IP: more on : The Maginot Line of Encryption Falls

[Dave Farber <farber () cis upenn edu>]

Date: Wed, 20 Jan 1999 20:41:24 -0500
From: "K. N. Cukier" <100736.3602 () compuserve com>
To: "farber () cis upenn edu" <farber () cis upenn edu>




Dave, 

As a follow up to Stewart Baker's note, here's some more info on France's
decision to liberalize crypto....

It is an astounding and surprising policy reversal -- a complete about-face
-- that no one expected (except Stewart!), although there had been a lot of
talk about "modifying" the laws recently. It made front page news in all
the major French dailies, and Le Monde and Liberation both ran two full
pages on the matter and broader French Net issues.

Prime Minister Lionel Jospin's policy announcement is on the Web at:
<http://www.internet.gouv.fr/gb/sommaire.html> (I translated the relevant
section, below).

While Jospin is a master at reducing political risk, his policy is still
fraught with domestic political dangers -- and dangers for online
individual privacy. 

It's still unclear how much buy-in Jospin has from law enforcement,
intelligence agencies and the military. He's certainly got some, but until
we see the actual legislation, it is unclear whether no restrictions really
mean no restrictions. Just as in the US, where the FBI has called on
Congress to impose domestic controls on crypto, so too will the same
pressure appear in France. This is really the start of a public policy
debate, not the final judgment.

Yet in gaining support for the policy, Jospin had to throw a bone to the
spooks, and did so via increasing their funding. This is a dual-edged sword
solution. France already has one of the most extensive domestic police and
spy forces in the industrialized world (via the CRS, a domestic
hyper-militarized police force and the Renseignement General, an
intelligence agency for civilian espionage), and this adds to their
influence. In fact, one of the legacies of the Mitterrand years was the
president's illegal wiretaps of over 400 judges, journalists, actors and
intellectuals. This ought be noted when considering France's latest move,
since liberalizing crypto is only half the coin if the other half is an
abuse of privacy via a massive state apparatus that spys on citizens. Thus,
the danger is crypto is legalized, but interception of communications
becomes commonplace.

Le Monde noted one reason to encourage crypto is to fight against economic
espionage, and singled out the US-UK-Australia-Canada-New Zealand
interception project ECHELON. The newspaper calls Jospin's new position one
of "realism."

The following is an English translation of Prime Minister Jospin's remarks
from a press conference on 19 January 1999:

"[...] The third legislative area concerns cryptography. While the means
for electronic espionage grows, cryptography appears to be an essential way
to protect the confidentiality of communication and for privacy.

A year ago, we made the first step towards liberalizing cryptography, which
is a technique for exchanging data across a network. I had announced that
we would make further initiatives. The government has, since then, listened
to concerned parties, spoken with experts and consulted its international
partners. Today, we are convinced that the 1996 law is no longer viable. In
effect, it strongly holds back the usage of cryptography in France, and
does not have any impact on allowing law enforcement authorities to
effectively fight the criminal use of encryption, which is easily
obtainable.

To change the orientation of our legislation, the government therefore will
take the following steps, of which I have discussed with the president
(Jacques Chirac):

- Offer the complete freedom of cryptography use.

- Revoke the mandatory nature of escrowing private encryption keys in
trusted third parties. 

- Complete the judicial steps required by new regulations, including penal
sanctions, concerning the handing over to lawful authorities upon demand
the plaintext transcriptions of encrypted documents. Also, the technical
ability for law enforcement authorities will be significantly reinforced
(to deal with the matter) and their budget increased accordingly.

Changing the law will take many months. The government has wanted that the
principle obstacles that weigh on citizens as they protect the
confidentiality of their communications and develop electronic commerce be
lifted without delay. So, in the meantime before the legislative
modifications are announced, the government has decided to raise the limit
on unregulated cryptography use from 40 bits to 128 bits, a level that is
considered by experts to durably assure strong security. [...]"


Cheers,

Kenn