Woodbury argues that mandatory key registering is a violation of his First Amendment rights because it compels a certain form of speech, violates his right to freedom of association, and has a chilling effect on his speech.
A. Compelled Speech
The outcome of Woodbury's First Amendment argument on compelled speech depends, in part, on whether or not registering the keys amounts to compelled speech. It is not easy to square the requirement mandated in the CCA with the Supreme Court's compelled speech doctrine. While some have tried to find similarities between mandatory key escrow with laws requiring disclosure of financial records by charities, this comparison falls short. See A. Michael Froomkin, Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution, 143 U. Penn. L. Rev. 790, 814 (1995). The CCA should not be held to the same standard as those found in mandatory disclosure cases because the law here does not require that users disclose anything, affirm anything, wear anything, pledge anything, or display anything. The key is not speech. As the majority stated in the lower court opinion in this case, the key is part of a technology that may be used in conjunction with communication, but does not have to be. Slip Op. at ____. Viewed in this manner, mandatory registry of the keys does not seem to compel speech and is thus probably not a First Amendment violation.
On the other hand, it is possible to argue that divulging the key is essentially tantamount to divulging the content of speech because once the government has the key it has the ability to decode the message. In this argument, disclosure of the key is compelled speech because it requires users to make a disclosure they would not otherwise make. See Riley v. National Fed'n of the Blind, 487 U.S. 781, 785 (1988). If the CCA is viewed as compelling speech, then it would be considered a content-based restriction on speech subject to strict scrutiny. Id. In reviewing whether or not compelled speech is a violation of the First Amendment, the Supreme Court determines if there was a compelling state interest for the law, if the law avoids undue burdens, and if the law is narrowly tailored. Id. at 798. The CCA probably should be able to pass the strict scrutiny test because the government's interest in law enforcement and national security is obviously compelling, the CCA is not unduly burdensome, and the CCA is narrowly tailored to achieve it desired objectives. Absent registering the keys, legitimate government efforts to catch criminals, terrorists whose want to cloak their activities in secret by using an unbreakable encryption program, would be thwarted, if not prevented completely. Establishing a mechanism whereby criminals will be deterred from using new technologies to commit crime is a compelling interest. The CCA avoids being unduly burdensome because registering the key is quite simple to do and the key is kept secret unless enough evidence is revealed to justify a warrant. The CCA is narrowly tailored because it targets and eliminates the evil it seeks to remedy. See Frisby v. Schultz, 487 U.S. 474, 485 (1988). The evil targeted is to eliminate incentives to commit crime using new technologies. The evil is eliminated because those who wanted to hide criminal activity by using unbreakable encryption will know that the government will be able to have access to messages if enough evidence to amassed to satisfy warrant requirements. It is unpersuasive to argue that the CCA is not narrowly tailored because it includes all users of the unbreakable encryption. That argument does not provide for any reasonable and lawful ways to make the CCA less inclusive. [4]
In sum, there are strong arguments for determining that the CCA is not a violation of the First Amendment because it does not compel speech. The key in and of itself is not speech of any kind and registering it should not change that fact. Even if, however, a court could be persuaded to equate key registering with mandatory disclosure cases as Froomkin does, the CCA should pass the strict scrutiny test. The only way that the CCA does not pass the test is if in the court's judgment the government's interest in law enforcement is not sufficient to justify placing limits on the use of unbreakable encryption.
B. Freedom of Association
The CCA should not violate the Constitution on freedom of association grounds either. It appears that Woodbury is arguing that because registering the key would allow the government to be able to encrypt his messages upon sufficient evidence to justify a warrant, he risks losing his right to associate with others without government interference. If a court were to give much weight to this argument, a court would essentially be sanctioning an individual's right to associate with criminals without governmental interference. This is simply not a right that any individual has. If a person chooses to associate with those who are committing crime, the government always has the ability to look further into that association to determine what crimes are being committed upon reasonable and particularized suspicion, unless an exception to the warrant requirement exists. The Constitution only protects an individual against unjustified governmental interference. First, key registration is not interference in association because an individual can still choose with whom she wants to associate. Second, those who would view registration as an interference on their associations would have to be those engaging in questionable conduct (otherwise, the government should not be able to obtain the key to decode the message). One's interest in engaging in unfettered questionable conduct is not afforded any kind of protection by the First Amendment.
C. Chilling Effect
The CCA is not unconstitutional because whatever chilling effect it could possibly have on some individual's speech is reasonable considering the interests involved. It almost goes without saying that those most concerned about registering a key would not be ordinary, law-abiding citizens. [5]
II. Fourth Amendment
The Fourth Amendment issues require an analysis of whether registering the keys amounts to a warrantless search or seizure, and if so, whether that warrantless search or seizure fits within the exceptions to the warrant requirement. In this case, it appears that those who choose to encrypt their messages have a reasonable expectation of privacy in the messages they transmit and the method for decoding those messages. Requiring users of unbreakable encryption to give the government the method to decode those messages would amount to a search because it is a governmental encroachment on a reasonable expectation of privacy. See Katz, 389 U.S. at 361.
Since registering can be considered a search or seizure, the Constitution requires that a warrant be issued unless the search or seizure meets one of the exceptions to the warrant requirement. The most applicable exception is that allowed for regulatory searches. The registration of all keys over 64-bits is similar to mandatory drug testing requirements that have been found acceptable under the Constitution. See Skinner v. Railway Labor Executives' Association, 489 U.S. 602 (1989); National Treasury Employees Union v. Von Raab, 489 U.S. 656 (1989). In the present case, the registration and escrow of the keys is meant for deterrence, as stated above. Given this government interest, it is necessary to consider whether the government's crime prevention and deterrence needs justify the privacy intrusion without a warrant or individualized suspicion. It is probably true that requiring the government to obtain a warrant to get a key or search for a key would frustrate the government's crime prevention objective. See Camara v. Municipal Court of San Francisco, 387 U.S. at 533. Additionally, it would seemingly add little to impose a warrant requirement to get the key when there is already the requirement to obtain a warrant to use the key and to obtain a warrant to wiretap a phone line to give evidence of the use of encryption.
On the other hand, it could be argued that despite the inconvenience to law enforcement, the warrant requirement is necessary to prevent unreasonable intrusions into privacy. This argument does not have much merit once the intrusion is evaluated because an evaluation reveals that registering the key is less intrusive than other constitutionally approved warrantless searches and seizures. See Von Raab, 489 U.S. at 624-25. Thus, the warrantless seizure of the key does seem to fit with the regulatory search doctrine.
The one problem, however, is that the Supreme Court has tried to limit the regulatory search doctrine to certain situations, situations which are not on parity with the situation in the case at bar. So, while it is a strong argument to compare the CCA procedure to allowed warrantless, regulatory searches, the argument does not adequately overcome the fact that the regulatory search doctrine has not been extended to this arena. This memorandum suggests, however, that it would be logical for the court to extend the regulatory search doctrine given the recent extensions of the doctrine made in Von Raab, the need of the government to prevent crime before it proliferates with new technology, and the minimal intrusion on the privacy expectation. Thus, even though this case does not fit squarely within the regulatory search exception, it is plausible for the Court to find enough room to include it in the doctrine.
III. Fifth Amendment
Woodbury argues that the required disclosure of a key resembles the required disclosure of a private paper, and that private papers have Fifth Amendment protection under Boyd v. United States, 116 U.S. 616 (1886). Woodbury's reliance on Boyd is unfortunate because that doctrine has been narrowed to the point that a Supreme Court Justice has stated that there is not Fifth Amendment protection in private papers. See United States v. Doe, 465 U.S. 605, 618 (O'Connor, J., concurring). However, this memorandum will scrutinize the private papers doctrine to ascertain if Justice O'Connor is indeed right about the level of protection. [6]
Even a cursory review of the Boyd progeny reveals that the court has severely narrowed the doctrine to the point where one must consider what is left of it. For purposes of this case, the only relevant inquiry that remains is whether the act of producing the key would result in incriminating, testimonial conduct. See generally United States v. Doe, 465 U.S. 605 (1984); Fisher v. United States, 425 U.S. 391, 408 (1976).
Registering the key probably should not be deemed incriminating or testimonial, thus not violating the Fifth Amendment. The act of handing over the key does not reveal anything other than the fact that the user wants to encrypt her messages. It says nothing about the messages and does not even give details about why the user would want to keep messages private. As the majority stated, the key is not evidence or an affirmance of a crime. "At most it might be used in future investigation of future conduct...[but] the Fifth Amendment does not protect testimony that might become incriminating through future conduct." Slip Op. at ____. The majority correctly summarizes the parameters of Fifth Amendment protection described in United States v. Freed, 401 U.S. 601, 606 (1971); see also Froomkin, Metaphor is the Key, 143 U. Penn. L. Rev. at 836-37.
There is little merit to the argument that registering the key is incriminating and testimonial because it tells the government that the party has something to hide. First, it is questionable that registering gives such a negative message. Second, even if it did, so what. Incriminating testimony, as described by the majority opinion, is that which creates a substantial and real hazards of incrimination. Freed, 401 U.S. at 606. There is nothing about registering that creates such a fear. Thus, the Fifth Amendment does not bar registration of the key with a government escrow agency.
IV. Right to Privacy
Woodbury argues that the CCA violates his constitutional right to privacy. The constitutional right to privacy that Woodbury is most likely asserting is the right to be left alone or to avoid disclosure of personal matters. See Whalen v. Roe, 429 U.S. 589, 599-600 (1977). This privacy right is, of course, not absolute as can be seen by the Court's decision in Whalen. See Whalen, 429 U.S. at 603-04 (allowing New York to keep a computerized list of prescription records for dangerous drugs and requiring physicians to disclose the names of the patients to whom the drugs were prescribed). In addition, it could be argued that the Whalen court believed that the right to privacy could be subject to appropriate limitations as long as safeguards are made to ensure against unwarranted disclosures of the information gathered. Cf. Whalen, 429 U.S. at 605-06 (the Court intimated, but did not hold, that statutory schemes that evidence a proper concern with and the protection of an individual's right to privacy could make the collection of "vast amounts of personal information in computerized data banks or other massive government files" more amenable. Key registration should fit within the parameters suggested by Whalen because the CCA does take measures to ensure to that the key remains secret unless it is released pursuant to a warrant or other lawful order. With these safeguards, it is probably not a violation of Woodbury's right to privacy.
Conclusion
The Constitution should not pose a bar to the CCA. Although the analysis of the Constitutionality of the statute does require delicate balancing of important interests, the current structure of the law suggests that the CCA is not unconstitutional. The most questionable area lies in the Fourth Amendment warrantless search and seizure. That questionable area is tempered by the fact that the law currently requires warrants for wiretaps, warrants for access to the keys to decode messages, and secrecy. If for any reason it is determined that the keys would not be kept secret and secure or that the government would be given access to the keys and the ability to decode messages without a warrant, the constitutionality of the law should be revisited because adequate Fourth Amendment protection is not being afforded. However, as currently understood, the CCA does not allow for those occurrences. For these reasons, the Appellate Court decision probably should be affirmed.
Respectfully submitted,
Alyssa R. Harvey
March 20, 1996
2. It is generally agreed that the longer the key, the more
difficult it is for someone who is not privy to the key to decrypt
the message. A key the size of the one used in this case would
have made it virtually impossible for the e-mail to be decoded.
3. This bench memorandum does not address the Second Amendment
argument because it is essentially without merit.
4. A statute that only required registration of keys for
convicted felons has its own constitutional problems and would not
serve as deterrence for those individuals spurred to crime by the
attractiveness of unbreakable encryption or those individuals
fortunate enough to have not been caught and convicted of a crime.