A. Michael Froomkin
Document information and copyright notice
[Page n] references relate to the pagination of the printed version.
Click here to jump to a specific page:
Without the ability to keep secrets, individuals lose the capacity to distinguish themselves from others, to maintain independent lives, to be complete and autonomous persons. . . . This does not mean that a person actually has to keep secrets to be autonomous, just that she must possess the ability to do so. The ability to keep secrets implies the ability to disclose secrets selectively, and so the capacity for selective disclosure at one's own discretion is important to individual autonomy as well.{1}Secrecy is a form of power.{2} The ability to protect a secret, to preserve one's privacy, is a form of power.{3} The ability to penetrate secrets, to learn them, to use them, is also a form of power. Secrecy empowers, secrecy protects, secrecy hurts. The ability to learn a person's secrets without her knowledge--to pierce a person's privacy in secret--is a greater power still.
People keep secrets for good reasons and for evil ones. Learning either type of secret gives an intruder power over another. Depending on the people compromised and the secrets learned, this power may be deployed for good (preventing a planned harm) or ill (blackmail, intimidation).
This Article is about the clash between two types of power: the
individual's power to keep a secret from the state and others, and
the state's power to penetrate that secret.{4} It focuses on new[Page
713]
conflicts between the perennial desire of law
enforcement and intelligence agencies to have the capability to
penetrate secrets at will, and private citizens who are acquiring
the ability to frustrate these desires. This is an article about
the Constitution and the arcana of secret-keeping: cryptography.{5}
This is also a long article. It is long because it addresses three complex issues. First, it outlines some of the promises and dangers of encryption. Second, it analyzes the constitutional implications of a major government proposal premised on the theory that it is reasonable for the government to request (and perhaps some day to require) private persons to communicate in a manner that makes governmental interception practical and preferably easy. Third, it speculates as to how the legal vacuum regarding encryption in cyberspace shortly will be, or should be, filled.
What fills that vacuum will have important consequences. The resolution of the law's encounter with cryptography has implications far beyond whether the government adopts the Clipper Chip or whether a particular cipher may be licensed for export. The resolution of this debate will shape the legal regulation of cyberspace and in so doing shape its social structures and social ethics.
Cryptologists{6}
use a few terms that may not be familiar to lawyers, and it is
useful to define them at the outset of any discussion relating to
encryption. Cryptography is the art of creating and using
methods of disguising messages, using codes, ciphers, and other
methods, so that only certain people can see the real message.
Codes and ciphers are not the same. A code is a system of
communication that relies on a pre-arranged mapping of meanings
such as those found in a code book. A cipher is a method of
encrypting any text regardless of its content.{7} Paul Revere's "[o]ne,
if by land, and two, if by sea" was a code.{8} If the British had landed
by parachute,[Page 714]
no
quantity of lanterns would have sufficed to communicate the
message. The modern cryptographic systems discussed in this
Article are all ciphers, although some are also known as electronic
code books.
Those who are supposed to be able to read the message disguised by the code or cipher are called recipients. "The original message is called a plaintext. The disguised message is called a ciphertext. Encryption means any procedure to convert plaintext into ciphertext. Decryption means any procedure to convert ciphertext into plaintext."{9} An algorithm is a more formal name for a cipher. An algorithm is a mathematical function used to encrypt and decrypt a message. Modern algorithms use a key to encrypt and decrypt messages.{10} A single-key system is one in which both sender and receiver use the same key to encrypt and decrypt messages. Until recently, all ciphers were single-key systems. One of the most important advances in cryptography is the recent invention of public-key systems, which are algorithms that encrypt messages with a key that permits decryption only by a different key.{11} The legal and social implications of this discovery figure prominently in this Article.
Cryptanalysis is the art of breaking the methods of
disguise invented with cryptography. Lawyers will recognize the
cryptographers' terms for cryptanalysts who seek to read messages
intended only for recipients: enemies, opponents,
interlopers, eavesdroppers, and third
parties.{12} In this
Article, however, cryptanalysts who work for U.S. law enforcement
or intelligence organizations such as the FBI or the National
Security Agency (NSA) will be called public servants.
Key escrow refers to the practice of duplicating and holding
the key to a cipher--or the means of recreating or accessing the key
to a cipher--so that some third party (the escrow agent) can decrypt
messages using that cipher. As used in the Clipper Chip debates,
the term "escrow" is something of a misnomer because the
escrow is[Page 715]
primarily
for the benefit of the government rather than the owner of the
key.
Part I of this Article describes advances in
encryption technology that are increasing personal privacy,
particularly electronic privacy, but reducing the U.S. government's
ability to wiretap telephones, read e-mail surreptitiously, and
decrypt computer disks and other encrypted information. To ensure
the continuation of the wiretapping and electronic espionage
capabilities that it has enjoyed since soon after the invention of
the telegraph and the telephone,{13} the government has devised an Escrowed
Encryption Standard (EES),{14} to be implemented in the Clipper Chip{15} and other similar
devices.{16} In Clipper
and related products the government[Page
716]
proposes a simple bargain: In exchange for
providing the private sector with an encryption technology
certified as unbreakable for years to come by the NSA,{17} the government plans to
keep a copy of the keys{18}--the codes belonging to each chip--which, the
government hopes, will allow it to retain the ability to intercept
messages sent by the chip's user. The government's proposal
includes procedures designed to reduce the risk that the keys would
be released to law enforcement agencies without legally sufficient
justification, although the likely effectiveness of these
procedures is debatable. Most U.S. residents remain free, however,
to reject the government's offer, use alternatives to Clipper (so
long as the software or hardware remains in the U.S.),{19} and withhold their keys
from the government.{20}
With ever more secure methods of [Page
717]
encryption becoming easier to use, U.S. residents
can protect their electronic communications and records so well
that they are able to frustrate interception attempts by even the
most sophisticated government agencies.{21}
Part II examines the legal justifications and constitutional implications of the EES proposal. It argues that the EES proposal violates the spirit, although not the letter, of the Administrative Procedures Act and represents an abuse of the technical standard-setting process. The involvement of the NSA may violate the Computer Security Act, but the absence of public information as to its role makes a firm judgment impossible. Part II also discusses Clipper's inherent policy and technical weaknesses and the inconsistencies between the Administration's policy objectives--to the extent they are unclassified--and the Clipper proposal itself. It concludes, however, that a purely voluntary Clipper program violates no statutory or constitutional provisions, and that even if it does, there is no one with standing to challenge such a violation. Part II also concludes that an optional Clipper will probably make only a modest contribution to the government's stated goal of maintaining its wiretap and electronic espionage capability.
Thus, Part III considers the constitutional
implications of the more radical proposal that some commentators
find implicit in the policies animating Clipper: requiring all
users of strong encryption to register their ciphers' keys with the
government. After a whirlwind survey of evolving conceptions of
the constitutional right to privacy as well as more settled First,
Fourth, and Fifth Amendment doctrines, Part
III concludes that although mandatory key escrow would infringe
personal privacy, reduce associational[Page 718]
freedoms, potentially chill
speech, constitute a potentially unreasonable search, and might
even require a form of self-incrimination, the constitutionality of
mandatory key escrow legislation remains a distressingly close
question under existing doctrines.
Part IV addresses the cryptography controversy as an example of the law's occasionally awkward response to a new technology. The courts, and to a lesser extent the legislative and executive branches, have yet to come to grips with many cryptographic conundrums. As a result, this part of the legal "landscape" remains relatively barren. As more and more settlers arrive in cyberspace, the nature of this new landscape will depend critically on the legal metaphors that the colonists choose to bring with them.
Finally, the Technical Appendix discusses modern cryptographic systems, including the widely-used Data Encryption Standard (DES), and how they can (at least theoretically) be broken by attackers armed with large numbers of relatively modest computers. It also provides an introduction to public-key cryptosystems and to digital signatures, which could represent the most important commercial application of modern cryptographic techniques.