U.S.
Policy on ENCRYPTION Should Protect Our Right to Privacy "The right of the people to be
secure in their persons, papers and effects, against unreasonable searches and seizures,
shall not be violated..."
- the Fourth Amendment to
the U.S. Constitution
In the United States today, Americans are
free to protect the privacy of their computer files and communications by using the
strongest encryption technology available. But the Administration's FBI and even some
Members of Congress want to take away that freedom by outlawing your ability to
communicate and store information in a way that is not relatively quick and easy for the
government to read.
Encryption is technology that "encodes" computer files and communications,
much like a combination lock secures a filing cabinet. On the global front, strong
encryption products are widely available from foreign manufacturers, but Administration
policy hamstrings American companies by preventing them from exporting equally strong
products. It is costing both American jobs and American leadership in the global
information economy.
A solid majority in the U.S. House of Representatives has cosponsored a bill to protect
the freedoms Americans currently enjoy when it comes to computer privacy and to lift
restrictions on the sale of U.S. encryption products overseas. That bill is the Security and Freedom through Encryption (SAFE) Act (H.R. 850),
championed by Reps. Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA).
Any legislation
passed should protect our privacy.
Any bill that Congress passes affecting
encryption should ensure that American citizens, businesses and institutions can continue
to buy and use the strongest encryption technology available to protect themselves, their
customers and their stakeholders from crime, without fear of unwarranted government
intrusion. The SAFE Act would do just that.
Why? Computer technology has rapidly become a fundamental element of day-to-day life.
Encryption is what protects computer files and communications from eavesdroppers, thieves
and other criminals. It protects medical records, corporate trade secrets, data on
personal buying habits, air-traffic control centers, legal documents, credit histories,
hospital databases, credit card transactions, e-mail and government files.
But the
Administration and the FBI have other ideas.
For every encryption code, there exists a
"key" to unlock that code, much like a bank card PIN number provides access to a
bank account or the proper numerical sequence opens a combination lock. For years, the
Administration has pursued a policy of "key recovery" to enable federal agencies
to more easily access confidential personal and business electronic files and
communications. To that end, the FBI now proposes far-reaching legislation that threatens
to put the "key" to your locked computer files, and the "keys" to
other locked computer files with information about you, in the hands of
government-approved "third parties." In fact, your existing freedom to encrypt
data and communications without giving some "third party" a "key"
would be outlawed.
The FBI's goal is to obtain access to those keys without your knowledge in order to
investigate criminal activity. The result would be a vastly overreaching and unprecedented
system of information access that would allow the government to obtain more personal
information than ever before.
It would turn
inside-out your Fourth Amendment right against unlawful search and seizure by making
you a criminal if you refuse to supply encryption "keys" from
government-approved "third parties." In essence, your ability to communicate and
store information in a way that is not relatively quick and easy for the government to
read would be prohibited by law.
Here is how the
FBI plan would threaten your rights:
FBI Director Louis Freeh compares his
proposal to wiretapping telephones after obtaining a court warrant. But if Congress
requires "third parties" to hold encryption "keys," that are subject
to a warrant, it would do more than allow court-ordered wiretaps. It would require you to
store computer data only in formats that law enforcement can easily understand and
conveniently access -- often without your knowledge. It would provide law enforcement
greater access to private information, which is fundamentally intrusive and threatens our
constitutionally protected right to privacy.
No government policy can ensure that encryption "keys" deposited with
"third parties" will be handled responsibly. In a 1996 Presidential Commission
report on encryption policy, the National Research Council (NRC) warned, "Escrowed
encryption [encryption for which a third party holds a key] by design introduces a system
weakness ... and so if the procedures that protect against improper use of that access
somehow fail, information is left unprotected." As the number of keys that would
require proper storage multiplies daily - reaching into the billions - holding "third
party" key-holders accountable would be virtually impossible.
If strangers could unlock encrypted computer files containing confidential information
about you - whether stored at your home, a hospital, an insurance company or bank - that
information could fall into the wrong hands. Health records, credit card numbers, credit
histories and tax information protected by encryption could all become more vulnerable to
misuse.
Strong
encryption enhances law enforcement.
The widespread use of strong encryption -
when users hold their own "keys" - actually helps law enforcement fight crime by
deterring criminals from viewing, tampering with or stealing private information. Imagine
the potential increase in computer crimes if all the information on computers and
information networks protected by encryption became more susceptible to theft or tampering
because encryption keys were being widely misused under a misguided government policy.
U.S. companies are missing out on a critical growth opportunity and are losing global,
technological leadership that benefits U.S. law enforcement. In addition, air traffic
control centers, electric-power grids, defense systems, financial services, oil and gas
producers and suppliers, telecommunications networks and the stock market all operate and
communicate by computer. If "third-party" key recovery "introduces a system
weakness," as the National Research Council (NRC) points
out, these infrastructures will be at greater risk.
Any legislation
should better position the U.S. in world markets.
Back in 1991, a multilateral agreement among
Western nations ended restrictions on the export of most encryption products, but the U.S.
maintained its rigid controls. Today, while that policy hamstrings U.S. manufacturers,
companies from more than 20 other nations have developed hundreds of products to take
advantage of the booming demand among law-abiding customers for strong encryption.
Furthermore, Americans are losing jobs. A Computer Systems Policy Project study showed
the restrictions could cost the U.S. economy $60 billion and 200,000 high-skill, high-wage
jobs by the year 2000. The NRC warned in early 1996, "U.S.
export controls may stimulate the growth of significant foreign competition for U.S.
vendors to the detriment of both U.S. national security interests and U.S. businesses and
industry." That impact is being felt today.
Encryption is a fundamental building block of the information age. Any bill Congress
passes should ease the restrictions on the export of strong encryption products to allow
U.S. industries to compete on a level playing field in a booming global market.
Congress must
act today!
Americans for Computer Privacy
enthusiastically supports the Security and Freedom through Encryption (SAFE) Act (H.R.
850), championed by Reps. Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA), and cosponsored by
a solid majority of the U.S. House. The legislation would:
Affirm Americans' freedom to use the strongest possible encryption. Defeat attempts to
force Americans to provide the government or some government-approved "third
party" with "keys" to their encrypted information.
Allow the U.S. to compete in the rapidly growing global market for strong encryption
products.
Protect Your Rights. Join Americans for
Computer Privacy!
Membership costs you nothing. Don't allow the federal government to violate your Fourth
Amendment rights and place your personal transactions, business secrets, or organizational
operations in jeopardy. Join today.
Information courtesy of Americans
for Computer Privacy (ACP)
Next
|