By Rachel Chalmers
Foiled by Congress its attempts to create a Federal Intrusion Detection Network (FIDNET) earlier this month, the Clinton Administration is circulating another plan designed to circumvent criminal use of encryption technology. The proposed legislation would permit federal agents armed with search warrants to break into offices and homes in order to recover encryption keys, plant monitoring devices or otherwise modify computer systems to ensure that the government can recover plaintext from encrypted data. Like the FIDNET plan, the outline of the Cyberspace Electronic Security Act has been leaked to the Center for Democracy and Technology (CDT) and published on its web site. And like the earlier plan, it has quickly become the target for scathing criticism from civil liberties and privacy groups.
This strikes at the heart of the Bill of rights, said Electronic Privacy Information Center general counsel David Sobel. It would be truly ironic if the use of encryption – which is designed to protect privacy – gave the police a green light to secretly break into homes. Sobel points out that under existing surveillance laws, surreptitious physical entries are extremely rare and were approved only 50 times in the last year. Extending this extraordinary power to cases involving computer files would make police break-ins far more common than they are today, he said. The CDT is no less harsh in its analysis of the proposed Act. With this dramatic proposal, the Clinton Administration is basically saying: ‘If you don’t give your key in advance to a third party, we will secretly enter your house to take it, CDT officials said.
The DOJ claims that its planned provisions to ensure key recovery will actually protect lawful users of encryption by forcing any third parties holding such keys to observe the stringent requirements set out in the Act. The CDT retorts that: The DOJ- drafted procedures are complicated and unique, turning on unanswered questions of what is ‘generally applicable law’ and what is a ‘constitutionally protected expectation of privacy’… In any case, few individuals use third party key recovery, and there seems to be little individual or corporate interest in key recovery for communications, so even the strictest procedures for access to escrowed keys would be vastly outweighed by the proposed secret searches of homes and offices.
