BI Director William Freeh and Attorney General Janet Reno are supporting legislation in Congress that will prevent American companies from producing and selling products using encryption software. They argue that encryption will facilitate terrorism and organized crime because it will prevent the government from intercepting the communications of terrorists and organized crime groups. My experience in law enforcement leads me to believe that the controls favored by the FBI and the Justice Department are unachievable. Furthermore, imposing such restrictions on American companies is more likely to increase terrorism and crime than to decrease them.

Encryption, the practice of coding messages, is now routinely used in computer software programs designed to protect the privacy of telephone, fax, e-mail, Internet communications, ATM transactions, storage of business and government data and myriad other necessary and desirable applications. The controls that the federal government would impose are Orwellian in the scope of their intrusiveness. They amount to no less than the U.S. government asking software companies to provide them with a "key" to be held in escrow that would allow the interception of every electronic communication anywhere in the world.

The genius of American industrial technology has produced the most dynamic economy and the greatest individual prosperity in the history of civilization. Simultaneously, it has enabled the U.S. government to acquire the most powerful armed forces ever developed. It is no exaggeration to say that the innovations of American technology are responsible for the United States becoming the world’s foremost economic and military power. The resulting political stability and resources have likewise enabled America to provide leadership for the free world. Consequently, it is ironic that the federal government now constitutes the largest threat to the very industry on which our future economic health and continued leadership of the free world depend.

The Proposal

he Clinton administration wants to prevent American companies from producing and selling products using encryption software on the grounds that such products will prevent law enforcement agencies from intercepting and decoding the communications of terrorists and other criminals. Under legislation pending in Congress, American companies would be required to provide the government, or a third party known to the government, with a key to decode all encrypted communications and data. The key would then be accessible to a law enforcement agency if sometime in the future it obtained a court order permitting interception. The legislation further requires that the key provide a plain-text version of the information within a two-hour period. This would apply to all e-mail, fax, telephone, Internet and other electronic communications, whether foreign or domestic. In addition, the proposed legislation requires that the key prevent both the owner company and other parties to the communication from knowing that their communications or transactions are being monitored. In other words, if you operate a business that requires confidentiality of electronic communications, you would be forced to use a system that gives another party the ability to decode all your messages without your knowledge. And your internal audit control systems would never reveal that your system had been penetrated. Furthermore, you would not know if the communications systems of companies with which you communicate are being monitored.

The Economic Costs

he law enforcement demands for elaborate keys and the resulting security requirements for whoever possesses the keys rest on technology that does not exist and may not be possible. The costs for developing the technology are to be borne by the companies developing and marketing the product. This means that their products will cost more, possibly enormously more, than those produced by foreign competitors. Additionally, even if comparable in cost, American products would not be competitive with products of foreign companies that provide secure encryption systems.

Our government ignores the fact that secure encryption software is already commonplace. The United States embargo against exporting encryption programs cannot halt the march of innovative technology. It simply encourages foreign entrepreneurs to fill the gap because the European Commission has refused to accept the U.S. standards for encryption control. Europe will not cripple its growing technology industry. Indeed, the Wall Street Journal recently reported that European technology firms were elated by U.S. restrictions on domestic companies and were capitalizing on the developing demand for secure encryption. American companies are restricted in their development of software programs for both domestic and foreign customers since many common computer programs, such as those for ATM transactions, and e-mail, fax programs, are encrypted or contain audit components that alert the owners that their systems have been entered.

The Threat to Privacy

he various keys would be so technologically broad and so discreet that they would allow government surveillance on an unprecedented scale. Billions of communications would be susceptible to interception, in contrast to present court-approved wiretaps of telephones. Although a court-approved order giving a law enforcement agency a key would be based on suspicions of criminal activity by a specific individual or group, the subsequent information gathering could involve anyone in the world. And the provision that the use of the key would not be detected by the system means that the parties whose confidentiality was compromised might not learn about it for years, if ever. The resulting jeopardy to First Amendment rights of freedom of speech, Fourth Amendment rights against unlawful search and seizure, and Fifth Amendment rights against self incrimination and taking of property would be enormous. Because the government would mandate that software manufacturers and their customers provide a key with which law enforcement agents might surreptitiously scrutinize not just a single individual or group of individuals covered by the court order but a system or systems containing millions of pieces of data and communications, the legislation would negate constitutional rights we take for granted.

The Effect on Crime and Terrorism

he FBI and some law enforcement groups claim that,without encryption control organized crime and terrorism cannot be prevented. This is a powerful argument given the tragic deaths in the bombings of the World Trade Center in New York, the federal building in Oklahoma City and the embassies in Africa. Playing the terrorism card raises strong emotions of patriotism and justifiable anger against terrorism. Yet public policy affecting the nation’s safety and economic health should be made on an objective basis.

Shortly after the Oklahoma City bombing the president and congressional leaders of both parties rushed before television cameras and vowed to expand FBI authority, despite the testimony of Mr. Freeh that the bureau did not need additional authority. I visited the federal buildings in both San Jose and San Francisco a week later and found no additional security measures in effect. Although the terrorists in New York and Oklahoma City had used vehicle bombs, it was still possible to park a truck or car bomb adjacent to the buildings. Likewise, in Africa, neither embassy building had been brought up to the government’s security standards. We must question why our government, with a spotty record of taking routine security precautions to prevent terrorist attacks, is proposing a scheme of incredible regulatory control of industry based on mere speculation that it might at some future time intercept a terrorist communication.

No one would deny the value of penetrating codes used by criminals or foreign enemies. Breaking the Japanese Purple code and the German Enigma encryptions during the Second World War was of great value. But such intelligence coups do not belong exclusively to the good guys. Our own military, law enforcement agencies and legitimate businesses need secure encryption. Military and law enforcement groups will, of course, attempt to persuade Congress that keys to their systems must remain in their care and be securely encrypted. The government, however, will mandate that companies cannot have secure systems subject to audits. This will make sensitive communications systems more attractive targets for cybercriminals and terrorists. They will recognize that stealing a key from a third party will provide more access to information and will be less likely to be discovered in time to prevent the damage.

The most frustrating aspect of the government’s encryption control proposal is that encryption control is not only irrelevant in terms of protecting national security and preventing crime, but it is counterproductive as well. The government supports its case by alleging that it is aware of five hundred instances in which foreign suspects used encryption. Why then is it not clear that terrorists and organized crime groups are presently capable of using secure encryption? This technology is already here. But even the more advanced secret programs will not remain that way. How can we forget that a far more guarded secret—the technology of making atomic bombs—was stolen by the Soviet Union despite being under the tightest government security in history? Try as we may, we cannot put the genie of technology back into the bottle.

A Misguided Policy

he main scheme suggested by the FBI and the Justice Department requires U.S. manufacturers to install "third-party" keys. These devices would be held by nongovernment organizations and made available to law enforcement only by judicial order. But if we cannot trust the White House, the FBI, and the Department of Justice to protect this information, why is it any more desirable to trust private businesses that have even fewer legal restrictions over the conduct of their employees?

During my 15 years as police chief of San Jose, America’s 11th largest city, it became the safest major city despite having the lowest per capita police staffing. Sure, we had some great cops, but the crime rate dropped because we were in the heart of the computer industry which reduced the local unemployment rate to 2 percent. It would be tragic if Congress, in the name of helping law enforcement, produced more unemployment and crime by accepting the current encryption control proposals. No one would be happier than America’s terrorist enemies.  NJ

Joseph D. McNamara, the former police chief of Kansas City, Missouri and San Jose, California, is a research fellow at the Hoover Institution where this article was originally published in the Hoover Digest: Research and Opinion on Public Policy. It is reprinted by permission of the publisher, Hoover Institution Press, and bears a 1999 copyright by the Board of Trustees of the Leland Stanford Junior University.

Join NPRI

Journal front | Search | Comment | Sponsors