To: gnu, crypto@nas.edu (Herb Lin) Date: Tue, 01 Aug 1995 18:07:59 -0700 From: John Gilmore <gnu@toad.com> This is more organized. Let me know if you want any more work done on it. John Gilmore for the Cypherpunks POLITICAL PROCESS It appears that law enforcement bureaucrats (such as Mr. Freeh) are seizing on irrelevant publicity in order to push their agendas. An example is in using the Oklahoma bombing to lobby Congress for the authority to limit the use of encryption (encryption played no part in the Oklahoma bombing). This makes the FBI/DoJ position look like it can't actually support itself on the facts. If the facts would support you, why use irrelevant publicity INSTEAD of real facts? Why does the FBI refuse to reveal its political manipulations on this issue to the public? Agent Kallstrom asked rhetorically at the Clipper debate held at the New York City Bar Association if the audiance would want key escrow if a daughter of theirs had been kidnapped to make a snuff pornographic film. Official Bureau records indicate that such films are at the very least extremely rare and probably nonexistant. Why do Bureau spokesmen use graphic description of non-existant crimes as a way of whipping up public sentiment for key escrow? Is it the opinion of the bureau that Clipper would be of use in most kidnapping cases, given that probable cause to issue a wiretap warrant would probably also be sufficient to get a warrant to search the premises of the perpetrators for the victim? Does the Bureau feel that Agent Kallstrom's comment was an appropriate way to conduct a reasoned discussion? Give a precis of the top fifty violations of civil rights or the political process by the FBI since 1950. Rank them by magnitude of the intrusion and by the number of people directly affected. For example, the FBI campaign against the Free Speech Movement's right to speak and petition the government; the McCarthy era; the campaign against CISPES; COINTELPRO; against civil rights organizations; political assassination (e.g., Fred Hampton). How did Mr. Hoover stay in power for his 40-year reign? Be specific about the threats that might have removed him from absolute leadership of the FBI, and what steps he took to counteract these threats. Detail all political figures, including everyone ever elected to Congress, every President, every Cabinet-level officer, and every judge at all levels, who have been subjected to wiretaps or any other kind of covert surveillance by the FBI or any other agency in the Executive Branch. Estimate how many records of such surveillance have been destroyed. Detail all cases in which political figures were pressured, threatened, blackmailed, or simply "informed" or "implied to" about their covert surveillance. What prompted these actions against political figures, and what results did they have? Why should we trust the FBI to "not listen in" when it has the technical capability to do so, a history of having done so for reasons inimical to democratic governance, and a bureacratic appetite for power, money, and control? What five things about your agency would the American public be most surprised to learn? Most pleased? Most displeased? What five things about your agency would Congress be most surprised to learn? The President? Do the domestic LEAs (law enforcement agencies), or their agents, monitor the various crypto/net security and TLA forums on the Net? If so, which and by what legal authority? Do LEAs, or their agents, log the names of posters to the crypto/net security and TLA forums? If so, by what legal authority? Do LEAs, or their agents, monitor non-governmental crypto/net security wizards? If so, who and by what legal authority? Do LEAs use crypto/net security industry informers? Names? Do LEAs run stings in crypto/net security, among crypto/net security zines, orgs, corps, manufacturers? Targets, names, dates, locations? Do LEAs have confidential crypto/net security-access agreements with software and hardware corps. Names? Do LEAs run agents-provocateurs in crypto/net security? Names, locations? Do LEAs, or their agents, sniff the Net for crypto -- periodically, continually? How, where, who? Do LEAs, or their agents, sniff remailers? Which? Do LEAs, or their agents, run remailers? Which? Does Federal policy allow law enforcement agents to purport to run an anonymous remailer, e.g. as part of a sting operation? LAW ENFORCEMENT POLICY As the FBI sees it, describe the proper place and powers of a national law enforcement organization in an open society, without regard to today's laws, court decisions, or the Constitution. If we were forming a new country, and could make it up as we went along, what national law enforcment structure and powers would contribute the most to our society? Rank in order of priority, according to agency policy: -- National security -- Threats to a specific group or individual -- Constitutional rights of citizens -- Statutory rights of citizens -- Statutory limits on the activities of agencies -- Constitutional limits on the powers of government -- Democratic oversight and accountability -- Budgetary considerations -- Maintaining secrecy -- Prosecution of a criminal -- Preventing a crime -- Prosecuting or impeding a criminal organization -- Exposure of corruption within government -- Exposure of corruption within private industry -- ... ? In what order would your agency sacrifice each of these to pursue or preserve another? Give examples from actual cases wherever possible. Does the FBI five-year FOIA backlog render it a secret national police organization? How can a law enforcement organization be answerable to its citizens if they cannot determine what it is doing until five years later? How does a law enforcement organization such as the FBI justify breaking the law itself, by systematically withholding non-exempt documents requested by citizens under the FOIA? What effect have anti-drug efforts over the last 30 years had upon the traditional roles of intelligence and law enforcement? To what extent is drug trafficking considered of interest to intelligence organizations? Why? Be specific. Wiretaps can be used by the police to obtain both evidence and intelligence. By "evidence" I'm referring to information which can be presented in a courtroom. By "intelligence" I mean information which is not presented in the courtroom, but which might be helpful to law enforcement in other ways. As citizens, our main protection against illegal wiretaps is our ability to have improperly acquired evidence thrown out of court. What protection do we have from other illegal wiretaps -- surveillance designed to gather intelligence, not evidence? Who oversees the police and the FBI to make sure that they follow the rules? How do we know that law enforcement people don't use illegal wiretaps to go "fishing"? What is the relationship between the FBI's campaign to limit or eliminate the exclusionary rule and its campaign to increase its technical capabilities for wiretapping? It seems that the combination of these initiatives would result in the FBI being able to perform and `get away with' massive intrusions into personal privacy, for illegitimate reasons, even if they were later judged to be in violation of law or the constitution. What is the FBI's opinion on the optimal level (from their point of view) of wiretapping/surveilance if money were no object? How many wiretaps would the Bureau execute per year if it could do exactly as it desired, without budgetary or court-imposed restraints? What trends does the government foresee in the expected cost of wiretaps in the future? Does the DoJ expect that the number of wiretaps and electronic surveillances will go up if the cost (currently high) goes down? What do the FBI and its ilk know about using tracking technologies such as video cameras, road pricing sensors, and other alternatives to conventional electronic surveillance? What do the FBI and its ilk know about the use of mechanical aids to wiretaps (such as voice recognition technology for keywords; voiceprint recoginition to ID wanted suspects)? Has your agency ever exchanged intelligence with governments of other countries? Specify. Has your agency ever exchanged technology with governments of other countries? Specify. Has your agency ever given non-public technology to a private corporation? Specify. How are the beneficiaries of such gifts selected? How frequently has your agency provided non-public information to private organizations (such as corporations)? How frequently have you refused to do so? Who, when, where and why? Does your agency expect to serve private clients in the foreseeable future, either directly or indirectly? How is policy formed on this issue? How are beneficiaries selected? The burgeoning of privatization of domestic "intelligence"-gathering has blossomed as LEAs activities have been diminished and as foreign targets for TLAs have been reduced. As the need for their services have dropped, ex-TLA-employees have moved to security, investigative and "anti-terrorist" firms and public service organizations. Knoll Associates, Wackenhut, Kissinger Associates, say, or the welter of organizations and firms in the tri-coastal, Great Lakes and DC-beltway regions, often benefit from continuing close contact with former colleagues who remain active in TLAs. TLAs could easily pass prohibited current intelligence to the domestic private market, paralleling their use of front organizations internationally. Today, information on militia groups is being provided by private organizations, sometimes in the same forum as the officials who cannot admit to surveilling those targeted groups. E.g. the Charlie Rose Show from April, 1995, featuring James Fox (former NYC FBI SAIC). Also, a NY Times piece on April 24, 1995 gives capsule descriptions of several "right wing movement" sites and groups, and credits the material to a mix of private and public organizations. The intelligence-gathering, tracking and surveilling of dissident groups, of all persuasions, by private means -- for profit, for ideological or for humanitarian reasons -- is a provocative, perhaps civil liberties-threatening, development, a heritage of the national security culture, wherein a large number of very able people and techniques and knowledge and equipment and organization, seem to be shifting inexorably to new markets of ready, frightened consumers. As your agency campaigns for more intrusive surveillance technology and methods, what impact on society do you foresee as the people who know these technologies and methods move into the private sector, where there are fewer rules and easier ways to avoid being caught? CIVIL RIGHTS Does the FBI believe that citizens have the right to use whatever encryption system(s) they desire to use? Does the FBI believe that the FBI has the right to use whatever encryption system(s) it desires to use? Does the FBI believe that private citizens who have special needs or duties to protect confidential or privileged information -- e.g., lawyers, doctors, psychologists, accountants, financial advisors, bankers, security advisors -- have the right to use whatever encryption system(s) they desire to use for their own legal, ethical, or business reasons? Does the FBI believe that ordinary private citizens who do not belong to a privileged class have less of a right to use whatever encryption system(s) they desire to use than do lawyers, doctors, accountants, financial advisors, bankers, or security advisors? Does the FBI believe that members of non-mainstream religious groups or "cults" have the right to use whatever encryption system(s) they desire to use in transmitting their religious or political beliefs? Does the FBI believe that individuals who believe strongly in their rights under the First and Second Amendments to the Constitution have the right to use whatever encryption system(s) they desire to use? If wiretap or surveillance is really illegal, then the info gleaned is likely tainted. The problem isn't that the rules don't prohibit agencies from doing it. The problem is that there isn't an effective mechanism to detect cheating. Suppose the FBI puts an illegal wiretap on someone, and finds out that they're going to commit a crime. When the crime takes place, they're on the scene. How did they know? "An anonymous tip", or simply that the officer happened to be there. How can you prove it was something different? An illegal wiretap could be used to get hints on where admissible evidence can be `independently' gathered. Or what if they don't find evidence of a crime, and they leave the guy alone? His privacy's been violated illegally. I once spoke with someone from INS who told me that random surveillance on certain people is done. He told me that there are lists of people who get "dropped in on" from time to time, mostly people have had some sort of drug problems with the police. Other people might get on the list by being friends with someone already on the list, with "friendship" being determined by telco records. So if you call someone on the list often, you might end up there yourself. How should we protect society against LEA `cheating' in a clipper/digital-telephony world? I worked for several years lobbying at INS and DOJ on business immigration issues, and INS is hardly the bastion of proper police procedures... Not to mention the fact that aliens have fewer rights than citizens of the US. INS gets away with a lot of illegal stuff because on the whole the alien won't litigate the circumstances of their being caught, because they're too busy fighting the deportation itself... that is if they even bother to hire an atty. Aliens in exclusion proceedings don't even have the right to counsel and in both exclusion and deportation the burden of proof lies not with the prosecution, but the defense (guilty until proven innocent). For example, the first thing an alien gets in the deportation process is the OSC, the Order to Show Cause why they shouldn't be deported...which presumes that they're deportable. INS gets away with a lot of crap because there are several legal limbo zones at play. How can we protect aliens and suspected aliens' civil rights if law enforcement agencies are given broader powers to make illegal searches? In drug cases there is massive and flagrant fabrication of informants. Judges have been winking at this for some time. If they need an "informant" they will pull some petty crook out of stir, and tell him if he reads his lines right, they will let him go. Sometimes the same "informant" turns up in case after case, even though the cases have no connection with each other. Are these fabricated informants to cover up illegal wiretaps? Or is it 100% fabrication, such as cases where someone is merely suspected rather than known (on the basis of illegally obtained evidence) to have committed a crime? How can this be avoided if we give increased wiretapping powers? The ACLU won a court case which forced the LAPD to stop political surveillance of civilians. This surveillance had been going on for decades, it simply came out in the 80s. The book "The Squad," by Michael Milan, 1989 covers it. Much of the material has also been covered by Dave Emory in his radio broadcasts. There's also a book called something like "LA Secret Police" or "Los Angeles Secret Police". A newspaper article stated that, just before they were required to destroy the files, the LAPD intelligence unit had given copies of all the files to an ex-cop who now ran a private right wing intelligence clearing house. He put them all in a database and made them available to other groups like the B'nai Brith. That cop was hunted down, and either was extradited or self-surrendered for trial. The San Francisco Chronicle covered it pretty well. This was "Western Goals." The Association of Chiefs of Police moved *its* files offshore a few years back to avoid U.S. laws about such police data bases. If LEAs are given more power to invisibly search citizens, legally or illegally, how would you prevent the information obtained by ILLEGAL searches from being retained or passed into private hands? Is caller ID blocking (*67) effective when calling the police? Or can the police determine the calling phone, location, or identity anyway? On the other hand, in some states police have lobbied for the power to provide fake Caller-ID on calls _from_ the PD. They claimed it was necessary to handle undercover investigations. Why should police agencies be given the power of anonymity when ordinary citizens cannot be trusted with it? MOTIVATION FOR ENCRYPTION CONTROL Why does the FBI *really* want to control encryption? It clearly has nothing to do with terrorism. The palpable fear among the citizens is that it has a lot to do with social control, enforcement of narrow morality, decreased civil rights, increased federal agency authority and budget, and authoritarianism. Why is the FBI so upset about encryption? What real-world events have caused this upset? Or is it a case of "we think it's coming so we are starting the political machinations now"? HISTORY - WIRETAPS AND ENCRYPTION If a legal wiretap encounters encrypted communications, detail what steps are taken to try to decrypt the communications. Provide the details of all wiretap orders in which encryption was encountered. In which of them was encryption a problem for law enforcement? In what percentage of wiretap orders is encryption encountered at all? Detail all court cases in which encryption has made it harder to get a conviction (or in which the accused was not convicted). What percentage of total court cases do these represent? Detail all investigations in which encryption has made it harder to file charges (or in which charges were never filed). What percentage of total investigations do these represent? Detail all illegal wiretaps known to your agency. [This question should be asked of the telephone companies, too -- right at the company-president level. Recall the way in which telegrams were handed over to the NSA for *years* on the orders of the heads of the telegraph companies...] Summarize all wiretaps under the Foreign Intelligence Surveillance Act. How many, in what years, against what targets? How many are fixed permanent wiretaps (e.g. on the lines into an embassy), and how many are temporary (e.g. against a suspected undercover foreign agent's residence or office)? How many US citizens have been wiretapped under FISA, for what length of time, and for what reasons? I heard a rumor that the FISA court actually turned down a wiretap request. Provide full details. Detail all wiretaps known to your agency which were authorized by means OTHER THAN the FISA and which do not appear in the annually reported wiretap statistics. I.e. who else has authorized the placement of wiretaps, and for what purpose? Are the alleged crimes for which encryption poses a law-enforcement challenge victimless crimes, in which all parties to the alleged crime were happy with the situation before the Law stepped in? To what extent does encryption pose a problem in settling real controversies as opposed to government-mandated moral codes? Has the FBI ever done a wiretap that encountered a Clipper chip? Give details of what happened, if so. Provide the details of all wiretap orders in which encryption was used but law enforcement was able to do its work anyway. Detail all investigations in which encryption was used but charges were filed anyway. Detail all court cases in which encryption was used but the accused _was_ convicted, or in which conviction failed for reasons other than encryption. During the Digital Telephony bill debate, the Administration stated or alluded that one reason the FBI needs total control of wiretapping is the unreliability of telephone company personnel. (I.e. -- "if we tap Jimmy Big-Tuna Vinchenzo at the CO, his spies will tip him off.."). Provide specifics on exactly how many legal taps have been "blown" by actions of telephone company employees. Cite specifics on these cases. Name telephone company folks charged with obstruction of justice in these cases. {Talk is cheap; but to charge someone, they need SOME hard facts...} How many subpoenas for telephone billing records are made by Federal law enforcement agencies each month? Under what circumstances do LEAs order the production of this information? Give statistics on the motivations for why these private records are being produced, e.g. "50% fishing expedition, 22% the subject is in custody for a crime (break down by which crimes), 5% the subject is suspected of a crime (break down), 10% the subject is not suspected of a crime but there may be evidence of someone else's crime in their phone records". Describe other tools & technologies available to criminal organizations that pose LE problems of similar magnitude to the perceived problems with cryptography. Describe how the FBI plans to control & restrict those tools & technologies. Describe tools & technologies available to criminal organizations that do not pose significant LE problems. FBI/NSA INTERACTIONS Detail all interactions between the FBI and the NSA, two organizations that in the ordinary course of business would have very litle to say to each other. In what ways have the FBI and NSA attempted to manipulate public policy to increase their joint power? Detail in what ways have the FBI and NSA cooperated in doing the actual work of either agency (FBI: apprehending and prosecuting criminals; NSA: intercepting foreign communications of diplomatic and military interest)? Detail in what ways the FBI and NSA have cooperated, which have not been directly related to the direct job of each agency (as specified above)? It has been documented (by Bamford and others) that through the early 1980s, the NSA intercepted domestic long-distance telephone traffic by means of simple dishes, mounted alongside legitimate telephone-company microwave receivers. Now that most such long-distance links have been converted to fiber-optics, is the NSA still able to intercept this traffic? How? How is the NSA affected by the passage of the Digital Telephony bill? Did the NSA play any role in the progress of this bill? Will the expected modifications to the telephone system have any uses to the NSA? How? BUDGET What's the five-year -- 1995-2000 -- budget for all crypto/net security ops? LAW ENFORCEMENT SOURCES AND MONITORING What are your agency's sources of information? Which of these are considered the most important, and for what reasons and purposes? What is the current type and extent of your agency's monitoring of the Internet? What is the type and extent of your agency's monitoring of other public communications media (i.e. radio, newspapers, etc.), both here and abroad? What sorts of intelligence come from these channels? How will your agency's methods be changed by the advent of the GII? How might your agency's mission be changed by the advent of the GII? If strong encryption comes into widespread use within the U.S., which of your sources would be compromised? How much? If strong encryption is banned or controlled within the U.S., what new information would become available? What communications would remain unmonitorable? Why? Speculate out to five or ten years. Science Fiction author Vernor Vinge once wrote, "Sufficiently advanced communication is indistinguishable from noise." Is this true? How and to what extent can encrypted communications be reliably distinguished from other types of information or noise, both today and in the future? What are the special challenges involved in compromising a key-escrowed encryption system? Has the NSA or any other intelligence agency, in the U.S. or abroad, ever gone up against a key-escrowed system, or a system which presented similar challenges and vulnerabilities? With what results? If you were ordered to crack a clipper-like system, how would you proceed? GOVERNMENT'S OWN USE OF ENCRYPTION Are your agency's internal communications encrypted? Are your agency's communications with other agencies of the U.S. Government? Other governments? Are these communications susceptible to subpoena? How? Are any of the internal communications of the U.S. Government encrypted? Which, and using what methods? Does your agency have the ability to monitor or decipher these communications? Does anyone? What information can your agency access concerning members of the U.S. Government? How has this information been used? How is it protected? INTELLIGENCE POLICY What is the strategic, tactical, economic or competitive value of intelligence? How is this value quantified and assessed? I have been told that a battlefield commander may profitably expend up to 75% of his resources on the acquisition of data about an enemy. How much of a corporation's resources, for example, would be well spent on the acquisition of various sorts of intelligence about potential competitors and/or customers? How much of a political candidate's resources would be well spent on acquiring data about opposing candidates and other organizations? In the coming "information age", how much of our society's total economic activity might we expect to become devoted to snooping in general? What is your agency's assessment of the surveillance and crypto-analytic capabilities available to large corporations, both inside and outside the U.S.? What level of intelligence-gathering and analysis capabilities might a large company be reasonably expected to be able to acquire if competitive pressures were to dictate a strong effort in that direction? What are the most powerful possible uses of intelligence, past, present and future? What sorts of research has your agency done, or is it currently doing, concerning possible future uses for intelligence information? Does your agency employ any psychologists? Sociologists? For what purposes? THE FINAL QUESTION What questions *should* we have asked you to recommend a good crypto policy for the country?