Student Review:

               This note effectively explains the growing use of encryption in "the information age," and how its popularity threatens law enforcement. The government's recent efforts to implement a voluntary encryption standard are analyzed and the not  predicts that this voluntary approach will eventually give way to widespread government regulation of the creation and  distribution of this type of software.
      The note also examines many of the constitutional questions surrounding such governmental action. The government's fear of  encryption is based on the simple fact that "new technology can make life easier for everyone, not just the law-abiding." (1167) FBI Special Agent in Charge James Kallstrom underscored the government's interest in maintaining its ability to intercept criminal activity:
                "I can assure you that a loss or diminishment of electronic surveillance will produce the following disastrous
                results: An increase in loss of life, attributable to law enforcement's inability to prevent terrorist acts and
                murders. An increase in corruption and economic harm to business, industry labor unions, and society
                generally...An increased availability of much cheaper narcotics and illegal drugs -- along with the personal,
                societal, and economic harm brought about by increased drug use."
      The Clinton Administration attempted to address the fears of the FBI and other law enforcement officials, while at the same time appeasing those concerned about limits on privacy. The result was the "Escrow Encryption Standard" (EES) which was  formally adopted on February 4, 1994 as a voluntary government standard. Although characterized as a "voluntary" standard, Ryan argues that this is a bit of a misnomer. The government's persuasive influence in announcing a "standard" combined with the strict limits it places on exporting encryption devices avoids "an overt mandate," but Ryan claims it also  signals "the government's intent to control the availability and use of strong encryption." (1181).
      Supporters of EES claim that is more powerful than the "Pretty Good Privacy" (PGP) encryption software, which was
anonymously posted on the internet and subsequently used across the world. In an attempt to appease privacy rights
activists, the government may only obtain access information after receiving a court-approved wiretapping order, and then further receiving access from the key's two "escrow agents." [The two agents are located in the Treasury and Commerce
Departments.]
      Without both pieces to the key, any information is unintelligible. Still, detractors of this policy remain distrustful of such
potential government access, despite the added precautionary steps taken here. A Time/CNN poll taken in March, 1994
indicated that 80% percent of the general population opposed the policy. Interestingly, financial institutions who arguably receive the most benefit from strong encryption, have shown a reluctance to change from the algorithms they currently
employ. Manufacturers of encryption devices argue that they are at a competitive disadvantage because of the dual standard they are expected to use. They must make two products instead of one: a product with weaker encryption, which may be exported, and a stronger encryption product for use within the United States. Also, regardless of export restrictions, some companies claim that foreign purchasers would be reluctant to purchase products to which the United States government owned the key.
      This author claims there is evidence that policy announced in 1994 is failing. In August 1995, the Clinton administration
announced that it would begin allowing companies to export stronger encryption software. This change in policy included allowing the exportation of 64 bit encryption keys, which would be held by private companies and "would only be made
available to the government under a court order." (1187) Still, Ryan argues that this move should not be interpreted as a
signal that the government is giving up its effort to control encryption technology: "Although EES no longer appears likely to become the de factor standard, the government still intends to control encryption." (Id. at 1187).
      Ryan concludes that "in order to adequately address the government's fears, the government must enact a mandatory
encryption scheme" by which it would legally require the use of only government approved encryption devices. (1167)
Assuming this prediction will occur, Ryan then examines some of the constitutional questions at issue. First, Ryan asks
whether complete government control of encryption would constitute a search. Applying a Katz-style analysis, Ryan
concludes that "a properly guarded key to a cryptographic system would be an item of information for which the user would have both a subjectively and objectively reasonable expectation of privacy" and "is thus clearly a search or seizure for Fourth Amendment purposes." (1190)
      Second, such potential government regulation may face challenges based on the Fifth Amendment's right against
self-incrimination. Ryan points out that "requiring users to make their key available to the overnment is arguably analogous to forcing users to disclose their secrets in advance." (1191).
      Third, Ryan asks whether such action would violate the First Amendment's freedom of association clause. "This argument," she explains, "stems from such cases as NAACP v. Alabama ex. rel. Patterson and Talley v. California, wherein the Supreme Court held that requiring disclosure of an organizationÆs members or an individuals identity could violate the First Amendment freedoms of association and speech." (Id.)
      Finally, Ryan looks at government regulation of encryption as a First Amendment free speech issue. Commentators haveargued as to whether it should be perceived as "content-neutral" or "content-based" regulation. Those in the neutral camp argue that it regulates language irrespective of the subject matter. Those who argue it is content-based consider the language regulated to be the actual encryption algorithm. Therefore, their argument goes, only specific language is in fact being regulated. This determination is significant because "content-neutral" regulation will receive an intermediate level of scrutiny and therefore have a better chance of surviving.

Article Summary by: Tom Price