Stanford University

News Service



CONTACT: Kathleen O'Toole, News Service (650) 725-1939;

Encryption control may encourage crime, not prevent it, Hoover scholar says

Legislation sought by the nation's top law enforcement officials to limit the manufacture and sale of encryption software "is more likely to encourage terrorism and increase crime than to diminish them," said Joseph McNamara, a Hoover Institution research fellow and former police chief of San Jose and Kansas City.

Speaking to the San Jose Rotary Club on Wednesday, Sept. 16, McNamara said a Clinton administration proposal before Congress would create an encryption regulatory system on computerized information that will be ineffective, jeopardize Americans' constitutional rights and become a new, ideal target for terrorists, corporate spies and other types of criminals.

The FBI and Justice Department seek to limit manufacture and sale of encryption software to that which provides "keys," or de-scramblers of messages that initially used encryption software to protect the information from unauthorized use. The key would be kept by third parties and given to law enforcement agencies when they obtained a court order. The agencies say they need keys to message-scrambling technology in order to prevent terrorism and crime. They have said they are aware of more than 500 foreign suspects who have used encryption in committing crimes.

McNamara, however, said the potential for inappropriate, unauthorized and criminal use of the keys is great and that the key system jeopardizes Americans' rights to free speech, protection from unlawful search and seizure, and the taking of property without due process.

The legislation as it is now drafted would allow government surveillance on an "unprecedented scale,"he said in prepared remarks for the Rotarians. "Billions of communications would be susceptible to interception in contrast to present court-approved wiretaps of telephones."

In an interview later, McNamara explained that currently telephone conversations are tapped legally after a court order is obtained. Taps require substantial police manpower which limits the amount of surveillance the government undertakes. Last year, courts authorized 600 federal wiretaps, two of which dealt with suspects for murder or assault. Most of the rest were on the phones of suspects in non-violent crimes such as drug selling, gambling and racketeering.

Under the proposal, he said, the agencies could greatly expand their access to communications, retroactively tapping into all types of information stored in computer systems. "If they get a court order for my communications, they not only would have access to the systems I use but to everybody's system who communicated with me by fax and e-mail. They want the ability to tap any communication anywhere on the globe."

Many types of communications and stored data ­ from telephone, fax and e-mail messages to ATM transactions and personnel records ­ use encryption software, he said. European governments have refused to support U.S. proposals for encryption controls, and so foreign software companies will provide encryption systems without 'keys,' he predicted. "The only thing the legislation will succeed in doing is hurting the U.S. economy."

The FBI has proposed that the 'keys' to computer files be kept by third parties instead of directly by any of the 17,000 U.S. law enforcement agencies who might use them. The third parties, McNamara contended, will become "centralized targets" for criminals, including terrorists and businesses who are willing to engage in corporate espionage.

"You would have to have at least one third party for Hewlett-Packard systems alone, so how many third parties would there be?" he asked. "It's inevitable that the third parties eventually will make honest mistakes, or one of their employees will be corrupted or there will be a theft from one of them."

The proposal has several provisions that would make the keys highly attractive to criminals, he said. It calls for plain-text conversions of the scrambled data to be provided within two hours and that the 'keys' be capable of breaking into systems with no trace of the break-in to the owners of the information. Hackers currently break into computer systems, but the technology usually allows systems owners to quickly detect the break-in and take action to protect their data, he said.

He also cautioned that the FBI could share the information with foreign police who might be tempted to share the information with their own governments or industries.

The computer industry has lobbied for elimination of existing export controls on encryption software. On the day of McNamara's speech, Vice President Al Gore announced relaxation of controls on exports to medical, insurance and online commerce companies. The Justice Department has not withdrawn its request for 'keys' legislation, however, and McNamara said he feared it could pass because politicians are reluctant to oppose a proposal described as a tool for fighting terrorism. The debate in Washington over whether to impeach President Clinton, he said, will most likely keep Congress from taking action this term.


© Stanford University. All Rights Reserved. Stanford, CA 94305. (650) 723-2300. Terms of Use  |  Copyright Complaints