Interesting People mailing list archives
IP: Cave-in on a key measure
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 12 Mar 1999 10:14:11 -0500
X-Sender: nbr () popin newcastle ac uk Date: Fri, 12 Mar 1999 14:40:59 +0000 To: farber () cis upenn edu From: Brian Randell <Brian.Randell () newcastle ac uk> Subject: Cave-in on a key measure Dave: This article, sent to you in its entirety with the author's permission, is from this week's issue of the Guardian computer supplement "Online". The author, Duncan Campbell <duncan () gn apc org>, you may know of as the investigative journalist who did much to expose the ECHELON system. It is also available on the Web - there is a link to it at http://www.newsunlimited.co.uk/The_Paper/Online/ Cheers Brian ====== Computing and the Net Cave-in on a key measure The Government's abrupt turnaround last week on electronic security for the Net may be the "last nail in the coffin" in a 20-year battle by intelligence agencies to prevent private and commercial access to strong cryptography, according to US privacy campaigners. Guardian On-line : Thursday March 11, 1999 In what appeared to be almost a panic last-minute decision, last Thursday the Government invited more than a dozen IT industry executives to a private Downing Street breakfast briefing with Tony Blair and a Cabinet team. The Prime Minister told them that a paper on government plans for electronic commerce - first promised more than two years ago but held up by a long internal Whitehall battle between intelligence agencies and economic interests - would be published the next day. Legislation will follow within the current session of Parliament. Mr Blair revealed that the Government had decided to drop plans to require British companies that provide electronic signature services to provide "key escrow" or "key recovery" systems which would allow the police or security services covertly to read private files and e-mail. But he asked the industry executives to offer the Government alternative ways of supporting police and security agencies in countering what he, Home Secretary Jack Straw and Cabinet Secretary Richard Wilson all portrayed as a serious and developing threat from encryption. He invited them to join a task force which, in three weeks, is supposed to provide the answers. These and other comments on the Department of Trade and Industry paper (www.dti.gov.uk/cii/elec/ elec_com.html) have to be submitted by April 1. The time which it has taken British governments of both parties to produce electronic commerce legislation is a testament to the entrenched power of the American electronic eavesdropping agency NSA, which 50 years ago joined Britain, Canada, Australia and New Zealand in a secret treaty to monitor the world's civil and military communications by means of Sigint (signals intelligence). Since the late 1970s, NSA and its British partner agency GCHQ have battled to suppress public, commercial and academic knowledge of cryptography. In Britain and the United States, academics and companies were threatened, research grants were withdrawn, and academic papers were banned as "munitions exports". In 1993, the inventor of the famous PGP encryption system, Philip Zimmerman, was arrested by the FBI and for more than two years faced trial and possible imprisonment. When commercial encryption seemed unstoppable, in 1993 the Clinton administration proposed that anyone using encryption should fit an NSA designed microchip, codenamed Clipper, inside their phones or computers. Copies of the keys to decoding any information sent would be held by US government agencies. When the Clipper chip plan collapsed, the US government proposed first that alternative key "escrow systems" should be introduced - meaning that government agencies would still hold copies of everyone's secret keys. In a final attempt to win the world over, this plan was later renamed "key recovery" - meaning that non-government "trusted third parties" could hold the keys instead. "The British decision effectively not to adopt this plan is the last nail in the coffin" according to David Banisar of the Electronic Privacy Information Center in Washington. For more than eight years, he and others have battled successive US government plans to keep personal communications visible to the Sigint agencies. "If the British Government does go this way then key escrow really is dead," he said this week. Britain was first promised an early start in electronic commerce by the Conservative government in June 1996, as part of its Information Society initiative. Six months later, according to US diplomatic dispatches obtained by EPIC under the Freedom of Information Act, the US government appointed a special ambassador for cryptography, David Aaron, and sent him to lobby US allies to support its scheme. The released documents show that Aaron visited Britain on at least three occasions in late 1996 and early 1997, meeting with officials from the Cabinet Office, the trade department and GCHQ. He told them: "Our goal is a world in which key recovery encryption systems are the dominant form of technology in the commercial market." Aaron's dispatches show that, despite claims by the US government that key recovery systems were designed to assist law enforcement, meetings were attended only by staff from the Sigint monitoring agencies. When he arrived in London he was accompanied by the Deputy Director of NSA, Dr James J Hearn, who was then the NSA senior liaison official to GCHQ. Police and Home Office representatives did not attend. When Aaron reported the results of his meetings in London, he sent them to the NSA - not the FBI, the US law enforcement agency. His lobbying was effective. In March 1997, Ian Taylor, then Science and Technology Minister, announced that Britain was going with the US and that it would be compulsory for anyone providing cryptography services to give keys to a government-run "central repository". New Labour was elected on a firm pledge to abandon the scheme - but then faced renewed lobbying by intelligence agencies and the US. But the delays drew the Government into a crisis. During 1998, country after country legislated for electronic commerce but not for key recovery. Even countries often inimical to privacy rights - like Singapore, Taiwan and France - have abandoned the US cause. Pressure on the Government to make up its mind increased in January, when the Commons Select Committee on Trade and Industry began hearings on e-commerce. The committee has heard increasingly harsh criticisms of key recovery proposals from major IT figures. Starting next Wednesday, Trade Minister Michael Wills will be questioned in detail by the committee about future policy. A week ago, Ian Taylor, who first proposed key recovery, also recanted the US-backed policy. "I'm beginning to think I was wrong," he told Computing magazine. By the start of last week, new Labour had no choice but to make a clear decision, one way or the other. But in a last minute dither that is likely to please nobody and is being seen as cynical, Blair has asked the IT industry to sort out the problems police face by April 1. "He wants us to respond in three weeks when they've spent three years talking uselessly about key escrow," complained Tim Pearson, chairman of the UK Internet Service Providers' association. Pearson criticised the government for having failed to provide the police with a national centre of expertise for IT-related crime and criminal activity. ACPO, the Association of Chief Police Officers, says that a plan for a national centre is now being prepared. But the organisation fears that, despite the Prime Minister's exhortations last week, the government may not be prepared to make extra funds available to the police. "If as a nation we can't afford the several millions of pounds per year to properly fund such a unit, why burden UK plc with many tens or hundreds of millions of pounds to maintain a key escrow system?" he asked. Duncan Campbell is a freelance journalist, and not the Guardian's crime correspondent of the same name Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK EMAIL = Brian.Randell () newcastle ac uk PHONE = +44 191 222 7923 FAX = +44 191 222 8232 URL = http://www.cs.ncl.ac.uk/~brian.randell/
Current thread:
- IP: Cave-in on a key measure Dave Farber (Mar 12)