Encryption in the Founding Era
A persistent theme of law enforcement’s anti-encryption rhetoric is the idea—sometimes explicit, sometimes merely implied—that widespread use of encryption represents a radical departure from the historical norm, the good old days when a lawfully authorized search of correspondence was guaranteed to yield something easily intelligible. On occasion, this argument even frames the Fourth Amendment as a kind of tacit quid pro quo: Citizens have a right against warrantless searches (with numerous exceptions), but when the government jumps through the necessary hoops to obtain a warrant, it is entitled not merely to conduct a search, but to succeed in obtaining what it seeks—and the law must ensure that technology cannot frustrate that guaranteed outcome.
Needless to say, this elides the myriad ways that modern law enforcement and intelligence agencies inhabit a Golden Age of surveillance, with countless investigative and monitoring tools their predecessors could only dream of. Even bracketing that convenient omission, however, this picture profoundly distorts history.
One useful corrective to that distortion is provided by a fascinating monograph published by the National Security Agency, “Masked Dispatches: Cryptograms and Cryptology in American History, 1775–1900.” As NSA’s in-house historian Dr. Ralph Weber memorably puts it, “America was born out of revolutionary conspiracy”—and the conspirators, America’s founders, saw encryption as an “essential instrument for protecting critical information in wartime, as well as in peacetime.” A resolution of the Continental Congress provided for encrypted communications when a document was “of such a nature as cannot be safely transmitted without cyphers”—no surprise in wartime—but the habit of routinely enciphering correspondence did not end with the revolution. “In the years after 1780,” Weber explains, “Jefferson, James Madison, James Monroe, and a covey of other political leaders in the United States often wrote in code to protect their personal views on tense domestic issues confronting the American nation.” The polymathic Thomas Jefferson even developed an early bit of cryptographic hardware, a cipher wheel to aid in the laborious process of decrypting and deciphering messages. Nor was the practice limited to statesmen: A Colonial Era primer for young men published by Benjamin Franklin included instructions on the use of codes and ciphers in letters (along with advice on accounting, carpentry, and dye-mixing).
The habit waned over time as postal service became more reliable—“the Founding Fathers were much more anxious than their successors to encrypt their confidential correspondence”—but in the early days of the republic, even after the British had been sent packing, encryption was the only viable way to guarantee the security of correspondence that might easily fall prey to an untrustworthy courier or interception on the roads. (As Jefferson put it to one plaintext correspondent,
“the infidelities of the post office and the circumstances of the times are against my writing fully & freely.”) The situation today is somewhat analogous: The Internet is a packet-switched “network of networks” that transmits data across systems owned by many different entities, and across many different legal jurisdictions, via a combination of wired and wireless connections, offering countless points at which data might be intercepted and, if unencrypted, read.
Ciphers in use at the time were crude by modern standards—the cheapest modern laptop would make short work of any of them—but many were as unbreakable in their era as the most sophisticated cryptographic algorithms are today. The Vigenère cipher, first described in 1553, was hailed as “le chiffre indéchiffrable” (“the indecipherable cipher”) and remained unbroken until computing pioneer and steampunk icon Charles Babbage mounted a successful attack fully three centuries later. (Since Babbage didn’t bother to publish his method, formal credit for cracking the Vigenère usually goes to Prussian cryptographer Friedrich Wilhelm Kasiski, who described an attack on the cipher in print a decade later.) As president, having mothballed his own quite impressive cipher wheel, Thomas Jefferson chose the Vigenère as the cipher to be employed by the Lewis and Clark expedition. Many enciphered 18th century texts therefore proved indecipherable until 20th century cryptanalytic techniques (and computing power) could be brought to bear—and indeed, some remain still unsolved.
As anachronistic as it might sound, Professor Orin Kerr argues in a recent Harvard Law Review article that constitutional law scholars can meaningfully speak of a “Decryption Originalism” rooted in the Founding Era’s experience with, and attitudes toward, encrypted communications. Kerr is concerned with the question—raised in the course of former vice president Aaron Burr’s treason trial, and freshly relevant once again—of whether the Fifth Amendment right against self-incrimination prevents courts from compelling the disclosure of the cryptographic key or passcode to an enciphered message. (Kerr’s short answer is “it depends,” and his nuanced analysis is worth reading in full.) We can, I believe, similarly speak of an “Encryption Originalism” that would illuminate potential constitutional barriers to the sort of “lawful access” mandates sought by the FBI.
Courts have often looked to historical practice as a guide to understanding the scope of constitutional rights. In McIntyre v. Ohio Elections Commission (1995), the Supreme Court invalidated an Ohio statute prohibiting the distribution of anonymous campaign literature, leaning heavily on the Founding Era practice of anonymous and pseudonymous pamphleteering—most famously in the form of the Federalist Papers, authored by Alexander Hamilton, John Jay, and James Madison using the collective pseudonym of “Publius.” Though the text of the First Amendment does not explicitly say whether the “freedom of speech” it protects includes the right to speak anonymously, our political traditions provide strong evidence of how the public at the time of ratification would have understood the phrase. In a paper published a few years after McIntyre, John A. Fraser III argued that the use of codes and cyphers to protect communications should similarly be viewed as an “ancient liberty” falling within the protection of the First and Fourth Amendment’s guarantees of free expression and privacy.
The Freedom of Encrypted Speech
The grounds for First Amendment protection are relatively straightforward, on at least two different dimensions.
First, computer code itself is a form of expression entitled to constitutional protection, as a federal district court found in 1996. In a case challenging export restrictions on encryption software, the court wrote: “Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it.” An encryption algorithm is ultimately a set of mathematical instructions for rearranging data—instructions that can be described abstractly, in English, in a computer science textbook, or in a form computers find easier to execute. In principle—if not in practice, except perhaps as a very nerdy stunt—a human being could execute any software’s cryptographic transformation of a text by hand with pen and paper. If the First Amendment prohibits the government from banning publication of a book explaining those instructions in English, it should similarly protect a software developer who wishes to distribute those instructions in machine-readable form.
Second, there are the First Amendment interests of the end user to consider. While proposed lawful access mandates are invariably directed at software developers and communications platforms, their ultimate purpose is to constrain the form users’ expression takes—to compel them, in other words, to express their ideas in a form intelligible to the government. The First Amendment defects with such a mandate if applied directly to communicants would be obvious. During World War II, the U.S. military employed Native American “code talkers” for communications security. Navajo (most famously, but also Choctaw, and Cherokee, and Commanche, among others) was sufficiently difficult to reverse-engineer that, with the Axis powers lacking access to Native American speakers, the Navajo-based code was for many purposes as good as a cipher—not to mention much faster. Yet nobody imagines the government could require individuals to communicate only in languages understood by FBI employees.
Obviously, prohibiting use of a natural human language for the convenience of law enforcement would be offensive and discriminatory in numerous ways that don’t apply to algorithmically mediated communication. But I believe a core element of what is repugnant in the idea remains even after those concerns are factored out: The presumption that the government may dictate to us the form our expression takes in order to ensure that expression is readily comprehensible to the government. Achieving this aim by means of a mandate on intermediaries or software developers obscures what’s going on sufficiently to dampen the visceral reaction we would have were the directive aimed at the individual.
Targeting software developers and communications platforms is a viable alternative to regulating the end user because the average citizen is not very good at writing code, remembering long numerical strings, or mentally multiplying large prime numbers rapidly—we need help from other people and machines to do those things well at a useful speed. But the fundamental goal is still to restrict the forms individual expression may take. Before those shortcuts were available, the Framers of the Constitution routinely expressed themselves in a form that would have been unintelligible to any government agent of their era—as illustrated by the need in the Burr case to seek the aid of Burr’s private secretary. Presumably they believed they had a right to do so.
Fourth Amendment Protections
The Fourth Amendment “encryption originalist” argument (my version of it, anyway) is less straightforward, because it proceeds from an understanding of the Fourth Amendment that can read like ciphertext from the perspective of contemporary jurisprudence.
The Fourth Amendment’s core guarantee is that “the right of the people to be secure ... against unreasonable searches and seizures, shall not be violated.” Two of the key terms in that brief, critical clause are given surprisingly little weight in contemporary Fourth Amendment theory and case law alike: “people” and “secure.” In recent years, however, a number of legal scholars have begun arguing that taking these parts of the text seriously in their historical context yields a picture of the Fourth Amendment that diverges in important ways from the currently dominant reading. In what follows I draw heavily on arguments advanced in David Gray’s “The Fourth Amendment in an Age of Surveillance,” Luke Milligan’s “The Forgotten Right to Be Secure,” Jed Rubenfeld’s “The End of Privacy,” and entirely too many works to list by Thomas K. Clancy. The examples of Founding Era pamphlets condemning general warrants come primarily from William J. Cuddihy’s “The Fourth Amendment: Origins and Original Meaning, 602–1791.”
The Right of the People
Start with “the right of the people.” The Framers were, as a rule, fairly deliberate about assigning constitutional rights, powers, and duties to their respective bearers. They knew how to characterize a purely individual right—“no person shall be held to answer for a capital, or otherwise infamous crime”— but settled on “the people” as the bearers of the Fourth Amendment’s right “to be secure.” While this should not, of course, be understood as a denial that the Amendment creates an individual right, the choice of the collective noun suggests an additional dimension, perhaps reflecting the view that “unreasonable searches and seizures”—or the general warrants prohibited in the Amendment’s second clause—inflict harms on the polity as a whole above and beyond the injury to individuals unreasonably searched and seized.
We’re already accustomed to thinking of other rights with this mix of individualistic and collective rationales. The Second Amendment’s right to bear arms—another right of “the people”—is justified not merely in terms of gun owners’ individual interest in self defense or sport, but also in terms of the value to “the security of a free State” in having enough of the population armed to be able to serve as an effective militia. This dual structure is perhaps most familiar in the case of the First Amendment’s protection of freedom of speech, which is widely understood to have both an individual and a collective or structural component. I have an individual right to free speech because citizens are all fundamentally equal, and you cannot respect people as equals if you forbid them from expressing ideas core to their identity, even if those ideas seem worthless or even harmful. But there is also the structural rationale: We all live under rules that emerge from democratic deliberation, and so even if I have nothing controversial to say, my freedom depends on diverse perspectives, including criticism of popular views and officials, being freely aired. The collective interest in expressive rights is reflected in the willingness of courts in First Amendment cases to give weight to the potential “chilling effects” of laws or policies regulating speech—that is, the effect on people who never suffer the direct injury of a government penalty on speech, because they are deterred from speaking.
Similarly, David Gray argues that the Fourth Amendment “is concerned primarily with policies and practices, such as general warrants and writs of assistance. Individual cases may provide examples of those kinds of policies and practices in action, as did the search of John Entick’s home in the general warrants cases, but the primary concern is the threat against the right of the people these instances represent.” Under standing rules shaped by a purely individualistic conception of the Fourth Amendment, “individual litigants have a hard time challenging programs and policies,” such as programs of large-scale data collection or electronic surveillance. This, Gray argues, inverts the priorities of the Framers, whose assignment of the “right to be secure” to “the people” as a whole “bespeaks a founding-era understanding that security from unreasonable search and seizure is linked to collective projects of self-governance.” Consider, by way of illustration, the argument advanced by the late William J. Stuntz that the Framers understood the Fourth Amendment as, in part, a kind of structural backstop or failsafe meant to complement the First Amendment’s protections: Congress might wish to disregard the injunctions of the First Amendment and erode guarantees of press freedom, but the inability to freely enter homes or search through personal papers presents a formidable practical obstacle to fully regulating unpopular ideas or faiths.
The Right To Be Secure
Now turn to the right “to be secure.” In practice, most modern jurisprudence treats this phrase as surplusage, constitutional noise adding nothing to the meaning of the Fourth Amendment. Courts effectively read that clause as though it said simply that the right “against unreasonable searches and seizures” shall not be violated. But if we wish to take the text seriously, we should assume that word is in there for a reason—that a “right ... to be secure ... against unreasonable searches” means something different—though perhaps subtly different—from a “right ... against unreasonable searches.”
In our ordinary, contemporary linguistic practice, “security” encompasses more than the mere absence of breach. A bank vault or a computer system that has suffered an actual invasion is, self-evidently, insecure. The converse, however, is not true: A vault, home, or computer system may be “insecure” without having suffered an actual breach. When we ask whether a facility is “secure,” we are not normally asking merely whether a breach has occurred, but whether mechanisms are in place that render the facility reasonably free from the danger of a successful breach.
To understand what a right “to be secure” might mean in the context of the Fourth Amendment, however, we can’t restrict ourselves to contemporary usage, but need to consider how the term was understood at the time of ratification. Samuel Johnson’s “Dictionary of the English Language” offers several meanings for the word “secure,” of which the most obviously pertinent to the Fourth Amendment include “free from fear,” “sure, not doubting,” and “free from danger, that is, safe.” While these meanings have largely remained stable to the present day, some formerly common usages of the word ring somewhat oddly in modern ears. A 17th or 18th century writer might use the word “secure” or “security,” on its own, to refer to the psychological state of ease that a modern speaker would more commonly express as “feeling secure.”
In Shakespeare, for instance, we find the ghost of Hamlet’s father—clearly a victim of a false sense of security—describing the circumstances of his murder: