Interesting People mailing list archives
IP: Europe spikes spooks' e-mail eavesdrop bid [rather
From: Dave Farber <farber () cis upenn edu>
Date: Sun, 26 Oct 1997 13:49:07 -0500
=A0=A0=A0=A0=A0=A0 Duncan Campbell =A0=A0=A0=A0=A0=A0 Europe spikes spooks' e-mail eavesdrop bid =A0=A0=A0=A0=A0=A0 US and British intelligence agencies received a major= blow last week, =A0=A0=A0=A0=A0=A0 when the EC urged governments to introduce uniform and= effective =A0=A0=A0=A0=A0=A0 encryption standards to protect communications on the= Internet, =A0=A0=A0=A0=A0=A0 writes Duncan Campbell. In a landmark report, the EC= asserted that =A0=A0=A0=A0=A0=A0 legal recognition and standards for digital signatures,= which depend =A0=A0=A0=A0=A0=A0 on effective cryptography, should be put in place across= the EU by =A0=A0=A0=A0=A0=A0 2000 "at the latest". =A0=A0=A0=A0=A0=A0 The EC report, Ensuring Security and Trust in Electronic =A0=A0=A0=A0=A0=A0 Communication= [http://www.ispo.cec.bei/eif/policy/97503.html], is =A0=A0=A0=A0=A0=A0 set to receive enthusiastic IT industry backing, after= years of =A0=A0=A0=A0=A0=A0 foot-dragging by the US National Security Agency (NSA)= and the =A0=A0=A0=A0=A0=A0 last British government in an attempt to block effective= international =A0=A0=A0=A0=A0=A0 encryption and keep Net communications accessible to= their global =A0=A0=A0=A0=A0=A0 surveillance systems. =A0=A0=A0=A0=A0=A0 Since 1991, the Clinton administration has been trying to= persuade =A0=A0=A0=A0=A0=A0 its citizens and allies to adopt a system for secret= government access =A0=A0=A0=A0=A0=A0 to private code keys. A heated battle is now underway in= the US =A0=A0=A0=A0=A0=A0 Congress, where five competing and opposing versions of= an =A0=A0=A0=A0=A0=A0 encryption law have been passed in different committees. =A0=A0=A0=A0=A0=A0 But Europe is having no truck with this. The EC report= maintains =A0=A0=A0=A0=A0=A0 that allowing third parties secretly to decode personal= and business =A0=A0=A0=A0=A0=A0 communications will not merely fail to stop criminals,= but will =A0=A0=A0=A0=A0=A0 create massive new security headaches. It would also= threaten =A0=A0=A0=A0=A0=A0 personal data privacy, already protected by a European= directive on =A0=A0=A0=A0=A0=A0 data protection. What's more, says the report, it would= intolerably =A0=A0=A0=A0=A0=A0 damage European interests in electronic commerce and the =A0=A0=A0=A0=A0=A0 information society. =A0=A0=A0=A0=A0=A0 Although the EU concedes that individual governments can,= in =A0=A0=A0=A0=A0=A0 principle, make their own national security arrangements,= member =A0=A0=A0=A0=A0=A0 states are now being warned that restrictions on= importing or =A0=A0=A0=A0=A0=A0 exporting cryptographic products may be unlawful under= sections of =A0=A0=A0=A0=A0=A0 the European treaty, as well as contrary to existing= community =A0=A0=A0=A0=A0=A0 directives. =A0=A0=A0=A0=A0=A0 "The European Union simply cannot afford a divided= regulatory =A0=A0=A0=A0=A0=A0 landscape in a field so vital for the economy and= society," the =A0=A0=A0=A0=A0=A0 Commission maintains. "Divergent and restrictive= practices with =A0=A0=A0=A0=A0=A0 regard to cryptography can be detrimental to the free= circulation of =A0=A0=A0=A0=A0=A0 goods and services within the internal market" and will= "hinder the =A0=A0=A0=A0=A0=A0 development of electronic commerce". =A0=A0=A0=A0=A0=A0 To back this up, the EC has set a fast-paced timetable,= which kicks =A0=A0=A0=A0=A0=A0 off before the end of the year with an Internet Forum and= the =A0=A0=A0=A0=A0=A0 liberalisation of national and international restrictions= on selling =A0=A0=A0=A0=A0=A0 cryptography products. The EC has already decided in= principle that =A0=A0=A0=A0=A0=A0 member states should be required to guarantee "the free= movement of =A0=A0=A0=A0=A0=A0 encryption technologies and products" within the EU. =A0=A0=A0=A0=A0=A0 The Commission plans to hold an international hearing at= the =A0=A0=A0=A0=A0=A0 beginning of next year on this month's proposals, to be= followed up =A0=A0=A0=A0=A0=A0 by a directive on digital signatures. By 2000, the goal= is to have a =A0=A0=A0=A0=A0=A0 "common framework on cryptography in place throughout the =A0=A0=A0=A0=A0=A0 Union". =A0=A0=A0=A0=A0=A0 The Commission says it found no evidence that regulation= could or =A0=A0=A0=A0=A0=A0 would stop criminals from using effective encryption. On= the =A0=A0=A0=A0=A0=A0 contrary: "Restricting the use of encryption could well= prevent =A0=A0=A0=A0=A0=A0 law-abiding companies and citizens from protecting= themselves =A0=A0=A0=A0=A0=A0 against criminal attacks." =A0=A0=A0=A0=A0=A0 Even more dangerous, says the EC, is the current US plan= to build =A0=A0=A0=A0=A0=A0 central depositories for private code keys. Such a system= was also =A0=A0=A0=A0=A0=A0 proposed in the UK a few weeks before the general= election. The EC =A0=A0=A0=A0=A0=A0 says this would give criminals "additional ways to break= into a =A0=A0=A0=A0=A0=A0 cryptographic system" and that the central key stores= themselves =A0=A0=A0=A0=A0=A0 would or could "become target for attacks" by organised= crime or =A0=A0=A0=A0=A0=A0 hostile intelligence agencies. =A0=A0=A0=A0=A0=A0 Europe's determination to press ahead with genuinely= secure privacy =A0=A0=A0=A0=A0=A0 and digital signature systems now threatens to put the US= into third =A0=A0=A0=A0=A0=A0 place, after Europe and Asia, in the race to exploit= electronic =A0=A0=A0=A0=A0=A0 commerce. =A0=A0=A0=A0=A0=A0 Opponents and advocates of effective cryptography agree= that key =A0=A0=A0=A0=A0=A0 access systems will fail entirely if introduced only in= one country, as =A0=A0=A0=A0=A0=A0 users will obtain secure cryptographic services from= countries that do =A0=A0=A0=A0=A0=A0 not have such restrictions. Electronic isolationism is= not an option =A0=A0=A0=A0=A0=A0 for an industrialised nation in the 21st century. =A0=A0=A0=A0=A0=A0 If US intelligence agencies continue to demand universal= access to =A0=A0=A0=A0=A0=A0 keys, they will not merely imperil their own citizens'= privacy and =A0=A0=A0=A0=A0=A0 constitutional rights, but gravely undermine the US lead= in IT. Faced =A0=A0=A0=A0=A0=A0 with increasing industry, international and civil= liberties opposition =A0=A0=A0=A0=A0=A0 from right and left, intelligence agency advocates have= reached levels =A0=A0=A0=A0=A0=A0 of hysteria not seen since the peak of the cold war.= Three months =A0=A0=A0=A0=A0=A0 ago, FBI director Louis Freeh told the US Senate= Judiciary =A0=A0=A0=A0=A0=A0 Committee that "uncrackable encryption will allow drug= lords, spies, =A0=A0=A0=A0=A0=A0 terrorists and even violent gangs to communicate about= their crimes =A0=A0=A0=A0=A0=A0 and their conspiracies with impunity". The public safety= of our =A0=A0=A0=A0=A0=A0 citizens was at stake, he insisted. =A0=A0=A0=A0=A0=A0 One official response to the EC report in Washington last= week was =A0=A0=A0=A0=A0=A0 a claim that corporations wanted key access systems in= order to check =A0=A0=A0=A0=A0=A0 on their employees' private e-mail messages. But this= latest shift of =A0=A0=A0=A0=A0=A0 tack only emphasises how out of touch US policymakers= are. It is =A0=A0=A0=A0=A0=A0 already clear in Europe that, whether or not companies= might want =A0=A0=A0=A0=A0=A0 to, it is unlawful for them to spy on their employees'= private =A0=A0=A0=A0=A0=A0 communications. That issue was settled six months ago in= the =A0=A0=A0=A0=A0=A0 European Court of Human Rights, when former Merseyside= assistant =A0=A0=A0=A0=A0=A0 chief constable Alison Halford was awarded damages= against her =A0=A0=A0=A0=A0=A0 former employers, who tacitly conceded that they had= tapped her =A0=A0=A0=A0=A0=A0 office telephone. =A0=A0=A0=A0=A0=A0 In Britain, advocates for restricting cryptography have= spoken, =A0=A0=A0=A0=A0=A0 almost wishfully, of the possibility of "a backlash"= which would =A0=A0=A0=A0=A0=A0 turn public opinion their way, "if there are serious= crimes committed =A0=A0=A0=A0=A0=A0 and people killed and encryption is in use". =A0=A0=A0=A0=A0=A0 Such scenarios are lampooned by experts of the seniority= of =A0=A0=A0=A0=A0=A0 Cambridge's Professor Roger Needham, now also Microsoft's =A0=A0=A0=A0=A0=A0 Director of Research, who last month described the US= plans as: =A0=A0=A0=A0=A0=A0 "Like requiring men waving red flags to walk in front of= horseless =A0=A0=A0=A0=A0=A0 carriages. Strong and effective encryption systems can't= be stopped." =A0=A0=A0=A0=A0=A0 British policy on encryption is now "up for grabs", say= insiders. =A0=A0=A0=A0=A0=A0 "There are only a limited number of moves that a= government can =A0=A0=A0=A0=A0=A0 make in a democratic society," DTI information security= specialist =A0=A0=A0=A0=A0=A0 Nigel Hickson told last month's Cambridge conference on= economic =A0=A0=A0=A0=A0=A0 crime. "We are still thinking what they can be." =A0=A0=A0=A0=A0=A0 Meanwhile, Labour IT minister Barbara Roche has taken= delivery of =A0=A0=A0=A0=A0=A0 an assessment of responses to the former government's= proposals. =A0=A0=A0=A0=A0=A0 DTI officials are taking comfort from the support they= received for =A0=A0=A0=A0=A0=A0 digital signature schemes, in contrast to the opposition= and abuse =A0=A0=A0=A0=A0=A0 engendered by the proposal for government access to keys.= Both of =A0=A0=A0=A0=A0=A0 these features have been intensified by last week's EC= report. =A0=A0=A0=A0=A0=A0 The DTI now appears to be in favour of separate plans for= digital =A0=A0=A0=A0=A0=A0 signatures from the "law enforcement" agenda to restrict =A0=A0=A0=A0=A0=A0 cryptography, and to press ahead with the former. It is= confident of =A0=A0=A0=A0=A0=A0 political and industrial support for this approach. Until= last week, =A0=A0=A0=A0=A0=A0 that left the question of a cryptography policy open,= making British =A0=A0=A0=A0=A0=A0 as well as US policymakers' offices potentially the site= of trench =A0=A0=A0=A0=A0=A0 warfare between clandestine agencies and the powerful IT= lobby. =A0=A0=A0=A0=A0=A0 At an extremely timely moment, Europe has lifted the= Government =A0=A0=A0=A0=A0=A0 off the horns of that dilemna. Its clear and fast= timetable, coupled =A0=A0=A0=A0=A0=A0 with a firm warning that no European state may go it= alone, the EC =A0=A0=A0=A0=A0=A0 has not only pushed the spooks away but given the= Government the =A0=A0=A0=A0=A0=A0 chance next year to win substantial EC financial backing= for =A0=A0=A0=A0=A0=A0 Britain's IT industry in pioneering the new cryptosystems= Europe =A0=A0=A0=A0=A0=A0 should have in place for the millennium. =A0=A0=A0=A0=A0=A0 [Duncan Campbell is a freelance writer and broadcaster,= and not the =A0=A0=A0=A0=A0=A0 Guardian's crime correspondent of the same name] =A0=A0=A0=A0=A0=A0 15 October 1997 ************************************************** "Photons have neither morals nor visas" -- Dave Farber 1994 **************************************************
Current thread:
- IP: Europe spikes spooks' e-mail eavesdrop bid [rather Dave Farber (Oct 26)