Diffie Whitfield - Privacy on the line: the politics of wiretapping and encryption

Privacy on the Line

The right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures shall not be violated, and no Warrants shall issue but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Fourth Amendment
United States Constitution

The evil incident to invasion of privacy of the telephone is far greater than that involved in tampering with the mails. Whenever a telephone line is tapped, the privacy of persons at both ends of the line is invaded, and all conversations between them upon any subject, and although proper, confidential and privileged, may be overheard. Moreover, the tapping of one mans telephone line involves the tapping of the telephone of every other person whom he may call or who may call him. As a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire-tapping.

Justice Louis Brandeis
dissenting opinion in
Olmstead v. United States
(277 US 438, 1928, pp. 475476)

Senator Herman Talmadge: Do you remember when we were in law school, we studied a famous principle of law that came from England and also is well known in this country, that no matter how humble a mans cottage is, that even the King of England cannot enter without his consent.

Witness John Ehrlichman: I am afraid that has been considerably eroded over the years, has it not?

Senator Talmadge: Down in my country we still think of it as a pretty legitimate piece of law.

United States Senate
Select Committee on Presidential
Campaign Activities, Hearings,
Phase 1: Watergate Investigation,
Ninety-Third Congress, First
Session, 1973, p. 2601

The Politics of Wiretapping and Encryption

Updated and Expanded Edition

Whitfield Diffie
Susan Landau

The MIT Press
Cambridge, Massachusetts
London, England

2007 Massachusetts Institute of Technology
First MIT Press paperback edition, 1999
First edition 1998 Massachusetts Institute of Technology
All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher.
After January 1, 2017, this book will enter the public domain under the following terms. Any holder of the work may copy and redistribute the work in its entirety, provided the following notice is included:
You may copy and distribute this work to anyone, whether free or in return for compensation, provided that:
(1) the work is complete, intact, and unmodified, and
(2) this notice is included.

Composed in L A TEX2 by the authors.
Set in Sabon by Loyola Graphics of San Bruno, California.
Printed and bound in the United States of America.

Library of Congress Cataloging-in-Publication Data

Diffie, Whitfield.

Privacy on the line : the politics of wiretapping and encryption / Whitfield

Diffie, Susan Landau. Updated and expanded ed.

p. cm.

Includes bibliographical references and index.

ISBN 978-0-262-04240-6 (hardcover : alk. paper)

1. Electronic intelligenceUnited States. 2. WiretappingUnited States.3. Data encryption (Computer science)Law and legislationUnited States. 4. Electronic surveillanceUnited StatesPolitical aspects. 5. Telecommunication Political aspectsUnited States. 6. Privacy, Right ofUnited States. I. Landau, Susan Eva. II. Title. III. Title: Politics of wiretapping and encryption.

UB256.U6D54 2007 342.7308' 58dc22 2006035514

This book is dedicated to our spouses, Mary Fischer and Neil Immerman.

Preface to the Updated and Expanded Edition

Preface to the First Edition

Acknowledgements

1 Introduction

2 Cryptography

3 Cryptography and Public Policy

4 National Security

5 Law Enforcement

6 Privacy: Protections and Threats

7 Wiretapping

8 Communications in the 1990s

9 Cryptography in the 1990s

10 And Then It All Changed

11 Aprs le Dluge

12 Conclusion

Notes

Glossary

Bibliography

Index

It would be difficult to find a more fundamental theme in the contemporary world than the migration of human activity from physical, face-to-face contact into the virtual world of electronic (and digital) telecommunications. Globalization would not be possible without the high-quality, reliable, and inexpensive telephone service that has been made possible by optical fibers and computerized central offices. In the industrialized world and beyond, governments, businesses, universities, and other institutions have made the World Wide Web a centerpiece of their communications with the public.

One of the critical issues raised by this transformation is what effect it will have on privacy and security. The digitization of the world has made the effortless privacy of interpersonal conversations a thing of the past and enabled spying on a global scale never before seen. The decisions we make as we lay the foundations of the new world will have an impact on the structure of human society that transcends that of any previous technological development. If, in designing our new world, we do not take privacy and security into account in a way that reflects the primacy of the individual, our technology will enforce a social order in which the individual is subordinate to the institutions whose interests were put foremost in the design.

The first edition of Privacy on the Line was written at a time in which the issue seemed simple. The primary technology for protecting telecommunications privacy was cryptography, and the right to use cryptography for the protection of personal and business privacy seemed in jeopardy. The battle had two fronts, and we set out to explore them both.

The more visible front was chronologically second but stood first in most peoples minds. The US governments plan for key escrow sought to use its standard-setting powerbacked by its substantial purchasing powerto make cryptographic systems with built-in government master keys ubiquitous. Had the plan succeeded, it might plausibly have been extended to outlaw systems that did not have this provision.

The less visible but economically more significant front was export control. Exporting of cryptographic products had been tightly controlled for decades but, until the sudden need for cryptography in commercial uses that followed the opening up of the Internet this had, by and large, only the intended effect of inhibiting the exporting of cryptographic equipment intended for military customers. As low-cost integrated circuits brought high-grade cryptography within the reach of many commercial products, its use expanded steadily. Businesses oriented toward making consumer products now found themselves forced by the export laws to bear the unrewarding expense of producing separate products for export and for domestic consumption.

The first edition was written in the midst of this political struggle over whether individuals and commercial enterprises had a right to protect their communications with cryptography or whether governments had the right to limit its use to prevent possible interference with their law-enforcement and intelligence activities. The preface to that edition gives a flavor of the situation as it stood at that time.

A book written in the midst of events will always become outdated, sometimes quite quickly. Just the short interval between the appearance of the original edition and the first paperbound edition saw a striking sequence of events.