EMBARGOED FOR 3 P.M. RELEASE AG
FRIDAY, FEBRUARY 4, 1994 (202) 616-2771
ATTORNEY GENERAL MAKES KEY ESCROW ENCRYPTION ANNOUNCEMENTS
Attorney General Janet Reno today announced selection of the
two U.S. Government entities that will hold the escrowed key
components for encryption using the key-escrow encryption method.
At the same time, the Attorney General made public procedures
under which encryption key components will be released to
government agencies for decrypting communications subject to
lawful wiretaps.
Key Escrow Encryption (formerly referred to as "Clipper
Chip") strikes an excellent balance between protection of
communications privacy and protection of society. It permits the
use in commercial telecommunications products of chips that
provide extremely strong encryption, but can be decrypted, when
necessary, by government agencies conducting legally authorized
wiretaps. Decryption is accomplished by use of keys--80-bit
binary numbers--that are unique to each individual encryption
chip. Each unique key is in turn split into two components,
which must be recombined in order to decrypt communications.
Knowing one component does not make decryption any more feasible
than not knowing either one.
The two escrow agents are the National Institute of
Standards and Technology (NIST), a part of the Department of
Commerce, and the Automated Systems Division of the Department of
the Treasury. The two escrow agents were chosen because of their
abilities to safeguard sensitive information, while at the same
time being able to respond in a timely fashion when wiretaps
encounter encrypted communications. In addition, NIST is
responsible for establishing standards for protection of
sensitive, unclassified information in Federal computer systems.
The escrow agents will act under strict procedures, which
are being made public today, that will ensure the security of the
key components and govern their release for use in conjunction
with lawful wiretaps. They will be responsible for holding the
key components: for each chip, one agent will hold one of the key
components, and the second agent will hold the other. Neither
will release a key component, except to a government agency with
a requirement to obtain it in connection with a lawfully
authorized wiretap. The system does not change the rules under
which government agencies are authorized to conduct wiretaps.
When an authorized government agency encounters suspected
key-escrow encryption, a written request will have to be
submitted to the two escrow agents. The request will, among
other things, have to identify the responsible agency and the
individuals involved; certify that the agency is involved in a
lawfully authorized wiretap; specify the wiretap's source of
authorization and its duration; and specify the serial number of
the key-escrow encryption chip being used. In every case, an
attorney involved in the investigation will have to provide the
escrow agents assurance that a validly authorized wiretap is
being conducted.
Upon receipt of a proper request, the escrow agents will
transmit their respective key components to the appropriate
agency. The components will be combined within a decrypt device,
which only then will be able to decrypt communications protected
by key-escrow encryption. When the wiretap authorization ends,
the device's ability to decrypt communications using that
particular chip will also be ended.
The Department of Justice will, at the various stages of the
process, take steps to monitor compliance with the procedures.
February 4, 1994
AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA
The following are the procedures for the release of escrowed key
components in conjunction with lawfully authorized interception
of communications encrypted with a key-escrow encryption method.
These procedures cover all electronic surveillance conducted
pursuant to the Foreign Intelligence Surveillance Act (FISA),
Pub. L. 95-511, which appears at Title 50, U.S. Code, Section
1801 et seq.
1) In each case there shall be a legal authorization for
the interception of wire and/or electronic
communications.
2) In the event that federal authorities discover during
the course of any lawfully authorized interception that
communications encrypted with a key-escrow encryption
method are being utilized, they may obtain a
certification from an agency authorized to participate
in the conduct of the interception, or from the
Attorney General of the United States or designee
thereof. Such certification shall
(a) identify the agency participating in the conduct of
the interception and the person providing the
certification;
(b) certify that necessary legal authorization has been
obtained to conduct electronic surveillance regarding
these communications;
(c) specify the termination date of the period for
which interception has been authorized;
(d) identify by docket number or other suitable method
of specification the source of the authorization;
(e) certify that communications covered by that
authorization are being encrypted with a key-escrow
encryption method;
(f) specify the identifier (ID) number of the key-
escrow encryption chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow
decryption device that will be used by the agency
participating in the conduct of the interception for
decryption of the intercepted communications.
4) This certification shall be submitted to each of the
designated key component escrow agents. If the
certification has been provided by an agency authorized
to participate in the conduct of the interception, a
copy shall be provided to the Department of Justice,
Office of Intelligence Policy and Review. As soon as
possible, an attorney associated with that office shall
provide each of the key component escrow agents with
written confirmation of the certification.
5) Upon receiving the certification, each key component
escrow agent shall release the necessary key component
to the agency participating in the conduct of the
interception. The key components shall be provided in
a manner that assures they cannot be used other than in
conjunction with the lawfully authorized electronic
surveillance for which they were requested.
6) Each of the key component escrow agents shall retain a
copy of the certification, as well as the subsequent
written confirmation of the Department of Justice,
Office of Intelligence Policy and Review.
7) Upon, or prior to, completion of the electronic
surveillance phase of the investigation, the ability of
the agency participating in the conduct of the
interception to decrypt intercepted communications
shall terminate, and such agency may not retain the key
components.
8) The Department of Justice shall, in each such case,
(a) ascertain the existence of authorizations for
electronic surveillance in cases for which escrowed key
components have been released;
(b) ascertain that key components for a particular key-
escrow encryption chip are being used only by an agency
authorized to participate in the conduct of the
interception of communications encrypted with that
chip; and
(c) ascertain that, no later than the completion of the
electronic surveillance phase of the investigation, the
ability of the agency participating in the conduct of
the interception to decrypt intercepted communications
is terminated.
9) Reports to the House Permanent Select Committee on
Intelligence and the Senate Select Committee on
Intelligence, pursuant to Section 108 of FISA, shall,
with respect to any order for authorized electronic
surveillance for which escrowed encryption components
were released and used for decryption, specifically
note that fact.
These procedures do not create, and are not intended to
create, any substantive rights for individuals intercepted
through electronic surveillance, and noncompliance with these
procedures shall not provide the basis for any motion to suppress
or other objection to the introduction of electronic surveillance
evidence lawfully acquired.
February 4, 1994
AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO TITLE III
The following are the procedures for the release of escrowed key
components in conjunction with lawfully authorized interception
of communications encrypted with a key-escrow encryption method.
These procedures cover all electronic surveillance conducted
pursuant to Title III of the Omnibus Crime Control and Safe
Streets Act of 1968, as amended (Title III), Title 18, United
States Code, Section 2510 et seq.
1) In each case there shall be a legal authorization for
the interception of wire and/or electronic
communications.
2) All electronic surveillance court orders under Title
III shall contain provisions authorizing after-the-fact
minimization, pursuant to 18 U.S.C. 2518(5), permitting
the interception and retention of coded communications,
including encrypted communications.
3) In the event that federal law enforcement agents
discover during the course of any lawfully authorized
interception that communications encrypted with a key-
escrow encryption method are being utilized, they may
obtain a certification from the investigative agency
conducting the investigation, or the Attorney General
of the United States or designee thereof. Such
certification shall
(a) identify the law enforcement agency or other
authority conducting the interception and the person
providing the certification;
(b) certify that necessary legal authorization has been
obtained to conduct electronic surveillance regarding
these communications;
(c) specify the termination date of the period for
which interception has been authorized;
(d) identify by docket number or other suitable method
of specification the source of the authorization;
(e) certify that communications covered by that
authorization are being encrypted with a key-escrow
encryption method;
(f) specify the identifier (ID) number of the key-
escrow encryption chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow
decryption device that will be used by the law
enforcement agency or other authority for decryption of
the intercepted communications.
4) The agency conducting the interception shall submit
this certification to each of the designated key
component escrow agents. If the certification has been
provided by an investigative agency, as soon thereafter
as practicable, an attorney associated with the United
States Attorney's Office supervising the investigation
shall provide each of the key component escrow agents
with written confirmation of the certification.
5) Upon receiving the certification from the requesting
investigative agency, each key component escrow agent
shall release the necessary key component to the
requesting agency. The key components shall be
provided in a manner that assures they cannot be used
other than in conjunction with the lawfully authorized
electronic surveillance for which they were requested.
6) Each of the key component escrow agents shall retain a
copy of the certification of the requesting agency, as
well as the subsequent confirmation of the United
States Attorney's Office. In addition, the requesting
agency shall retain a copy of the certification and
provide copies to the following for retention in
accordance with normal recordkeeping requirements:
(a) the United States Attorney's Office supervising the
investigation, and
(b) the Department of Justice, Office of Enforcement
Operations.
7) Upon, or prior to, completion of the electronic
surveillance phase of the investigation, the ability of
the requesting agency to decrypt intercepted
communications shall terminate, and the requesting
agency may not retain the key components.
8) The Department of Justice shall, in each such case,
(a) ascertain the existence of authorizations for
electronic surveillance in cases for which escrowed key
components have been released;
(b) ascertain that key components for a particular key-
escrow encryption chip are being used only by an
investigative agency authorized to conduct electronic
surveillance of communications encrypted with that
chip; and
(c) ascertain that, no later than the completion of the
electronic surveillance phase of the investigation, the
ability of the requesting agency to decrypt intercepted
communications is terminated.
9) In reporting to the Administrative Office of the United
States Courts pursuant to 18 U.S.C. Section 2519(2),
the Assistant Attorney General for the Criminal
Division shall, with respect to any order for
authorized electronic surveillance for which escrowed
encryption components were released and used for
decryption, specifically note that fact.
These procedures do not create, and are not intended to
create, any substantive rights for individuals intercepted
through electronic surveillance, and noncompliance with these
procedures shall not provide the basis for any motion to suppress
or other objection to the introduction of electronic surveillance
evidence lawfully acquired.
February 4, 1994
AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO STATE STATUTES
Key component escrow agents may only release escrowed key
components to law enforcement or prosecutorial authorities for
use in conjunction with lawfully authorized interception of
communications encrypted with a key-escrow encryption method.
These procedures apply to the release of key components to State
and local law enforcement or prosecutorial authorities for use in
conjunction with interceptions conducted pursuant to relevant
State statutes authorizing electronic surveillance, and Title III
of the Omnibus Crime Control and Safe Streets Act of 1968, as
amended, Title 18, United States Code, Section 2510 et seq.
1) The State or local law enforcement or prosecutorial
authority must be conducting an interception of wire
and/or electronic communications pursuant to lawful
authorization.
2) Requests for release of escrowed key components must be
submitted to the key component escrow agents by the
principal prosecuting attorney of the State, or of a
political subdivision thereof, responsible for the
lawfully authorized electronic surveillance.
3) The principal prosecuting attorney of such State or
political subdivision of such State shall submit with
the request for escrowed key components a certification
that shall
(a) identify the law enforcement agency or other
authority conducting the interception and the
prosecuting attorney responsible therefor;
(b) certify that necessary legal authorization for
interception has been obtained to conduct electronic
surveillance regarding these communications;
(c) specify the termination date of the period for
which interception has been authorized
(d) identify by docket number or other suitable method
of specification the source of the authorization;
(e) certify that communications covered by that
authorization are being encrypted with a key-escrow
encryption method;
(f) specify the identifier (ID) number of the key-
escrow chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow
decryption device that will be used by the law
enforcement agency or other authority for decryption of
the intercepted communications.
4) Such certification must be submitted by the principal
prosecuting attorney of that State or political
subdivision to each of the designated key component
escrow agents.
5) Upon receiving the certification from the principal
prosecuting attorney of the State or political
subdivision, each key component escrow agent shall
release the necessary key component to the intercepting
State or local law enforcement agency or other
authority. The key components shall be provided in a
manner that assures they cannot be used other than in
conjunction with the lawfully authorized electronic
surveillance for which they were requested.
6) Each of the key component escrow agents shall retain a
copy of the certification of the principal prosecuting
attorney of the State or political subdivision. In
addition, such prosecuting attorney shall provide a
copy of the certification to the Department of Justice,
for retention in accordance with normal recordkeeping
requirements.
7) Upon, or prior to, completion of the electronic
surveillance phase of the investigation, the ability of
the intercepting law enforcement agency or other
authority to decrypt intercepted communications shall
terminate, and the intercepting law enforcement agency
or other authority may not retain the key components.
8) The Department of Justice may, in each such case, make
inquiry to
(a) ascertain the existence of authorizations for
electronic surveillance in cases for which escrowed key
components have been released;
(b) ascertain that key components for a particular key-
escrow encryption chip are being used only by an
investigative agency authorized to conduct electronic
surveillance of communications encrypted with that
chip; and
(c) ascertain that, no later than the completion of the
electronic surveillance phase of the investigation, the
ability of the requesting agency to decrypt intercepted
communications is terminated.
9) In reporting to the Administrative Office of the United
States Courts pursuant to 18 U.S.C. Section 2519(2),
the principal prosecuting attorney of a State or of a
political subdivision of a State may, with respect to
any order for authorized electronic surveillance for
which escrowed encryption components were released and
used for decryption, desire to note that fact.
These procedures do not create, and are not intended to
create, any substantive rights for individuals intercepted
through electronic surveillance, and noncompliance with these
procedures shall not provide the basis for any motion to suppress
or other objection to the introduction of electronic surveillance
evidence lawfully acquired.
|
To be contacted for a confidential consultation please E-mail: jmatk@tscm.com
or send a letter via US Mail to:
or call:
URL: http://www.tscm.com/ |