18 March 1998

Date: Tue, 17 Mar 1998 20:53:53 -0500
To: cryptography@c2.net
From: Alan Davidson <abd@cdt.org>
Subject: Some Notes on Today's Senate Hearings

For those interested, here are some notes on today's Senate hearings on
encryption and critical infrastructures.

	-- Alan

Alan Davidson, Staff Counsel                 202.637.9800 (v)
Center for Democracy and Technology          202.637.0968 (f)
1634 Eye St. NW, Suite 1100                  <abd@cdt.org>
Washington, DC 20006                         PGP key via finger

(1) Legal Scholars Argue Encryption Controls Unconstitutional;
Administration Backs Off Domestic Controls (For Now)

The Department of Justice and constitutional experts presented dramatically
different views of the Bill of Rights in today's Senate Judiciary
subcommittee hearing on encryption. While the DOJ defended the
constitutionality of domestic encryption controls, two leading legal
scholars presented a sweeping assessment of how domestic controls violate
the protections of the First, Fourth, and Fifth Amendments. A RealAudio
transcript of the hearing before Senator Ashcroft's Constitution
Subcommittee is available at http://www.computerprivacy.org

DOJ representative Robert Litt testified that as a matter of official
policy the Administration is "not looking for any mandatory controls
domestically at this time." This policy apparently applies to the FBI as well. 
(For an interesting aside, see today's Reuters story on the hearing: "The bureau
hopes voluntary concessions by manufacturers of encryption technology will
give it the same capabilities [as legislation], officials said." --
available at http://www.crypto.com)  Litt went on to provide a chilling
outline of why the Administration believes criminalization of
non-recoverable encryption would be constitutional.

Later in the hearing, leading constitutional scholars Richard Epstein of
the University of Chicago and Kathleen Sullivan of Stanford testified that
key recovery of the type contemplated by the FBI and Clinton Administration
is inconsistent with fundamental free expression and privacy rights
embodied in the Bill of Rights. While falling short of calling encryption
controls clearly unconstitutional under current Supreme Court doctrine,
Epstein and Sullivan presented a broad Constitutional case against
encryption controls, based on:

* First Amendment principles prohibiting bans on an entire medium of
speech, like encryption; protecting anonymous speech; and protecting the
speech interest in publishing encryption source code.

* Fourth Amendment protections prohibiting the generalized seizure created
by key recovery without appropriate legal process.

* Fifth Amendment protections protecting against self-incrimination
(implicated by the compelled production of key information); and
prohibiting uncompensated "takings" like those created by the additional
risks and costs imposed on users by key recovery.

Attorney Cindy Cohn, lead counsel in Professor Dan Bernstein's challenge to
US export controls on encryption, also testified on the first amendment
interests that have been recognized in encryption source code. See
http://www.eff.org/ for more details. The testimony of Professors Sullivan
and Epstein is available through CDT's Web site at http://www.cdt.org/crypto

(2) Sam Nunn a Friend to Encryption Advocates?

Also in the Senate Judiciary Committee today, Senator Kyl's Technology
Subcommittee held hearings on "Protecting America's Critical
Infrastructures:  The new policy directive".  As expected, Senators Kyl and
Feinstein used the hearing as an opportunity to call for the development
and deployment of greater surveillance technologies for the information

Danny Weitzner of CDT, who attended the hearing, notes that encryption
advocates may have "found a new friend" in ex-Senator Sam Nunn, who now
co-chairs a new critical infrastructure protection advisory group. Nunn
testified that it is vital that the current stalemate over encryption
policy be resolved soon because: 1) strong encryption is critical to the
security of domestic infrastructures; and 2) failure to resolve the
deadlock between government and industry has lead to such a high level of
mistrust by industry that it is difficult to make any progress on any other
infrastructure protection issues since those issues require a high degree
of cooperation.

[Added by JYA:] [Congressional Record: March 17, 1998 (Digest)] Tuesday, March 17, 1998 Daily Digest Senate Committee Meetings PRIVACY IN THE DIGITAL AGE Committee on the Judiciary: Subcommittee on Constitution, Federalism, and Property Rights concluded hearings to examine the use of encryption and mandatory access in digital communications, focusing on proposals to balance privacy rights with law enforcement concerns, after receiving testimony from Representative Goodlatte; Robert S. Litt, Deputy Assistant Attorney General, Department of Justice; James J. Fotis, Law Enforcement Alliance of America, Falls Church, Virginia; Thomas Parenty, SyBase, Inc., Emeryville, California, Kathleen M. Sullivan, Stanford Law School, Stanford, California, and Richard A. Epstein, University of Chicago Law School, Chicago, Illinois, all on behalf of Americans for Computer Privacy; Bill Weidemann, RedCreek Communications, Newark, California; Cindy A. Cohn, McGlashan and Sarrail, San Mateo, California; and Tim D. Casey, MCI Communications, Washington, D.C. CRITICAL INFRASTRUCTURE PROTECTION Committee on the Judiciary: Subcommittee on Technology, Terrorism, and Government Information resumed hearings to examine the need for a national strategy and policies to protect the critical infrastructures of the United States, receiving testimony from former Senator Nunn and Jamie S. Gorelick, each a Co-Chair of the Advisory Committee to the President's Commission on Critical Infrastructure Protection; and Lt. Gen. David J. Kelley, Director, and Brig. Gen. James Hylton, Director of Operations, both of the Defense Information Systems Agency, Department of Defense. Hearings were recessed subject to call.