Dorothy E. Denning
Professor of Computer Sciences
William E. Baugh, Jr.
Science Applications International Corporation
May 15, 1997
We are at the leading edge of what could become a serious threat to law enforcement and national security: the proliferation and use of robust digital encryption technologies. These technologies will be unbreakable, easy to use, and integrated into desktop applications and network services, including protocols for electronic mail, web transactions, and telephony. This paper discusses their impact on organized crime and terrorism.
We begin by summarizing actual cases where encryption was encountered, the scope of the problem, and the methods used by law enforcement to deal with it. Our findings suggest that the total number of criminal cases involving encryption world-wide is at least 500, with an annual growth rate of 50-100%.
We then discuss the threat posed by encryption to law enforcement, public safety, and national security. The threat is manifest in four ways: failure to get evidence needed for convictions, failure to get intelligence vital to criminal investigations, failure to avert catastrophic or harmful attacks, and failure to get foreign intelligence vital to national security. Encryption can also delay investigations, increase their costs, and necessitate the use of investigative methods which are more dangerous or invasive of privacy. Most of the investigators we talked with did not find that encryption was obstructing a large number of investigations. They were, however, concerned about the future.
Trends in the encryption market which impact law enforcement are reviewed next. One trend is the increasing integration of extremely strong encryption into commercial desktop applications and networks. The encryption will be easy to use and totally unbreakable. The worst case effect could be to render most communications and stored data immune from lawful access. Another trend, which has a balancing effect, is a growing market for key recovery systems that protect the owners of encrypted data from lost keys. These systems can give law enforcement agencies an alternative method of getting the keys needed to decrypt evidence.
Encryption is not the only technology which adversely affects law enforcement. We next describe other tools besides encryption, including cloned cell phones and steganography, that can be used to evade the police, conduct surveillance, or intrude into computers and networks. Many of these tools are enhanced by encryption.
Finally, we discuss encryption policy options, including export controls and domestic regulations in the United States and elsewhere, and their impact on crime and law enforcement. We review the Clinton Administration's encryption program to promote key recovery technologies through liberalized export controls, key recovery standards, and a voluntary licensing regime for key recovery agents.
In focusing on the seamy side of encryption and other technologies, we do not mean to imply that they are inherently bad or that their use should be restricted. Encryption in particular can be critical for safeguarding sensitive information. Business needs access to strong encryption to protect against espionage by competitors and foreign governments. Law enforcement needs encryption to safeguard sensitive communications relating to investigations. Individuals need it to protect their private communications and records. Encryption policy must facilitate the sale, export, and use of strong encryption for legitimate purposes.
Not all cryptographic technologies pose a threat to society. It depends on whether the cryptography is used for confidentiality or authentication. The societal threat arises primarily with confidentiality services -- what we refer to as encryption. Authentication technologies enhance investigations by ensuring the integrity and authenticity of evidence and its source. They are at least as important to electronic commerce and information security as encryption, perhaps even more so. Most computer intrusions result either from inadequate authentication or from design and configuration flaws that are not addressed by any form of cryptography.
Our central claim is that the impact of encryption on crime and terrorism is at its early stages. It is critical that we watch the situation closely and respond intelligently. Encryption policy must effectively satisfy a range of interests: information security, public safety, law and order, national security, the economic competitiveness of industry in a global market, technology leadership, and civil liberties. Meeting all of these interests is enormously challenging, but it is crucial that we find ways of protecting both freedom and order.