manpower intensive, it is a tool used sparingly; thus, it represents a relatively small percentage of the total investment. The average cost of a wiretap order is $57,000 (see Appendix D) or approximately one-half of a full-time-equivalent agent-year. The U.S. SIGINT system is a major contributor to the overall U.S. intelligence collection capability and represents a correspondingly large percentage of the foreign intelligence budget. Although large, the U.S. system is by no means funded to ''vacuum clean" the world's communications. It is sized to gather the most potentially lucrative foreign signals and targeted very selectively to collect and analyze only those communications most likely to yield information relating to high-priority intelligence needs. • Perceptions of the problem. The volume of electronic traffic and the use of encryption are both expected to grow, but how the growth of one will compare to that of the other is unclear at present. If the overall growth in the volume of unencrypted electronic traffic lags the growth in the use of cryptography, those conducting surveillance for law enforcement or foreign policy reasons may perceive a loss in access because the fraction of intercepts available to them will decrease, even if the absolute amount of information intercepted has increased as the result of larger volumes of information. Of course, if the communicating parties take special care to encrypt their sensitive communications, the absolute amount of useful information intercepted may decrease as well.
OCR for page 104
Page 104 3.4.2 Differences • Protection of sources. While the distinction is not hard and fast, law enforcement authorities conducting an electronic surveillance are generally seeking specific items of evidence that relate to a criminal act and that can be presented in open court, which implies that the source of such information (i.e., the wiretap) will be revealed (and possibly challenged for legal validity). By contrast, national security authorities are usually seeking a body of intelligence information over a longer period of time and are therefore far more concerned with preserving the secrecy of sources and methods. • Definition of interests. There is a consensus, expressed in law, about the specific types of domestic crimes that may be investigated through the use of wiretapping. Even internationally, there is some degree of consensus about what activities are criminal; the existence of this consensus enables a considerable amount of law enforcement cooperation on a variety of matters. National security interests are defined differently and are subject to refinement in a changing world, and security interests often vary from nation to nation. However, a community of interest among NATO allies and between the United States and the major nations of the free world makes possible fruitful intelligence relationships, even though the United States may at times target a nation that is both ally and competitor. • Volume of potentially relevant communications. The volume of communications of interest to law enforcement authorities is small compared to the volume of interest to national security authorities. • Legal framework. Domestic law enforcement authorities are bound by constitutional protections and legislation that limit their ability to conduct electronic surveillance. National security authorities operate under far fewer legal constraints in monitoring the communications of foreign parties located outside the United States. • Perceptions of vulnerability to surveillance. Parties targeted by national security authorities are far more likely to take steps to protect their communications than are most criminals. 3.5 BUSINESS AND INDIVIDUAL NEEDS FOR EXCEPTIONAL ACCESS TO PROTECTED INFORMATION As noted above in Section 3.1, an employer may need access to data that has been encrypted by an employee. Corporations that use cryptography for confidentiality must always be concerned with the risk that keys will be lost, corrupted, required in some emergency situation, or be
OCR for page 105
Page 105 otherwise unavailable, and they have a valid interest in defending their interests in the face of these eventualities.38 Cryptography can present problems for companies attempting to satisfy their legitimate business interests in access to stored and communicated information: • Stored data. For entirely legitimate business reasons, an employee might encrypt business records, but due to circumstances such as vacation or sick leave, the employer might need to read the contents of these records without the employee's immediate assistance. Then again, an employee might simply forget the relevant password to an encrypted file, or an employee might maliciously refuse to provide the key (e.g., if he has a grudge against his employer), or might keep records that are related to improper activities but encrypt them to keep them private; a business undertaking an audit to uncover or investigate these activities might well need to read these records without the assistance of the employee. For example, in a dispute over alleged wrongdoing of his superiors, a Washington, D.C., financial analyst changed the password on the city's computer and refused to share it.39In another incident, the former chief financial officer of an insurance company, Golden Eagle Group Ltd., installed a password known only to himself and froze out operations. He demanded a personal computer that he claimed was his, his final paycheck, a letter of reference, and a $100 feepresumably for revealing the password.40While technical fixes for these problems are relatively easy, they do demonstrate the existence of motivation to undertake such actions. Furthermore, it is poor management practice that allows a single employee to control critical data, but that issue is beyond the scope of this study. • Communications. A number of corporations provided input to the committee indicating that for entirely legitimate business reasons (e.g., for resolution of a dispute between the corporation and a customer), an employer might need to learn about the content of an employee's communications. Alternatively, an employee might use company communications facilities as a means for conducting improper activities (e.g., leaking company-confidential information, stealing corporate assets, engaging in 38While users may lose or corrupt keys used for user authentication, the procedures needed in this event are different than if the keys in question are for encryption. For example, a lost authentication key creates a need to revoke the key, so that another party that comes into possession of the authentication key cannot impersonate the original owner. By contrast, an encryption key that is lost creates a need to recover the key. 39Peter G. Neumann, Computer-Related Risks, Addison-Wesley, New York, 1995, p. 154. 40Neumann, Computer-Related Risks, 1995, p. 154.
OCR for page 106
Page 106 kickback or fraud schemes, inappropriately favoring one supplier over another). A business undertaking an audit to uncover or investigate these activities might well need to monitor these communications without the consent of the employee (Box 3.4)41 but would be unable to do so if the communications were encrypted. In other instances, a company might wish to assist law enforcement officials in investigating information crimes against it42but would not be able to do so if it could not obtain access to unsanctioned employee-encrypted files or communications. Many, though certainly not all, businesses require prospective employees to agree as a condition of employment that their communications are subject to employer monitoring under various circumstances.43 It is a generally held view among businesses that provisions for corporate exceptional access to stored data are more important than such provisions for communications.44For individuals, the distinction is even 41For example, employees with Internet access may spend so much time on nonworkrelated Internet activities that their productivity is impaired. Concerns about such problems have led some companies to monitor the Internet activities of their employees, and spawned products that covertly monitor and record Internet use. See Laurie Flynn, "Finding On-line Distractions, Employers Strive to Keep Workers in Line," New York Times, November 6, 1995, p. D5. 42A number of examples of such cooperation can be found in Peter Schweizer, Friendly Spies, Atlantic Monthly Press, New York, 1993. 43The legal ramifications of employer access to on-the-job communications of employees are interesting, though outside the scope of this report. For example, a company employee may communicate with another company employee using cryptography that denies employer access to the content of those communications; such use may be contrary to explicit company policy. May an employee who has violated company policy in this manner be discharged legally? In general, employer access to on-the-job communications raises many issues of ethics and privacy, even if such access is explicitly permitted by contract or policy. 44This distinction becomes somewhat fuzzy when considering technologies such as email that serve the purpose of communications but that also involve data storage. Greater clarity is possible if one distinguishes between the electronic bits of a message in transit (e.g., on a wire) and the same bits that are at rest (e.g., in a file). With e-mail, the message is sent and then stored; thus, e-mail can be regarded as a stored communication. These comments suggest that a need for exceptional access to e-mail is much more similar to that for storage than for communications, because it is much more likely that a need will arise to read an e-mail message after it has been stored than while it is in transit. A likely scenario of exceptional access to e-mail is that a user may receive e-mail encrypted with a public key for which he no longer has the corresponding private key (that would enable him to decrypt incoming messages). While this user could in principle contact the senders and inform them of a new public key, an alternative would be to develop a system that would permit him to obtain exceptional access without requiring such actions.
OCR for page 107
Page 107 BOX 3.4 Examples of Business Needs for Exceptional Access to Communications • A major Fortune 1000 corporation was the subject of various articles in the relevant trade press. These articles described conditions within the corporation (e.g., employee morale) that were based on information supplied by employees of this corporation acting in an unauthorized manner and contrary to company policy; moreover, these articles were regarded by corporate management as being highly embarrassing to the company. The employees responsible were identified through a review of tapes of all their telephone conversations in the period immediately preceding publication of the damaging articles, and were summarily dismissed. As a condition of employment, these employees had given their employer permission to record their telephone calls. • Executives at a major Fortune 1000 corporation had made certain accommodations in settling the accounts of a particular client that, while legal, materially distorted an accounting audit of the books of that client. A review of the telephone conversations in the relevant period indicated that these executives had done so knowingly, and they were dismissed. As a condition of employment, these executives had given their employer permission to record their telephone calls. • Attempting to resolve a dispute about the specific terms of a contract to sell oil at a particular price, a multinational oil company needed to obtain all relevant records. Given the fact that oil prices fluctuate significantly on a minute-by-minute basis, most such trades are conducted and agreed to by telephone. All such calls are recorded, in accordance with contracts signed by traders as a condition of employment. Review of these voice records provided sufficient information to resolve the dispute. • A multinational company was notified by a law enforcement agency in Nation A regarding its suspicions that an employee of the company was committing fraud against the company. This employee was a national of Nation B. The company began an investigation of this individual in cooperation with law enforcement authorities in Nation B, and in due course, legal authorization for a wiretap on this individual using company facilities was obtained. The company cooperated with these law enforcement authorities in the installation of the wiretap. SOURCE: Anonymous testimony to the Committee to Study National Cryptography Policy. sharper. Private individuals as well as businesses have a need to retrieve encrypted data that is stored and for which they may have lost or forgotten the key. For example, a person may have lost the key to an encrypted will or financial statement and wish to retrieve the data. However, it is much more difficult to imagine circumstances under which a person might have a legitimate need for the real-time monitoring of communications.
OCR for page 108
Page 108 3.6 OTHER TYPES OF EXCEPTIONAL ACCESS TO PROTECTED INFORMATION The discussion of exceptional access above involves only the question of encryption for confidentiality. While it is possible to imagine legitimate needs for exceptional access to encrypted data (for purposes of ensuring secrecy), it is nearly impossible to imagine a legitimate need for exceptional access to cryptography used for the purposes of user authentication, data integrity, or nonrepudiation. In a business context, these cryptographic capabilities implement or support longstanding legal precepts that are essential to the conduct of commerce. • Without unforgeable digital signatures, the concept of a binding contract is seriously weakened. • Without trusted digitally notarized documents, questions of time precedence might not be legally resolvable. • Without unforgeable integrity checks, the notion of a certifiably accurate and authentic copy of digital documents is empty. • Without strong authentication and unquestionable nonrepudiation, the analog of registered delivery in postal systems is open to suspicion.45 With exceptional access to the cryptography implementing such features or to the private keys associated with them, the legal protection that such features are intended to provide might well be called into question. At a minimum, there would likely be a questioning of the validity or integrity of the protective safeguards, and there might be grounds for legal challenge. For example, a businessperson might have to demonstrate to the satisfaction of a court or jury that he has properly and adequately protected the private keys used to digitally sign his contracts. It is conceivable that the government, for national security purposes, might seek exceptional access to such capabilities for offensive information warfare (see Chapter 2); however, public policy should not promote these capabilities, because such access could well undermine public confidence in such cryptographic mechanisms. 45 In fact, digital signatures and nonrepudiation provide a stronger guarantee than does registered delivery; the former can be used to assure the delivery of the contents of an "envelope," whereas postal registered delivery can only be used to assure the delivery of the envelope.
OCR for page 109
Page 109 3.7 RECAP In general, cryptography for confidentiality involves a party undertaking an encryption (to protect information by generating ciphertext from plaintext) and a party authorized by the encryptor to decrypt the ciphertext and thus recover the original plaintext. In the case of information that is communicated, these parties are in general different individuals. In the case of information that is stored, the first party and the second party are in general the same individual. However, circumstances can and do arise in which third parties (i.e., decrypting parties that are not originally authorized or intended by the encrypting party to recover the information involved) may need access to such information. These needs for exceptional access to encrypted information may arise from businesses, individuals, law enforcement, and national security, and these needs are different depending on the parties in question. Encryption that renders such information confidential threatens the ability of these third parties to obtain the necessary access. How the needs for confidentiality and exceptional access are reconciled in a policy context is the subject of Part II.
OCR for page 110
Representative terms from entire chapter: