IP: UK to Introduce Key Escrow

[Dave Farber <farber () central cis upenn edu>]

Date: Sat, 20 Apr 1996 22:35:37 +1000
From: Julian Assange <proff () suburbia net>


Organization: Isaac Newton Institute, University of Cambridge


Despite assurances from John Major to David Shaw MP that the British
government had no intention to limit the domestic use of cryptography,
there is now a UK policy to introduce key escrow. The debate was
conducted in secret in Whitehall; we the people were not consulted at
all.


Details can be found in a booklet called `The use of encryption and
related services with the NHSnet', published by the NHS Executive
(copies from the Department of Health, Fax 01937 845381). The points of
most interest to the privacy community are probably the following.


1.      `HMG has, for a number of years, been developing its ideas for
        a national Public Key Management Infrastructure having what is
        known as Key Recovery (KR) facilities. HMG's interest in Key
        Recovery is driven by its Law Enforcement needs. Papers
        describing schemes with this capability are now in the public
        domain for review and comment. It is expected that eventual
        national policy in this areas, supported by legislation, will
        involve the use of KR capabilities shaped closely along the
        lines indicated by current papers' (p 58).


2.      The choice facing the NHS is `whether it wishes to implement
        the KR capability within it or not' (p 58).


3.      Long term keys will be certified using a `Trusted Third
        Party' and there is budgetary provision for eight full time NHS
        staff to run this.


4.      The critical question of `the legal conditions under which
        TTPs will be able to release information under their control or
        care' is dodged; it `will have to be investigated'.


5.      The encryption algorithm used will be an unpublished block
        cipher called `Red Pike' that has been developed by GCHQ. I
        have obtained through other channels a copy of a GHCQ
        certificate evaluating this algorithm to `Restricted'. Key
        establishment will be Diffie Hellman based, and DSA will be
        used for signatures.


6.      The proposal to make the NHS adopt the TTP/Red Pike strategy
        is part of a wider initiative that will include the electronic
        submission of proposals to government departments by suppliers
        and of tax returns by small businesses. A goal is to
        `encourage a wide range of commercial off-the-shelf (COTS)
        products to be developed'. (Note: this mirrors the NSA policy
        under which the US Department of Defense is trying to get
        software suppliers to develop products with weak or escrowed
        crypto that can be replaced with plug-compatible but stronger
        military crypto. See Microsoft crypto API, the Fortezza card,
        and so on.)


7.      There is extensive - and grossly inaccurate - criticism of
        alternatives (products such as PGP, and algorithms such as RSA
        and triple DES). Some of the statements may reflect GCHQ's
        legislative or regulatory intentions. For example, on page 61
        it is stated that DES `is not normally available to users in
        other commercial sectors unless it is used by them only in
        relation to the protection of financial data'. The author seems
        ignorant of the Unix password mechanism, Sky-TV key management,
        prepayment gas meters, and the infrared gate openers used by
        season ticket holders at municipal parking garages in Glasgow.


I mentioned this report yesterday evening to an employee of a defence
software firm and he informed me that there was a presentation at GCHQ
two weeks ago for those `inside the tent pissing out' at which all the
above (and presumably more) was revealed.


The implications are many and varied. For example, the establishment
of a government facility to certify who is, and who is not, a medical
doctor would usurp the General Medical Council's traditional function.
One wonders whether there is a plan to nationalise the Law Society,
the Institute of Chartered Accountants, and other professional bodies?


At the most basic level, it appears unlikely that this report will
contribute to establishing the level of trust in the privacy and
safety of clinical telematics that will be needed if we are to
realise its many potential benefits for patient care.


Ross