IP: "Clipper III" (TTP) hits Holland

[David Farber <dave () farber net>]

> Date: Tue, 8 May 2001 14:44:45 -0700
> To: eff-priv () eff org
> From: mech () eff org (Stanton McCandlish)
>
>
> First "trusted third party" news in a long time.
>
> << start of forwarded material >>
>
>
> Date: Tue, 08 May 2001 14:05:55 +0200
> From: Maurice Wessling <maurice () bof nl>
> Subject: Dutch government puts Trusted Third Parties under pressure
> To: gilc-plan () gilc org
> Reply-To: gilc-plan () gilc org
> Errors-To: list-admin () gilc org
> Ref-URL: http://www.gilc.org
>
>
> Artikel-URL: http://www.telepolis.de/english/inhalt/te/7571/1.html
>
>   Dutch government puts Trusted Third Parties under pressure
>
>   Jelle van Buuren   08.05.2001
>
>   Intelligence agencies and police want to get access to encrypted
> messages
>
>
>
>    Dutch law enforcement authorities are forcing Trusted Third Parties
> (TTP's) to use key escrow or key recovery techniques, which make it
> possible for law enforcement to decrypt encrypted messages. The law
> enforcement authorities want to get access to encrypted Internet
> messages, according to secret documents revealed by the Dutch digital
> rights movement  Bits of Freedom [0].
>
>   Trusted Third Parties (TTP's) are independent organisations, which
> offer services to enhance the security and reliability of electronic
> communication. TTP's, for instance banks, accountants,
> telecommunication companies or public notaries, use cryptography to
> prove the authenticity of communication and secure the confidentiality
> of communication.
>
>   The Dutch Ministries of Traffic and Waterways and Economical Affairs
> started in 1998 the national  TTP project [1] to regulate in
> co-operation with industry the founding of TTP's. In a policy paper of
> March 1999 the Ministries pointed at the need of 'lawful access' and
> announced that, if voluntary agreements on this subject were not
> possible, the government would introduce legislation that would force
> them to do so.
>
>
>
>
>      "If industry does not want to cooperate in an active way in the
> development of the possibility of lawful access, the government will
> consider legislative initiatives to fulfil the need of lawful access."
> (From a  document [2] obtained by BOF)
>
>
>
>
>
>   In a secret  policy paper [3] (January 2001) of the 'Technical Working
> Group Lawful Access', which is part of the National TTP Project, an
> analysis is made of the needs of intelligence services and law
> enforcement and the different forms of TTP's. According to the
> document, law enforcement and intelligence services want to get access
> to the communication in 'clear language'. They don't want to get hold
> of the encryption keys, unless 'it is the only way to get access to
> encrypted communication'. The agencies also want to listen in to
> encrypted communication in real-time. Access has to be possible without
> the co-operation or knowledge of the user.
>
>   The Technical Working Party then analyses different forms of TTP
> architectures and concludes that only two types will make lawful access
> possible: when a TTP has a copy of the encryption key, or when the TTP
> is technically able to use key recovery. This is, according to the
> working party, a problem: 'The question that has to be answered is if
> it is desirable that forms of TTP's will exist that cannot fulfil the
> demands of the intelligence services and law enforcement.' In the
>   minutes [4] of the co-ordinating committee of the National TTP Project
> of March 2001, the question is formulated more strongly:
>
>
>
>
>      'According to the law, TTP's which do not posses encryption keys,
> are not obliged to co-operate. But the aim is to prevent TTP's from
> claiming this position, by making it an obligation to organise their
> services in a way that makes lawful access possible.'
>
>
>
>
>
>   The coordinating committee recognises that TTP's have problems with
> providing lawful access. It is doubtful if TTP's are willing to give
> lawful access, as companies and consumers will have little faith in
> their services if they know the TTP is able to read their
> communications and deliver it to government. Companies have already
> indicated that the founding of a good TTP infrastructure in the
> Netherlands is not possible if Dutch TTP's are forced to give lawful
> access, while other TTP's don't have this obligation. Clients will take
> a foreign TTP.
>
>   But the Technical Working Party decided to recommend nevertheless that
> TTP's must choose architecture, which make lawful access possible. It
> is called 'obligatory self regulation'. They also recommend making a
> study on the economic impact of this solution. If the study makes clear
> the obligation to give lawful access is economically not feasible, it
> may change the decision.
>
>   The companies, which are involved in the National TTP Project, were
> not amused. 'What is the use of this exercise, if the technical working
> group has already decided that lawful access is one of the criteria
> TTP's have to fullfilll to get their certification,' a member of the
> telco KPN asked according to the minutes.
>
>   But a representative of the Ministry of Economic Affairs assured that
> it is still possible to change the recommendations. 'If the study shows
> that Dutch consumers will choose foreign TTP's as a result of this, the
> proposed recommendation is no longer effective.' He adds that there is
> a huge clash of interest between the different ministries involved.
>
>   Dutch government tried for several years to regulate the use of
> cryptography. Proposals to forbid cryptography, regulate the use of
> cryptography or force suspects to decrypt their encrypted data all were
> withdrawn after huge protest. This seems to be another attempt of the
> intelligence services and law enforcement to get grip on the use of
> encryption.
>
>   After publishing the secret documents, Bits of Freedom was treathened
> by the National TTP Project with a lawsuit. Reason: Bits of Freedom
> infringed the copyright of the documents and the minutes. The TTP
> Project also threatened to close down the website of Bits of Freedom.
> Bits of Freedom wasn't impressed by the threats and told the National
> TTP Project they were more than happy to meet in court. After that, the
> threats were withdrawn.
>
>
>
>   Links
>
>   [0] http://www.bof.nl
>   [1] http://www.ecp.nl/trust/ttp.html
>   [2] http://www.bof.nl/tappen/KST35668.pdf
>   [3] http://www.bof.nl/tappen/RapportageTWRT.pdf
>   [4] http://www.bof.nl/tappen/TTPnotulenmaart2001.pdf
>
>   Artikel-URL: http://www.telepolis.de/english/inhalt/te/7571/1.html
>
>
> ----------------------------------------------------------------------
>    Copyright © 1996-2001 All Rights Reserved. Alle Rechte vorbehalten
>   Verlag Heinz Heise, Hannover
>
> << end of forwarded material >>
> --
>
>
> --
> Stanton McCandlish      mech () eff org       http://www.eff.org/~mech
> Technical Director/Webmaster         Electronic Frontier Foundation
> voice: +1 415 436 9333 x105                    fax: +1 415 436 9993
> EFF, 454 Shotwell St.                    San Francisco CA 94110 USA



For archives see: http://www.interesting-people.org/