EPIC Alert 2.07


Volume 2.07 May 4, 1995

Published by the Electronic Privacy Information Center (EPIC) Washington, DC [email protected]

WWW http://epic.org


Table of Contents

[1] White House, Republicans Release Counter Terrorism Proposals [2] Freeh Testimony on Proposal, Comments on Encryption [3] Electronic Surveillance Up: Efficiency Falls [4] White House Releases Executive Order on Secrecy [5] EPIC Obtains Secret Documents on Clipper [6] EPIC Privacy Resources [7] Upcoming Conferences and Events


[1] White House, Republicans Release Counter Terrorism Proposals

Two proposals to expand dramatically the surveillance capabilities of the federal government are now under consideration by lawmakers in Washington, DC. Both measures raise far-reaching questions about the appropriate scope of government power in light of the tragic events in Oklahoma City.

Senator Dole and Senator Hatch introduced S. 735, the Comprehensive Terrorism Prevention Act of 1995, late last week. The bill incorporates earlier proposals to expedite deportation proceedings, restrict fundraising for political organizations, modify habeas corpus laws, extend electronic surveillance capabilities for the FBI, ease access to credit reports, banking records, and travel and hotel records, and fund a wide range of new law enforcement programs.

The White House, still without a sponsor for its bill, has circulated a draft of the "Antiterrorism Amendments Act of 1995." The bill is intended to be considered along with an earlier White House proposal on terrorism. The bill also extends surveillance capabilities but contains fewer safeguards than are found in the Dole-Hatch measure.

The White House bill modifies current wiretap law and privacy law, and permits extensive expansion of electronic surveillance capabilities, including greater access to telephone toll records, broad exceptions to current limitations on wiretap capability, authority for roving wiretaps, and a new exception that would permit the use of illegally obtained evidence in a court proceeding.

The White House measure also establishes a Telecommunications Carrier Compliance Fund that would permit the Attorney General to pay telephone companies and other firms to design wiretap ready technology The Fund would be financed by a 40% increase in all civil monetary penalties assessed by the United States government. The White House measure allows the Attorney General to spend $485,000,000 over the next three years toward this program.

The Senate Judiciary Subcommittee on Terrorism, Intelligence, and Government Information will hold hearings on the measures on Thursday, May 4. Senator Specter chairs the Subcommittee.

Copies of the proposals and EPIC's complete analysis are available at the EPIC Domestic Security and Freedom page (http://epic.org/terrorism/)


[2] Freeh Testimony on Proposal, Comments on Encryption

Testimony of FBI Director Louis Freeh before House Committee on Judiciary, Subcommittee on Crime, May 3, 1995

...

With respect to the authorities that we have, as we testified in the Senate last week, the FBI is very comfortable with the attorney general guidelines. I feel very confident that, interpreted broadly, and certainly within the Constitution, those guidelines give me and my agents the authority we need to investigate and prevent, in many cases, what would be clear violations of criminal law and clear terrorist activity within the United States ...

We need the authority to trace money, explosives, nuclear materials and terrorists. Pen registers and trap-and-trace devices are necessary in counterterrorism as well as counterintelligence cases. The threshold ought to be the same in a criminal case as in a terrorism case. It's critical that investigators have increased access, short of a full-blown grand jury investigation, to hotel, motel and common-carrier records.

...

Encryption capabilities available to criminals and terrorists, both now and in days to come, must be dealt with promptly. We will not have an effective counterterrorism stat- counterterrorism strategy if we do not solve the problem of encryption. It's not a problem unique, by the way, to terrorists. It's one which addresses itself to drug dealers and cartels and criminals at large. There are now no legally available means in some dangerously few cases to exclude and remove alien terrorists from the United States. Again, that's an issue that this committee has already taken up.

These are tools. These are not new authorities. These are tools with which to use our current statutory authority, all, in my view, well within the Constitution. And the addition of those resources, which are people and technologies, will give us the ability to deal with these cases as well as prepare for and prevent other incidents such as the one we've seen recently.


[3] Electronic Surveillance Increases Sharply in 1994, Efficiency Falls

In a report sent to Congress this week, the Administrative Office of the United States Courts revealed that the use of electronic surveillance by law enforcement agencies reached an all-time high in 1994. The growth was driven by an increased number of federal narcotics investigations.

In 1994, 1,154 electronic surveillance orders were granted, up from 976 in 1993. The increase in 1994 was the single largest jump since the early 1970s, when legal wiretapping was first authorized. The number of orders for state and federal increased 18 percent over last year, while federal use jumped by 23 percent. During the year, 554 federal and 600 state orders were approved. For the sixth straight year, no requests were denied by a federal or state judge. A total of 44,500 days of recording were reported, up 12 percent from 1993. The average length of each interception was 40 days, up from 19 days in 1978 and slightly lower than 1993 figures.

The vast majority of electronic surveillance was used in drug investigations. Seventy-six percent of all orders were for narcotics investigations and eight percent each for racketeering and gambling.

Significantly, in light of the tragedy in Oklahoma City and efforts in Congress to increase electronic surveillance for domestic security reasons, there were no orders to investigate "arson, explosives, and weapons" charges for the sixth straight year. That category of cases accounts for only 55 of 19,139 electronic surveillance requests over the past twenty years. Most occurred during the 1970s. Electronic surveillance under the Foreign Intelligence Surveillance Act for "national security" cases is not included in the report.

Meanwhile, the efficiency of electronic surveillance dropped sharply. Only 17 percent of conversations that were intercepted were deemed "incriminating" by prosecutors. An average of 2,139 conversations were recorded per intercept, while an average of 373 of those conversations were classified as incriminating. Since the 1970s, the efficiency of wiretaps has steadily declined. Each order captured an average of 84 individuals in intercepted conversations.

There was a sharp increase in the interception of electronic devices, including cellular telephones, pagers and electronic mail. Some 208 orders were issued for intercepting electronic devices, up 47 percent from 1993. During the year, 768 orders were issued for standard wiretaps. The use of microphones dropped from 55 to 52, while the number of investigations that used several types of devices increased slightly to 72 from 63.

Electronic surveillance continued to be an expensive investigative tool, averaging $49,478 per order. The average cost for a federal orders is $66,783. The highest cost for a single electronic surveillance operation occurred in a federal investigation in Indiana, where an 87 day intercept cost the government $839,421.


[4] Clinton Secrecy Order Includes Crypto

On April 17, the White House released the President's long- awaited Executive Order on the classification of national security information. The order still permits classification of information relating to "cryptology", but some changes were made. The new order requires the automatic declassification of most secret information 25 years or older. However, the order exempts information from automatic declassification if it falls into a narrow exemption category, including information that would "reveal ... a cryptographic system or activity."

Efforts to revise the current Executive Order (issued by President Reagan in 1981) began more than two years ago, soon after the Clinton Administration assumed office. EPIC actively monitored the revision process and urged a relaxation of classification standards generally and of those governing cryptographic information specifically. In comments submitted in July 1993, EPIC staff urged removal of "cryptology" from the categories of information presumed to be classifiable. We noted that the "designation of a routine privacy-enhancing technology as presumptively a national security matter is inconsistent with the end of the Cold War and the dramatic growth of commercial and civilian telecommunications networks. ... [Cryptographic] technology today plays an essential role in assuring the security and privacy of a wide range of communications affecting finance, education, research, and personal correspondence."

Under the Reagan order, "cryptology" was singled out as a separate and independent category. The new Clinton order instead refers to "intelligence activities (including special activities), intelligence sources or methods, or cryptology." This formulation suggests a recognition that information concerning encryption technology should only be classified if it relates to intelligence uses of the technology, as opposed to the increasing use of encryption in civilian applications. The language, however, remains ambiguous and does not comport with the growing opinion that cryptography should not be presumptively tied to national security classification.

The classification of cryptographic information has already hampered the public's ability to monitor the government's activities in the area of civilian communications security. Information relating to the Digital Signature Standard (intended for the authentication of unclassified electronic transmissions) was withheld from disclosure under the Reagan Executive Order. Likewise, key information concerning the Clipper encryption initiative (including the underlying Skipjack algorithm) was classified and placed beyond public review.


[5] EPIC FOIA Update

In the last few weeks EPIC has received a substantial amount of material from the National Security Agency, the National Security Council, the Justice Department and the Federal Bureau of Investigation on the Clipper and Digital Telephony proposals.

Materials Include:

-- A series of internal email messages about the Clipper proposal sent by the National Security Council to the White House in the early days of the Clinton Administration. The first message appears only three days after Clinton's inauguration.

-- A undated document obtained from the National Security Agency entitled: "Options to Address Encryption Effects on Law Enforcement." The document describes the conclusions of the Interagency Working Group set up after Clipper proposal was announced in April 1993:

-- Another memo dated October 19, 1990 obtained from the NSA bluntly states the NSA position on the DSS and key escrow proposals.

-- A copy of the the classified Presidential Review Directive 27, President Decision Directive 5 and several drafts of the Interagency Report on Clipper entitled "Impacts of Telecommunications and Encryption Technology on Law Enforcement and Intelligence Collection: Assessment, Options, and Recommendations."

-- A heavily redacted report on "problems" encountered by law enforcement that justified last years Communications Assistance for Law Enforcement Act of 1994.

EPIC will be making the material available in its annual Cryptography and Privacy Sourcebook in June. The book will sell for $50. Copies of previous years sourcebooks are also available. EPIC will also make available GIFs of documents obtained from the government under the FOIA.


[6] EPIC Privacy Resources

EPIC is expanding its web resources. New material is available on:

Material on the Counterterrorism Proposals Currently in Congress http://epic.org/terrorism/

Materials on Open Government, the Freedom of Information Act and EPIC's FOIA docket http://epic.org/open_govt/

Materials on free speech and the right to anonymous speech http://epic.org/free_speech/


[7] Upcoming Privacy Related Conferences and Events

The 1995 Summer Security Conference "Summercon." June 2-4 1995. Atlanta, GA. Speakers include Eric Hughes (cypherpunks), Bob Stratton (Alternet). Email [email protected] or http://www.fc.net/scon.html

Society and the Future of Computing 95. June 11-14,1995. Durango, Colorado. Sponsored by USACM. Email [email protected] http://www.lanl.gov/LANLNews/Conferences/.sfc95/sfcHome.html

INET '95. June 28-30, 1995. Honolulu, HI. Sponsored by the Internet Society. Speakers on privacy include Frank Tuerkheimer (University of Wisconsin School of Law.), Marc Rotenberg (EPIC), Bill Burrington (AOL). Contact [email protected].

Key Players in the Introduction of Information Technology: Their Social Responsibility and Professional Training. July 5-6-7, 1995. Namur, Belgium. Sponsored by CREIS. Contact: [email protected].

DEF CON III. August 4-6, 1995. Las Vegas. Major hacker conference. Contact: [email protected] or http://dfw.net/~aleph1/defcon

Advanced Surveillance Technologies. Sept. 4, 1995. Copenhagen, Denmark. Sponsored by Privacy International and EPIC. Contact [email protected]. HTTP://privacy.org/pi/conference/

17th International Conference of Data Protection and Privacy Commissioners. September 6-8, 1995. Copenhagen, Denmark. Sponsored by the Danish Data Protection Agency. Contact Henrik Waaben, +45 33 14 38 44 (tel), +45 33 13 38 43 (fax).

InfoWarCon '95. September 7-8, 1995. Arlington, VA. Sponsored by NCSA and OSS. Email: [email protected].

"Managing the Privacy Revolution." Privacy & American Business. Oct. 31 - Nov. 1, 1995. Washington, DC. Speakers include C.B. Rogers (Equifax). Contact Alan Westin 201/996-1154.

11th Annual Computer Security Applications Conference: Technical papers, panels, vendor presentations, and tutorials that address the application of computer security and safety technologies in the civil, defense, and commercial environments. December 11-15, 1995, New Orleans, Louisiana. Contact Vince Reed at (205)890-3323 or [email protected].

(Send calendar submissions to [email protected])


The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send the message:

SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname

to [email protected]. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce.

Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). An HTML version of the current issue is available from http://epic.org


The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information, email [email protected], WWW at HTTP://epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax).

The Fund for Constitutional Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization of people concerned about the impact of technology on society. For information contact: [email protected]

If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy and efforts to oppose Clipper and Digital Telephony wiretapping proposals.

Current FOIA cases include: EPIC v. National Security Council (effort to uncover information surrounding Security Policy Board, EPIC v. FBI (effort to obtain information justifying wiretap legislation), CPSR v. National Security Agency (records relating to Clipper and NSA decision to classify public documents), CPSR v. National Institute of Standards and Technology (records regarding development of Digital Signature Standard), and CPSR v. Secret Services (activities of Secret Service in beak-up of 2600 group at Pentagon City)

Thank you for your support.