From pleyland@microsoft.com Mon, 1 Jun 1998 02:00:02 -0700 Date: Mon, 1 Jun 1998 02:00:02 -0700 From: Paul Leyland pleyland@microsoft.com Subject: Scrambling for Safety > Is it just me, or was the tone of this conference (as reported here) > just slightly biased in favor of key ascrow and / or symmetric > encryption? Yes, it is just you. I didn't come away with the impression that the conference was biased in favour of key escrow --- quite the reverse. Paul From phillip.temple@onlinemagic.com Mon, 01 Jun 1998 10:50:27 +0100 Date: Mon, 01 Jun 1998 10:50:27 +0100 From: Phillip Temple phillip.temple@onlinemagic.com Subject: Scrambling for Safety David Howe wrote: >Is it just me, or was the tone of this conference (as reported here) >just slightly biased in favor of key ascrow and / or symmetric >encryption? I unfortunately was not able to make the Scrambling conference due to work, but after Infosec the following threads seem to be emerging: * PKI will be used for digital signatures * the government is against escrowing keys for digital signatures (as they are useless if compromised) * two models of trust will be possible - - licensed and unlicensed trusted third parties, though government details on their proposed model are still murky - PGP's ability to have the dig sig signed by a number of trusted friends, which whom the recipient is likely to have a mutual friend as a trusted signatory * the use of digital signatures to establish a symmetric key, eliminating the middle-man problem that symmetric-key establishment suffers from * the use of symmetric keys for message exchange, since lawful access to PK message exchange between an innocent 3rd party and a suspect would involve compromising the innocent 3rd party and all their past, present and future dealings with all other 3rd parties * the government is not going to give up on having lawful access to information that could be of national security, whereas civil liberty groups will always be opposed to indiscriminate government access * possibly the move to using the symmetric user<->user keys to further generate a unique session key, thus providing the legal authorities with the session key would enable them to follow a particular series of messages without compromising all conversations ever held between the two third parties With cryptography still not particulary widespread in the services which sit upon the Internet, there is still great enthusiasm not just from businesses and individuals but from the government itself, and optimism that we can put in place a secure infrastructure in which we can trust and which will take us into the next millennium. It's almost an honour to be sitting here and witnessing the 'birth' ;-) Phillip Temple. From octobersdad@reporters.net Mon, 1 Jun 1998 11:31:37 +0100 Date: Mon, 1 Jun 1998 11:31:37 +0100 From: T Bruce Tober octobersdad@reporters.net Subject: Kirtland Air Force Base In message <199805310515.AAA005.70@geiger.com>, William H. Geiger III writes > >In <35709AFC.7DD3@nmol.com>, on 05/30/98 > at 05:49 PM, bill payne said: > >>Masanori, the book Decision to Use the Atomic Bomb by Gar Alperovitz >>presents fairly good evidence some in US government nuked Hiroshima and >>Nagasaki merely to impress the Russians. > >No we nuked Japan because they deserved it. Gosh. I just luv macho yanks. > tbt -- Whose book Internet Security Issues and Solutions: Can You Really Trust "Trusted Third Parties"? will be available from Bloor Research by Mid-June '98. -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | New Website - http://www.crecon.demon.co.uk | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From cacib@liberty.org.uk Mon, 1 Jun 1998 16:31:24 +0100 Date: Mon, 1 Jun 1998 16:31:24 +0100 From: Campaign Against Censorship of the Internet cacib@liberty.org.uk Subject: Scrambling for Safety > Yes, it is just you. I didn't come away with the impression that > the conference was biased in favour of key escrow --- quite the > reverse. My personal recollection of the high points was: * Seeing Ross and Caspar announce FIPR * Watching speaker after speaker (from platform and floor) state that insofar as the DTI proposals bore any resemblance to the Green Paper they were to be denounced, but that they were too vague to make any useful judgement * Watching Nigel Hickson try valiantly (but futilely) to defend licencing of TTPs in the face of overwhelming opposition. * Watching the spectacle of the CBI apparently telling business not to have anything to do with same (although to be fair it was a "private" not "official CBI" viewpoint) and if you'll allow a personal one: * The support I got for telling NH that if the legislation was as vague as the proposals we'd all oppose it rather than reserving judgement. So I'd say the tone of the conference was firmly supportive of uncompromised strong encryption. This isn't just wishful thinking; I've been in 'hostile' conferences before (e.g. Internet Watch Foundation @ DTI) and reported them as such. BTW, a word of thanks to the organisers is in order. Regards, Malcolm. ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib From alan@hassey.demon.co.uk Mon, 1 Jun 1998 16:51:50 +0100 Date: Mon, 1 Jun 1998 16:51:50 +0100 From: Dr Alan Hassey alan@hassey.demon.co.uk Subject: Scrambling for Safety Can someone explain FIPR please? >My personal recollection of the high points was: > >* Seeing Ross and Caspar announce FIPR > > > >So I'd say the tone of the conference was firmly supportive of >uncompromised strong encryption. This isn't just wishful thinking; >I've been in 'hostile' conferences before (e.g. Internet Watch >Foundation @ DTI) and reported them as such. > >BTW, a word of thanks to the organisers is in order. > >Regards, > >Malcolm. +++++++++++++++++++++++++++++++++++++++++++++ + Dr Alan Hassey, alan@hassey.demon.co.uk + + The Fisher Medical Centre, Skipton + + GP Computer Adviser North Yorks HA + + RCGP Health Informatics Group & JCG + +++++++ PGP public key ID: 161BB451 +++++++++ From mikebr@internet.emap.com Mon, 1 Jun 1998 17:47:37 +0100 Date: Mon, 1 Jun 1998 17:47:37 +0100 From: Mike Bracken mikebr@internet.emap.com Subject: Scrambling for Safety http://www.wired.com/news/news/politics/story/12624.html -----Original Message----- From: Dr Alan Hassey [SMTP:alan@hassey.demon.co.uk] Sent: Monday, June 01, 1998 4:52 PM To: ukcrypto@maillist.ox.ac.uk Subject: RE: Scrambling for Safety Can someone explain FIPR please? >My personal recollection of the high points was: > >* Seeing Ross and Caspar announce FIPR > > From georgefoot@oxted.demon.co.uk Mon, 01 Jun 1998 17:56:53 +0100 (BST) Date: Mon, 01 Jun 1998 17:56:53 +0100 (BST) From: George Foot georgefoot@oxted.demon.co.uk Subject: Scrambling for Safety On Mon 01 Jun, Dr Alan Hassey wrote: > Can someone explain FIPR please? If as it appears Dr. Hassey did not obtain a copy of the Press Release issued by the: Foundation for Information Policy Research (FIPR) at the conference on May 29th. I shall be glad to make a copy for him and to send it by mail if he will give me an address. It is rather long to post to this Mailling List. George Foot -- George Foot georgefoot@oxted.demon.co.uk Web Page. http://www.oxted.demon.co.uk From steve@tightrope.demon.co.uk Mon, 1 Jun 1998 17:55:37 +0100 Date: Mon, 1 Jun 1998 17:55:37 +0100 From: Steve Mynott steve@tightrope.demon.co.uk Subject: Scrambling for Safety http://www.fipr.org/ is blank :-) but its registered to Foundation For Policy Research (FIPR-DOM) Gateway House, 322 Regents Park Rd London, N3 2QQ UK On Mon, Jun 01, 1998 at 05:47:37PM +0100, Mike Bracken wrote: > http://www.wired.com/news/news/politics/story/12624.html > > -----Original Message----- > From: Dr Alan Hassey [SMTP:alan@hassey.demon.co.uk] > Sent: Monday, June 01, 1998 4:52 PM > To: ukcrypto@maillist.ox.ac.uk > Subject: RE: Scrambling for Safety > > Can someone explain FIPR please? > >My personal recollection of the high points was: > > > >* Seeing Ross and Caspar announce FIPR > > > > -- pub 1024/D9C69DF9 1997/10/14 Steve Mynott "Documentation? The code is the documentation!" From danny@spesh.com Mon, 1 Jun 1998 18:25:50 +0100 Date: Mon, 1 Jun 1998 18:25:50 +0100 From: Danny O'Brien danny@spesh.com Subject: Scrambling for Safety At the risk of breaching copyright: d. On Mon, Jun 01, 1998 at 05:55:37PM +0100, Steve Mynott wrote: > http://www.fipr.org/ is blank :-) > > but its registered to > > Foundation For Policy Research (FIPR-DOM) > Gateway House, 322 Regents Park Rd > London, N3 2QQ > UK > > On Mon, Jun 01, 1998 at 05:47:37PM +0100, Mike Bracken wrote: > > http://www.wired.com/news/news/politics/story/12624.html > > > > -----Original Message----- > > From: Dr Alan Hassey [SMTP:alan@hassey.demon.co.uk] > > Sent: Monday, June 01, 1998 4:52 PM > > To: ukcrypto@maillist.ox.ac.uk > > Subject: RE: Scrambling for Safety > > > > Can someone explain FIPR please? > > >My personal recollection of the high points was: > > > > > >* Seeing Ross and Caspar announce FIPR > > > > > > > > -- > pub 1024/D9C69DF9 1997/10/14 Steve Mynott > "Documentation? The code is the documentation!" From richard@turnpike.com Mon, 1 Jun 1998 19:31:02 +0100 Date: Mon, 1 Jun 1998 19:31:02 +0100 From: Richard Clayton richard@turnpike.com Subject: Scrambling for Safety In article <19980601175537.55271@tightrope.demon.co.uk>, Steve Mynott writes >http://www.fipr.org/ is blank :-) > >but its registered to > >Foundation For Policy Research (FIPR-DOM) >Gateway House, 322 Regents Park Rd >London, N3 2QQ >UK Demon has been assisting FIPR get started by arranging domain registration, some web space and email. You should read nothing further into the address than that. -- richard richard.clayton @ T U R N P I K E .com http://www.demon.net/news/features/crypto/ for Demon's views on crypto "Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM From alan@hassey.demon.co.uk Mon, 1 Jun 1998 20:53:05 +0100 Date: Mon, 1 Jun 1998 20:53:05 +0100 From: Dr Alan Hassey alan@hassey.demon.co.uk Subject: Scrambling for Safety OK thanks v much...email alan@hassey.demon.co.uk or snail to: Fisher Medical Centre, Millfields, Skipton BD23 1EU (mark personal) > >If as it appears Dr. Hassey did not obtain a copy >of the Press Release issued by the: > >Foundation for Information Policy Research (FIPR) > >at the conference on May 29th. I shall be glad to >make a copy for him and to send it by mail if he will >give me an address. > >It is rather long to post to this Mailling List. > >George Foot > From Ross.Anderson@cl.cam.ac.uk Mon, 01 Jun 1998 18:00:37 +0100 Date: Mon, 01 Jun 1998 18:00:37 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Scrambling for Safety > Can someone explain FIPR please? Foundation for Information Policy Research. There was a press release at last friday's conference, which I'll copy below Ross Title: New Independent Research Foundation Backed by Microsoft Too often, policy issues relating to information technology are seperately debated by two distinct grouups: technology experts and those focused on social concerns. Policy makers face the challenge of reconciling the seperate debates in areas where technology is often evolving very quickly. A new research foundation aims to provide clear advice that spans this gap and is independent of vested interests. The Foundation for Information Policy Research will fund research into how information technology affects society. It is launched at a press conference on Friday 29th May at 11.00 am. (1) Microsoft has contributed a six-figure sum to cover the launch costs. Internet service providers Poptel and Demon are also supporting the Foundation. Its independence will be guaranteed, however, by a board of trustees. (2) In the medium term it will be supported by subscriptions from a range of firms in commerce and industry. The goal of the Foundation is to promote research and understanding of the effects, and the likely future effects, of IT on society. Its areas of investigation include: (3) * the regulation of electronic commerce; * consumer protection; * data protection and privacy; * copyright; * law enforcement; * evidence and archiving; * electronic interaction between government, businesses and individuals; * the extent to which various information technologies discriminate against the less advantaged members of society; and * the new risks that computer and communication systems pose to life, health and economic well-being The Foundation will also provide a valuable resource for the press as it will be able to put journalists in touch with a wide range of experts who can explain IT issues as they arise. Contact: Caspar Bowden (Director of the Foundation) 0171 837 8706 Ross Anderson (Chair of the Foundation) 01223 334733 QUOTES The Director of the Foundation, Caspar Bowden, said: ``The IT policies (and failures) which the current government inherited, and the decisions which will be made by them in the future, will have far-reaching effects on who society's winners and losers will be. We have a duty to prevent technological innovation and development taking place at the expense of the poor, the old, the sick and the disabled. We believe that so long as we understand the social and policy implications of new technical innovations, we can make IT into a means to facilitate social inclusion. The Foundation's mission will be to achieve and to spread that understanding.'' The Managing Director of Microsoft UK, David Svendsen, said: ``It's important that we contribute to a broad and informed public discussion on these information society issues.'' The Chair of the Foundation, Ross Anderson of Cambridge University, said: ``We welcome this new source of funding for IT related research. An increase in the diversity of funding sources is almost always a good thing, and the Foundation will be particularly valuable as much of the available IT funding is directed to very short-term and narrowly technical agendas.'' NOTES (1) The press conference is at the "Scrambling for Safety" conference, at the Bloomsbury Theatre, University College, London. URL: (2) The Foundation's Director and full-time CEO, Caspar Bowden, has for the last three years been running Qualia, a consultancy business specialising in internet implementations. Before that he was a financial strategist with Goldman Sachs. He also researched IT and communications issues for Scientists for Labour. Its chair, Ross Anderson, is a faculty member at Cambridge University Computer Laboratory and has done extensive research on topics related to electronic commerce. BACKGROUND The "Millennium Bug" - the problem that many computers cannot deal correctly with the date roll-over from 1999 to 2000 - threatens to cause havoc with many systems and has been declared a national emergency by the Prime Minister. Another problem that has worried policymakers and concerned citizens is that new developments in IT may discriminate against the less well off members of society. For example, the current mechanisms for electronic commerce depend on consumers using their credit cards to order goods and services over the net. They often get a big discount for buying this way; but people without credit cards may lose out. The first task that the Foundation has set itself is to examine the underpinnings of electronic commerce. The European Commission has recently published a draft Directive on this subject and will launch a period of public consultation at the same conference at which the Foundation itself will be launched. (The draft directive is at .) Other topics which the Foundation plans to investigate include: * the maintenance of public records in electronic form. We do not fully understand how to ensure that word processor files and other electronic documents created today can be safely stored for many years, and reliably made available in the future. This affects not just the new Freedom of Information Act, but also the work of future librarians and historians. * the development of copyright law. There are some industry proposals which would restrict the ability of libraries to lend out digital works. Will this mean the end of the public library, as more and more books, videos and other material become digital? What are the implications for schools and universities? What are the implications for the public, if all major sports events in future are pay-per-view? Are these developments inevitable, or is there something we can do about them? * the introduction of electronic communication between the citizen and the government has the potential to cut queues and the frustration of dealing with people on the phone. However, are these changes intrinsically more likely to favour the articulate, and to bring the most benefit to well-off people with their own computers? What technical developments are reasonably possible to ensure that all citizens get a fair deal? * the previous government's proposal for a "personal signature card" that would give access to all government services had a distinct flavour of an ID card. Are such developments necessary, or can we find workable alternatives? * the police are concerned about the spread of prepaid mobile phones, which are increasingly used by stalkers and extortionists. However, if they are banned, then how would people without credit cards obtain a mobile phone service? * there have been many disputes in the past over "phantom withdrawals" from bank cash machines, and banks have defended themselves by claiming that their computers cannot be wrong. How can this approach work when millions of merchants are selling services through a wide variety of computer systems? What will consumer rights amount to in the information age? * the failure of government computer systems - whether spectacular failure due to the millennium bug, or the continuing sporadic failures in the NHS - does most harm to pensioners, the disabled, single mothers, the unemployed and people on NHS waiting lists (who are typically elderly, female and working class). How can we encourage best engineering practice in the public sector? - - - ends - - From alan@hassey.demon.co.uk Mon, 1 Jun 1998 22:44:28 +0100 Date: Mon, 1 Jun 1998 22:44:28 +0100 From: Dr Alan Hassey alan@hassey.demon.co.uk Subject: Scrambling for Safety Thanks Ross - did you have a succesful day? > > >Foundation for Information Policy Research. There was a press release at >last friday's conference, which I'll copy below > >Ross > > +++++++++++++++++++++++++++++++++++++++++++++ + Dr Alan Hassey, alan@hassey.demon.co.uk + + RCGP Health Informatics Group & JCG + +++++++++++++++++++++++++++++++++++++++++++++ From dorisaw@IDT.NET Mon, 01 Jun 1998 17:59:03 -0400 Date: Mon, 01 Jun 1998 17:59:03 -0400 From: Doris Woods dorisaw@IDT.NET Subject: Kirtland Air Force Base Hi all, bill payne wrote: > > Saturday 5/30/98 5:15 PM > > > Masanori, the book Decision to Use the Atomic Bomb by Gar Alperovitz > presents fairly good evidence some in US government nuked Hiroshima and > Nagasaki merely to impress the Russians. > Carroll Quigley said in Tragedy and Hope... they were worried the war would be over with before they got their chance to use it! Doris From I.Brown@cs.ucl.ac.uk Tue, 02 Jun 1998 14:15:56 +0100 Date: Tue, 02 Jun 1998 14:15:56 +0100 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: Royal Mail & Entrust key recovery Isn't it wonderful to know these people are partnering with the Royal Mail to give the whole UK "secure" solutions. My favourite feature of Entrust is that all encryption keys are generated and stored centrally before being sent to the clients that use them. As Ross would say: "finding holes in this should not tax the reader's intelligence overmuch. " Ian. -- Businesses Require Key Backup and Recovery System For Effective Implementation of Security Solutions DALLAS, TEXAS--(BUSINESS WIRE)--June 1, 1998--Entrust(R) Technologies Raises Bar In Enterprise Security Field By Providing Solution For Enterprises To Recover Encryption Keys Without Third-Party Key Escrow. Corporations are recognizing that key backup and recovery is a critical business issue and the requirement is escalating in parallel with the ongoing government key escrow discussions. Today, Entrust(R) Technologies announced its ability to deliver an Enterprise Key Recovery solution that allows companies to retain full control of their encryption keys -- protecting valuable information and improving service to employees. Businesses understand the importance of key backup as they must be able to retrieve encrypted data when users lose their decryption keys, forget their passwords or leave the organization. These are issues that organizations face daily and that enterprise key recovery is designed to address. If users forget their passwords, Entrust's Enterprise Key Recovery feature provides system administrators with the ability to allow users to recover their keys and regain access to encrypted data. Additionally, Entrust's Enterprise Key Recovery gives corporations the ability to deliver only the relevant decrypted data to law enforcement officials or other third parties. Additionally, this feature provides protection to employees since corporations define the number of system administrators required to set users up for key recovery. "While the debate over the relevant merits of key escrow continues, we continue to see strong business requirements for Entrust's Enterprise Key Recovery feature," said John Ryan, president and chief executive officer, Entrust Technologies, Inc. "Organizations want to retain control of their sensitive information and our system meets this requirement while providing the ability to surrender decrypted data to law enforcement officials when necessary." Entrust's Enterprise Key Recovery solution addresses a critical business problem while maintaining protection for documents signed with digital signatures. Entrust software provides separate keys for encryption and digital signatures, but only includes the encryption keys in the key recovery system. This is designed to ensure that users' digital signatures are not compromised by the key recovery system. "Many of my clients have asked for help in obtaining export licenses for encryption and security systems from the U.S. Department of Commerce," said Roz Thompson, a partner in the law firm of Thomsen and Burke LLP, Washington, DC. "I have repeatedly been able to get the appropriate export approval for my clients to use 128-bit encryption in the Entrust PKI product because of the Enterprise Key Recovery feature. In fact, none of the applications we submitted have ever been denied." "Export controls aren't the only reason to implement key recovery. They aren't even the best reason," said Stewart Baker, an encryption law expert from Steptoe & Johnson in Washington, DC. "Companies can't afford to lose access to their data. They have to be able to recover data for their own reasons -- not to mention government recordkeeping and access requirements all around the world." From I.Brown@cs.ucl.ac.uk Tue, 02 Jun 1998 19:33:23 +0100 Date: Tue, 02 Jun 1998 19:33:23 +0100 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: More on Royal Mail/Entrust Yaman Akdeniz has a story in Wired on this subject: http://www.wired.com/news/news/politics/story/12492.html Although I was surprised to hear that Brian Gladman is a former Minister of Defence ;) But then, Wired also thinks Ross Anderson is "head of the Cambridge University Computer Lab" (http://www.wired.com/news/news/politics/story/12624.html) :) Ian >:) From brax@dircon.co.uk Wed, 3 Jun 1998 10:34:31 +0100 Date: Wed, 3 Jun 1998 10:34:31 +0100 From: Mike Bracken brax@dircon.co.uk Subject: More on Royal Mail/Entrust > Although I was surprised to hear that Brian Gladman is a former Minister > of Defence ;) But then, Wired also thinks Ross Anderson is "head of the > Cambridge University Computer Lab" > (http://www.wired.com/news/news/politics/story/12624.html) :) My mistake. I corrected it soon after. Sorry. Mike Bracken From brax@dircon.co.uk Wed, 3 Jun 1998 10:34:31 +0100 Date: Wed, 3 Jun 1998 10:34:31 +0100 From: Mike Bracken brax@dircon.co.uk Subject: More on Royal Mail/Entrust > Although I was surprised to hear that Brian Gladman is a former Minister > of Defence ;) But then, Wired also thinks Ross Anderson is "head of the > Cambridge University Computer Lab" > (http://www.wired.com/news/news/politics/story/12624.html) :) My mistake. I corrected it soon after. Sorry. Mike Bracken From nbohm@ernest.net Thu, 04 Jun 1998 15:30:48 +0100 Date: Thu, 04 Jun 1998 15:30:48 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Menwith Hill In view of recent references to Menwith Hill and its functions, the list may be interested in the following summarised law report: Legislation: Military Lands Act 1892 s.14 Case: Secretary of State for Defence v Percy P, a campaigner against the activities of US defence forces at an RAF base at Menwith Hill, had a final injunction made against her forbidding her from entering or crossing land owned by the Ministry of Defence (MoD) at Menwith Hill, other than the lawful use of public footpaths which traversed the property. The land was the subject of certain bylaws, made by the Secretary of State under the Military Lands Act 1892 s.14 , forbidding people from, inter alia, entering the "applicable area", but a Crown Court judge had subsequently found the bylaws to be invalid on the basis that the "applicable area" referred to land which could not properly be regarded as having been appropriated for military purposes. However, MoD decided to retain all its bylaw notices and, with the Secretary of State, brought motions to commit P to prison for breaches of the injunction on the grounds that she had removed bylaw notices from the base. P contended that (1) lack of definition of the boundaries of the public footpath over the land meant that it could not be proved that the notices were outside them, and (2) removal of the notices simply remedied MoD's decision to retain unlawful bylaw notices. Held, that (1) since P's only reason for going onto the public footpath was to remove the notices, as opposed to passing and repassing, she had been a trespasser, and (2) whilst it was an abuse of statutory power for MoD to retain the notices, knowing that the bylaws were invalid, members of the public had no legal right to enter private property to remove such notices and thereby enforce the law. In the absence of any legal justification for her actions, P was in breach of the injunction, and the period of the suspended sentence imposed on her for earlier breaches of injunctions would be extended to run 12 months from the date of judgment. Court: Chancery Division; Judge: Carnwath, J. Judgment date: April 24, 1998 Reference: Times, May 11, 1998 Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From I.Brown@cs.ucl.ac.uk Fri, 05 Jun 1998 10:14:30 +0100 Date: Fri, 05 Jun 1998 10:14:30 +0100 From: Ian BROWN I.Brown@cs.ucl.ac.uk Subject: Menwith Hill > P, a campaigner against the activities of US defence forces at an RAF base > at Menwith Hill, had a final injunction made against her forbidding her > from entering or crossing land owned by the Ministry of Defence (MoD) at > Menwith Hill, other than the lawful use of public footpaths which traversed > the property. Perhaps we should organise a day's walking trip ;) Ian :D From Alec.Muffett@UK.Sun.COM Fri, 05 Jun 1998 12:57:17 +0100 Date: Fri, 05 Jun 1998 12:57:17 +0100 From: Alec Muffett - SunLabs Alec.Muffett@UK.Sun.COM Subject: Menwith Hill >> P, a campaigner against the activities of US defence forces at an RAF base >> at Menwith Hill, had a final injunction made against her forbidding her >> from entering or crossing land owned by the Ministry of Defence (MoD) at >> Menwith Hill, other than the lawful use of public footpaths which traversed >> the property. > >Perhaps we should organise a day's walking trip ;) Menwith's a beautiful area, modulo the golf-balls; I was up there at the May bank-holiday (en route to Gateshead) and stopped in at the menwith protest camp for a chat, but everyone must have been off protesting, somewhere... This thread harks back to an idea I had/discussed with Whit at SFS2 last week; I was flirting with the idea of floating a company, eg: SigInt Tours (UK) Ltd - which would do bus-trips around the perimeter of all the major Intelligence agencies, listening bases, AEW stations, etc, and organise whatever would be appropriate entertainment in the local area... So we could do: Cheltenham (shopping) Menwith Hill / Fylingdales (breweries) Morwenstowe (cream teas) Malvern (rambling) Bletchley (geeking) ...and other sites, etc, and drive around in a bus, preferably one with blacked out windows and a satellite-dish monnted on the roof. I think (given the right marketing) it would fly. Anyone interested? 8-) - alec -- alec muffett, sun microsystems laboratories, alec.muffett @ uk.sun.com * do not click on this link * From octobersdad@reporters.net Fri, 5 Jun 1998 16:19:13 +0100 Date: Fri, 5 Jun 1998 16:19:13 +0100 From: T Bruce Tober octobersdad@reporters.net Subject: Menwith Hill In message <199806051157.MAA12788@coyote.uk.sun.com>, Alec Muffett - SunLabs writes > > Cheltenham (shopping) > Menwith Hill / Fylingdales (breweries) > Morwenstowe (cream teas) > Malvern (rambling) > Bletchley (geeking) > >...and other sites, etc, and drive around in a bus, preferably one >with blacked out windows and a satellite-dish monnted on the roof. > >I think (given the right marketing) it would fly. Anyone interested? 8-) Sounds good to me. tbt -- Whose book Internet Security Issues and Solutions: Can You Really Trust "Trusted Third Parties"? will be available from Bloor Research by Mid-June '98. -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | New Website - http://www.crecon.demon.co.uk | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From jya@pipeline.com Fri, 05 Jun 1998 12:44:59 -0400 Date: Fri, 05 Jun 1998 12:44:59 -0400 From: John Young jya@pipeline.com Subject: Menwith Hill Alex Muffet proposed: > SigInt Tours (UK) Ltd An idea perfect for the Information Era. These sites around the world are truly the day's battlefield monuments fast being converted to Spy Shop franchises to sell A-grade dope, taps, intercepts, sat photos, dirty listening. The CIA has a gift shop at HQ, selling cookbooks, trinkets, spy kits, T-shirts. It's Web site sells shrewdly "declassifed" tall tales of analysts and covert operators. NSA, NRO and soon other NatSec dinosaurs, are, for survival, reaching out to the public to peddle brand-name Black Secrets like Yellow Arch hamburgers, and, if whispers are truthful, dealing underhand with NatSec idolators who really believe the junk information is pure titanium. Hurry, though, the spooks now admit they can't process the flood of data being intercepted by machines sucking every channel on earth and beyond. That's going to make the gullibility trade drop. From jhc@gxn.net Fri, 05 Jun 1998 17:59:08 +0100 Date: Fri, 05 Jun 1998 17:59:08 +0100 From: Jon Care jhc@gxn.net Subject: Menwith Hill Alec wrote: > > SigInt Tours (UK) Ltd > > - which would do bus-trips around the perimeter of all the major Intelligence > agencies, listening bases, AEW stations, etc, and organise whatever would be > appropriate entertainment in the local area... > > So we could do: > > Cheltenham (shopping) > Menwith Hill / Fylingdales (breweries) > Morwenstowe (cream teas) > Malvern (rambling) > Bletchley (geeking) > > ...and other sites, etc, and drive around in a bus, preferably one > with blacked out windows and a satellite-dish monnted on the roof. Not forgetting that Impressive Building In Vauxhall - Thames Boat Rides, anyone? :-) - Jon C. From froomkin@law.miami.edu Fri, 5 Jun 1998 13:19:26 -0400 (EDT) Date: Fri, 5 Jun 1998 13:19:26 -0400 (EDT) From: Michael Froomkin - U.Miami School of Law froomkin@law.miami.edu Subject: Menwith Hill MI5 in Carelton Gardens, near Traffalgar Square, London (bad traffic!)? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Professor of Law | U. Miami School of Law | froomkin@law.tm http://www.law.tm P.O. Box 248087 | Coral Gables, FL 33124 USA | It's hot here. And humid too. From jya@pipeline.com Mon, 08 Jun 1998 14:49:12 -0400 Date: Mon, 08 Jun 1998 14:49:12 -0400 From: John Young jya@pipeline.com Subject: Update of Risks of Key Recovery Report http://www.cdt.org/crypto/risks98 The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption 1998 Hal Abelson Ross Anderson Steven M. Bellovin Josh Benaloh Matt Blaze Whitfield Diffie John Gilmore Peter G. Neumann Ronald L. Rivest Jeffrey I. Schiller Bruce Schneier Final Report -- 27 May 1997 Updated -- June 8, 1998 ---------- Introduction and CDT's press release: http://jya.com/risks98.htm From E.J.Koops@kub.nl Thu, 11 Jun 1998 17:22:13 MET Date: Thu, 11 Jun 1998 17:22:13 MET From: Bert-Jaap Koops E.J.Koops@kub.nl Subject: Crypto Law Survey updated I have just updated my survey of existing and envisaged cryptography laws and regulations. See the Crypto Law Survey at http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm This update includes: -update on Wassenaar (to be revised), EU (proposal for new dual-use regulation; Copenhagen hearing; ETSI rejects RH; law-enforcement policy paper), Birma (domestic regulation), Brazil (no regulation plans), Germany (no regulation before elections), Kazakhstan (domestic controls), Malaysia (CA's must decrypt during search), Pakistan (regulation on sale and use), Spain (export), Sweden (export), US (Karn; Junger; new version Kerrey-McCain; Gore letter) - URLs added to EU (conditional access regulation), US (BXA Annual Report; Junger page) I have also started a mailing list to announce updates, to which you can subscribe by sending a message to with subject "subscribe CLS-update". Kind regards, Bert-Jaap --------------------------------------------------------------------- Bert-Jaap Koops tel +31 13 466 8101 Center for Law, Administration and facs +31 13 466 8149 Informatization, Tilburg University e-mail E.J.Koops@kub.nl -------------------------------------------------- Postbus 90153 | This world's just mad enough to have been made | 5000 LE Tilburg | by the Being his beings into being prayed. | The Netherlands | (Howard Nemerov) | --------------------------------------------------------------------- http://cwis.kub.nl/~frw/people/koops/bertjaap.htm --------------------------------------------------------------------- From Ross.Anderson@cl.cam.ac.uk Thu, 11 Jun 1998 18:02:04 +0100 Date: Thu, 11 Jun 1998 18:02:04 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Labour withdraws its info-highway web page During a routine check of my web page for link rot, I find that the Labour Party's pre-election statement against encryption has been withdrawn: http://www.labour.org.uk/views/info-highway/content.html HTTP Error 404 404 Not Found The Web server cannot find the file or script you asked for. Please check the URL to ensure that the path is correct. Please contact the server's administrator if this problem persists. Who wishes to contact the server's administrator? :-) More to the point, who's got a cache of the page? Ross From gideony@MICROSOFT.com Thu, 11 Jun 1998 13:49:44 -0700 Date: Thu, 11 Jun 1998 13:49:44 -0700 From: Gideon Yuval gideony@MICROSOFT.com Subject: Labour withdraws its info-highway web page an AltaVista search finds: http://www.tibus.com/encryptionuk/labour.html (copy: The Labour Party Extracted from http://www.labour.org.uk/views/info%2Dhighway/content.html Begin Extract It is important that privacy is rigorously protected over the new networks, for both personal and commercial reasons. We do not accept the "clipper chip" argument developed in the United States for the authorities to be able to swoop down on any encrypted message at will and unscramble it. The only power we would wish to give to the authorities, in order to pursue a defined legitimate anti-criminal purpose, would be to enable decryption to be demanded under judicial warrant (in the same way that a warrant is required in order to search someone's home). Attempts to control the use of encryption technology are wrong in principle, unworkable in practice, and damaging to the long-term economic value of the information networks. There is no fundamental difference between an encrypted file and a locked safe. A safe may be effectively impregnable in that the effort taken to open it would destroy the contents. An encryption algorithm, similarly, may be effectively unbreakable. Furthermore, the rate of change of technology and the ease with which ideas or computer software can be disseminated over the Internet and other networks make technical solutions unworkable. Adequate controls can be put in place based around current laws covering search and seizure and the disclosure of information. It is not necessary to criminalise a large section of the network-using public to control the activities of a very small minority of law-breakers. In all other areas, privacy must be rigorously protected, particularly in the light of the potential for secondary, micro-marketing on the new networks. The Data Protection Act already applies to personal information held in relation to computerised services and providers should be aware of their responsibilities under the Act. We would wish to consult with the Registrar to ensure that the provisions of the Act provide adequate protection for new digital services. As long as sources were only traced when specific legal permission for defined reasons had been given, and this process were openly monitored, we believe the arrangements set out above would provide the most appropriate balance between freedom of speech and freedom from harm. End Extract Comments Paul Gregg This looks very positive and the tone of the Labour Party document seems very dismissive of the DTI's published proposals. Perhaps if there is a Labour Government, whoever drove this document would follow it up in parliament. Ian G Batten noted that Jack Straw outlined the following regarding EU Crypto Policy: ``As the Government are considering legislation which would require all keys to be held by a central body, and making it an offence used [sic] unlicensed cryptology [sic], I assume there is little confidence that current technology is likely to make key-breaking any easier.'' -Jack Straw I think we can assume from this that the Labour position pre the election isn't worth the Web Site it's written on. 18 years of Tories: no legislation. Less than 12 months of Labour and they're considering legislation. - Ian G Batten ) -----Original Message----- From: Ross Anderson [mailto:Ross.Anderson@cl.cam.ac.uk] Sent: Thursday, June 11, 1998 10:02 AM To: ukcrypto@maillist.ox.ac.uk Subject: Labour withdraws its info-highway web page During a routine check of my web page for link rot, I find that the Labour Party's pre-election statement against encryption has been withdrawn: http://www.labour.org.uk/views/info-highway/content.html HTTP Error 404 404 Not Found The Web server cannot find the file or script you asked for. Please check the URL to ensure that the path is correct. Please contact the server's administrator if this problem persists. Who wishes to contact the server's administrator? :-) More to the point, who's got a cache of the page? Ross From stephen.doogan@strath.ac.uk Thu, 11 Jun 1998 22:02:38 +0000 Date: Thu, 11 Jun 1998 22:02:38 +0000 From: Stephen Doogan stephen.doogan@strath.ac.uk Subject: Labour withdraws its info-highway web page Hi Ross On 11-Jun-98, Ross Anderson wrote: > During a routine check of my web page for link rot, I find that the > Labour Party's pre-election statement against encryption has been > withdrawn: > > http://www.labour.org.uk/views/info-highway/content.html > HTTP Error 404 > 404 Not Found > The Web server cannot find the file or script you asked for. Please check the > URL to ensure that the path is correct. > Please contact the server's administrator if this problem persists. > > Who wishes to contact the server's administrator? :-) > > More to the point, who's got a cache of the page? > > Ross Hi Ross I can do better than that, I've actually got a copy of the pre-election bookletsomewhere with it in. When I mailed Labout asking for clarification of a couple of the get outs that were else where in the on-line version, the reply was to send a paper copy of what was on their site ;-)) -- _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/ _/ Strathclyde Law School _/ Stephen Doogan _/ PhD researcher _/ -*-*-*-**-*-*- _/ Unversity of _/ Strathclyde _/stephen.doogan@strath.ac.uk _/ _/ _/ steved@lawman.u-net.com _/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Type Bits/KeyID Date User ID pub 1024/4CABEF51 1998/04/12 stephen doogan Key fingerprint = 5B 77 05 33 9A 61 C5 18 E8 C0 AA 36 CC 56 61 61 From gbroiles@netbox.com Thu, 11 Jun 1998 14:05:44 -0700 (PDT) Date: Thu, 11 Jun 1998 14:05:44 -0700 (PDT) From: Greg Broiles gbroiles@netbox.com Subject: FOIA request re crypto export, NSA, GCHQ We corresponded briefly last fall with respect to a transfer of cryptographic hardware from the UK to partie(s) in Johannesburg, South Africa, during the embargo against the apartheid state, and collusion between NSA and GCHQ .. you'd suggested on the ukcrypto mailing list that a US citizen might like to file a FOIA request for details about that. I sent a FOIA request a few days after your message, and just yesterday received their response .. they said that they searched all of their records, the search took less than two hours, and found no responsive documents. I suspect that their "no records" response is actually a "Glomar response", which means that they're saying there are no records when actually the records are classified; Clinton issued an executive order in 1995 allowing that practice. I'm planning to appeal their response. So, no news yet, but thought you might be amused to learn that the wheels of the bureaucracy are grinding along slowly. Their response is online at . -- Greg Broiles gbroiles@netbox.com From stephen.doogan@strath.ac.uk Thu, 11 Jun 1998 22:02:38 +0000 Date: Thu, 11 Jun 1998 22:02:38 +0000 From: Stephen Doogan stephen.doogan@strath.ac.uk Subject: Labour withdraws its info-highway web page Hi Ross On 11-Jun-98, Ross Anderson wrote: > During a routine check of my web page for link rot, I find that the > Labour Party's pre-election statement against encryption has been > withdrawn: > > http://www.labour.org.uk/views/info-highway/content.html > HTTP Error 404 > 404 Not Found > The Web server cannot find the file or script you asked for. Please check the > URL to ensure that the path is correct. > Please contact the server's administrator if this problem persists. > > Who wishes to contact the server's administrator? :-) > > More to the point, who's got a cache of the page? > > Ross Hi Ross I can do better than that, I've actually got a copy of the pre-election bookletsomewhere with it in. When I mailed Labout asking for clarification of a couple of the get outs that were else where in the on-line version, the reply was to send a paper copy of what was on their site ;-)) -- _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/ _/ Strathclyde Law School _/ Stephen Doogan _/ PhD researcher _/ -*-*-*-**-*-*- _/ Unversity of _/ Strathclyde _/stephen.doogan@strath.ac.uk _/ _/ _/ steved@lawman.u-net.com _/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Type Bits/KeyID Date User ID pub 1024/4CABEF51 1998/04/12 stephen doogan Key fingerprint = 5B 77 05 33 9A 61 C5 18 E8 C0 AA 36 CC 56 61 61 From gbroiles@netbox.com Thu, 11 Jun 1998 14:05:44 -0700 (PDT) Date: Thu, 11 Jun 1998 14:05:44 -0700 (PDT) From: Greg Broiles gbroiles@netbox.com Subject: FOIA request re crypto export, NSA, GCHQ We corresponded briefly last fall with respect to a transfer of cryptographic hardware from the UK to partie(s) in Johannesburg, South Africa, during the embargo against the apartheid state, and collusion between NSA and GCHQ .. you'd suggested on the ukcrypto mailing list that a US citizen might like to file a FOIA request for details about that. I sent a FOIA request a few days after your message, and just yesterday received their response .. they said that they searched all of their records, the search took less than two hours, and found no responsive documents. I suspect that their "no records" response is actually a "Glomar response", which means that they're saying there are no records when actually the records are classified; Clinton issued an executive order in 1995 allowing that practice. I'm planning to appeal their response. So, no news yet, but thought you might be amused to learn that the wheels of the bureaucracy are grinding along slowly. Their response is online at . -- Greg Broiles gbroiles@netbox.com From dsweig@jgvandyke.com Thu, 11 Jun 1998 21:14:31 -0400 Date: Thu, 11 Jun 1998 21:14:31 -0400 From: Dave Sweigert dsweig@jgvandyke.com Subject: FOIA request re crypto export, NSA, GCHQ Excatly how was the FOIA request worded. This is the key. Can you post the wording of your request. You should appeal if you really want to know. Greg Broiles wrote: > > We corresponded briefly last fall with respect to a transfer of > cryptographic hardware from the UK to partie(s) in Johannesburg, South > Africa, during the embargo against the apartheid state, and collusion > between NSA and GCHQ .. you'd suggested on the ukcrypto mailing list that > a US citizen might like to file a FOIA request for details about that. I > sent a FOIA request a few days after your message, and just yesterday > received their response .. they said that they searched all of their > records, the search took less than two hours, and found no responsive > documents. > > I suspect that their "no records" response is actually a "Glomar > response", which means that they're saying there are no records when > actually the records are classified; Clinton issued an executive order in > 1995 allowing that practice. > > I'm planning to appeal their response. > > So, no news yet, but thought you might be amused to learn that the wheels > of the bureaucracy are grinding along slowly. Their response is online at > . > > -- > Greg Broiles > gbroiles@netbox.com From brownrk1@texaco.com Fri, 12 Jun 1998 03:19:55 -0500 Date: Fri, 12 Jun 1998 03:19:55 -0500 From: Brown, R Ken brownrk1@texaco.com Subject: Labour withdraws its info-highway web page This looks complete: http://www.keele.ac.uk/depts/cs/Stephen_Bostock/labour.html > Ross Anderson[SMTP:Ross.Anderson@cl.cam.ac.uk] wrote: > > During a routine check of my web page for link rot, I find that the > Labour Party's pre-election statement against encryption has been > withdrawn: > http://www.labour.org.uk/views/info-highway/content.html From dsweig@jgvandyke.com Thu, 11 Jun 1998 21:14:31 -0400 Date: Thu, 11 Jun 1998 21:14:31 -0400 From: Dave Sweigert dsweig@jgvandyke.com Subject: FOIA request re crypto export, NSA, GCHQ Excatly how was the FOIA request worded. This is the key. Can you post the wording of your request. You should appeal if you really want to know. Greg Broiles wrote: > > We corresponded briefly last fall with respect to a transfer of > cryptographic hardware from the UK to partie(s) in Johannesburg, South > Africa, during the embargo against the apartheid state, and collusion > between NSA and GCHQ .. you'd suggested on the ukcrypto mailing list that > a US citizen might like to file a FOIA request for details about that. I > sent a FOIA request a few days after your message, and just yesterday > received their response .. they said that they searched all of their > records, the search took less than two hours, and found no responsive > documents. > > I suspect that their "no records" response is actually a "Glomar > response", which means that they're saying there are no records when > actually the records are classified; Clinton issued an executive order in > 1995 allowing that practice. > > I'm planning to appeal their response. > > So, no news yet, but thought you might be amused to learn that the wheels > of the bureaucracy are grinding along slowly. Their response is online at > . > > -- > Greg Broiles > gbroiles@netbox.com From octobersdad@reporters.net Fri, 12 Jun 1998 11:44:40 +0100 Date: Fri, 12 Jun 1998 11:44:40 +0100 From: T Bruce Tober octobersdad@reporters.net Subject: FOIA request re crypto export, NSA, GCHQ In message <358080F6.1DAD@mymail.com>, Dave Sweigert writes >Excatly how was the FOIA request worded. This is the key. >Can you post the wording of your request. You should appeal >if you really want to know. Also I would suggest contacting Michael Ravnitzky to check the strength and accuracy of your FOIA requests and appeal. He's been extremely successful with FOIAs. I believe he's also written a book on the subj. tbt -- Whose book Internet Security Issues and Solutions: Can You Really Trust "Trusted Third Parties"? available from Bloor Research in early July '98 -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | New Website - http://www.crecon.demon.co.uk | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From az096@freenet.toronto.on.ca Fri, 12 Jun 1998 08:55:11 -0400 Date: Fri, 12 Jun 1998 08:55:11 -0400 From: Robert Guerra az096@freenet.toronto.on.ca Subject: PGP Keysignings in the UK..? -----BEGIN PGP SIGNED MESSAGE----- I maintain a list of PGP Keysigning sessions which are or will be taking place. I established the list/service as I could not find any central location where one could find where such sessions were being held. If you are holding a keysigning session (or know someone, or group that is), kindly let me know so that I can list it on my www page. http://www.geocities.com/CapitolHill/3378/pgpparty.html sincerely yours robert guerra Robert Guerra - Email-> mailto:az096@freenet.toronto.on.ca ICQ #10266626 Home Page-> http://www.geocities.com/CapitolHill/3378 PGPKeys available on WWW Page & via finger://rguerra@flare.dynip.com -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5.3 Comment: Digital signatures verify author and unaltered content iQEVAwUBNYElXIs5aKqJYZvFAQEzcQf/VRz05KsgtL8F2b46ILDtssJwle/EqW0S dfs/RL3dP9Ep/AqU7DYKjxnK7FSYUL3Bqga9y5ci/z8cviQyUYwImd0mWFoPRmgl MObQKp9ImcGmaE2CCaS3uABVbg22WaLBoOtJJYyIU6mIIN/KqrvRa1qxqR4pSg26 dFTywJJcM5O5Twnsx0tHyz3DGWlOhh44F+v/+Q4Qfa5/pqvCGMya3dU7m1KXJpYo aineWNZvO1B3qzvX976nG9EctavqbeD6sqhncvOqWmJYnB4fhO24ioH2Vh/b0fJ5 o3QwBDamSQuw+AR7HoyoJ2pnxrQyZtSmqVl2a/wR/rlX5d+LsuopYQ== =NjVj -----END PGP SIGNATURE----- From pgut001@cs.auckland.ac.nz Sat, 13 Jun 1998 01:12:50 (NZST) Date: Sat, 13 Jun 1998 01:12:50 (NZST) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: FOIA request re crypto export, NSA, GCHQ Re: FOIA request re crypto export, NSA, GCHQ >Excatly how was the FOIA request worded. This is the key. Can you post the >wording of your request. You should appeal if you really want to know. If foreigners/foreign nations are involved, can the NSA use that as an excuse for not providing details? I looked at an FOIA request some time ago for something involving NSA dealings with NZ and got told that they'd just use the foreign involvement excuse as a get out of jail free card. If this isn't the case, is there someone in the US who could file a request on my behalf? Peter. From whgiii@invweb.net Fri, 12 Jun 1998 08:52:13 -0500 Date: Fri, 12 Jun 1998 08:52:13 -0500 From: whgiii@invweb.net whgiii@invweb.net Subject: List of PGP Public Keyservers -----BEGIN PGP SIGNED MESSAGE----- Hi, This is just a quick note to let everyone that I have a webpage available that lists all the known http based PGP Public Keyservers: http://users.invweb.net/~whgiii/pgpsrv.html I just updated all the links last night and have added several new severs and corrected the links for several others. You can directly lookup keys from any of the servers from this webpage. To upload keys follow the link to the indivdule server and use their upload page. If there are any servers that you know of that I have missed please drop me a note with the url. Thanks, - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html - --------------------------------------------------------------- Tag-O-Matic: OS/2: Windows with bullet-proof glass. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNYEnwo9Co1n+aLhhAQF7AAP/eYS8Q4ooq/gohN8b/twIIWwIgzPP1q/t 6qnGDnoPkQ77MmDhX0MDxvpNdJl5rZwdxrTtYq+d3cx7DCEFH3OfYDyJnngdd49s Do2NxbftmWGyu/a1pT/0ugji++2kQWpV2aE3I3vyDKlszsfPjcRTYWej+biKzDGn 1cRTl9i+hc4= =jCC5 -----END PGP SIGNATURE----- Tag-O-Matic: Dos: Venerable. Windows: Vulnerable. OS/2: Viable. From Frode.Weierud@cern.ch Fri, 12 Jun 1998 16:09:13 +0200 (METDST) Date: Fri, 12 Jun 1998 16:09:13 +0200 (METDST) From: Frode Weierud Frode.Weierud@cern.ch Subject: FOIA request re crypto export, NSA, GCHQ On Sat, 13 Jun 1998, Peter Gutmann wrote: > If foreigners/foreign nations are involved, can the NSA use that as an excuse > for not providing details? I looked at an FOIA request some time ago for > something involving NSA dealings with NZ and got told that they'd just use the > foreign involvement excuse as a get out of jail free card. > > If this isn't the case, is there someone in the US who could file a request on > my behalf? > They can use this excuse, but if it material can be declassified by NSA and there is foreign involvement, this should in reality only mean a delay in releasing the material until the foreign governments have had their say. If the foreign government or agency agrees the documents will be released. There is to my knowledge no different treatment of a FOIA filed by an American citizen or a foreigner. I have filed several requests and have not had any problems with my requests. Frode Frode Weierud Phone : +41 22 7674794 CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185 Switzerland E-mail : Frode.Weierud@cern.ch WWW : wwwcn.cern.ch/~frode From pgut001@cs.auckland.ac.nz Sat, 13 Jun 1998 04:06:44 (NZST) Date: Sat, 13 Jun 1998 04:06:44 (NZST) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: FOIA request re crypto export, NSA, GCHQ >>If foreigners/foreign nations are involved, can the NSA use that as an excuse >>for not providing details? I looked at an FOIA request some time ago for >>something involving NSA dealings with NZ and got told that they'd just use >>the foreign involvement excuse as a get out of jail free card. >> >>If this isn't the case, is there someone in the US who could file a request >>on my behalf? >They can use this excuse, but if it material can be declassified by NSA and >there is foreign involvement, this should in reality only mean a delay in >releasing the material until the foreign governments have had their say. If >the foreign government or agency agrees the documents will be released. Ah, that would explain it. The GCSB (NZ's NSA) will never OK the release of anything (I have copies of some of their replies to FOIA requests here, and have heard of one response which contained an accidentally included note which said something to the extent of "Get rid of this guy using the standard excuse" - they never give interviews, never answer questions about anything, and take months to do it). Does anyone know if there's any significant difference between requests made by US citizens and ones made by foreigners, both in terms of the chances of success and the complexity/cost involved? Peter. From sweigerd@mymail.com Fri, 12 Jun 1998 12:21:36 -0400 Date: Fri, 12 Jun 1998 12:21:36 -0400 From: SWEIGERD@mymail.com sweigerd@mymail.com Subject: FOIA request re crypto export, NSA, GCHQ There are several third party FOIA companies that will represent FOIA requesters. Peter Gutmann wrote: > > Re: FOIA request re crypto export, NSA, GCHQ > >Excatly how was the FOIA request worded. This is the key. Can you post the > >wording of your request. You should appeal if you really want to know. > > If foreigners/foreign nations are involved, can the NSA use that as an excuse > for not providing details? I looked at an FOIA request some time ago for > something involving NSA dealings with NZ and got told that they'd just use the > foreign involvement excuse as a get out of jail free card. > > If this isn't the case, is there someone in the US who could file a request on > my behalf? > > Peter. > From Brian.Randell@newcastle.ac.uk Fri, 12 Jun 1998 19:08:42 +0100 (BST) Date: Fri, 12 Jun 1998 19:08:42 +0100 (BST) From: Brian Randell Brian.Randell@newcastle.ac.uk Subject: Labour withdraws its info-highway web page Hi: Particularly now that copies of the page have been found, I hope that someone will ensure that knowledge of this little incident does not remain privy just to the readership of this mailing list! :-) Cheers Brian Randell Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK EMAIL = Brian.Randell@newcastle.ac.uk PHONE = +44 191 222 7923 FAX = +44 191 222 8232 URL = http://www.cs.ncl.ac.uk/~brian.randell/ From sweigerd@mymail.com Fri, 12 Jun 1998 14:24:06 -0400 Date: Fri, 12 Jun 1998 14:24:06 -0400 From: SWEIGERD@mymail.com sweigerd@mymail.com Subject: Sample FOIA request General format of a FOIA accross (to military group) name address organization etc. Certified mail receipt: Z-898-898-898 Subject: Freedom of Information Act request Ladies and Gentlemen: 1. This is a Freedom of Information Act request submitted to your office in accordance with 5 U.S.C. 552(a) and the Department of Defense implementing regulation DoD 5400.7-R. 2. I promise to pay for all search and copying costs associated with this request. As I am a non-commercial requestor I shall expect two hours of free search time and 100 copies of information at no cost. Should your office estimate that any fees will be charged I request you notify me of proposed fees over $25.00 (whatever you set). 3. I will expect your written reply to this request 20 business days after your office has received this request as indicated by U.S. mail return receipt. After 20 days I shall proceed with filing a complaint in the U.S. District Court in Washington, D.C. for your constructive delay of this lawful request. 4. I request copies of the following information: state your records request 5. Please direct any questions or requests for clarification to my electronic mail address: SWEIGERD@mymail.com. 6. Thank you in advance for your cooperation. SWEIGERD@mymail.com wrote: > > There are several third party FOIA companies > that will represent FOIA requesters. > > Peter Gutmann wrote: > > > > Re: FOIA request re crypto export, NSA, GCHQ > > >Excatly how was the FOIA request worded. This is the key. Can you post the > > >wording of your request. You should appeal if you really want to know. > > > > If foreigners/foreign nations are involved, can the NSA use that as an excuse > > for not providing details? I looked at an FOIA request some time ago for > > something involving NSA dealings with NZ and got told that they'd just use the > > foreign involvement excuse as a get out of jail free card. > > > > If this isn't the case, is there someone in the US who could file a request on > > my behalf? > > > > Peter. > > From ghira@mistral.co.uk 12 Jun 98 20:00:51 +0000 Date: 12 Jun 98 20:00:51 +0000 From: Adam Atkinson ghira@mistral.co.uk Subject: Labour withdraws its info-highway web page On 12-Jun-98 18:08:42, Brian Randell said: >Particularly now that copies of the page have been found, I hope that >someone will ensure that knowledge of this little incident does not remain >privy just to the readership of this mailing list! :-) Has anyone managed to get Private Eye interested in this affair? (I've tried and failed on previous occasions - I'm told by whoever answers the strobes mail that he thinks it would be worth covering, but Hislop feels computers are boring / not important / whatever.) -- Adam Atkinson (ghira@mistral.co.uk) http://www.mistral.co.uk/ghira/homepage.html From dave@xemu.demon.co.uk Fri, 12 Jun 1998 23:53:23 +0100 Date: Fri, 12 Jun 1998 23:53:23 +0100 From: Dave Bird---St Hippo of Augustine dave@xemu.demon.co.uk Subject: Labour withdraws its info-highway web page In<648.467T2556T12005133@mistral.co.uk>, Adam Atkinson writes: >On 12-Jun-98 18:08:42, Brian Randell said: > >>Particularly now that copies of the page have been found, I hope that >>someone will ensure that knowledge of this little incident does not remain >>privy just to the readership of this mailing list! :-) > >Has anyone managed to get Private Eye interested in this affair? > >(I've tried and failed on previous occasions - I'm told by whoever >answers the strobes mail that he thinks it would be worth covering, >but Hislop feels computers are boring / not important / whatever.) Try Paul Foot directly, as I believe he has a fairly free hand over his own pages----though I'm not sure what his attitude to computers is. There should be contact details in the mag or on the webpage. |~/ |~/ ~~|;'^';-._.-;'^';-._.-;'^';-._.-;'^';-._.-;||';-._.-;'^';||_.-;'^'0-|~~ P | Woof Woof, Glug Glug ||____________|| 0 | P O | Who Drowned the Judge's Dog? | . . . . . . . '----. 0 | O O | answers on *---|_______________ @__o0 | O L |{a href="news:alt.religion.scientology"}{/a}_____________|/_______| L and{a href="http://www.xemu.demon.co.uk/clam/lynx/q0.html"}{/a}XemuSP4(:) From bill@dial.pipex.com Sat, 13 Jun 1998 09:32:20 +0100 Date: Sat, 13 Jun 1998 09:32:20 +0100 From: Bill Thompson bill@dial.pipex.com Subject: Labour withdraws its info-highway web page -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It seems that it was not just the InfoHighway document - the manifesto and women's policy paper have also gone as part of the ideological clearout. Of course, all these documents will continue to circulate though I suspect the Labour Party believes that if you take something off YOUR website then it is removed from cyberspace... ah well. Bill Thompson -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use iQA/AwUBNYI5E1NT/DkNet0bEQIEswCcD1LOmzFz94HCWZFqt87ZnZClMs0AnA2Z WG65m6kFl9m+ml+CY6MpJtE2 =KLZF -----END PGP SIGNATURE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bill Thompson +44 (0) 1223 245963 mobile: 0411 557361 http://dspace.dial.pipex.com/bill/ "You'll have to pry my private key out of my cold dead hands." "Your proposal is acceptable..." From dave@xemu.demon.co.uk Sat, 13 Jun 1998 14:30:04 +0100 Date: Sat, 13 Jun 1998 14:30:04 +0100 From: Dave Bird---St Hippo of Augustine dave@xemu.demon.co.uk Subject: Labour withdraws its info-highway web page In article <3.0.2.32.19980613093220.031c9cd0@pop.dial.pipex.com>, Bill Thompson writes >It seems that it was not just the InfoHighway document - >the manifesto and women's policy paper have also gone >as part of the ideological clearout. >Of course, all these documents will continue to circulate >though I suspect the Labour Party believes that if >you take something off YOUR website then it is >removed from cyberspace... ah well. Perhaps someone would like to put a page on their site "The Policies New Labour wants to forget", and archive them Get a few friends to link to it, put . Then submit it to a load of search engines..... |~/ |~/ ~~|;'^';-._.-;'^';-._.-;'^';-._.-;'^';-._.-;||';-._.-;'^';||_.-;'^'0-|~~ P | Woof Woof, Glug Glug ||____________|| 0 | P O | Who Drowned the Judge's Dog? | . . . . . . . '----. 0 | O O | answers on *---|_______________ @__o0 | O L |{a href="news:alt.religion.scientology"}{/a}_____________|/_______| L and{a href="http://www.xemu.demon.co.uk/clam/lynx/q0.html"}{/a}XemuSP4(:) From georgefoot@oxted.demon.co.uk Sat, 13 Jun 1998 23:40:45 +0100 (BST) Date: Sat, 13 Jun 1998 23:40:45 +0100 (BST) From: George Foot georgefoot@oxted.demon.co.uk Subject: ukcrypto mailing list Will someone kindly explain how to reach the moderator of this mailing list without posting to the mailing list. I want advice on whether to post a discussion paper which I have written and which is rather long. George -- George Foot georgefoot@oxted.demon.co.uk Web Page. http://www.oxted.demon.co.uk From SWEIGERD@mymail.com Sat, 13 Jun 1998 19:49:13 -0400 Date: Sat, 13 Jun 1998 19:49:13 -0400 From: SWEIGERD SWEIGERD@mymail.com Subject: FOIA background For individuals that desire knowledge on the US FOIA law. http://jya.com/dgsfiles.htm From nbohm@ernest.net Sun, 14 Jun 1998 20:33:39 +0100 Date: Sun, 14 Jun 1998 20:33:39 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Grandma picks a bad password and loses her house I would like to draw the attention of the list to a message posted to the E-CARM list by Judie Mulholland forwarding a message from Dan L Burk: >For those who may be interested in the resource, I note that the >South Carolina Law Review symposium issue on electronic commerce is >now available on-line at http://www.law.sc.edu/sclr/vol49_4.htm The >issue contains notable articles by Walter Effross, Jane Winn, and >others. Jane's article on digital signatures and negotiable >instruments seems to me particularly worth reading. I would like to offer a strong commendation of Jane Winn's article to all members of this list. It draws an illuminating analogy between the history of negotiable instruments, and their effects in risk allocation between parties to commercial transactions, and current efforts to establish a suitable legal context for digital signature technology. I have found much of the current engineer/lawyer discussion of these issues to be sadly lacking in historical perspective, a deficiency now admirably remedied by this article. In this context she draws attention to the "Grandma picks a bad password and loses her house" scenario, to which current legislative thinking in the US and Europe seems to me to attach insufficient importance. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From brownrk1@texaco.com Mon, 15 Jun 1998 04:10:04 -0500 Date: Mon, 15 Jun 1998 04:10:04 -0500 From: Brown, R Ken brownrk1@texaco.com Subject: Labour withdraws its info-highway web page The story's not about computers it is about Peter Mandelson and Jack Straw (well, that's my line & I'm sticking to it) Actually, the odd thing is that it took them over a year after the change of direction to remove the pages, so either (a) the bonapartists in the Millbank gulag have less power in the party than we thought or, much more likely (b) they really really don't care about the net and simply didn't notice that they had a subversive bit of off-message thought on their web pages. (Or maybe, just maybe (c) the pages are out for a redesign and will be back soon. However, I can see the rooftops of Westminster from my office window and there doesn't seem to be a flock of pigs swarming round the clock tower) > ---------- > From: Adam Atkinson[SMTP:ghira@mistral.co.uk] > Reply To: ukcrypto@maillist.ox.ac.uk > Sent: 12 June 1998 21:00 > To: Brian Randell > Subject: RE: Labour withdraws its info-highway web page > > On 12-Jun-98 18:08:42, Brian Randell said: > > >Particularly now that copies of the page have been found, I hope that > >someone will ensure that knowledge of this little incident does not > remain > >privy just to the readership of this mailing list! :-) > > Has anyone managed to get Private Eye interested in this affair? > > (I've tried and failed on previous occasions - I'm told by whoever > answers the strobes mail that he thinks it would be worth covering, > but Hislop feels computers are boring / not important / whatever.) > > -- > Adam Atkinson (ghira@mistral.co.uk) > http://www.mistral.co.uk/ghira/homepage.html > > From georgefoot@oxted.demon.co.uk Mon, 15 Jun 1998 10:41:29 +0100 (BST) Date: Mon, 15 Jun 1998 10:41:29 +0100 (BST) From: George Foot georgefoot@oxted.demon.co.uk Subject: Encryption and the Rights of Man To the UK Crypto Mailing List: Privacy in Electronic Communications Have we any defence against the spate of innovation which=20 is flooding our society at a disconcertingly rapid rate and=20 upsetting notions which have satisfied us all our life ? =20 In the outcome we shall as likely as not discover that we need=20 to adjust our views to some degree to bring them in line=20 with new ideas. How shall we decide what we should resist=20 and where we should acquiesce ?=20 The issue of privacy in electronic communications is an example=20 in which changes of a fundamental nature are foreshadowed but are poorly understood.=20 The following analysis may be of assistance. =20 The Parable=20 Two employees of a large and well known engineering company=20 are working on a tender for a contract which will involve=20 advanced and innovative technology which is so important=20 that a failure to secure the contract could bring about=20 the downfall of the company and open its markets to a keen and not-too-scrupulous competitor. These two employees hold a face-to-face meeting under secure=20 conditions on the premises of the company to discuss details=20 of the proposed design. One of these employees then returns=20 to another company site at which he normally works. Shortly afterwards the two employees need to consult each other=20 on some engineering problem which has arisen. They do so by=20 telephone as a very detailed conversation is required. The situation is that the conversation at the face-to-face=20 meeting is held to be private and the outcome of the=20 discussions is considered company property which loyal=20 employees would not be required to reveal or even to acknowledge=20 its existence except possibly in a court hearing at a later=20 date in exceptional circumstances at which care would be taken=20 not to expose company design secrets without very good reason.=20 On the other hand the government proclaims its right to=20 intercept and monitor covertly the subsequent telephone=20 conversation between the employees in real time and for=20 no other reason except that it has a desire to do so because=20 some unspecified illegality may be involved and also proclaims=20 its right to continue this covert monitoring of telephone=20 conversations for a period which may be indefinite for the=20 reason only that they may be related to whatever illegality,=20 if any, may be revealed in this manner and furthermore insists=20 that the telephone conversations must be conducted in plain=20 language or be capable of being translated into plain language=20 by technical means at the government=91s disposal. The difference in treatment in the two cases is remarkable.=20 The Debate A difficulty arises when it is debated whether the two=20 employees concerned have a right to privacy when they have=20 discussions face to face and also an equal right to privacy=20 when they conduct exactly the same type of conversation=20 employing a telephone. If we are not to make merely an emotional response to a question=20 of human rights we need to probe this subject more deeply. What constitutes human rights ? =20 Human beings have evolved with two strains of behaviour in=20 their make-up: Belligerence and Caring Sympathy exist=20 side-by-side, the one to protect humans from their enemies of=20 the same or of a different species by employing force and=20 the other for the development of a family and a family life=20 =98 both are present for the reason that these characteristics=20 are traits which have developed in human beings as a part of their=20 capacity to survive. It is startling how the switch from one behaviour to the other=20 can occur so swiftly =98 peace becoming war and friend becoming=20 foe in an instant whenever danger threatens. =20 Nevertheless during periods of peace there is a code of conduct=20 between individuals and between members of a community which=20 becomes recognized as an attempt to make life more agreeable for=20 everyone and not only for a privileged few. This code has become=20 known as "the rights of man".=20 It is a misnomer. There is no such thing as a "right" or in=20 fact as a "wrong" in absolute terms. A better word would=20 be "convention".=20 The human race continues its battle to survive. Rights can be lost=20 as well as acquired. In times of peace rights may be respected=20 but in times of warfare or other stress they can be disregarded. Realizing that we are discussing conventions we can understand=20 why so called "rights" vary with the background and the experience=20 of the people to whom they apply. They also vary with time as=20 does any other convention (e.g. moral conventions which vary=20 from one period to another). These explanations are provided to illustrate that it would not=20 be extraordinary if a convention were in due time to become=20 established by common consent which stated that privacy for=20 conversations held at a distance is a "right of man" which=20 it would be outrageous to deny.=20 The Circumstances "Rights" usually become established by a slow process in which=20 little by little the unconventional becomes the conventional =20 requiring perhaps the passage of a generation before earlier=20 customs become discredited. Living together without benefit of marriage is the best example we=20 can quote. The pace of technological progress has brought the problem of=20 introducing a change in our "right to privacy" with a speed which=20 is disturbing to ordinary people who do not even have a clear=20 understanding why they are disturbed. In fact they are being=20 cautious in accepting a new idea =98 and they may be wise to be cautious. =20 In addition of course there are vested interests which will suffer from=20 change and the clamour of their protests may be loud but have little=20 relation to the facts of the case. The Case for Privacy It is not to be denied that some will lose and some will gain from any=20 change in our conventions. Nobody can take a totally disinterested=20 and impartial standpoint on the issues surrounding privacy in the new=20 era of electronic communications which is thrust upon us. Nevertheless the Internet is a resource which in conjunction with other=20 facilities such as more rapid road and rail travel heralds a social=20 revolution of a profound character with repercussions which must be=20 examined. The small community is now spread over a large area. A scientific, an=20 engineering, a commercial or a social project can be carried forward=20 intensively by people who are dispersed at great distances and may=20 be living in different countries. We can work as a team while=20 we stay at home because we can take advantage of electronic =20 communications. Our lives and our livelihood are being integrated=20 into a totally different structure in which we and our children and=20 relations are separated by distance and held together only by electronic=20 links.=20 The conversations run: "I have a son in New Zealand and another in the=20 USA and both are doing well": "My colleague at work has been moved to=20 our Sydney branch but we shall still be working on the same project":=20 "I shall need to discuss the new contract with Jim when he arrives at=20 Singapore": and so on. Does it matter if our electronic conversations and discussions are=20 overheard ? It does because if we can be overheard we are inhibited from saying what is in our mind as frankly as we would do if we conversed in private. We cannot negotiate on a subject of some delicacy by=20 shouting across a room and it is equally impossible to do so if in the back of our mind we believe someone may be listening and may hold us=20 to account. A click on a line may say "Somebody is listening on the=20 extension" and we cease to speak freely. Apart from which the need for privacy in commercial, banking, financial, legal and medical=20 discussions and negotiations is obvious and unlikely to be challenged. In my opinion the case for equal privacy in discussions at a distance=20 and in discussions face-to-face is overwhelming in view of the nature=20 of society to-day and the further developments we can anticipate in=20 which electronic communications will play an increasingly important=20 role. "I shall speak to Jim privately wherever he may be" will come to be regarded as an incontestable "right". =20 =20 The Consequences The case for the people has been made above. No difficulty arises=20 because ample technical solutions incorporating strong encryption are available to solve the problem of privacy. The case for the government is confused because it is not stated=20 correctly. It is said that the government requires access to the=20 conversations of everybody to control the activity of the=20 relatively few of us who are criminals. WRONG. It is we, the populace who need to control the activities of the=20 criminals amongst us who disturb our lives. We charge the=20 government with this task subservient to our will. One manner in which criminals are greatly assisted in this modern=20 age is to provide them with high powered cars and good roads to=20 leave the scene of a crime. Logically the government should ban=20 the use of cars for everyone as this would also deprive criminals=20 of cars. But this is not done as we should revolt at the suggestion. Why then should the government be able to ban encryption for their=20 own convenience when this is against our wishes. There is an answer -- but the irony is that I am unable to state it=20 freely because I do not have a secure encrypted channel to discuss=20 this matter with you !! Apologies for the length of this posting. It will be apparent to all I trust that it is intended as a constructive addition to the debate=20 on encryption. George --=20 George Foot georgefoot@oxted.demon.co.uk Web Page. http://www.oxted.demon.co.uk From brownrk1@texaco.com Mon, 15 Jun 1998 04:42:41 -0500 Date: Mon, 15 Jun 1998 04:42:41 -0500 From: Brown, R Ken brownrk1@texaco.com Subject: Labour withdraws its info-highway web page I'm up for that - but it would only be my private pages on Cix which has slow response & not a lot of bottom. If anyone with a faster server and an institutional name that looks better in print that would be more effective. (Of course, on the Internet no-one knows you're a dog... maybe I should call myself the League Against Cruel Politicans or something...) > ---------- > From: Dave Bird---St Hippo of > Augustine[SMTP:dave@xemu.demon.co.uk] > Reply To: ukcrypto@maillist.ox.ac.uk > Sent: 13 June 1998 14:30 > To: ukcrypto@maillist.ox.ac.uk > Subject: Re: Labour withdraws its info-highway web page > > In article <3.0.2.32.19980613093220.031c9cd0@pop.dial.pipex.com>, Bill > Thompson writes > >It seems that it was not just the InfoHighway document - > >the manifesto and women's policy paper have also gone > >as part of the ideological clearout. > >Of course, all these documents will continue to circulate > >though I suspect the Labour Party believes that if > >you take something off YOUR website then it is > >removed from cyberspace... ah well. > > Perhaps someone would like to put a page on their site > "The Policies New Labour wants to forget", and archive them > Get a few friends to link to it, put . > > Then submit it to a load of search engines..... > > |~/ |~/ > ~~|;'^';-._.-;'^';-._.-;'^';-._.-;'^';-._.-;||';-._.-;'^';||_.-;'^'0-| > ~~ > P | Woof Woof, Glug Glug ||____________|| 0 | > P > O | Who Drowned the Judge's Dog? | . . . . . . . '----. 0 | > O > O | answers on *---|_______________ @__o0 | > O > L |{a href="news:alt.religion.scientology"}{/a}_____________|/_______| > L > and{a > href="http://www.xemu.demon.co.uk/clam/lynx/q0.html"}{/a}XemuSP4(:) > > From alan@mailhost.kable.co.uk Mon, 15 Jun 1998 11:37:27 +0100 Date: Mon, 15 Jun 1998 11:37:27 +0100 From: Alan Burkitt-Gray alan@mailhost.kable.co.uk Subject: Labour withdraws its info-highway web page > > On 12-Jun-98 18:08:42, Brian Randell said: > > > > >Particularly now that copies of the page have been found, I hope that > > >someone will ensure that knowledge of this little incident does not > > remain > > >privy just to the readership of this mailing list! :-) I think it might well appear in the pages of the next issue of Government Computing. > > > > Has anyone managed to get Private Eye interested in this affair? > > > > (I've tried and failed on previous occasions - I'm told by whoever > > answers the strobes mail that he thinks it would be worth covering, > > but Hislop feels computers are boring / not important / whatever.) Can't really be true, as the Eye has covered lots about EDS and its various Govt contracts. Incidentally, it's not only party HQ that puts stuff on the web and then forgets it's there. A lot of MPs got their pages up - in a flush of enthusiasm about the information age - before the last election and haven't touched them since. I trawled through a few for our Sitewatch web page http://www.kable.co.uk a few weeks ago but I wouldn't mind betting there are lots of other juicy bits. For real Mandelsonian control, though, see the Lib Dems' site http.//www.libdem.org.uk where every MP has a regulated, sanitised, boring page. Alan B-G - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July/August 1998, mailed out Wed 15 July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel 0171 608 0900, fax 0171 608 0901 websites http://www.governmentcomputing.com and http://www.kable.co.uk e-mail alan@kable.co.uk - From alan@mailhost.kable.co.uk Mon, 15 Jun 1998 11:37:27 +0100 Date: Mon, 15 Jun 1998 11:37:27 +0100 From: Alan Burkitt-Gray alan@mailhost.kable.co.uk Subject: Labour withdraws its info-highway web page > > On 12-Jun-98 18:08:42, Brian Randell said: > > > > >Particularly now that copies of the page have been found, I hope that > > >someone will ensure that knowledge of this little incident does not > > remain > > >privy just to the readership of this mailing list! :-) I think it might well appear in the pages of the next issue of Government Computing. > > > > Has anyone managed to get Private Eye interested in this affair? > > > > (I've tried and failed on previous occasions - I'm told by whoever > > answers the strobes mail that he thinks it would be worth covering, > > but Hislop feels computers are boring / not important / whatever.) Can't really be true, as the Eye has covered lots about EDS and its various Govt contracts. Incidentally, it's not only party HQ that puts stuff on the web and then forgets it's there. A lot of MPs got their pages up - in a flush of enthusiasm about the information age - before the last election and haven't touched them since. I trawled through a few for our Sitewatch web page http://www.kable.co.uk a few weeks ago but I wouldn't mind betting there are lots of other juicy bits. For real Mandelsonian control, though, see the Lib Dems' site http.//www.libdem.org.uk where every MP has a regulated, sanitised, boring page. Alan B-G - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July/August 1998, mailed out Wed 15 July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel 0171 608 0900, fax 0171 608 0901 websites http://www.governmentcomputing.com and http://www.kable.co.uk e-mail alan@kable.co.uk - From georgefoot@oxted.demon.co.uk Mon, 15 Jun 1998 15:39:56 +0100 (BST) Date: Mon, 15 Jun 1998 15:39:56 +0100 (BST) From: George Foot georgefoot@oxted.demon.co.uk Subject: Washington Conference To UK Crypto: Can anyone who attended the recent Washington Conference on Encryption provide an account of the proceedings, please ? Is there a Web Page or any other source from which information can be ontained ? George -- George Foot georgefoot@oxted.demon.co.uk Web Page. http://www.oxted.demon.co.uk From I.Brown@cs.ucl.ac.uk Mon, 15 Jun 1998 19:11:04 +0100 Date: Mon, 15 Jun 1998 19:11:04 +0100 From: Ian BROWN I.Brown@cs.ucl.ac.uk Subject: Labour withdraws its info-highway web page > Actually, the odd thing is that it took them over a year after the > change of direction to remove the pages Perhaps (d): they knew if they removed those specific pages around the time of the policy change it would cause more fuss than if they just 'disappeared' sometime later as part of a 'general tidy up.' I've just been reading "Soundbites and Spin Doctors" (recommended!) so have an extremely cynical view of Mandelson and friends at the moment ;) Ian >:) From Vaclav.Matyas@cl.cam.ac.uk Tue, 16 Jun 1998 15:13:20 +0100 Date: Tue, 16 Jun 1998 15:13:20 +0100 From: Vaclav Matyas Vaclav.Matyas@cl.cam.ac.uk Subject: Crypto Law Survey updated Hello Bert-Jaap, I have some updates for your Crypto Law Survey re. the Czech Republic a) Export controls: In theory according to the Wassenaar Arrangement, in practice none (might change after the June elections). Also, the official government document "Information Policy of the Czech Republic - Strategy Basics" states "The state shall not restrict import or export of cryptographic technologies." b) Domestic laws and regulations: Newly passed law on "Protection of secret information" will be worked out into some detailed regulations that should clarify this. However, this will most probably affect only state-held or national security relevant information and regulations of cryptography as such are not touched upon in this law. On the other hand, this law establishes a new National Security Agency, which has no restrictions stated in this law on actions on the country's territory and against own citizens. c) Developments to restrict cryptography: None as such. However, when I sent my comments to the office that worked on the above cited "Information Policy of the Czech Republic - Strategy Basics", they have included my comment relevant to a) "The state shall not restrict import or export of cryptographic technologies", but did not include a similar suggestion that the state will not restrict use of cryptography and/or impose key-escrow or key-recovery duty. Hope this is of some help to your excellent work. Many thanks for four effort! Vaclav From Ross.Anderson@cl.cam.ac.uk Tue, 16 Jun 1998 15:22:33 +0100 Date: Tue, 16 Jun 1998 15:22:33 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Law Society view on the new Labour crypto policy A number of people asked for a copy of the Law Society's view on the new Labour crypto policy, as presented by Nick Bohm at `Scrambling for Safety' last month. We've now got an approved text, converted into html by Gus Hosein, and available at http://www.cl.cam.ac.uk/users/rja14/bohmsfs.html Ross From richard@turnpike.com Fri, 19 Jun 1998 21:01:33 +0100 Date: Fri, 19 Jun 1998 21:01:33 +0100 From: Richard Clayton richard@turnpike.com Subject: Barclays Endorse The scheme appears to be a smartcard (with a system for treating it as a floppy) which you are issued with when you appear at the bank with suitable credentials to prove identity. A PIN is then used to continue the relationship between you and the card. The card can be used to digitally sign "registration forms" with the Inland Revenue, Contributions Agency & HMCustoms and Excise [[ie tax, NICs and VAT]]. Seems a very limited use of the card to me and I note the press release says "documents". If you run a small business in the UK you will know that these are exactly the three agencies which require paperwork every month or quarter - though usually (in my experience) a real live cheque needs to accompany every transaction :( The www.barclaysendorse.co.uk site has no further technical details of the encryption which I could spot. One the FAQ questions is "Is Barclays Endorse a national ID card?" The answer is "No. The Barclays Endorse card can be thought of as the electronic version of your handwritten signature." This seems to be an interesting semantic distinction :) ================= here's the press release ============= 17 June 1998 GOVERNMENT ENDORSES BARCLAYS DIGITAL SIGNATURE TRIAL Barclays today (June 17, 1998) commenced a trial of a pioneering smart card based digital signature service called Barclays Endorse. The government is to make the first use of the service by enabling newly self employed individuals to register their self employed status across the Internet. Chancellor of the Duchy of Lancaster, Dr David Clark commented: "I am delighted to announce today that the Government will be the very first to use this exciting new initiative developed by Barclays. The service will save time, eliminate paperwork, and allow the newly self-employed to conduct their dealings with government more conveniently. "This pilot is part of the quiet revolution which is transforming the way public services are delivered. It plays an important part in the Better Government programme, which will make the services we provide to our citizens more efficient, simple and accessible. "IT is the key to unlocking better services. I congratulate all concerned on this excellent example of co-operation between departments, and partnership between public and private sectors. I wish the pilot every success." This initial application of the Barclays Endorse card will be tested over the next six months in nine locations across the country. Individuals becoming self employed will be invited to apply for a Barclays Endorse Card which will be activated at a participating branch, once their identity is proven. The card can then be used to digitally sign documents submitted across the Internet to three government agencies - Contributions Agency, Inland Revenue and HM Customs & Excise. Branches involved in the trial are located in Barnsley, Birmingham, Coventry, Doncaster, Hanley, Milton Keynes, Rotherham, Sheffield and Wembley where Internet access will be available. Roger Alexander, managing director of the Emerging Markets Group at Barclays explained: 'Participants in the trial will be able to conduct business in a truly paperless environment, cutting bureaucracy whilst improving on the security of traditional ways of doing business. 'The benefits of electronic commerce will only be fully realised when individuals and businesses can transact with trust. We are bringing about this trusted environment through the innovative use of smart cards and digital signatures in a highly usable way.' Notes: 1) Barclays branches participating in the trial are: 36 Town Road, Hanley, Stoke on Trent 14 Commercial St, Sheffield The Business Centre, Ten Pound Walk, Doncaster 27 Church Street, Barnsley Bridgegate, Rotherham 25 High Street, Coventry 38 Hagley Road, Edgbaston 36/38 Park Royal Road, Wembley 497 Silbury Boulevard, Milton Keynes 2) Partner organisations involved in the trial Barclays has been pleased to work with a range of partner organisations in making this trial reality. This includes industry leaders such as Microsoft, De La Rue and Certco. 3) Web Site The Barclays Endorse web site can be found on www.barclaysendorse.co.uk. Applications can be made by visiting the Barclays Endorse web site or calling 0845 600 6677. -- richard richard.clayton @ T U R N P I K E .com http://www.demon.net/news/features/crypto/ for Demon's views on crypto "Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM From gladman@seven77.demon.co.uk Sat, 20 Jun 1998 16:23:59 +0100 Date: Sat, 20 Jun 1998 16:23:59 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: EPIC Conference As requested here is a summary of the EPIC Conference. My thanks go to Stefek Zaba who shared his notes with me and without whose help I would not have been able to compile this summary. However, I take all responsibility for any errors, problems or opinions! Many other ukcrypto list particiapnts were present and I would encourage them to add to, or correct, anything I have said. Brian Gladman ---------------------------------------------------------------------------- The 1998 EPIC Cryptography Conference (8th June, Washington DC) *** Keynotes *** There were two Keynote speeches given respectively by Representative Bob Goodlatte and Senator Conrad Burns. Goodlatte is the driver of the SAFE Bill in Congress and Burns the driver of the ProCODE Bill in the Senate. Goodlatte indicated that support for SAFE on the floor was now 250 plus which is a majority. However the Bill was now being scrutinised by a number of 'interested' committees and this was stalling its progress. The Rules Committee would have to resolve this and it appears that the Chairman of this committee is not in favour of the Bill. There appeared to be a US Administration wish to negotiate with Americans for Computer Privacy (ACP) on the crypto issue but a condition here was that SAFE is suspended. He argued that this would be very bad since the US Administration only ever moved on the crypto issue when under pressure. In overall terms I gained the impression that the Bill would be unlikely to succeed this session (I stress that this is MY view - I may be wrong). Senator Burns gave a light hearted summary of crypto issues and argued strongly that constraining technological progress in the crypto area would be very damaging for the US. He suggested that most legislators did not understand the issues involved and this meant that there was a desperate need for education. He characterised Washington DC as "17 square miles of logic free environment" *** Technology: Key Escrow/Key Recovery *** The 'Technology Panel' was led by Dave Banisar of EPIC with Matt Blaze, Bruce Schneier and myself as speakers. Matt Blaze presented an updated version of last year's "11 Cryptographers" report. He pointed out that the conclusions of the original report were unchanged and essentially unchallenged. Bruce Schneier then covered the technical issues of maintaining security with KE/KR solutions. He pointed out that maintaining security in any KE/KR infrastructure would be extremely difficult and well beyond the current state of the art. He pointed people to NSA's analysis of the risks of KE/KR which pointed out these risks very clearly. I presented my paper on KR and its 'conversion' into KE by government support and sponsorship. In particular I emphasised that there was little overlap between the interests of governments in seeking access to information and those of private citizens in maintaining their privacy. Although there were some business requirements for KR, if these were pursued in a way that imposed the on private citizens then mass market Electronic Commerce would be stillborn. *** US Encryption Policy - Where Next? *** The session on US Encryption Policy involved two speakers (Bob Litt and Bill Reinsch) speaking for continued controls and two (David Peyton and Jeffrey Smith) calling for their removal. Bob Litt (US Justice Department) stressed that the law enforcement community did not want to stand in the way of the widespread use of encryption, which they saw as a benefit for law-abiding citizens. But this would have an adverse impact on law enforcement and this could not be ignored. He considered that the law enforcement case had been largely misunderstood and rejected a number of common 'myths': * law enforcement is opposed to the use of strong encryption * the code breaking capabilities of governments gave ready access for law enforcement - the cost of this was way beyond typical law enforcement resources * law enforcement wishes to expand its information gathering capabilities He went on to give examples of cases where intercept had been very important for law enforcement and suggested that if we did not tackle this issue now a future 'crypto related calamity' might result in draconian measures that no one wanted. Bill Reinsch gave a summary of the Administration's position on crypto. He pushed the Key Recovery line and stressed the need for this for stored data (I felt that this was a reaction to the realisation that the case for comms KR was weak, hence requiring a shift of ground on the Administration's part). He said that he saw KR solutions emerging even for comms and seemed to suggest that there were business needs here despite the previous session presentations. He suggested that discussions with other countries indicated that they were moving along the same lines as the US and pointed to UK policy announcements as an example here. Jeff Smith, Counsel to ACP, described the competing interests in the crypto policy debate, emphasising the ACP desire to work co-operatively with the US administration to find solutions. He overviewed the an ACP proposal for the way ahead on crypto policy: * a presidential commitment to oppose any domestic controls * more interim export relief * the formation of a "Net Center" as a forum for the multiple interests to work out a compromise solution. David Peyton, National Association of Manufacturers, made the business case for the deployment of strong cryptographic information protection. He quoted a recent study suggesting that the cost of economic and industrial espionage for the US was now 250 billion dollars (per annum? - this was not clear). He suggested that we were still recovering from the 'Clipper fiasco' but noted that this was still a government standard! He felt that voluntary (user controlled) KR was a valuable possibility but strongly criticised the Administration's "back door" discouragement of non-KR products through such means as the export control regulations. *** Discussion *** A number of interesting points came out in discussion 1. Bill Litt admitted that he had never seen the NRC report - he had been told that it was badly flawed and had not therefore read it!!!! 2. Bill Reinsch was asked about US government Department efforts to obtain exemption from requirements for KR in their systems. He said that he did not think exemptions would be easily obtained (apparently his staff touted this for BXA but he said that they would have to take their own medicine!). 3. Reinar Fuchs (NATO attendee) strongly distinguished - and asked Reinsch to acknowledge the basic difference between - domestic law enforcement, i.e. police, access, under lawful warrant, and mass surveillance by intelligence authorities under such programmes as Echelon. He indicated the hostility in Europe to such government activities. He did not get any answer from Reinsch. Fuchs followed up with a second question asking if intelligence agencies would have to escrow their keys if KE/KR became mandated!! Reinsch suggested that self escrow would be sensible here!!!!!! 4. In response to a question (from me) on why export controls would help in stopping criminals and terrorists from using strong non-KR encryption Bill Reinsch indicated that 'in abstract terms' he could not characterise such controls as 'either fair or effective', they were, however, 'available'. *** Lunch - Jim Bizdos, RSA *** Jim did a good job at criticising the Administration's position on crypto policy. He pointed out that this was exporting jobs and technology leadership from the US at an increasing rate. He suggested that the economic cost of the current policy was already high and could be expected to grow rapidly if it was not changed soon. He expressed amazement that Bill Litt had not read the NRC report and said that he was organising a collection so that a copy could be purchased for him to read! *** International Perspectives *** * Helen McDonald, Industry Canada Helen gave an overview of developments in Canada (Industry Canada is the Canadian equivalent of the US Commerce Dept or the UK DTI). The Canadian Government was working on three fronts: * privacy legislation * establishing a PKI * clarifying crypto policy On privacy, there will be federal legislation in those policy areas which are federally controlled; for the other policy areas, minimum standards have been agreed with the provinces, based on the 1988 OECD "fair information handling" principles. On PKI for federal government use, the intention is to have the foundations in place this year (1998). Though Entrust has the major share of current implementations, the PKI itself is open and will support other products. On crypto policy, Canada has issued an "options" paper and solicited wide public comment. The current position is of no usage or import regulations; export regulations are compatible with the Wassenaar agreement. Hence no restrictions on the export of weak or authorisation-only crypto, nor on Public domain or mass-market products. Current thinking for the future was that Canada's Charter of Rights and Freedoms requires that any restrictions should be proportionate and have a realistic chance of being effective. [I felt that Helen was leaning towards the privacy argument in what she said]. More detail at: http://strategis.ic.gc.ca/SSG/cy00005e.html * Ulrich Sandl, Ministry of Economics, Germany Ulrich gave a very strong statement of the German position on crypto policy and came as close to being critical of the US government as any speaker did. In effect he was outspoken in rejecting US government efforts to impose their crypto thinking on Germany (and others). He emphasised that the privacy of German citizens was of great importance and that the real issue for Germany was not giving law enforcement access but rather that of preventing access by 'foreign agencies' not under German control. He said that there was serious concern in Germany about 'one country's' attempts to impose solutions meeting such needs!!! In my view this talk was, in effect, a strong German rejection of US government efforts for international consensus on KE/KR crypto provisions. * Nigel Hickson, UK Department of Trade and Industry Nigel gave an overview of the recent UK policy developments that members of this list will know well (so I won't repeat them here). He did suggest at one point that the UK industry response to the earlier UK policy paper had been pathetic, with only civil liberties making a serious input (I think that this was a somewhat 'tongue in cheek' statement). He also suggested that the UK law enforcement community should start making their own case rather than asking him to do it for them (and taking the flak as a result!). On a wider front he referred to support in Europe for measures designed to provide law enforcement access and to the EU dual-use Directive, which would possibly remove internal EU crypto controls but also impose controls on 'intangible goods' (that are currently not controlled). * The French Scene The scheduled representative from France was unable to attend; Deborah Hurley read out a short statement, in which Prime Minister Lionel Jospin's administration was painted as much more aware of E-issues than the previous government. On crypto policy, there is now an intention to have a public consultation and debate process by the end of this year (1998)! * The European Commission The Commission representative did not attend and no position was given for the EU (I was very disappointed about this given the progress now being made by the Commission). * Discussion During discussion Nigel pointed out that the Wassenaar agreement will come up for review shortly (I cannot remember the timescale he quoted). It was also pointed out that if nations could not agree on carrying some form of agreement forward, it would simply lapse [comment: this will be an opportunity for rational action - removal of all crypto controls except those targeted at specific and achievable aims - e.g. preventing military crypto going to terrorists or undemocratic countries.] *** US Export Control Litigation *** This session covered three cases (Bernstein, Junger, and Karn) with their attorneys giving presentations and the US Administration defence attorney also speaking. * Ken Bass - counsel to Phil Karn This case concerned the export from the US of the floppy disc with Bruce Schneier's 'Applied Cryptography' book. The case is based on 'free speech' and 'due process' issues. Ken indicated that in following up the case he had discovered that US crypto export controls are on very shaky ground because they based on the "Emergency Economic Powers Act" which where the President has year-by-year powers to impose short-term economic and trade sanctions. He argued that the repeated use of this procedure was an abuse of these provisions which were not enacted for such purposes. This case had been going a long time - since 1995 - it has gone thorough rulings and appeals; it has suffered delay when crypto control moved from the State Dept to Commerce and when the original judge died. It continues. * Gino Scarselli - counsel to Peter Junger This case is essentially a restraint-of-free-speech case whose central issue challenges the claim of the EAR (Export Administration Regulations) that posting source code on a Web page is in itself an act of export. The code in question is a chapter in a book published on-line by Peter Junger, a law professor. A related free-speech issue is whether Junger can teach this particular class when a non-US student is present. The case has yet to be ruled on at the first (District) court level. * Cindy Cohn, counsel to Dan Bernstein This case is another challenge to the crypto export legislation, which started in early 1995. Judge Patel's initial rulings established that source code is speech for US legal purposes and potentially protected under the First Amendment; she also ruled the ITAR regulations partly unconstitutional in restricting the "speaking" of crypto source code. Judge Patel issued a relatively narrow decision, affirming the rights of Bernstein and others to export (make available) his source code, but not necessarily removing export regulation. The decision was further narrowed after the Administration made an emergency motion, to affirm only Bernstein's right to export the source code, pending review of the entire judgement. Cindy Cohn's presentation coincided with her recent congressional testimony, available on the Web at: http://www.eff.org/pub/Crypto/ITAR_export/Bernstein_case/19980317.testimony * Tony Coppolino - counsel for US Department of Justice Tony Coppolino has been the Administration counsel in all three of the above cases. He started by saying that the "proper" place for challenges to the substance, as opposed to particular implementation, of US crypto policy is not the courts, but the political process. He faulted Cohn's First Amendment analysis by saying no one was arguing whether source code was speech; but that it has another characteristic as well - that of being an "effective machine". It was the latter that gave the government the right to regulate it. He also argued that 'unreasonableness' or 'illogically' were not grounds on which any regulations can be overthrown - they have to be wildly or recklessly unreasonable for this to succeed! * Micheal Froomkin, Professor of Law, University of Miami Froomkin gave a "futures' view of these legal challenges. The only confident prediction he felt able to make was that the cases would go all the way to the US Supreme Court! Whichever way the decision fell, and at each stage of litigation, it would be necessary to look not only at who had won or lost, but also at how broad or narrow the decision was, and at whether it focussed on the nature of the medium involved. * Discussion - This session evoked by far the most discussion. There was a lively exchange on the characteristics of 'speech' and the fact that speech is always capable of being a 'machine' or 'engine' in evoking or provoking active events. Stefek argued persuasively that the primary function of source code was to convey ideas to other human beings - it this was not the case we would write software directly in binary! It was also pointed out that the PGP transfer to Europe using paper and high quality scanning had progressed this technology for source code reconstruction to the point where there the control of source code export would how require the banning of books. The response to this was interesting in that most of the people present did not feel that the export of books would be challenged. Some, however, thought that such technological developments might well lead down this path! *** OBSERVATIONS - DANGER ZONE *** >From here on this stuff is *** my opinion *** with no attempt to be objective or balanced! * Crypto Controls It was clear that the 'stand off' between governments and their informed citizens on crypto issues remain as big as ever. The US administration is determined to continue with its stance even though the US informed public roundly rejects its approach. All groups representing the public, commerce and business were against crypto controls and clearly wanted them removed. No-one on this side of the argument spoke for controls in order to provide for public safety or security and, while the argument for such was understood, the general view seemed to be: * controls do not, and cannot, have the desired effect but impose great economic (and social) damage * on balance the widespread deployment of cryptography would be positive for society - "cars kill but we do not ban cars as a result" was a quoted argument. There seems to be a recognition within the US administration that export controls are ineffective and unfair but there seems little if any activity to find more effective or acceptable approaches. * Key Escrow and Key Recovery The US and UK governments are pushing Key Recovery despite unchallenged concerns about its effectiveness when deployed in a form that meets their needs. Given the weaknesses it will introduce in terms of national information protection (economic and industrial intelligence gathering) this is surprising. Germany appears to be the one country in Europe that has recognised this problem and set its crypto policy with this in mind. Probably the issue here is whether a particular Nation believes it gains more from spying on other Nations than others do in spying on it. The recent revelations about Echelon (which were referenced several times at the Conference) have bought this issue home to a number of non-English speaking European Nations in particular. This is leading to an increasing group of Nations who no longer support the US policy line (note, however, that US Officials still claim support for their policy). This situation was most in evidence in what Germany said at the Conference but I have heard similar views expressed by representatives of several other EU countries in recent months. It is possible, therefore, that the balance of view in Europe is now shifting towards crypto deployment rather than the continuation of crypto controls. This is certainly the tone of some recent EU Directives (although Nigel noted moves in Europe in the opposite direction). There was even a hint that France might be considering a softening of its strong stance on crypto controls by seeking opinions of its citizens on such matters - I never thought that I would live to see this! Brian Gladman, 20th June 1998 From proff@iq.org 20 Jun 1998 18:40:14 -0000 Date: 20 Jun 1998 18:40:14 -0000 From: Julian Assange proff@iq.org Subject: AUcrypto mailinglist With things starting to heat up here in Australia (DoD/DSD has recently taken to making some exceptionally nasty noises about prosecuting Eric Young, Tim Hudson and the rest of the Australian CryptoMozilla team). I'd like to remind everyone who's interested in aussie/nz crypto issues of the aucrypto mailing list. _ _ _ ____ ______ ______ _____ ___ / \ | | | |/ ___| _ \ \ / / _ \_ _/ _ \ / _ \| | | | | | |_) \ V /| |_) || || | | | / ___ \ |_| | |___| _ < | | | __/ | || |_| | /_/ \_\___/ \____|_| \_\|_| |_| |_| \___/ Australasian & Pacific Cryptography mail the word "subscribe" to aucrypto-request@suburbia.net or mail the word "subscribe" to aucrypto-d-request@suburbia.net (AUCRYPTO weekly digest) WHEN YOU HAVE SUBSCRIBED ------------------------ Send in a brief synopsis of who you are and why you are interested in AUCRYPTO as your first message to the list (this helps to stimulate discussion and debate as well as provide a sense of the AUCRYPTO community). As a [small] example: "Hello AUCRYPTO! My name is Sara Harding. I'm a technical services officer working at the AFP (Australian Federal Police), specialising in cryptogrpahic issues." SUBSCRIBING ----------- Send mail to: aucrypto-request@suburbia.net or aucrypto-d-request@suburbia.net (AUCRYPTO digest) with the subject or body of: subscribe UN-SUBSCRIBING ------------- Send mail to: aucrypto-request@suburbia.net or aucrypto-d-request@suburbia.net (AUCRYPTO digest) with the subject or body of: unsubscribe aucrypto POSTING ------- To send a message to the list, address it to: aucrypto@suburbia.net Messages under 700 bytes in size will not be accepted. Send your one-liners to nobody@nowhere.org. REPLYING -------- If you are replying to a message already on the AUCRYPTO list using your mail programs reply facility you may have to change the reply address to aucrypto@suburbia.net. This is because the AUCRYPTO mailing list program is configured to have return replies sent the author in order to avoid receiving the replies of misconfigured "vacation" programs which automatically send email saying "I've gone to the moon for two weeks to hunt rare bits". ARCHIVES -------- Monthly back issues of aucrypto since January 96 are available from: ftp://suburbia.net/pub/mailinglists/aucrypto You can also instruct the mailing list processor to automatically scan and retrive messages from the archive. It understands the following commands: get filename ... ls directory ... egrep case_insensitive_regular_expression filename ... maxfiles nnn version Aliases for 'get': send, sendme, getme, gimme, retrieve, mail Aliases for 'ls': dir, directory, list, show Aliases for 'egrep': search, grep, fgrep, find Lines starting with a '#' are ignored. Multiple commands per mail are allowed. Setting maxfiles to zero will remove the limit (to protect you against yourself no more than maxfiles files will be returned per request). Egrep supports most common flags. Examples: ls vomume96 (for aucrypto digest) ls latest (the latest directory containes the archived messages) get latest/12 egrep some.word latest/* TECHNICAL --------- The list processor software is based on the excellent Procmail/Smartlist by Stephen R. van den Berg with some minor extensions by Julian Assange . From dparkins@alien.bt.co.uk Sun, 21 Jun 1998 18:15:47 +0100 Date: Sun, 21 Jun 1998 18:15:47 +0100 From: David Parkinson dparkins@alien.bt.co.uk Subject: Barclays Endorse >The www.barclaysendorse.co.uk site has no further technical details of >the encryption which I could spot. Literature I've seen says: Triple DES 512-bit RSA for users' signing keys 1024-bit RSA for certification keys David From dave@xemu.demon.co.uk Sun, 21 Jun 1998 17:02:25 +0100 Date: Sun, 21 Jun 1998 17:02:25 +0100 From: Dave Bird---St Hippo of Augustine dave@xemu.demon.co.uk Subject: vanished Labout policies -- anyone send me a copy pls? Could anyone send me a copy of the vanished Labour policy document, as I forgot to save it last time it was on the list? Thanx. -- ^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/ (..)__u news:alt.smoking.mooses From gtaylor@efa.org.au Tue, 23 Jun 1998 00:17:01 +1000 Date: Tue, 23 Jun 1998 00:17:01 +1000 From: Greg Taylor gtaylor@efa.org.au Subject: EPIC Conference At 16:23 20/06/98 +0100, Brian Gladman wrote: >As requested here is a summary of the EPIC Conference. My thanks go to >Stefek Zaba who shared his notes with me and without whose help I would not have >been able to compile this summary. However, I take all responsibility for any >errors, problems or opinions! Thanks for an excellent report Brian (and Stefek). It's more comprehensive than my notes on the meeting so I can't add much ;-) >During discussion Nigel pointed out that the Wassenaar agreement will >come up for review shortly (I cannot remember the timescale he quoted). >It was also pointed out that if nations could not agree on carrying >some form of agreement forward, it would simply lapse My notes say November, but there has been a recent report in Australia (LAN Magazine, June 1998) that the meeting will be in September. This will be a significant development that will affect the future of crypto policy globally. We'll be doing our bit to lobby the Australian government representatives to adopt a common sense approach, which may mean letting it lapse ;-) Greg Taylor Crypto Committee Electronic Frontiers Australia From gtaylor@efa.org.au Tue, 23 Jun 1998 00:17:01 +1000 Date: Tue, 23 Jun 1998 00:17:01 +1000 From: Greg Taylor gtaylor@efa.org.au Subject: EPIC Conference At 16:23 20/06/98 +0100, Brian Gladman wrote: >As requested here is a summary of the EPIC Conference. My thanks go to >Stefek Zaba who shared his notes with me and without whose help I would not have >been able to compile this summary. However, I take all responsibility for any >errors, problems or opinions! Thanks for an excellent report Brian (and Stefek). It's more comprehensive than my notes on the meeting so I can't add much ;-) >During discussion Nigel pointed out that the Wassenaar agreement will >come up for review shortly (I cannot remember the timescale he quoted). >It was also pointed out that if nations could not agree on carrying >some form of agreement forward, it would simply lapse My notes say November, but there has been a recent report in Australia (LAN Magazine, June 1998) that the meeting will be in September. This will be a significant development that will affect the future of crypto policy globally. We'll be doing our bit to lobby the Australian government representatives to adopt a common sense approach, which may mean letting it lapse ;-) Greg Taylor Crypto Committee Electronic Frontiers Australia From 101544.3054@compuserve.com Mon, 22 Jun 1998 15:16:46 -0400 Date: Mon, 22 Jun 1998 15:16:46 -0400 From: Rainer Fahs 101544.3054@compuserve.com Subject: EPIC Conference Thanks Brian, good summary, however, two minor points, First, it is Rainer Fahs, not Fuchs. Secondly, and this is a little more important, yes, I am currently= employed by a NATO civil agency. I was wearing a second hat at the conference, which is the one from the European Institute for Computer Ant= i Virus Research (EICAR). Within EICAR we have some people who are concern= ed about the privacy issues and we have established an international Working= Group to look even deeper into all of the aspects, not only from an IT Security, but also from the legal point of view. At the EPIC conference, = I have stated my personal opinion which is not necessarily the one of my employer. However, at the Copenhagen hearing, I recommended to Mr Schlickmann from DG XIII, that the EC Directive should indicate that it would cover legal requirements of law enforcements but no further requirements of intelligence services. If they want their requirements to= be covered, they should lay them open for public scrutiny. = Regards Rainer Fahs From javellan@ccls.edu Tue, 23 Jun 1998 06:49:50 +0100 Date: Tue, 23 Jun 1998 06:49:50 +0100 From: Juan Andres Avellan javellan@ccls.edu Subject: Interoperability of PGP and X.509 Verisign and Network Associates agree to support each other's certificates by putting a "wrapper" on PGP certificates to make them X.509 compatible. http://www.news.com/News/Item/0,4,23438,00.html?st.ne.fd.mdh Regards, Juan Andres Avellan Researcher - IT Law Unit Centre for Commercial Law Studies Queen Mary and Westfield College University of London Email: javellan@ccls.edu PGP Key Fingerprint:1908 C61E 1406 1ADB 06FA 1AD5 7D8D F388 A0DC 4180 From javellan@ccls.edu Tue, 23 Jun 1998 06:49:50 +0100 Date: Tue, 23 Jun 1998 06:49:50 +0100 From: Juan Andres Avellan javellan@ccls.edu Subject: Interoperability of PGP and X.509 Verisign and Network Associates agree to support each other's certificates by putting a "wrapper" on PGP certificates to make them X.509 compatible. http://www.news.com/News/Item/0,4,23438,00.html?st.ne.fd.mdh Regards, Juan Andres Avellan Researcher - IT Law Unit Centre for Commercial Law Studies Queen Mary and Westfield College University of London Email: javellan@ccls.edu PGP Key Fingerprint:1908 C61E 1406 1ADB 06FA 1AD5 7D8D F388 A0DC 4180 From jya@pipeline.com Tue, 23 Jun 1998 14:38:39 -0400 Date: Tue, 23 Jun 1998 14:38:39 -0400 From: John Young jya@pipeline.com Subject: NSA Declassifies Algos Thanks to Ed Roback, NIST: http://www.defenselink.mil/news/Jun1998/b06231998_bt316-98.html DoD Press Release, June 23, 1998: No. 316-78 IMMEDIATE RELEASE June 23, 1998 (703)695-0192(media) (703)697-5737(public/industry) ENCRYPTION FORMULAS DECLASSIFIED The Department of Defense today announced the decision by the National Security Agency to declassify both the Key Exchange Algorithm and the SKIPJACK encryption algorithm used in the FORTEZZA(tm) personal computer card. FORTEZZA(tm) provides security at the desktop in the Defense Message System and other DoD applications. This marks the first time that the NSA has declassified such information and made it commercially available. This declassification is an essential part of the Department of Defense's efforts to work with commercial industry in developing reasonably priced computer protection products. This declassification decision will enable industry to develop software and smartcard based security products, which are interoperable with FORTEZZA(tm). The availability of such products will enhance the protection of DoD's sensitive but unclassified and critical non-mission communications. The decision to release SKIPJACK (an 80 bit encryption algorithm that is not extensible to higher key lengths) and KEA (a 1024 bit key exchange algorithm) is restricted to these particular algorithms, and does not apply to other classified NSA algorithms. The SKIPJACK and KEA algorithms and their source codes have been declassified pursuant to Executive Order 12958. Vendors interested in obtaining more information on this matter should contact the National Security Agency Public Affairs Office at 301-688-6524. [End] From I.Brown@cs.ucl.ac.uk Wed, 24 Jun 1998 01:16:56 +0100 Date: Wed, 24 Jun 1998 01:16:56 +0100 From: Ian BROWN I.Brown@cs.ucl.ac.uk Subject: NSA Declassifies Algos The NSA's decision to declassify a symmetric encryption algorithm that is limited to an 80-bit key is the clearest sign yet that they have effective processes for cracking such messages in an acceptable time limit. Ian. From lists@notatla.demon.co.uk Wed, 24 Jun 1998 07:44:50 +0100 Date: Wed, 24 Jun 1998 07:44:50 +0100 From: lists@notatla.demon.co.uk lists@notatla.demon.co.uk Subject: NSA Declassifies Algos Ian BROWN writes > The NSA's decision to declassify a symmetric encryption algorithm that > is limited to an 80-bit key is the clearest sign yet that they have > effective processes for cracking such messages in an acceptable time > limit. Or that they are more confident of eventually cracking this than the AES candidates recently published. -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ############################################################## From pleyland@microsoft.com Wed, 24 Jun 1998 01:07:23 -0700 Date: Wed, 24 Jun 1998 01:07:23 -0700 From: Paul Leyland pleyland@microsoft.com Subject: NSA Declassifies Algos > Ian BROWN writes > > > The NSA's decision to declassify a symmetric encryption > algorithm that > > is limited to an 80-bit key is the clearest sign yet