The FBI group

[Back to the policy page]

  • Edward DeGuzman
  • Kim Fife
  • Alyna Jacobs
  • Daniel Shaivitz

    What to prepare for
    You will write a supporting memo (at most 3 pages long) for a senior FBI official testifying before a committee of the U.S. Congress. The official has been asked to testify in support of a bill tightly regulating the sort of encryption software which can be sold or exported. Some points listed below may be helpful to you, but don't feel limited to them, please. See this FBI website and possibly find more support for your positions at the websites of the NSA and the CIA.

  • Strong cryptography could help kidnappers by allowing secret communication between the criminals, and assisting synchronization of their actions.
  • Strong cryptography easily available could assist international terrorists, who may be backed by rogue nations, use international communications and then local communications to target and execute their missions.
  • Strong cryptography easily available could deter our efforts to protect the nation's information infrastructure, increasing the vulnerability of financial communications.

    In your oral rebuttal
    Be prepared to deal with the financial argument that restrictions on strong crypto domestically lead to decreased sales since residents of other countries can write software with good crypto. Also, export regulations of crypto software lead to de facto restrictions on what U.S. citizens are likely to be able to use inside the U.S. since there is, effectively, world-wide, one market for software, thereby regulating even what U.S. citizens are likely to be able to use inside the U.S.! Of course, be prepared to deal with arguments about civil liberties.

    Benefits of Keeping Encryption Software from the Mainstream

    Position: The Federal Bureau of Investigations strongly feels that strict regulation of encryption software is necessary for preserving national security, protecting the safety of e-commerce, and insuring authenticity of e-mail for all Americans.
    1. Protection from international terrorism
      There is a need to protect the American democracy and its citizens from the harms of drug cartels, kidnappers, terrorists, and most importantly the attacks of foreign nations. A powerful nation is at any time in danger of attack, either from within itself or from a foreign nation. The role of the FBI is to "identify, penetrate and neutralize foreign intelligence and terrorist activities directed against the United States." The success of this mission can be greatly enhanced by having U.S. Government-regulated cryptographic software. As the FBI points out on its web-site, "Perhaps the greatest potential threat to our national security is the prospect of "information warfare" by foreign militaries against our critical infrastructures."

      Indeed, it is believed that since our military power is so great, foreign nations are looking for other ways to attack. "Our reliance on information technology [for] controlling critical government and private sector systems" puts our national security at risk for attack by this "information warfare." "The law enforcement community is urgently calling for the adoption of a balanced public policy on encryption." That is, we need to enhance our abilities to defend against international terrorists while still holding true to personal freedom for our citizens. One way to ensure that the security of our nation is upheld is to implement use of U.S. Government sanctioned cryptographic software. Frankly, this means that the U.S. Government will have available to it some backdoors into the encryption scheme; however, these backdoors serve only to allow access by authorized U.S. Government persons in order to protect the security of our nation. This restricted access works to protect the privacy of citizens who use the software and also to protect our nation against those who are using the encryption against us. Furthermore, the software will be available in a variety of versions in order to appease skeptical consumers who might question the security of a single cryptographic program. In addition, the ban on exporting cryptographic software could be lifted. The purpose of the present prohibition of exportation of cryptographic software is to protect us against the invasion of a foreign nation who is using our homegrown cryptographic weapon against us. Allowing export of sanctioned software not only opens up the worldwide market for U.S. software companies, but it also serves to ensure that these products used by other nations cannot be used to attack us.

    2. Increasing the security of e-commerce and e-mail
      While protecting our nation from other hostile nations and securing identities in e-commerce, a regulation of strong encryption will help control domestic crimes committed via computer access to the Internet or an online network. The most basic and widely used technology ushered in during the Information Age is electronic mail (e-mail). E-mail has allowed for a global compression of time and space. Particularly in the United States, college students, family relatives, and business clients scattered across the country have access to this technological tool, allowing the distance between two post offices to no longer be an issue when sending a message. However, as the number of e-mail users increases, so does the susceptibility of e-mail to attacks.

      Electronic commerce, or e-commerce, has been popularized by the business world resulting in an estimated $100 billion in sales from over 100 million Internet users in this country in 1999 alone. With the emergence of this new sector of the American market, not to mention its impact on the global economy, a new transaction venue (cyberspace) places intellectual property in the midst of crime and victimization of a higher order. Information such as credit card numbers, banking accounts, financial institution codes, and any other similar data which may at any time pass on an electronic current compromises the security of not only the acting parties, but the nation as a whole.

      Encryption in e-mail is used to assure the reader of the authenticity of the sender's message and the true identity of the sender. Protecting encryption technology from reaching the mainstream allows coding techniques to stay away from criminal minds. While a computer is not necessary to steal someone's key, the key is only useful when coupled with the appropriate coding algorithm. A criminal with a valid key but without a knowledge of the key's proper application is less likely to commit a crime. Strictly regulating what algorithms become essentially "public knowledge" will prevent criminals from opening the lock encryption provides.

      As this bill attempts to take away encryption knowledge from criminals, it in turn empowers the government with the greater probability of decoding data that is already encrypted. The large scope of e-mail users has the government convinced that among its users are narcotics traffickers negotiating a sale, hackers manipulating private information, pedophiles coding child pornography, and kidnappers plotting a crime. In order to effectively pursue and prosecute these criminals, a vital piece of evidence needed would be an e-mail message plotting out the crime. Unfortunately, covert operations are already currently discussed through encrypted e-mail. Strong encryption regulation would limit the possibility of new encryption algorithms being produced independently. Therefore, when an encrypted message needs to be decrypted, the government official should only have to investigate algorithms registered with the NSA. The need to investigate independent coding schemes only lengthens the investigation process.

      A common feature of most encryption schemes is the existence of a private "key", usually a string of numbers of a predefined length, that is vital to decoding an encrypted message. Aware of the many ways criminals can obtain keys through violence, the owner of private key may choose to store it in a recovery agent. The US government has already taken steps to augment the security of recovery agents. On September 13, 1999, the Cyberspace Electronic Security Act (CESA) was passed which set rules all recovery agents must follow.

      First, keys stored in a recovery agent cannot be released without proper authentication from the person who stored the key or his/her heir. Second, all keys in a recovery agent must be decoded when requested by the FBI for investigation into crimes. Finally, all recovery agents must abide by a "decode and destroy" policy, which requires the disposal of a key once it is removed from a recovery agent. Currently, almost all recovery agents utilize strong encryption schemes of which the government has in-depth knowledge. The passage of this bill ensures that all recovery agents are somehow linked to the government. If strong encryption schemes are released, recovery agents could become a commercial market. Independent companies can create and market their own recovery agents and secretly break CESA regulations. Criminals can illegally utilize their cache of keys by releasing them to unauthorized users, randomly destroying keys, or keeping records of keys already taken out of the recovery agent. This bill will ensure that recovery agents are made by government employees and strictly follow CESA regulations.

    3. Conclusion
      The debate over the public release of encryption software is essentially an argument regarding the release of knowledge. While the United States fosters the advent of new ideas--both from the United States and abroad--it also must protect all Americans from the dangerous applications of this knowledge. Given the past incidences of crime and terrorism linked to encryption, the Federal Bureau of Investigations feels it is imperative that encryption software should be strictly regulated in order to prevent it from reaching the minds of those who would employ it for unjust purposes.