EU Draft Digital Signature Directive

[Brian Gladman]

From: Paul Leyland <pleyland@microsoft.com>


>> From: nigel hickson [mailto:nigelhickson@compuserve.com]
>> Sent: Wednesday, August 19, 1998 12:05 AM
>> To: INTERNET:ukcrypto@maillist.ox.ac.uk
>> Subject: re: EU Draft Digital Signature Directive
>...
>> PS  How anyone could accuse me of not supporting industry on export
>> controls I find hard to credit;  just ask Cheltenham!
>
>
>Oh it's easy enough to ask (Hi guys!), but will they answer the question?


And would anyone believe them if they did?

This thread does illustrate a problem in the current government mechanisms
in that, by allowing DTI to act as the government 'lead department' for
crypto export controls, those agencies in government who are trying to
sustain controls have neatly neutralised one of the key organisations within
government that should be 'on our side'.  It is a tragedy that the DTI
should find itself making the case for controls on behalf of other
departments of government who either don't have a case at all or only one
that does not stand up to any real public scrutiny.

I hope Nigel won't mind me saying this but I heard Nigel himself expressing
extreme frustration (at the EPIC crypto conference in Washington recently)
about being continually forced to make the case for crypto controls on
behalf of others who were never prepared to stand up and make this case for
themselves.

It seems to me that the right thing to do (if the UK intends to continue
with crypto controls) is for the DTI to pass the lead role to GCHQ (i.e. the
FCO), the only organisation within government that really needs these
measures (the law enforcement argument is just the GCHQ argument dressed up
for public consumption).  The DTI will then be free to join the growing
group of people and organisations who now see no valid reason why controls
on crypto should be continued.  And GCHQ will have to properly justify its
desire for crypto contols without hiding behind the DTI or behind a spurious
law enforcement argument.

While controls on cryptography remain in place we are progressively
implementing a UK information infrstructure that is wide open to easy attack
by "cyber criminals", "information terrorists" and by other governments.
This is hardly surprising since the protective information security
interests of the UK as a whole are evidently not of any concern to our
current government, who are clearly content to leave this in the hands of
GCHQ, an organisation whose interests are completely dominated by the need
to collect information rather than to provide any real protection.

As I have remarked before, this is the equivalent of asking a pack of hungry
hyenas to protect a flock of lambs from slaughter by lions.    I can only
hope that the MOD, the DTI and this Government wake up before it is too
late.

    Brian