A. Michael Froomkin
Document information and copyright notice
[Page n] references relate to the pagination of the printed version.
Click here to jump to a specific page:
[Page 860]the place had
become his "home."{662} "Home" is a powerful metaphor; it
is also a legal category that implies certain outcomes and
forecloses others.
It is old news that common-law legal reasoning is both analogical
and taxonomical,{663}
and that metaphor is a powerful tool for both.{664} Nevertheless, the
observation that "[t]he power of a metaphor is that it colors
and controls our subsequent thinking about its subject"{665} is particularly
relevant and powerful when the law encounters a new technology.{666} The law's first
reaction to a[Page 861]new
technology is to reach for analogies and to explain why the new
technology can be treated identically to an earlier technology.
Railroads, for example, could be slotted into the existing legal
categories created to deal with highways, collisions, and freight
tariffs.{667} In
contrast, airplanes--a technological advance on the same order as
the railroad--required a significant change in the law because to
be useful the airplane must fly over land, a classical trespass,
without a right of way.{668}
In the case of cryptography, as with other new technologies, the dominant mode of judicial and perhaps political judgment is likely to be classification by analogy and argument by metaphor. Given that in recent years Big Brother seems to have inspired less fear in any branch of government than has Big Drugs, the selection of the right metaphor is critical.
Four metaphors seem particularly likely to appeal to the courts,
which can be summarized under the rubrics of "car,"
"language," "house," and "safe."
These four metaphors reflect two fundamentally different
characterizations of cryptography. Both "car" and
"language" characterize cryptography as part of the means
used to transmit the message. In this view, an encrypted message
is simply another communication, one which can best be understood
as a special case of the general rules regulating communications.
In contrast, "house" and "safe" treat
cryptography as something that happens before the message leaves
the sender. Both "house" and "safe" suggest
that the proper approach is to start with the sender's decision to
encipher the message in order to exclude unwanted recipients, and
then explore the implications of this choice for the government's
ability to monitor communications. The differences[Page 862]among these metaphors go
beyond putting a positive or negative gloss on encryption; they
amount to different definitions of the nature of the thing itself.
Interestingly, both the general metaphor of communication and the
metaphors of exclusion are sufficiently indeterminate to permit the
introduction of more specific, and contradictory, metaphors that
support both sides in the mandatory EES debate.
1. Focus on Communication
"Communication" as we tend to understand it is itself
a metaphor. English speakers tend to speak as if they share a
particular mental image of how words work. As Michael Reddy has
persuasively demonstrated, the English language defaults to a
metaphor of communication as a conduit for human thoughts and
feelings.{669} In this
cognitive shorthand, the speaker begins with a meaning that she
"puts into words," which are then "gotten
across" to the auditor who then "unpacks,"
"gets," or "absorbs" the speaker's meaning.{670} To put it another
way, the speaker/author "encodes" meanings into words
that "convey" meanings that are then "decoded"
by the recipient.{671}
The ubiquity of the conduit metaphor suggests that encryption, if
understood as a communications conduit, stands the best chance of
being accepted by the courts, Congress, and the public. The same
ubiquity, however, also means that different analogic embodiments of
the same general metaphor can lead to diametrically opposite views of
the constitutionality of a hypothetical ban on unescrowed
cryptography. Indeed, if the encrypted message is seen[Page 863]as a mobile message unit--a
"car" on the information superhighway--then mandatory EES
appears far less troubling than if the encrypted messages are
analogized to language itself.
a. "Car"--How Messages Travel
One could say that the escrowing of a key is akin to having one's
picture taken when applying for a license to drive on the information
superhighway. Or, perhaps, the chip's unique key could be seen as
something like a license plate. If the reigning metaphor for use of
electronic communications is that of a car on the road, it is but a
small step to fixed or random checkpoints, and other minor electronic
detentions.
The LEAF feature in Clipper and Capstone makes checkpoints for compliance with mandatory key escrow particularly easy to implement, in a way that other forms of escrowed encryption might not. Telephone and e-mail messages can be intercepted and copied at random, or according to some pattern, then decrypted with the family key. If there is no LEAF at all, the message is clearly in violation of the mandatory escrow rule. If there is a LEAF, although the text of the message remains inaccessible without recourse to the escrow agents,{672} public servants can check whether the message has been encrypted with an EES-compliant device because the chip serial number is supposed to contain a recognizable string identifying the manufacturer.{673} If this string is instead random, law enforcement knows it has encountered a spoofed LEAF.{674} The beauty of this system from a constitutional perspective is that the intrusion on privacy rights is relatively small. Law enforcement does not need to decrypt actual messages without a search warrant.
The car metaphor also provides law enforcement with a solution
to a timing problem. The information highway patrol may not want
to wait to obtain a warrant to find out whether a message's
cryptography is registered. Just as police who stop cars on the
highway have authority to conduct a search without a warrant,{675}[Page 864]the same might be done on the
information highway, and for similar reasons. Waiting for a
warrant takes too long--the car is gone; the message is gone.{676}
The car metaphor leads naturally, at least from the law enforcement
perspective, to random traffic stops. If the analogy is to vehicular
checkpoints, the examination of the LEAF can easily be characterized
as a minimally intrusive investigation in a way that it cannot be if
the focus is on the act of encryption as something occurring in the
home or office. In the case of real cars, the Supreme Court applies a
reasonableness analysis to vehicle stops, weighing the gravity of the
public concern, the degree to which the seizure advances that concern,
and the interference with the individual's liberty. In United
States v. Martinez-Fuerte,{677} the Court held that limited seizures of
vehicles for questioning of the occupants could be constitutional even
absent a particularized suspicion due to the government's compelling
interest in reducing the influx of illegal aliens, the Border Patrol's
inability to do so at the border, and the minimal harm to the
traveller.{678} In
Michigan Department of State Police v. Sitz,{679} the Court found
that even if only 1.5% of the drivers stopped were drinking, the
governmental interest was great enough to justify the intrusion of a
highway checkpoint.{680} Sitz used a three-prong test{681} requiring (1)
a[Page 865] weighing of the
gravity of the public concerns served by the seizure, (2) some
empirical evidence that the program was effective,{682} and (3) a
weighing of the severity of the interference with individual liberty.
{683} The car
metaphor will no doubt have appeal beyond law enforcement if only
because it is already commonplace to talk about the Internet as a
highway, complete with "on-ramps," "fast lanes,"
and "maps." Perhaps it is time to abandon these convenient
phrases. If the car metaphor prevails, there will be far fewer
constitutional rights in cyberspace than if any other metaphor comes
to dominate.{684}
b. "Language"
A cipher resembles a foreign language. Indeed, during World War
II, the U.S. Navy used speakers of obscure Native American
languages to exchange radio messages that could not be understood
by the Japanese.{685}
A federal law requiring that English be the sole mode of
communication for telephones or e-mails would be unconstitutional
on First Amendment grounds and would violate the Equal Protection
Clauses of the Fifth and Fourteenth Amendments.{686} If one accepts the
analogy, it follows that no [Page
866]cryptosystem may be outlawed. Nor, continuing the
analogy, can the government require that users provide it with a
translation of their messages. Not only would this have Fifth
Amendment implications,{687} but it would chill free speech.{688}
Although a cipher resembles a foreign language, it is not[Page 867]identical. No one can speak in
DES without mechanical aids, and no one can understand a DES-encrypted
message if they do not understand the language of the plaintext.
Cryptologist Dorothy Denning argues that these differences are so
great that in some important sense encrypted speech "is not
speech."{689}
As Denning notes, languages have semantic blocks such as words,
phrases, sentences, or ideograms that "carry" meaning and
that can be manipulated, but ciphertext has no such blocks.{690} Also, Denning
argues, all languages share the property that thoughts, emotions,
beliefs, requests, offers, and concepts can be expressed without
knowledge of any other language.{691} In contrast, ciphertext not only needs to be
decrypted to be understood, but the recipient must understand the
language of the plaintext in order to comprehend the message.{692}
Existing First Amendment jurisprudence provides guidance that
helps determine whether these differences between enciphered
communications and ordinary language speech should be considered
legally significant.{693} The First Amendment protects communicative
acts, not specific modes of communication.{694} The First[Page 868]Amendment protects many
communicative acts that do not use words including photographs,
pictures, nude dances,{695} and silent protest.{696} Although they do not use words, these
protected communications do have messages. They have semantic
units and referents of the type described by Roland Barthes and
others.{697} Indeed,
the Supreme Court recently reaffirmed the importance of the
connection between an unspoken assertion of the speaker's identity
and the communicative content of the message. In City of Ladue
v. Gilleo,{698} the
Court held that an ordinance prohibiting the display of signs in
the front yard of a house violated the resident's right to free
speech as "the identity of the speaker is an important
component of many attempts to persuade."{699} Similarly, there is
no reason to believe that the First Amendment is concerned with the
degree to which a communicative system depends upon another or
stands alone.{700} If
the First Amendment protects works of art so obscure that they can
only be understood by their creator,{701} it can equally well be applied to protect
encrypted speech. Thus, from a First Amendment standpoint, the
differences between ciphertext and ordinary language identified by
Denning are irrelevant to[Page
869]whether a communication is protected speech.
From the viewpoint of the language metaphor, the most troubling difference between ciphertext and classic protected speech is that, in the case of ciphertext, a mechanical aid is required to both create and comprehend the message. This difficulty should not be exaggerated--metaphors, after all, are invoked when things are not identical, not when they are precisely the same. It is unlikely that the mechanical aid would appear as troublesome if, instead of a cryptographic system, the device in question were a prosthetic device, such as a voice synthesizer or an eye-movement operated computer.{702} In the case of these prosthetic devices, one would not expect to find arguments that the communication emanating from the device, or the signals used to operate the device, were any less entitled to First Amendment protection than ordinary speech. Again, the ciphertext example is not identical because the parties to the communication presumably have alternate forms of communication available to them, but this just underlines the fact that it is not the mechanization of the communication that ought to be the stumbling block. As new technologies such as voice recognition become commonplace, one would not expect to see arguments that the speech is somehow less protected while in the binary form that intermediates between sound waves and text, even if the author could have used a pencil instead of speaking to a computer. In any event, because a work of art requiring computer animation or computer-aided virtual reality would depend critically on the assistance of a machine, it would clearly be entitled to the same First Amendment protections as a painting.
Encrypted speech is not exactly an ordinary language, but it is
similar to what we ordinarily mean by language. Moreover, most of
the differences are not the ones that usually matter in the First
Amendment context. The most significant difference between
encrypted speech and ordinary speech is the role of a machine.
Indeed, the encrypted communication much resembles the telephone
call, as voice is translated into a ciphertext (an electrical or
fiber-optical signal) that is transmitted to the recipient who
then[Page 870]decrypts it
(plays it on a speaker). Telephone calls are subject to wiretaps
not because a machine is involved in the communication, but rather
because once public servants have obtained the appropriate warrant,
the signals are in the same position as unmechanized speech inside
the home.
Rejection of the language metaphor might lead to undesirable
consequences. If the government were able to require that users of
strong cryptography ensure the government's ability to decrypt
their messages, it might be only a small step to imposing limits on
the use of languages other than English.{703} Would the last two speakers of a dying
language be required to provide translations of their conversations
if the government charged that they were conspiring in it? Such a
rule would be as difficult to apply as it might be difficult to
distinguish among impenetrable slang or strange accents, a
language, and a code.
2. Focus on Exclusion
Just because somebody wishes to hide something does not mean that
the Constitution necessarily protects it. If desire sufficed to
produce exclusive control over information, successful prosecutions
would be rare. Conversely, just because the government would find
it convenient to know something about an individual does not mean
that the individual has any duty to make the information easily
accessible.{704} In
mediating between these extremes, the Supreme Court has given at
least lip service to the subjective and objective reasonableness of
the individual's desire to block the state's access to information.
Reasonableness of expectations is a particularly manipulable
socially constructed term because the courts' decisions are an
important determinant of what is reasonably expected. If, despite
this, one grants that the idea of reasonable expectations has some
exogenous content, then the courts' willingness to protect strong
cryptography against government control is likely to be influenced
by the extent to which judges find something familiar and
reasonable in the act of encrypting a message. Cryptography that
feels like a PIN number used to access cash machines will be
treated differently from cryptography that feels like the tool of
drug dealers and terrorists.{705}[Page 871]
a. "Safe"
A cipher is armor around a communication much like a safe is
armor around a possession. A person who puts something in a safe
to which they have the only key or combination surely has both a
subjective and objective reasonable expectation of privacy
regarding the contents.
Simply putting something into a safe does not, however, ensure that
it is beyond the law's reach. It is settled law that a criminal
defendant can be forced to surrender the physical key to a physical
safe, so long as the act of production is not testimonial.{706} Presumably a
similar rule compelling production would apply to a criminal defendant
who has written down the combination to a safe on a piece of paper.
There appears to be no authority on whether a criminal defendant can
be compelled to disclose the combination to a safe that the defendant
has prudently refrained from committing to writing, and in Fisher
v. United States,{707} the Supreme Court hinted that compelling the
disclosure of documents similar to a safe's combination might raise
Fifth Amendment problems.{708} Perhaps the combination lock problem does not
arise because the police are able to get the information from the
manufacturer or are simply able to cut into the safe. These options
do not exist when the safe is replaced by the right algorithm.
Although brute-force cryptography is a theoretical possibility,{709} neither safe
cracking, nor number crunching, nor an appeal to the manufacturer is a
practical option when the armor is an advanced cipher. The recently
released Federal Guidelines for Searching and Seizing[Page 872]Computers{710} suggest that
"[i]n some cases, it might be appropriate to compel a third party
who may know the password (or even the suspect) to disclose it
by subpoena (with limited immunity, if appropriate)."{711}
Even if ciphertext is analogous to a document in an uncrackable safe whose combination has never been written down, there are important differences between a paper in a vault and an encrypted e-mail. A safe is a container into which people put things and take them out again, preserving the contents over time by keeping unauthorized persons from having access to them.{712} Ordinarily, a safe stays put. E-mails usually move around.
Current law on moving containers is not very friendly towards privacy. The Supreme Court has stated that "some containers (for example, a kit of burglar tools or a gun case) by their very nature cannot support any reasonable expectation of privacy because their contents can be inferred from their outward appearance."{713} That, at least, can never be the case with an encrypted message, because the external appearance of ciphertext gives no clue as to its content.
The moving safe begins to look a little like luggage.{714} Intuitively, the
privacy interest in a safe seems greater than the privacy interest
in luggage, which is perhaps fortunate because the privacy interest
in luggage has been shrinking towards the vanishing point.{715} Ordinary luggage can
be searched without a warrant upon reasonable suspicion.{716} There appear to be
no recent[Page 873]reported
cases of police forcing a combination lock on luggage without
either consent,{717} a
warrant, or an alert from a drug-sniffing dog.
The privacy interest in locked luggage is insufficient to protect the owner against brief detentions of her property, in order to permit a dog sniff.{718} According to the Supreme Court, the sniff is not a Fourth Amendment "search" because the suitcase remains closed during the test, the dog discloses only the presence or absence of narcotics and cannot reveal the contents of the suitcase, and the "canine sniff" is the least intrusive method of ascertaining the presence of narcotics in the baggage.{719}
A sniff has some similarities to the investigation of a LEAF--low intrusion, bag/message remains closed/encrypted during investigation, and the investigation discloses nothing else about the contents of the bag/message. Like a dog alert, detection of an invalid LEAF could tell police that the message has been encrypted with unescrowed cryptography. Unlike dog alerts, LEAF-sniffing will prove generally unreliable because preencrypting a message with another cipher will hide the contents while presenting a valid LEAF for the world to see.{720}
Overall, the safe analogy is appealing. Unfortunately, it either[Page 874]maps the problem onto an
equally unsettled area of law or collapses back to another form of the
conduit metaphor.{721} It also has the moderate defect of being
vulnerable to technical changes, although for the foreseeable future
high-level encryption will remain far, far easier than brute-force
decryption. It may be, however, that despite the potential for
instability after the next technological or cryptographic revolution,
the absence of law relating to combination locks without written
combinations (the case most analogous to a strong cipher with a secret
passphrase) creates an opportunity to make new law unencumbered by the
baggage of the Supreme Court's luggage precedents. There is no
obvious reason why a person's privacy interest in the contents of a
safe, or a ciphertext, should decrease sharply because the object is
in transit, and it would not be difficult to have the law reflect that
reasonable expectation.
b. "House"--Where Messages Come From
Just as the car is a place where constitutional protections are near
their weakest, the house is where they approach their strongest. The
difference between the house and car metaphors is perhaps best
illustrated by California v. Carney,{722} in which the
Court had to decide whether a mobile home was a house or a car. If it
were a house, then it could only be searched with a warrant; if a car,
then no warrant was needed. The Court held that a moving RV is a car
for Fourth Amendment purposes, but left open the case of a mobile home
that is up on blocks.{723}
The Supreme Court's first encounter with wiretapping produced a
five-to-four decision holding that a wiretap was neither a search
nor a seizure because it took place outside the home and did not
interfere with the transmission of the message. "The
reasonable view," Chief Justice Taft announced, "is that
one who installs in his house a telephone instrument with
connecting wires intends to project his voice to those quite
outside"; having left the sanctity of the home, those
messages and those wires "are not within the[Page 875]protection of the Fourth
Amendment."{724}
The majority's first encounter with the law enforcement aspects of
the telephone treated it as a familiar thing: an instrument to
send a message out into the world, to meet whatever fate might
befall it once it was outside the constitutionally protected zone
of the home--a protection that relied in large part on the
homeowner's property interest in the residence.{725} Justice Brandeis's
dissent relied instead on Boyd's holding that the Fourth
Amendment prevents the government from forcing a person to produce
an incriminating document.
Katz abandoned the idea that the test for Fourth Amendment
protection rested on location. "[T]he Fourth Amendment,"
Justice Stewart wrote, "protects people, not places,"{726} and it thus
protected a conversation originating in an enclosed public telephone
booth. Or rather, as Justice Harlan put it in his concurrence, the
Fourth Amendment protects a person who has "exhibited an actual
(subjective) expectation of privacy" and the expectation is
"one that society is prepared to recognize as
`reasonable.'"{727} Justice Stewart cautioned that "[t]o read
the Constitution more narrowly is to ignore the vital role that the
public telephone has come to play in private communication."{728} Dissenting in
Katz, Justice Black accused the majority of choosing "to
rely on their limited understanding of modern scientific subjects in
order to fit the Constitution to the times and give its language a
meaning that it will not tolerate."{729} His complaint
was that Justice Harlan's concurrence, and by implication the
majority's opinion, argued that it was "`bad physics'"{730} to maintain the
rule originating in Olmstead v. United States that electronic
eavesdropping was not a search.{731} Justice Black believed that the Fourth
Amendment's protection of the "right of the people to be secure
in their persons, houses, papers, and effects, against unreasonable
searches and seizures" connoted the idea of "tangible things
with size, form, and weight, things[Page
876]capable of being searched, seized, or both" and
that an overheard conversation, even on a wire, was none of these.{732}
In fact, it was Justice Black's physics that were faulty. Electrons have size, form, and mass, as do digitized and encrypted messages. Yet despite its questionable physics, Justice Black's legal conclusion appears to be gaining support: since, Katz, the Fourth Amendment, and its emanations have been read more and more narrowly. The Court has examined expectations of privacy that often seem greater, and more objectively reasonable, than those of a telephoner in a public phone booth, but has nonetheless found those expectations--when held by guilty parties--to be unreasonable.{733} Similarly, Boyd has been whittled away to the point that what vitality it retains is limited to personal, noncommercial papers, and even that is now in doubt. The rationale for Boyd's original holding has been effectively abandoned.{734}
In the place of Katz and Boyd, the Supreme Court has
substituted an anemic form of the property theory of the Fourth
Amendment that animated the majority in Olmstead and Justice
Black's dissent in Katz, a theory that in its new form rarely
seems to extend outside the curtilage of the home.{735} Although not
stated as a general principle, as a practical matter the Katz
test has come to depend on the objective reasonableness of an
expectation of privacy,{736} and the Court has routinely turned to legal or
administrative sources to define the parameters of reasonableness{737}-[Page 877]except when it ignores them.{738} Thus, for
example, once trash is placed on the curb to be picked up, the
property interest in it is gone, and the trash is up for grabs.{739} If it is lawful
to fly over a property, it is objectively unreasonable for the owner
to expect that the property was safe from aerial inspection regardless
of the frequency of such flights or community standards of
reasonableness, whatever those may be.{740} But despite the
trespass by the observer, there is no reasonable expectation of
privacy against ambulatory police intrusion into an "open"
field, though surrounded by woods, behind a locked gate with a
"No Trespassing" sign, because the field is open to view.{741}
Katz still applies to its facts, which involved a wiretap of
a telephone call from an enclosed area. And the home clearly retains
a special status, because in United States v. Karo{742} warrantless
monitoring of a beeper placed by a government informant became
unconstitutional at the point where it "reveal[ed] a critical
fact about the interior of the premises that the Government . . .
could not have otherwise obtained without a warrant."{743} But given the
Court's record with reasonable expectations, the reason that
Katz is still good law seems to have more to do with the
existence of Title III than any constitutional principle. It has come
to the point where the citizen's privacy interests might be better
protected if the[Page 878]
discredited property-based theory of Olmstead were revived
instead of reviled.{744} Coincidentally, the development of mass-market
strong cryptography means that the property theory, combined with a
computer or a scrambler telephone, produces a level of
constitutionally protected communications privacy comparable to the
original Katz standard.{745} Today, with the right cryptography, it no
longer matters as much if Katz is narrowed or overturned, at
least as far as communications privacy is concerned.{746} Now there is
something that the citizen can do, inside the home, before a message
is sent out on its vulnerable journey throughout the world.
The value of the legal protections that can pertain to the home if based on a property theory like that in Olmstead should not be overstated. So long as we hold to current conceptions of the home, as a physical structure with walls and sometimes a curtilage too, the interconnections between homes will continue to be classified as "outside" the "house." As a result, regulations, including a ban on the use of unescrowed strong cryptography in communications that leave the house, remain a real possibility.
The "house" metaphor may provide some protection
against the complete reversal of Boyd, depending on whether
a court could compel the production of a key that had not been
committed to paper. If the court were unwilling to do this, say on
Fifth Amend[Page 879]ment
grounds, strong cryptography would provide a nearly unbreakable
means of protecting one's private papers stored in the home
computer.{747}
The decision to classify the cryptographic key as akin to a private paper located in the home also may have interesting legal consequences as the idea of the home evolves. Assumptions about space, about what constitutes the "inside" of a home or an office, may need to be reexamined:
[I]n the era where people work for "virtual corporations" and conduct personal and political lives in "cyberspace," the distinction between communication of information and storage of information is increasingly vague. The organization in which one works may constitute a single virtual space, but be physically dispersed. So, the papers and files of the organization or individual may be moved within the organization by means of telecommunications technology. Instantaneous access to encryption keys, without prior notice to the communicating parties, may well constitute a secret search, if the target is a virtual corporation or an individual whose "papers" are physically dispersed.{748}In this vision, the cryptographic key becomes the thing after which it is named and is transformed from a metaphor into the actual key to a virtual--or is that actual?--electronic home or office.{749}
A court, or any other interested party, that might be called
upon[Page 880]to select among
competing metaphors will naturally be concerned about where they
might lead. Widespread cryptography may have social implications
that are difficult to predict. Strong privacy may not be to
everyone's taste. Secret identities will protect the anonymous
hate mailer, the drug dealer, the purchaser of seedy movies, the
congenitally shy, and the electronic political pamphleteer with
equal efficacy. The implications of anonymous transactions for
taxes, product liability, and copyright, to name only a few, remain
to be worked out.
Sissela Bok hypothesizes a society in which "everyone can keep secrets impenetrable at will. All can conceal innocuous as well as lethal plans, the noblest as well as the most shameful acts, and hatreds and conspiracies as much as generosity and self-sacrifice. Faces reveal nothing out of turn; secret codes remain unbroken."{750} Although Bok recognizes that some version of such a society "might develop precisely in response to the felt threat from increased [information] transparency,"{751} she views such a society as clearly undesirable because "[i]t would force us to disregard the legitimate claims of those persons who might be injured, betrayed, or ignored as the result of secrets inappropriately kept."{752} Strong protection of cryptography may lead exactly there.
However, the absence of the refuge of digital anonymity may be
worse. As identifying data on each of us becomes more voluminous
and more easily accessible to government and to private parties,{753} our lives are
changed, and not necessarily for the better. Indeed, although law
enforcement agencies believe they benefit greatly from their
electronic eavesdropping capabilities, it is unclear whether
society as a whole enjoys a net benefit when one considers both
past abuses and the possibilities for future abuses. To foreclose
an option that would give the lie to Justice Douglas's dystopian
warning that "[w]e are rapidly entering the age of no privacy,
where everyone is open to surveillance at all times; where there
are no secrets from the government"{754} would be a communal confession[Page 881]of lack of trust in our
fellows and in ourselves. It is chilling to think we are fully
capable of making this confession, and that we may even deserve
it.
In making legal judgments about the Constitution and cryptography, one should keep in mind what is possible and what is not. This means that one should consider both the extent to which long-held ideas about the meaning of the Bill of Rights need to be rethought in light of technological changes{755} and that some prohibitions simply are unenforceable. Just as the ITAR have failed to stop the spread of strong cryptography abroad (and the development of indigenous substitutes abroad), so too would any attempt to ban unescrowed cryptography be doomed to failure.{756}
Privacy, constitutional law, and law enforcement are not games.
It is unsettling to think that one's rights may turn on the extent
to which people are able to find a technological means to defeat
what would otherwise be legitimate government action. The good
news is that technological change can provide an opportunity to
rethink, and perhaps increase the coherence of, some constitutional
doctrines. When technology changes social realities,
interpretations [Page 882]of
the Constitution should recognize the change to the maximum extent
the text permits. Thus, although we might be better off today with
the Olmstead standard than into what the Supreme Court has
turned Katz, we should not lose sight of the fact that
Olmstead was wrongly reasoned. Chief Justice Taft's
formalistic unwillingness to recognize that a telephone call was
different from a message on a billboard or a shouted conversation
on a busy street is not an attitude that deserves emulation.
The bad news is that sometimes a technological development is
unstoppable. It may be that the Administration intends Clipper
only as a delaying action.{757} It may be that a future administration,
acting for what seem to be good reasons at the time, will attempt
a form of cryptological Prohibition. If so, it will fail as
Prohibition failed, as the War on Drugs is failing, and as the ITAR
are failing with respect to cryptography.{758}
The executive branch's primary concern has been to accommodate the
interests of banks and others who require strong cryptography, while
also preserving to the greatest extent possible law enforcement and
intelligence capabilities. Noncommercial social implications of
cryptography have received relatively little attention. The private
sector's motives are more difficult to summarize, but[Page 883]there has clearly been a demand
for cryptographic products, and this demand is expected to grow
rapidly.{760}
The executive branch's desire to maintain its ability to eavesdrop on electronic communications at will has driven it to abuse the technical standard-setting process. By manipulating the FIPS procedure, the Clinton Administration has achieved its initial objective of promulgating a standard that is insulated from any meaningful public comment and immune from judicial review. The Administration thus hopes to create a de facto rule where it lacks the statutory authority to create a rule de jure. Despite the seemingly underhanded aspects of the executive branch's behavior, there is no clear evidence that it has failed to comply with existing laws or the Constitution. There is, however, room for doubt, as some of the critical information regarding whether NIST retains its statutorily mandated independent judgment is classified. Congress would be well advised to reassure itself and the public that NIST has complied with the Computer Security Act's requirement that it not delegate decision-making to the NSA. If the NSA is calling the shots, firm persuasion, and perhaps corrective legislation, will be required.
The Administration hopes to coerce acceptance of an escrowed encryption product through its vast purchasing power, but whether this hope can be realized remains unclear. If this attempt fails, the next step may be to seek legislation requiring users of strong cryptography to allow the government some form of access to their cryptographic keys. If, despite what currently seems to be a prevailing opposition to even voluntary key escrow, such a bill were nonetheless to become law, mandatory key escrow would create serious constitutional problems that the courts would have to resolve.
Under current law, the judicial reaction to a hypothetical mandatory key escrow statute would be limited primarily to a balancing test analysis, although private noncommercial users would have a particularly strong Fourth Amendment argument on their side, and a good First Amendment argument as well. Recent history suggests, however, that the government's interest in national security or law enforcement often outweighs the citizen's right to privacy.
By their nature, balancing tests almost demand that courts give[Page 884]some play to the judge's
hopes and, especially, fears. A mandatory key escrow statute would
evoke two conflicting sets of fears, one over control and the other
over lawlessness, symbolized by the archetypes of Big Brother and the
criminal cabal. In the end, the conflict may be decided by the way
the courts characterize cryptography. Just as the cryptographic
"key" is a metaphor, so too may the choice among possible
metaphors determine how much constitutional protection an encrypted
message gets. If the courts treat a ciphertext as if it had been
written in a foreign language, it will trigger a First Amendment
analysis that will result in giving cryptography more protection than
if the courts focus on the place where the message is encrypted. If
encryption is considered no more than the outer envelope in a message
transmission system--essentially a "car" on the information
superhighway--it is likely to receive the lowest level of
protection.
Encryption has much to offer the commercial, professional, and personal users of telephones, computers, and computer networks. As these and other uses grow, they will breed conflict, some of which will inevitably be brought to the courts. The legal ecology of cyberspace is currently underpopulated, but not for long. Clipper and Capstone are only the first of many attempts by the government, and no doubt others, to protect the status quo from changes that upset long-established power relationships. The choices made in the next few years will shape the evolution of electronic communication, and society in general, for decades to come. It would be sad if cyberspace became the first place that the government required civilians, in peacetime, to structure their private communications to make hypothetical future eavesdropping by law enforcement easier.