Inaccurate study quoting, Re: anti-crypto rhetoric (Ellison,

Brian Gladman gladman at seven77.demon.co.uk
Sat, 4 Apr 1998 11:40:35 +0100 

From: Peter Sommer <hcorn@cix.co.uk>
To: ukcrypto@maillist.ox.ac.uk <ukcrypto@maillist.ox.ac.uk>
Cc: hcorn@cix.co.uk <hcorn@cix.co.uk>
Date: 04 April 1998 06:42
Subject: Re: Inaccurate study quoting, Re: anti-crypto rhetoric (Ellison,

>The problem with the Denning / Baugh report is that some of the "cases"
>are very difficult to verify.

[snip]

>There is simply too much unsupported  "there is a rumor.."  "we have also
>heard..."
>
>Academics,  however distinguished,   really should do more than simply
>repeat convenient rumours.


[snip]

Thanks now to both Peter and Dorothy for their postings.    It now appears
that we have an inaccurate response from Robert Perillo to an inaccurate
posting by Carl Ellison to an inaccurate study by Denning and Baugh!    And
this is the ***best*** public evidence that we have to justify cryptography
policies that are critical to the development of the information society.
This is simply not an acceptable basis for policy development in such an
important area.

I have little doubt that Dorothy did her best to obtain clear, objective
evidence but the problem is that, if there really is any good evidence, the
authorities seem extremely unwilling to release it in a form in which we can
have any confidence in it.

In the UK this has led to government policy formulation on cryptography and
TTP services along the lines 'trust us, we know what is best for you, but we
can't (or won't) give you any evidence to justify what we intend to do'.
Such an approach to policy formulation might have worked in the distant past
but it is no longer acceptable in the 1990s - we now have a much better
educated population and one that is simply not prepared to be told what is
good for it by a series of governments whose policies on matters involving
technology make the 'Poll Tax' look like a stunning success.

For several years now the US and the UK governments have been pushing for
Key Escrow provisions on the thesis that society should accept limitations
on the benefits to be derived from cryptography in order to limit the damage
it might do to law enforcement.  Both governments are asking us to accept
these policies 'on trust' with no evidence of any kind to justify them.

When the US government did allow some access to such evidence (in their NRC
study) the result was hardly a stunning endorsement of the government
position but it conveniently ignored these conclusons and continued on
regardless with its misguided policies as if nothing had happened.

It now seems possible that the UK government is again going to propose some
form of Key Escrow (despite their pre-election stance).  And once more my
guess is that we will be asked to accept this without a shred of evidence to
justify it.

So, DTI, if you really are about to propose a policy with Key Escrow
features could we please have the following:

1. a clear, precise and complete statement of the objectives that you are
trying to meet by including Key Escrow features in such a policy;

2. evidence to show that these objectives serve the interests of UK
citizens;

3. evidence to show that Key Escrow is practical and capable of meeting
these objectives given an information society that is global in scope;

4. an assessment of all alternative policies that might meet these
objectives, showing clearly that Key Escrow is demonstrably the best option;

5. evidence to show that Key Escrow will provide benefits for society and
that these benefits outweigh its costs in individual, social and economic
terms;

If you can do this I feel sure that you will gain the widespread support of
UK citizens.

      Brian Gladman