Scrambling for Safety
Privacy, security and commercial implications of the DTI’s proposed encryption policy.
London School of Economics.
May 19, 1997
Organised by
Privacy International
Global Internet Liberty Campaign
The London School of Economics Computer Security Research Centre
Reviewed by
Mark Mclaughlin,
University of Strathclyde.
Date of publication on-line: 30 May 1997
Citation: Mclaughlin M, ‘Scrambling for Safety - Privacy, security and commercial implications of the DTI’s proposed encryption policy’, Conference Report , 1997 (2) The Journal of Information, Law and Technology (JILT). <
1. Conference Introduction
In response to the release of the DTI’s consultation paper on the “Licensing of Trusted Third Parties for the Provision of Encryption Services”, a number of concerned groups organised what was to be the only public conference held during the short consultation period.
Privacy International, the Global Internet Liberty Campaign, and the Computer Security Research Centre from the London School of Economics, brought together an eclectic group, comprising of cryptographers, computer security specialists, legal experts and civil liberties groups, to debate one of the most contentious issues arising from the use of information technology and to voice concerns over what is seen as yet another attempt to control the use of cryptography.
2. Subject background
2.1 Encryption
Cryptography, the science of information secrecy, has been a field dominated, throughout history, by the military and intelligence gathering communities. In 1976, two independent researchers, Whitfield Diffie and Martin Hellman, (“New Directions in Cryptography”,” IEEE Transactions on Information Theory, November 1976), introduced the theory of Public Key Cryptography, an innovation that would allow secure communication through insecure channels.
Prior to this discovery, the sender and receiver would generally use identical keys, that combined the functions of encrypting and decrypting messages sent between them. The main problem with this lay in the communication of the key, a mathematical device used to access, encrypt or sign information, which if compromised would render the encrypted message vulnerable.
Public key cryptography (PKC) uses two keys, a public key that can be published anywhere, and used only to encrypt messages to its publisher, and a private key that is used to decrypt the message.
The use of information technology to transmit, receive and store sensitive information, using relatively open networks, is a matter of intense concern; only recently, (23 May 1997, Associated Press), the media reported an FBI Sting operation resulted in the arrest of a hacker who had stolen 100,000 credit card numbers and details.
Encryption technology can be deployed not only to prevent this type of theft, but developments in PKC over the last 20 years, have provided the means to allow integrity checking, authentication, time stamping and digital signatures, services essential to the development of global electronic commerce.
However it is also possible to use encryption to secure information in a manner that can prevent access by law enforcement agents.
In an attempt to access encrypted data and communications, relating to criminal activity, various governments have introduced schemes or proposed legislation that would require the use of weak encryption products or that an access key, to allow decryption, would be escrowed or deposited with the government, by the user. The majority of these initiatives, including “Clipper”, a series of widely documented proposals from the US, have met with a great deal of resistance, due to what many observers see as the potential for abuse of privacy, by law enforcement and intelligence gathering agencies. Other attempts to control the spread of cryptographic technology have resulted in strict and often unenforceable export controls.
Details of “Clipper” and export regulations are well documented by various cyber-liberties groups, including the Electronic Privacy Information Centre (EPIC) and the Electronic Freedom Foundation, (EFF).
2.2 Trusted Third Parties
Trusted third parties or TTP’s are widely regarded as those agencies who would be trusted by other organisations to provide certain cryptographic services, such as storage of public keys, key verification, time-stamping and if private cryptographic keys are deposited, the TTP can also offer recovery services or provide the decryption of messages for law enforcement.
The risks of allowing another party to access private keys, would however, lead to vulnerabilities, such as forgery and unauthorised access. It has also been argued that the collection of commercial private keys, stored with a TTP, would prove to be an immensely attractive target for hackers and foreign intelligence gathering agents.
2.3 The DTI paper
The DTI published a public consultation paper on the detailed proposals for legislation regarding the licensing of TTP’s in the UK, a continuation of the process announced on 10 June 1996.
It states that “Bodies wishing to offer or provide encryption services to the public in the UK…” (with certain exceptions such as banking and pay for media services) will require a license, with the DTI as the licensing authority.
As a licensing condition, it states that law enforcement agencies must have access to private encryption keys within one hour of the TTP being presented with a validated warrant. The paper also states that the use of TTP’s would be voluntary, and there would be no restriction on the method of encryption used by the public.
Concern over the paper prompted a number of critiques by those in the cryptographic community, including an independent survey and evaluation of the proposals, by Dr. Brian Gladman.
3. Conference Review
After a brief welcome to the packed auditorium, from Dr James Backhouse, Simon Davies and chairman, Prof. Ian Angell, all from the London School of Economics. It was straight down to business with the Government presentation of the proposal.
3.1 Government Presentation
David Hendon, for the DTI, stated that the change of government had made the future of the proposal unclear. He followed this with confirmation that there was no intention to control the use of encryption, instead there was a conscious effort to promote electronic commerce, with TTP’s being seen as a “working compromise” between the needs of the public and law enforcement.
Nigel Hickson of the DTI’s Information Security Policy Group, continued by suggesting that the DTI was in new territory by arguing for the use of cryptography, as opposed to the approach taken by the French Government, who have ignored criticism and avoided debate. Mr Hickson denied that the government had “sneaked” the consultation paper out and tried to allay fears that the use of “Pretty Good Privacy” or “PGP”, one of the most well known and controversial cryptographic products, would be made illegal. There was acknowledgement that discussions with the public on numerous Internet mailing lists had brought attention to the problem of the potential abuse arising from the depositing of combined signature and encryption keys which are already regarded as an unofficial standard. The DTI presentation closed by emphasising that while licensing would be compulsory, the use of TTP’s was voluntary.
3.2 Architectural and Technical
The technical section was opened by one of the most outspoken critics of the DTI proposals, Dr. Ross Anderson, a cryptographer from the University of Cambridge, computer security expert and editor of “Computer and Communications Security Review.”
Dr Anderson questioned the motives behind the proposal, pointing out that the majority of cryptographic products in use were solely for the purposes of authentication, not secrecy, therefore negating the need to escrow private keys. He suggested that the argument for access by law enforcement was founded on untruth and could easily be dealt with under existing law in the shape of the Interception of Communications Act 1985.
On the issue of trust, Dr Anderson stated that the only organisations that would fit the licensing requirements were banks and telephone companies, who could not be trusted, citing their denial of phantom withdrawals and phantom phone calls, in the face of evidence to the contrary, which is documented in his papers, “Why Crypto systems fail” and “Crypto in Europe - Markets, Law and Policy”, both available from his web site. He concluded by calling for an open debate and the need to counter the desire for control by the security services.
Dr. Whitfield Diffie, the inventor of public key cryptography, and distinguished scientist at Sun Microsystems, discussed the “migration” into digital media and the requirement for reliable authentication. Drawing attention to the fact that the most important aspect of cryptography was the manufacture and management of the keys, he argued that the introduction of TTP’s into this process would create vulnerability. He also expressed doubt that TTP’s could handle the “diversity” of modern networks, suggesting that relying upon a single authority to safeguard all key management actions, could prove to be disastrous for electronic commerce.
Phil Zimmerman, a cryptographer and programmer, by referring to his own product, PGP, (regarded as one of the most secure and widely used cryptographic products available), demonstrated that there was no requirement for a centrally trusted agency. This was illustrated by examples of how PGP was used to defend human rights in the Balkans and in Burma, by individuals who had a great deal to fear from the authorities. After commenting briefly on his own four year investigation by the FBI for the alleged breach of export controls, after an early version of the program was released over the Internet, Mr Zimmerman concluded his presentation by suggesting that any democratic government who introduces a system that erodes the privacy rights of individuals, may, one day, suffer for it.
3.3 Legal and Commercial
Some slight technical difficulty before Peter Sommer’s presentation, served only to prove that the greater proportion of technical expertise in a room, undoubtedly increases the probability of equipment failure. Gremlins had also managed to disrupt the scheduled “Cybercast” that would have allowed members of the public to listen in over the Internet.
Mr Sommer, an established legal expert on computer security and author of “The Hackers Handbook”, opened by casting doubt on the suggestions made by Dr. Anderson, claiming there was no “Covert Agenda” by law enforcement agencies, he did however suggest that there should be a separation of the electronic commerce and legal access issues, and called for more clarity in the debate. The need for proper legal recognition of digital signatures and the introduction of a licensing scheme for key services, he suggested, would provide stability for electronic commerce, whereas a purely market driven approach would lead to delays and uncertainty. Continuing this theme, Mr Sommer said that there was a case for both licensed and unlicensed TTP and that they had an essential role to play in data recovery and prevention of fraud within companies. There was concern over the “creeping” demands of law enforcement, acknowledging a point previously stated by Dr. Anderson, over the value of decrypted messages as evidence. Mr Sommer closed with a call for the law enforcement agencies to “argue their case” and for a new “Younger committee” to take a fresh look at privacy.
Dr. Carl Ellison, a cryptographer with Cybercash Inc. and a specialist in certification protocols, addressed what he called the flaws in TTP’s, suggesting the desire to reduce fraud and provide privacy from “dossier builders” would not be achieved by providing government access to keys (GAK). He continued by stating the global nature of electronic commerce would require a more diverse and adaptable method of certification, based on attributes rather than identities, which TTP’s could not provide. Dr. Ellison returned to the issue of law enforcement with the idea that secrecy was actually good for law enforcement, providing informers with security and reiterated the lack of proof that cryptography was frequently used in the commission of crime.
Peter Dare, an information security consultant from IBM, discussed the need for cryptography in business, looking briefly at export controls and the problems of digital signatures, praising the DTI’s “genuine” attempt to consult on these matters. He then touched upon the problem with terminology, the definition of cryptographic “services” and the concept of trust, before launching a sales pitch for IBM’s “Secure way” product.
3.4 International Aspects
John Dryden from the OECD, outlined their work over the last 15 years on telecommunications and computer security, including work by the Ad Hoc Group of Experts on Cryptographic Policy, which culminated in the adoption of guide-lines, in March 1997, that had been formulated over the last year. Mr. Dryden observed that some of the privacy considerations gained by the OECD would have been unacceptable to many national governments only 15 months ago.
Future plans for the OECD include an international convention on cryptographic policy and on the legal recognition of digital signatures, with a review of the situation every five years.
Alistair Kelman, a Visiting Research Fellow at LSE, specialising in computer crime and intellectual property rights, looked at the need to avoid “spoofing” in an information society, re-affirming the need for proper authentication. Turning to TTP’s, Mr. Kelman stated the need for a useful, high quality service, and noted that there was no such agency currently in existence. Suggestions as to who could and could not provide these services included banks, supermarkets, accountants and lawyers, with an interjection by Dr. Diffie for “Bookmakers and Publicans” to be included. Mr. Kelman reached the conclusion that doctors could best fulfil the trust requirements. On the lawful access issue, doubt was cast on the ability of decryption to prevent terrorism or fraud, two of the prime concerns of law enforcement, over encryption.
3.5 Civil rights and Privacy issues
Simon Davies, also a Visiting Research Fellow at LSE and Director General of Privacy International, called for reassurance on privacy issues, arguing that to create trust requires both transparency and accountability on behalf of the TTP’s, without trust any system would be unworkable and used only by a law abiding minority. He suggested there was a great deal of common ground shared between the DTI and privacy advocates, referring to certification, but observed that the unnecessary links between public key services and key recovery were moving the debate in the wrong direction. Mr. Davies urged the DTI to avoid the same “pathological resistance” to creating dialogue with civil liberties groups that had damaged the cryptography debate in other countries.
David Banisar, a legal specialist for the Electronic Privacy Information Centre (EPIC), returned to the problem of terminology, commenting on the attempts to introduce legislation in many countries and the confusing terms that had often been used to disguise government access to keys. After discussing the co-operation between the OECD and EPIC, Mr. Banisar commented on US ambassador David Aaron, the Clinton administrations “Crypto Tsar”, who had the role of increasing American influence on foreign cryptography policy, comparing his job to “a travelling minstrel show”. Mr. Banisar concluded that EPIC and Privacy International had adopted the role of “Anti Ambassador”, with the task of presenting an alternative view that reflected the rights of the individual over unnecessary and unfounded demands for government access.
3.6 Panel
The panel convened early, due to the withdrawal of the National Criminal Intelligence Service speaker, Graham Collins, who had been admitted to hospital with an eye problem. It was jokingly suggested that he had been looking through too many keyholes.
Answering questions were Dr. Brian Gladman, of Trusted Information Systems and Casper Bowden, from Scientists for Labour, along with representatives from the DTI, and civil rights groups. The barrage of questions confirmed that the biggest fears lay with law enforcement access. There was also debate over the concept of trust and the danger of “selling” trust concepts by exploiting uncertainty and doubt in the minds of the public.
3.7 Close
Dr. Backhouse closed the conference by calling for an extension to the consultation period and suggesting the possibility of a follow up conference. He also noted the large turnout at the event and how it had been organised in only four weeks, with the vast majority of communication being carried out via the Internet.
4. Key-signing party
Dr. Ian Goodyer organised an informal key signing session, which allowed anyone who had registered to participate in the mutual certification of PGP public keys, in order to build a “network of trusted users”. Phil Zimmerman demonstrated the newest version of PGP, which he had installed on a laptop and answered question relating to his work. It has since been reported that the DTI have acquired PGP and are using it to verify comments that have been digitally signed and sent to them, from various mailing lists.