Louis Freeh, Director of the Federal Bureau of
Investigation
Testimony before the Senate Select Committee on Intelligence
January 28, 1998
"Threats to U.S. National Security"
(Excerpts of Testimony Pertaining to Encryption)
Good Morning Mr. Chairman, Vice Chairman Kerrey and Members of the Committee. I welcome this opportunity to be part of this distinguished panel to discuss threats to U.S. national security. The overriding concern now facing law enforcement is how rapidly the threats from terrorists and criminals are changing, particularly in terms of technology, and the resulting challenge to law enforcements ability to keep pace with those who wish to do harm to our nation and our nations citizens. This is why the encryption issue is one of the most important issues confronting law enforcement and potentially has catastrophic implications for our ability to combat every threat to national security that I am about to address in my statement here today. Law enforcement remains in unanimous agreement that the widespread use of robust non-recovery encryption ultimately will devastate our ability to fight crime and terrorism. Uncrackable encryption is now and will continue, with ever increasing regularity, allow drug lords, terrorists and even violent gangs to communicate about their criminal intentions with impunity and to maintain electronically stored evidence of their crimes impervious to lawful search and seizure. Other than some type of key-recoverable system, there is currently no viable technical solution to this problem for law enforcement.
This is not a problem that will begin sometime in the future with theoretical implications. In many important investigations effective law enforcement is being frustrated by criminals and terrorists using non-recoverable encryption. For example:
Convicted spy Aldrich Ames was told by his Soviet handlers to encrypt computer file information that was to be passed to them.
Ramzi Yousef and other international terrorists were plotting to blow up 11 U.S.-owned commercial airliners in the far east. Yousef's laptop computer, which was seized in Manila, contained encrypted files concerning this terrorist plot.
A major international drug trafficking subject recently used a telephone encryption device to frustrate court-approved electronic surveillance.
Requests for cryptographic support pertaining to electronic surveillance interceptions from FBI field offices and other law enforcement agencies have steadily risen over the past several years. From 1995 to 1996, there was a two-fold increase (from 5 to 12) in the number of instances where the FBI's court-authorized electronic efforts were frustrated by the criminals use of encryption that did not allow for law enforcement access.
Over the last two years, the FBI has also seen the number of computer-related cases utilizing encryption and/or password protection increase from two (2) percent to seven (7) percent, to include the use of 56 bit Data Encryption Standard (DES) and 128 bit "Pretty Good Privacy" (PGP) encryption.
It is for this reason that the law enforcement community is urgently calling for our Nation's policy makers to adopt a balanced public policy on encryption. In our view, any legislative approach to the encryption issue that does not achieve such a balanced approach seriously jeopardizes the utility of some of our most important and effective investigative techniques upon which law enforcement must depend to ensure public safety and to maintain national security.
Several bills have been introduced in this Congress that address certain aspects of the encryption issue. Unfortunately, most of these legislative proposals would largely remove existing export controls on encryption products, and would promote the widespread availability and use of uncrackable encryption products regardless of the impact on public safety and national security.
It is important to note that S.909, the "Secure Public Networks Act," introduced by Senators Kerrey, McCain, and Hollings, comes close to addressing law enforcement's public safety needs in the area of encryption. However, law enforcement believes that the bill does not contain sufficient legislative assurances to adequately address law enforcement's public safety needs regarding the use and availability of encryption products and service within the United States.
Conversely, the substitute bill adopted by the House Permanent Select Committee on Intelligence (HPSCI) on September 11, 1997 during their mark-up of H.R. 695 does effectively address all of law enforcement's public safety and national security concerns regarding encryption products and services manufactured for use in the United States or imported into the United States. The HPSCI substitute bill would require all such encryption products and services to contain features that would allow for the immediate access by law enforcement to the "plaintext" of encrypted criminal-related communications or electronically stored data pursuant to a court order.
We are now at an historic crossroad on this issue. If public policy makers act wisely, the safety of all Americans will be enhanced for decades to come. But if narrow interests prevail, law enforcement will be unable to provide the level of protection that people in a democracy properly expect and deserve. I do not believe it is too late to deal effectively with this issue and would encourage the Committee to look closely at the action taken by the HPSCI in their efforts to adopt a balanced encryption policy.
Note: the remainder of the prepared statement did not address
encryption. The entire
statement is located in the FBI website. This document has been edited for html
and spacing, but not for content.