Home page logo
/

interesting-people logo Interesting People mailing list archives

IP: Europe spikes spooks' e-mail eavesdrop bid [rather
From: Dave Farber <farber () cis upenn edu>
Date: Sun, 26 Oct 1997 13:49:07 -0500

=A0=A0=A0=A0=A0=A0 Duncan Campbell
=A0=A0=A0=A0=A0=A0 Europe spikes spooks' e-mail eavesdrop bid


=A0=A0=A0=A0=A0=A0 US and British intelligence agencies received a major=
 blow last week,
=A0=A0=A0=A0=A0=A0 when the EC urged governments to introduce uniform and=
 effective
=A0=A0=A0=A0=A0=A0 encryption standards to protect communications on the=
 Internet,
=A0=A0=A0=A0=A0=A0 writes Duncan Campbell. In a landmark report, the EC=
 asserted that
=A0=A0=A0=A0=A0=A0 legal recognition and standards for digital signatures,=
 which depend
=A0=A0=A0=A0=A0=A0 on effective cryptography, should be put in place across=
 the EU by
=A0=A0=A0=A0=A0=A0 2000 "at the latest".


=A0=A0=A0=A0=A0=A0 The EC report, Ensuring Security and Trust in Electronic
=A0=A0=A0=A0=A0=A0 Communication=
 [http://www.ispo.cec.bei/eif/policy/97503.html], is
=A0=A0=A0=A0=A0=A0 set to receive enthusiastic IT industry backing, after=
 years of
=A0=A0=A0=A0=A0=A0 foot-dragging by the US National Security Agency (NSA)=
 and the
=A0=A0=A0=A0=A0=A0 last British government in an attempt to block effective=
 international
=A0=A0=A0=A0=A0=A0 encryption and keep Net communications accessible to=
 their global
=A0=A0=A0=A0=A0=A0 surveillance systems.


=A0=A0=A0=A0=A0=A0 Since 1991, the Clinton administration has been trying to=
 persuade
=A0=A0=A0=A0=A0=A0 its citizens and allies to adopt a system for secret=
 government access
=A0=A0=A0=A0=A0=A0 to private code keys. A heated battle is now underway in=
 the US
=A0=A0=A0=A0=A0=A0 Congress, where five competing and opposing versions of=
 an
=A0=A0=A0=A0=A0=A0 encryption law have been passed in different committees.


=A0=A0=A0=A0=A0=A0 But Europe is having no truck with this. The EC report=
 maintains
=A0=A0=A0=A0=A0=A0 that allowing third parties secretly to decode personal=
 and business
=A0=A0=A0=A0=A0=A0 communications will not merely fail to stop criminals,=
 but will
=A0=A0=A0=A0=A0=A0 create massive new security headaches. It would also=
 threaten
=A0=A0=A0=A0=A0=A0 personal data privacy, already protected by a European=
 directive on
=A0=A0=A0=A0=A0=A0 data protection. What's more, says the report, it would=
 intolerably
=A0=A0=A0=A0=A0=A0 damage European interests in electronic commerce and the
=A0=A0=A0=A0=A0=A0 information society.


=A0=A0=A0=A0=A0=A0 Although the EU concedes that individual governments can,=
 in
=A0=A0=A0=A0=A0=A0 principle, make their own national security arrangements,=
 member
=A0=A0=A0=A0=A0=A0 states are now being warned that restrictions on=
 importing or
=A0=A0=A0=A0=A0=A0 exporting cryptographic products may be unlawful under=
 sections of
=A0=A0=A0=A0=A0=A0 the European treaty, as well as contrary to existing=
 community
=A0=A0=A0=A0=A0=A0 directives.


=A0=A0=A0=A0=A0=A0 "The European Union simply cannot afford a divided=
 regulatory
=A0=A0=A0=A0=A0=A0 landscape in a field so vital for the economy and=
 society," the
=A0=A0=A0=A0=A0=A0 Commission maintains. "Divergent and restrictive=
 practices with
=A0=A0=A0=A0=A0=A0 regard to cryptography can be detrimental to the free=
 circulation of
=A0=A0=A0=A0=A0=A0 goods and services within the internal market" and will=
 "hinder the
=A0=A0=A0=A0=A0=A0 development of electronic commerce".


=A0=A0=A0=A0=A0=A0 To back this up, the EC has set a fast-paced timetable,=
 which kicks
=A0=A0=A0=A0=A0=A0 off before the end of the year with an Internet Forum and=
 the
=A0=A0=A0=A0=A0=A0 liberalisation of national and international restrictions=
 on selling
=A0=A0=A0=A0=A0=A0 cryptography products. The EC has already decided in=
 principle that
=A0=A0=A0=A0=A0=A0 member states should be required to guarantee "the free=
 movement of
=A0=A0=A0=A0=A0=A0 encryption technologies and products" within the EU.


=A0=A0=A0=A0=A0=A0 The Commission plans to hold an international hearing at=
 the
=A0=A0=A0=A0=A0=A0 beginning of next year on this month's proposals, to be=
 followed up
=A0=A0=A0=A0=A0=A0 by a directive on digital signatures. By 2000, the goal=
 is to have a
=A0=A0=A0=A0=A0=A0 "common framework on cryptography in place throughout the
=A0=A0=A0=A0=A0=A0 Union".


=A0=A0=A0=A0=A0=A0 The Commission says it found no evidence that regulation=
 could or
=A0=A0=A0=A0=A0=A0 would stop criminals from using effective encryption. On=
 the
=A0=A0=A0=A0=A0=A0 contrary: "Restricting the use of encryption could well=
 prevent
=A0=A0=A0=A0=A0=A0 law-abiding companies and citizens from protecting=
 themselves
=A0=A0=A0=A0=A0=A0 against criminal attacks."


=A0=A0=A0=A0=A0=A0 Even more dangerous, says the EC, is the current US plan=
 to build
=A0=A0=A0=A0=A0=A0 central depositories for private code keys. Such a system=
 was also
=A0=A0=A0=A0=A0=A0 proposed in the UK a few weeks before the general=
 election. The EC
=A0=A0=A0=A0=A0=A0 says this would give criminals "additional ways to break=
 into a
=A0=A0=A0=A0=A0=A0 cryptographic system" and that the central key stores=
 themselves
=A0=A0=A0=A0=A0=A0 would or could "become target for attacks" by organised=
 crime or
=A0=A0=A0=A0=A0=A0 hostile intelligence agencies.


=A0=A0=A0=A0=A0=A0 Europe's determination to press ahead with genuinely=
 secure privacy
=A0=A0=A0=A0=A0=A0 and digital signature systems now threatens to put the US=
 into third
=A0=A0=A0=A0=A0=A0 place, after Europe and Asia, in the race to exploit=
 electronic
=A0=A0=A0=A0=A0=A0 commerce.


=A0=A0=A0=A0=A0=A0 Opponents and advocates of effective cryptography agree=
 that key
=A0=A0=A0=A0=A0=A0 access systems will fail entirely if introduced only in=
 one country, as
=A0=A0=A0=A0=A0=A0 users will obtain secure cryptographic services from=
 countries that do
=A0=A0=A0=A0=A0=A0 not have such restrictions. Electronic isolationism is=
 not an option
=A0=A0=A0=A0=A0=A0 for an industrialised nation in the 21st century.


=A0=A0=A0=A0=A0=A0 If US intelligence agencies continue to demand universal=
 access to
=A0=A0=A0=A0=A0=A0 keys, they will not merely imperil their own citizens'=
 privacy and
=A0=A0=A0=A0=A0=A0 constitutional rights, but gravely undermine the US lead=
 in IT. Faced
=A0=A0=A0=A0=A0=A0 with increasing industry, international and civil=
 liberties opposition
=A0=A0=A0=A0=A0=A0 from right and left, intelligence agency advocates have=
 reached levels
=A0=A0=A0=A0=A0=A0 of hysteria not seen since the peak of the cold war.=
 Three months
=A0=A0=A0=A0=A0=A0 ago, FBI director Louis Freeh told the US Senate=
 Judiciary
=A0=A0=A0=A0=A0=A0 Committee that "uncrackable encryption will allow drug=
 lords, spies,
=A0=A0=A0=A0=A0=A0 terrorists and even violent gangs to communicate about=
 their crimes
=A0=A0=A0=A0=A0=A0 and their conspiracies with impunity". The public safety=
 of our
=A0=A0=A0=A0=A0=A0 citizens was at stake, he insisted.


=A0=A0=A0=A0=A0=A0 One official response to the EC report in Washington last=
 week was
=A0=A0=A0=A0=A0=A0 a claim that corporations wanted key access systems in=
 order to check
=A0=A0=A0=A0=A0=A0 on their employees' private e-mail messages. But this=
 latest shift of
=A0=A0=A0=A0=A0=A0 tack only emphasises how out of touch US policymakers=
 are. It is
=A0=A0=A0=A0=A0=A0 already clear in Europe that, whether or not companies=
 might want
=A0=A0=A0=A0=A0=A0 to, it is unlawful for them to spy on their employees'=
 private
=A0=A0=A0=A0=A0=A0 communications. That issue was settled six months ago in=
 the
=A0=A0=A0=A0=A0=A0 European Court of Human Rights, when former Merseyside=
 assistant
=A0=A0=A0=A0=A0=A0 chief constable Alison Halford was awarded damages=
 against her
=A0=A0=A0=A0=A0=A0 former employers, who tacitly conceded that they had=
 tapped her
=A0=A0=A0=A0=A0=A0 office telephone.


=A0=A0=A0=A0=A0=A0 In Britain, advocates for restricting cryptography have=
 spoken,
=A0=A0=A0=A0=A0=A0 almost wishfully, of the possibility of "a backlash"=
 which would
=A0=A0=A0=A0=A0=A0 turn public opinion their way, "if there are serious=
 crimes committed
=A0=A0=A0=A0=A0=A0 and people killed and encryption is in use".


=A0=A0=A0=A0=A0=A0 Such scenarios are lampooned by experts of the seniority=
 of
=A0=A0=A0=A0=A0=A0 Cambridge's Professor Roger Needham, now also Microsoft's
=A0=A0=A0=A0=A0=A0 Director of Research, who last month described the US=
 plans as:
=A0=A0=A0=A0=A0=A0 "Like requiring men waving red flags to walk in front of=
 horseless
=A0=A0=A0=A0=A0=A0 carriages. Strong and effective encryption systems can't=
 be stopped."


=A0=A0=A0=A0=A0=A0 British policy on encryption is now "up for grabs", say=
 insiders.
=A0=A0=A0=A0=A0=A0 "There are only a limited number of moves that a=
 government can
=A0=A0=A0=A0=A0=A0 make in a democratic society," DTI information security=
 specialist
=A0=A0=A0=A0=A0=A0 Nigel Hickson told last month's Cambridge conference on=
 economic
=A0=A0=A0=A0=A0=A0 crime. "We are still thinking what they can be."


=A0=A0=A0=A0=A0=A0 Meanwhile, Labour IT minister Barbara Roche has taken=
 delivery of
=A0=A0=A0=A0=A0=A0 an assessment of responses to the former government's=
 proposals.
=A0=A0=A0=A0=A0=A0 DTI officials are taking comfort from the support they=
 received for
=A0=A0=A0=A0=A0=A0 digital signature schemes, in contrast to the opposition=
 and abuse
=A0=A0=A0=A0=A0=A0 engendered by the proposal for government access to keys.=
 Both of
=A0=A0=A0=A0=A0=A0 these features have been intensified by last week's EC=
 report.


=A0=A0=A0=A0=A0=A0 The DTI now appears to be in favour of separate plans for=
 digital
=A0=A0=A0=A0=A0=A0 signatures from the "law enforcement" agenda to restrict
=A0=A0=A0=A0=A0=A0 cryptography, and to press ahead with the former. It is=
 confident of
=A0=A0=A0=A0=A0=A0 political and industrial support for this approach. Until=
 last week,
=A0=A0=A0=A0=A0=A0 that left the question of a cryptography policy open,=
 making British
=A0=A0=A0=A0=A0=A0 as well as US policymakers' offices potentially the site=
 of trench
=A0=A0=A0=A0=A0=A0 warfare between clandestine agencies and the powerful IT=
 lobby.


=A0=A0=A0=A0=A0=A0 At an extremely timely moment, Europe has lifted the=
 Government
=A0=A0=A0=A0=A0=A0 off the horns of that dilemna. Its clear and fast=
 timetable, coupled
=A0=A0=A0=A0=A0=A0 with a firm warning that no European state may go it=
 alone, the EC
=A0=A0=A0=A0=A0=A0 has not only pushed the spooks away but given the=
 Government the
=A0=A0=A0=A0=A0=A0 chance next year to win substantial EC financial backing=
 for
=A0=A0=A0=A0=A0=A0 Britain's IT industry in pioneering the new cryptosystems=
 Europe
=A0=A0=A0=A0=A0=A0 should have in place for the millennium.


=A0=A0=A0=A0=A0=A0 [Duncan Campbell is a freelance writer and broadcaster,=
 and not the
=A0=A0=A0=A0=A0=A0 Guardian's crime correspondent of the same name]


=A0=A0=A0=A0=A0=A0 15 October 1997






**************************************************
"Photons have neither morals nor visas"  --  Dave Farber 1994
**************************************************


  By Date           By Thread  

Current thread:
  • IP: Europe spikes spooks' e-mail eavesdrop bid [rather Dave Farber (Oct 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]