Interesting People mailing list archives
IP: more on : The Maginot Line of Encryption Falls
From: Dave Farber <farber () cis upenn edu>
Date: Wed, 20 Jan 1999 21:15:23 -0500
Date: Wed, 20 Jan 1999 20:41:24 -0500 From: "K. N. Cukier" <100736.3602 () compuserve com> To: "farber () cis upenn edu" <farber () cis upenn edu> Dave, As a follow up to Stewart Baker's note, here's some more info on France's decision to liberalize crypto.... It is an astounding and surprising policy reversal -- a complete about-face -- that no one expected (except Stewart!), although there had been a lot of talk about "modifying" the laws recently. It made front page news in all the major French dailies, and Le Monde and Liberation both ran two full pages on the matter and broader French Net issues. Prime Minister Lionel Jospin's policy announcement is on the Web at: <http://www.internet.gouv.fr/gb/sommaire.html> (I translated the relevant section, below). While Jospin is a master at reducing political risk, his policy is still fraught with domestic political dangers -- and dangers for online individual privacy. It's still unclear how much buy-in Jospin has from law enforcement, intelligence agencies and the military. He's certainly got some, but until we see the actual legislation, it is unclear whether no restrictions really mean no restrictions. Just as in the US, where the FBI has called on Congress to impose domestic controls on crypto, so too will the same pressure appear in France. This is really the start of a public policy debate, not the final judgment. Yet in gaining support for the policy, Jospin had to throw a bone to the spooks, and did so via increasing their funding. This is a dual-edged sword solution. France already has one of the most extensive domestic police and spy forces in the industrialized world (via the CRS, a domestic hyper-militarized police force and the Renseignement General, an intelligence agency for civilian espionage), and this adds to their influence. In fact, one of the legacies of the Mitterrand years was the president's illegal wiretaps of over 400 judges, journalists, actors and intellectuals. This ought be noted when considering France's latest move, since liberalizing crypto is only half the coin if the other half is an abuse of privacy via a massive state apparatus that spys on citizens. Thus, the danger is crypto is legalized, but interception of communications becomes commonplace. Le Monde noted one reason to encourage crypto is to fight against economic espionage, and singled out the US-UK-Australia-Canada-New Zealand interception project ECHELON. The newspaper calls Jospin's new position one of "realism." The following is an English translation of Prime Minister Jospin's remarks from a press conference on 19 January 1999: "[...] The third legislative area concerns cryptography. While the means for electronic espionage grows, cryptography appears to be an essential way to protect the confidentiality of communication and for privacy. A year ago, we made the first step towards liberalizing cryptography, which is a technique for exchanging data across a network. I had announced that we would make further initiatives. The government has, since then, listened to concerned parties, spoken with experts and consulted its international partners. Today, we are convinced that the 1996 law is no longer viable. In effect, it strongly holds back the usage of cryptography in France, and does not have any impact on allowing law enforcement authorities to effectively fight the criminal use of encryption, which is easily obtainable. To change the orientation of our legislation, the government therefore will take the following steps, of which I have discussed with the president (Jacques Chirac): - Offer the complete freedom of cryptography use. - Revoke the mandatory nature of escrowing private encryption keys in trusted third parties. - Complete the judicial steps required by new regulations, including penal sanctions, concerning the handing over to lawful authorities upon demand the plaintext transcriptions of encrypted documents. Also, the technical ability for law enforcement authorities will be significantly reinforced (to deal with the matter) and their budget increased accordingly. Changing the law will take many months. The government has wanted that the principle obstacles that weigh on citizens as they protect the confidentiality of their communications and develop electronic commerce be lifted without delay. So, in the meantime before the legislative modifications are announced, the government has decided to raise the limit on unregulated cryptography use from 40 bits to 128 bits, a level that is considered by experts to durably assure strong security. [...]" Cheers, Kenn
Current thread:
- IP: more on : The Maginot Line of Encryption Falls Dave Farber (Jan 20)