Harvard Law School > Berkman Center > Open Education > Cyberprivacy > Self-Help > Cryptography > Arguments Against Restrictions >

PRIVACY IN CYBERSPACE

Arguments Against Restrictions on Cryptography -- Free Commerce and the Right to Privacy

Opposition to restrictions on the free use of high-level encryption has come from many corners. The U.S. computer industry, led by its trade association called the Americans for Computer Privacy (ACP), and civil liberties groups, such as the ACLU, have been the most vocal opponents to the government’s proposed restrictions.

The Americans for Computer Privacy, which is supported by generous funding from big corporations like Microsoft, Intel and Cisco, argue that strong, unfettered cryptography is necessary not only for the protection of individual rights and liberties (arguments that will be discussed more in the context of the ACLU’s position), but is also important for commercial reasons.[56] This commerce argument has two components: 1) restrictions on encryption will hold American businesses from realizing the full potential of Internet commerce within the United States; and 2) those restrictions will detriment the competitive advantage that American businesses currently enjoy over foreign competitors. With respect to the first line of argument, ACP points out that the benefits of moving business onto the Internet is undisputed -- transaction costs get cut down, the speed of commerce will accelerate exponentially, and potentials for human error are reduced as transactions are digitized.[57] However, without the security of strong encryption, customers will be wary of conducting business online. Without assurance that no one, including the government, can intercept and misuse the data that they electronically submit, ACP argues that customers will be discouraged from sending sensitive information (i.e., credit card information) over the Internet.[58] This reluctance to use the Internet as a commerce medium will thus lead to the under-utilization of the Internet’s true business potential. Therefore, ACP believes that strong encryption without allowing for government to have a back door access to encrypted messages is indispensable for tapping the Internet’s full commerce potential.[59]

Along with enabling companies to unlock the Internet’s full business potential within the United States, ACP argues that strong encryption without providing for a government back door is necessary to maintain U.S. companies’ strength relative to foreign companies.[60] Currently, American companies are world leaders in computers and communications, where success in global markets is an essential ingredient in maintaining a competitive advantage. However, the market for information technology is one in which capable foreign competitors stand ready to pick up the baton of technological leadership should American companies stumble. If, for example, the United States government imposes restrictions on high-level encryption that other countries (such as France) do not, wouldn’t a customer who is greatly concerned with information security but otherwise indifferent between the two firms, want to choose to transact business with the French company? ACP fears that if this selection away from the United States happens on a macro-level, American companies will lose the competitive advantage that it currently enjoys over foreign companies.[61]

A more prevalent line of attack against restrictions on encryption programs has been the argument that giving government a back door access to high-level encryption programs, as proposed originally by the Clinton administration and subsequently by the Secure Public Networks Act (sponsored by Senators McCain, Kerrey, Kerry, and Hollings), is an invasion of individuals’ right of privacy. This argument has been most fervently voiced by the ACLU. The ACLU warns that:

Without the right to strong, non-key recovery encryption, the black strips on the back of our credit, cash, and identity cards, the electronic keys being distributed by gasoline companies to enable the purchase of gas with the wave of a wand, the E-Z passes for paying tolls electronically, and the imminent arrival of compact digital cell phones that also function as computers, e-mailers, and pagers, will all be vulnerable to both governmental and non-governmental spying, both authorized and unauthorized.[62]

Privacy advocates, like the ACLU generally believe that electronic surveillance, whether through bugging devices, wiretaps, or ready access to encryption keys, is fundamentally at odds with personal privacy. They argue that electronic surveillance is the worst form of a general search (prohibited by the Fourth Amendment), which necessarily captures not only the communications of its specific targets, but those of countless others who happen to come in contact with the targets or use the same lines.[63] In their opinion, free citizens must have the ability to conduct direct, instantaneous, spontaneous, and private communication using whatever technology is available.[64] Without the knowledge and assurance that private communications are indeed private, habits based upon fear and insecurity will gradually replace the habits of freedom.[65]

Privacy advocates couch much of their rhetoric in terms of the provisions and purposes of the Fourth Amendment. The Fourth Amendment, which states, in pertinent part, that “The right of the people to be secure in their persons, papers, and effects, against unreasonable searches and seizures, shall not be violated” was adopted in response to the English Parliament’s practice of giving colonial revenue officers complete discretion to search for smuggled goods by means of writs of assistance. The writs permitted colonial authorities, including British troops, to enter homes and offices at will and search any person or place they wanted. The early Americans rebelled against these general searches, and on the eve of the Declaration of Independence, Samuel Adams said that he regarded the opposition to general searches as “the Commencement of the Controversy between Great Britain and America.” It is fair to say that absolute protection from general government searches is one of America’s founding principles. [For more background on the Fourth Amendment, see Module IV.]

Privacy advocates point out that when the framers struck the original balance between personal privacy and the needs of law enforcement, remote listening devices had not yet been invented. But, they argue, had they existed, the framers would not have approved of them. Privacy advocates argue that electronic surveillance constitutes a general search by definition, not a search limited to specific objects, people, and places as required by the Fourth Amendment. Instead, wiretapping, bugs, and keys to encrypted messages intrude on the most intimate aspects of human life, hearing and seeing everything and everyone.[66] A tap on the phone of one person necessarily captures the conversations of anyone who happens to use that phone or call that number. Likewise, unlocking one person’s encryption code subjects all people who electronically communicate with that person to government surveillance. Furthermore, privacy advocates argue that the requirement that law enforcement obtain a warrant before unlocking a person’s encryption code will not ameliorate the problem.[67] Electronic eavesdropping cannot be regulated by a warrant precisely because of its dragnet quality; the object to be seized or the premises to be searched cannot be limited or even specified, because it is in the very nature of the technology to capture everything. Moreover, the warrant requirement will not, in all likelihood, serve as an adequate safeguard to obtaining encryption keys. With respect to wiretaps, the ACLU points out that although government agents must obtain a warrant, their requests are almost never turned down by judges or magistrates -- in fact, between 1990 and 1998, only one request by a law enforcement for a wiretap was rejected.[68]

Not only will the existence of a government back door to encrypted messages have a chilling effect on private electronic communication, privacy advocates argue that non-key recovery systems (i.e., unbreakable encryption programs) are not detrimental to law enforcement, as the DOJ and FBI fear. The ACLU argues that the government’s own records show that electronic surveillance is of marginal utility in preventing or solving serious crimes.[69] Between 1987 and 1998, fewer than 0.2 percent of all law enforcement wiretap requests were made in the investigation of bombings, arsons, or firearms.[70] Nor is wiretapping often used in other crimes of violence, such as homicide, assault, rape, robbery, and burglary. Instead, the vast majority of wiretaps and other forms of surveillance have been authorized in connection with vice crimes, such as gambling and drug offenses -- in fact, 83 percent of the wiretap cases between 1987 and 1998 were crimes of this nature.[71] Although vice crimes are nonetheless punishable felonies, they do not rise to the same level of endangering public safety as crimes of violence. Privacy advocates believe that the disproportionate use of electronic surveillance to vice crimes as opposed to crimes of violence would be similar with respect to government’s access to encrypted programs.[72] If true, privacy advocates argue that having unbreakable encryption would not be detrimental to law enforcement.

In contrast to the marginal utility that electronic surveillance has to the protection of public safety, privacy advocates argue that such surveillance has (and will continue if the government is allowed a back door to encryption programs) resulted in demonstrable violations of the privacy rights of vast numbers of Americans. According to statistics released by the Administrative Office of the U.S. Courts and the DOJ, 2.2 million conversations were captured in 1996, of which a total of 1.7 million conversations were deemed not incriminating by prosecutors.[73]

Lastly, privacy advocates argue that high-level encryption provides individuals with a self-help mechanism against computer crime, theft, and fraud. As discussed in earlier section, encryption prevents sensitive information, such as bank records, medical information, and credit card numbers, from being misused by hackers and other Internet snoopers. Therefore, high-level, unbreakable encryption can actually deter and prevent crime. According to privacy advocates, by requiring back door access to all encrypted messages via a key-recovery system, the government will be introducing a flaw into the effective self-help mechanism that encryption provides. By its very design, a key recovery system introduces a system weakness; it is deliberately designed to allow access in certain exceptional circumstances.[74] Therefore, the fear is that if the procedures that protect against abuse of that access somehow failed, information would be left unprotected.[75] Since the government, under a key recovery system, would have the keys to all high-level encrypted messages, what would happen if the keys got into the wrong hands? What would happen if corrupt police officers or hackers that break into government files were able to access these keys? The potential for crime and danger in this scenario would be endless.

Furthermore, a key recovery system could weaken the confidentiality provided by an encryption system by providing an access path that can be compromised.[76] For example, if a party external to a corporation has the encryption keys to that corporation’s encrypted information in escrow, the corporation is more vulnerable to a loss of confidentiality, because the external party can become the target of theft, extortion, or blackmail by unauthorized parties who are seeking that information. As a result, privacy advocates argue that, contrary to what the FBI and DOJ believe, there would actually be more crime if society operated under a key recovery system than under a non-key recovery system.

The economic analysis and constitutional rhetoric put forth by the opponents to a government key recovery system has resonated with the American public and with both the House of Representatives and the Senate. As a result of this public support, as well as a strong lobbying campaign put forth by the American computer industry prior to the 2000 Presidential election, the Clinton administration backed off from its key recovery system proposal and greatly liberalized the government’s policy with respect to high-level encryption.[77] As it stands now, government does not have a back door access to high-level encrypted information and, with some minor exceptions, encryption has now been left unfettered by government regulation. Although the debate of how encryption policy should be formulated has come to rest for the time being, is having strong, unfettered encryption necessarily good for America and its citizens and consumers?

Next: Another way to look at the policy debate...