IP: DOJ Proposes Secret Searches

[Dave Farber <farber@cis.upenn.edu>]

>X-Sender: cdt5@pop.cais.com
>Date: Fri, 20 Aug 1999 12:41:25 -0400
>To: farber@cis.upenn.edu
>From: Alan Davidson <abd@cdt.org>
>Subject: DOJ Proposes Secret Searches
>
>This is a *very* dangerous new proposal from the Justice Department. The
>bulk of the bill is about legal standards for access to keys; some helpful,
>many too weak. But by far the most dangerous part of the bill is a small
>section that would allow government agents to install a "recovery device"
>on a computer without notice to the owner.
>
>CDT's analysis of the proposal follows below. Please excuse any multiple
>postings. The bill and other DOJ docs are online at
>http://www.cdt.org/crypto/CESA
>
>         -- Alan
>
>Alan Davidson, Staff Counsel                 202.637.9800 (v)
>Center for Democracy and Technology          202.637.0968 (f)
>1634 Eye St. NW, Suite 1100                  <abd@cdt.org>
>Washington, DC 20006                         PGP key via finger
>
>
>
>=============================================================
>C D T   P O L I C Y   P O S T
>****************************************************
>A BRIEFING ON PUBLIC POLICY ISSUES
>AFFECTING CIVIL LIBERTIES ONLINE
>from
>THE CENTER FOR DEMOCRACY AND TECHNOLOGY
>****************************************************
>Volume 5, Number 19      August 20, 1999
>=============================================================
>
>CONTENTS:
>(1) Justice Department Proposes Secret Searches of Homes, Offices
>(2) If the Government Wants Your Data, It Should Come to You For It
>(3) Proposal Also Sets Standards for Access to Escrowed Keys
>(4) Subscription Information
>(5) About the Center for Democracy and Technology
>
>** This document may be redistributed freely with this banner intact **
>Excerpts may be re-posted with permission of ari@cdt.org
>This document is also available at:
>http://www.cdt.org/publications/pp_5.19.html
>_______________________________________________________________________
>
>(1) JUSTICE DEPARTMENT PROPOSES SECRET SEARCHES OF HOMES, OFFICES
>
>The Justice Department is planning to ask Congress for new authority
>allowing federal agents armed with search warrants to secretly break into
>homes and offices to obtain decryption keys or passwords or to implant
>"recovery devices" or otherwise modify computers to ensure that any
>encrypted messages or files can be read by the government.
>
>With this dramatic proposal, the Clinton Administration is basically
>saying: "If you don't give your key in advance to a third party, we will
>secretly enter your house to take it if we suspect criminal conduct."
>
>The full text of the Justice Department proposal, a section-by-section
>analysis prepared by DOJ lawyers, and related materials are available at:
>http://www.cdt.org/crypto/CESA.
>
>The proposal has been circulating within the Clinton Administration since
>late June.  On August 5, the Office of Management and Budget circulated it
>for final interagency review.  In the normal course, after all potentially
>interested agencies have been consulted, the proposal would be transmitted
>to Capitol Hill, where it could be introduced by any Member, or offered as
>an amendment to pending legislation.
>_______________________________________________________________________
>
>(2) IF THE GOVERNMENT WANTS YOUR DATA, IT SHOULD COME TO YOU FOR IT
>
>The proposal is intended to eliminate a core element of our civil
>liberties. Normally, under the Fourth Amendment in the Bill of Rights, when
>the government wants to search your home or office, the government must
>obtain a court order issued by a judge based on a finding of probable cause
>to believe that a crime is being committed AND the government must provide
>you with contemporaneous notice of the search --  show you the warrant and
>leave an inventory of the items seized.
>
>This notice requirement has ancient roots.  It is based on the notion that
>the judicial warrant (issued on the basis of the government agent's
>untested assertions presented to a judge in private) does not provide
>adequate protection against abuse.  Notice is important because it gives
>you the opportunity to observe the conduct of the government agents and
>protect your rights.  If the agents are exceeding the scope of the warrant,
>for example, you can even rush down to the courthouse and ask a judge to
>stop the search.  And after the search, you can exercise your rights for
>return of your property and otherwise defend yourself.
>
>Over time, our society has tolerated exceptions to this rule. For example,
>the government can enter secretly to plant bugs to pick up oral
>communications or to bug your phone, but that is quite rare.  Most wiretaps
>do not involve entry into the home.  A few courts in a few cases have
>allowed so-called "sneak and peek" searches, in which government agents can
>enter surreptitiously, provided they don't take anything.   And in the name
>of foreign counterintelligence, the government has long conducted "black
>bag jobs," such as the one in which they searched the home and computer of
>CIA employee Aldrich Ames.
>
>The new DOJ proposal is a huge expansion of these previously narrowly defined
>exceptions.  The proposal takes extraordinary cases at the fringes of the
>law and makes them routine, given the increasingly ubiquitous nature of
>computers.
>
>Thus, the encryption debate, which up until now has been about privacy and
>security in cyberspace, is becoming a struggle over the sanctity of the
>home.
>_______________________________________________________________________
>
>(3)  PROPOSAL ALSO SETS STANDARDS FOR ACCESS TO ESCROWED KEYS
>
>The proposal also includes detailed procedures for government access to
>keys and other forms of decryption assistance stored with third parties.
>Again, the essence of the DOJ proposal is government access to keys without
>the knowledge or cooperation of the crypto user.
>
>The DOJ claims that these key recovery provisions provide greater
>protection for lawful users of encryption, by making it clear that a third
>party holding a decryption  key or other recovery information cannot
>disclose it or use it except in accordance with the procedures set forth in
>the Act.  The DOJ-drafted procedures are complicated and unique, turning on
>unanswered questions of what is "generally applicable law" and what is a
>"constitutionally protected expectation of privacy."  They fall far short
>of protections proposed by Sen. Patrick J. Leahy (D-VT) in the Electronic
>Rights for the Twenty-First Century (E-RIGHTS) bill, S. 854, described at
>http://www.cdt.org/crypto/legis_106/ERIGHTS/
>
>In any case, few individuals use third party key recovery, and there seems
>to be little individual or corporate interest in key recovery for
>communications, so even the strictest procedures for access to escrowed
>keys would be vastly outweighed by the proposed secret searches of homes
>and offices.
>
>In the small comfort department, the DOJ proposal makes it clear that key
>escrow or third party key recovery would not be mandatory.
>_______________________________________________________________________
>
>(4) SUBSCRIPTION INFORMATION
>
>Be sure you are up to date on the latest public policy issues affecting
>civil liberties online and how they will affect you! Subscribe to the CDT
>Policy Post news distribution list.  CDT Policy Posts, the regular news
>publication of the Center for Democracy and Technology, are received by
>Internet users, industry leaders, policymakers, the news media and
>activists, and have become the leading source for information about
>critical free speech and privacy issues affecting the Internet and other
>interactive communications media.
>
>To subscribe to CDT's Policy Post list, send mail to
>
>      majordomo@cdt.org
>
>In the BODY of the message (leave the SUBJECT LINE BLANK), type
>
>      subscribe policy-posts
>
>If you ever wish to remove yourself from the list, send mail to the above
>address with NOTHING IN THE SUBJECT LINE and a BODY TEXT of:
>
>     unsubscribe policy-posts
>
>
>_______________________________________________________________________
>
>(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
>
>The Center for Democracy and Technology is a non-profit public interest
>organization based in Washington, DC. The Center's mission is to develop
>and advocate public policies that advance democratic values and
>constitutional civil liberties in new computer and communications
>technologies.
>
>Contacting us:
>
>General information:  info@cdt.org
>World Wide Web:       http://www.cdt.org/
>
>
>Snail Mail:  The Center for Democracy and Technology
>              1634 Eye Street NW * Suite 1100 * Washington, DC 20006
>              (v) +1.202.637.9800 * (f) +1.202.637.0968
>
>
>-----------------------------------------------------------------------
>End Policy Post 5.19
>-----------------------------------------------------------------------
>
>Jim Dempsey
>
>Center for Democracy and Technology
>1634 I Street, NW Suite 1100
>Washington DC, 20006
>voice: 202.637.9800      fax: 202.637.0968
>jdempsey@cdt.org
>
>                 * WORKING FOR DEMOCRATIC VALUES IN A DIGITAL AGE *
>                 Protecting Free Speech and Privacy on the Internet
>                               http://www.cdt.org/