Interesting People mailing list archives
IP: GCHQ/DTI briefing on strong encryption - Report
From: Dave Farber <farber () central cis upenn edu>
Date: Thu, 04 Jul 1996 04:26:02 -0400
From: rja14 () cl cam ac uk (Ross Anderson) Newsgroups: sci.crypt,alt.security,uk.telecom,alt.security.pgp Subject: HMS Clipper - GCHQ bungling! Date: 28 Jun 1996 12:20:19 GMT Organization: U of Cambridge Computer Lab, UK Message-ID: <4r0im3$32p () lyra csx cam ac uk> I went to the meeting organised at the IEE yesterday on the UK `Trusted Third Party' proposals. One of the speakers, Nigel Hickson of the DTI, confirmed that escrowing of confidentiality keys would be mandatory. He also claimed that an OECD expert group was working on `global crypto guidelines', and made clear that the controls would focus on small-to medium enterprises and individuals rather than on large companies. It was a most extraordinary meeting, and showed up GCHQ in a rather poor light. The introductory talk was given by Andrew Saunders, advertised as head of CESG (GCHQ's protection arm) since 1991 and a GCHQ board member. He remarked that the debate on encryption had been acrimonious, especially in the USA, but that now technology made possible a compromise in the form of `Trusted Third Parties' which would supply a key delivery service and a key recovery service for both users and law enforcement authorities. I asked him whether his department had advised ministers that it was all right to release the April report on encryption in the NHS network (which floated the TTP idea), or had at least had sight of it before its release. He claimed to have no knowledge of whether his agency had seen it. After a talk on the common criteria by Murray Donaldson of the Ministry of Defence, Saunders left, and we were addressed by a man introduced as Paul Fleury, head of the information systems security group at the security service. He was claimed to have been with MI5 for 18 years, and in his current post for 5; and to head a team of 9 people responsible for the overall UK threat assessment (with technical input from GCHQ), as well as for managing CRAMM and running UNIRAS (the UK government equivalent of CERT). Strangely enough for such a senior and responsible person, his name did not appear on the programme, and in the list of participants he appears only as `UNIRAS SPEAKER, Security Service, PO Box 5656, London EC1A 1AH' (so now you know - but why did he turn up with slides that had his name on them and yet not write his name in the attendance register?) His talk contained little to surprise, with statistics on viruses, equipment thefts and hacking. He did mention that 98% of the 873 hacking incidents in 1994/5 were abuse of access by insiders rather than external attack. The third talk was by Elizabeth France, the Data Protection Registrar, who expressed amusement at my having ironically referred to her (along with the other speakers) as `one of the forces of darkness' when I relayed notice of the meeting to the net. She proceeded to blaze with light; she argued that the national security exemptions to data protection law should be curtailed, and could see no reason why the security service should not have to register along with everybody else. She also pleaded for the wider use of privacy enhancing technologies, such as the use of pseudonyms in medical databases. Next was John Austen of the Yard, who pointed out that company directors can get ten years' jail if one of their employees has kiddieporn on a company server, since under the Children and Young Persons Act simple possession is an offence. Then Bob Hill of the MoD talked about the SOS-TDP project to provide security interfaces in Microsoft, Novell and DEC products, linked with Northern Telecom's `Enterprise Security Toolkit'; David Ferbrache of DRA talked about security threats from the Internet; John Hughes of TIS about firewalls; and Alex McIntosh of PCSL about how his company built a crypto infrastructure for Shell and got government approval for it. The threat model depicted in these talks was remote from reality. For example, it was categorically stated that most thefts of PCs are for the information in them, rather than the resale value of the machine or its components. False - over 11% of UK general practitioners have experienced theft of a practice PC, yet there is only one case known to the BMA in which the information was abused. Another example was the numbers put on various threats: satellite TV hacking was said to cost 300,000 pounds a year (according to News Datacom at Cardis 94, that should be 200,000,000) while other risks were wildly inflated. Bob Morris, the former NSA chief scientist, is fond of asking security researchers, `Do you consider yourself to be more dishonest, or more incompetent?' Well, does GCHQ know that the threat model presented at their meeting is wrong, or don't they? Anyway, Alex McIntosh's talk brought matters back to crypto policy when he explained that following UK and US government approval of a corporate security architecture designed for Shell, Fortune 500 companies would be trusted to manage their own keys. The explanation is that they have so much to lose that they will be responsive to warrants and subpoenas. (The doctrine of equality of persons before the law was not, of course, mentioned.) The final speaker was Nigel Hickson from the DTI. The excuse given for his late arrival ws that he had been in France with the OECD and had been discussing crypto policy for three days. He looked somewhat junior but was said to co-chair the ITSEC scheme with CESG and to be one of a group of five people in DTI responsible for information security policy. In the introduction to his talk, he picked up on Alex's remarks about Shell and stated that the motivation for the DTI's involvement was that while `large firms will crack security', it would be an inhibiting factor for small-to-medium firms and individuals, and would prevent them participating in commerce on the Internet (this seemed to clash with the policy announcement that corporate encryption would be regulated but private would not be). He then quite blatantly waffled until his time was almost up before getting to the reason most people had come to the meeting, namely the DTI announcement of its intent to regulate `Trusted Third Parties'. My notes on his words are as follows: Why the UK announcement? Many reasons, some of which are highlighted in the public statement. The primary reason is that to secure electronic commerce people will need access to strong crypto, and if this is serious then government will have to look at what systems are `appropriate'. The UK government has spent a lot of time discussing the essential balance. Continued law enforcement access is required along the lines of the Interception of Communications Act. The government has `obviously' looked at TTPs and at `elements of key escrow'. There was no mention of national intelligence requirements. Policy framework for the provision of encryption services: 1 No new controls on the use of encryption, such as types of algorithm. The introduction of trusted third parties will be on a voluntary basis; 2 Licensing of TTPs will be on (a) competence (b) ability to provide a service (c) cooperation with government under conditions of warranted interception; 3 International working will be the essential vehicle to drive it - first in Europe and then in a wider field. Legislation later this year is possible. The EU is working on a `second infosec decision' to promote TTPs in Europe. The OECD expert group is working on global crypto guidelines. By the time he had finished this short exposition, he had run over the advertised time of 4.15, eating well into the fifteen minutes that the programme had allocated for discussion. There were only a few questions: Paul Leyland managed to ask whether it would be mandatory for confidentiality keys to be escrowed, and Hickson said yes. Just as the questions were starting to flow, the chairman - advertised as Mr DJ Robertson, Ministry of Defence - declared the meeting closed. I objected; I pointed out that there were plenty of people with questions, and that the government's attempts to sell their proposal would not be aided by such blatant news management, which would surely be reported. He said that we absolutely had to be out of the room by half past four - the time then - and overruled me, remarking that the Universities of Oxford and Cambridge had asked quite enough questions. Then a large gentleman came up to me and said that he hoped my remark about publicising their news management had been made in jest. I told him that it was not, and he became menacing. He said that the meeting was held under IEE rules and seemed taken aback when I stood my ground and told him I was a member. He then said that he was also a graduate of Cambridge and that he would write to very senior people in the University about me. Good luck to him. Although he wouldn't give me his name, his lapel badge said `B Buxton' and the attendance register lists a Bill Buxton, Parity Solutions Ltd., Wimbledon Bridge House, 1 Hartford Road, Wimbledon SW19 3RU. After the meeting, we milled around, to the evident discomfiture of the man advertised as Robertson. Finally, at almost five o'clock, an IEE lady turned up while there were still a few of us in the corridor. He asked her to see us off the premises, at which she smiled and asked whether we knew our way out. When I said yes, she said 'that's all right then' and went off. The man advertised as Robertson scuttled away without meeting my eye. As Bob would ask, incompetence or dishonesty? Well, I didn't get the impression that our spooks are even competent at being dishonest. Ross Anderson
Current thread:
- IP: GCHQ/DTI briefing on strong encryption - Report Dave Farber (Jul 04)