THE METAPHOR IS THE KEY: CRYPTOGRAPHY,
THE CLIPPER CHIP, AND THE CONSTITUTION

A. Michael Froomkin

Document information and copyright notice

[Page n] references relate to the pagination of the printed version.

Click here to jump to a specific page:

To table of contents


II. The Escrowed Encryption Proposal--Legal, Policy and Technical Problems

The Clinton Administration introduced EES through a procedural back door that relies on market power to prevent a substantial increase in the communications privacy of Americans, an outcome not authorized by any statute. EES used a standard-setting procedure but failed to set an intelligible standard. The procedure violates the spirit, although not the letter, of the Administrative Procedures Act (APA).

The Administration is spending large sums of money on a controversial project in the absence of congressional authorization. This policy cuts out the legislature, and indeed the public, from the decision to proceed with EES.{220} Only Congress can intervene, because, as things currently stand, no one has standing to sue. The Administration's use of a standard-setting procedure to make substantive policy sets an alarming precedent of rule making with highly attenuated accountability.

A. EES: The Un-Rule Rule

1. FIPS 185: A Strange Standard

An appreciation of both the novelty and the danger of the Administration's regulatory approach requires some understanding of the regulatory device that NIST used to introduce EES. The Constitution gives Congress the power to "fix the Standard of Weights and Measures."{221} NIST (formerly the Bureau of Standards) is the agency charged with this responsibility. Federal [Page 765]Information Processing Standards (FIPS) are standards and guidelines intended to improve the federal government's use and management of computers and information technology, and to standardize procurement of those goods.{222} FIPS are also used to announce national norms in areas of changing technology where NIST believes industry would benefit from the existence of a standard. Officially, the only bodies required to conform to FIPS are agencies within the federal government (and in some cases government contractors), although in practice they are often adopted as de facto national standards by industry and the public.{223} The private sector finds FIPS attractive because they allow [Page 766]conformity with, and sales to, the government, and because the standards themselves often have technical merit, or at least reflect a technical consensus of the many public and private interests that NIST routinely consults before it promulgates a FIPS.{224} EES is FIPS 185.{225}

One of the more serious complaints about FIPS 185 is that it fails to set a standard. One member of the NIST Computer Privacy and Security Advisory Board went so far as to submit a comment calling the FIPS "content-free."{226} Most FIPS describe a conforming device or procedure in sufficient detail for the reader to understand what it is; FIPS 185 does not. Instead, it states, "Implementations which are tested and validated by NIST will be considered as complying with this standard."{227} FIPS 185 requires the use of the SKIPJACK encryption algorithm and a LEAF creation method.{228} But the standard does not define those terms because the specifications for both are classified. Instead, FIPS 185 unhelpfully notes:

Organizations holding an appropriate security clearance and entering into a Memorandum of Agreement with the National Security Agency regarding implementation of the standard will be provided access to the classified specifications. Inquiries may be made regarding the Technical Reports and this program to Director, National Security Agency, Fort George G. Meade . . . .{229}
[Page 767]Nor does the standard explain what sorts of devices it covers. It merely states that "[v]arious devices implementing this standard are anticipated. The implementation may vary with the application. The specific electric, physical and logical interface will vary with the implementation."{230} Admittedly, FIPS 185 at least has the good grace to acknowledge that it is "not an interoperability standard. It does not provide sufficient information to design and implement a security device or equipment. Other specifications and standards will be required to assure interoperability of EES devices in various applications."{231} In sum, FIPS 185 says something to this effect: "Various electronic devices will contain classified components that will provide escrowed encryption using a classified algorithm. If you ask nicely, we may let you use one in your design, and we will tell you whether we approve of your device and whether we will let you produce it." This is a strange sort of standard.

2. An End-Run Around Accountability

Such an unorthodox standard is the result of an even more unorthodox procedure. FIPS 185 is not just a standardless standard; it is an un-rule rule which seeks to coerce the public by wielding federal market power to generate a de facto standard without providing any real administrative accountability. Despite conforming to the notice and comment procedure of § 553 of the APA,{232} and being duly published in the Federal Register,{233} FIPS 185 is not a legislative rule because it does not seek, at least on its face, to bind the public.{234} Nor, despite being on its face an [Page 768]announcement, is FIPS 185 a nonlegislative rule as the term is usually understood.{235} Familiar types of nonlegislative rules include interpretative rules, statements of policy and "publication rulemaking." FIPS 185 fits into none of these categories.{236} Interpretative rules set forth an agency's understanding of a statutory provision, a judicial or administrative decision, or another rule,{237} and FIPS 185 clearly does not provide any of these. Nor is FIPS 185 an example of what Peter Strauss has called "publication rulemaking"{238} in which agency staff, acting pursuant to APA [Page 769]§ 552(a)(1)-(2), publish technical guidelines, staff manuals, or standards (such as IRS Revenue Rulings) that inform the public of the agency's likely position in future enforcement, application-and-approval, or benefit/reimbursement cases.{239} Nor is FIPS 185 a statement of policy.{240} Nothing within the four corners of FIPS 185 establishes or explicates a policy, unless giving federal agencies the option to purchase certain devices constitutes a policy.{241}

On its face, FIPS 185 is a minor internal housekeeping regulation. Whether anyone, inside or outside of the government, chooses to comply with it is entirely up to her, although FIPS 185 states that use of EES by nonfederal government organizations "is encouraged."{242} In form, EES is a description of something, as well as a grant of permission for agencies to use that something instead of other things they are currently using. Yet despite explicitly disclaiming any intention of legally binding the public, FIPS 185 is part of a strategy to coerce the public by use of the government's market power to create a de facto national standard. At the same time that the Department of Commerce promulgated EES, the Department of Justice announced that it was buying 9000 Clipper-equipped telephones, using money from its Asset Forfeiture Super Surplus Fund,{243} a fund comprised of profits from RICO, [Page 770]drug, and other asset forfeitures.{244} Expenditures from the Asset Forfeiture Super Surplus Fund require no congressional appropriations. The effect is to cut Congress out of the decision-making process on an issue which may eventually affect the privacy rights of most Americans. One need not be an opponent of EES to believe that a decision with significant potential effects on communication privacy should have been left to the legislature.

The Department of Defense, too, is considering buying millions of EES-compliant devices,{245} although this purchase may require congressional approval. The government's market power as a bulk purchaser suggests that, all other things being equal, producer economies of scale will allow EES-compliant devices to be the lowest-cost hardware-based civilian cryptography products available. In addition, EES products will have the significant advantage of being able to communicate with the government's telephones, something that any competing technology will lack.{246}

The Clinton Administration also announced that it will exempt EES products from the export ban in the ITAR.{247} If the ITAR [Page 771]are revised in this manner, EES products will become the only U.S.-made exportable products offering strong encryption, disadvantaging U.S-based competitors further.{248} These efforts have already had an effect: the day that the Administration announced its plans for Clipper, AT&T announced that its new secure telephone, the 3600, would not use a DES device as originally announced, but would use Clipper instead.{249}

The current Administration makes no secret of its hope that the combination of federal standard-setting, federal purchasing power, and fine-tuning of export control will allow it to impose a de facto standard on the public, even though there is no statutory authority for the standard, and even though Congress has never appropriated a penny to support the standard. In so doing, NIST has pioneered a new type of un-rule. It is a rule that the Administration indeed hopes and intends to have a "practical binding effect,"{250} but not because the rule announces to the public how the agency will act in the future, nor because the agency intends to act in compliance with the rule, nor because the rule describes safe harbors for compliance [Page 772]with existing rules.{251} Rather, by issuing the rule (if a rule it be), the agency hopes to set in motion a train of events that will coerce the public's compliance.

NIST's use of a FIPS in this manner is an interesting reversal of the usual circumstance of a nonlegislative rule that an agency intends to be binding.{252} In the ordinary situation, an agency has chosen not to use the notice and comment procedure that characterizes informal rule making under APA § 553, and has simply issued the rule, perhaps labeling it "interpretative" or "policy guidance." A party seeking to challenge the rule attempts to demonstrate that the rule is actually legislative and thus invalid without notice and comment. The aggrieved party argues that it was entitled to be consulted on the rule and that the agency may not deprive the party of its right to make comments. Once the comments are duly docketed, the agency has a duty to take them seriously and may not reject them without giving nonarbitrary reasons.{253} In the classic case, the agency responds by denying the substantive import of its rule and arguing that, because the rule breaks no new ground, notice and comment are not necessary.

With FIPS 185, NIST has turned this process on its head. A proposed version of FIPS 185 was published in the Federal Register, and NIST solicited comments.{254} It received hundreds.{255} NIST accepted a few, but rejected many others on the disingenuous grounds that because the standard was entirely voluntary, it could cause no harm.{256} NIST thus invoked the formally voluntary [Page 773]nature of the FIPS as justification for dismissing the concerns of commentators who saw FIPS 185 for what it was, and what NIST itself surely understood it to be: an attempt to coerce the public through market means. NIST simply failed to address the merits of many important complaints, including those challenging the security, necessity, or wisdom of its proposal, with the result of significantly devaluing the opportunity to comment.{257} Yet, unlike most agencies that fail to address the merits of comments received on a proposed rule, NIST likely has little to fear from judicial review of its decision because there appears to be no one with standing to challenge its actions.

Even a competing product manufacturer would be unlikely to have standing to protest a procurement order for products conforming to FIPS 185.{258} As a plaintiff, such a competitor might be able to argue that had it not been for the permission to purchase the items granted in FIPS 185, the procuring agency might have purchased the plaintiff's devices instead. Such a claim would, however, be risky at best. The plaintiff would have to mount a convincing case regarding causation, somehow demonstrating that but for FIPS 185, the plaintiff's products would have conformed with the agency's requirements;{259} the plaintiff would also need to [Page 774]show that the agency would have been unable to obtain a waiver from the preexisting requirement that it use a DES product to protect sensitive information.{260} Without an extraordinarily good factual basis, this barrier is probably insurmountable, leaving the would-be plaintiff without the direct personal stake in the case necessary for standing.

One other possible strategy for the plaintiff would be to claim "reputational" injury to its product or firm on the grounds that the FIPS would cause customers other than the government to reject its nonconforming products. Those employing this strategy could then try to invoke Meese v. Keene{261} to overturn the no-standing-to-challenge-a-FIPS rule of Control Data Corp. v. Baldridge.{262}

Otherwise, it is very difficult to imagine who might have standing to sue to overturn FIPS 185. A party seeking relief would have to argue that the FIPS was not as harmless as NIST claimed, and that the replies to comments were therefore defective. Just as NIST was able to ignore critical comments on its draft FIPS by saying that the standard was optional and hence harmless,{263} so too could it argue that because the standard is nonbinding, no one has a legal right to demand that a court review it.{264}

Should the Administration's attempt to combine technical standard-setting authority with market power succeed, however, [Page 775]many parties will be justly aggrieved. Makers of competing products will lose market share, and perhaps may be driven out of their market altogether. Individuals who might have preferred non-escrowed encryption, if it could be obtained at or near the same price as an EES device, may find that option closed to them. Such a policy will establish a new and undesirable process by which the government will likely be able to avoid the APA in a small, but significant, class of cases.{265} Current law does not recognize any of these injuries, save perhaps the claim of lost market share, as legally cognizable.{266} A major decision as to the degree of privacy to be afforded to U.S. citizens will have been made without effective congressional or popular participation.

Placing all FIPS, or all standard-setting relating to high technology, under the APA would be one way of ensuring that the executive branch can never again use standard-setting to manipulate the market for high technology items, at least not without judicial review for reasonableness. Although this change would vaccinate against the disease, it would also have undesirable side-effects. Neither nonbinding national technical standards nor the government's internal procurement standards should be litigated.{267} If a manufacturer is dissatisfied because a national or procurement standard more closely conforms to a competitor's product than its own, the proper place to fight that battle is the marketplace, not a court. EES is a special case because the technology at issue has social implications far beyond the ordinary FIPS, and because the government is seeking to use its purchasing power to coerce the market to achieve an end other than reliability, ease of use, or technical excellence. It would be a pity if prevention of such special cases were to force so disruptive a change on a system which ordinarily seems to work reasonably well.{268}

[Page 776]Trying to find an avenue for judicial review of a coercive but formally voluntary FIPS is probably more trouble than it is worth.{269} The greatest procedural problem with FIPS 185 is not the absence of judicial review but the attempt to evade congressional participation in a decision that may have major social consequences for many years. The solution to this problem is logically, if not politically, simple. If the executive branch did not have funds available with which to purchase thousands of EES-equipped devices, it would have to go to Congress for the money. Congress could then debate the issue and, regardless of what it decided, the process would conform with the values of openness, explanation, and representative democracy which the un-rule rule undermines. To prevent further abuses of the FIPS procedure, either the Justice Department's Asset Forfeiture Fund should be returned to the Treasury, or its terms should be narrowed to make it clear that its proceeds cannot be used to attempt to influence product markets.{270}

3. Did NIST's Cooperation with the NSA over FIPS 185 Violate the Computer Security Act of 1987?

NIST's relationship with the NSA is poorly documented.{271} Clipper's critics argue that NIST's adoption of EES in FIPS 185 violated either the letter or the spirit of the Computer Security Act [Page 777]of 1987{272} (Act), because, even though the Act was designed to ensure civilian control of computer security issues, NIST effectively and illegally ceded its powers to the NSA.{273} NIST and the NSA have refused to make public any information regarding their discussions that would show whether NIST complied with the Act. Consequently, it is currently impossible to make an informed judgment as to NIST's compliance with the Act.{274} All that can be said pending litigation is that NIST has not proved that it complied with the Act.{275}

The claim that NIST violated the Act draws much of its force from the legislative history of the Act and from NIST's subsequent close relationship with the NSA, which arguably violates the spirit of the Act.{276} In 1984 President Ronald Reagan issued National Security Decision Directive (NSDD) 145, which put in motion a train of events leading to the Act. NSDD 145 granted the NSA sweeping powers to make policy and develop standards for the "safeguarding" of both classified and unclassified information in civilian agencies and in the private sector.{277} This transfer to the NSA of authority [Page 778]over civilian and especially private information was the precise evil that the Act was designed to cure.{278} The legislative history states that Congress believed that the NSA's "natural tendency to restrict and even deny access to information" disqualified it from that role,{279} and Congress therefore rejected the NSA's suggestion, made in testimony to a House committee, that the Act should formally place the NSA in charge of all government computer security.{280}

Nevertheless, the Act does not require a watertight separation between NIST and the NSA. Instead, the Act directs NIST to "draw[] on the technical advice and assistance" of the NSA "where appropriate."{281} NIST is also directed to "coordinate closely" with several other agencies, including the NSA, to avoid duplication of effort{282} and to use the NSA's computer security guidelines to the extent that NIST, not the NSA, determines they should apply.{283}

Soon after the Act became law, NIST and the NSA signed a Memorandum of Understanding (MOU) setting out a detailed regime of cooperation regarding computer and telecommunications security issues.{284} With one exception, the MOU appears to be designed to create interagency consultation and to prevent duplication of effort, as required by the Act. That exception, though, is not trivial: NIST agrees to submit "all matters" regarding "techniques to be developed for use in protecting sensitive information" in its purview to review by a Technical Working Group comprised of equal numbers of the NSA and NIST staff in order "to ensure they are consistent with the national security of the United States."{285} If the two agencies are unable to agree, then either agency can refer the matter to both the Secretary of Commerce and [Page 779]the Secretary of Defense, from where it may go to either the National Security Council or the President for an ultimate decision. Meanwhile, "[n]o action shall be taken on such an issue until it is resolved."{286}

It is clear that NIST and the NSA have had extensive contacts regarding EES.{287} Whether these contacts, and in particular the actions of the Technical Working Group, amount to a violation of the Act depends on whether EES was referred to the Technical Working Group, and on how the NIST-NSA relationship worked. The Act clearly requires NIST to make its own decisions;{288} there is no statutory authority for NIST to let the NSA make decisions for it. Just as clearly, the Act requires NIST to consult with the NSA, although it directs NIST to decide when consultation is appropriate.{289}

There is no reason, with or without the Act or the MOU, that NIST could not allow itself to be persuaded by the NSA, so long as NIST were to keep the ultimate power of decision.{290} The MOU [Page 780]between the NSA and NIST does, however, suggest two scenarios that would violate the Act. If the working group deadlocked on some issue, or took votes in which the two NIST members were outvoted four-to-two (or three-to-two), and if NIST changed its policies as a result of either of these votes,{291} then NIST would no longer be in the position of allowing itself to be persuaded by the NSA. Instead, the NSA would be dictating to NIST. This would violate the Act. As the decision to proceed with EES clearly comes from the highest levels of the U.S. government,{292} in the absence of firm information one cannot reject the deadlock scenario out of hand. There is, however, some reason to doubt it.

The deadlock scenario was anticipated in a 1989 codicil to the MOU.{293} After members and staff of the House Committee on Government Operations expressed concern about the apparent grant to the NSA of an effective veto over NIST's decisions, NIST and the NSA explained that although the Technical Working Group had broad jurisdiction as a discussion forum, the appeals process described in the MOU applied only to "proposed research and development projects in new areas."{294} This codicil, signed by representatives of both agencies with the express intent of binding their successors, distinguishes between "promulgation of standards and guidelines" by NIST, which are not subject to appeal,{295} and [Page 781]the "early stage in the standards research and development process--usually years before a standard is promulgated,"{296} from which appeals are permitted.

Neither NIST nor the NSA have made public statements as to the involvement of the Technical Working Group in the decision to promulgate FIPS 185. Whether the agreement required NIST to refer EES to the Technical Working Group before issuing FIPS 185 is unclear. But it appears that under the distinction set out in the 1989 codicil to the MOU, FIPS 185 would have been within the jurisdiction of the Technical Working Group, but outside the appeals procedure. Thus, if the 1989 codicil controlled, the deadlock scenario could only have applied if NIST preferred an alternative to EES but was persuaded to use EES against its better judgment. Alternately, because SKIPJACK was developed by the NSA, it is entirely possible that the entire EES proposal originated in the NSA, and that by the time the NSA disclosed SKIPJACK to NIST, the NSA had decided that neither SKIPJACK nor EES was a "proposed research and development project[] in [a] new area[]" under the terms of the codicil.{297} Both NIST and the NSA assert that the appeals procedure has never been used.{298} The agencies contend that the lack of appeals is evidence of the success of their cooperation.{299} Whatever the facts, NIST owes the public, and Congress, a clearer explanation of its relationship with the intelligence community. Congress is entitled to an explicit reassurance that NIST remains in complete control of security for civilian federal computer systems as required by the Act. The House and Senate committees with oversight over NIST should force it to provide these assurances. If NIST is unable to do so because it has allowed its judgment to be suppressed by the NSA's veto, then Congress will need to revise the Computer Security Act to create stronger incentives for NIST to preserve its jurisdiction--perhaps even instituting penalties for noncompliance.{300}

[Page 782]

4. Who Should Hold the Keys?

The Administration does not intend to give the escrow agencies the sort of permanence or legal authority that derives from legislation, much less the autonomy that attaches to an independent agency or a nongovernmental actor.{301} This decision is very unfortunate given the crucial role that the escrow agents play in generating and safeguarding the keys. As ordinary administrative agencies within the executive branch, the escrow agents fall within the regular civilian chain of command and have no recourse if legally ordered to grant access to the keys to the NSA, the FBI, or future White House "plumbers." The heads of both escrow agencies serve at the pleasure of the President. The absence of any formal regulations that would impose delays, along with the absence of publicity as the rules are changed, prevents even a delaying action of the kind contemplated in Nader v. Bork{302} and United States v. Nixon.{303} Under current rules, the terms under which the escrow agents work can be modified, waived, or amended at any time without public notice, although the public might be able to find out about unclassified changes or waivers after the fact via the Freedom of Information Act.{304}

Ideally, the escrow agents would be as incorruptible as possible, possessed of a clear charter setting out their positive and negative duties, insulated from pressure from the law enforcement and intelligence communities, and outfitted with secure facilities to store the list of key fragments (which may, if EES catches on, become one of the most valuable items of information held by the U.S. govern[Page 783]ment). They must also be trusted by the public, or the public will not participate in the EES scheme. With the exception of the secure facilities, the list of necessary attributes describes a body resembling the federal judiciary. Not surprisingly, some noted cryptologists have suggested that the judiciary hold the keys.{305} No doubt the judiciary could acquire the technical competence and equipment required to generate and secure the keys.

Whether judges could constitutionally hold one or more key fragments is a close question.{306} It is clear that Congress could not hold the keys, nor could any congressional agent.{307} Holding keys is an executive function. It would involve judges in the law enforcement process at a time when there is no case or controversy and, as regards the large majority of the keys, no prospect of one. Because holding keys is an executive function, the judiciary (or an agency such as the Administrative Office of the U.S. Courts, which is responsible only to judges) can constitutionally hold the keys only if the function is "incidental" to its Article III functions.{308} If the task is more than "incidental," then the principle of separation of powers requires that it be undertaken by the executive branch or by private citizens.{309} The court taking [Page 784] custody of the keys would be in a position reminiscent of Hayburn's Case,{310} which has long stood for the proposition that neither the legislative nor executive branches may assign duties to the judiciary "but such as are properly judicial, and to be performed in a judicial manner."{311} Unlike Hayburn's Case, however, the judges would not be asked to decide anything until the government was granted a search warrant. The court would presumably disclose the key fragment(s) along with the ex parte order granting the warrant.

Judges already do a number of things that come close to holding a key fragment, but each is distinguishable. Courts and their adjuncts have for many years exercised a wide variety of ancillary powers such as rule making, and the appointment and supervision of court personnel, which are "reasonably ancillary to the primary, dispute-deciding function of the courts."{312} Courts have also supervised grand juries for many years.{313} More recently, Congress has given the judges and courts additional responsibilities, including membership on the Sentencing Commission,{314} and the selection and supervision of independent counsel.{315} Indeed, the granting of warrants (and the record-keeping which follows) are ex parte proceedings, clearly within the Article III jurisdiction of the courts. Taking custody of a key in advance of any adversary or even any ex parte proceeding, with the knowledge that most keys will never be subject to such a proceeding, goes beyond any of these precedents. Perhaps the closest analogy is the court's marshal who is instructed to keep order even though there is no reason to believe [Page 785]that any particular person will seek to disrupt the court's functioning. Even the marshals are an imperfect parallel, however, because their activities impinge only on persons who come into contact with the court or with court personnel; holding key fragments could affect the privacy of many who have no other contact with the judicial system.

Whether the functions of protecting keys from disclosure and disclosing keys to facilitate wiretaps are sufficiently ancillary to the judicial function of issuing wiretap orders and warrants as to be constitutional is ultimately a matter of taste. The existence of the FISA court,{316} whose sole jurisdiction is to receive and rule on petitions for foreign-intelligence-related surveillance, adds some support to the argument that holding a key fragment would be incidental to Article III functions, because the act of holding the keys is only a little more ancillary to traditional judicial functions than are the FISA court's actions.{317}

As a quick fix, the Secretary of Commerce and the Secretary of the Treasury should each immediately issue separate regulations, published in the Federal Register, defining the role of the escrow agents in their respective agencies and making clear that the escrow agents have a legal duty to protect the keys from all release except as specified in the rules. In the longer term, Congress should pass legislation vesting the escrow function in independent agencies specifically created for that purpose.{318} Although opinions differ as to the degree of tenure in office that the Constitution allows Congress to confer on the heads of independent agencies,{319} there [Page 786]is no debate that independent agency status represents an attempt to shield a function from political manipulation, and that the officers of an independent agency have at least political insulation from dismissal by a President who finds them insubordinate. Alternate structures, in which EES-product users can choose to lodge their keys with any one of a number of private escrow agents, might provide even greater security to users, but at the price of some additional complexity. One can imagine a system in which private escrow agents would apply to the Attorney General for certification as suitably secure and perhaps post bond to ensure that they would deliver up keys when legally ordered to do so. Although this system might satisfy both the user's desire for security and the government's desire for certain access, it introduces practical problems. The government will still need to keep a master list of chip serial numbers in order to know which escrow agent has the key. Furthermore, a private escrow agent would have to charge a fee, to be paid either by the chip user or the taxpayer. There is also no particular reason to believe private escrow agents would be less corruptible than the Justice Department, although if key fragments were distributed among many different escrow agents, the harm caused by compromise of any given database would be lessened.{320}

B. Unresolved Issues

In testimony to the haste with which the Administration launched the EES program, important implementation issues remain unresolved. [Page 787]

1. Requests From Foreign Governments

The National Security Council is currently considering under what circumstances, if any, foreign governments would be given the U.S. family key.{321} What if, for example, Great Britain, a friendly government, wished to decrypt a conversation in which someone had used a Clipper-equipped telephone to place a call from London to New York, or from Paris to London? Or suppose a friendly foreign government stated that it would outlaw the use of Clipper-equipped telephones unless it were given the family key and promised that requests for specific chip keys would be honored?{322} At the moment, no policy exists to answer these questions. Giving a foreign government the family key puts it one step closer to decrypting all Clipper traffic; this weakens the security that Clipper is supposed to provide.{323} Refusing to share information with foreign law enforcement and intelligence agencies risks disrupting working relationships. Even a compromise solution, in which the U.S. offers to decrypt messages on a case-by-case basis, might be unpopular both with Clipper users and foreign governments. Indeed, some intelligence-sharing treaties may require either that the tools for decrypting EES traffic be shared with some foreign intelligence agencies, or that the U.S. do the decryption on demand.{324}

The proposed Encryption Standards and Procedures Act would have authorized the President to release keys to foreign governments when she "determines that such access and use is in the [Page 788]ational security and foreign policy interests of the United States."{325} Nothing in the draft legislation would have required that the owner of the chip ever be notified that her security has been permanently compromised. It is interesting to speculate whether a company that suffered a loss due to the release of commercially sensitive information in this manner would have a takings or a tort claim against the United States.

2. Clipper Abroad?

Unlike other modern encryption products, Clipper-equipped products will be exportable. Presumably, U.S. businesses using Clipper at home will welcome the opportunity to use the same products in their foreign subsidiaries. Whether other foreigners would wish to buy a product that comes with a guarantee that the U.S. government can listen in seems more doubtful.

There are two strategies, however, that the Administration might use to boost foreign sales. The first would be to share the family key with foreign governments and perhaps also allow those governments to be the escrow holders for certain chips. The alternative would be to manufacture some chips with a different family key, perhaps even a different family key for each foreign market. The alternative family key could be disclosed to the foreign government without compromising the security of the U.S. chips, but two chips with different family keys would not be able to communicate in secure mode because they would not recognize each other's LEAFs as valid.

The globalization of commerce means that sensitive commercial (and, increasingly, personal) communications cross national borders. Even if EES becomes the de facto U.S. standard, it is unlikely to meet with wide acceptance abroad as long as the family key and the chip unique keys are held by the U.S. government. Why, after all, should [Page 789] non-U.S. buyers acquire a product designed to make eavesdropping by the U.S. government relatively easy?{326} Whether non-U.S. buyers choose a similar product with a different family key or a different system entirely, the result will be to make secure communications between a U.S. party and a non-U.S. party more difficult. If, as the FBI suggests, the U.S. has the most to lose from industrial espionage,{327} EES may hurt U.S. business more than it hurts anyone else.

3. What Level of Protection Do LEAFs Have Under the Electronic Communications Privacy Act?

The contents of an ordinary conversation on the telephone, even one that is not encrypted, are a "wire communication" and hence entitled to the highest statutory protection provided by Title III, as well as the full protection of the Fourth Amendment. It is clear that an encrypted voice communication, even one digitized by a Clipper Chip, remains a "wire communication" for Title III purposes.{328} By contrast, an "electronic communication"--digitized data--receives a lower level of statutory protection, although it is still illegal to intercept it without a judicial order, and the Fourth Amendment still applies with full force. A LEAF on its own, without a conversation following it, would only be an electronic communication, not a wire communication.{329}

A LEAF followed by a wire communication presents a complicated problem under the Electronic Communications Privacy Act of [Page 790]1986 (ECPA).{330} The sensible argument that the LEAF is an integral part of the conversation, and thus really within the umbrella of the wire communication that follows, hits a snag due to the ECPA's definition of the "contents" of a wire communication. Where formerly Title III had defined the contents of a wire communication as including any information "concerning the identity of the parties to such communication,"{331} the ECPA deleted the quoted words, leaving the contents of a wire communication defined as only the "substance, purport, or meaning" of the communication.{332} Fitting a LEAF within that definition requires a stretch. The LEAF itself contains none of the "substance, purport, or meaning" of the encrypted conversation--just information about the identity of the chip needed to acquire those things.

If a LEAF were found to be an electronic noncommunication legally severable from the wire communication that follows it, the LEAF would enjoy a lower level of statutory protection than if the LEAF were treated as part of the content of the wire communication: (1) Law enforcement officials would not need a warrant to intercept and record a LEAF, but only the more routine judicial orders required for pen registers;{333} (2) under the ECPA, any Assistant U.S. Attorney would be allowed to seek a court order to intercept a LEAF, not just the specially designated high-ranking members of the Justice Department who have authority to seek a wiretap warrant;{334} and (3) the [Page 791]statutory exclusionary rule applicable to wire communications would not apply.{335} Without the statutory exclusionary rule, the victim of an illegal interception of a LEAF would have a civil remedy (and the interceptor would face possible criminal prosecution), but no right to suppress evidence would exist unless the Fourth Amendment's exclusionary rule applied.{336} If a LEAF is severable in this manner, it is not as clear as it should be that the LEAF would enjoy any protection under the Fourth Amendment. Because decrypting the LEAF with the family key involves listening to at least a few seconds of the conversation, the act of intercepting and decrypting the LEAF is a wiretap of an electronic communication even if the information thus gathered (the identity of the other chip) is no greater than could be had with a trap and trace or a pen register. Traffic analysis using pen registers (which record the numbers called by a telephone) and trap and trace devices (which record numbers calling the telephone) does not implicate the Fourth Amendment.{337} Under Title III, however, both methods require a court order, although an actual warrant is not required.{338} Despite being a wiretap, the interception of a LEAF might not violate the Fourth Amendment if the telephone user has no reasonable expectation of privacy for the LEAF.

An EES chip user should have a reasonable expectation of privacy, as the term is used in Fourth Amendment cases,{339} in her LEAF, but the question is not as free from doubt as it should be. The difficulty arises because the user is aware that the government has the information needed to decrypt the LEAF. Although the government has promised to use that information only in specific circumstances, it is just a promise, and as the government cannot be estopped, it is usually free to renege, although in some circumstances this action might amount to a denial of due process.

[Page 792]A reasonable expectation of privacy requires both a subjective expectation of privacy and an "objective" recognition that the expectation is reasonable.{340} A Supreme Court that can hold that one has no reasonable expectation of privacy in the telephone numbers one dials,{341} or in the checks one allows to be cleared by one's bank,{342} because the information has been disclosed to others, is capable of holding that emitting a LEAF with knowledge that the government can decrypt it puts the LEAF in the same position as the telephone number dialed.{343}

A LEAF on its own is not worthless, although it is worth less than a session key. A large-scale eavesdropper armed with the family key could collect LEAFs. Because each LEAF contains the chip serial identifier, it allows a large-scale eavesdropper to conduct traffic analysis{344} without having to gain access to a telecommunication provider's equipment to set up thousands of trap and traces or pen registers. If satellite or microwave telephone signals are being monitored, the LEAF-monitoring method of traffic analysis is undetectable.{345} Furthermore, if one is trying to collect all the calls from a particular machine in an attempt to decrypt them, decrypting the LEAF allows one to know which calls to record and file for future reference. Of course, if the eavesdropper has a warrant, in most cases all of this and more is easily obtained from the telephone service provider.{346} It would be monstrous, though, to have a rule that said the government could acquire the LEAF for traffic analysis after falsely promising the American people that EES [Page 793]would be secure. A court construing both the objective and subjective prongs of the reasonable expectation of privacy test would have a moral obligation to take this into consideration.


To table of contents