6.805/STS085: Listening in the Dark - Wiretapping and Privacy in America

David Fillingham

Current U.S. encryption policy could be described as a muddle. The computer industry would like to sell encryption devices and software, but export restrictions and government objections make the sale of user-friendly domestic encryption products financially unattractive. As a result, encryption is not widely used. Domestic communications are generally vulnerable not only to wiretaps executed under lawful authority, but from foreign adversaries and domestic criminals as well - including criminals who might wear the uniforms of local, state or federal law enforcement. Most of the encryption products that are available provide no mechanism for law enforcement access, making them useful tools for criminal operations. The conflict between national security, law enforcement and civil libertarian interests has created a policy deadlock that serves no legitimate purpose, and leaves all parties to the discussion dissatisfied.

This paper will provide an account of the thoughts, laws, and judicial decisions leading to this deadlock, and show that the current unclear situation is, in fact, the normal state of affairs as judged by wiretapping policy throughout U.S. history. The encryption controversy can be seen as an extension of a long running electronic surveillance debate, to which the American people only recently reached a consensus. The invention of public key cryptography upset this short-lived consensus, and returned the status of wiretapping to the confused and murky state that is normal for this country. The long history of government attempts to reconcile privacy and law enforcement/national security concerns vis a vis wiretapping policy may provide some insight on how - and when - a new consensus might be reached on the key access question.

The entire wiretap debate is an elaboration of a single question: Do the collective interests of society outweigh individual privacy rights? This fundamental question has been deliberated in general terms since before the formation of the United States and has been debated in the context of wiretapping since the turn of the century. The introduction of public key cryptography in 1978 added another technology to the debate, but left unchanged the fundamental question of privacy versus societal needs.

The government is charged with enforcing the law, and with protecting individual privacy rights - but of course no one values their privacy more than criminals! There is a fundamental conflict of interest between privacy and law enforcement. The history of the US Government’s attempt to reconcile these interests is long and tortured. First I’ll sketch the development of a basis for privacy, describing why it is that we feel we have such a right. Next I’ll describe the competing law enforcement and national security interests.

Many large and scholarly tomes have been written on the topic of the origin and history of the idea of privacy; it would be impossible to provide a complete discussion here. Still, some highlights are worth mentioning.

Pro and anti-privacy discussions go back at least as far as the Greeks - where privacy rights were considered to be related to property rights. For example, Plato thought that abolition of "private" property rights, and privacy in general, would create a better society [1].

In his Two Treatises of Government, John Locke carried forward this idea of "privacy as an extension of property." He describes a natural state of man, in which private property rights are endowed from God, and should therefore be protected from intrusion by the Government [2]. According to this line of thought, one has a right to expect the government to refrain from intrusion into your home for the same reason the Government does not have a right to simply take your home away - the house and the land it sits on are "private" property.

Locke’s thoughts were also important in the privacy debate for another reason - it was he who first constructed the argument that governments are set up among the population of a society to preserve natural rights - and that if a government ceases to uphold these rights, then the people are morally justified in overthrowing the government. These thoughts, of course, find their way into our own Declaration of Independence:

Here we see the genesis of one of the fundamental dilemmas of American Government. The Constitution of the United States is clearly concerned with domestic as well as foreign enemies (see Article III, Section 3, for example) - yet the founders apparently wanted to leave a military option for the people should the Federal government eventually become "destructive of the ends" of liberty. The Second Amendment, concerning the bearing of arms and militias, seems to be an oblique attempt to provide a military option for the people - though this interpretation of the Second Amendment is vigorously contested. The idea that privacy is important in leaving open a domestic military answer to an oppressive government remains an important part of American tradition - and of the wiretapping and encryption debate. We will return to this matter a bit later.

Evidence that early Americans believed privacy of private property to be important can be found in the Virginia Declaration of Rights of 12 June 1776:

This provision of the Virginia Declaration of Rights was echoed in the Fourth Amendment to the Constitution, which protects against "unreasonable searches and seizures."

Both the United Kingdom and the United States first wrestled with privacy outside the strict boundaries of private property when considering confidentiality of mail in the postal system. In 1710 the English Post Office Act forbade the opening of private mail by government officials - except by warrant. [5]. The establishment of this law so early in the history of communication, and in a way so tenuously linked to private property, leads one to wonder if the "privacy as a consequence of property rights" concept isn’t a bit overstated in the "mainstream" privacy literature. It seems eavesdropping has been considered a contemptible (even if universally practiced) activity since prehistoric times, and that this "common sense" view of privacy has been an undercurrent in the legal development of privacy policies since early in the 18th century.

The tradition of privacy of mails in the United States began with our first postmaster, Benjamin Franklin, who in 1753 required postmasters to take an oath promising not to open mail. In 1825 Congress passed mail statutes that made opening a piece of correspondence before it was delivered "with a design to obstruct the correspondence, to pry in to another’s business or secrets" a crime. No exception was provided in the law for searches with a warrant. [6]

The Supreme Court established in Ex Parte Jackson (1877) that sealed correspondence in the mails is protected against warrantless searches. It is interesting to note that both the 1710 English Post Office Act and the 1877 Ex Parte Jackson Supreme Court decision balanced the right of privacy against law enforcement (and perhaps what would today be called "national security" concerns) by prohibiting mail searches - except under order of a warrant. Protection of correspondence from official searches has not generally been taken to be absolute - only limited by the need for a warrant. [7]

The Constitution of the United States charges the Federal and State governments with the responsibility for "establishing justice," and "insuring domestic tranquility." These responsibilities can only be met through law enforcement. Furthermore, the Federal government is to provide for the "common defense" of the nation. Conducting counterespionage and foreign intelligence gathering operations are an important part of meeting these responsibilities. There has never been a serious challenge to the government’s authority to conduct law enforcement and national security activities - only to certain specific practices as they relate to these activities. Wiretapping in particular has existed in a twilight zone of legality for most of its history.

The criminal activities and national security threats against which the wiretapping tool has been applied has varied over time. The first Government wiretapping was conducted by participants in the U.S. Civil War - and the practice continued after the war (despite being illegal) [8]. Telephone wiretapping became an important law enforcement tool in the 1920s during the prohibition era - and various forms of organized crime (gambling, loansharking, hijacking, counterfeiting, and narcotics trafficking) have remained important targets of wiretapping ever since. Crimes associated with corruption of government officials - usually in support of organized crime - have also been targets of wiretapping. [9]

Domestic and international state-sponsored terrorism became a significant problem for the United States in the 1960s. Domestic national security threats - real, imagined, and fabricated - have all been wiretapping targets. The FBI is known to have wiretapped the Reverend Martin Luther King in the 1960s under the aegis of National Security (on the basis of his alleged contacts with a communist agent). The Nixon Administration was particularly fond of wiretapping political dissidents - and even legitimate political opponents. [10] The FBI often invokes terrorism as a target of electronic surveillance, though it is difficult to find open source examples of the use of wiretaps to combat terrorism. [11]

One of the most recent crimes to enter the wiretap and encryption debate is child pornography. It is not clear how much evidence and intelligence the FBI obtains from intercepting Internet traffic, and how much comes from informants and searches of suspects’ computer files. It is well documented that child pornographers are increasingly turning to the use of cryptography - particularly Pretty Good Privacy (PGP) to conceal evidence - both during transmission and while in storage. [12]

Information concerning the use of wiretaps for foreign intelligence gathering is mostly classified. Congress established the Foreign Intelligence Surveillance Court in 1978 to provide judicial approval for foreign intelligence surveillance operations, and one must assume that it occasionally does so. [13]

It seems, then, that the government has some legitimate reasons for conducting electronic surveillance - and that the populace has equally valid reasons to be suspicious of the practice. Conflict between these interests is hardly a new phenomenon for U.S. government policymakers.

From the beginning, wiretapping policy in the United States has been murky - a patchwork of badly written and misapplied laws, confused legal rulings and selectively enforced executive orders.

Electronic espionage conducted for personal financial gain began in the mid 1800s. Wiretapping was common enough to motivate invention of a voice encryption device in 1881 - just five years after the telephone was patented! [14] During World War I, Congress outlawed wiretapping conducted "without authority," but this prohibition seems to have been more directed at protecting government communications than ensuring personal privacy. The law expired with the war. [15] Nonetheless, many state governments had outlawed wiretapping by 1920 - though it seems these laws were not very broadly written. In his book Wiretapping on Trial, Walter Murphy writes:

Washington was one of the states that had made wiretapping illegal by 1924. Furthermore, Attorney General Stone had forbidden the use of wiretaps, and the Treasury Department had also issued a policy prohibiting the use of wiretaps. However, in the 1920s (and thereafter) both Federal and local law enforcement sometimes ignored the law and official polices in this area when convenient. In mid-1924 Treasury Department authorities installed wiretaps on a group of bootleggers led by a Mr. Roy Olmstead. Mr. Olmstead’s legal team raised the issue of the wiretaps being illegal during his trial. At first the judge in the case was not aware of the illegality of wiretapping in Washington State, and later simply dismissed the anti-wiretapping laws as irrelevant to the case at hand. [17] Objections that the wiretapping violated the Fourth and Fifth Amendments were similarly overruled during the trial, and again on appeal. The Circuit Court of Appeals was divided in its opinion, with two of the justices basing their opinions on the idea that since telephone taps did not invade private property, that no invasion of privacy, as defined by the Fourth Amendment, had occurred. [18] The third judge, though, was Judge Brandies, who was co-author of The Right to Privacy, the famous 1890 Harvard Law Review article that was so influential in redefining American thinking in this area. Judge Brandies wrote:

Here we see a conflict between "privacy as a consequence of property rights," and Judge Brandies’ very different view of privacy as a natural right independent of property rights. In time, the latter view of privacy would win over US jurisprudence - but in 1928, when Roy Olmstead’s case was heard before the Supreme Court, this transition had not been completed. The justices, on a 5 - 4 decision came down on the side of the "privacy tied to property" concept.

Public reaction to the decision indicates that the philosophical transition to a "natural right to privacy" interpretation of the Fourth and Fifth Amendments was more advanced in the public opinion than it was in the rather elderly population of the Taft Supreme Court. This belief that wiretapping is a "dirty business" can be found in quotes from - incredibly - J. Edgar Hoover. Here, in a 1931 Congressional hearing, Mr. Hoover responds to a question concerning whether Federal funds are used for wiretapping:

Prohibition enforcement was conducted by the Bureau of Prohibition within the Treasury Department until 1930, when the Bureau of Prohibition was transferred to the Justice Department. While wiretapping was prohibited in both the Treasury and Justice Departments, Colonel Amos Woodcock, the Director of the Bureau of Prohibition approved of the practice, and used wiretapping liberally - ignoring the policies of his superiors. [21]

Eventually (in 1930), a compromise was reached, in which the Attorney General authorized Bureau of Investigation (predecessor to the Federal Bureau of Investigation) and prohibition agents to wiretap once they had obtained the approval of their Bureau Chief and the Assistant Attorney General in charge of their investigation. [22].

An attempt by Congress in 1931 to prohibit the use of federal funds for wiretapping eventually ended in a compromise, in which the Bureau of Prohibition was forbidden to wiretap, while no other Federal agency was so hindered. This 1931 compromise betrays a reason for opposition to wiretaps and key escrow that few dare discuss. Some laws, like prohibition in the 1920s and 1930s, are widely broken, and the elements of the population breaking these laws will be opposed to any effective enforcement mechanism. While the prohibition laws are now history, the citizenry today still have ambivalent feelings toward enforcement certain other laws - particularly the tax code - but also perhaps "light" narcotics (e.g., marijuana), pornography, and on-line gambling, and similar on-line vice laws.

Nonetheless, despite the 1931 law, in the early1930s the legal and administrative fog in which wiretapping had taken place was starting to clear. Federal law enforcement authorities did not feel themselves bound by state laws prohibiting wiretapping, executive branch regulations concerning wiretapping were fairly consistent (using the "Bureau Chief and Assistant Attorney General" rule), with the exception that the Prohibition Bureau was not to wiretap. The clarity of this situation would be very short lived.

In 1934 Congress passed the Federal Communications Act, Section 605 of which stated:

Historians note that Congress had intended this law to apply to radio - they had no idea this law would ever be applied to telephone wiretaps! Nonetheless, when the Supreme Court got the opportunity to interpret Section 605, they found (Nardone v. United States) that the Federal Communications Act forbade the use of evidence collected in wiretaps to prosecute in Federal courts. Since the court had found a statutory problem with wiretapping, and not a constitutional prohibition, it was within the power of Congress to amend Section 605 to allow law enforcement wiretapping. In 1938 both houses of Congress passed similar versions of such a bill, only to have it die in the Reconciliation Committee. A follow-on attempt by Congress to revise Section 605 was made in 1939 - but opposition from within the Executive branch (of all places!) as well as a Senate committee in 1940 caused the bill to die. A new Attorney General banned wiretapping, except when the Attorney General’s office approved it. This rule was not universally applied or consistently enforced, however - so the situation was as at least as muddled as it had ever been. [24]

At this point, President Roosevelt, never a strong advocate of limited government, added another twist to the already convoluted state of wiretapping policy by stating his opinion that the Supreme Court’s interpretation of Section 605 was not intended to cover cases involving national security. World War II was underway in Europe and China, and national security concerns were starting to take precedence over more abstract privacy concepts. Furthermore, Attorney General Jackson decided to interpret the Nardone ruling not as a prohibition on wiretapping per se, but only on divulging the results of the wiretapping in court! So the Executive branch of the Government at this juncture thought itself free to wiretap anyone, so long as the transcripts remained secret. [25] The Federal Judiciary would not allow wiretap evidence to be introduced, but the executive could use wiretaps to gather information on suspects, that could be used to obtain other nonwiretap evidence, which could then be used to prosecute.

The postwar period saw an increase in Federal wiretap powers. In 1946, President Truman authorized an increase in domestic national security wiretaps. [26] In 1952, the Supreme Course found in Schwartz v. Texas that Section 605 did not preclude admission of illegally obtained wiretapping evidence in State courts. [27]. As a result, many states used wiretapping freely and many officers conducted wiretapping on their own authority. More than half of the states had no prohibition on admission of illegally obtained wiretap evidence. New York City police in the years 1953 - 1954 tapped over 3,500 telephones, with over half of these being public payphones. [28]

In 1957 the Supreme Court again confirmed Section 605 in Benatti v. United States, ruling that evidence collected in state wiretaps could not be admitted in Federal court.

By the early 1960s, the legal status of wiretapping had clearly become a opaque mass of conflicting laws, policies and Supreme Court decisions. Wiretapping was widespread - so civil libertarians had cause for concern, but wiretapping evidence (illegal under Section 605) could not be introduced into Federal courts - so law enforcement was dissatisfied. A series of wiretapping and eavesdropping hearings were held in Congress from 1961 to 1967 to search for a solution to the problem. In 1965, President Johnson brought some order to the executive branch wiretap policy by requiring all Federal National Security wiretaps to be conducted by the FBI (only) with approval of the Attorney General. [29]

In 1967 the Supreme Court reversed the Olmstead decision in two separate cases: Berger v. New York and Katz v. United States. Now wiretapping was to be equated with searches and seizures, and would require a judicial warrant. Furthermore, the court defined requirements concerning the specificity of these warrants (topic of conversation, time period, etc.). Still, the Supreme Court did not rule out wiretaps in all circumstances, and left open the possibility that warrantless national security wiretaps might be allowed. [30] The next year, the Supreme Court (Alderman v. United States) stated that anyone could demand to know if they were the subject of electronic surveillance. Evidence that had been "tainted" from having been collected as a result of illegal electronic surveillance could not be introduced into evidence. This ruling practically eliminated the usefulness of wiretaps for Federal law enforcement. So in the span of one year, the state of wiretapping practice had switched from one of widespread "illegal" wiretapping which was essentially "winked at" by the courts to one in which wiretaps were virtually useless in federal law enforcement, and were tightly constrained by Constitutional Fourth Amendment provisions. All this when the United States was in the throws of a nationwide crime wave. It was time for Congress to act.

Title III of the Omnibus Crime Control Act (sometimes called the "Safe Streets Act") was this nation’s first comprehensive legislation aimed at meeting state and federal law enforcement and national security needs within the strictures of the Constitution as interpreted by then-current Supreme Court rulings. From a wiretap perspective, the important points of this legislation were:

In the Kieth case [United States v. United States District Court, 407, U.S. 297 (1972)] the Supreme Court held that warrantless national security wiretaps against U.S. citizens were unconstitutional (though leaving the matter of surveillance of foreign powers and their agents open). Congress responded in 1978 with the Foreign Intelligence Surveillance Act (FISA). This act established the Foreign Intelligence Surveillance Court to approve electronic surveillance of people in the United States in furtherance of national security interests. [32].

While more extreme civil libertarians opposed wiretapping under any circumstances whatsoever, by 1978 there seemed to be a national consensus that balanced a distrust of government (made more severe by the recent Watergate scandal) against a fear of increasing crime, and cold war national security concerns. The consensus view was:

This consensus was built upon in the Electronic Communications Privacy Act of 1986 which extended the same privacy rights and law enforcement/national security access to digital and cellular telephone communications as applied to telephones. The extent of the national consensus on the principle of warrant access to electronic communications can be judged by the fact that the Electronic Communications Privacy Act passed on a voice vote without opposition. But the national consensus on balancing privacy, law enforcement and national security concerns - so long in the making - was soon to be upset by technological developments.

In 1976 - two years before the final elements of the electronic surveillance consensus was formulated (with the Foreign Surveillance Act), the seeds of its destruction were planted. Whitfield Diffe and Martin Hellman published the mathematical basis for a "public key" encryption system. [33] Such a system could, at least in theory, make widespread, strong encryption available to everyone - including criminals and foreign adversaries. Throughout the late 1970s and the1980s, public key cryptosystems such as Rivest, Shamir, Adleman (RSA) and Phil Zimmerman’s Pretty Good Privacy (PGP) were developed and improved.

At the same time, the Internet was emerging from its Department of Defense and academic roots - becoming a common feature in businesses and homes everywhere. The nature of the Internet was that it made enforcement of any kind of law (or social/political taboo) concerning its content very difficult, since tracing of messages to their origins could be made essentially impossible, and because of the "borderless" nature of the Internet. Coincident with the rise of the "lawless" Internet was the development a vocal and politically active collection of groups that could perhaps be termed "Internet anarchists." These activist groups range from the Center for Democracy and Technology (CDT) to the Electronic Frontier Foundation, to more extreme elements such as the loose-knit Cypherpunks organizations. There also seems to be a philosophical kinship between the fringe elements of the electronic anarchist movement and the fringe elements of society in general - such as the militia movements. For example, compare these statements from the "U.S. Militia" home page and a piece from John Barlow of the Electronic Frontier Foundation:

U.S. Militia:

Barlow:

This is not an attempt to brand all anti-encryption advocates or civil libertarian activists as potential militia members or skinheads. The anti-wiretap/pro-encryption forces represent a loose confederation of people from across the political spectrum - all sharing libertarian ideas that have their roots deep in American political philosophy.

Encryption has the power to remove wiretap policy from the list of issues that Congress and the Supreme Court have the ability to manage. It creates a situation in which access to criminal evidence or national security information is not limited by laws or warrants, but rather by technical capability. Civil libertarians tend to see cryptography as providing the absolute privacy protections that Congress and the courts have, in error, not seen fit to provide. It seems likely that if Judge Brandies were alive today, he would be a member of Cypherpunks - or at least the Center for Democracy and Technology.

The crypto anarchists also see cryptography as an insurance policy against tyranny, by allowing the formation and maintenance of groups beyond the control of oppressive governments - current or future, here or abroad.

The government has proposed several technical solutions to the encryption dilemma that attempt to build on the now fraying "warrant access" consensus (e.g., Clipper, Key Recovery). These attempts have so far been stymied, in part by the sometimes (but certainly not always) alarmist and misleading propaganda and lobbying efforts of the civil libertarians and their allies, and in part by the difficulty of finding a reasonably inexpensive technical solution that meets domestic and international interoperability standards. (These standards are themselves subject to the Machiavellian intrigues associated with international political and financial interests. By no means is all of the rest of the world anxious to see the United States successful in setting the international standard for interoperable encryption!) So now the legal status of encryption is in a confused state in which domestic encryption of any strength is legal, but not widely used. Available encryption systems such as Pretty Good Privacy are ideal for use within fairly small, highly security conscious groups (like pedophile rings, for example), and for local file encryption (a feature used by anti IRS terrorist and (perhaps) a Basque separatist movement), but not usable on a ubiquitous, wide-spread basis. [36] Until government concerns are met, incorporation of encryption into the national communications infrastructure is likely to be stalled. So far, neither the government nor the civil libertarians have been able to win a clear victory, and the situation remains muddled and confused. In other words, things are back to normal!

In the author’s opinion, a realistic solution to the encryption debate will have to be built around some variant of the "legitimate access through judicial warrant" consensus that was reached in the 1970s. For all the hooting, jeers, and mocking laughter of the cyberanarchists - the American people demand security from domestic and international threats - especially when the dangers of the world manifest themselves in the form of a bombing attack, or the discovery of a child-abduction ring. The public demand for law enforcement access to communications necessarily means that the cypherpunk faction will stand opposed to the any new consensus position. We will have to learn to live with their howls of protest - and we will have to press ahead with a solution anyway. As was mentioned at the beginning of this paper, the current situation serves no legitimate purpose - not even those of the libertarians.

In light of the history of law enforcement wiretapping in America, it seems that a consensus might be built in the following way:

This is not to say that the Government will be able to have things entirely its own way either; the steps described above do little to prevent the criminal use of PGP or similar non-escrowed encryption. Perhaps it’s time the policymakers accepted that conducting law enforcement and national security functions in the future will entail working in different ways than they have in the past. Some terrorists and criminals will always use non-escrowed encryption. The government will have to respond by increased use of techniques such as break-ins and "bugging" of suspect computers (under warrants) to capture evidence in its plaintext form.

The matter of "what the solution is" is no more important than "when the solution is presented." The pattern of wiretap regulation - both legislative and judicial, is that civil libertarian concerns are eclipsed by severe domestic and international security threats. In times of great danger, such as 1940 when World War II had begun, or in1968 when crime was growing rapidly, and the cold war was at its height, civil libertarian concerns tend to carry less weight than they do when people feel more secure. For example, HR 275, the Effective Antiterrorism Tools for Law Enforcement Act of 1997 was introduced largely as a response to the Oklahoma City bombing of April 1995 and the June 1996 attack on the Khobar Towers military housing complex in Saudi Arabia. Provisions of the bill that would have expanded wiretap authority were ultimately deleted. Timing can be very important when trying to move any law enforcement or national security bill through Congress. With the expanding usage of cryptography by terrorists, and the increasing availability of weapons of mass destruction, it seems only a matter of time before a catastrophic attack on American citizens creates a favorable environment for pro-escrow legislation that will restore a warrant-key-access consensus.

The opinions herein are my own, and do not represent those of any government or private organization.