DTI Policy Response

Richard Clayton richard at turnpike.com
Thu, 30 Apr 1998 11:43:02 +0100 

In article <01BD741A.3451F500@ROGER_IBM.police.tas.gov.au>, Roger
Fleming <roger@police.tas.gov.au> writes

>
>Stefek Zaba wrote:
>
>[...]
>>Umm, not really - it would be bizarre to send a message encrypted in X's
>>public key to anyone but X. No, to cause X's public key to be disclosed
>>under warranted access - under a reasonable reading of the sketchy policy
>>proposals - you cause a message to be sent *to* X apparently *from* a bad
>>guy about to get busted. Since "from a bad guy" does not need to be
>>cryptographically assured, [snip brief description how]
>
>>It's for this reason that the phrases about "recovery of keys" in Paras
>>12 and 14 of the DTI Statement are worryingly vague: warrants which result
>>in the disclosure of material allowing a broad range of traffic to be
>>decrypted, [...]
>
>This is a worrying train of thought. As it stands, it would seem to be possible
>for a dishonest police officer  (or spy, etc) to obtain access to _any one's_
>communications, by a similar method.

[[ I note the domain name; I'm speaking in generalities :) ]]

If the police officer were dishonest, then there is no need to go to all
of this Machiavellian effort...  They merely (and I appreciate that
people envisage checks and balances within the system - but these
haven't worked 100% well for normal crimes) utter falsehoods so as to
get a judge (of their choice) to sign a warrant (note that you only need
to go to a Secretary of State for interception - a _judicial_ warrant
will be sufficient for a situation where it is up-front access). That
warrant gets you access to the encrypted data.

I cannot imagine Barclays (for example) being too keen to hand over
their private keys to a Detective Sergeant merely because one encrypted
message came from a bad guy.... They will (possibly even willingly) be
prepared to hand over the session keys or plaintext -- but if they have
used a licensed TTP then the dishonest (or just lazy) Detective Sergeant
may go there first, and the TTP will _only_ have the private keys to
hand over.

Note that even if the policeman is scrupulously honest, he may still go
to the TTP to decode the message he holds (perhaps he found the outgoing
copy on the bad guys machine, and it's a holiday weekend so the fastest
access to the data is via the TTP rather than dragging a Bank Manager
off the golf course?). If he goes to the TTP he ends up holding the
private keys and they give access to a lot more messages than just the
one in his hand.

Unless I'm missing something totally obvious, anyone with any sense of
security whatsoever (or with a professional body advising them on Good
Practice) is going to avoid using licensed TTPs. The banks got specific
exclusions in last years paper; now that's hidden by the general
voluntary nature of licensing.

Is any of "Big Business" going to go anywhere near the licensed sector ?

The sobriquet is "Licensed to Leak" and I cannot see how the DTI can in
one paragraph emphasise Good Practice (BS7799) and a couple of
paragraphs later espouse the idea that you should rely on a third party
to hold your private keys safely for you.

I can understand the policy makers weighing issues at different values
than me; but I do ask that they make some internal sense :(

-- 
richard                      richard.clayton    @    T U R N P I K E .com
 http://www.demon.net/news/features/crypto/  for Demon's views on crypto
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM