Encryption and the Constitution
Is encrypting your files a constitutionally protected right? That was the question for a mock trial held here this week at the Sixth Conference on Computers, Freedom, and Privacy.
That was the question for a mock trial held here this week at the Sixth Conference on Computers, Freedom, and Privacy, hosted by the Massachusetts Institute of Technology and the World Wide Web Consortium. The trial was based on an imaginary case and will have no actual impact on the law, but the issue debated by four well-known lawyers before a panel of five federal judges is very real: does the government's restrictions on the use of encryption technology violate the rights of citizens under the First, Fourth, and Fifth Amendments of the Constitution?
The 500 cryptologists and software engineers gathered who attended this week's conference would answer vehemently that it does, and they want to spread that message to the average consumer buyer and voter. "The freedom of speech allows the practice of speech in a form the government does not understand," said Andrew Good, a partner in Boston-based Silvergate & Good and one of the counsels for the defense in the moot court.
Encryption technology lets users code their email message and files so that only the intended recipient can read them. While the industry encourages consumers to buy things from online storefronts using credit card numbers and an ever-increasing amount of personal information is being sent over public networks like the Internet, users are more concerned about the dangers of hackers stealing unprotected information. And as more corporate information is stored on servers accessible from the Internet, businesses are looking for stronger encryption technology to protect their information resources.
But under current law, encryption software is classified as munitions and a military weapon, so its exportation is restricted by the federal government. Users are limited to the use of encryption software that uses keys, or codes, up to 40 bits in length--a chain with few enough links to be easily broken by hackers.
Two bills introduced this month propose to lift those restrictions, and the Clinton administration has already agreed to cooperate if the measures land on the President's desk. But with one caveat: The administration wants to implement a registration system called a key escrow scheme that would require users of encryption technology to register their encryption keys with the government or a designated third party so that law enforcement authorities would be able to subpoena the keys during criminal investigations.
This way, the government could get to an encrypted message or file that was needed as evidence for a criminal case or threatened national security, a proposal modeled on the Title III laws under which agencies can request wiretaps for telephone lines. In exchange, the government would allow users to legally use the strongest encryption technology available.
Cryptologists, many computer users, and civil libertarians want the government to lift the restrictions. But they argue that the key escrow quid pro quo impinges upon freedom of speech and protections against unreasonable search and seizure and self-incrimination.
To illustrate that point, this week's moot court played out a fictional case--United States of America vs. Charles F. Woodbury--as it might be argued before the U.S. Supreme Court. The court demonstrated how private citizen Woodbury could be convicted of unauthorized use of restricted encryption in violation of the fictitious Cryptography Control Act of 1995 and provided an opportunity for lawyers to air the pros and cons of encryption regulations.
Mark Jackowski, the assistant U.S. attorney from Tampa, Florida, who helped indict Panama's General Manuel Noriega, and Mark Rasch, a former federal attorney who prosecuted the Robert T. Morris worm (computer virus) case, represented the government. Their case rested on the parallel between wiretapping laws and key escrow systems and the claim that unintelligible speech is not covered by the First Amendment
The case for the defense was posed by Andrew Good and Phil Dubois, a solo practitioner in Denver, Colorado, who represented Phil Zimmermann, the author of widely available encryption software called Pretty Good Privacy when he was recently under investigation by the U.S. State Department. According to the defense, the Constitution does not distinguish between intelligible and unintelligible speech and, therefore, encrypted speech qualifies for free-speech protections.
Furthermore, Dubois argued, registering encryption keys before a crime has been committed violates our right to privacy implied by the Fourth Amendment. "It is like being required to deposit my house keys with a local police station," Dubois said.
The issues that surfaced in this week's moot court are likely to be raised again--and much more publicly--as the proposed encryption bills wend their way through Congress and perhaps eventually into a real courtroom where encryption will be under trial.
Related stories:
Pro-encryption legislation introduced
Legislation loosens up on encryption
RealAudio coverage: CNET Radio