Encryption and the Law

Jonathan Crowell

The US Constitution

We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.

Article 1, section 8

The Congress shall have power . . . to promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;

Relevant Amendments in the Bill of Rights

The First Amendment Congress shall make no law respecting an

establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Relevant Amendments in the Bill of Rights cont.

The Fourth Amendment The right of the people to be secure in their

persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Pros and Cons of Government Snooping

Many people feel that the government should not be able to read their private communication.

The government needs to be able to read people’s private communication in order to maintain law and order. They need to be able to counter criminals.

Arguments Against Government Snooping

Invoking Freedom of Speech to prevent government snooping is misleading, since the first amendment protects our right to express ourselves publicly – it does guarantee a right to speak in secret.

Invoking the Right to Privacy (grounded in the fourth amendment) is more legitimate, but the fourth amendment also allows for government search when warranted – and strong encryption that thwarts such a government search may be deemed unconstitutional.

Arguments for Government Snooping

The Government needs to be able to track and thwart criminals.

The Government cannot snoop indiscriminately – it must follow a laborious process to acquire a warrant.

In the United States of America, we can trust our government!

Only those who have something to hide are concerned about their right to privacy.

Encryption as Munitions

The International Traffic in Arms Regulation (ITAR) law restricted export of cryptography by placing it on the Munitions List. While this law was in effect, an export license was usually issued only for use by foreign branches of American enterprises and for use by financial institutions.

Case Study: Philip Zimmerman

• Author of Pretty Good Privacy (PGP)

• Someone else posted his software (which was freeware) on a bulletin board that was accessible from anywhere in the world.

• Under investigation for 3 years by the government because PGP is strong enough to qualify as munitions.

Why Munitions?

It is questionable whether the US and Britain would have won World War 2 had they not broken the German Enigma encryption machine.

Terrorist organizations today use encryption to keep their communications secret.

Why Not Munitions?

The Genie is out of the bottle. Strong encryption software is available throughout the world, so restricting its export does not benefit law enforcement, but does hamper legitimate businesses.

Freedom of speech: does the constitution permit prohibitions on the distributions of algorithms?

The Upshot In 1998 and again in 2000 the US relaxed export

controls. Now: Cryptographic products of any key length may be exported

after a license is obtained and the product is subject to a one-time review.

Export to subsidiaries of US companies permitted. Export to health, medical, and insurance companies

permitted Export to online merchants permitted. Restriction: No cryptographic product may be exported to

a terrorist nation (Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria)

Issues in Copyright

In 1998 president Clinton signed into law the Digital Millennium Copyright Act (DMCA), which makes it illegal to circumvent copyright-protection systems.

Whereas Congress sought to limit the use of encryption in its export laws (ITAR), it seeks to limit decryption in the DMCA.

Copying Digital Information

As the furor over Napster has shown, the lucrative recording industry is threatened by digital copying.

The recording industry is attempting to limit unauthorized copying and file-sharing through digital locks that employ tools such as encryption.

Unfortunately (or fortunately) . . .

Unfortunately (or fortunately), for every device used to prevent the illegal copying of information, hackers have been able to devise an equally sophisticated tool to circumvent the security.

The recording industry finally had to admit defeat and turned to congress to enact laws to prevent the circumvention of digital locks.

The DMCA

The DMCA prohibits any person from circumventing “a technological measure that effectively controls access to a work protected under this title.”

This means, for example, that it is illegal for you to break the encryption schemes that attempt to prevent the copying of DVDs.

Prosecuting each individual copyright infringer is infeasible, however, so the DMCA goes on . . .

The DMCA goes on . . .

To prohibit any person from “manufacturing, importing, offering to the public, providing, or otherwise trafficking in decryption technology that is primarily designed to circumvent technological locks; has only a limited commercially-significant purpose other than to circumvent such a technological lock; or is marketed for use in circumventing such a technological lock.”

What the DMCA is really saying

Copyright law is enacted for the good of the public, not the good of the private corporations. It is meant to foster the exchange of ideas and create incentives for engaging in creative work.

The DMCA act, however, places all of the power in the hands of the controllers of the work (the corporations, not the artists) and places severe limitations on the ability of the public to gain access to the work. This is antithetical to the spirit of copyright laws.

And what about free speech?

By prohibiting the manufacture of software the circumvents technological locks, isn’t the DMCA placing an unconstitutional restriction on freedom of speech?

GIVE ME A BREAK! The answer to the question on the previous slide is:

NO. Software, especially mere binaries, is not speech. Even source code is unlikely to qualify as protected

speech. The problem with the DMCA is not that it violates

the freedom of speech, but that it violates the spirit of copyright and places an inordinate amount of power in the hands of giant corporations.

DMCA protects non-protected material

Indeed, corporations could place technological lock on works in the public domain, and the DMCA would prevent attempts to copy these works.

Thus ends my presentation on Encryption and The Law.

Thank you very much.