From jya@pipeline.com Sat, 28 Feb 1998 19:15:30 -0500 Date: Sat, 28 Feb 1998 19:15:30 -0500 From: John Young jya@pipeline.com Subject: VerSecure - "strong encryption" exportable from the US Peter Wayner has a good article on this in today's online New York Times, which examines the pros and cons. The HP system is exportable only to countries approved by the USG, of which there are an initial five: UK, Germany, France, Denmark and Australia. Any new candidate country must establish a "Security Domain Authority" (SDA) satisfactory to the USG. Moreover, the token which provides access to the crypto is limited to one year before lapsing and must be annually renewed to permit adjustment to fit national policy. Critics of the system have pointed out that that token renewal would also allow the US or any other nation to easily impose a clampdown, and for that reason HP's system may be seen a "camel's nose in the tent" precursor to tighter restrictions. And such a possibility requires that it be avoided -- and probably will be by the commercial market. http://www.nytimes.com We've put a copy at: http://jya.com/hp-sda.htm From sbaker@steptoe.com Sat, 28 Feb 1998 20:49:19 -0500 Date: Sat, 28 Feb 1998 20:49:19 -0500 From: Stewart Baker sbaker@steptoe.com Subject: Re[2]: VerSecure - "strong encryption" exportable from the U Actually, once the ability to generate the tokens is exported (and that's what's been approved for the five countries), the US can't control the kind of crypto that is activated. The UK can. It can change policy and decide to restrict what crypto is enabled. But if commercial buyers think such a change is likely, that's probably a reason for commercial buyers to be interested in Versecure, not a reason to stay away. Commercial users won't thumb their nose at UK law. So if they bought hardwired crypto they'll have to throw out anything that doesn't conform to the new law unless they've got a flexible system like this. Same thing is true in reverse for French users. Why buy something that's been permanently weakened to meet French law when you can get something that's easily upgraded in place if French law changes? ______________________________ Reply Separator _________________________________ Subject: Re: VerSecure - "strong encryption" exportable from the US Author: at INTERNET Date: 2/28/98 7:15 PM Peter Wayner has a good article on this in today's online New York Times, which examines the pros and cons. The HP system is exportable only to countries approved by the USG, of which there are an initial five: UK, Germany, France, Denmark and Australia. Any new candidate country must establish a "Security Domain Authority" (SDA) satisfactory to the USG. Moreover, the token which provides access to the crypto is limited to one year before lapsing and must be annually renewed to permit adjustment to fit national policy. Critics of the system have pointed out that that token renewal would also allow the US or any other nation to easily impose a clampdown, and for that reason HP's system may be seen a "camel's nose in the tent" precursor to tighter restrictions. And such a possibility requires that it be avoided -- and probably will be by the commercial market. http://www.nytimes.com We've put a copy at: http://jya.com/hp-sda.htm From sbaker@steptoe.com Sat, 28 Feb 1998 20:49:19 -0500 Date: Sat, 28 Feb 1998 20:49:19 -0500 From: Stewart Baker sbaker@steptoe.com Subject: Re[2]: VerSecure - "strong encryption" exportable from the U Actually, once the ability to generate the tokens is exported (and that's what's been approved for the five countries), the US can't control the kind of crypto that is activated. The UK can. It can change policy and decide to restrict what crypto is enabled. But if commercial buyers think such a change is likely, that's probably a reason for commercial buyers to be interested in Versecure, not a reason to stay away. Commercial users won't thumb their nose at UK law. So if they bought hardwired crypto they'll have to throw out anything that doesn't conform to the new law unless they've got a flexible system like this. Same thing is true in reverse for French users. Why buy something that's been permanently weakened to meet French law when you can get something that's easily upgraded in place if French law changes? ______________________________ Reply Separator _________________________________ Subject: Re: VerSecure - "strong encryption" exportable from the US Author: at INTERNET Date: 2/28/98 7:15 PM Peter Wayner has a good article on this in today's online New York Times, which examines the pros and cons. The HP system is exportable only to countries approved by the USG, of which there are an initial five: UK, Germany, France, Denmark and Australia. Any new candidate country must establish a "Security Domain Authority" (SDA) satisfactory to the USG. Moreover, the token which provides access to the crypto is limited to one year before lapsing and must be annually renewed to permit adjustment to fit national policy. Critics of the system have pointed out that that token renewal would also allow the US or any other nation to easily impose a clampdown, and for that reason HP's system may be seen a "camel's nose in the tent" precursor to tighter restrictions. And such a possibility requires that it be avoided -- and probably will be by the commercial market. http://www.nytimes.com We've put a copy at: http://jya.com/hp-sda.htm From gladman@seven77.demon.co.uk Sun, 1 Mar 1998 09:29:45 -0000 Date: Sun, 1 Mar 1998 09:29:45 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Re[2]: VerSecure - "strong encryption" exportable from the U -----Original Message----- From: Stewart Baker To: ukcrypto ; ukcrypto Date: 01 March 1998 07:49 Subject: Re[2]: VerSecure - "strong encryption" exportable from the U > > Actually, once the ability to generate the tokens is exported (and that's > what's been approved for the five countries), the US can't control the kind > of crypto that is activated. The UK can. It can change policy and decide > to restrict what crypto is enabled. But if commercial buyers think such a > change is likely, that's probably a reason for commercial buyers to be > interested in Versecure, not a reason to stay away. > > Commercial users won't thumb their nose at UK law. So if they bought > hardwired crypto they'll have to throw out anything that doesn't conform to > the new law unless they've got a flexible system like this. I agree here but there are no laws in the UK restricting the use of cryptography other than in very limited domains (e.g. amateur radio). Moreover the current UK government has been very explicit in saying that, whatever its new policy is, it will ***not*** impose any constrants on the domestic use of crypography. I have lived with the HP ideas for nearly 5 years now and I know them pretty well. I do not doubt their technical quality (although I have not looked at this in any detail) but in my view HP have not paid sufficient attention to the political implications of their thinking. The main problem with the HP approach is that it is designed to put control of any cryptography it offers in the hands of entities known as the "Security Domain Authorities". Although in principle this authority need not rest with government, as far as I can tell HP has been promoting its concept in the belief that this authority ***will*** rest with government. It has certainly been in discussion with UK government representatives, including some from GCHQ, on just this possibility. Now why is it, with the US and the UK governments involved, and with NSA and GCHQ sitting in the background, that I somehow doubt that HP is doing us all a favour? More seriously, however, what right has HP got to offer the UK government the ability to control the domestic use of cryptography in the UK when there is absolutely no basis in law for any such control in the first place? This seems to me to be a very dangerous tactic for HP in that it can now be seen to intervene to support government controls on domestic cryptography in th UK in a situation where no-one in the UK wants this and even the government, in public at least, agrees. I do not mind HP pushing ICF, nor do I mind if they set up an SDA for it the UK. But I ***do*** mind that they should offer this role to the UK government, whose record in acting in the interests of its citizens in this area is open to doubt. If HP really has offered the UK government the ablity to control the domestic availability and use of cryptography here in the UK then I would consider this a conspiracy between HP and the UK government to undermine the democratic rights of UK citizens. Moreover any company taking this up cryprography in this form risks becoming a party to this conspiracy. If this is going on (and I, for one, hope it is not as I would rather like to go on buying HP laser printers!) then HP is on very, very dangerous ground. I do think, as a matter of urgency, that HP should 'come clean' in public on its actions and intentions here and I hope that those of you on this list who are in the media will encourage them to do so. Brian Gladman From Markus.Kuhn@cl.cam.ac.uk Sun, 01 Mar 1998 10:53:39 +0000 Date: Sun, 01 Mar 1998 10:53:39 +0000 From: Markus Kuhn Markus.Kuhn@cl.cam.ac.uk Subject: Management of signature keys for government Thomas Womack wrote on 1998-02-27 23:36 UTC: > >Now since even the best RSA smartcards take 30 seconds plus to > >generate a keypair, while a standard card personalisation line handles > >several cards a second, bank customer keys are generated externally > >and injected into the cards. > > Why isn't pipelining possible here? Set up the cards, attach power pack, > send the 'generate your key' instruction, continue to the next processing > phase, wait 30 seconds, remove power pack. It is naive to assume that key generation inside the card adds you any security over external key generation in the card personalization machine. The card personalization lines are usually the places where not only the keys are generated but also where the smartcard operating system is uploaded using the smartcard's boot ROM. If you trust the key-generation software inside a smartcard, then you also have to trust the entire system involved in the EEPROM upload of this software, as there you can tamper with the key generation at any place as well. Even if the key is generated inside the smartcard, there could be a weak key generator have been used in the card or the card software could have been tampered to leak the key after generation. Smartcard operating systems allow EEPROM overwrites of software, therefore evidence of such manipulation could even be removed by overwriting the relevant code with a more secure one after key generation. I hope this makes clear that in-card key generation does not make it unnecessary to include the personalization facilities into the trusted computing base. It is more important that the personalization facility is kept under tight security and that the personalization line does not have any mass storage devices that theoretically could store generated keys then to have in-card key generation during personalization. Some new digital signature legislations prohibit signature key escrow explicitly. For example the German signature law (SigG) and the regulations associated with them (all available from in German) explicitly require that all signature keys be either generated by the user or are generated by the CA on behalf of the user IF THEY ARE GUARANTEED TO BE IMMEDIATELY DESTROYED AFTER BEING HANDED OVER TO THE USER. So if in Germany keys are for performance and quality control reasons (smartcard random number generators are notoriously bad) generated by a CA, this has to be done inside a certified tamper-resistant card terminal at the CA that prevents any possible leakage of the secret keys. If a UK digital signature system involves any even indirect potential escrow of signature keys anywhere in the pipeline, then this could mean that the British signatures would not be accepted under e.g. the German SigG. A digital signature system designed today should be designed with later European harmonisation in mind, which hopefully means that only the more paranoid system designs stand a chance of survival. Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: From gladman@seven77.demon.co.uk Sun, 1 Mar 1998 13:35:48 -0000 Date: Sun, 1 Mar 1998 13:35:48 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government -----Original Message----- From: Markus Kuhn To: ukcrypto@maillist.ox.ac.uk Date: 01 March 1998 10:53 Subject: Re: Management of signature keys for government >Thomas Womack wrote on 1998-02-27 23:36 UTC: >> >Now since even the best RSA smartcards take 30 seconds plus to >> >generate a keypair, while a standard card personalisation line handles >> >several cards a second, bank customer keys are generated externally >> >and injected into the cards. >> >> Why isn't pipelining possible here? Set up the cards, attach power pack, >> send the 'generate your key' instruction, continue to the next processing >> phase, wait 30 seconds, remove power pack. > >It is naive to assume that key generation inside the card adds you >any security over external key generation in the card personalization >machine. Yes, but surely the aim is to make the totality of the environment that has to be trusted as 'small' as possible. By its nature an on-card 'key generation environment' will typically be much simpler than an environment involving both on and off card elements and this means that ***if*** we can do all the things we need to do on the card we will then have a simpler task in convincing ourselves that the total environment involved in key generation is trustworthy. I would accept that we cannot look at the key generation issue in isolaton but even so my assumption has been that we accept both on and off card components for key generation simply because smart-cards are not capable enough of doing what we need completely on the card. If this is correct, the issue is a practical one and does not undermine the possibility that a key generation solution achieved completely on the card might offer a better basis for trust. I certainly have considerable sympathy with this as a desirable objective (provided of course that we have suitable mechanisms in place for design and implementation scrutiny at card level - do we?). >The card personalization lines are usually the places where not only the >keys are generated but also where the smartcard operating system is uploaded >using the smartcard's boot ROM. If you trust the key-generation software >inside a smartcard, then you also have to trust the entire system involved >in the EEPROM upload of this software, as there you can tamper with the key >generation at any place as well. Even if the key is generated inside >the smartcard, there could be a weak key generator have been used in the >card or the card software could have been tampered to leak the key after >generation. Smartcard operating systems allow EEPROM overwrites of >software, therefore evidence of such manipulation could even be removed >by overwriting the relevant code with a more secure one after key >generation. I hope this makes clear that in-card key generation does not >make it unnecessary to include the personalization facilities into the >trusted computing base. It seems so and this makes smartcards an inadequate vehicle for really good security at the moment. For some defence applications in which I have been involved we had to adopt the PCMCIA card format for just this reason. However smartcards are improving steadily and it my be possible before too long to do more on the basic card (i.e. before it is personalised) including fast key generation and verification. Of course this means that scrutiny of the basic card will be even more vital but this is hardly a problem since if this is subverted we are dead anyway. While on the subject, I keep hearing about a UK goverment project to provide some sort of smart-card based identity card for UK citizens. Does such a project exist and, if so, where can I find out about it? Brian From Markus.Kuhn@cl.cam.ac.uk Sun, 01 Mar 1998 16:04:04 +0000 Date: Sun, 01 Mar 1998 16:04:04 +0000 From: Markus Kuhn Markus.Kuhn@cl.cam.ac.uk Subject: Management of signature keys for government Brian Gladman wrote on 1998-03-01 13:35 UTC: > Markus Kuhn wrote: > >I hope this makes clear that in-card key generation does not > >make it unnecessary to include the personalization facilities into the > >trusted computing base. > > It seems so and this makes smartcards an inadequate vehicle for really good > security at the moment. For some defence applications in which I have been > involved we had to adopt the PCMCIA card format for just this reason. This is not the issue. I am very well aware that EEPROM-based smartcards provide only a medium level of tamper-resistance and that state-of-the-art miniature tamper-resistant modules such as say the DalSemi DS1954 CryptoButton or the various IBM security modules are based on battery buffered SRAM combined with a whole range of alarm zeroisation and anti-tampering features that go far beyond of what smartcard processor manufacturers do today . You have to realize that these tamper-resistance feature work *against* you in an in-module signature key generation scheme: If the device that generates your key is ultra-tamper-resistant, then you have no way of ensuring that the algorithms applied are sound, most notably that the key generator has not been tampered with. It is feasible to reverse engineer smartcards (cost in the order of 10^4 USD per processor type) and these capabilities could be used for sample quality control of a manufacturer's output. This would not be possible any more with modern high-grade tamper-resistant modules that not even government labs can open. Tamper-resistance and quality assurance (including security evaluation) seem unfortunately to be conflicting design goals. Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: From Richard.Watts@cl.cam.ac.uk Sun, 1 Mar 1998 18:14:35 +0000 Date: Sun, 1 Mar 1998 18:14:35 +0000 From: Richard Watts Richard.Watts@cl.cam.ac.uk Subject: Management of signature keys for government On Sun 1 March 1998, Markus Kuhn wrote: >Brian Gladman wrote on 1998-03-01 13:35 UTC: >> Markus Kuhn wrote: >> >I hope this makes clear that in-card key generation does not >> >make it unnecessary to include the personalization facilities into the >> >trusted computing base. [snip] >You have to realize that these tamper-resistance feature work *against* you >in an in-module signature key generation scheme: If the device that generates >your key is ultra-tamper-resistant, then you have no way of ensuring that the >algorithms applied are sound, most notably that the key generator has not been >tampered with. True, but this holds for everything, not just key generation: if you're going to trust your card not to leak key material, why not trust it to generate your key for you ? (wrt. malice, anyway: carelessness is another matter). >It is feasible to reverse engineer smartcards (cost in the >order of 10^4 USD per processor type) and these capabilities could be >used for sample quality control of a manufacturer's output. This would >not be possible any more with modern high-grade tamper-resistant modules that >not even government labs can open. Tamper-resistance and quality assurance >(including security evaluation) seem unfortunately to be conflicting >design goals. Well, obviously: the former requires that no information leak, the latter requires that all information leak. What we want is to be able to reverse-engineer the program (ie. the smartcard logic), but not the key. It shouldn't be hard to come up with some nearly-provably secure design[1] such that the stored key can't possibly affect the computation. That's when you have to start worrying about the possibility of duff keys being inserted, and you might even be able to get around that if you could design one-time programmable hardware such that the key can only be written, once, by a program loaded onto the card, and that program can never be erased without obvious results. Given that only a small portion of smartcards will be verified, this gives the spooks the chance to target some (small) number of people with modified smartcards which (eg.) leak key or are escrowed. Just so long as none of those cards are ever sent in for verification, they'll be fine (and if they are, the spooks can just claim it was a manufacturing error). Of course, the point about setting up large targets applies here as well (though not to as great a degree): once you introduce a single signature algorithm for almost all purposes, and cheerfully declare that all the real-world safeguards we currently use to prevent forgery (postal addresses, witnesses, real paper documents etc.) are now redundant, the value of an attack goes through the roof. The logical scheme would be for every government department to support any major digital signature system that came along (modulo a security audit). Richard. [1] Implementing the design is left as an exercise for the reader :-). From gladman@seven77.demon.co.uk Sun, 1 Mar 1998 17:26:32 -0000 Date: Sun, 1 Mar 1998 17:26:32 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government -----Original Message----- From: Markus Kuhn To: ukcrypto@maillist.ox.ac.uk Date: 01 March 1998 16:04 Subject: Re: Management of signature keys for government >Brian Gladman wrote on 1998-03-01 13:35 UTC: >> Markus Kuhn wrote: >> >I hope this makes clear that in-card key generation does not >> >make it unnecessary to include the personalization facilities into the >> >trusted computing base. >> >> It seems so and this makes smartcards an inadequate vehicle for really good >> security at the moment. For some defence applications in which I have been >> involved we had to adopt the PCMCIA card format for just this reason. > >This is not the issue. I am very well aware that EEPROM-based smartcards >provide only a medium level of tamper-resistance and that state-of-the-art >miniature tamper-resistant modules such as say the DalSemi DS1954 CryptoButton >or the various IBM security modules are based on battery buffered SRAM >combined with a whole range of alarm zeroisation and anti-tampering features >that go far beyond of what smartcard processor manufacturers do today >. > >You have to realize that these tamper-resistance feature work *against* you >in an in-module signature key generation scheme: If the device that generates >your key is ultra-tamper-resistant, then you have no way of ensuring that the >algorithms applied are sound, most notably that the key generator has not been >tampered with. It is feasible to reverse engineer smartcards (cost in the >order of 10^4 USD per processor type) and these capabilities could be >used for sample quality control of a manufacturer's output. This would >not be possible any more with modern high-grade tamper-resistant modules that >not even government labs can open. Tamper-resistance and quality assurance >(including security evaluation) seem unfortunately to be conflicting >design goals. Hey, Markus, I didn't even mention tamper resistance and this was not the reason why we used the PCMCIA format - the ***US*** took this path, not us!. And I did mention the need to be sure what is on the card since all sorts of subversion can be built in at this basic level. So I think we are on the same side! Brian From sbaker@steptoe.com Sun, 1 Mar 1998 16:39:37 -0500 Date: Sun, 1 Mar 1998 16:39:37 -0500 From: Stewart Baker sbaker@steptoe.com Subject: Re[4]: VerSecure - "strong encryption" exportable from t Brian's response strikes me as overwrought. HP and everyone else who sells crypto hardware faces a market where there are many countries with controls and many without, and several that seem to be moving from one status to the other, or otherwise changing policy. Making many different products that can't interoperate is possible, of course, but not exactly what made the PC market take off. The Holy Grail is a security device that can be sold and installed everywhere without regard to special crypto regimes or changing policy. HP's solution is pretty close to that, since any applicable controls can be left to a quick and flexible downloaded token, while the product and the hardware can go everywhere. I don't think this a conspiracy, just a practical busnessman's way to get a ubiquitous security architecture actually deployed. And probably the only way, unless everyone thinks that Brian's libertarian views will suddenly sweep the world -- and in time to ship in 2Q98. ______________________________ Reply Separator _________________________________ Subject: Re: Re[2]: VerSecure - "strong encryption" exportable from t Author: at INTERNET Date: 3/1/98 4:29 AM -----Original Message----- From: Stewart Baker To: ukcrypto ; ukcrypto Date: 01 March 1998 07:49 Subject: Re[2]: VerSecure - "strong encryption" exportable from the U > > Actually, once the ability to generate the tokens is exported (and that's > what's been approved for the five countries), the US can't control the kind > of crypto that is activated. The UK can. It can change policy and decide > to restrict what crypto is enabled. But if commercial buyers think such a > change is likely, that's probably a reason for commercial buyers to be > interested in Versecure, not a reason to stay away. > > Commercial users won't thumb their nose at UK law. So if they bought > hardwired crypto they'll have to throw out anything that doesn't conform to > the new law unless they've got a flexible system like this. I agree here but there are no laws in the UK restricting the use of cryptography other than in very limited domains (e.g. amateur radio). Moreover the current UK government has been very explicit in saying that, whatever its new policy is, it will ***not*** impose any constrants on the domestic use of crypography. I have lived with the HP ideas for nearly 5 years now and I know them pretty well. I do not doubt their technical quality (although I have not looked at this in any detail) but in my view HP have not paid sufficient attention to the political implications of their thinking. The main problem with the HP approach is that it is designed to put control of any cryptography it offers in the hands of entities known as the "Security Domain Authorities". Although in principle this authority need not rest with government, as far as I can tell HP has been promoting its concept in the belief that this authority ***will*** rest with government. It has certainly been in discussion with UK government representatives, including some from GCHQ, on just this possibility. Now why is it, with the US and the UK governments involved, and with NSA and GCHQ sitting in the background, that I somehow doubt that HP is doing us all a favour? More seriously, however, what right has HP got to offer the UK government the ability to control the domestic use of cryptography in the UK when there is absolutely no basis in law for any such control in the first place? This seems to me to be a very dangerous tactic for HP in that it can now be seen to intervene to support government controls on domestic cryptography in th UK in a situation where no-one in the UK wants this and even the government, in public at least, agrees. I do not mind HP pushing ICF, nor do I mind if they set up an SDA for it the UK. But I ***do*** mind that they should offer this role to the UK government, whose record in acting in the interests of its citizens in this area is open to doubt. If HP really has offered the UK government the ablity to control the domestic availability and use of cryptography here in the UK then I would consider this a conspiracy between HP and the UK government to undermine the democratic rights of UK citizens. Moreover any company taking this up cryprography in this form risks becoming a party to this conspiracy. If this is going on (and I, for one, hope it is not as I would rather like to go on buying HP laser printers!) then HP is on very, very dangerous ground. I do think, as a matter of urgency, that HP should 'come clean' in public on its actions and intentions here and I hope that those of you on this list who are in the media will encourage them to do so. Brian Gladman From Richard.Watts@cl.cam.ac.uk Sun, 1 Mar 1998 18:14:35 +0000 Date: Sun, 1 Mar 1998 18:14:35 +0000 From: Richard Watts Richard.Watts@cl.cam.ac.uk Subject: Management of signature keys for government On Sun 1 March 1998, Markus Kuhn wrote: >Brian Gladman wrote on 1998-03-01 13:35 UTC: >> Markus Kuhn wrote: >> >I hope this makes clear that in-card key generation does not >> >make it unnecessary to include the personalization facilities into the >> >trusted computing base. [snip] >You have to realize that these tamper-resistance feature work *against* you >in an in-module signature key generation scheme: If the device that generates >your key is ultra-tamper-resistant, then you have no way of ensuring that the >algorithms applied are sound, most notably that the key generator has not been >tampered with. True, but this holds for everything, not just key generation: if you're going to trust your card not to leak key material, why not trust it to generate your key for you ? (wrt. malice, anyway: carelessness is another matter). >It is feasible to reverse engineer smartcards (cost in the >order of 10^4 USD per processor type) and these capabilities could be >used for sample quality control of a manufacturer's output. This would >not be possible any more with modern high-grade tamper-resistant modules that >not even government labs can open. Tamper-resistance and quality assurance >(including security evaluation) seem unfortunately to be conflicting >design goals. Well, obviously: the former requires that no information leak, the latter requires that all information leak. What we want is to be able to reverse-engineer the program (ie. the smartcard logic), but not the key. It shouldn't be hard to come up with some nearly-provably secure design[1] such that the stored key can't possibly affect the computation. That's when you have to start worrying about the possibility of duff keys being inserted, and you might even be able to get around that if you could design one-time programmable hardware such that the key can only be written, once, by a program loaded onto the card, and that program can never be erased without obvious results. Given that only a small portion of smartcards will be verified, this gives the spooks the chance to target some (small) number of people with modified smartcards which (eg.) leak key or are escrowed. Just so long as none of those cards are ever sent in for verification, they'll be fine (and if they are, the spooks can just claim it was a manufacturing error). Of course, the point about setting up large targets applies here as well (though not to as great a degree): once you introduce a single signature algorithm for almost all purposes, and cheerfully declare that all the real-world safeguards we currently use to prevent forgery (postal addresses, witnesses, real paper documents etc.) are now redundant, the value of an attack goes through the roof. The logical scheme would be for every government department to support any major digital signature system that came along (modulo a security audit). Richard. [1] Implementing the design is left as an exercise for the reader :-). From sbaker@steptoe.com Sun, 1 Mar 1998 16:39:37 -0500 Date: Sun, 1 Mar 1998 16:39:37 -0500 From: Stewart Baker sbaker@steptoe.com Subject: Re[4]: VerSecure - "strong encryption" exportable from t Brian's response strikes me as overwrought. HP and everyone else who sells crypto hardware faces a market where there are many countries with controls and many without, and several that seem to be moving from one status to the other, or otherwise changing policy. Making many different products that can't interoperate is possible, of course, but not exactly what made the PC market take off. The Holy Grail is a security device that can be sold and installed everywhere without regard to special crypto regimes or changing policy. HP's solution is pretty close to that, since any applicable controls can be left to a quick and flexible downloaded token, while the product and the hardware can go everywhere. I don't think this a conspiracy, just a practical busnessman's way to get a ubiquitous security architecture actually deployed. And probably the only way, unless everyone thinks that Brian's libertarian views will suddenly sweep the world -- and in time to ship in 2Q98. ______________________________ Reply Separator _________________________________ Subject: Re: Re[2]: VerSecure - "strong encryption" exportable from t Author: at INTERNET Date: 3/1/98 4:29 AM -----Original Message----- From: Stewart Baker To: ukcrypto ; ukcrypto Date: 01 March 1998 07:49 Subject: Re[2]: VerSecure - "strong encryption" exportable from the U > > Actually, once the ability to generate the tokens is exported (and that's > what's been approved for the five countries), the US can't control the kind > of crypto that is activated. The UK can. It can change policy and decide > to restrict what crypto is enabled. But if commercial buyers think such a > change is likely, that's probably a reason for commercial buyers to be > interested in Versecure, not a reason to stay away. > > Commercial users won't thumb their nose at UK law. So if they bought > hardwired crypto they'll have to throw out anything that doesn't conform to > the new law unless they've got a flexible system like this. I agree here but there are no laws in the UK restricting the use of cryptography other than in very limited domains (e.g. amateur radio). Moreover the current UK government has been very explicit in saying that, whatever its new policy is, it will ***not*** impose any constrants on the domestic use of crypography. I have lived with the HP ideas for nearly 5 years now and I know them pretty well. I do not doubt their technical quality (although I have not looked at this in any detail) but in my view HP have not paid sufficient attention to the political implications of their thinking. The main problem with the HP approach is that it is designed to put control of any cryptography it offers in the hands of entities known as the "Security Domain Authorities". Although in principle this authority need not rest with government, as far as I can tell HP has been promoting its concept in the belief that this authority ***will*** rest with government. It has certainly been in discussion with UK government representatives, including some from GCHQ, on just this possibility. Now why is it, with the US and the UK governments involved, and with NSA and GCHQ sitting in the background, that I somehow doubt that HP is doing us all a favour? More seriously, however, what right has HP got to offer the UK government the ability to control the domestic use of cryptography in the UK when there is absolutely no basis in law for any such control in the first place? This seems to me to be a very dangerous tactic for HP in that it can now be seen to intervene to support government controls on domestic cryptography in th UK in a situation where no-one in the UK wants this and even the government, in public at least, agrees. I do not mind HP pushing ICF, nor do I mind if they set up an SDA for it the UK. But I ***do*** mind that they should offer this role to the UK government, whose record in acting in the interests of its citizens in this area is open to doubt. If HP really has offered the UK government the ablity to control the domestic availability and use of cryptography here in the UK then I would consider this a conspiracy between HP and the UK government to undermine the democratic rights of UK citizens. Moreover any company taking this up cryprography in this form risks becoming a party to this conspiracy. If this is going on (and I, for one, hope it is not as I would rather like to go on buying HP laser printers!) then HP is on very, very dangerous ground. I do think, as a matter of urgency, that HP should 'come clean' in public on its actions and intentions here and I hope that those of you on this list who are in the media will encourage them to do so. Brian Gladman From Ross.Anderson@cl.cam.ac.uk Mon, 02 Mar 1998 09:04:08 +0000 Date: Mon, 02 Mar 1998 09:04:08 +0000 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Management of signature keys for government There are practical ways of reducing the risk of bad-institution attacks, and banks do understand them. After all, with 20,000 banks in the global card payment system, you expect several hundred of them to be owned by criminal gangs at any one time. When I helped design the precursor of VISA's COPAC system what we did was have interbank key material (e.g. VISA's keys) loaded at the factory, together with the EEPROM application. The device was then tested and the security bit set; the hologram is added next, after which some fairly heavy physical security procedures kick in. When the cards get to the bank, the rest of the security printing gets done. The cards are then personalised, either in a batch process or by a teller transaction. In either case, with the old DES based cards the effect was to load the bank's key material for that customer. The point is that neither the bank nor VISA knows all the customer's keys. So if you switched from RSA to DSA and thus had a key generation time of 1/2 sec rather than 30 sec, then given a trustworthy terminal in the bank the customer can generate an initial signing key which can't be reconstructed unless both the bank and VISA cheat. Add tamper resistant boxes at both these places, add lots of audit, and ensure that if they do cheat they can acquire stupendous liabilities. Experience shows that you can just about make this work. It's not perfect, and you'll have the devil's own job dealing with `phantom withdrawals' when (say) carelessness at VISA is spotted and exploited by a programmer at a bank. The way to deal with this is in my view the line currently being advocated in the EU, namely a directive that a sworn statement by a customer will have equal force to a claim by a bank that its systems are secure. (HMG is of course going in the other direction by abolishing section 69 of the Police and Criminal Evidence Act, which will mean that people framed by GCHQ using escrowed copies of signature keys will have a hard time getting independent experts to examine the system. Hopefully the EU will frustrate this evil in one way or another.) You might conceivably make things work better by letting the customer bootstrap other keys for different applications in a variety of ways (card interaction with home PC, with M and S's eftpos terminal, with electricity meter, ...) and then verify the customer using available back channels (print your key fingerprint on your shop receipts). But there are substantial business problems here, such as `whose logo goes on the front?' These have killed all multi-function smartcard schemes so far and hopefully they'll also kill Mr Clark's obnoxious little scheme. The moral I suppose is that with even a small amount of care in the design process, you can do things a damn sight better than MasterCard - or GCHQ either for that matter :-) Ross From gladman@seven77.demon.co.uk Mon, 2 Mar 1998 08:11:42 -0000 Date: Mon, 2 Mar 1998 08:11:42 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Re[4]: VerSecure - "strong encryption" exportable from t -----Original Message----- From: Stewart Baker To: ukcrypto ; ukcrypto Date: 01 March 1998 23:48 Subject: Re[4]: VerSecure - "strong encryption" exportable from t > >Brian's response strikes me as overwrought. HP and everyone else who sells >crypto hardware faces a market where there are many countries with controls and >many without, and several that seem to be moving from one status to the other, >or otherwise changing policy. Making many different products that can't >interoperate is possible, of course, but not exactly what made the PC market >take off. But this is not the issue, I am not against what HP are doing in technical terms as I made clear. My question is a simple one - In those countries where there are no domestic controls on cryptography, is it right that HP should offer governments just such controls? You clearly believe it is and I respect your right to hold this view but I do not share it - in my view such actions take us down the slippery slope towards an authoritarian state. As I said, I hope that this is not what is happening and I now await a public statement from HP to clarify their intentions in respect of the control of this technology as applied within the domestic crypto market in the UK. Rest assured that I wil be delighted to find that they have got this right since I think they will suffer dearly for the oversight if they have not. Brian From gladman@seven77.demon.co.uk Mon, 2 Mar 1998 09:01:44 -0000 Date: Mon, 2 Mar 1998 09:01:44 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government -----Original Message----- From: Ross Anderson To: ukcrypto@maillist.ox.ac.uk Date: 02 March 1998 09:05 Subject: Re: Management of signature keys for government >So if you switched from RSA to DSA and thus had a key generation time >of 1/2 sec rather than 30 sec, then given a trustworthy terminal in >the bank the customer can generate an initial signing key which can't >be reconstructed unless both the bank and VISA cheat. Add tamper >resistant boxes at both these places, add lots of audit, and ensure >that if they do cheat they can acquire stupendous liabilities. >Experience shows that you can just about make this work. I assume here that the key is generated on card and the public component is then exported into the trusted terminal? It seems to me that we need complete open visibility of the algorithms and hardware components used for key generation and I have been wondering how to achieve this. One possibility that I have been wondering about is that of pursuing and openly publishing such a design in software down to the bits that are loaded and then using digital signature techniques to ensure that no changes are made. The thought is that if the basic processor can (a) check a digital signature and (b) has a ***very small*** area that can be personalised during manufacture it might then be possible to ensure that a card would only run a digitally signed, openly scrutinised key generation process. We still have to be sure that the basic card has not been subverted but we might at least avoid subversion in other parts of the chain from manufacture to the customer if this could be done. I am not up on smartcards and the like but I imagine that even the smallest amount of personalisation in manufacture is not possible? Maybe, if we could really get an open key generation design that was widely accepted it could simply be built into the basic smartcard anyway? My point here is that we have be be sure that the basic hardware has not been subverted so we might as well do the key generation at this level and ensure that it is subject to the scrutiny process that is necessary at this level anyway. There are counter arguments that I can think of but I wonder what all the pros and cons of such an approach would be. > >It's not perfect, and you'll have the devil's own job dealing with >`phantom withdrawals' when (say) carelessness at VISA is spotted and >exploited by a programmer at a bank. The way to deal with this is in >my view the line currently being advocated in the EU, namely a >directive that a sworn statement by a customer will have equal force >to a claim by a bank that its systems are secure. (HMG is of course >going in the other direction by abolishing section 69 of the Police >and Criminal Evidence Act, which will mean that people framed by GCHQ >using escrowed copies of signature keys will have a hard time getting >independent experts to examine the system. Hopefully the EU will >frustrate this evil in one way or another.) > >You might conceivably make things work better by letting the customer >bootstrap other keys for different applications in a variety of ways >(card interaction with home PC, with M and S's eftpos terminal, with >electricity meter, ...) and then verify the customer using available >back channels (print your key fingerprint on your shop receipts). But >there are substantial business problems here, such as `whose logo goes >on the front?' These have killed all multi-function smartcard schemes >so far and hopefully they'll also kill Mr Clark's obnoxious little >scheme. I am still trying to get information on Mr Clark's activity - have these proposals been published anywhere? Brian From brownrk1@texaco.com Mon, 2 Mar 1998 04:37:59 -0600 Date: Mon, 2 Mar 1998 04:37:59 -0600 From: Brown, R Ken brownrk1@texaco.com Subject: VerSecure - "strong encryption" exportable from the US Thomas Womack wrote: > "Additionally, we provided for the periodic expiration of the cryptographic > functionality as a hedge against obsolescence." seems really disconcerting, > since I can't see any way of implementing this without ending up with the > possibility of being unable to decode legacy data. Which seems exactly right to me. And what happens if you mess up the annual renewal? I may not know much about cryptography but I know a lot about the way IT departments think - I would hate to have to persuade my bosses to implement a device that was pre-programmed to fail one year from now unless certain employees (& we don't know who they will be because we may all have moved jobs by then) contact the SDA (who may also have changed by then) and say the right magic words to get them to reprogram our equipment according to whatever rules the government may have dreamed up in the meantime (and I'm sure you know what irrational prejudices many managers have about the competance of government and the Civil Service ). Maybe banks and card-issuers will be used to this sort of hassle but industrial companies and retailers will avoid it like the plague. From nbohm@ernest.net Mon, 02 Mar 1998 10:55:38 +0000 Date: Mon, 02 Mar 1998 10:55:38 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Management of signature keys for government At 09:04 2/03/98 +0000, Ross Anderson wrote: [snip] >So if you switched from RSA to DSA and thus had a key generation time >of 1/2 sec rather than 30 sec, then given a trustworthy terminal in >the bank the customer can generate an initial signing key which can't >be reconstructed unless both the bank and VISA cheat. Add tamper >resistant boxes at both these places, add lots of audit, and ensure >that if they do cheat they can acquire stupendous liabilities. >Experience shows that you can just about make this work. A few years ago I advised one of the Clearing Banks on the terms and conditions applying to their electronic banking services to corporate customers. These terms made the customer responsible for instructions authenticated with the customer's key, as provided by the bank to the customer. I made the point that this term would not work satisfactorily unless the bank took adequate steps to ensure that the key was in fact delivered to an individual member of staff who was properly authorised by the corporate customer to receive it. I criticised the then current practice of sending the key by ordinary post to the company in an envelope addressed impersonally to "the Managing Director". I was told by the bank's legal department that this comment was regarded by the bank as extending beyond the scope of my instructions. There certainly seem to be a remarkable number of ways for this sort of thing to go wrong. I certainly feel more secure with a system where I can generate my own key pair on my own (non-networked) PC while offline from the net. Given the problems which seem (from correspondence in this list) to arise when trying to be sure of the security of card-based systems, what is their advantage? [snip] Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From DHowe@tecsun.demon.co.uk Mon, 02 Mar 1998 10:26:14 +0000 Date: Mon, 02 Mar 1998 10:26:14 +0000 From: Dave Howe DHowe@tecsun.demon.co.uk Subject: Management of signature keys for government I don't know why, but I seem completely unable to see why users can't generate their own keys for use in smart cards, using their own trusted software, and uplink their own trusted copy of the key to the smartcard. I can see why central administration of the ATM / credit cards is needed. 1) The cards are the property of the issuer (mine even has that printed on the reverse) 2) Readers are rare and under the direct control of the bank (ATM or sales-point readers) 3) They are only used to access bank facilities. However, if smartcards are to be widely adopted, none of the above is true. 1) The card is your signature; it is a personal statement that you agree with or approve of the document it is attached to 2) Readers must be commonplace, and must already be capable of writing data to the card (or how do you tell it *what* to sign. Almost by definition, it must be a small device that can be attached to a pc (presumably via a serial port to prevent it being tied to one piece of hardware); it must be inexpensive enough that people will be willing to adopt it; It must be secure enough that people will trust it. 3) It must be capable of signing a document to be exchanged between two end users (without a third party needing to take part, other than as a repository of the public side of the key) In order to meet the requirements of trustability in (2), the card _must_ have some form of fragable link (a fuse or similar) so that once a voltage has been applied across it, the card is unable to accept any further write commands. Is there any valid reason why this has to have been blown at the factory? Sig: __--= Dave =--__ From pleyland@microsoft.com Mon, 2 Mar 1998 05:52:57 -0800 Date: Mon, 2 Mar 1998 05:52:57 -0800 From: Paul Leyland pleyland@microsoft.com Subject: Management of signature keys for government Ross wrote about personalizing cards: > It is in theory possible for keypairs to be generated locally by the > user. Of course, one would need something like a trustworthy terminal > in a public place into which a customer could insert a virgin card, > wait while it computed a key, then obtain from it a printed key > fingerprint which she could sign and present together with ID to a > clerk in order to get a certificate. It's unlikely that the uptake of > cards would be high if getting one involved so much hassle. It seems to me that he's analyzing only the cost and not the benefit of the process. Consider: a very large number of people go to substantially more trouble than that described above so that they can obtain a passport. If the benefit from obtaining a card is comparable (or even significantly less) than that from obtaining a passport, the takeup will be high. Paul From gladman@seven77.demon.co.uk Mon, 2 Mar 1998 14:19:47 -0000 Date: Mon, 2 Mar 1998 14:19:47 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government -----Original Message----- From: Dave Howe To: ukcrypto@maillist.ox.ac.uk Date: 02 March 1998 11:55 Subject: Re: Management of signature keys for government >I don't know why, but I seem completely unable to see why >users can't generate their own keys for use in smart cards, >using their own trusted software, and uplink their own trusted >copy of the key to the smartcard. One issue in the self generation of keys is how to prevent a user repudiating their own key by revealing its private component. One advantage (in principle) of 'on-card' signature key generation is that no-one - not even the owner - knows the value of the secret component of the key since this only ever exists on the card. Of course the user can 'lose' the card but this is not quite the same as publishing the secret key component. There are a number of ways in which a user could be prevented (or at least deterred) from revealing their own key but it is not clear (to me at least) whether any of these are practical in the real world. However, irrespective of whether on or off card key generation is employed, it is vital that the processes leading to the generation of signature key pairs for an identity or signature card are subject to some form of publicly accountable and demonstrably independent expert scrutiny of their design, their implementation and their operation. In the case of the user generating their own key it will be the software used to do this that needs to be scrutinised. In the case of 'on card' generation it is the card and any associated firmware that needs such scrutiny. In my view it is this form of scrutiny that will really matter since we cannot all take our ID cards apart to see if they work properly! Brian From gladman@seven77.demon.co.uk Mon, 2 Mar 1998 13:42:00 -0000 Date: Mon, 2 Mar 1998 13:42:00 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government -----Original Message----- From: Paul Leyland To: 'ukcrypto@maillist.ox.ac.uk' Date: 02 March 1998 13:54 Subject: RE: Management of signature keys for government >Ross wrote about personalizing cards: > >> It is in theory possible for keypairs to be generated locally by the >> user. Of course, one would need something like a trustworthy terminal >> in a public place into which a customer could insert a virgin card, >> wait while it computed a key, then obtain from it a printed key >> fingerprint which she could sign and present together with ID to a >> clerk in order to get a certificate. It's unlikely that the uptake of >> cards would be high if getting one involved so much hassle. > >It seems to me that he's analyzing only the cost and not the benefit of the >process. Consider: a very large number of people go to substantially more >trouble than that described above so that they can obtain a passport. If >the benefit from obtaining a card is comparable (or even significantly less) >than that from obtaining a passport, the takeup will be high. > >Paul > I have not yet rejected the idea and, as you suggest, I am more interested in this as a cost/benefit issue rather than one of principle (cost = total cost, not just money). If I understand Ross's position correctly, he is against such developments as a matter of principle. I have not made up my mind yet whether voluntary electronic identity cards are a good or bad thing and I would certainly like to know whether they are technically feasible in a form that is safe from a citizen's perspective. I suspect that smartcards are not good enough for this at the moment but I am open minded and would like to know more. However, aside from some comments from Ross, I have not found any published material setting out UK government plans here. Brian From cacib@liberty.org.uk Mon, 2 Mar 1998 16:18:05 +0100 Date: Mon, 2 Mar 1998 16:18:05 +0100 From: Campaign Against Censorship of the Internet cacib@liberty.org.uk Subject: Barbara Roche press conference Barbara Roche has called a press conference for tomorrow morning. The journalist I spoke to said it was on encryption and digital signatures. DTI Public Communications office is denying this, saying its on "the Internet and pornography and stuff like that" More as I get it. Malcolm Hutty. ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib From Ross.Anderson@cl.cam.ac.uk Mon, 02 Mar 1998 16:34:21 +0000 Date: Mon, 02 Mar 1998 16:34:21 +0000 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Management of signature keys for government An employee of the Evil Empire wrote: > It seems to me that he's analyzing only the cost and not the benefit of the > process. Consider: a very large number of people go to substantially more > trouble than that described above so that they can obtain a passport. So far, to get a passport I've just sent in a form and waited a few weeks > If the benefit from obtaining a card is comparable (or even significantly > less) than that from obtaining a passport, the takeup will be high. If the government tries to make the benefit from owning a `personal signature card' comparable to that of owning a passport - and they are already talking about its being a precondition of convenient public access to everything from your tax file to your medical record - then the political backlash once people realise what is going on will completely dwarf what we saw yesterday in London. The English speaking world has done just fine without ID cards. The civil service keep on trying to sneak them in but have always lost so far. If the government is sufficiently asleep, or out of its mind, to let them get away with this one then they will pay a heavy political price. Ross From cacib@liberty.org.uk Mon, 2 Mar 1998 16:41:57 +0100 Date: Mon, 2 Mar 1998 16:41:57 +0100 From: Campaign Against Censorship of the Internet cacib@liberty.org.uk Subject: Barbara Roche Apparently this is not going to be about crypto, although it will be of interest to civil liberties groups. Details tomorrow, once it has happened from: http://www.liberty.org.uk/cacib/ ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib From DHowe@tecsun.demon.co.uk Mon, 02 Mar 1998 16:38:09 +0000 Date: Mon, 02 Mar 1998 16:38:09 +0000 From: Dave Howe DHowe@tecsun.demon.co.uk Subject: Management of signature keys for government <<< Brian Gladman 03/02/98 02:19pm >>> >>I don't know why, but I seem completely unable to see why >>users can't generate their own keys for use in smart cards, >>using their own trusted software, and uplink their own trusted >>copy of the key to the smartcard. >One issue in the self generation of keys is how to prevent a user >repudiating their own key by revealing its private component. One advantage >(in principle) of 'on-card' signature key generation is that no-one - not >even the owner - knows the value of the secret component of the key since >this only ever exists on the card. Of course the user can 'lose' the card >but this is not quite the same as publishing the secret key component. Hmm. You would need revocation certs (just as PGP does now) in case the card was stolen. If the user is made responsible for any or all sigs up to the point he registers the revocation cert with the public key repository.... >There are a number of ways in which a user could be prevented (or at least >deterred) from revealing their own key but it is not clear (to me at least) >whether any of these are practical in the real world. Hmm. How about a two-stage encryption? each individual card is given a "pool" key (from a large enough pool that the odds of an individual user being able to locate a second card with the same key are reasonably low), and the signature is then countersigned with a second key? That would give both the manufacturer and the user an irreproducable component. I don't like the idea, but it would work.... I agree - particularly that the executable on the card must be capable of verification, while the key material cannot be read (I assume this is possible) If nothing else, this should make the process cheaper - if you must load a bootstrap executable to the card, copy your key with it, then load the "real" executable and blow the link. If the algorithm is updated, then exactly the same type of card can be used, but with the updated algorithm applied (and obviously, a new key calculated) Sig: __--= Dave =--__ From nbohm@ernest.net Mon, 02 Mar 1998 16:55:14 +0000 Date: Mon, 02 Mar 1998 16:55:14 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Management of signature keys for government At 14:19 2/03/98 -0000, Brian Gladman wrote: [snip] >One issue in the self generation of keys is how to prevent a user >repudiating their own key by revealing its private component. One advantage >(in principle) of 'on-card' signature key generation is that no-one - not >even the owner - knows the value of the secret component of the key since >this only ever exists on the card. Of course the user can 'lose' the card >but this is not quite the same as publishing the secret key component. > >There are a number of ways in which a user could be prevented (or at least >deterred) from revealing their own key but it is not clear (to me at least) >whether any of these are practical in the real world. I doubt whether there are practical technical means of preventing repudiation (although I too would like to learn more). You can always lose your card, and unless it could only be used with biometrical identifiers, your PIN could have been snooped (as in the fake ATM case). Legally, of course, you can be made responsible for all card use prior to formal revocation. But once you have to revoke a card (or key) accepted by numerous unconnected traders, there are practical problems of achieving comprehensive worldwide revocation. [snip] Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From lawya@lucs-01.novell.leeds.ac.uk Mon, 2 Mar 1998 17:47:16 GMT0BST Date: Mon, 2 Mar 1998 17:47:16 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: Barbara Roche press conference Malcolm, > DTI Public Communications office is denying this, saying > its on "the Internet and pornography and stuff like that" It is supposed to be the announcement of a consultation plan for the development of the rating systems at the UL level by the Internet Watch Foundation. That will certainly be announced tomorrow if the programme has not been changed. I do not know about the crypto announcement. If they deny it then it must be the rating systems announcement. After all these debates I am sure Nigel Hickson - who is on this list - will announce us all at least the day before and not three days after :-) Regards, Yaman ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From pleyland@microsoft.com Mon, 2 Mar 1998 10:03:21 -0800 Date: Mon, 2 Mar 1998 10:03:21 -0800 From: Paul Leyland pleyland@microsoft.com Subject: Management of signature keys for government Ross wrote: > An employee of the Evil Empire wrote: 8-) >> It seems to me that he's analyzing only the cost and not the benefit of the >> process. Consider: a very large number of people go to substantially more >> trouble than that described above so that they can obtain a passport. > > So far, to get a passport I've just sent in a form and waited a few weeks Amazing. You must have been especially favoured, or do you have official contacts you haven't told us about? ;-) I had to fill in a form, find someone reputable such as an MP (!) or JP to vouch for me, have a mugshot taken, pay a significant fee *and* wait several weeks. Rather more hassle and a longer delay than the process you described for smart card initialization. Indeed, the passport hassle analogy could be used as a counter-argument to the claim that for performance reasons only 10k different keys will be available. > If the government tries to make the benefit from owning a `personal signature > card' comparable to that of owning a passport - and they are already talking That is a different matter entirely. I was picking up only on your rather one-sided views on why smart-card initialization would be too painful for the majority of the population. If you wish, I can provide example of other activities which seem to require an inordinate amount of hassle which, nonetheless, large numbers of people undergo. Don't even get me on to the subject of house buying and selling right now 8-( Paul From gladman@seven77.demon.co.uk Mon, 2 Mar 1998 16:33:48 -0000 Date: Mon, 2 Mar 1998 16:33:48 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government -----Original Message----- From: Nicholas Bohm To: ukcrypto@maillist.ox.ac.uk Date: 02 March 1998 16:56 Subject: Re: Management of signature keys for government >At 14:19 2/03/98 -0000, Brian Gladman wrote: >[snip] >>One issue in the self generation of keys is how to prevent a user >>repudiating their own key by revealing its private component. One advantage >>(in principle) of 'on-card' signature key generation is that no-one - not >>even the owner - knows the value of the secret component of the key since >>this only ever exists on the card. Of course the user can 'lose' the card >>but this is not quite the same as publishing the secret key component. >> >>There are a number of ways in which a user could be prevented (or at least >>deterred) from revealing their own key but it is not clear (to me at least) >>whether any of these are practical in the real world. > >I doubt whether there are practical technical means of preventing >repudiation (although I too would like to learn more). You can always lose >your card, and unless it could only be used with biometrical identifiers, >your PIN could have been snooped (as in the fake ATM case). The situaton I was thinking about is one in which a user not wishing to enter a contact, but wanting to appear to do so, publishes their secret key component just before using it to sign the contract. Afterwards they then claim that their key became public knowledge before they signed and hence try to invalidate their signature. The advantage of generating and storing the secret key component on the card (and preventing its export) is that this prevents the key value being published in this way. If this is correct it is possible to prevent some forms of repudiation. >Legally, of course, you can be made responsible for all card use prior to >formal revocation. But once you have to revoke a card (or key) accepted by >numerous unconnected traders, there are practical problems of achieving >comprehensive worldwide revocation. Interesting point - this probably means that having the private key component generated on (and protected from export from) the card is a defence mechanism for users. If there is only ever one signature key, which cannot be replicated, then the scope for misuse is limited to stealing the card etc. If the key exists off the card the possibility exists for its replication and this means that the resulting damage could be a great deal more extensive. This makes me even more convinced that I want 'on-card' signature key generation! Brian From nigelhickson@compuserve.com Mon, 2 Mar 1998 16:32:06 -0500 Date: Mon, 2 Mar 1998 16:32:06 -0500 From: Nigel Hickson nigelhickson@compuserve.com Subject: EU Crypto Free Trade Area Colleagues With respect to "export controls" the intra-EU controls fall under Export= of Good Regulation which is a Community Instrument. This has an Annex (4= I think) with a list of those products which are excluded from "free" intra-eU trade. Crypto is one of the categories. The Commission have noted they intend to revisit the latter this year. = Nigel Hickson = From nigelhickson@compuserve.com Mon, 2 Mar 1998 16:42:02 -0500 Date: Mon, 2 Mar 1998 16:42:02 -0500 From: Nigel Hickson nigelhickson@compuserve.com Subject: PRESS CONFERENCE Colleagues = To stop the rumours; to my knowledge Mrs Roche will NOT be making any announcement on encryption and digital signatures. = Nigel = From duncan@gn.apc.org Mon, 02 Mar 1998 23:35:59 Date: Mon, 02 Mar 1998 23:35:59 From: Duncan Campbell duncan@gn.apc.org Subject: Original sources regarding the ECHELON sigint network >>The New York times has recently run a story regarding a "telecommunications >>interception network" operating in Europe. >>My recollection is that news broke about this some time last year, thanks >>to revelations in New Zealand. Sorry, I don't have a good reference to >> hand. The original and primary source for information on ECHELON is an article I wrote in New Statesman magazine ten years ago : NS, 12 August 1988 : "They've got it taped". In 1991, a UK World in Action programme added an important new detail about the network, namely the presence of a DICTIONARY computer (a key part of the system) at GCHQ's processing centre in Westminster. In 1993, I produced a documentary for Channel 4 - "The Hill" which related ECHELON to the work of the Menwith Hill NSA field station near Harrogate in Yorkshire. In 1996, Nicky Hager in New Zealand described in his book "Secret Power" the presence of DICTIONARY computers at two New Zealand sigint stations, and gave extensive details of the local programming and tasking of the ECHELON "dictionaries". Apart from these sources, so far as I am aware all the reports that are around are derivative and reprocessed. The European Parliament STOA committee report from the "Omega Foundation" is in this category and was in fact submitted rather more than a year ago. If anyone is aware of any other *original* publication on this topic, could they post it. The arrival in the public domain of original information in this area is a rarity, yet is the foundation for the only things we "know" about the scale of NSA/GCHQ surveillance and processing. Duncan Campbell From davidh@spidacom.co.uk Tue, 3 Mar 1998 07:08:18 +0000 Date: Tue, 3 Mar 1998 07:08:18 +0000 From: davidh@spidacom.co.uk davidh@spidacom.co.uk Subject: Management of signature keys for government On 2 Mar 98 at 14:19, Brian Gladman wrote in two messages: >I have not made up my mind yet whether voluntary electronic >identity cards are a good or bad thing and I would certainly like to >know whether they are technically feasible in a form that is safe >From a citizen's perspective. It might be that different citizens have different perceptions of what "safe" is. Would it be possible for an individual citizen to object I wonder, or would the tyrany of the (possibly poorly informed) prevail? It seems possible to whip up a storm to do with terrorists and child pornography to persuade the masses that we should all have an electronic identity card for "security" reasons, perhaps a "smart" card implanted at birth (or even before birth as we can't trust those doctors). I have heard from bankers of people who refuse to use bank plastic cards because they distrust the systems banks employ. No doubt someone here could expand on this. These people have the right to give up the convenience of the card for what they regard as the greater security of traditional methods. Would the same facility not to use a government issued plastic card exist I wonder? > However, irrespective of whether on or off card key generation is > employed, it is vital that the processes leading to the generation > of signature key pairs for an identity or signature card are subject > to some form of publicly accountable and demonstrably independent > expert scrutiny of their design, their implementation and their > operation. I agree, but industry and governmnet does not have a good track record in this. Netscape and Microsoft are two examples of computer companies who have found out the hard way that external scrutiny of security software is advisable. The banks have yet to learn this lesson and think that they must keep their methods secret. The same is true of the government, for example the Red Herring proposal for the NHS with its "nanny knows best" algorithm. David Hansen | davidh@spidacom.co.uk | PGP email preferred Edinburgh | CI$ number 100024,3247 | key number 6AC0AC7D From E.J.Koops@kub.nl Tue, 3 Mar 1998 11:17:20 MET Date: Tue, 3 Mar 1998 11:17:20 MET From: Bert-Jaap Koops E.J.Koops@kub.nl Subject: Crypto Law Survey updated I have just updated my survey of existing and envisaged cryptography laws and regulations. See the Crypto Law Survey at http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm This update includes: -update on European Union (ETSI on TTP; Eckhert statement; COM (97) 503 "not important"; Birmingham conference), Council of Europe (PC-CY), Belgium (law amended), Canada (crypto policy discussion paper), France (Lorentz report), Gemany (Sandl statement; no backdoor in Pluto), Israel (export revision), Netherlands (proposals to extend decryption command; TTP project; encrypt to "seize"; use remains free), Scandinavia (PSS no longer Nordic), United Kingdom (policy announcement delayed; SfL resolution), United States (interim export rule; California resolution; czar travels; Compsec Enhancement Act; Kerrey McCain revised; AES conference) -corrections on Estonia (controls were reported), Switzerland (telecom > radio) -clarification on Wassenaar Arrangement (General Software Note), Germany (export), Israel (case-by-case decisions), Sweden (Internet export), US (SAFE versions) -URL added to Canada (gov PKI), Hong Kong (export) Kind regards, Bert-Jaap --------------------------------------------------------------------- Bert-Jaap Koops tel +31 13 466 8101 Center for Law, Administration and facs +31 13 466 8149 Informatization, Tilburg University e-mail E.J.Koops@kub.nl -------------------------------------------------- Postbus 90153 | This world's just mad enough to have been made | 5000 LE Tilburg | by the Being his beings into being prayed. | The Netherlands | (Howard Nemerov) | --------------------------------------------------------------------- http://cwis.kub.nl/~frw/people/koops/bertjaap.htm --------------------------------------------------------------------- From jeremy.hilton@jhconsulting.co.uk Tue, 3 Mar 1998 10:23:09 -0000 Date: Tue, 3 Mar 1998 10:23:09 -0000 From: Jeremy Hilton jeremy.hilton@jhconsulting.co.uk Subject: ICX GBI Conference 1998 Global Business Infrastructure 2000 (GBI 2000) Conference Kurhaus Hotel, Scheveningen, The Hague, March 31st - 2nd April 1998 Key components in creating a secure electronic commerce environment are the captured in the OECD principles of International Cooperation, Choice and Market- driven Cryptographic Methods, Privacy, Lawful Access, Liability & Legal Aspects and Standards & Trust.. The 1998 GBI 2000 conference, organized by International Commerce eXchange (ICX), will review progress on the implementation of the OECD Guidelines and continue the dialogue begun last year. ICX is a non profit making forum for businesses by businesses who take part in electronic commerce over any network and who need confidence in its security. 1998 GBI 2000 Programme 1998 GBI 2000 provides six half day briefing sessions and panel discussions. Each session will involve representatives from business users, vendors, governments and international organizations. On the second day of the conference a parallel meeting of the International Cryptography Experiment (ICE) meeting will provide ICE participants with an overview of important technology developments in the provision of international cryptographic solutions capable of meeting global business information security needs. The combination of GBI 2000 and ICE is a unique opportunity to review and contribute to progress on the issues and technologies enabling secure electronic commerce in the next millennium. Tuesday 31st March 8 a.m. Registration 9 a.m. Opening Keynote Speech A senior figure from Shell Services International will explain the importance of secure electronic commerce.. He will present a business perspective on the importance of creating a predictable and secure electronic commerce environment. 9.30 a.m Session 1 International Co-operation The first session on Tuesday morning will focus on progress on the principle of International Co-operation. The audience will be able to judge whether unjustified obstacles to trade are being created. Business Requirements - Ms. Lily Lin; Lecturer in marketing at the International Hotel School, The Hague. Government Response - Deniz Erocal; Business Industry Advisory Committee (BIAC) to the OECD A speaker from the European Commission DG3 10.45 a.m. - 11.15 a.m. Coffee Netherlands Ministry of Economic Affairs Ake Nielson; Marinade and ICC Chris Sundt; ICL and the Confederation of British Industry Session 1 moderator: Ake Nielson, Marinade 12.30 p.m. Lunch 13.30 p.m. Session 2 User Choice and Market Driven Development In the afternoon progress on the principles of User Choice and Market Driven Development of security methods will be reviewed. Representatives from business, vendors and government will give their different assessments. How open are the choices ? How market driven is development? These are some of the major issues which will be reviewed. David Aucsmith; Intel Jan Andersson - Sweden Post 14.45 p.m. - 15.15 p.m. Coffee/tea Dean Adams; The Open Group TBA; Siemens Ag Session 2 Moderator: Adolf Doerig, Revisuisse Price Waterhouse Wednesday 1st April 9 a.m. Keynote - GBI 2000 A senior manager of The UK Post Office, will give a keynote introduction on Wednesday. The Post Office will explain their approach to creating a trusted environment for secure electronic commerce. 9.30 a.m. Session 3 Liability The morning session will review the progress of implementing Liability, coupled with a wider consideration of legal and regulatory aspects. Chris Taper, EEMA, Yves LeRoux, Digital 10. 45 a.m. - 11.15 a.m. Coffee Clare Wardle, UK Post Office Legal Services Hany Elmanawy, Universal Postal Union Session 3 moderator: Chris Taper, ICL 12.30 p.m. - Lunch 13.30 p.m. Session 4 Standardisation and User Trust The afternoon of day three will review progress towards implementing Standardisation and User Trust. Trust In Cryptographic Methods - Ed Roeback; U.S. Department of Commerce Jeremy Hilton, The Post Office Adolf Doerig, Revisuisse Price Waterhouse (Zurich) 14.45 p.m. - 15.15 p.m. Coffee/tea David Lacey, Shell Services International Anton Pronk, NNI TBD, Telecom Italia Session Moderator: Paolo Rossini, Telsy Wednesday 1st April 8. 30 a.m. - 8.35 a.m. ICE Welcome 8. 35 a.m. ICE Keynote International Cryptography Experiment - Past, Present, and Future Stephen Walker, President and CEO, Trusted Information Systems The founder of ICE, Steve Walker, Trusted Information Systems, will start the day with a presentation on the motivation, history, and principles of the ICE initiative. The ICE meeting will continue with a series of technical sessions covering ICE, government initiatives, cryptographic technologies, and industry perspectives. Technical topics will include "plug-in" cryptography, cryptographic security architectures, and cryptographic APIs, as well as public key infrastructures, certification authorities, trusted third parties, key recovery systems, encryption systems, key management schemes, cryptographic algorithms, accreditation and certification, and export regulatory matters. A number of major vendors will also provide exhibits and displays. 9 a.m. ICE Session One - Government Initiatives DARPA ICE Project Overview and Layered Cryptographic Architectures Mr. David M. Balenson, ICE Project Leader, Trusted Information Systems US Crypto Standards Update Mr. Edward Roback, US National Institute of Standards and Technology (NIST) MoD SOS TDP Update (Invited) Lt. Col. Colin Whittaker, UK MOD 10.45 a.m. - 11.15 a.m. Coffee/tea 11.15 a.m. Session Two - Panel - KRISIS & EuroTrust Initiatives Mr. Helmut Kurt, IABG Mr. Alan Liddle, Trusted Information Systems Mr. Paddy Holahan, Baltimore Technologies 12.30 p.m. - Lunch Session Three - Cryptographic Technologies Intel Common Data Security Architecture (CDSA) Mr. David Aucsmith, Security Architect, Intel Framework for Interoperability of Key Recovery Systems Mr. Bob Frith, President, Key Recovery Alliance (KRA) Mr. David Balenson, KRA Protocol Team Practical Public Key Infrastructure Mr. Pierre Boucher, Director of Government Programs, Entrust 14.45 p.m. - 15.15 p.m. Coffee/tea 15.15 p.m. Session Four - Industry Perspectives Cryptographic Development Activities Mr. Paddy Holahan, Business Development Manager, Baltimore Technologies Cryptographic Systems in Europe: A Manufacturer's Perspective Mr. Paolo Rossini, Business Development Manager, Telsy Implementing Cryptography ... in Practice Prof. Henry Beker, Chairman and Chief Executive, Zergo Limited Internationalized Cryptography for Developers Dr. Roger Schell, Senior Development Manager, Novell (TBD) Mr. Frank Jorinssen, Utimaco Belgium nv (TBD) Mr. Steve Mathews, PC Security Ltd. (TBD) (Invited) Mr. Jim Schindler, Hewlett Packard 17.00 p.m. Adjourn Thursday 2nd April - GBI 2000 9 a.m. Keynote - Trusted Third Party Requirements Keynote Speaker (Henk de Vries, Netherlands Ministry of Transport & Public Works) will be the keynote speaker on Thursday morning. This will provide a Dutch government view on how a predictable and secure environment for electronic commerce can be created, based on stated Trusted Third Party requirements. 9.30 a.m. Session 5 Lawful Access The morning session promises to be lively with a discussion on progress implementing the principle of Lawful Access to encrypted confidential data. Business Requirements - Nick Mansfield, Shell Services International. UK Government Policy - Nigel Hickson, UK Department of Trade and Industry. 10. 45 a.m. - 11.15 a.m. Coffee Business solutions to the recovery of keys: Interoperability Framework - Bob Frith, Motorola and President of the Key Recovery Alliance. David Balenson, Trusted Information Systems Pierre Boucher, Entrust Session Moderator: Martin Roe, UK Post Office 12.30 p.m. - Lunch 13.30 p.m. Session 6 Privacy The afternoon session of day three will consider progress on the controversial Guideline Principle on privacy. Stephanie Perrin, Canadian government, will lead what is expected to be a lively discussion on progress and the way ahead. Stephanie Perrin - Canadian Government Marc Rotenberg - EPIC drs. John J. Borking, Plv. Voorzitter Registratiekamer (NL Data Protection Registrar) 14.45 p.m. - 15.15 p.m. Coffee/tea Francis Aldridge - UK Deputy Data Protection Registrar Simon Davis - Privacy International Ross Anderson - Cambridge University Session Moderator: Stephanie Perrin International Commerce eXchange (ICX) ICX was created in response to the need for a single focal point encompassing all aspects of creating trust in the global information infrastructure. ICX addresses this issue by bringing together large, medium and small business users, suppliers and governments to work for the mutual benefit of all. ICX will create trust by identifying and satisfying legal and regulatory requirements, developing and disseminating business best practices and procedures, pinpointing and promoting appropriate technical standards and controls. Active involvement in ICX activities will contribute to bringing together the wide diversity of knowledge, skills and experience needed to provide practical secure electronic commerce solutions to shared problems. ICX will identify and develop best practices that can be the basis for market driven standards. ICX makes all the advice and solutions it identifies freely available to its members. Details on how you can join ICX can be found at http:/www.icx.org International Cryptography Experiment The International Cryptography Experiment (ICE) is seeking to encourage the provision of international cryptographic solutions capable of meeting global business information security needs. Cryptography is a crucial technology for the provision of information security services within the emerging Global Information Infrastructure (GII). However, many governments are concerned that the extensive and unconstrained availability of strong cryptography may undermine their law enforcement and national security interests. These conflicting pressures have resulted in a wide range of technical and non- technical activities that are seeking to offer solutions that achieve a widely accepted balance between the different interests involved. The ICE an initiative has been running since early 1994 as an informal international alliance of government and industry groups with a common interest in promoting internationally interoperable cryptographic security solutions. More information on ICE is available at: http://www.tis.com/crypto/ice.html. Administrative Contact Point email: gbi2000@icx.org Cost and payment information to follow shortly Accommodation: We have arranged a block booking in the Kurhaus Hotel where the conference takes place for participants of the 1998 Global Business Infrastructure 2000 (GBI 2000) Conference, March 31st - 2nd April 1998. You can book a single room for the special rate of NLG 247.50 per night, including breakfast and tax. Please do not forget to mention the GBI 2000 conference as reference by booking your accommodation. Kurhaus Hotel (NLG 247.50 incl. Breakfast and tax) Gevers Deynootplein 30 2586 CK Den Haag The Netherlands Tel. +31 (0)70 - 4 16 26 36 Fax +31 (0)70 - 4 16 26 46 Other hotels in the surroundings of the Kurhaus: Europa hotel ( NLG 308, 35 incl. Breakfast and tax) Zwolsestraat 2 2587VJ Scheveningen Tel. +31 (0)70 - 3 51 26 51 Fax+31 (0)70 - 3 50 64 73 Carlton Beach Hotel (NLG 290,-- incl. Breakfast and tax) Gevers Deynootweg 201 2508AK Scheveningen Tel. +31 (0)70 - 3 54 14 14 Fax + 31(0)70 - 3 52 00 20 Hotel in the centre of The Hague: Novotel (NLG 240,-- incl. Breakfast and tax) Hofweg 5-7 2511 AA Den Haag Tel. +31 (0)70 - 3 64 88 46 Fax +31 (0)70 - 3 56 28 89 Travel Details Local Airport - Schiphol Amsterdam (International airport with regular flights from around the globe)By taxi: From Schiphol Amsterdam airport a taxi will cost approx. NLG 150. Please do not forget to agree a fixed price in advance. By train: From the airport direct to The Hague CS (Central sattion). This takes approx. 40 minutes. From the Hague CS you can take tram number 1 or 9 to Scheveningen. The tram stop is almost at the end of the kine just in front of the Kurhaus hotel. You can also take a taxi from The Hague CS which will cost approx. NLG 25,-- By car: From Amsterdam you take the A44 via Wassenaar to the Haque or the A4 to the Hague. Arriving in the Hague you follow the signs Scheveningen, following the road Scheveningen Strand (Beach) you will end up at the Gevers Deynootplein where the Kurhaus is located. From jeremy.hilton@jhconsulting.co.uk Tue, 3 Mar 1998 10:23:09 -0000 Date: Tue, 3 Mar 1998 10:23:09 -0000 From: Jeremy Hilton jeremy.hilton@jhconsulting.co.uk Subject: ICX GBI Conference 1998 Global Business Infrastructure 2000 (GBI 2000) Conference Kurhaus Hotel, Scheveningen, The Hague, March 31st - 2nd April 1998 Key components in creating a secure electronic commerce environment are the captured in the OECD principles of International Cooperation, Choice and Market- driven Cryptographic Methods, Privacy, Lawful Access, Liability & Legal Aspects and Standards & Trust.. The 1998 GBI 2000 conference, organized by International Commerce eXchange (ICX), will review progress on the implementation of the OECD Guidelines and continue the dialogue begun last year. ICX is a non profit making forum for businesses by businesses who take part in electronic commerce over any network and who need confidence in its security. 1998 GBI 2000 Programme 1998 GBI 2000 provides six half day briefing sessions and panel discussions. Each session will involve representatives from business users, vendors, governments and international organizations. On the second day of the conference a parallel meeting of the International Cryptography Experiment (ICE) meeting will provide ICE participants with an overview of important technology developments in the provision of international cryptographic solutions capable of meeting global business information security needs. The combination of GBI 2000 and ICE is a unique opportunity to review and contribute to progress on the issues and technologies enabling secure electronic commerce in the next millennium. Tuesday 31st March 8 a.m. Registration 9 a.m. Opening Keynote Speech A senior figure from Shell Services International will explain the importance of secure electronic commerce.. He will present a business perspective on the importance of creating a predictable and secure electronic commerce environment. 9.30 a.m Session 1 International Co-operation The first session on Tuesday morning will focus on progress on the principle of International Co-operation. The audience will be able to judge whether unjustified obstacles to trade are being created. Business Requirements - Ms. Lily Lin; Lecturer in marketing at the International Hotel School, The Hague. Government Response - Deniz Erocal; Business Industry Advisory Committee (BIAC) to the OECD A speaker from the European Commission DG3 10.45 a.m. - 11.15 a.m. Coffee Netherlands Ministry of Economic Affairs Ake Nielson; Marinade and ICC Chris Sundt; ICL and the Confederation of British Industry Session 1 moderator: Ake Nielson, Marinade 12.30 p.m. Lunch 13.30 p.m. Session 2 User Choice and Market Driven Development In the afternoon progress on the principles of User Choice and Market Driven Development of security methods will be reviewed. Representatives from business, vendors and government will give their different assessments. How open are the choices ? How market driven is development? These are some of the major issues which will be reviewed. David Aucsmith; Intel Jan Andersson - Sweden Post 14.45 p.m. - 15.15 p.m. Coffee/tea Dean Adams; The Open Group TBA; Siemens Ag Session 2 Moderator: Adolf Doerig, Revisuisse Price Waterhouse Wednesday 1st April 9 a.m. Keynote - GBI 2000 A senior manager of The UK Post Office, will give a keynote introduction on Wednesday. The Post Office will explain their approach to creating a trusted environment for secure electronic commerce. 9.30 a.m. Session 3 Liability The morning session will review the progress of implementing Liability, coupled with a wider consideration of legal and regulatory aspects. Chris Taper, EEMA, Yves LeRoux, Digital 10. 45 a.m. - 11.15 a.m. Coffee Clare Wardle, UK Post Office Legal Services Hany Elmanawy, Universal Postal Union Session 3 moderator: Chris Taper, ICL 12.30 p.m. - Lunch 13.30 p.m. Session 4 Standardisation and User Trust The afternoon of day three will review progress towards implementing Standardisation and User Trust. Trust In Cryptographic Methods - Ed Roeback; U.S. Department of Commerce Jeremy Hilton, The Post Office Adolf Doerig, Revisuisse Price Waterhouse (Zurich) 14.45 p.m. - 15.15 p.m. Coffee/tea David Lacey, Shell Services International Anton Pronk, NNI TBD, Telecom Italia Session Moderator: Paolo Rossini, Telsy Wednesday 1st April 8. 30 a.m. - 8.35 a.m. ICE Welcome 8. 35 a.m. ICE Keynote International Cryptography Experiment - Past, Present, and Future Stephen Walker, President and CEO, Trusted Information Systems The founder of ICE, Steve Walker, Trusted Information Systems, will start the day with a presentation on the motivation, history, and principles of the ICE initiative. The ICE meeting will continue with a series of technical sessions covering ICE, government initiatives, cryptographic technologies, and industry perspectives. Technical topics will include "plug-in" cryptography, cryptographic security architectures, and cryptographic APIs, as well as public key infrastructures, certification authorities, trusted third parties, key recovery systems, encryption systems, key management schemes, cryptographic algorithms, accreditation and certification, and export regulatory matters. A number of major vendors will also provide exhibits and displays. 9 a.m. ICE Session One - Government Initiatives DARPA ICE Project Overview and Layered Cryptographic Architectures Mr. David M. Balenson, ICE Project Leader, Trusted Information Systems US Crypto Standards Update Mr. Edward Roback, US National Institute of Standards and Technology (NIST) MoD SOS TDP Update (Invited) Lt. Col. Colin Whittaker, UK MOD 10.45 a.m. - 11.15 a.m. Coffee/tea 11.15 a.m. Session Two - Panel - KRISIS & EuroTrust Initiatives Mr. Helmut Kurt, IABG Mr. Alan Liddle, Trusted Information Systems Mr. Paddy Holahan, Baltimore Technologies 12.30 p.m. - Lunch Session Three - Cryptographic Technologies Intel Common Data Security Architecture (CDSA) Mr. David Aucsmith, Security Architect, Intel Framework for Interoperability of Key Recovery Systems Mr. Bob Frith, President, Key Recovery Alliance (KRA) Mr. David Balenson, KRA Protocol Team Practical Public Key Infrastructure Mr. Pierre Boucher, Director of Government Programs, Entrust 14.45 p.m. - 15.15 p.m. Coffee/tea 15.15 p.m. Session Four - Industry Perspectives Cryptographic Development Activities Mr. Paddy Holahan, Business Development Manager, Baltimore Technologies Cryptographic Systems in Europe: A Manufacturer's Perspective Mr. Paolo Rossini, Business Development Manager, Telsy Implementing Cryptography ... in Practice Prof. Henry Beker, Chairman and Chief Executive, Zergo Limited Internationalized Cryptography for Developers Dr. Roger Schell, Senior Development Manager, Novell (TBD) Mr. Frank Jorinssen, Utimaco Belgium nv (TBD) Mr. Steve Mathews, PC Security Ltd. (TBD) (Invited) Mr. Jim Schindler, Hewlett Packard 17.00 p.m. Adjourn Thursday 2nd April - GBI 2000 9 a.m. Keynote - Trusted Third Party Requirements Keynote Speaker (Henk de Vries, Netherlands Ministry of Transport & Public Works) will be the keynote speaker on Thursday morning. This will provide a Dutch government view on how a predictable and secure environment for electronic commerce can be created, based on stated Trusted Third Party requirements. 9.30 a.m. Session 5 Lawful Access The morning session promises to be lively with a discussion on progress implementing the principle of Lawful Access to encrypted confidential data. Business Requirements - Nick Mansfield, Shell Services International. UK Government Policy - Nigel Hickson, UK Department of Trade and Industry. 10. 45 a.m. - 11.15 a.m. Coffee Business solutions to the recovery of keys: Interoperability Framework - Bob Frith, Motorola and President of the Key Recovery Alliance. David Balenson, Trusted Information Systems Pierre Boucher, Entrust Session Moderator: Martin Roe, UK Post Office 12.30 p.m. - Lunch 13.30 p.m. Session 6 Privacy The afternoon session of day three will consider progress on the controversial Guideline Principle on privacy. Stephanie Perrin, Canadian government, will lead what is expected to be a lively discussion on progress and the way ahead. Stephanie Perrin - Canadian Government Marc Rotenberg - EPIC drs. John J. Borking, Plv. Voorzitter Registratiekamer (NL Data Protection Registrar) 14.45 p.m. - 15.15 p.m. Coffee/tea Francis Aldridge - UK Deputy Data Protection Registrar Simon Davis - Privacy International Ross Anderson - Cambridge University Session Moderator: Stephanie Perrin International Commerce eXchange (ICX) ICX was created in response to the need for a single focal point encompassing all aspects of creating trust in the global information infrastructure. ICX addresses this issue by bringing together large, medium and small business users, suppliers and governments to work for the mutual benefit of all. ICX will create trust by identifying and satisfying legal and regulatory requirements, developing and disseminating business best practices and procedures, pinpointing and promoting appropriate technical standards and controls. Active involvement in ICX activities will contribute to bringing together the wide diversity of knowledge, skills and experience needed to provide practical secure electronic commerce solutions to shared problems. ICX will identify and develop best practices that can be the basis for market driven standards. ICX makes all the advice and solutions it identifies freely available to its members. Details on how you can join ICX can be found at http:/www.icx.org International Cryptography Experiment The International Cryptography Experiment (ICE) is seeking to encourage the provision of international cryptographic solutions capable of meeting global business information security needs. Cryptography is a crucial technology for the provision of information security services within the emerging Global Information Infrastructure (GII). However, many governments are concerned that the extensive and unconstrained availability of strong cryptography may undermine their law enforcement and national security interests. These conflicting pressures have resulted in a wide range of technical and non- technical activities that are seeking to offer solutions that achieve a widely accepted balance between the different interests involved. The ICE an initiative has been running since early 1994 as an informal international alliance of government and industry groups with a common interest in promoting internationally interoperable cryptographic security solutions. More information on ICE is available at: http://www.tis.com/crypto/ice.html. Administrative Contact Point email: gbi2000@icx.org Cost and payment information to follow shortly Accommodation: We have arranged a block booking in the Kurhaus Hotel where the conference takes place for participants of the 1998 Global Business Infrastructure 2000 (GBI 2000) Conference, March 31st - 2nd April 1998. You can book a single room for the special rate of NLG 247.50 per night, including breakfast and tax. Please do not forget to mention the GBI 2000 conference as reference by booking your accommodation. Kurhaus Hotel (NLG 247.50 incl. Breakfast and tax) Gevers Deynootplein 30 2586 CK Den Haag The Netherlands Tel. +31 (0)70 - 4 16 26 36 Fax +31 (0)70 - 4 16 26 46 Other hotels in the surroundings of the Kurhaus: Europa hotel ( NLG 308, 35 incl. Breakfast and tax) Zwolsestraat 2 2587VJ Scheveningen Tel. +31 (0)70 - 3 51 26 51 Fax+31 (0)70 - 3 50 64 73 Carlton Beach Hotel (NLG 290,-- incl. Breakfast and tax) Gevers Deynootweg 201 2508AK Scheveningen Tel. +31 (0)70 - 3 54 14 14 Fax + 31(0)70 - 3 52 00 20 Hotel in the centre of The Hague: Novotel (NLG 240,-- incl. Breakfast and tax) Hofweg 5-7 2511 AA Den Haag Tel. +31 (0)70 - 3 64 88 46 Fax +31 (0)70 - 3 56 28 89 Travel Details Local Airport - Schiphol Amsterdam (International airport with regular flights from around the globe)By taxi: From Schiphol Amsterdam airport a taxi will cost approx. NLG 150. Please do not forget to agree a fixed price in advance. By train: From the airport direct to The Hague CS (Central sattion). This takes approx. 40 minutes. From the Hague CS you can take tram number 1 or 9 to Scheveningen. The tram stop is almost at the end of the kine just in front of the Kurhaus hotel. You can also take a taxi from The Hague CS which will cost approx. NLG 25,-- By car: From Amsterdam you take the A44 via Wassenaar to the Haque or the A4 to the Hague. Arriving in the Hague you follow the signs Scheveningen, following the road Scheveningen Strand (Beach) you will end up at the Gevers Deynootplein where the Kurhaus is located. From lawya@lucs-01.novell.leeds.ac.uk Tue, 3 Mar 1998 11:38:26 GMT0BST Date: Tue, 3 Mar 1998 11:38:26 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: A press release on RATING SYSTEMS & the IWF This is not about crypto but because it has been mentioned yesterday I think some of you might be interested and this is all about todays's DTI meeting. Apologies for sending it. Yaman Cyber-Rights & Cyber-Liberties (UK) For Immediate Release, March 03, 1998 Internet Watch Foundation launches a consultation paper on "Rating and Filtering Internet Content - A United Kingdom Perspective" LEEDS - Today the Internet Watch Foundation, a self-regulatory body supported by the UK government announced its consultation paper for the development of rating systems at a national level. According to an IWF press release, rating systems would "meet parents' concerns about Internet content that is unsuitable for children." Although the consultation document refers to national perspectives, the Internet Watch Foundation is planning to develop the rating systems together with its international partners at a global level under the INCORE project. Following the launch of the Cyber-Rights & Cyber-Liberties (UK) report, "Who Watches the Watchmen: Internet Content Rating Systems, and Privatised Censorship," which was critical of the development of rating systems by the IWF in November 1997, the representatives of both Cyber-Rights & Cyber-Liberties (UK) and the Internet Watch Foundation had two meetings concerning the development of rating systems (one in December 97, the second one in January 98). Yaman Akdeniz head of the CR&CL (UK) stated that: "The purpose of our report was to raise public awareness which we succeeded in doing. But we wanted to take the IWF initiatives one step back. The real question to be put to the UK public should be - whether the rating systems should be developed at all rather than how to do them (as suggested by the current proposals)." Yaman Akdeniz also stated that: "With rating systems and the moral panic behind the Internet content, the Internet could be transformed into a `family friendly' medium, not more adventurous than the likes of the BBC. But it should be remembered that the Internet is not as intrusive as the TV and users seldom encounter illegal content such as child pornography." Cyber-Rights & Cyber-Liberties (UK) will have a new section dealing with the IWF consultation process in which online users views on the IWF consultation document will be published. There will also be a reply by the IWF to the Who Watches the Watchmen Report and we are hoping to engage the concerned citizens with this important debate. Notes for the Media: Cyber-Rights & Cyber-Liberties (UK) press release is available at http://www.leeds.ac.uk/law/pgs/yaman/watch-iwf.html Internet Watch Foundation consultation document - "Rating and Filtering Internet Content - A United Kingdom Perspective," is available at http://www.internetwatch.org.uk/rating.html. A press release on this document is available at http://www.internetwatch.org.uk/p030398.html. Comments on the IWF consultation document should be sent to report@iwf.org.uk with a subject line "Rating Report Comment." If you send a copy of your comments to Cyber-Rights & Cyber-Liberties (UK), we will publish them online under a separate section - Replies to the IWF. Cyber-Rights & Cyber-Liberties (UK) Report, `Who Watches the Watchmen: Internet Content Rating Systems, and Privatised Censorship,' which was launched in November 1997, is available at http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm. Cyber-Rights & Cyber-Liberties (UK) has a section dealing with the regulation of child pornography on the Internet. It includes information about all UK cases involving child pornography. See Akdeniz, Yaman "Governance of Pornography and Child Pornography on the Global Internet: A Multi-Layered Approach," in Edwards, L and Waelde, C eds, Law and the Internet: Regulating Cyberspace, Hart Publishing, 1997, pp 223-241. See Cyber-Rights & Cyber-Liberties (UK) Mr Yaman Akdeniz Address: Centre For Criminal Justice Studies, University of Leeds, LS2 9JT. Direct Telephone: 0498-865116, dial (44)498 865116 if you are abroad. Fax: 0113- 2335056 E-mail: lawya@leeds.ac.uk Url: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Cyber-Rights & Cyber-Liberties (UK) is a non-profit civil liberties organisation founded on January 10, 1997. Its main purpose is to promote free speech and privacy on the Internet and raise public awareness of these important issues. The Web pages have been online since July 1996. Cyber-Rights & Cyber-Liberties (UK) started to become involved with national Internet-related civil liberties issues following the release of the DTI white paper on encryption in June 1996 and the Metropolitan Police action to censor around 130 newsgroups in August 1996. Cyber-Rights & Cyber-Liberties (UK) recently criticised the attempts of the Nottinghamshire County Council to suppress the availability of the JET Report on the Internet. Cyber-Rights & Cyber-Liberties (UK) covers such important issues as the regulation of child pornography on the Internet and UK Government's encryption policy. The organisation provides up-to-date information related to free speech and privacy on the Internet. Cyber-Rights & Cyber-Liberties (UK) is a member of various action groups on the Internet and also a member of the Global Internet Liberty Campaign (see ) which has over 30 member organisations world wide. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lawya@lucs-01.novell.leeds.ac.uk Tue, 3 Mar 1998 12:08:00 GMT0BST Date: Tue, 3 Mar 1998 12:08:00 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: EU Crypto Free Trade Area Dear Nigel, > With respect to "export controls" the intra-EU controls fall under > Export of Good Regulation which is a Community Instrument. This has > an Annex (4 I think) with a list of those products which are > excluded from "free" intra-eU trade. Crypto is one of the > categories. The Commission have noted they intend to revisit the > latter this year. The following is from a piece that I have written last year before the consultation paper was announced. The full reference for the paper is below. UK Export Controls The use of cryptographic software transmitted internationally may be restricted by export regulations in the UK as in the US. The Export of Goods (Control) Order 1994 as amended by The Dual-Use and Related Goods (Export Control) Regulations 1995 (Customs and Excise, No. 271, 1995) apply to the exportation of cryptographic software from the UK. The definition of cryptographic software is included in the Schedule 2, 5D2 of the Dual-Use and Related Goods (Export Control) Regulations 1995 and the export of this kind of regulated information requires an export licence from the Department of Trade and Industry (section 9). Failure to comply with the licence conditions may result in a maximum of two years of imprisonment (Section 8). The DTI White Paper states that export controls will remain in place for encryption products and for digital encryption algorithms (White Paper 1996, para 15). The Government however states that it will take steps to simplify export controls within the European Union with respect to encryption products which are of use with licensed TTPs. Although this sounds like a good initiative, it only includes products which are of use with licensed TTPs. This means that other encryption tools which are not approved by the TTPs will still be subject to stricter export regulations. UK Government Policy on Encryption - 1997 Web Journal of Current Legal Issues 1 at http://www.ncl.ac.uk/~nlawwww/1997/issue1/akdeniz1.html Any comments ? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cacib@liberty.org.uk Tue, 3 Mar 1998 17:13:40 +0100 Date: Tue, 3 Mar 1998 17:13:40 +0100 From: Campaign Against Censorship of the Internet cacib@liberty.org.uk Subject: DTI review of Internet Watch NOT CRYPTO This press release describes the DTI press conference today which announced a review of Internet Watch Foundation. But for the DTI/Barbara Roche connection it's off-topic here - sorry if you don't want it; I'll shut up now. Malcolm. ================================================= Date: 3rd March 1998 Press Release: For Immediate Release MINISTER CONSIDERS CONTROLS ON "LEGAL BUT HARMFUL" INTERNET PUBLICATIONS LONDON: DTI Minister Barbara Roche today announced a review to consider controlling Internet publications that contain legal adult erotica or racism. Speaking at a conference to report on the first year of operation of the Internet Watch Foundation she said that said the review would expand the organisation's remit. "The government is not complacent about legal but harmful material" she said. The review would set future goals and priorities which would include strategies to combat: * Adult pornography * Breach of copyright * Racism and * "ways to protect Internet users from legal but harmful material" MINISTERS WELCOME PROSECUTIONS BUT SIGNAL PRIOR RESTRAINT Internet Watch produced a report of its first year of operations which was praised by Ministers. Internet Watch runs a hotline for the reporting of child pornography on the Internet, which it then seeks to have removed. As a result, several prosecutions have occurred in the UK despite most such material originating abroad. Home Office Minister Lord Williams had a different viewpoint: "Of course, every prosecution is in a sense a failure of regulation" Campaign Against Censorship of the Internet in Britain spokesman Malcolm Hutty saw this as a threatening position to take. "The only thing Lord Williams could want that didn't depend on prosecutions is a system of prior restraint. This is a serious threat to implement a censorship infrastructure." CONTENT RATING AND FILTERING UNVEILED David Kerr, CEO of Internet Watch, announced proposals for a content rating and filtering system. Such systems are usually employed by individual users to prevent children using their computer from seeing pornographic images. Mr Kerr said "this system would not prevent adults from seeing legal material". However when Barbara Roche was invited to endorse such a requirement to allow adults unrestricted access to legal material she refused. "What is important is ensuring parents can control their childrens' Internet use. That I am committed to." she replied. Ms Roche also refused to exempt any legal material from the review on the grounds of free speech. "I would not want to prejudge the review" she said. With such an open remit it is likely that civil servants will suggest sweeping restrictions. DTI sources said that content rating and filtering mechanisms would probably form a key part of any proposals to regulate "legal but harmful" material. Campaign spokesman Malcolm Hutty commented: "This conference has three important parts: * A planned huge expansion of Internet Watch's role as a censor - from focusing almost exlusively on child pornography to possibly regulating everything the Minister deems harmful * Development of ratings and filtering systems. Despite the appearance of a system which aids parental choice these could be abused by governments to enforce a censorship regieme. * Lord William's apparent appetite for prior restraint systems. This could combine with the ratings proposals into a vehicle for totalitarian censorship, with Internet Watch as the censor. Anyone interested in protecting freedom of speech on the Internet should write to the DTI and say that we don't want IWF as a censor, we don't want government-sponsored content rating schemes and we certainly don't want any regulation of legal material." ENDS ======================== Notes to Editors Campaign Against Censorship of the Internet in Britain Web: http://www.liberty.org.uk/cacib/ E-mail: cacib@liberty.org.uk Phone: 0171 589 4500 ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib From stephen.doogan@strath.ac.uk Tue, 03 Mar 1998 21:50:10 -0000 Date: Tue, 03 Mar 1998 21:50:10 -0000 From: Stephen Doogan stephen.doogan@strath.ac.uk Subject: EU Crypto Free Trade Area >Although this sounds like a good initiative, it only includes products >which are of use with licensed TTPs. This means that other encryption >tools which are not approved by the TTPs will still be subject to >stricter export regulations. That was my reading of it too Yaman, but I wasn't sure enough of my sources thanks Stephen From Bodo_Moeller@public.uni-hamburg.de Wed, 4 Mar 98 00:13 GMT+0100 Date: Wed, 4 Mar 98 00:13 GMT+0100 From: Bodo Moeller Bodo_Moeller@public.uni-hamburg.de Subject: Management of signature keys for government Brian Gladman : > Dave Howe : >> I don't know why, but I seem completely unable to see why >> users can't generate their own keys for use in smart cards, >> using their own trusted software, and uplink their own trusted >> copy of the key to the smartcard. > One issue in the self generation of keys is how to prevent a user > repudiating their own key by revealing its private component. If DSA or the ElGamal signature algorithm in a prime-order subgroup of (Z/pZ)* is employed, then there is no need to argue who should generate the signing key. Assume that parameters p, q, and g (with the usual meaning of those letters) have already been determined, e.g. by using the parameter generation algorithm from FIPS 186 with seeds provided by customer Carol. Then the following scheme could be employed: (All computations are understood to be in the appropriate groups; i.e., those computations where g appears are "mod p" and the others are "mod q".) When Carol obtains her card, it already has a "temporary key" y = g^x provided by the issuer of the card. Of course, the card issuer is expected to use high quality randomness, not to store x etc. Carol can read out y, but the card will not reveal the secret exponent x. Now Carol creates a random number z and sends it to the card. The card computes and stores a new private key X := x*z and a new public key Y := g^X (= g^(x*z) = y^z). The card may then delete x and y. Y (together with p, q, g) is Carol's public key. She computes it as y^z and can thus verify that the smartcard really used her random number z. If at least one party -- the card issuer or Carol -- used a good random number generator (for x or z, respectively), then the new private key X is also a good random number. Specifically, if the card issuer tries to cheat, but Carol uses a good randomness source, then her key is okay. The other way around, if the card issuer is fair and uses good random numbers, then deficiencies of Carol's random number generator do not hurt. For Carol, finding out X is as hard as it is in the case where key generation is entirely the card issuer's job. (Of course, both parties should check the plausibility of parameters provided by the other one: p and q are really prime and have the correct length [and were created using the FIPS 186 algorithm with the correct seed]; q divides p-1; g, y and Y are generators of the order q subgroup of (Z/pZ)*.) This is the scheme from G.J. Simmons' paper at the 1993 IEEE Computer Security Workshop. There, it is used during signing in order to thwart subliminal channels; i.e., two parties contribute to an ephemeral value k rather than to the private key X as in our application. Here, it should probably be used for both purposes (so that Carol's card can't leak her private key in the r (= g^k) components of her signatures). Bodo M"oller From roger@police.tas.gov.au Wed, 4 Mar 1998 14:59:58 +1100 Date: Wed, 4 Mar 1998 14:59:58 +1100 From: Roger Fleming roger@police.tas.gov.au Subject: Management of signature keys for government Brian Gladman wrote: [...] >One issue in the self generation of keys is how to prevent a user >repudiating their own key by revealing its private component. [...] >There are a number of ways in which a user could be prevented (or >at least >deterred) from revealing their own key but it is not clear (to me >at least) >whether any of these are practical in the real world. In view of the recent discussion about what type of signatures are acceptable in the real world, I wonder if this isn't too stringent a requirement for the system. After all, today you cannot repudiate a paper-signed contract by claiming that you signed a quantity of blank pages and left them lying about. It is _your_ responsibility to protect your signature. Essentially, if the user has some means of revoking the key pair even after losing it, and their genuinely is no practical way for a third party to steal his private keys, I don't see the problem with just regarding all pre-revocation signatures as binding. From gladman@seven77.demon.co.uk Wed, 4 Mar 1998 06:49:03 -0000 Date: Wed, 4 Mar 1998 06:49:03 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Identity Cards - 18 Months Late I have been asked several times recently what my views are on the desirability of personal digital identity cards and this has prompted me to try and understand some of the issues involved. As a consequence I have entered into a number of exchanges on this list and a few via direct email. In one such exchange earlier today Ross pointed out (by Ross's standards it was sort of tactful, I think :-) ) that I must have been asleep for the past 18 months so I do apologise for being late on this particular scene. I have looked in some detail at the published responses provided by CITU, and also at the results of the survey of views conducted by Elizabeth France, the Data Protection Registrar. However, I would like to know more about the views of the Internet aware community represented here. To see how people here feel about the issue I have put up a draft web survey form on my Home Page at : http://www.seven77.demon.co.uk/idc_svy.htm Before I actually run the survey I would be interested to have any views on additions, deletions or changes to the questions that I have put together. I hope to collect these views and make changes over the next week or so, with the intention of activating the survey itself in about 10 days time. If it gains sufficient interest I will publish the results to this list. Do let me know (via direct email to avoid cluttering the list) if you have any ideas for improvements to the survey before I enable it. Brian From hopwood@zetnet.co.uk Wed, 4 Mar 1998 08:11:40 GMT Date: Wed, 4 Mar 1998 08:11:40 GMT From: David Hopwood hopwood@zetnet.co.uk Subject: Management of signature keys for government -----BEGIN PGP SIGNED MESSAGE----- In message Richard Watts wrote: > On Sun 1 March 1998, Markus Kuhn > wrote: > >Brian Gladman wrote on 1998-03-01 13:35 UTC: > >> Markus Kuhn wrote: > >> >I hope this makes clear that in-card key generation does not > >> >make it unnecessary to include the personalization facilities into > >> >the trusted computing base. > [snip] > >You have to realize that these tamper-resistance feature work *against* > >you in an in-module signature key generation scheme: If the device that > >generates your key is ultra-tamper-resistant, then you have no way of > >ensuring that the algorithms applied are sound, most notably that the > >key generator has not been tampered with. > True, but this holds for everything, not just key generation: > if you're going to trust your card not to leak key material, why not > trust it to generate your key for you ? (wrt. malice, anyway: > carelessness is another matter). One approach is to design the protocols so that both the smartcard, and the software on the PC/NC/whatever would need to be compromised. For example, suppose the requirement is for a secure login protocol, where the user must possess three factors to log in: their passphrase, a smartcard, and a private key stored on a PC. One way of implementing this is to do a three-way key exchange between the smartcard, PC, and host, treating them as mutually untrusting parties (i.e. with three independent key pairs). The passphrase can be used to protect either the PC's private key, or (if it has a keypad) the smartcard's private key. The three-way Diffie-Hellman protocol described in Applied Cryptography section 22.1 can be used as a starting point for this. (That protocol won't do as it stands, since it doesn't protect against man-in-the- middle attacks, and the PC is a man-in-the-middle between the smartcard and the host. However, it can fairly easily be modified to fix that.) Of course, this doesn't prevent the PC's software from being modified to leak the plaintext, but it does make sure that even in that case, the smartcard must be present. If the smartcard is untrustworthy, it can only leak its own key, not the one stored on the PC. - -- David Hopwood PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc Key fingerprint = 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Key type/length = RSA 2048-bit (always check this as well as the fingerprint) -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBNPyOyTkCAxeYt5gVAQGnWAf/dE2OZbR7od2LvSHG7VLt+dOPF8fO4tn/ i/t2hPTBqApwpyOIPMGkeXcXPptGuMkeOw6TFA02QNmvrGvpy7QAKGWCPAlPTjHK r0cmwjC+/aCYVToj9iHtTFpT/WtR8fDC/sP9Yrq3pPwFxY8Mnx0KW3CQ10i10vNy /E29K6U5J78ksfk5XivhiQZX1U+KAeOBMYeynm6inN5nVLZM9pageWUwKtEktTpK gUjFOIUa+TTuyAMozsIsiGeFctefBqHxHf4evT8LhVbPpNgdcCtXsO0LmPFWJtnd wiiVhkG2N/PGUEOiBAuhurNYQcmyzVc1zgfEBq0Ad6ZnJzfbW0H5fw== =OHGh -----END PGP SIGNATURE----- From nbohm@ernest.net Wed, 04 Mar 1998 09:13:28 +0000 Date: Wed, 04 Mar 1998 09:13:28 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Management of signature keys for government At 14:59 4/03/98 +1100, Roger Fleming wrote: > >Brian Gladman wrote: > >[...] >>One issue in the self generation of keys is how to prevent a user >>repudiating their own key by revealing its private component. >[...] >>There are a number of ways in which a user could be prevented (or >>at least >>deterred) from revealing their own key but it is not clear (to me >>at least) >>whether any of these are practical in the real world. > >In view of the recent discussion about what type of signatures are >acceptable in the real world, I wonder if this isn't too stringent a >requirement for the system. After all, today you cannot repudiate a >paper-signed contract by claiming that you signed a quantity of >blank pages and left them lying about. It is _your_ responsibility >to protect your signature. Essentially, if the user has some means >of revoking the key pair even after losing it, and their genuinely is >no practical way for a third party to steal his private keys, I don't >see the problem with just regarding all pre-revocation signatures >as binding. This emphasises the usefulness of a secure time-stamping service as a way of providing evidence of the times of signature of the contract and the delivery of the revocation (although such a service is not the only way of proving these things). Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From I.Brown@cs.ucl.ac.uk Wed, 04 Mar 1998 09:28:13 +0000 Date: Wed, 04 Mar 1998 09:28:13 +0000 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: Management of signature keys for government > today you cannot repudiate a > paper-signed contract by claiming that you signed a quantity of > blank pages and left them lying about. It is _your_ responsibility > to protect your signature. I don't think the blank cheques is the right analogy. If you could digitally sign an equivalent -- "I am stupid enough to authorise any transaction in this file but not included in the signed data" -- you would have to be very careful about who you gave this file to, but it wouldn't be the same as being careful with your signature. It's easy to lay liability on people for digital signatures. How would a court view, say, signatures made by people who had bought faulty smartcards that leaked their private key (GCHQ Ltd.) or used a very bad random number generator when generating it (DTI Ltd.)? Or someone who claimed "I didn't realise I had to keep that secring.pgp file and my passphrase a secret. I really don't understand computers, Your Honour." Ian ;) From gladman@seven77.demon.co.uk Wed, 4 Mar 1998 08:33:10 -0000 Date: Wed, 4 Mar 1998 08:33:10 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government -----Original Message----- From: Roger Fleming To: 'ukcrypto@maillist.ox.ac.uk' Date: 04 March 1998 04:01 Subject: Re: Management of signature keys for government > >Brian Gladman wrote: > >[...] >>One issue in the self generation of keys is how to prevent a user >>repudiating their own key by revealing its private component. >[...] >>There are a number of ways in which a user could be prevented (or >>at least >>deterred) from revealing their own key but it is not clear (to me >>at least) >>whether any of these are practical in the real world. > >In view of the recent discussion about what type of signatures are >acceptable in the real world, I wonder if this isn't too stringent a >requirement for the system. After all, today you cannot repudiate a >paper-signed contract by claiming that you signed a quantity of >blank pages and left them lying about. It is _your_ responsibility >to protect your signature. Essentially, if the user has some means >of revoking the key pair even after losing it, and their genuinely is >no practical way for a third party to steal his private keys, I don't >see the problem with just regarding all pre-revocation signatures >as binding. > For me this depends on the assurance that I have that my signature key is properly protected. If the secret component of my signature key is downloaded onto the card rather than generated on it under my control, then this component can in principle be replicated by someone else. While this possibility exists I cannot see how it is possible to distinguish between a situation in which I leak the key and one in which someone else leaks the key. I would agree that, if the only possible source of a key compromise is me, then it makes sense to make me liable. I see this as a very good reason for having on card key generation since, with appropriate assurance measures, this gives a high level of confidence that the secret key component only ever exists in one place and also that no-one, not even the owner, knows its value. Brian From gladman@seven77.demon.co.uk Wed, 4 Mar 1998 08:37:16 -0000 Date: Wed, 4 Mar 1998 08:37:16 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Management of signature keys for government Thanks, Bodo, for this idea - I had wondered whether there might be this sort of approach but I had not worked the idea through. When I have a moment I will think about the scheme you have suggested since we need some mechanism of this kind if these things are going to be seen as trustworthy. Thanks again. Brian -----Original Message----- From: Bodo Moeller To: ukcrypto@maillist.ox.ac.uk Date: 04 March 1998 00:30 Subject: Re: Management of signature keys for government >Brian Gladman : >> Dave Howe : > >>> I don't know why, but I seem completely unable to see why >>> users can't generate their own keys for use in smart cards, >>> using their own trusted software, and uplink their own trusted >>> copy of the key to the smartcard. > >> One issue in the self generation of keys is how to prevent a user >> repudiating their own key by revealing its private component. > >If DSA or the ElGamal signature algorithm in a prime-order subgroup >of (Z/pZ)* is employed, then there is no need to argue who should >generate the signing key. > >Assume that parameters p, q, and g (with the usual meaning of >those letters) have already been determined, e.g. by using the >parameter generation algorithm from FIPS 186 with seeds provided by >customer Carol. Then the following scheme could be employed: > >(All computations are understood to be in the appropriate groups; >i.e., those computations where g appears are "mod p" and the >others are "mod q".) > When Carol obtains her card, it already has a "temporary key" >y = g^x provided by the issuer of the card. Of course, the card >issuer is expected to use high quality randomness, not to store x >etc. Carol can read out y, but the card will not reveal the secret >exponent x. Now Carol creates a random number z and sends it to >the card. The card computes and stores a new private key > X := x*z >and a new public key > Y := g^X (= g^(x*z) = y^z). >The card may then delete x and y. > >Y (together with p, q, g) is Carol's public key. She computes it >as y^z and can thus verify that the smartcard really used her random >number z. > >If at least one party -- the card issuer or Carol -- used a good random >number generator (for x or z, respectively), then the new private >key X is also a good random number. Specifically, if the card >issuer tries to cheat, but Carol uses a good randomness source, then >her key is okay. The other way around, if the card issuer is fair and >uses good random numbers, then deficiencies of Carol's random number >generator do not hurt. For Carol, finding out X is as hard as it is >in the case where key generation is entirely the card issuer's job. >(Of course, both parties should check the plausibility of parameters >provided by the other one: p and q are really prime and have the >correct length [and were created using the FIPS 186 algorithm with the >correct seed]; q divides p-1; g, y and Y are generators of the >order q subgroup of (Z/pZ)*.) > > >This is the scheme from G.J. Simmons' paper at the 1993 IEEE Computer >Security Workshop. There, it is used during signing in order to >thwart subliminal channels; i.e., two parties contribute to an >ephemeral value k rather than to the private key X as in our >application. Here, it should probably be used for both purposes (so >that Carol's card can't leak her private key in the r (= g^k) >components of her signatures). > >Bodo M"oller > > From stephen.doogan@strath.ac.uk Tue, 03 Mar 1998 21:50:10 -0000 Date: Tue, 03 Mar 1998 21:50:10 -0000 From: Stephen Doogan stephen.doogan@strath.ac.uk Subject: EU Crypto Free Trade Area >Although this sounds like a good initiative, it only includes products >which are of use with licensed TTPs. This means that other encryption >tools which are not approved by the TTPs will still be subject to >stricter export regulations. That was my reading of it too Yaman, but I wasn't sure enough of my sources thanks Stephen From pleyland@microsoft.com Wed, 4 Mar 1998 03:29:13 -0800 Date: Wed, 4 Mar 1998 03:29:13 -0800 From: Paul Leyland pleyland@microsoft.com Subject: Management of signature keys for government > This emphasises the usefulness of a secure time-stamping service as a way > of providing evidence of the times of signature of the contract and the > delivery of the revocation (although such a service is not the only way of > proving these things). There are those who would disgree strongly and as a matter of principle, They point out that it is very difficult, if not impossible in principle, to get differing observers to agree on the time of an event. Just as in relativity, the concept of simultaneity is very slippery when considering networked systems (and especially so for off-line systems). The best one can often do (again as in relativity) is establish a causal relationship between two events and one is forced to regard acausal events as occuring in either order or simultaneously depending on which observer's opinion is requested. The SPKI crowd have debated this point at great length. It is for reasons such as these that SPKI certificates have explicit expiry dates, use only local names, and so on. The full story is far too long for me to go into here. What the time-stamping service really does, according to this picture, is not to provide evidence of the *time* of an event, but to establish a causal relationship between certain events. Paul From Bodo_Moeller@public.uni-hamburg.de Wed, 4 Mar 1998 12:41:39 +0100 Date: Wed, 4 Mar 1998 12:41:39 +0100 From: Bodo Moeller Bodo_Moeller@public.uni-hamburg.de Subject: Management of signature keys for government Bodo Moeller: > Brian Gladman : >> Dave Howe : >>> I don't know why, but I seem completely unable to see why >>> users can't generate their own keys for use in smart cards, >>> using their own trusted software, and uplink their own trusted >>> copy of the key to the smartcard. >> One issue in the self generation of keys is how to prevent a user >> repudiating their own key by revealing its private component. > If DSA or the ElGamal signature algorithm in a prime-order subgroup > of (Z/pZ)* is employed, [...] > the following scheme could be employed: [...] > When Carol obtains her card, it already has a "temporary key" > y = g^x provided by the issuer of the card. Of course, the card > issuer is expected to use high quality randomness, not to store x > etc. Carol can read out y, but the card will not reveal the secret > exponent x. Now Carol creates a random number z and sends it to > the card. The card computes and stores a new private key > X := x*z > and a new public key > Y := g^X (= g^(x*z) = y^z). > The card may then delete x and y. [...] > If at least one party -- the card issuer or Carol -- used a good random > number generator (for x or z, respectively), then the new private > key X is also a good random number. This statement is not true. Carol can choose her random number z depending on the key y presented by the card. I think this does not help her to find out X later, but unfortunately I do not have a proof for that. Also I forgot an important step: The smartcard has to sign (a hash of) the new public key Y using its original private key x. Carol has to present this signature to the card issuer in order to get her key certificate. Otherwise she could ignore the key generation process described above and simply create a key (x', y') of her own (without using her smartcard), which contradicts our goal of preventing (as far as possible, depending on the effectiveness of the card's tamper resistance) the user from revealing their private key. Bodo M"oller From richard@turnpike.com Wed, 4 Mar 1998 18:19:18 +0000 Date: Wed, 4 Mar 1998 18:19:18 +0000 From: Richard Clayton richard@turnpike.com Subject: Demon Internet's opinion Following on from the pre-Xmas suggestion of trying to get as many of the DTI consultation paper submissions published on the web as possible (to forestall any suggestion that "industry" is "in favour" of the "TTP with compulsory key escrow" proposals) Demon Internet's submission is now on the web... As I recall, there were about 450 submissions, so Ian Brown's list http://www.cs.ucl.ac.uk/staff/I.Brown/dt-responses.htm is about 420 short :-( perhaps some people on this list haven't told him suitable details ? Anyway... the URL of the "news" item (which then links to the submission itself) is: http://www.demon.net/news/features/crypto/ ------- extract from the web page, after a scene-setting intro ------ At the time, Demon Internet made a lengthy submission to the DTI. In this submission Demon saw that TTPs might have a "useful role" to play in facilitating secure electronic commerce, but the bulk of the comments made were to reject the proposal for key escrow. Demon argued that it would damage confidence in the TTPs the security of the TTPs would always be suspect the cost of attempting to provide that security would have to be paid by the users of the TTP. Further objections to the proposals in the DTI consultation paper related to the proposal that unlicensed TTPs would become illegal, which would prevent Demon offering future services to their customers. There were also specific worries about the nature of the "strict liability" which TTPs would have. The consultation period ended in May 1997, and since then the DTI have been considering the response, and will doubtless have been trying to square their proposals with the Labour Party position which, in opposition, rejected the notion of key escrow. The DTI's summary of the comments received and their proposed way forward were originally expected in October 1997 and are now expected this Spring. To allow Demon's customers and others to weigh the fairness of the DTI summary, and the good sense of any new proposals, Demon are now making their comments public for the first time. ---- end extract ---- I doubt that readers of this list will be surprised by anything in the submission (or the associated overview of the subject billed as my personal view - which will evoke a sense of deja vu in those who have visited www.happyday.demon.co.uk). However, it should raise the profile and fill in the background of the subject at an opportune time with this year's DTI proposals imminent. This item will be linked from Demon's front page (www.demon.net) for a couple of weeks which means (statistically) that about half of Demon's 165000 users will see the link, and with luck a fair few will at least take a quick look to see what may be going on... Any journalists who wish to discuss Demon's corporate views should be talking to James Gardiner (0181 371 3711) pr@demon.net rather than myself. Finally, if you're confused by my address :) Turnpike is wholly owned by Demon, it just maintains a separate brand image. -- richard richard.clayton @ T U R N P I K E .com tel: +44 1306 732300 "Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM From pleyland@microsoft.com Wed, 4 Mar 1998 10:53:40 -0800 Date: Wed, 4 Mar 1998 10:53:40 -0800 From: Paul Leyland pleyland@microsoft.com Subject: Management of signature keys for government I hope Paul forgives me for reposting personal email, but the question is innocuous and the answer probably of general interest. A good starting point is http://ftp.clark.net/pub/cme/html/spki.html which is Carl Ellison's page on SPKI. Carl is one of the leading lights in the SPKI enterprise. Paul > ----Original Message----- > From: Paul Crowley [SMTP:paul@hedonism.demon.co.uk] > Sent: Wednesday, March 04, 1998 2:05 PM > To: Paul Leyland > Subject: Re: Management of signature keys for government > > Paul Leyland writes: > > It is for reasons such as these that SPKI certificates have explicit > > expiry dates, use only local names, and so on. The full story is > > far too long for me to go into here. > > Where can the full story be found? > > tia, > -- > __ > \/ o\ paul@hedonism.demon.co.uk \ / > /\__/ Paul Crowley -+- Linux really works /~\ From nbohm@ernest.net Wed, 04 Mar 1998 21:55:34 +0000 Date: Wed, 04 Mar 1998 21:55:34 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Management of signature keys for government At 03:29 4/03/98 -0800, Paul Leyland wrote: >> This emphasises the usefulness of a secure time-stamping service as a way >> of providing evidence of the times of signature of the contract and the >> delivery of the revocation (although such a service is not the only way of >> proving these things). > >There are those who would disgree strongly and as a matter of principle, >They point out that it is very difficult, if not impossible in principle, to >get differing observers to agree on the time of an event. Just as in >relativity, the concept of simultaneity is very slippery when considering >networked systems (and especially so for off-line systems). The best one >can often do (again as in relativity) is establish a causal relationship >between two events and one is forced to regard acausal events as occuring in >either order or simultaneously depending on which observer's opinion is >requested. The SPKI crowd have debated this point at great length. It is >for reasons such as these that SPKI certificates have explicit expiry dates, >use only local names, and so on. The full story is far too long for me to >go into here. > >What the time-stamping service really does, according to this picture, is >not to provide evidence of the *time* of an event, but to establish a causal >relationship between certain events. If I understand this, the difficulty arises from trying to scale up from the particular to the general. What I have in mind is the case where you believe that I have entered into a contract with you by signing a document (digitally). I then claim that before it was signed, I had already notified you of the revocation of the key. This comes down to the specific issue whether the signing of the document was done (or perhaps whether the signed document reached you) before the revocation reached you. In this context there does not seem much difference between the possible different ways of viewing the effect of time stamping. I can quite see that if one wants to achieve some globally valid instantaneous revocation effective against all possible recipients of signed documents, there would be very real difficulties with propagation speeds etc. That is why it seems to me that it must be the responsibility of the key user/issuer to communicate revocation to those whom he has invited to rely on the key; and it is his problem to prove the time of communication, not absolutely, but in relation to the time of signing or communicating of the document supposedly signed with the revoked key. I would have thought that the availability of reliable time stamping services would provide a helpful source of evidence for such purposes. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From I.Brown@cs.ucl.ac.uk Thu, 05 Mar 1998 11:41:26 +0000 Date: Thu, 05 Mar 1998 11:41:26 +0000 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: TPRG publications Publications from the LSE Technology Policy Research Group you might be interested in... Consultation and Contemplation -- What Has Gone Before Gus Hosein [http://techpolicy.lse.ac.uk/crypto/consult.html] A summary and analysis of submissions made to the DTI on their TTP proposals. "The cost of governments mandating the use of third parties and escrow is that no one will use the services..." The Real Politik of the Information Age Ian Angell [http://techpolicy.lse.ac.uk/crypto/real-politik.html] "The future doesn't become better, it becomes different. The pressure intrinsic in the stresses and strains of today's society is just lying dormant, waiting for the catalyst to trigger a chain reaction of change. Information technology is that catalyst, and it has created an explosive mixture which is unleashing unstoppable global economic and political forces. The certainties of the past are being blown apart; the future is being born on the so-called `information superhighways'." Ian :D From gladman@seven77.demon.co.uk Thu, 5 Mar 1998 17:29:36 -0000 Date: Thu, 5 Mar 1998 17:29:36 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: UK Personal Identity Cards My thanks to all those on the list that made suggestions for improvements to my on line survey of views on UK electronic identity cards. I have done my best to incorporate these where I felt I could sensibly do this. The survey is now active so please do have a look it and fill out the form to let me have your views on the issues involved. It is at: http://www.seven77.demon.co.uk/idc_svy.htm If there is sufficient interest in the survey I will report the results to this list. Brian Gladman From cacib@liberty.org.uk Thu, 5 Mar 1998 19:09:10 +0100 Date: Thu, 5 Mar 1998 19:09:10 +0100 From: Campaign Against Censorship of the Internet cacib@liberty.org.uk Subject: Economist crypto comment Tomorrow: Good leader column in tomorrow's Economist. http://www.economist.com/ ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib From cacib@liberty.org.uk Thu, 5 Mar 1998 19:52:02 +0100 Date: Thu, 5 Mar 1998 19:52:02 +0100 From: Campaign Against Censorship of the Internet cacib@liberty.org.uk Subject: Microsoft, Virgin Net I have responses to the DTI's latest non-announcement (i.e. not the March 1997 Green Paper) from Microsoft and Virgin Net. See http://www.liberty.org.uk/cacib/crypto.html ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib From nbohm@ernest.net Thu, 05 Mar 1998 21:35:49 +0000 Date: Thu, 05 Mar 1998 21:35:49 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: EU Crypto Free Trade Area At 12:08 3/03/98 GMT0BST, Yaman Akdeniz wrote: [snip] >The use of cryptographic software transmitted internationally may be >restricted by export regulations in the UK as in the US. The Export of >Goods (Control) Order 1994 as amended by The Dual-Use and Related >Goods (Export Control) Regulations 1995 (Customs and Excise, No. 271, >1995) apply to the exportation of cryptographic software from the UK. >The definition of cryptographic software is included in the Schedule >2, 5D2 of the Dual-Use and Related Goods (Export Control) Regulations >1995 and the export of this kind of regulated information requires an >export licence from the Department of Trade and Industry (section 9). >Failure to comply with the licence conditions may result in a maximum >of two years of imprisonment (Section 8). Thanks for these useful references. The 1995 Regulations are made not under the powers granted by general UK export control legislation, but under powers granted by the European Communities Act, and are made to implement an EC Decision (94/942/CFSP) and an EC Regulation (3381/94), both in the EC Official Journal No L367 of 31 December 1994. Assuming that the 1995 Regulations are validly made in conformity with the EC instruments, I would expect this to preclude any challenge to the UK rules on the grounds of their contravening EC law. The assumption is not necessarily valid: the UK has been accused in the past of gold-plating EC rules in the course of purporting to implement them, and might have gone too far. I prefer to leave the investigation of that possibility to an expert. The reference to cryptographic software in the 1995 Regulations (which is in fact in Schedule 1, not 2) is in Section D of Category 5, and is governed by the following note at the beginning of the Schedule, which seems to open up a useful loophole: *** quotation from Regulations *** GENERAL SOFTWARE NOTE (This note overrides any control within section D of Categories 0 to 9.) Categories 0 to 9 of this list do not control software which is either: a. Generally available to the public by being: 1. Sold from stock at retail selling points, without restriction, by means of: a. Over-the-counter transactions; b. Mail order transactions; c. Telephone order transactions; and 2. Designed for installation by the user without further substantial support by the supplier; or b. In the public domain. *** quotation ends *** "In the public domain" is defined in the Regulations as meaning "technology or software which has been made available without restrictions on its further dissemination (copyright restrictions do not remove technology or software from being "in the public domain")." This seems to open a fairly wide road, given the amount of public domain crypto software to be found nowadays. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From nbohm@ernest.net Fri, 06 Mar 1998 08:34:24 +0000 Date: Fri, 06 Mar 1998 08:34:24 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: EU Crypto Free Trade Area A further point I intended to make on the 1995 Export Control Regulations is that they control the export of GOODS. This is reflected in the note I quoted, with its references to sales from stock at retail outlets. Software can of course take the form of goods (as music can take the form of records), but it does not necessarily do so (as a concert performance is not a sale of goods). Diskettes and CDs containing software are no doubt controlled, but the Regulations do not appear to affect software downloaded from a website or attached to an email. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From sjmz@hplb.hpl.hp.com Fri, 06 Mar 1998 10:05:22 +0000 Date: Fri, 06 Mar 1998 10:05:22 +0000 From: Stefek Zaba sjmz@hplb.hpl.hp.com Subject: EU Crypto Free Trade Area Nicholas Bohm writes: > A further point I intended to make on the 1995 Export Control Regulations > is that they control the export of GOODS. This is reflected in the note I > quoted, with its references to sales from stock at retail outlets. > > Software can of course take the form of goods (as music can take the form > of records), but it does not necessarily do so (as a concert performance is > not a sale of goods). Diskettes and CDs containing software are no doubt > controlled, but the Regulations do not appear to affect software downloaded > from a website or attached to an email. Indeed - the topic of whether the Export Control Regulations cover "intangibles" has come up before on this list. I believe that "intangibles" would include software-as-bit-on-the-wire, but also other "things" which could be traded - insurance contracts, futures, ... The legal opinion I heard expressed from a real lawyer is that bits-on-the-wire are indeed not covered under a strict reading of the export regs: but that The Relevant Authorities have let it be known informally that companies trading in otherwise export-restricted goods which seek to evade export licensing would be considered to be deliberately flouting the spirit of the regulations. For companies which make their living this way, such flouting could be made uncomfortable in a variety of practical ways - government purchasing power, words in shell-like ears of prime contractors who might otherwise buy bits of crypto software from such grubby little scofflaws, etc. The pragmatic position therefore might be that if you rely on the "intangibles" provision *alone*, you should be prepared to be an interesting test case. Probably of more practical significance is the "mass market" exemption which Nicholas and Yaman have already pointed out: the export regs are worded to catch high-end special-installation-assistance-required (e.g. setting up a centralised key management facility) crypto capability such as an army's command-and-control system might use, while leaving the "password protection" of WordPerfect/MSWord/PKZip etc. uncaught. Given those two ends of the spectrum, it would seem a bizarrely unreasonable interpretation to consider (to take an example not exactly at random) a full-strength SSLified Web server (hi Ben :-) as "mass-market" rather than "hi-end custom installation by supplier". Of course in the particular case of Stronghold, the exemptions stack up particularly strongly: 1) it's software downloaded over the Net, hence intangible; 2) it's mass-market in the sense of the General Software Note; 3) it's public-domain - the source for Apache (and SSLeay) is explicitly and deliberately in the public domain; FTP archive sites of public-domain software seem to me to be in a similarly firmly expempt position in the UK. Obviously enough I'm not a lawyer, and this is not legal advice - it's an opinion from a techie with a dangerously little amount of apparent knowledge! General opinions from the legally qualified are more useful: neither flavour of opinion-expressed-on-the-net is a substitute for paid-for specific legal advice in your particular circumstances. Cheers, Stefek From I.Brown@cs.ucl.ac.uk Fri, 06 Mar 1998 14:40:49 +0000 Date: Fri, 06 Mar 1998 14:40:49 +0000 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: Today's Economist editorial is brilliant. A few choice quotes: "Confidence in encryption is essential for both Internet commerce and the protection of individual privacy. If businesses believe that confidential documents sent over the Internet can be hacked into, they won=92t send them. If credit-card transactions can be easily intercepted,= goods will not be purchased. If e-mails that individuals wish to keep private can be electronically steamed open, they will stay unwritten." "Powerful encryption is, in fact, an essential protection for the law-abiding. Who would be confident that keys would not get into the wrong hands, that trusted third parties could be trusted or that law-enforcement agencies would not abuse their new powers as they have done old ones, such as phone-tapping?" "Plans to control encryption software are futile and misguided" The only thing they could have added was the damage being done to critical information infrastructures by the suppression of exactly the software that would help protect them. Buy it! Ian :D From jya@pipeline.com Fri, 06 Mar 1998 09:57:34 -0500 Date: Fri, 06 Mar 1998 09:57:34 -0500 From: John Young jya@pipeline.com Subject: BXA 97 Report on Encryption The US Bureau of Export Administration issued its 1997 Annual Report on March 4. We've excerpted the sections on encryption, which summarize the administration's policy, goals and accomplishments: http://jya.com/bxa97-encry.htm (43K) Sample: In the nine month period from the transfer of commercial encryption items to Commerce through the end of FY 1997, BXA has received over 1,000 encryption license applications valued at more than $500,000,000. Forty companies have submitted commitment plans which lay out how they will build and market key recovery products. These companies include some of the largest software and hardware manufacturers in the country. BXA has approved 32 of these plans; none have been rejected. Furthermore, eight companies have submitted requests for a one-time review of key recovery encryption items which will facilitate the establishment of a key management infrastructure (KMI). Four of these products have been approved for eligibility under License Exception KMI. BXA has also approved four U.S. entities to serve as their own Key Recovery agents for these products (i.e. corporate "self-escrow"). From aba@dcs.ex.ac.uk Fri, 6 Mar 1998 15:26:56 GMT Date: Fri, 6 Mar 1998 15:26:56 GMT From: Adam Back aba@dcs.ex.ac.uk Subject: EU Crypto Free Trade Area Stefek Zaba writes: > Indeed - the topic of whether the Export Control Regulations cover > "intangibles" has come up before on this list. I believe that "intangibles" > would include software-as-bit-on-the-wire, I have a couple of documents on the web under: http://www.dcs.ex.ac.uk/~aba/ukexport/ and a supplement sheet apparently confirming Stefek's suggestion: > The Relevant Authorities have let it be known informally that > companies trading in otherwise export-restricted goods which seek to > evade export licensing would be considered to be deliberately > flouting the spirit of the regulations. in DTI's (?) own words, see: http://www.dcs.ex.ac.uk/~aba/dti-let.txt Also there is a less interesting DTI document "ECO Notice STU/1": http://www.dcs.ex.ac.uk/~aba/eco-stu1.txt > For companies which make their living this way, such flouting could > be made uncomfortable in a variety of practical ways - government > purchasing power, words in shell-like ears of prime contractors who > might otherwise buy bits of crypto software from such grubby little > scofflaws, etc. The pragmatic position therefore might be that if > you rely on the "intangibles" provision *alone*, you should be > prepared to be an interesting test case. I would be interested to hear of any cases where the DTI/CESG have turned down a tangible an export permission request. Any other DTI export documentation would be interesting also. If you talk to CESG about the topic of tangible exports they start to talk about requiring the crypto to be hard to modify (kind of hard to arrange if you are shipping source on the CD), and they are in general quite hard to pin down on their criteria for an exportable software system. I have a suspicion that the simplest thing to do may be to not talk to them (DTI and CESG) in the first place, unless you really are thinking of shipping something which you consider falls under the export licensing regulations (eg nuclear related, military related, or shipping to embargoed country). Talking to them when you are comfortably sure that your CD with software should be exempt under any reasonable interpretation of the regs just invites them to add stipulations which do not exist in the regs. I have been exporting T-shirts with an RSA implementation (the code in my sig) printed on them: http://www.dcs.ex.ac.uk/~aba/uk-shirt.html I have not asked permission of the DTI to do so. I think I exported a few to Russia if I remember rightly, as well as a number of other countries. A t-shirt is surely a tangible item. Any one in Baghdad want to order one? Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0 >Buy it! > .. or get it from the net: http://www.economist.co.uk/2tuQ9RmA/editorial/freeforall/current/ld4935.html ... Richard. Dr C.R.Snow Department of Computing Science University of Newcastle Newcastle upon Tyne, NE1 7RU United Kingdom. E-mail: C.R.Snow@newcastle.ac.uk Phone: +44 191 222 8064 Fax: +44 191 222 8232 WWW: http://www.cs.ncl.ac.uk/people/c.r.snow/ See home page (or public key server) for PGP public keys. PGP Key (RSA, length 1024). PGP Key ID: 864A1C95 PGP Key Fingerprint: A5E9 5684 A1F9 D08A 097C 7D31 91EC DE13 PGP Key (DSS/Diffie-Hellman, length 1024/2048). PGP Key ID: 5F6DF708 PGP Key Fingerprint: 5B9F B1CF 5C44 8467 AC3A CC81 3EA8 7458 5F6D F708 --PGPplugin/Eudora-5.0-25-529713010-1322923633 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0 for non-commercial use MessageID: YUADqntDCQwGY6DNzwWvxA8HEqw3v8T0 iQCVAwUBNQAZDcESzzaGShyVAQGRngP/VTxy+OxIQfaJHJdKnGAXOkXRDnMR7eMb t/4s7GI7QICVa0kNTItlkpop2s/XX/BbPzOJAHQmdQmjjifBYwQGWNNMDdDIl8uM ifsQwTNTTXClDiHt3EnEE9iNsyRZavxZ4NArcpVByimBt7hKLHb8I0Lomkk/TXLD e1OWbIW8bkI= =JreQ -----END PGP SIGNATURE----- --PGPplugin/Eudora-5.0-25-529713010-1322923633-- From tomt@harlequin.co.uk Fri, 06 Mar 1998 15:52:18 +0000 Date: Fri, 06 Mar 1998 15:52:18 +0000 From: Tom Thomson tomt@harlequin.co.uk Subject: BBC Online - Security and law enforcement: the government view 20/2/98 11:45GMT At 07:52 22/02/98 UT, Michael Bacon wrote: >> Law enforcement agencies say the free use of encryption is a danger to >> national security from a computer on the other side of the world, a >terrorist is at work. >> He is not making bombs or planning revolution. He might be remotely >> accessing the processing control systems of a cereal manufacturer to change the >> levels of iron and sicken and kill children innocently enjoying their food. He might >> attack air traffic control systems and cause the collision of two civilian >> aircraft. He could be doing anything. And he is almost impossible to trace. > >In this, the government appears to be following the doctrine of 'information >warfare'. Under most definitions this would appear to be Class II IW. The >potential exists to execute a similar scenario and has already been >demonstrated by 'hackers' - albeit with a 'theft of service' motive. > >None-the-less, I cannot easily see how the proposals would prevent such a >scenario. > So far as can see, the proposals do precisely the opposite: they increase the chance for such activity. The terrorist has to get into the cereal manufacturer's system, into the air traffic control system, and to do so he needs keys; escrow proposals just make one more place where those keys may be obtained. Tom Thomson email: tomt@harlequin.co.uk Harlequin Ltd Tel: +44 1625 58 8059 (direct line) 2 Queens Court +44 1625 58 8000 Wilmslow Rd Fax: +44 1625 58 8049 Alderley Edge Cheshire SK9 7QD From peter_dare@uk.ibm.com Fri, 6 Mar 1998 17:25:34 +0000 Date: Fri, 6 Mar 1998 17:25:34 +0000 From: Peter Dare peter_dare@uk.ibm.com Subject: The Long-Term Future of the Cryptography Policy Debate At 5pm on a Friday afternoon, at the end of a stressful week, Peter Dar= e (IBM) writes: When I got my physics degree in 1969 I joined the Institute of Physics,= and I have continued in membership ever since, mainly because of the excellen= t monthly magazine "Physics World". This month's edition, pushed through= my letterbox this morning, makes fascinating reading for followers of the cryptography debate. There's a picture of Alice and Bob on the cover (= so we finally get to know what they look like). Even more interesting are fo= ur separate articles inside on the subject of "Quantum Information". Asto= nishing but credible claims in these articles include the following. (I tried = to find if the articles or references to them are accessible from the IOP websi= te, but without any luck. (www.iop.org)) Quantum physics enables computers to be built that can be really massiv= ely parallel. You build one instance of the computer, but then let it run = in very many (and they mean very many) parallel universes at once. Because of = the nature of quantum physics it's possible, for some calculations, to get = the instance in each universe to do a different part of the calculation and= , at the end, to exploit quantum entanglement to get the answer to the problem b= ack into your own universe. (This is not fantasy or science fiction. The solid= physical principles behind all this have been known since the 1930's. = What's new is the idea of building a computer using these principles.) To quote one of the articles: "By some strange coincidence, several of = the superior features of quantum computers have applications in cryptograp= hy." That is, the calculations that are suitable to be performed in many uni= verses at once tend to be calculations connected with cryptography. "... qu= antum computers could factorise thousand-digit numbers in a fraction of a sec= ond, and the execution time would grow only as the cube of the number of digits = ..." (With classical computers, the execution time grows exponentially with = the number of digits and very soon the problem becomes intractable.) "... = any RSA-encrypted message recorded today will become readable moments after= the first quantum factorisation engine is switched on". The articles also explain how quantum computers can be used to break sy= mmetric algorithms very quickly. (The example given is DES.) But the advantag= e over classical computers is nowhere near as impressive as for factorisation.= I could find no mention of the other sorts of "difficult" problems on whi= ch assymmetric encryption is typically based (the finite field logarithm p= roblem, and elliptic curves). The articles explain other astonishing things as well. Turing's theory= is a trivial subset of a wider theory about quantum computing. Information = theory will eventually be shown to be a law of physics, not a theorem of mathe= matics. Indeed, because quantum computers will be able to prove mathematical th= eorems in a way that no classical method ever could, physics will take over fr= om mathematics as the basis of human thought. So what is the implication for crypto policy in the (very) long term? = (The articles predict that quantum computers will be ready in a matter of de= cades - but where there is motivation, human beings are actually quite good at = doing things faster than predicted.) If assymmetric cryptography had never b= een discovered, we'd be talking now about symmetric key distribution centre= s, rigid key management schemes and all the rest. In such an environment, for e= xample, the lawful access argument is very different because two cyberspace str= angers could not communicate securely with each other without escrowing a key = with a trusted third party. Will asymmetric encryption one day become unusable? How will integrity= be guaranteed where there is no secure method of digital signature? When w= ill the first quantum engines be built? Are governments already working on the= m secretly? And the most important question of all: will HMG's cryptogra= phy policy be announced before the first quantum switch-on, or are they pla= ying for time? :-) Peter Dare IBM United Kingdom Limited = From nbohm@ernest.net Fri, 06 Mar 1998 18:12:18 +0000 Date: Fri, 06 Mar 1998 18:12:18 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: The Long-Term Future of the Cryptography Policy Debate At 17:25 6/03/98 +0000, you wrote: >At 5pm on a Friday afternoon, at the end of a stressful week, Peter Dare (IBM) >writes: [material on quantum computing snipped] Much of this material has been semi-popularised (meaning I half understood it) by David Deutsch of the Clarendon Laboratory in "The Fabric of Reality". A worthwhile stimulating read (but no details of practical progress in quantum computing). Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From sjmz@hplb.hpl.hp.com Fri, 06 Mar 1998 19:17:40 +0000 Date: Fri, 06 Mar 1998 19:17:40 +0000 From: Stefek Zaba sjmz@hplb.hpl.hp.com Subject: The Long-Term Future of the Cryptography Policy Debate For anyone who wants to follow quantum crypto work in blow-by-blow detail, I can recommend (shameless plug!) the work of my colleagues in HPLabs Bristol; try http://www.hpl.hp.com/cgi-bin/AT-Tech_Reportssearch.cgi and ask the search engine for hits on the single word "quantum". There's a mixture of abstracts, full reports (some in useful Postscript or PDF, some as scanned images only), and a chance to order hardcopy. There are some interesting results emerging, both negative (e.g. quantum bit commitment protocols found to be necessarily insecure) and positive (quantum key distribution not only theoretically possible but demonstrated in practice at BT Labs over 10km of optical fibre, if I remember it right). Quantum computation faces some pretty stiff engineering challenges: the more simultaneous states you try to superpose (i.e. "solutions" you investigate at once), the harder it is to keep the whole thing from "losing it" (a deep technical term :-) In particular searching through 2**256 or so states, as you might want to do for factoring attacks on 1024-bit RSA, is more than marginally beyond the state of the theoretical art... for now... In the policy debate, note that quantum key distribution would again change the playing field: the whole point of quantum key distribution is that it gives you a *physically* secure channel, i.e. you can *tell*, reliably, if someone is snooping the fibre or whatever's carrying the quanta. (This works because the observer has to make an observation, thus changing the bits encoded by the quanta.) That makes the distinguishing law enforcement requirement - that the subject of a wiretap not know that s/he is under surveillance - impossible to achieve. Now there's a challenge for the would-be regulators - laws of the land vs. laws of physics... Stefek From roger@police.tas.gov.au Mon, 9 Mar 1998 10:06:50 +1100 Date: Mon, 9 Mar 1998 10:06:50 +1100 From: Roger Fleming roger@police.tas.gov.au Subject: The Long-Term Future of the Cryptography Policy Debate Stefek Zaba wrote: [...] >Quantum computation faces some pretty stiff engineering challenges: the more >simultaneous states you try to superpose (i.e. "solutions" you investigate >at once), the harder it is to keep the whole thing from "losing it" (a deep >technical term :-) In particular searching through 2**256 or so states, as you >might want to do for factoring attacks on 1024-bit RSA, is more than >marginally beyond the state of the theoretical art... for now...[...] You could say that again. For those who hadn't been aware of the progress of the quantum computer, one has actually been built, and used to factor the 4 bit "hard prime" number, 15. Rather delightfully, the core unit was a fresh cup of really hot tea !! (Well, nearly). The results of these experimenters seemed to suggest that one requires a distinct nuclear species per bit of the calculation, and that S/N ratio declines roughly as 1/2^(no of bits). (Somebody described this as now being able to add a time/signal strength tradeoff to the list of possible optimisations.) As such, no degree of refinement will be able to expand this device beyond around 50 to 60 bits, which is already trivial with ordinairy computers; so we can breathe a sigh of relief - for now. Of course it is possible someone will devise a much more efficient device than this "Mk I" quantum computer. The consequences of a processor that is able to instantaneously perform massively parallel computations of any size are almost unimaginable, and will go far beyond obliterating nearly all forms of crypto. From brownrk1@texaco.com Mon, 9 Mar 1998 05:01:53 -0600 Date: Mon, 9 Mar 1998 05:01:53 -0600 From: Brown, R Ken brownrk1@texaco.com Subject: The Long-Term Future of the Cryptography Policy Debate > Roger Fleming[SMTP:roger@police.tas.gov.au] wrote, in reply to Stefek > Zaba: > > Of course it > is possible someone will devise a much more efficient device than this "Mk I" > quantum computer. The consequences of a processor that is able to > instantaneously perform massively parallel computations of any size are > almost unimaginable, and will go far beyond obliterating nearly all forms of > crypto. I really don't understand why it should obliterate crypto. Surely, however fast the computation devices are, if the algorithm needed to decrypt is harder to run than the one needed to encrypt, decryption can always be made to take an arbitrarily long time by choosing a large enough key? Unless you are suggesting that computation will be *so* fast there isn't enough storage space for a large enough key, which I find hard to believe. Even if we were forced to use megabyte keys we could still encrypt useful messages on CDs or whatever replaces them and transport them by bike... ( there is no sign that network speeds will ever catch up with the amount of data in storage - the capacity of magnetic media has been increasing faster than bandwidth for ever (as far as electronic computers are concerned) and still is. So the ratio between how much data you store and how much you can send down a wire in a second will carry on growing. So there will still be a place for the bicycle messenger in the Brave New World) Of course it is possible that quantum devices might be too expensive for ordinary users to buy them. If governments, armies, banks, the mafia and so on will be able to afford them they might be able to decrypt the messages that the rest of us send - which is in practice the situation we have been living in since WW2 (we now have techniques that the rest of us can use that the spooks can't crack but most people don't yet use them). If they are cheap enough then we are back where we are now. My gut feeling is that this won't happen and that the exponential increase in the power of a single computing device that we have been used to will come to an end sometime between 5 and 50 years from now. When that happens everything changes. At the moment big business uses machines only 2 or 3 times more powerful than kids use to play games - and both use machines more powerful than the military put in the field (it is as if a Scalextrix toy car had half the speed of a Formula One racing machine and almost as much room for goods as a 20 ton lorry...) When the increase in chip power is hit singe computing devices will be between 10 and 10 million times faster than they are now (that's a safe bet I think!) and people who want faster machines will either have to run cold or run clever (by getting into massively paralel computers). In either case we are back to big machines with real plumbing - I suspect that the supercomputer (if not the mainframe) will have as large a niche in the 2020s as it did in the 1970s. But I doubt if they will be fast enough to crack 10 Kb keys in real time. From lawya@lucs-01.novell.leeds.ac.uk Mon, 9 Mar 1998 11:50:38 GMT0BST Date: Mon, 9 Mar 1998 11:50:38 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: Battle over e-mail encryption key - European Voice http://www.european-voice.com/thisweek/stories/STORY2.HTM Battle over e-mail encryption key - European Voice By Simon Coss ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From peter_dare@uk.ibm.com Mon, 9 Mar 1998 16:08:51 +0000 Date: Mon, 9 Mar 1998 16:08:51 +0000 From: Peter Dare peter_dare@uk.ibm.com Subject: The Long-Term Future of the Cryptography Policy Debate Can I just summarise again my original point: Quantum computers will be practical propositions within decades or poss= ibly years. Quantum computers are massively parallel. You don't have to accept the= many-worlds interpretation of quantum theory, but if you do it helps to= understand how that massively parallel functionality is achieved - by s= haring the computing effort between instances of the quantum computer across m= any (two to the power 48?) universes. Factorising the product of two large prim= e numbers will become a doddle. Whether or not symmetric algorithms are still workable, RSA (and - thou= gh I'm less sure of this - possibly other public key systems) will be much eas= ier to crack. The problem is - how do cyberspace strangers Alice and Bob now communicate using symmetric algorithms (which we will assume are still workable) without escrowing symmetric keys with a key distribution serv= ice? How, simply, do they agree on a symmetric key if they have never met? = And how will digital signatures work? Quantum cryptography - a different application from quantum computing -= may not help. Provided that Bell's inquality is violated (that is, provided th= ere are no local hidden variables) - and the experimental evidence overwhelming= ly supports the idea that the inequality is indeed violated in nature - th= en certainly Bob will always get more of the random bits that Alice transm= its than Eve (the eavesdropper) will do, and Alice and Bob can use those bits as= a basis for a symmetric algorithm, including even a one-time pad. But it requi= res a single physical path (for example, a continuous optic fibre) between Al= ice and Bob - something that is unlikely to be in place if Alice and Bob have n= ever met before. You can't use an Internet analogy. Store and forward, network= ing, are not options. Quantum states cannot be relayed. Peter Dare peter_dare@uk.ibm.com = From Denis.Russell@ncl.ac.uk Mon, 9 Mar 1998 16:35:49 +0000 Date: Mon, 9 Mar 1998 16:35:49 +0000 From: Denis.Russell@ncl.ac.uk Denis.Russell@ncl.ac.uk Subject: The Long-Term Future of the Cryptography Policy Debate At 4:08 pm +0000 9/3/98, Peter Dare wrote: >... But it requires a >single physical path (for example, a continuous optic fibre) between Alice and >Bob - something that is unlikely to be in place if Alice and Bob have >never met >before. You can't use an Internet analogy. Store and forward, >networking, are >not options. Quantum states cannot be relayed. ... Can the path (photons?) be switched using optical switching technology? If so, we will need not a packet switching, nor a cell switching, not even a (virtual)-circuit switching network, but either a photon-switching or a dark-fibre-switching network (if they are different). ... Denis. From J.Goldberg@Cranfield.ac.uk Mon, 9 Mar 1998 16:57:40 +0000 (GMT) Date: Mon, 9 Mar 1998 16:57:40 +0000 (GMT) From: Jeffrey Goldberg J.Goldberg@Cranfield.ac.uk Subject: The Long-Term Future of the Cryptography Policy Debate My feeling is that this discussion better belongs on sci.crypt than on this list, but until the list manager intervenes, I will continue. On Mon, 9 Mar 1998, Peter Dare wrote: > Can I just summarise again my original point: > > Quantum computers will be practical propositions within decades or possibly > years. > > Quantum computers are massively parallel. [...] I have not read any of the primary sources about quantum computing, so what I am going to say is pure prejudice. If someone who knows about these things and has thought about these things tells me I am wrong, I will accept that. My feeling is that quantum computing is a red herring wrt to factoring and other code breaking because (I suspect) moves the complexity from the running of the algorithm to the construction of the algorithm. The analogy I want to make is to very naive proposal that one precompile a complete list of primes in the relevant range and then factor in close to linear time. All that does is move the complexity from the run time portion to building the algorithm. I suspect that the number of nodes needed for a quantum computer to factor may grow very quickly with the size of the number being factored, so that in the end quantum computing will not offer a less complex way of factoring. Am I wrong about this? And what should I read to find out why? -j -- Jeffrey Goldberg +44 (0)1234 750 111 x 2826 Cranfield Computer Centre FAX 751 814 J.Goldberg@Cranfield.ac.uk http://WWW.Cranfield.ac.uk/public/cc/cc047/ Relativism is the triumph of authority over truth, convention over justice. From thomas.womack@merton.oxford.ac.uk Mon, 9 Mar 1998 17:45:45 -0000 Date: Mon, 9 Mar 1998 17:45:45 -0000 From: Thomas Womack thomas.womack@merton.oxford.ac.uk Subject: The Long-Term Future of the Cryptography Policy Debate >You could say that again. For those who hadn't been aware of the progress of >the quantum computer, one has actually been built, and used to factor the 4 bit >"hard prime" number, 15. Rather delightfully, the core unit was a fresh cup of >really hot tea !! (Well, nearly). Has anyone got a reference for this? I thought the current state of the art in quantum computation might manage to factorise 4 before the end of the millennium; I had read about the NMR-based methods, which looked as if they relied on ridiculously delicate manipulation of molecules but could take advantage of the very large number of molecules in a bulk sample, but I wasn't aware that anyone had factorised a number with them yet. Tom From m95ndf@ecs.ox.ac.uk Mon, 9 Mar 1998 20:15:07 +0000 (GMT) Date: Mon, 9 Mar 1998 20:15:07 +0000 (GMT) From: Nicolas D Fortescue m95ndf@ecs.ox.ac.uk Subject: The Long-Term Future of the Cryptography Policy Debate On Mon, 9 Mar 1998, Jeffrey Goldberg wrote: > My feeling is that this discussion better belongs on sci.crypt than > on this list, but until the list manager intervenes, I will continue. You're probably correct, but as a question was asked... > My feeling is that quantum computing is a red herring wrt to factoring > and other code breaking because (I suspect) moves the complexity from > the running of the algorithm to the construction of the algorithm. The > analogy I want to make is to very naive proposal that one precompile > a complete list of primes in the relevant range and then factor in > close to linear time. > > All that does is move the complexity from the run time portion to > building the algorithm. I suspect that the number of nodes needed > for a quantum computer to factor may grow very quickly with the size > of the number being factored, so that in the end quantum computing > will not offer a less complex way of factoring. > > Am I wrong about this? And what should I read to find out why? You are wrong. A quantum compututer can set up a superposition of 2^n states in linear time. The best introduction I know (but then I'm a biased local :) is: http://eve.physics.ox.ac.uk/NewWeb/Research/Tutorial/recherche.html which is linked to from: http://eve.physics.ox.ac.uk/QChome.html a good place to start for all things quantum. Nick From m95ndf@ecs.ox.ac.uk Mon, 9 Mar 1998 20:15:07 +0000 (GMT) Date: Mon, 9 Mar 1998 20:15:07 +0000 (GMT) From: Nicolas D Fortescue m95ndf@ecs.ox.ac.uk Subject: The Long-Term Future of the Cryptography Policy Debate On Mon, 9 Mar 1998, Jeffrey Goldberg wrote: > My feeling is that this discussion better belongs on sci.crypt than > on this list, but until the list manager intervenes, I will continue. You're probably correct, but as a question was asked... > My feeling is that quantum computing is a red herring wrt to factoring > and other code breaking because (I suspect) moves the complexity from > the running of the algorithm to the construction of the algorithm. The > analogy I want to make is to very naive proposal that one precompile > a complete list of primes in the relevant range and then factor in > close to linear time. > > All that does is move the complexity from the run time portion to > building the algorithm. I suspect that the number of nodes needed > for a quantum computer to factor may grow very quickly with the size > of the number being factored, so that in the end quantum computing > will not offer a less complex way of factoring. > > Am I wrong about this? And what should I read to find out why? You are wrong. A quantum compututer can set up a superposition of 2^n states in linear time. The best introduction I know (but then I'm a biased local :) is: http://eve.physics.ox.ac.uk/NewWeb/Research/Tutorial/recherche.html which is linked to from: http://eve.physics.ox.ac.uk/QChome.html a good place to start for all things quantum. Nick From goodyer@well.ox.ac.uk Mon, 09 Mar 1998 21:34:19 +0000 Date: Mon, 09 Mar 1998 21:34:19 +0000 From: Ian D. Goodyer goodyer@well.ox.ac.uk Subject: The Long-Term Future of the Cryptography Policy Debate -----BEGIN PGP SIGNED MESSAGE----- On Mon, 9 Mar 1998, Jeffrey Goldberg wrote: > My feeling is that this discussion better belongs on sci.crypt than > on this list, but until the list manager intervenes, I will continue. Yes, I agree we should try and keep the discussion to crypto legislation. However fascinating the topic we should try not to wander into general cryptology/tempest/pgp on this list. Thank you Jeffrey for suggesting it. A large number of important people subscribe to this list and lurk in the background listening to what we say. Not only are there leading academics and lawyers, there are also CESG, DTI and government representatives subscribed. For this reason I think that it is important that we try and stick to the topic in hand. I find it hard to stop threads (free speech thing really) and hope that the list will be self regulating in future. Thanks, Ian ukcrypto list owner -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5 Comment: comment iQCVAwUBNQRf76JSmGBRGHaRAQHB3gP/Vj9POrJA6tlrqldgjm30oeay4Uxp/YbG Qywm3emfyFdIxl72Ak9PjntToBCAbOV18rv3U0BcDp7O7W0WwzOeCz9NObYQ1nyM xxa0FRM+JkaDUrR8LOHTKfPLjXNzCiLXK1VurQNyD0PkCjKvXt7exjix7J8dRbHv tkCG6bdZCKI= =dhgv -----END PGP SIGNATURE----- From nbohm@ernest.net Mon, 09 Mar 1998 22:45:39 +0000 Date: Mon, 09 Mar 1998 22:45:39 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Legislating for the Long Term? What the points about quantum computing make clear (again) is how radically the relevant landscape can change. There is a lesson here for legislators, which is the futility of building castles in the air. What we need are the small, quick legislative tweaks that will help electronic commerce get itself established, not elaborate underpinnings for elaborate infrastructures that will become out of date before anyone has decided who might build what on top (and meanwhile make the whole enterprise seem far more difficult than it really is). Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From sjmz@hplb.hpl.hp.com Tue, 10 Mar 1998 09:40:07 +0000 Date: Tue, 10 Mar 1998 09:40:07 +0000 From: Stefek Zaba sjmz@hplb.hpl.hp.com Subject: Legislating for the Long Term? Nicholas writes: > What we need are the small, quick legislative tweaks that will help > electronic commerce get itself established, not elaborate underpinnings for > elaborate infrastructures that will become out of date before anyone has > decided who might build what on top (and meanwhile make the whole > enterprise seem far more difficult than it really is). Amen to that. This is in a nutshell a major part of what was so ill-conceived about the previous DTI proposals - they ignored existing practice (public-key crypto, CAs as directory publishers, semi-closed-group trading circles), and why the revised "indicators of emerging policy" are still muddled in conflating digital signature recognition with covert access to encrypted material, as recently eloquently and concisely pointed out by Microsoft in their recent communication ( http://www.liberty.org.uk/cacib/legal/crypto/microsoft.html ). Now, if even a lawyer like Nicholas, and a software company whose OSs I've been known to be rude about, can see this - let alone an all-wise, all-seeing individual like me :-) - what a shame the UK authorities seem fixated on key escrow as the only appropriate way of responding to law enforcement concerns! Stefek From S.J.Houghton@Bradford.ac.uk Tue, 10 Mar 1998 12:03:48 +0000 Date: Tue, 10 Mar 1998 12:03:48 +0000 From: Stanley J Houghton S.J.Houghton@Bradford.ac.uk Subject: The Long-Term Future of the Cryptography Policy Debate At 21:34 09/03/98 +0000, Ian D. Goodyer wrote: >On Mon, 9 Mar 1998, Jeffrey Goldberg wrote: > >> My feeling is that this discussion better belongs on sci.crypt than >> on this list, but until the list manager intervenes, I will continue. > >Yes, I agree we should try and keep the discussion to crypto legislation. >However fascinating the topic we should try not to wander into general >cryptology/tempest/pgp on this list. Thank you Jeffrey for suggesting >it. > >A large number of important people subscribe to this list and lurk in the >background listening to what we say. Not only are there leading >academics and lawyers, there are also CESG, DTI and government >representatives subscribed. For this reason I think that it is important >that we try and stick to the topic in hand. However, speaking as one with no technical expertise in quantum computing, I took notice of the warning that new technology may have the potential to break new barriers in factorisation. This is the first I have heard of it and I would have missed something crucial had the discussion been culled too soon. I am grateful for the insight. We spend our time extrapolating current growth rates and sometimes forget the sudden leaps in technology. I am interested in the legal implications of encryption and administration in practical application of encryption technology. Therefore, I am equally interested in technical change that could have such enormous impact on its application and security. I feel personally that you got it just about right in allowing a quick overview and pointers to further reading. Thanks Stanley Houghton University of Bradford From richard@turnpike.com Tue, 10 Mar 1998 12:52:51 +0000 Date: Tue, 10 Mar 1998 12:52:51 +0000 From: Richard Clayton richard@turnpike.com Subject: Legislating for the Long Term? In article <3.0.5.32.19980309224539.00e5ba50@mail.netkonect.co.uk>, Nicholas Bohm writes >What the points about quantum computing make clear (again) is how radically >the relevant landscape can change. There is a lesson here for legislators, >which is the futility of building castles in the air. > >What we need are the small, quick legislative tweaks that will help >electronic commerce get itself established, not elaborate underpinnings for >elaborate infrastructures that will become out of date before anyone has >decided who might build what on top (and meanwhile make the whole >enterprise seem far more difficult than it really is). I wonder if there is any consensus on what these "quick legislative tweaks" might be. There is fairly overwhelming rejection of "key escrow" in this community - but I also detect in the various submissions to the DTI made last year (and I am as guilty as anyone) a sense of "hoorah for raising the subject, something must be done" but, [in most cases] "however, this is not an acceptable thing to do". In the intervening year I've thought, and read, a lot more about the nature of identity and how we, as individuals, and in business, deal with strangers all the time, with limited amounts of knowledge of identity. We only take specific measures, dating back to Victorian times or even longer, to deal with the natural lack of trust when the sums involved become non-trivial. I am starting to wonder whether the signing of keys by statutory bodies, even with no escrow in sight, is really a substantial benefit. Do we really need to know _exactly_ who we're ordering our online books from ? If they turn up in the post that will be good enough for most of us, and if not, is a signed key going to get us our money back ? I think almost everyone believes that encryption is going to be a vital part of using the Internet for commerce, its open nature being otherwise a problem -- phonecalls or postal services which stay within the borders of Western democracies have, in general, avoided the need for security; though registered post and the courier are still important day-to-day features of commercial life. The Internet, is somehow different, though I think there's a certain amount of fear of the unknown in many peoples reactions, rather than an exact assessment of the risks. If one does accept that we need encryption to be more widely deployed than just "secure web sites" (a misnomer since the conversations are secure and the machines often are not!). The question then arises - is it lack of key signing which is holding back encryption ? is it the lack of standards ? is the lack of usable software. I'd suggest that the last of these was by far the most important practical issue. It's hard to see how any legal changes in one small island is going to make any difference to this (notwithstanding the export of InvisiMail from New Zealand and/or the Isle of Man). But this is special pleading... being a software builder I tend to see the problem as a software problem. The lawyers seem to see the problem as a tightly legal one (we need a law for digital signatures... but do we ? wouldn't a precedent do just as well ? and more flexibly). The people who want to run TTPs see the problem as being a need for laws to make them look like essential services.... (pay us more money, we're licensed by the DTI). I wonder, about "legislative tweaks". Are there areas where we actually need the law changed ? or can we all build the systems and services we need in the current framework ? I think what I am asking would be 'Is there actually anything "broken" to "fix" ?' A year ago I thought that addressing the issues was a good idea... but I'm coming around to a view that I would welcome a DTI announcement that they were going to forget about legislation, but that neverthess they thought encryption was a "jolly good thing". ie doing almost nothing might be best. If I'm wrong then please explain, and I'll change my mind again :) -- richard richard.clayton @ T U R N P I K E .com http://www.demon.net/news/features/crypto/ for Demon's views on crypto "Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM From Ross.Anderson@cl.cam.ac.uk Tue, 10 Mar 1998 15:49:52 +0000 Date: Tue, 10 Mar 1998 15:49:52 +0000 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Unpleasant EU move on encryption The EU is about to issue a wide-ranging directive to ban unauthorised decryption of commercial traffic. This is a result of lobbying by Rupert Murdoch; its stated goal was to make it illegal to sell pirate TV decoders. The overt justification was the difficulty Murdoch had in the 1980's and early 90's in closing down pirate pay-TV operators in Ireland and Germany. That problem has now been fixed but the EU machine still grinds on towards a directive. Until very recently, the proposed directive: just covered pirate decoding devices made available for sale. However, the DVB lobby wanted it toughened up still further: and they managed to get an amendment quietly put through the European parliament last month: according to which member states will have to criminalise the "... provision of information concerning activities and measures facilitating unauthorized access" (page 8, Amendment 12, c2). The problem this poses the IT community is threefold. (1) As the proposed directive also covers electronic shopping, member states will have to make it an offence to break 40-bit SSL keys (or even to own a copy of Bruce Schneier's SSL-breaking screensaver :-). By extending it to cover the provision of information, the amendment could result in attendees at conferences such as Eurocrypt becoming criminals. This would make it impossible to hold security conferences in Europe. It would certainly make my web page illegal (papers such as `Tamper Resistance - A Cautionary Note' and `Why Cryptosystems Fail' would be contraband). It might even become an offence for people supervising computer science here at Cambridge to help undergraduates with the solution of past exam questions. (2) Furthermore, the amendment extends the scope of the directive from payment systems to encompass all technical means whereby access to a service is made conditional on a prior individual authorisation by the service provider. So I might be liable to prison for having made my .netscape/cookies file read-only; my mail filter might also get me into trouble. (There could be a conflict of laws here as filtering measures undertaken by European ISPs to comply with EU data protection and obscenity laws might be illegal under the amended directive.) (3) If Murdoch gets away with all this - or even with the original, unamended, directive - then the DTI/GCHQ/NSA people can argue that 40 bit crypto is enough: `if you merely want to protect commercial transactions, strong laws are more effective that strong algorithms. People attack systems like pay-TV because the penalties are perceived to be light or non-existent; they don't attack the (much weaker) funds transfer systems used by banks as even an attempt gets you jail time.' This argument didn't cut much ice with Vladimir Levin, but there is a strong technophobic consitituency in government that believes in legal fixes for everything and which will love the spooks' argument. Anyway, the main effect of this directive will be to put a serious damper on research, development and the commercial exploitation of cryptography and systems based on it throughout the whole community (which the spooks will also like). In the process, it will hand billions of ECU worth of business to the Americans on a plate. There is resistance to it on these grounds even in the Commission (the amendment was faxed to us yesterday by an EU insider who wants to raise the alarm). See for more details. Ross From octobersdad@reporters.net Tue, 10 Mar 1998 15:30:37 +0000 Date: Tue, 10 Mar 1998 15:30:37 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message , Richard Clayton writes >A year ago I thought that addressing the issues was a good idea... but >I'm coming around to a view that I would welcome a DTI announcement that >they were going to forget about legislation, but that neverthess they >thought encryption was a "jolly good thing". ie doing almost nothing >might be best. > >If I'm wrong then please explain, and I'll change my mind again :) Good essay, Richard. I agree basically. Now then. I take it everyone (almost) here has heard/read about the coalition formed in the states to fight the escrow/ttp plans there. Is anyone here attempting to form such a coalition? If so, how do I sign up? If not, why not? > tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From cacib@liberty.org.uk Tue, 10 Mar 1998 17:57:45 +0100 Date: Tue, 10 Mar 1998 17:57:45 +0100 From: Campaign Against Censorship of the Internet cacib@liberty.org.uk Subject: Legislating for the Long Term? > Now then. I take it everyone (almost) here has heard/read about the > coalition formed in the states to fight the escrow/ttp plans there. > Is anyone here attempting to form such a coalition? > > If so, how do I sign up? > > If not, why not? There are a variety of entities fighting these plans. They run web sites, write papers, talk to journalists and push news items, talk to IWF members, and sometimes talk to the government...well, Nigel Hickson. These entities include individuals, civil liberties groups and businesses. The civil liberties groups are usually small in their executive and co-operate online. They include Cyber-right and Cyber Liberties UK, Netfreedom, and CACIB. GILC is an international coalition of many groups. What do you want to do to help out? If you want to help collect news, format pages, write reports or press releases and so on, I'd love to have your help. The difference with "Americans for Computer Privacy" is that they collected enough money from business for a big professional lobbying effort. While the lavish scale of American political advertising isn't possible in the UK, even entry-level professional lobbying requires fairly significant sums. IMO it would be extremely difficult to collect these solely from individuals' subscriptions. Of course, if you have access to the sort of funding that could run a full-time office then there is a lot more that could be done. A list of links to other UK-based groups is at: http://www.liberty.org.uk/cacib/uklinks.html My apologies to anyone this misses out. Please mail me with additions. Regards, Malcolm Hutty. ----------------------------------------------------------------- Campaign Against Censorship Tel: 0171 589 4500 of the Internet in Britain Fax: 0171 589 4522 e-mail: cacib@liberty.org.uk Say NO to Censorship Web: http://www.liberty.org.uk/cacib From gladman@seven77.demon.co.uk Tue, 10 Mar 1998 17:20:41 -0000 Date: Tue, 10 Mar 1998 17:20:41 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Legislating for the Long Term? Richard Claydon wrote: >In article <3.0.5.32.19980309224539.00e5ba50@mail.netkonect.co.uk>, >Nicholas Bohm writes > >>What the points about quantum computing make clear (again) is how radically >>the relevant landscape can change. There is a lesson here for legislators, >>which is the futility of building castles in the air. >> >>What we need are the small, quick legislative tweaks that will help >>electronic commerce get itself established, not elaborate underpinnings for >>elaborate infrastructures that will become out of date before anyone has >>decided who might build what on top (and meanwhile make the whole >>enterprise seem far more difficult than it really is). > >I wonder if there is any consensus on what these "quick legislative >tweaks" might be. [material deleted] >I am starting to wonder whether the signing of keys by statutory bodies, >even with no escrow in sight, is really a substantial benefit. Do we >really need to know _exactly_ who we're ordering our online books from ? >If they turn up in the post that will be good enough for most of us, and >if not, is a signed key going to get us our money back ? I think you are right - for the most part it is hard to see why independent third party CAs will play that much of a role in the use of cryptography to provide confidentaility or authentication. If they ever had a role in confidentiality (which is doubtful anyway) then the US and UK govenments could hardly have done a better job than they have in killing this off through their promotion of key escrow. In considering authentication for individual consumers, most paper documents and signatures are not seriously authenticated and most businesses seem to have survived and prospered within such an environment without major difficulties. For consumers, therefore,a self-certified digital signature should work well and it is hence hardly a surprise to find that such electronic commerce as there is works well enough with little more than this. Of course this may be because a global trusted infrastructure in the form of credit cards is already in place but this is exactly the point - whereas we can expect this new technology to be used in an evolutionary way to add efficiency and effectiveness to existing trust relationships, it is most unlikely to be used to implement any essentially new ones (except in the very long term). For 'business to business' relationships the banks have provided a basis for global trust but again it is hard to see why they would hand this crucial aspect of their business to outsiders when they can simply operate their own CA functionality in a closed environment. Given that it has taken them many decades to establish their record for trust and reliability why on earth would they suddenly make this dependent on a new and relatively untried technology operated by third parties with no experience in banking? Add to this the prospect of key escrow, costly licensing provisions and heavy handed government control and an already precarious business case becomes a completely untenable one. CA products yes, but third party CA services don't seem to make much business sense (except, possibly, in one or two specialised areas). >If one does accept that we need encryption to be more widely deployed >than just "secure web sites" (a misnomer since the conversations are >secure and the machines often are not!). The question then arises - is >it lack of key signing which is holding back encryption ? is it the lack >of standards ? is the lack of usable software. I'd suggest that the last >of these was by far the most important practical issue. I doubt that this is the real cause (although it is an artifact). Although many factors are involved I suspect that the biggest single one has been the concerted action by a number of nations, led by the US, to prevent the development of any global cryptographic product market for fear that this would undermine their intelligence collection capabilities. The UK has certainly allowed its policies to be dominated by such arguments. In fact I am inclined to believe that this was a valid stance until the mid-1980s but since then it has become ever more suspect. Despite the need for change, however, the power and the influence of the intelligence agencies (within the US government scene in particular) is such that they have been able to sustain their side of the argument well beyond its 'sell by date'. >A year ago I thought that addressing the issues was a good idea... but >I'm coming around to a view that I would welcome a DTI announcement that >they were going to forget about legislation, but that neverthess they >thought encryption was a "jolly good thing". ie doing almost nothing >might be best. > >If I'm wrong then please explain, and I'll change my mind again :) Doing nothing would be far better than their last attempt. I suspect this may also be true of their next attempt. If, however, the UK government is really serious about their stated desire to promote electronic commerce, they should simply introduce legislation to remove all existing (export) controls on cryptographic products. The positive effect of this single action will be orders of magnitude greater than any attempt to promote the market through TTP based legislation. Brian Gladman From I.Brown@cs.ucl.ac.uk Tue, 10 Mar 1998 21:17:39 +0000 Date: Tue, 10 Mar 1998 21:17:39 +0000 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: Legislating for the Long Term? > Do we really need to know _exactly_ who we're ordering our online > books from ? And, does the online book store need to know *exactly* who their customers are? No -- they just want assurance of payment. > If they turn up in the post that will be good enough for most of us, and > if not, is a signed key going to get us our money back ? And, of course, if we've paid by credit card and the supplier is dodgy, our credit card company will refund us the money. Ian :D From I.Brown@cs.ucl.ac.uk Tue, 10 Mar 1998 21:59:49 +0000 Date: Tue, 10 Mar 1998 21:59:49 +0000 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: NEW POWERS IN PIPELINE TO SNOOP ON BUSINESS MAIL ON SUNDAY March 8, 1998, Pg. 56 NEW POWERS IN PIPELINE TO SNOOP ON BUSINESS By Matthew Fletcher THE government is planning a 'snooper's charter' that will allow it to eavesdrop on the secrets of big business. It will cause uproar among banks, exporters, retailers and other big companies that send their most sensitive information - contract details, payments, business transactions and details of competitive tenders - via encoded communications. Companies are particularly concerned because an Anglo-American agreement means that US intelligence services could also access sensitive information. Government proposals, due to be announced shortly, will give Britain's police agencies powers to read messages that have been deliberately scrambled by companies to prevent them falling into rivals' hands. In a move to beat terrorism and serious crime, they will have access to all communications sent by companies or individuals via phones, fax machines and email. Department of Trade and Industry minister Barbara Roche is believed to be keen to push proposals first mooted last year by the Conservative government, which would license telecom or software companies selling encryption services. But as part of the licensing process she is also expected to require that codes to unlock sensitive encrypted files be made available to law enforcement agencies. 'It would be the equivalent of leaving your front door key with the police in case they wanted to snoop around,' said James Gardner, a spokesman for Demon Internet, the UK's largest Internet service provider. The proposals could deliver a death blow to business transactions over the Internet in Britain and damage UK competitiveness. Gardner added: 'Confidence in encryption is key to electronic commerce. If the proposals are adopted as they stand, there is a grave danger that businesses simply will not use the Net.' Stefek Zaba, principal engineer at Hewlett-Packard Research Laboratories in Bristol, said: 'The DTI's proposals talk about tackling terrorist organisations and serious crime. But the idea that criminals will use a government-approved scheme is difficult to swallow.' Britain is already a signatory to a pact agreed between the European Commission and the FBI in 1996. This sets up common standards for makers of telecom equipment, making it easier for intelligence agencies to tap emails and phone calls. A draft convention is due to be debated later this month in Brussels to give EU member countries new legal powers to exchange information gleaned from domestic telecommunications traffic. Tony Bunyan of political watchdog body Statewatch said: 'Together, the convention and the UK's encryption plans are setting up the potential for placing almost every activity under surveillance.' Financial Mail reported last week that businesses have voiced fears that some governments, particularly America's, have used intelligence services to help companies win international contracts, especially in the defence industry. From nbohm@ernest.net Tue, 10 Mar 1998 22:40:48 +0000 Date: Tue, 10 Mar 1998 22:40:48 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Legislating for the Long Term? At 12:52 10/03/98 +0000, Richard Clayton wrote: >In article <3.0.5.32.19980309224539.00e5ba50@mail.netkonect.co.uk>, >Nicholas Bohm writes [snip] >>What we need are the small, quick legislative tweaks that will help >>electronic commerce get itself established, not elaborate underpinnings for >>elaborate infrastructures that will become out of date before anyone has >>decided who might build what on top (and meanwhile make the whole >>enterprise seem far more difficult than it really is). > >I wonder if there is any consensus on what these "quick legislative >tweaks" might be. [snip] >I wonder, about "legislative tweaks". Are there areas where we actually >need the law changed ? or can we all build the systems and services we >need in the current framework ? I think what I am asking would be 'Is >there actually anything "broken" to "fix" ?' [snip] Put very shortly: 1 Some things which statute requires to be done "in writing" use a definition of writing which does not extend to electronic materials; it would be good to extend the definition. 2 It would be useful for legislation to lay to rest any doubts (probably erroneous) about whether a digital signature is a signature. 3 Where a document is required to be signed in the presence of a witness who then signs it, some adaptation for digital signatures might make this easier to achieve than it probably is at the moment. 4 You cannot give away your handwritten signature, so don't need to be able to revoke it. As a result, there is no existing law that deals directly with signature revocation, although common law principles would step in. It might be useful to spell out a right to revoke a digital signature by notice to those to whom the owner had supplied it. (Here of course is the relevance of evidence about what had been signed before notice of revocation had effectively been given.) I have written about this at greater length in an article published at . As well as being useful in themselves, the tweaks would also serve to provide a bit of welcome blessing for digital transactions, PROVIDED ALWAYS the blessing is not mixed with TTPs and private key deposit. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From Ross.Anderson@cl.cam.ac.uk Wed, 11 Mar 1998 08:45:59 +0000 Date: Wed, 11 Mar 1998 08:45:59 +0000 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Legislating for the Long Term? Brian wrote: > CA products yes, but third party CA services don't seem to make much > business sense (except, possibly, in one or two specialised areas). If you look at the uptake of just about any technology it follows two phases: replacing existing mechanisms, followed (often a generation later) by the discovery of new possibilities. For example, the railway companies started out in the mid-19th century by replacing the more profitable stagecoach routes; a generation later, they had discovered the market appeal of suburbs and the huge profits that could be made by coupling residential housing development with commuter lines feeding the growing middle class into the cities. A prudent man will assume the same model as businesses and professions go electronic. First generation systems will either involve no third party at all - they will support a direct relationship between bank and customer, between doctor and patient etc - or will be electronic versions of existing directory services such as the Medical Register. This raises the question of why governments should rush to get into the directory publishing business, just when they are trying to divest all their non-core assets. Directory publishers have done just fine for centuries and have never in the past been considered to be a core business of government. Surely this can't be the logical consequence of the invention of public key cryptography? Ross From nbohm@ernest.net Wed, 11 Mar 1998 09:11:00 +0000 Date: Wed, 11 Mar 1998 09:11:00 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Legislating for the Long Term? At 08:45 11/03/98 +0000, Ross Anderson wrote: [snip] >This raises the question of why governments should rush to get into >the directory publishing business, just when they are trying to divest >all their non-core assets. Directory publishers have done just fine >for centuries and have never in the past been considered to be a core >business of government. Surely this can't be the logical consequence >of the invention of public key cryptography? Motives are no doubt mixed, different internal empires of government having different objectives and motives. Part of it clearly rests on the conviction that promoting CAs, TTPs etc is the only way for government to get the sort of access to keys that it wants. Part of it rests, less conspiratorially, on a very typical form of communication failure between "technolgy" and "business". Technology analyses a business environment from theoretical first principles, reaches tentative conclusions about business requirements, and builds them into a system as assumptions. Technology presents the design to business. Business assumes that the assumptions made by technology are driven by deep incomprehensible technical reasons which it wouldn't understand if it asked, so it approves. Technology believes that business has confirmed its assumptions about business requirements. So it goes in iterative cycles until only the ship meeting the iceberg wakes everyone up. I used to see this happening when I was technology partner of a large law firm, and it wasn't at all easy to stop. I think this process has driven much of the third party infrastructure efforts. Government encouragement, some of it clearly for the wrong reasons, will do nothing to help bring in some common sense. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From geoffrey@jcp.co.uk Wed, 11 Mar 1998 10:54:54 +0000 Date: Wed, 11 Mar 1998 10:54:54 +0000 From: Geoffrey Leeming geoffrey@jcp.co.uk Subject: Unpleasant EU move on encryption Well, I read Ross's email with mounting scepticism, and as I read the directive I thought he was going off the deep end a bit, as the directive seems to be quite well targetted, and clearly defines the scope NOT to include "the confidentiality of private communications and the security of financial transactions". However, having read the amendment, I apologise to Ross for the momentary doubt. It does, indeed, appear to attempt to outlaw the study and tuition of cryptanalysis under Amendment 12(c3). It also amends the definition of "illicit device" to include any equipment or software "... which in any way enables such unauthorised access", which clearly includes cryptanalytic tools such as Schneier's screensaver. He and his 'EU insider' are right to want to raise the alarm. Seeing as the deadlines for objections are reasonably close (March 18th is the first deadline), who is going to voice an objection? Is it worth attempting to interest the media in this? Crypto may be too technical a subject for most broadcasters, but "EU outlaws Mathematicians" would make a nice headline! If this is a Murdoch-sponsored amendment as Ross implies, the various members of the anti-Murdoch media (Guardian & BBC immediately spring to mind) might be interested in having a pop. Ross Anderson wrote: > The EU is about to issue a wide-ranging directive to ban unauthorised > decryption of commercial traffic. This is a result of lobbying by > Rupert Murdoch; its stated goal was to make it illegal to sell pirate > TV decoders. The overt justification was the difficulty Murdoch had in > the 1980's and early 90's in closing down pirate pay-TV operators in > Ireland and Germany. That problem has now been fixed but the EU > machine still grinds on towards a directive. > > Until very recently, the proposed directive: > > > > just covered pirate decoding devices made available for sale. > However, the DVB lobby wanted it toughened up still further: > > > > and they managed to get an amendment quietly put through the European > parliament last month: > > > > according to which member states will have to criminalise the > "... provision of information concerning activities and measures > facilitating unauthorized access" (page 8, Amendment 12, c2). > > The problem this poses the IT community is threefold. > > (1) As the proposed directive also covers electronic shopping, member > states will have to make it an offence to break 40-bit SSL keys (or > even to own a copy of Bruce Schneier's SSL-breaking screensaver :-). > By extending it to cover the provision of information, the amendment > could result in attendees at conferences such as Eurocrypt becoming > criminals. This would make it impossible to hold security conferences > in Europe. It would certainly make my web page illegal (papers such as > `Tamper Resistance - A Cautionary Note' and `Why Cryptosystems Fail' > would be contraband). It might even become an offence for people > supervising computer science here at Cambridge to help undergraduates > with the solution of past exam questions. > > (2) Furthermore, the amendment extends the scope of the directive from > payment systems to encompass all technical means whereby access to a > service is made conditional on a prior individual authorisation by the > service provider. So I might be liable to prison for having made my > .netscape/cookies file read-only; my mail filter might also get me > into trouble. (There could be a conflict of laws here as filtering > measures undertaken by European ISPs to comply with EU data protection > and obscenity laws might be illegal under the amended directive.) > > (3) If Murdoch gets away with all this - or even with the original, > unamended, directive - then the DTI/GCHQ/NSA people can argue that 40 > bit crypto is enough: `if you merely want to protect commercial > transactions, strong laws are more effective that strong algorithms. > People attack systems like pay-TV because the penalties are perceived > to be light or non-existent; they don't attack the (much weaker) funds > transfer systems used by banks as even an attempt gets you jail time.' > This argument didn't cut much ice with Vladimir Levin, but there is a > strong technophobic consitituency in government that believes in legal > fixes for everything and which will love the spooks' argument. > > Anyway, the main effect of this directive will be to put a serious > damper on research, development and the commercial exploitation of > cryptography and systems based on it throughout the whole community > (which the spooks will also like). In the process, it will hand > billions of ECU worth of business to the Americans on a plate. There > is resistance to it on these grounds even in the Commission (the > amendment was faxed to us yesterday by an EU insider who wants to > raise the alarm). > > See for more details. > > Ross From brownrk1@texaco.com Wed, 11 Mar 1998 06:03:23 -0600 Date: Wed, 11 Mar 1998 06:03:23 -0600 From: Brown, R Ken brownrk1@texaco.com Subject: Unpleasant EU move on encryption It looks even worse than Ross said: I'm no lawyer but amendment 12 (c1) "Member states shall prohibit on their territory [...] the advertising and provision of information concerning the manufacture, import, sale and availability in general of illicit devices" sounds as if it could ban any discussion at all about decoders? Even the DVB's own website provides information about the "manufacture, import, sale and availability" of the devices - if only their claim that they are over 200 million quid short this year. > Surely they can't mean that? Maybe the amenders don't want the law > passed & so are making it obviously unreasonable? (OK, that's probably > paranoia brought about by reading Trollope over 140 years ago has the > government proposing a bill to allow Protestant clergymen to inspect the > clothing of nuns, in order to provoke Irish Catholic MPs to walk out of > Parliament, so that they can get an unpopular free trade bill > through...) > > > Ross Anderson wrote: > > > The EU is about to issue a wide-ranging directive to ban unauthorised > > decryption of commercial traffic. This is a result of lobbying by > > Rupert Murdoch; its stated goal was to make it illegal to sell pirate > > TV decoders. > [snip] > > and they managed to get an amendment quietly put through the European > > parliament last month: > > > > > > > [snip] From alan@kable.co.uk Wed, 11 Mar 1998 15:28:38 GMT Date: Wed, 11 Mar 1998 15:28:38 GMT From: Alan Burkitt-Gray alan@kable.co.uk Subject: Unpleasant EU move on encryption Geoffrey Leeming wrote: >Seeing as the deadlines for objections are reasonably close (March 18th is the first >deadline), who is going to voice an objection? > >Is it worth attempting to interest the media in this? Crypto may be too >technical a subject for most broadcasters, but "EU outlaws Mathematicians" >would make a nice headline! If this is a Murdoch-sponsored amendment as >Ross implies, the various members of the anti-Murdoch media (Guardian & >BBC immediately spring to mind) might be interested in having a pop. > No, as a journalist I can promise that "EU outlaws mathematicians" would not make a good headline. No one in the general media cares much about mathematicians, except when they solve ancient theorems that most of us don't understand anyway. If you want to stir up interest you have to find something that will interest the public, or a section of the public (preferably influential). That means moving away from saying this law will stop people receiving digital TV without paying. Most people who want to receive subscription TV (me included) pay for it, just like we pay phone bills and our ISPs. (And remember that the BBC also has an interest in stopping people receiving its digital TV signals without paying or in territories it wants to block. So the BBC's media correspondents might find it difficult to rock the corporate boat too hard.) You need to find a good old "economic harm" argument: hitting the future commercial development of the information superwotsit, that sort of thing. The Murdoch twist is a good one, but it's only an ironic twist in the intro: "Legislation designed to stop people receiving digital Sky without paying could hit Europe's lead in electronic commerce..." is the sort of thing that'll get pro-e-commerce MPs and Lords interested. Government Computing, an independent (not Govt-owned or controlled) monthly magazine that I edit, will probably carry something in the next issue: I was planning to do something about digital TV, ho ho, in the next issue - looking at how it could be used to deliver public services via Internet access, etc. However e-commerce and digiital TV are sidelines for us, really, and you might be best advised to try Barry Fox at New Scientist, who has been following the digital TV story closely. He is good for taking appropriate aims at corporate giants and picking up odd twists and turns. As a freelance rather than a staff member he also writes for a wide range of other outlets. New Scientist is read widely by MPs and other "opinion formers", and has a good record of having stories picked up by the rest of the media. Alan Burkitt-Gray Editor Government Computing alan@kable.co.uk - ALAN BURKITT-GRAY, Editor Government Computing The independent magazine about information age public service, for the people who are going to make it happen Next issue: April 1998, despatched Wednesday 25 March Published by Kable Ltd, The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel 0171 608 0900; fax 0171 608 0916 website http://www.kable.co.uk e-mail alan@kable.co.uk From jya@pipeline.com Wed, 11 Mar 1998 20:11:52 -0500 Date: Wed, 11 Mar 1998 20:11:52 -0500 From: John Young jya@pipeline.com Subject: HOC Library on US Sigint in Europe Simon Hossack has sent us a copy of a letter to Oliver Heald MP (UK) from the House of Commons Library on US signals intelligence in Europe, with focus on Menwith Hill. It is an answer to Mr. Heald's request for information on the charge of US spying in the EP-STOA report as described by Duncan Campbell and Nicky Hager. The letter documents successive parlimentary and journalistic inquiries about the USA/UK 50-years-long arrangement for joint intelligence and HMG's answers. http://jya.com/hoc-ussigint.htm From pgut001@cs.auckland.ac.nz Thu, 12 Mar 1998 14:30:25 (NZDT) Date: Thu, 12 Mar 1998 14:30:25 (NZDT) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: EU Crypto Free Trade Area Nicholas Bohm writes: >[Standard COCOM/Wassenaar software note] > >This seems to open a fairly wide road, given the amount of public domain >crypto software to be found nowadays. Are you sure the regulations don't include a little footnote somewhere which creates another exception specifically for encryption software? The pre-1996 European versions and Candian version don't have this, but most 1996 and later versions do seem to have it. Peter. From gladman@seven77.demon.co.uk Thu, 12 Mar 1998 08:41:59 -0000 Date: Thu, 12 Mar 1998 08:41:59 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: HOC Library on US Sigint in Europe The part of this that should get the media interested is the possibility that an 'agreement' exists between NSA and GCHQ to avoid the legal constraints within their own jurisdictions by each getting the other to do their dirty work for them. It is interesting to speculate how such an agreement could be concluded and in whose name(s) it would be made. In practice I think that this would have to operate through ambiguities and loopholes in a legal framework for co-operation. Of course if such activities are undertaken it would demonstrate a complete contempt on the part of NSA and GCHQ for democratic processes in the US and the UK. Why do I doubt that the senior parties to such actions would ever openly admit to their conduct? And, since the last government changed the Official Secrets Act to specifically exclude a public interest defence, those who know the truth and might be prepared in the interests of democracy to come forward, are denied the ultimate defence that would have protected them in such circumstances. And we are led to believe that the UK is a democracy! Irrespective of the truth or otherwise of these allegations, I do believe that this well illustrates the extreme dangers of allowing powerful forces in society to operate in extreme secrecy and with very little in the way of accountability for (or publicly accountable scrutiny of) what they do. Closer to home, GCHQ's policies on cryptography have consistently favoured their information exploitation role at the expense of protective information security for the UK. Given that we are now seeing some evidence of just how strong US/UK intelligence links really are, our partners in Europe might well ask themselves why the UK in particular has been in the forefront of efforts in Europe to prevent effective pan-European R&D in the cryptography field. Brian Gladman -----Original Message----- From: John Young To: ukcrypto@maillist.ox.ac.uk Date: 12 March 1998 01:10 Subject: HOC Library on US Sigint in Europe >Simon Hossack has sent us a copy of a letter to Oliver Heald >MP (UK) from the House of Commons Library on US signals >intelligence in Europe, with focus on Menwith Hill. It is an answer >to Mr. Heald's request for information on the charge of US >spying in the EP-STOA report as described by Duncan Campbell >and Nicky Hager. > >The letter documents successive parlimentary and journalistic >inquiries about the USA/UK 50-years-long arrangement for joint >intelligence and HMG's answers. > > http://jya.com/hoc-ussigint.htm > > > From irj@btc.uwe.ac.uk Thu, 12 Mar 1998 11:04:42 GMT Date: Thu, 12 Mar 1998 11:04:42 GMT From: Ian Johnson irj@btc.uwe.ac.uk Subject: Todays 12-Mar Computing A lovely typo in the article on Anderson & Kuhn's Tempest work: "Is Anderson working on any other ideas to help guard against software privacy?" ======= :) Regards, Ian From Ross.Anderson@cl.cam.ac.uk Thu, 12 Mar 1998 15:01:00 +0000 Date: Thu, 12 Mar 1998 15:01:00 +0000 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Todays 12-Mar Computing Oh, well, not to worry - but could you post me a copy of the issue? I usually read someone else's but haven't seen him around today Ross From nbohm@ernest.net Thu, 12 Mar 1998 15:20:58 +0000 Date: Thu, 12 Mar 1998 15:20:58 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: EU Crypto Free Trade Area At 14:30 12/03/1998, Peter Gutmann wrote: >Nicholas Bohm writes: > >>[Standard COCOM/Wassenaar software note] >> >>This seems to open a fairly wide road, given the amount of public domain >>crypto software to be found nowadays. > >Are you sure the regulations don't include a little footnote somewhere which >creates another exception specifically for encryption software? The pre-1996 >European versions and Candian version don't have this, but most 1996 and >later versions do seem to have it. > >Peter. If so I certainly missed it; and the text I quoted expressly overrode the content of all the categories, so an exception to it could not have been tucked away inside the categories. Can you quote me the text of the note you have in mind from previous versions? That would make a further check rather easier. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From jeremy.hilton@jhconsulting.co.uk Thu, 12 Mar 1998 18:23:48 -0000 Date: Thu, 12 Mar 1998 18:23:48 -0000 From: Jeremy Hilton jeremy.hilton@jhconsulting.co.uk Subject: Conference update - GBI 2000 The updated programme and registration details for the GBI200 conference can now be found at www.icx.org. 1998 Global Business Infrastructure 2000 (GBI 2000) Conference Kurhaus Hotel, Scheveningen, The Hague, March 31st - 2nd April 1998 =================================================================== Key components in creating a secure electronic commerce environment are the captured in the OECD principles of International Cooperation, Choice and Market-driven Cryptographic Methods, Privacy, Lawful Access, Liability & Legal Aspects and Standards & Trust.. The 1998 GBI 2000 conference, organised by International Commerce eXchange (ICX), will review progress on the implementation of the OECD Guidelines and continue the dialogue begun last year. ICX is a non profit making forum for businesses by businesses who take part in electronic commerce over any network and who need confidence in its security. ********************** 1998 GBI 2000 Programme ********************** 1998 GBI 2000 provides six half day briefing sessions and panel discussions. Each session will involve representatives from business users, vendors, governments and international organisations. On the second day of the conference a parallel meeting of the International Cryptography Experiment (ICE) meeting will provide ICE participants with an overview of important technology developments in the provision of international cryptographic solutions capable of meeting global business information security needs. The combination of GBI 2000 and ICE is a unique opportunity to review and contribute to progress on the issues and technologies enabling secure electronic commerce in the next millennium. From octobersdad@reporters.net Thu, 12 Mar 1998 21:50:43 +0000 Date: Thu, 12 Mar 1998 21:50:43 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message , Campaign Against Censorship of the Internet writes >There are a variety of entities fighting these plans. They >run web sites, write papers, talk to journalists and push news items, >talk to IWF members, and sometimes talk to the government...well, >Nigel Hickson. Yes, I know. but there obviously needs to be more. Or is it that obvious. Just as the "country folk" massed together a week or so ago. Just as labour orgs are talking about doing the same, ie returning to old time labour mass actions, those of us opposed to legislation of crypto need to do the same. Strength in numbers etc. >What do you want to do to help out? If you want to help collect >news, format pages, write reports or press releases and so on, I'd >love to have your help. I think at least as important is to get these organisations to coalesce under a single umbrella organisation. I would suggest several of us from various segments - media, civilrights/liberties, business, telecomms, academia etc meet to set the ball rolling. I have to be in London 23-24 and could possibly extend to the 25th of March. I suggest a meet then/there. Also next week on a date to be set so if next week is better, let me know when, I'm flexible. >The difference with "Americans for Computer Privacy" is that they >collected enough money from business for a big professional lobbying >effort. While the lavish scale of American political advertising >isn't possible in the UK, Why not?!?! That's the same damned attitude that's holding this country back in all too many situations. It's why many of our best and brightest are fleeing to the yankee shores. Have you or has anyone to your certain knowledge tried to put together such an effort? > even entry-level professional lobbying >requires fairly significant sums. We have some major companies interested in this issue, not least demon and some security software companies I'm not at liberty to name yet. >IMO it would be extremely difficult >to collect these solely from individuals' subscriptions. I'm not talking about individuals, though I certainly wouldn't discount them. >Of course, >if you have access to the sort of funding that could run a full-time >office then there is a lot more that could be done. Let's ask demon and some of these other companies to put money where there mouths are. And let's start our own initiating committee with for example: Who Networking with Me Media You Civil liberties/rights orgs Nicholas Bohm Legal community Brian Gladman Software developers/programmers Ross Anderson Academia Richar Clayton ISPs and/or software companies All of us Whatever corporate types we know tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From jeremy.hilton@jhconsulting.co.uk Thu, 12 Mar 1998 18:23:48 -0000 Date: Thu, 12 Mar 1998 18:23:48 -0000 From: Jeremy Hilton jeremy.hilton@jhconsulting.co.uk Subject: Conference update - GBI 2000 The updated programme and registration details for the GBI200 conference can now be found at www.icx.org. 1998 Global Business Infrastructure 2000 (GBI 2000) Conference Kurhaus Hotel, Scheveningen, The Hague, March 31st - 2nd April 1998 =================================================================== Key components in creating a secure electronic commerce environment are the captured in the OECD principles of International Cooperation, Choice and Market-driven Cryptographic Methods, Privacy, Lawful Access, Liability & Legal Aspects and Standards & Trust.. The 1998 GBI 2000 conference, organised by International Commerce eXchange (ICX), will review progress on the implementation of the OECD Guidelines and continue the dialogue begun last year. ICX is a non profit making forum for businesses by businesses who take part in electronic commerce over any network and who need confidence in its security. ********************** 1998 GBI 2000 Programme ********************** 1998 GBI 2000 provides six half day briefing sessions and panel discussions. Each session will involve representatives from business users, vendors, governments and international organisations. On the second day of the conference a parallel meeting of the International Cryptography Experiment (ICE) meeting will provide ICE participants with an overview of important technology developments in the provision of international cryptographic solutions capable of meeting global business information security needs. The combination of GBI 2000 and ICE is a unique opportunity to review and contribute to progress on the issues and technologies enabling secure electronic commerce in the next millennium. From nigelhickson@compuserve.com Thu, 12 Mar 1998 16:58:13 -0500 Date: Thu, 12 Mar 1998 16:58:13 -0500 From: Nigel Hickson nigelhickson@compuserve.com Subject: EU Crypto Free Trade Area Nicholas etc = Pretty sure there is no encryption software specific note. If the GSN is= such an open book perhaps we should close it......... Nigel = From phillip.temple@onlinemagic.com Fri, 13 Mar 1998 10:13:25 +0000 Date: Fri, 13 Mar 1998 10:13:25 +0000 From: Phillip Temple phillip.temple@onlinemagic.com Subject: Legislating for the Long Term? At 09:50 PM 3/12/98 +0000, T Bruce Tober wrote: >And let's start our own initiating committee with for example: > >Who Networking with >Me Media >You Civil liberties/rights orgs >Nicholas Bohm Legal community >Brian Gladman Software developers/programmers >Ross Anderson Academia >Richar Clayton ISPs and/or software companies >All of us Whatever corporate types we know Well my talents lie in web design rather than technical knowledge of ttps, so I've been working away to produce an online resources and discussion forum. The site design has been done, graphics, CGI and Javascript completed. I had to do this outside of office hours, and so it is difficult trying to find time to fill in the content. I've had offers from a number of prominent people to write articles for the site, but to start off with it will mainly be a page which gathers together and organises the best of the resources currently available. Domain name has been registered already. This is not a civil liberties site, there are a number of excellent such sites already out there. This is a neutral forum where government, business and private individuals can put forwards their views. It also has a live interactive forum where individual points may be discussed in greater detail. I'm out of the country this week-end, but I will work on it Mon, Tue and Wed evenings. I intend that it should be online and ready to go public by Thursday morning next week. Phillip Temple (speaking in a personal capacity and not on behalf of his employers) PS Can anyone put me in contact with potential sponsors? My employers have very generously paid to register the domain name, and have offered to host the site for free, but sponsorship would give the site: a) more independance b) the ability to pay for articles time to time c) the option to hold 'live' events, eg with noted speakers on the subject From lawya@lucs-01.novell.leeds.ac.uk Fri, 13 Mar 1998 12:04:03 GMT0BST Date: Fri, 13 Mar 1998 12:04:03 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: Legislating for the Long Term? > PS Can anyone put me in contact with potential sponsors? My > employers have very generously paid to register the domain name, and > have offered to host the site for free, but sponsorship would give > the site: a) more independance b) the ability to pay for articles > time to time c) the option to hold 'live' events, eg with noted > speakers on the subject I wish you all the luck with potential sponsors because I have found it so difficult - maybe because my site deals with civil liberties issues and therefore it does not attract any sponsors. I still can't afford a domain name and a proper server costs for example. But your case might slightly be different. I do not think that sponsorship would give more independence. If your site gets sponsored by the DTI it may look like you are involved with the DTI (with all the respect to our friends from the DTI). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From octobersdad@reporters.net Fri, 13 Mar 1998 13:03:45 +0000 Date: Fri, 13 Mar 1998 13:03:45 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message <1ABF45B5BE6@lucs-01.novell.leeds.ac.uk>, Yaman Akdeniz writes > >> PS Can anyone put me in contact with potential sponsors? My >> employers have very generously paid to register the domain name, and >> have offered to host the site for free, but sponsorship would give >> the site: a) more independance b) the ability to pay for articles >> time to time c) the option to hold 'live' events, eg with noted >> speakers on the subject > >I wish you all the luck with potential sponsors because I have found >it so difficult - maybe because my site deals with civil liberties >issues and therefore it does not attract any sponsors. I still can't >afford a domain name and a proper server costs for example. But your >case might slightly be different. Firstly my apologies to anyone I didn't list in my proposed committee. It was late and I was just going off the top of my head. Yaman and Phillip would be excellent candidates also. Secondly, forget the sponsorship. Those sites are exactly what's needed and when/if such a committee is formed I would expect one of more of those sites to be taken on as the committee's site with expenses covered by the committee. All the sites in the world (and there are many exceptionally good ones that deal with these matters, one of which is Yaman's) won't do the amount of good we need done however, because they are basically preaching to the converted. We need to address, educated those people not yet on the net, not yet familiar with (let alone not having heard of) the issues yet even if they've been on the net for a while. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From proff@iq.org Sat, 14 Mar 1998 04:09:24 +1100 (EST) Date: Sat, 14 Mar 1998 04:09:24 +1100 (EST) From: proff@iq.org proff@iq.org Subject: Bureaucratic capture > Irrespective of the truth or otherwise of these allegations, I do believe > that this well illustrates the extreme dangers of allowing powerful forces > in society to operate in extreme secrecy and with very little in the way of > accountability for (or publicly accountable scrutiny of) what they do. > > Brian Gladman > I've had some involvement with setting up of outside (but government appointed) over-seer or review committees (i.e parliamentary sub-committees). Provided the selection process isn't tainted, these committees usually start out quite well, but invariably become captured by the very bureaucrats they were designed to control (west-minster style ministers are of course the sorry instance of an over-seer committee of one). I've had the same experience in courts. The more highly specialised the court is the more it looses it's objectivity. In the case of courts/appeal tribunals/panels of review that have been legislated into existence to judge upon the actions and decisions of a particular government department this is a serious problem. Day in and day out the judges and magistrates of these courts see differing plaintiffs with differing circumstances and views - but the defence (the government department which the court was essentially constructed to review decisions of) remains constant and with the same tilted world view. Tilt all the furniture in a room 20 degrees and pretty soon you too will believe that "up" is actually 70 degrees to the horizontal. It is this consistent exposure to *one consistent voice* of interpretation (even if there are many voices) that inevitably draws committees and specialist courts (and even specialist sections of an otherwise generalist Ombudsman's office) into the one-world-view of the very departments they were designed to police. Frequent rotation of reviewing members sounds like a good idea, but often actually makes the review panel even less effective. New members (and ministers) often rely excessively on existing members, department honchos and technocrats because they are ignorant about the technical environment and bureaucratic structure of the department they are meant to be policing. During this babe-in-the wood phase new members are incredibly vulnerable to what can only be called bureaucratic predation. Readers of this list might like to ponder what aspects bureaucratic predation of novice ministers is involved in the current shifts in the crypto policy of New Labour. Ordinary specialist government review committees as outlined above have a hard enough time of keeping their independence. When you push that model into a world of classified, secret briefings, which can't be discussed with anyone half-way objective, and enrolment into the secret enclave of the boys own spy adventure - a rather exciting and aren't-we-special experience for members of the UK labour party who most UK IC guys wouldn't otherwise touch with a ten-foot pole - in an area with no voter discipline (e.g the Health Department can give you all the secret briefings it desires, if you screw up, the voting public - or by proxy your political party's pre-selection endorsement system will spank you - the same can not be said for intelligence, which the voting public doesn't care about and which the intelligence community ensure's will never care about - even to the extent of hiding the level of public funds being syphoning off to feed them) bureaucratic capture is inevitable and absolute. Cheers, Julian. From lawya@lucs-01.novell.leeds.ac.uk Fri, 13 Mar 1998 18:22:32 GMT0BST Date: Fri, 13 Mar 1998 18:22:32 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: Legislating for the Long Term? Bruce, > Firstly my apologies to anyone I didn't list in my proposed > committee. It was late and I was just going off the top of my head. > Yaman and Phillip would be excellent candidates also. Hello Bruce and no need to apologise. Your idea is an excellent one but it has always been difficult to get organised at the UK level. Lack of organisation results with being unheard. At the end of the day uk.crypto never makes the news or a few of us catches the attention of the media. On the other hand government departments do not have that difficulty, they organise a press meeting and a press statement then you read them in all papers. We need an efficient system, call it a coalition or a new campaign (or the possibility of an advisory board for CR&CL (UK) is not excluded). It may have a specific issue in mind or more than one. For example, I am one of the few dealing with the development of rating systems and it is not enough. I am willing to participate in any decent efficient and serious proposal. If anyone is interested we can discuss this off the list. I would also like to mention that issuing press releases is not enough, it sometimes attracts the media but I always aim to do more than that but my sources and time is limited. > All the sites in the world (and there are many exceptionally good > ones that deal with these matters, one of which is Yaman's) won't do > the amount of good we need done however, because they are basically > preaching to the converted. We need to address, educated those > people not yet on the net, not yet familiar with (let alone not > having heard of) the issues yet even if they've been on the net for > a while. You are absolutely right and the first people to target should be journalists and the media in general and then government officials and law enforcement agencies. Regards. Yaman ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sjmz@hplb.hpl.hp.com Fri, 13 Mar 1998 19:41:19 +0000 Date: Fri, 13 Mar 1998 19:41:19 +0000 From: Stefek Zaba sjmz@hplb.hpl.hp.com Subject: Unpleasant EU Move Further to Ross' and Devid Hendon's digging - I too have dug a little, and found that the scope of this Directive does indeed cover a *very* *great* *deal* more than just conditional-access TV. The body of the draft describes, at Definitions (Amendment 7, p.6) the scope as including "Information Society Services within the meaning of Article 1 2 of Council Directive 83/189/EEC, as amended". [Incidentally, the EU appears to be in the frame for a document numbering problem in about 60? years' time, since it uses 2-digit yearnums for its document-id scheme :-)]. Searching the europa.eu.int website reveals the relevant definition of "Information Society Services" to apparently be: all existing or new types of services that will be provided at a distance, by electronic means and on the individualised request of a service receiver. This definition of "service" would cover, for example, on-line professional services (e.g. solicitors, estate agents, stockbrokers, insurance, health care, travel agents), interactive entertainment (e.g. video on demand, on-line video-games, virtual visits to museums), on-line information (e.g. electronic libraries and newspapers, financial information), virtual shopping malls and distance learning services. Reference: http://europa.eu.int/comm/dg15/en/media/infso/1054.htm - I haven't found the "directive on a transparency mechanism for Information Society services" itself, however. The definition goes on to say that broadcast services are *not* covered under the meaning of "Information Society services" - those are, however, covered by this Directive since p.6 shows the categories to be ORed. It goes on further to say that on-line financial services are covered too, though the specific matter the "transparency mechanism" Directive covers does not apply in the same way to these. Given the breadth of this definition, I don't see Ross's position as misplaced at all. It means that *any* discussion, probing, demonstrations of insecurity, etc., of the security measures for any "information society services" - basically any targetted-to-the-individual on-line transaction - would be outlawed. That's a really good way to ensure the fielded strength of security mechanisms. The experience of decades in fielding systems has shown that open review is profoundly bad for increasing effective system security, and that documentation of failures leads merely to criminal exploitation but does not advance the state of the art. I'm writing to my MEP this weekend - as if I didn't have a *life* to live! I'll make sure he knows the UK DTI is *not* supporting this particular amendment. (David - thanks for your postings to this list on this issue. Is "not supporting" an accurate and as-strong-as-is-consistent-with-reality reflection of DTI opinion, or can the DTI position be reasonably said to be one of active opposition?) Cheers, Stefek From gladman@seven77.demon.co.uk Fri, 13 Mar 1998 19:22:45 -0000 Date: Fri, 13 Mar 1998 19:22:45 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Legislating for the Long Term? Bruce Tober wrote: >I think at least as important is to get these organisations to coalesce >under a single umbrella organisation. I would suggest several of us from >various segments - media, civilrights/liberties, business, telecomms, >academia etc meet to set the ball rolling. > >I have to be in London 23-24 and could possibly extend to the 25th of >March. I suggest a meet then/there. Also next week on a date to be set >so if next week is better, let me know when, I'm flexible. I like the idea you are putting forward but I have a problem with a London meeting on 25th March. I could probably make the other dates however. I long for the day when someone suggests that we have a meeting somewhere other than in London - like in Birmingham even :-) > >And let's start our own initiating committee with for example: > >Who Networking with >Me Media >You Civil liberties/rights orgs >Nicholas Bohm Legal community >Brian Gladman Software developers/programmers >Ross Anderson Academia >Richar Clayton ISPs and/or software companies >All of us Whatever corporate types we know I take it the roles you set out in this list are pretty open - my main connections are with technical management people in crypto and software companies in the US and the UK. Although I do a lot of programming, I now do this strictly as a hobby. I used to make money from this but it became too boring - crypto politics is much more fun, although less profitable :-) I am sure there are others on the list who would make a valuable contribution. I will email you on this separately. Brian Gladman From gladman@seven77.demon.co.uk Fri, 13 Mar 1998 20:00:19 -0000 Date: Fri, 13 Mar 1998 20:00:19 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Bureaucratic capture Julian wrote: >I've had some involvement with setting up of outside (but government >appointed) over-seer or review committees (i.e parliamentary >sub-committees). Provided the selection process isn't tainted, >these committees usually start out quite well, but invariably become >captured by the very bureaucrats they were designed to control >(west-minster style ministers are of course the sorry instance of >an over-seer committee of one). Yes I can imagine that this is a problem but they still seem better than nothing. I am convinced that secrecy, although necessary in some government activities, can be, and often is, used for the wrong purposes. >Frequent rotation of reviewing members sounds like a good idea, >but often actually makes the review panel even less effective. New >members (and ministers) often rely excessively on existing members, >department honchos and technocrats because they are ignorant about >the technical environment and bureaucratic structure of the department >they are meant to be policing. During this babe-in-the wood >phase new members are incredibly vulnerable to what can only be called >bureaucratic predation. Readers of this list might like to ponder >what aspects bureaucratic predation of novice ministers is involved in >the current shifts in the crypto policy of New Labour. I think that a tunover of members is a good thing, though, despite such difficulties >Ordinary specialist government review committees as outlined above >have a hard enough time of keeping their independence. When you >push that model into a world of classified, secret briefings, which >can't be discussed with anyone half-way objective, and enrolment >into the secret enclave of the boys own spy adventure - a rather >exciting and aren't-we-special experience for members of the UK >labour party who most UK IC guys wouldn't otherwise touch with a >ten-foot pole - in an area with no voter discipline (e.g the Health >Department can give you all the secret briefings it desires, if >you screw up, the voting public - or by proxy your political party's >pre-selection endorsement system will spank you - the same can not >be said for intelligence, which the voting public doesn't care >about and which the intelligence community ensure's will never care >about - even to the extent of hiding the level of public funds >being syphoning off to feed them) bureaucratic capture is inevitable >and absolute. I am not so sure of this. I liked what the NRC did for cryptography in the US and I don't think anyone could seriously accuse them of being totally captured by the groups they reviewed. We have enough academics (and others) in the UK who I would be happy to trust for purposes of independent scrutiny. In particular, I simply do not accept the 'if you knew what we knew you would agree with us' argument unless it is subject to real independent scrutiny - I have seen this from the other side! Such scrutiny processes may be imperfect but less so than doing nothing. I guess that you are not suggesting doing nothing though? regards, Brian From octobersdad@reporters.net Sat, 14 Mar 1998 00:21:04 +0000 Date: Sat, 14 Mar 1998 00:21:04 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message <009001bd4eb6$899500e0$966adec2@FortyTwo>, Brian Gladman writes >I like the idea you are putting forward but I have a problem with a London >meeting on 25th March. I could probably make the other dates however. How does early next week, Monday, Tues or Wed look to you (and to all others reading this message and who are interested)? I need to know by Saturday afternoon if at all possible. >I long for the day when someone suggests that we have a meeting somewhere >other than in London - like in Birmingham even :-) Excellent idea. I was going to propose the same thing but since I have to be in London anyway... But the next meeting should be here and the one after that perhaps further North. >I take it the roles you set out in this list are pretty open - my main Yep, just taken off the top of my head very quickly. >do this strictly as a hobby. I used to make money from this but it became >too boring - crypto politics is much more fun, although less profitable :-) Right. "-} >I am sure there are others on the list who would make a valuable >contribution. I will email you on this separately. Agreed. Thanks. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From octobersdad@reporters.net Sat, 14 Mar 1998 00:16:34 +0000 Date: Sat, 14 Mar 1998 00:16:34 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? >> Firstly my apologies to anyone I didn't list in my proposed >> committee. It was late and I was just going off the top of my head. >> Yaman and Phillip would be excellent candidates also. > >Hello Bruce and no need to apologise. Your idea is an excellent one Thank you. >but it has always been difficult to get organised at the UK level. In Yes, so I'm seeing. >Lack of organisation results with being unheard. At the end of the >day uk.crypto never makes the news or a few of us catches the >attention of the media. On the other hand government departments do >not have that difficulty, they organise a press meeting and a press >statement then you read them in all papers. Yes, I can understand that. But I really believe we can make this one happen based on the conversations I've had with industry people. I may be over optimisitc but only time will tell. >I would also like to mention that issuing press releases is not >enough, Absolutely. >it sometimes attracts the media And as you surely know, that's not nearly enough. >> people not yet on the net, not yet familiar with (let alone not >> having heard of) the issues yet even if they've been on the net for >> a while. > >You are absolutely right and the first people to target should be >journalists and the media in general and then government officials >and law enforcement agencies. I agree. I think we need to keep our work aimed toward those sectors and the general public. I believe we can virtually ignore the online sector, that would be much too much a case of preaching to the converted. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From nbohm@ernest.net Sat, 14 Mar 1998 08:00:30 +0000 Date: Sat, 14 Mar 1998 08:00:30 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Legislating for the Long Term? At 00:21 14/03/1998 +0000, T Bruce Tober wrote: >How does early next week, Monday, Tues or Wed look to you (and to all >others reading this message and who are interested)? I need to know by >Saturday afternoon if at all possible. I can do Monday, Tuesday (not between 12 and 3) and Wednesday of next week; and also 24th March if that's still in the frame. >>I long for the day when someone suggests that we have a meeting somewhere >>other than in London - like in Birmingham even :-) > >Excellent idea. I was going to propose the same thing but since I have >to be in London anyway... But the next meeting should be here and the >one after that perhaps further North. Or West, for a wider rang of participants? Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From Ross.Anderson@cl.cam.ac.uk Sat, 14 Mar 1998 13:29:46 +0000 Date: Sat, 14 Mar 1998 13:29:46 +0000 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Legislating for the Long Term? I think it is important that we have an organisation at the European level. That, as for as companies like Shell and Micorsoft are concerned, is the minimum level of granularity for sensible crypto policymaking. It is also, as we've seen, both a place from which highly unpleasant things may come and take us unawares, and a place which may also use its power to curb the more extreme idiocies of national governments. Ideally we'd have a permanent office in Brussels with a paid staff who'd keep abreast of everything and coordinate lobbying as and when needed from national organisations. Without this, we're much less effective than we could be. We know people in Germany who're concerned with these issues, and one or two individuals in places like Italy and Belgium. However I don't personally know anyone in France or Spain or Greece who could be mobilised, and this is a bad thing. Another benefit of a European office would be that companies such as Microsoft and Sun could give financial support without this being seen as `US companies trying to push us around' as it would be in Whitehall if they helped to fund a UK organisation. Even without corporate sponsors, a European wide organisation might raise enough in subscription income and conference profits to pay the salary of a full time lobbyist. I doubt we could do that in britain alone. Ross From lists@notatla.demon.co.uk Sat, 14 Mar 1998 14:04:44 GMT Date: Sat, 14 Mar 1998 14:04:44 GMT From: list account lists@notatla.demon.co.uk Subject: Legislating for the Long Term? Ross auditions as a 'Computing' typesetter as follows: European Brussels Germany Italy and Belgium France or Spain or Greece European European britain Yaman Akdeniz >You are absolutely right and the first people to target should be >journalists and the media in general and then government officials >and law enforcement agencies. Including Louise Kehoe who wrote a moderately good piece in the Financial Times this week (Thur ?). I'm planning to explain to her why privacy and true law enforcement goals are not in conflict. From octobersdad@reporters.net Sat, 14 Mar 1998 15:13:32 +0000 Date: Sat, 14 Mar 1998 15:13:32 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message , Ross Anderson writes >I think it is important that we have an organisation at the European >level. That, as for as companies like Shell and Micorsoft are >concerned, is the minimum level of granularity for sensible crypto >policymaking. Yep, agreed. One problem, a major one by most accounts with several such allegedly Euro organisations I'm familiar with, is that they're based in the UK and other Euros don't relish that idea. >It is also, as we've seen, both a place from which highly unpleasant >things may come and take us unawares, and a place which may also use >its power to curb the more extreme idiocies of national governments. These are additional and, very likely, even more important reasons. >Ideally we'd have a permanent office in Brussels with a paid staff >who'd keep abreast of everything and coordinate lobbying as and when >needed from national organisations. Yep. >Without this, we're much less effective than we could be. We know >people in Germany who're concerned with these issues, and one or >two individuals in places like Italy and Belgium. However I don't >personally know anyone in France or Spain or Greece who could be >mobilised, and this is a bad thing. I know one in France and IIRC one in Spain. >Even without corporate sponsors, Jumping the gun, I don't see how we could really accomplish anything serious without them. >a European wide organisation might >raise enough in subscription income and conference profits to pay >the salary of a full time lobbyist. Yes, possibly so, but I'm not sure how effective he would be without the more powerful orgainisation you described above. >I doubt we could do that in >britain alone. Yep. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From octobersdad@reporters.net Sat, 14 Mar 1998 15:15:32 +0000 Date: Sat, 14 Mar 1998 15:15:32 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message <199803141404.OAA00707@notatla.demon.co.uk>, list account writes > >Including Louise Kehoe who wrote a moderately good >piece in the Financial Times this week (Thur ?). I'm planning >to explain to her why privacy and true law enforcement goals are not >in conflict. Good idea. Now, who the heck are you Mr List? tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From octobersdad@reporters.net Sat, 14 Mar 1998 19:25:00 +0000 Date: Sat, 14 Mar 1998 19:25:00 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message , Richard Clayton writes >A year ago I thought that addressing the issues was a good idea... but >I'm coming around to a view that I would welcome a DTI announcement that >they were going to forget about legislation, but that neverthess they >thought encryption was a "jolly good thing". ie doing almost nothing >might be best. > >If I'm wrong then please explain, and I'll change my mind again :) > Richard, I'd like to invite you to participate also in the formation of this committee. If you're interested and can make a meeting in London on 16, 17 or 18 March, please let me know asap by email or phone (0121-242-3832). Wednesday 18th looks most likely thus far, next most likely is Monday morning (~10:30 start). tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From aba@dcs.ex.ac.uk Sat, 14 Mar 1998 19:49:58 GMT Date: Sat, 14 Mar 1998 19:49:58 GMT From: Adam Back aba@dcs.ex.ac.uk Subject: Legislating for the Long Term? Bruce Tober writes: > writes: > >Including Louise Kehoe who wrote a moderately good > >piece in the Financial Times this week (Thur ?). I'm planning > >to explain to her why privacy and true law enforcement goals are not > >in conflict. > > Good idea. Now, who the heck are you Mr List? He's not a TLA :-) (notatla.demon.co.uk) Also known as Antonomasia. I presume "Mr List" is to ease filtering mailing lists out from regular mail. October's Dad meet Antonomasia. Antonomasia meet October's Dad. Antonomasia hangs out on a few of the crypto lists. Adam From octobersdad@reporters.net Sat, 14 Mar 1998 19:37:58 +0000 Date: Sat, 14 Mar 1998 19:37:58 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message , T Bruce Tober writes >In message , Richard Clayton > writes >Richard, I'd like to invite you to participate also in the formation of >this committee. If you're interested and can make a meeting in London on Damn! I hate when this happens. Sorry, this was supposed to go private. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From octobersdad@reporters.net Sat, 14 Mar 1998 23:50:08 +0000 Date: Sat, 14 Mar 1998 23:50:08 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message <199803141949.TAA00609@server.eternity.org>, Adam Back writes > > >He's not a TLA :-) (notatla.demon.co.uk) Also known as Antonomasia. I >presume "Mr List" is to ease filtering mailing lists out from regular >mail. Not a bad idea at that. >October's Dad meet Antonomasia. Antonomasia meet October's Dad. Ta very much. > >Antonomasia hangs out on a few of the crypto lists. Right, so I saw visiting his web site per his/her(?) invite. cheers, tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From lists@notatla.demon.co.uk Sun, 15 Mar 1998 00:21:30 GMT Date: Sun, 15 Mar 1998 00:21:30 GMT From: list account lists@notatla.demon.co.uk Subject: Kehoe Letter My letter to Louise Kehoe as planned: Louise Kehoe , I read your recent article on encryption and law enforcement. It was a relatively good article, and I was pleased to see a serious newspaper covering the subject. Unfortunately I got the impression you were slightly too swayed by the arguments of one particular community. The truth is that privacy and law enforcement goals are not in conflict. Just as locks and law enforcement goals are not. The arguments from some government quarters that cryptography must be restricted to that which allows government accesss are based on these fallacies: 1) Widespread crypto will make lawful data access impossible. In fact data access is not always prevented by cryptography. Ross Anderson's paper "Why Cryptosystems Fail" (a recommended read) (http://www.cl.cam.ac.uk/users/rja14) shows that there is plenty of scope for traditional police data access by bypassing any cryptography completely. This could mean concealed microphones recording plaintext voices even if an encrypting phone is used. Likewise recording devices hidden in keyboards to capture passwords. And as for material on seized disk drives, there are various possibilites for reading encrypted or deleted data besides simply insisting in court that a suspect provide the plaintext. Also some of the most helpful clues the police might look for come from "traffic analysis" - noticing who communicates with whom and when - regardless of message content. And crime involving the real world can be seen in the real world - after all the plotting, if I commit a crime I can be caught at the scene or from the resulting investigation. 2) Law enforcement access will be only according to court approval. If the true intention was to support approved access then arranging it as in (1) above would suffice. Clearly there is concern that fishing expeditions (skimming a large amount of non-suspect traffic) will be impracticable. And so they should outside of a police state. 3) We have a budget to angle for, so prevention is worse than cure. Cryptography is a defensive technology like locks. It could have prevented billions of pounds in mobile phone fraud if employed in a kerberos-like manner to prevent cloning. It can be an important part of computer defences against intruders and in itself has no capacity to harm at all. 4) Criminals will use it in the manner intended. For a LEAK (law enforcement access to keys) scheme to be of any use the criminals must use it and commit their plans to it. Even if the scheme is made mandatory this sounds unlikely to many people. Even if they do use the scheme there are ways to defeat the LEAK such as superencryption (encrypting with an unauthorised scheme first). Some forms of superencryption can be disguised as legitiate traffic so that even when intercepted the message is not incriminating. The FBI and others have decided to debate the subject on ground that they have no right to. I'm fed up of people pretending that any opposition to a police state amounts to support for terrorists, child molesters, drug dealers and money launderers. The only industry support for restrictions comes from companies that hope to sell governments the "solutions" they are considering, or from companies bullied by new rules into starting certain projects. You might want to visit my website. Please let me know if I can be of further help. I enclose details of a mailing list you might wish to join. To join send "subscribe ukcrypto" in the body of an email to Majordomo@maillist.ox.ac.uk [list details snipped] -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ############################################################## From Streaky_Bacon@classic.msn.com Sun, 15 Mar 98 08:43:48 UT Date: Sun, 15 Mar 98 08:43:48 UT From: Michael Bacon Streaky_Bacon@classic.msn.com Subject: HOC Library on US Sigint in Europe This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... Brian Gladman wrote: > > The part of this that should get the media interested is the possibility > that an 'agreement' exists between NSA and GCHQ to avoid the legal > constraints within their own jurisdictions by each getting the other to do > their dirty work for them. It is interesting to speculate how such an > agreement could be concluded and in whose name(s) it would be made. In > practice I think that this would have to operate through ambiguities and > loopholes in a legal framework for co-operation. > ... > Brian Gladman This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky From Streaky_Bacon@classic.msn.com Sun, 15 Mar 98 10:48:51 UT Date: Sun, 15 Mar 98 10:48:51 UT From: Michael Bacon Streaky_Bacon@classic.msn.com Subject: HOC Library on US Sigint in Europe This message resent as previous attempt seemed to fail when 'UT' not recognised as a time zone !!! ============================================================================== == This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... Brian Gladman wrote: > > The part of this that should get the media interested is the possibility > that an 'agreement' exists between NSA and GCHQ to avoid the legal > constraints within their own jurisdictions by each getting the other to do > their dirty work for them. It is interesting to speculate how such an > agreement could be concluded and in whose name(s) it would be made. In > practice I think that this would have to operate through ambiguities and > loopholes in a legal framework for co-operation. > ... > Brian Gladman This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky http://www.geocities.com/CapeCanaveral/1948/ - Streaky's Side of Bacon http://www.geocities.com/Heartland/Plains/4264/ - Mac 'n Taffy DSS/DH Key ID = 0x4203D2B4 Fingerprint = 047C C698 67C8 25B6 070F 480B BC9A 04A1 4203 D2B4 From Streaky_Bacon@classic.msn.com Sun, 15 Mar 98 13:37:53 UT Date: Sun, 15 Mar 98 13:37:53 UT From: Michael Bacon Streaky_Bacon@classic.msn.com Subject: HOC Library on US Sigint in Europe This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... Brian Gladman wrote: > > The part of this that should get the media interested is the possibility > that an 'agreement' exists between NSA and GCHQ to avoid the legal > constraints within their own jurisdictions by each getting the other to do > their dirty work for them. It is interesting to speculate how such an > agreement could be concluded and in whose name(s) it would be made. In > practice I think that this would have to operate through ambiguities and > loopholes in a legal framework for co-operation. > ... > Brian Gladman This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky http://www.geocities.com/CapeCanaveral/1948/ - Streaky's Side of Bacon http://www.geocities.com/Heartland/Plains/4264/ - Mac 'n Taffy DSS/DH Key ID = 0x4203D2B4 Fingerprint = 047C C698 67C8 25B6 070F 480B BC9A 04A1 4203 D2B4 From Streaky_Bacon@classic.msn.com Sun, 15 Mar 98 15:03:47 UT Date: Sun, 15 Mar 98 15:03:47 UT From: Michael Bacon Streaky_Bacon@classic.msn.com Subject: HOC Library on US Sigint in Europe Brian - for some unknown reason the copy to ukcrypto keeps getting 'bounced' with "unknown timezone 'UT' !!! Grateful you forward to list. Many thanks, Michael Bacon ============================================================================== == This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... Michael Bacon Brian Gladman wrote: > > The part of this that should get the media interested is the possibility > that an 'agreement' exists between NSA and GCHQ to avoid the legal > constraints within their own jurisdictions by each getting the other to do > their dirty work for them. It is interesting to speculate how such an > agreement could be concluded and in whose name(s) it would be made. In > practice I think that this would have to operate through ambiguities and > loopholes in a legal framework for co-operation. > ... > Brian Gladman This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky http://www.geocities.com/CapeCanaveral/1948/ - Streaky's Side of Bacon http://www.geocities.com/Heartland/Plains/4264/ - Mac 'n Taffy DSS/DH Key ID = 0x4203D2B4 Fingerprint = 047C C698 67C8 25B6 070F 480B BC9A 04A1 4203 D2B4 From Streaky_Bacon@classic.msn.com Sun, 15 Mar 98 08:43:48 UT Date: Sun, 15 Mar 98 08:43:48 UT From: Michael Bacon Streaky_Bacon@classic.msn.com Subject: HOC Library on US Sigint in Europe This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... Brian Gladman wrote: > > The part of this that should get the media interested is the possibility > that an 'agreement' exists between NSA and GCHQ to avoid the legal > constraints within their own jurisdictions by each getting the other to do > their dirty work for them. It is interesting to speculate how such an > agreement could be concluded and in whose name(s) it would be made. In > practice I think that this would have to operate through ambiguities and > loopholes in a legal framework for co-operation. > ... > Brian Gladman This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky From Streaky_Bacon@classic.msn.com Sun, 15 Mar 98 10:48:51 UT Date: Sun, 15 Mar 98 10:48:51 UT From: Michael Bacon Streaky_Bacon@classic.msn.com Subject: HOC Library on US Sigint in Europe This message resent as previous attempt seemed to fail when 'UT' not recognised as a time zone !!! ============================================================================== == This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... Brian Gladman wrote: > > The part of this that should get the media interested is the possibility > that an 'agreement' exists between NSA and GCHQ to avoid the legal > constraints within their own jurisdictions by each getting the other to do > their dirty work for them. It is interesting to speculate how such an > agreement could be concluded and in whose name(s) it would be made. In > practice I think that this would have to operate through ambiguities and > loopholes in a legal framework for co-operation. > ... > Brian Gladman This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky http://www.geocities.com/CapeCanaveral/1948/ - Streaky's Side of Bacon http://www.geocities.com/Heartland/Plains/4264/ - Mac 'n Taffy DSS/DH Key ID = 0x4203D2B4 Fingerprint = 047C C698 67C8 25B6 070F 480B BC9A 04A1 4203 D2B4 From Streaky_Bacon@classic.msn.com Sun, 15 Mar 98 13:37:53 UT Date: Sun, 15 Mar 98 13:37:53 UT From: Michael Bacon Streaky_Bacon@classic.msn.com Subject: HOC Library on US Sigint in Europe This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... Brian Gladman wrote: > > The part of this that should get the media interested is the possibility > that an 'agreement' exists between NSA and GCHQ to avoid the legal > constraints within their own jurisdictions by each getting the other to do > their dirty work for them. It is interesting to speculate how such an > agreement could be concluded and in whose name(s) it would be made. In > practice I think that this would have to operate through ambiguities and > loopholes in a legal framework for co-operation. > ... > Brian Gladman This is no surprise. In 1990 an article I wrote for Telecommunications International had an entire section dealing with the BRUSA and UKUSA pacts (for the exchange of SigInt) withdrawn by the US editors. I successfully reinserted the material into my paper to CompSec91 but it was subsequently remarked to me by a UK government employee that "the material was in the public domain - *if you knew where to look* (my emphasis)". It would appear that if NSA employees in Cheltenham and GCHQ employees in Ft George G Mead intercept communications without warrant - that is spying. Of course, if no action is taken against them "for reasons of national security" ... == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky == ____ If life is just a bowl of cherries, ~(____)> Why do I always get the stones? " " Streaky http://www.geocities.com/CapeCanaveral/1948/ - Streaky's Side of Bacon http://www.geocities.com/Heartland/Plains/4264/ - Mac 'n Taffy DSS/DH Key ID = 0x4203D2B4 Fingerprint = 047C C698 67C8 25B6 070F 480B BC9A 04A1 4203 D2B4 From hcorn@cix.co.uk Mon, 16 Mar 1998 8:17 +0000 (GMT) Date: Mon, 16 Mar 1998 8:17 +0000 (GMT) From: Peter Sommer hcorn@cix.co.uk Subject: HOC Library on US Sigint in Europe As far as I know the first written public hint about UKUSA agreement came in a 1972 article in Ramparts magazine from a then-anonymous Winslow Peck. It explained the role of various NSA eavesdropping stations (in those days, HF rather than satellite). In the UK the Guardian mentioned the article and, if memory serves, pinpointed Chicksands in Bedforsdhire as one location. Duncan will correct me, but this article helped him in his researches at the time. Jmaes Bamford's "Puzzle Palace" (1982), that great souce book on the NSA, has several pages on the scope of UKSUA while Jeffrey Richelson and Desmond Ball's 1985 book, "The Ties that Bind" was specifically about the UKUSA. Duncan has already provided his own bibliography. Why is it, I wonder, always more exciting to hear about rumoured "revelations" than to take a trip to the library or punch a few words into the right databases? |----> Peter Sommer ------------------------------------------->| |----> hcorn@cix.co.uk P.M.Sommer@lse.ac.uk ------------------>| |----> Academic URL: http://csrc.lse.ac.uk/csrc/pmscv.htm ----->| |----> Commercial URL: http://www.virtualcity.co.uk ----------->| From phillip.temple@onlinemagic.com Mon, 16 Mar 1998 12:01:50 +0000 Date: Mon, 16 Mar 1998 12:01:50 +0000 From: Phillip Temple phillip.temple@onlinemagic.com Subject: Legislating for the Long Term? At 06:22 PM 3/13/98 GMT0BST, Yaman Akdeniz wrote: > >You are absolutely right and the first people to target should be >journalists and the media in general and then government officials and >law enforcement agencies. I have been tracking the media as closely as possible. Jane Black did a very good item on the BBC web site. For printed media, Louise Kehoe did an excellent item on Wednesday March 11th in "Inside Track", FT. She describes key escrow ala USA. The title is "The Encryption Conundrum". If anyone knows a web URL for it, then please post it! I'm sure she would be very amenable to doing a UK item, and the result is likely to be a very intelligent well balanced piece. For a laymans guide, Michael Drewett did an item on Barclays Internet payment system (27th Feb, You and Your Money, Times). He may well show an interest. Someone would have to take the time to explain all the issues in plain English, however. For the Sunday Times, David Hewson is always ready and willing to print anything controversial. I have journalist friends in a couple of computer magazines, but there we are preaching to the converted again. I recommend avoiding the tabloids altogether. Any of this useful? Phillip. From phillip.temple@onlinemagic.com Mon, 16 Mar 1998 12:04:54 +0000 Date: Mon, 16 Mar 1998 12:04:54 +0000 From: Phillip Temple phillip.temple@onlinemagic.com Subject: Legislating for the Long Term? At 08:00 AM 3/14/98 +0000, Nicholas Bohm wrote: > >I can do Monday, Tuesday (not between 12 and 3) and Wednesday of next week; >and also 24th March if that's still in the frame. Yes, 24th March is fine with me. Do you have a venue in London? Phillip. From alan@kable.co.uk Mon, 16 Mar 1998 17:17:53 GMT Date: Mon, 16 Mar 1998 17:17:53 GMT From: Alan Burkitt-Gray alan@kable.co.uk Subject: Legislating for the Long Term? At 12:01 16/03/1998 +0000, you wrote: , Louise >Kehoe did an excellent item on Wednesday March 11th in "Inside Track", >FT. She describes key escrow ala USA. The title is "The Encryption >Conundrum". If anyone knows a web URL for it, then please post it! >I'm sure she would be very amenable to doing a UK item, >and the result is likely to be a very intelligent well balanced piece. Doubt it. Louise is an FT correspondent on the West Coast. She started out on Electronics Weekly a long time ago and hasn't lived in the UK for about 20 years, so is unlikely to be in touch with key people here. >I have journalist friends in a couple of computer magazines, but there >we are preaching to the converted again. I recommend avoiding the tabloids >altogether. Any of this useful? > >Phillip. > > Yes, but whom do YOU want to convert? If you need to gain influence with computer-literate decision makers in Westminster/Whitehall and Strasbourg/Brussels it is probably sensible to kick off with some lobbying of the mainstream computer press (ie, Computer Weekly, Computing) plus the computer supplements of the nationals. The general press don't speak the lingo. Or start with the intelligent magazine sector - Economist, maybe Spectator, certainly New Scientist - but with some heavy pushing to build up the snowball once it's rolling. Journalists are mainly influenced by other journalists: the nationals will pick up stuff from the Economist or New Scientist, TV and radio will pick up stuff from the nationals (but rarely run with new stuff themselves). The glossy monthly personal computer magazines are a waste of time: they're already working on their June issues. By the time the issues are out, the politicos will be in Tuscany till the autumn conferences. Sort of OK for a long-term campaign, but they are also too close to it and wouldn't be regarded as politically heavyweight. Alternatively you can dig around for some sympathetic MPs (MPs rather than MEPs) and get them to ask Parliamentary Questions and generally stir things up a bit. That will also get the press alerted if they think it's a tasty issue. - ALAN BURKITT-GRAY, Editor Government Computing The independent magazine about information age public service, for the people who are going to make it happen Next issue: April 1998, despatched Wednesday 25 March Published by Kable Ltd, The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel 0171 608 0900; fax 0171 608 0916 website http://www.kable.co.uk e-mail alan@kable.co.uk From phillip.temple@onlinemagic.com Mon, 16 Mar 1998 19:17:25 +0000 Date: Mon, 16 Mar 1998 19:17:25 +0000 From: Phillip Temple phillip.temple@onlinemagic.com Subject: Legislating for the Long Term? At 05:17 PM 3/16/98 GMT, Alan Burkitt-Gray wrote: > >Doubt it. Louise is an FT correspondent on the West Coast. She started out >on Electronics Weekly a long time ago and hasn't lived in the UK for about >20 years, so is unlikely to be in touch with key people here. Ah. I have the newspaper article in front of me, but it didn't tell me that. >Yes, but whom do YOU want to convert? If you need to gain influence with >computer-literate decision makers in Westminster/Whitehall and >Strasbourg/Brussels it is probably sensible to kick off with some lobbying >of the mainstream computer press (ie, Computer Weekly, Computing) plus the >computer supplements of the nationals. The general press don't speak the >lingo. We have computer-literate decision makers in Westminister/Whitehall on this list! What I was envisaging was a high-profile site where: * government, business, academics and private individuals can focus on areas of the proposals and debate them in detail * business and the general public can drop in and view the issues for themselves, and view the democratic process in action * the resources are there should the latter decide to get involved in the democratic process and join the former group [snip good ideas] From alan@kable.co.uk Tue, 17 Mar 1998 11:53:30 GMT Date: Tue, 17 Mar 1998 11:53:30 GMT From: Alan Burkitt-Gray alan@kable.co.uk Subject: Legislating for the Long Term? At 19:17 16/03/1998 +0000, you wrote: >We have computer-literate decision makers in Westminister/Whitehall >on this list! What I was envisaging was a high-profile site where: > >* government, business, academics and private individuals can focus on > areas of the proposals and debate them in detail > >* business and the general public can drop in and view the issues for > themselves, and view the democratic process in action > >* the resources are there should the latter decide to get involved in > the democratic process and join the former group > >[snip good ideas] > Sorry, the words "high-profile" and "site" don't sit easily together in my mind if your primary purpose is to run a campaign and get action taken. I'm not sure where "the democratic process in action" actually takes place, but we've not yet moved to the point at which it operates through the Internet. If "the latter" (ie the general public) decide to get involved it's unlikely to be by joining a bunch of people who produce a website: net users are too likely to sound like a self-interested group. You need to take it into the wider arena - attract the support of those who don't use the net and electronic communications but can see (maybe) their future importance. But that means using media that they're familiar with and decision makers, who will be influenced by the public, are familiar with. That means conferences, reports, press releases; it means face-to-face meetings with ministers and backbenchers, civil servants, journalists, professional lobbyists, PR companies, technology suppliers, commercial users, academics. Sorry, not a website - of whatever profile - if you really want to do something. Do you see our opponents working through a website? Alan B-G - ALAN BURKITT-GRAY, Editor Government Computing The independent magazine about information age public service, for the people who are going to make it happen Next issue: April 1998, despatched Wednesday 25 March Published by Kable Ltd, The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel 0171 608 0900; fax 0171 608 0916 website http://www.kable.co.uk e-mail alan@kable.co.uk From Caspar.Bowden@qualia.co.uk Tue, 17 Mar 1998 11:18:19 -0000 Date: Tue, 17 Mar 1998 11:18:19 -0000 From: Caspar Bowden Caspar.Bowden@qualia.co.uk Subject: House of Commons - 18th March, Private Member's debate on HMG's strategy for the Internet have just been alerted to the following, any info appreciated: http://www.parliament.the-stationery-office.co.uk/pa/cm/cmwib/bus.htm#forth WEDNESDAY 18 MARCH The House will sit at 9.30am Private Members' Debates - 9.35 - 11.00am Derek Wyatt on HMG's strategy for the Internet -- Caspar Bowden - Director, Qualia Internet Consultants 41 Great Percy Street, London WC1X 9RA Tel: +44(0)171 837 8706, Fax: +44(0)171 827 6534 From octobersdad@reporters.net Tue, 17 Mar 1998 11:39:04 +0000 Date: Tue, 17 Mar 1998 11:39:04 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Legislating for the Long Term? In message <199803171153.LAA07417@mailhost.kable.co.uk>, Alan Burkitt- Gray writes >If "the latter" (ie the general public) decide to get involved it's unlikely >to be by joining a bunch of people who produce a website: net users are too >likely to sound like a self-interested group. Agreed, it's basically what I said over the weekend. >You need to take it into the wider arena - attract the support of those who >don't use the net and electronic communications but can see (maybe) their >future importance. And/Or those who don't use it but realise its importance in their lives because their doctors, lawyers, accountants use it to transmit information about them for whatever legit reasons. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From nbohm@ernest.net Tue, 17 Mar 1998 15:35:50 +0000 Date: Tue, 17 Mar 1998 15:35:50 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: DTI >From a recent Press Release: The DTI has announced that David Hendon will become the new Chief Executive of the Radiocommunications Agency from May 4, 1998. He will replace Jim Norton. whose appointment ends on May 3, 1998. The Radiocommunications Agency is an Executive Agency of the DTI and has responsibility for negotiating international and national spectrum allocation, and the management, licensing and enforcement of access to radio based products including cellular phones and broadcasting. Congratulations to David Hendon: can anyone say who will succeed to his encryption responsibilities at the DTI? Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From phillip.temple@onlinemagic.com Tue, 17 Mar 1998 16:27:34 +0000 Date: Tue, 17 Mar 1998 16:27:34 +0000 From: Phillip Temple phillip.temple@onlinemagic.com Subject: Legislating for the Long Term? At 11:53 AM 3/17/98 GMT, you wrote: > >Sorry, the words "high-profile" and "site" don't sit easily together in my >mind if your primary purpose is to run a campaign and get action taken. My intention was not to run a campaign. It was to get together all those with vested interest (which I think consists mainly atm of government, business, academics and those concerned with civil liberty) where they can debate towards a satisfactory solution for everyone. >I'm >not sure where "the democratic process in action" actually takes place, but >we've not yet moved to the point at which it operates through the Internet. Well life moves on. About time we took advantage of the "new media". >If "the latter" (ie the general public) decide to get involved it's unlikely >to be by joining a bunch of people who produce a website: net users are too >likely to sound like a self-interested group. This wasn't the aim of my website. It was for those with a geniune interest in discussing the issue. If we want an area where every Tom, Dick and Harry can spout crap then we can set up a UseNet group ;-) There exists here a pool of valuable talent which can have a genuine and positive influence on the direction of the country. If a member of the general public reads all the material available and comes up with a good idea, then they are welcome to propose it. >You need to take it into the wider arena - attract the support of those who >don't use the net and electronic communications but can see (maybe) their >future importance. But that means using media that they're familiar with and >decision makers, who will be influenced by the public, are familiar with. If they don't use the net then maybe they don't need to be involved in the decision-making process? Like-wise, if the decision makers are not capable of utilising the medium they are proposing to regulate then perhaps they should not have that position of power in the first place? >That means conferences, reports, press releases; it means face-to-face >meetings with ministers and backbenchers, civil servants, journalists, >professional lobbyists, PR companies, technology suppliers, commercial >users, academics. Sorry, not a website - of whatever profile - if you really >want to do something. Do you see our opponents working through a website? Opponents? I'm not convinced that the situation has deteriorated to an us-or-them scenario. Are all the channels really blocked? David Hendon and Nigel Hickson of the DTI have both been very positive in their postings to ukcrypto. Maybe if we manage to gather enough 'evidence' together, with backing from a number of key players in business and academia along with visible public support, then the DTI could take this back to the parties pushing for key escrow and they may have an excuse to drop the idea? Am I being incredibly naive? The spying on terrorists idea can be dismissed easily enough. It's easy to pass data undetected over the Internet. The best time to get the data is while it's sitting on the hard drive. The area that suffers the most is business. Around 80% of Internet users are most worried about fraud in the Internet. Followed by ~70% personal privacy then 25% pornography (src Lycos). This perception is really holding back ecommerce. Working for the top web design company in the country, I know this professionally (through clients and their customers) and personally (through talking to many people). Introducing a scheme which could be considered as forcing a deliberate security flaw will only aggravate the situation. Of course there are other ecommerce issues, such as who bears the costs etc. The other major issue will be the personal privacy. With standard email, it is a joke. At work, any sys admin can read my email. Then the ISP which we connect to. Then those that run the backbone. Then the ISP the other end. Then the sys admin of the recipient. IMHO, the argument of only needing weak encryption for personal email is no longer valid. The idea is that it deters most people but the security services can crack it if they need to. One only has to refer to the article in the Times a few weeks ago. Who found the worlds largest prime number? A University supercomputer? No, a 19 year old running a program across the Internet for a number of hours. Enough rambling, it's the end of the day *sigh* Phillip. From Caspar.Bowden@qualia.co.uk Tue, 17 Mar 1998 17:58:47 -0000 Date: Tue, 17 Mar 1998 17:58:47 -0000 From: Caspar Bowden Caspar.Bowden@qualia.co.uk Subject: Legislating for the Long Term? On 17 March 1998 16:28, Phillip Temple [SMTP:phillip.temple@onlinemagic.com] wrote: > Like-wise, if the decision makers > are not capable of utilising the medium they are proposing to > regulate then perhaps they should not have that position of power > in the first place? Well they do. -- Caspar Bowden - Director, Qualia Internet Consultants 41 Great Percy Street, London WC1X 9RA Tel: +44(0)171 837 8706, Fax: +44(0)171 827 6534 From bill@dial.pipex.com Tue, 17 Mar 1998 20:49:40 -0000 Date: Tue, 17 Mar 1998 20:49:40 -0000 From: Bill Thompson bill@dial.pipex.com Subject: House of Commons - 18th March, Private Member's debate on HMG's strategy for the Internet ------ =_NextPart_000_01BD51E6.56448160 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The debate tomorrow is instigated by Derek Wyatt who some may remember = as an ex-TV executive - he was behind WireTV (the failed sports channel) = and went to Sky to set up Computer Channel. He was elected by the voters of Sittingbourne & Sheppey last year in a result which probably = surprised him more than then. Interestingly enough John Battle will be replying to tomorrow's debate, = Barbara Roche being elsewhere. I understand that Wyatt wants to talk = about the Government's own use of the Internet ie really David Clark's = domain rather than about general Internet policy. I also understand = that nothing "interesting" to this list will be slipped in to Battle's = response. But we can all watch it on the Parliamentary Channel just in = case, I suppose. Bill Thompson ---------- From: Caspar Bowden[SMTP:Caspar.Bowden@qualia.co.uk] Sent: 17 March 1998 11:18 To: 'ukcrypto@maillist.ox.ac.uk' Subject: House of Commons - 18th March, Private Member's debate on = HMG's strategy for the Internet have just been alerted to the following, any info appreciated: http://www.parliament.the-stationery-office.co.uk/pa/cm/cmwib/bus.htm#for= th WEDNESDAY 18 MARCH The House will sit at 9.30am Private Members' Debates -=20 9.35 - 11.00am Derek Wyatt on HMG's strategy for the Internet -- Caspar Bowden - Director, Qualia Internet Consultants 41 Great Percy Street, London WC1X 9RA Tel: +44(0)171 837 8706, Fax: +44(0)171 827 6534 ------ =_NextPart_000_01BD51E6.56448160 Content-Type: application/ms-tnef Content-Transfer-Encoding: base64 eJ8+IiQUAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEkAYA4AIAAAIAAAAMAAAAAwAAMAMAAAAL AA8OAAAAAAIB/w8BAAAAUwAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAHVrY3J5cHRvQG1haWxs aXN0Lm94LmFjLnVrAFNNVFAAdWtjcnlwdG9AbWFpbGxpc3Qub3guYWMudWsAAB4AAjABAAAABQAA AFNNVFAAAAAAHgADMAEAAAAbAAAAdWtjcnlwdG9AbWFpbGxpc3Qub3guYWMudWsAAAMAFQwBAAAA AwD+DwYAAAAeAAEwAQAAAB0AAAAndWtjcnlwdG9AbWFpbGxpc3Qub3guYWMudWsnAAAAAAIBCzAB AAAAIAAAAFNNVFA6VUtDUllQVE9ATUFJTExJU1QuT1guQUMuVUsAAwAAOQAAAAALAEA6AQAAAAIB 9g8BAAAABAAAAAAAAAMNAAAAAwAAMAQAAAALAA8OAQAAAAIB/w8BAAAAVQAAAAAAAACBKx+kvqMQ GZ1uAN0BD1QCAAABAGNyeXB0by1hbm5vdW5jZUB1bmZvcnR1Lm5ldABTTVRQAGNyeXB0by1hbm5v dW5jZUB1bmZvcnR1Lm5ldAAAAAAeAAIwAQAAAAUAAABTTVRQAAAAAB4AAzABAAAAHAAAAGNyeXB0 by1hbm5vdW5jZUB1bmZvcnR1Lm5ldAADABUMAgAAAAMA/g8GAAAAHgABMAEAAAAeAAAAJ2NyeXB0 by1hbm5vdW5jZUB1bmZvcnR1Lm5ldCcAAAACAQswAQAAACEAAABTTVRQOkNSWVBUTy1BTk5PVU5D RUBVTkZPUlRVLk5FVAAAAAADAAA5AAAAAAsAQDoAAAAAAgH2DwEAAAAEAAAAAAAABAIB+Q8BAAAA VQAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAABAGNyeXB0by1hbm5vdW5jZUB1bmZvcnR1Lm5ldABT TVRQAGNyeXB0by1hbm5vdW5jZUB1bmZvcnR1Lm5ldAAAAADJoQEEgAEAXgAAAFJFOiBIb3VzZSBv ZiBDb21tb25zIC0gMTh0aCBNYXJjaCwgUHJpdmF0ZSBNZW1iZXIncyBkZWJhdGUgb24gSE1HJ3Mg c3RyYXRlZ3kgZm9yIHRoZSBJbnRlcm5ldAC4HwEFgAMADgAAAM4HAwARABQAMQAoAAIAWAEBIIAD AA4AAADOBwMAEQAUACsANQACAF8BAQmAAQAhAAAAN0U5NEZDRTFEN0JERDExMTk1Q0QzMEZDMDJD MTAwMDAANwcBA5AGAAgHAAAUAAAACwAjAAAAAAADACYAAAAAAAsAKQAAAAAAAwAuAAAAAAADADYA AAAAAEAAOQCgOM405lG9AR4AcAABAAAAXgAAAFJFOiBIb3VzZSBvZiBDb21tb25zIC0gMTh0aCBN YXJjaCwgUHJpdmF0ZSBNZW1iZXIncyBkZWJhdGUgb24gSE1HJ3Mgc3RyYXRlZ3kgZm9yIHRoZSBJ bnRlcm5ldAAAAAIBcQABAAAAFgAAAAG9UeY0xmrmBKO92BHRlc0w/ALBAAAAAB4AHgwBAAAABQAA AFNNVFAAAAAAHgAfDAEAAAAUAAAAYmlsbEBkaWFsLnBpcGV4LmNvbQADAAYQuAt/bAMABxCJBAAA HgAIEAEAAABlAAAAVEhFREVCQVRFVE9NT1JST1dJU0lOU1RJR0FURURCWURFUkVLV1lBVFRXSE9T T01FTUFZUkVNRU1CRVJBU0FORVgtVFZFWEVDVVRJVkUtSEVXQVNCRUhJTkRXSVJFVFYoVEhFRgAA AAACAQkQAQAAADcFAAAzBQAAdggAAExaRnUGbKUz/wAKAQ8CFQKkA+QF6wKDAFATA1QCAGNoCsBz ZXTuMgYABsMCgzIDxgcTAoO6MxMNfQqACM8J2TsV/3gyNTUCgAqBDbELYG5yZwHQNTcK+xLyDAFj QQBAIFRoZSANsGL0YXQbAHQDcAWwA2AH4EcEABwQAIB0aWcbUWQgIGJ5IEQEkGVrGCBXeRtQBUB3 aG/8IHMDcBsAAMAdEBYAB4AzBtAEkCBhBCADkWV4WC1UVh+hBZB1HIB2aRsALSAa8XcfUR8QaDML gBzgV2kWAB/hKHSVGvFmC3BsHNFzcBWhgwQgEbFubmVsKR9xemQKhXcJ8AVAG5AGAGuHHRAk0RHx IHVwIAhQLG1wIFAfIUMjZC4gPkgg5COgBZAcxSIydm+lJjFzCoVvZgYAaQJAnQuAZwbgCHAjkCAm BgBxGvBwcGUdEAtgHHAgPHllCsELgB9AHrFzdcpsHdJpEbAgcANgG0D3AmAdECvwciygBAAc0SFg Pm0ecAWwG3EjYSgSbi77CoUKhUkCMB1BHHEZAC0BiwnwCGBnLIBKb2gDoP5CHbEioB3gAxADIB8Q HrHdC1B5KaEkwhuWJwQgGyTqLDFxchtAciuwCAARsP8bAB8QMsIjoBHwHfAdQSbg/y/QJaAhgCiR AZAhgS5hBUD/HYYAcCMhMwIHQB1wAaAIYPMksRrxR28ggASgB4ACMPczsRvwA6B1EfApIiIyL+M/ I5AFQAiQHrEHQC0BRGGUdmkc4EMLYHJrM7J/A3ErgTSwIjEFwC5jONRnXwnwBJAHQDsoIvBsLGB5 fzYzB0AeMDZ/MNAiMDLCIvsLgDAHIjLzIWAEIEAAKwH9MfZzQAAqkRzgK4Ek0TGE3zOxK9Ei8ACA NiJCOQEkgO8jQD5CMhEhAHQscSlwKSDZLpMgUArAQABhOdIKwPMdECZ1IGo6gDuhA6BHIN8R8DRA NmAr8CqQb0ZhLwzeQjICGuAl8R4wbi8MCvQRQAAxODAC0WktMTw0NA3wDNBPEwtZMTb/CqADYBtg J6AgoFE3CodP6+sMMFC2RgNhOlI+ULYMgh8l0B9QTCMb8A2wbltTUE1UUDpV9C5WZEAscXUHQAcw LgWgLnX8a11R31LtBmACMFQfVSscMTcF0ArALHExOTlyOFzgMTpOkFjfUu1Utm9bH1UrJ1igBQB5 BTAcb0A9YTIQQ9Eub3g2LgDQWJEnXi9Z7nVi7monkWBPVStICGA6lCXhfwRgBjEgsE6QIjBdFDRA UHUFEHYbUk0e8zO3SCJInE1HM7EccD2xZWcdEJ8CED4COxhNP05DMzZPt/8UIgwBULYRwCCBSgMf EAnw/0CBBJAcwkNDIlEG8BWQA/D/GQA0QABwHRALgAIQH0AqkK0WAGMHMBzBOi8MaAJAoHA6Ly93 dfAuCrH1SNUuIjEtNtEcgAIgBJBseS0pME7gYzYgWHMvMQqwL2NteMED8GIvymI6gC51gG0jbMEi MAEvDFdFRE5FU0QMQVlpUQXQQVJDSH8KhRriaDQx8wCQBUA3UTk4LjMwSPAKhWoscydfHSEbQmki Lwx+ATVpMjH+Lk6wSPAdK2uvbL8vDFG3e1X7IKFEIcEnoAWwNEBRf1gTOygIUACALAE4AgqFNO0a wEc78QVAUASQQCAGAOuDsAngdDRATAIgPUADoJBXQzFYffBSQXw2iyOgZlArTyAoMClc8AkawDgz XQA4NzA2UTRARmF4jWsyXQA2+DUzNC8Mbj9vT1DFCoUFFSEAlFAAAwAQEAAAAAADABEQAAAAAEAA BzDA9Adm5VG9AUAACDDA9Adm5VG9AR4APQABAAAABQAAAFJFOiAAAAAAAwANNP03AACZEQ== ------ =_NextPart_000_01BD51E6.56448160-- From jya@pipeline.com Wed, 18 Mar 1998 13:54:40 -0500 Date: Wed, 18 Mar 1998 13:54:40 -0500 From: John Young jya@pipeline.com Subject: Phil Zimmermann on NAI/TIS Key Recovery Date: Wed, 18 Mar 1998 12:48:48 -0500 To: jya@jya.com From: Ed Stone Subject: PGP/NAI merger and key recovery I received the following email from Phil Zimmermann, regarding concerns I have expressed about NAI's acquisition of TIS, a substantial contractor to the National Security Agency, and a major developer of key recovery capabilities. >> begin PRZ email<<< Date: Wed, 18 Mar 1998 01:20:34 -0800 To: estone@synernet.com From: Philip Zimmermann Subject: PGP/NAI merger and key recovery Cc: prz@pgp.com Ed, I saw your recent remarks in comp.security.pgp.discuss. I'd like to make a few points. You may quote me on this. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mergers are complex operations, especially mergers of publicly traded companies of this size. NAI and TIS will not fully close the merger deal for about 60 days. Until then, there are many policy details we cannot discuss in public. NAI has no plans to incorporate TIS's key recovery technology in any version of PGP, including our business versions. I have discussed this point with NAI management. I have not changed my political values regarding privacy and crypto. I would not have allowed the sale of my company to NAI if they were going to buy PGP in order to bury PGP, as some have feared. They bought PGP because they value the reputation that PGP has earned in the industry. They want to preserve that reputation by preserving PGP's product integrity. I plan to keep watch over PGP's product integrity for the foreseeable future. NAI plans to keep publishing our source code for peer review. Source code publication in printed books is a vital part of NAI's business strategy, especially its overseas strategy. There will be an important announcement on this subject on 20 March at CeBit in Hannover Germany. -Philip Zimmermann -----BEGIN PGP SIGNATURE----- Version: PGP 5.5.5 iQA/AwUBNQ+RzWPLaR3669X8EQLuRwCcDowyBBr32YtbsnYSHy6clTW+7CwAnjpk KnVN0NVreBNuIOyxsAcWIb40 =vY/q -----END PGP SIGNATURE----- >>>end PRZ email<<< -- ------------------- Ed Stone estone@synernet.com ------------------- From octobersdad@reporters.net Wed, 18 Mar 1998 23:40:30 +0000 Date: Wed, 18 Mar 1998 23:40:30 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Some interesting reading on DigiSigs and Data Privacy - Long ------- Forwarded message follows ------- A Sign of the Times A Look at Recent Developments in the Area of Digital Signatures from the State and National Levels Timothy Nielander and Christopher Weinstein, Preston Gates & Ellis LLP, Seattle Industry analysts predict that revenues generated from business-to-business electronic commerce will top $60 billion by the year 2000. Meanwhile, current electronic transactions amount to only a fraction of this figure. With just three years remaining until this anticipated explosion of electronic commerce, many are asking how we will reach the numbers in an uncertain and inconsistent legal environment. This article will examine the current status and debate between state and federal digital signature legislation, an important component for establishing the foundation and validity of electronic contracting. In order to better understand the issues at stake, it is useful to review some fundamental terminology. The first important distinction is that a "digital signature" is just one type of an "electronic signature." An electronic signature can be any mark provided electronically as a symbol of an intention to be legally bound. In the paper world, marking "X" on a document in front of a witness or signing your name, is typically the method used to enter into a binding legal relationship. In the electronic world, the concept is the same – just the form of signature changes. Electronic signatures can take a variety of forms, including digital fingerprints or biometric retina scans. Another form of electronic signature is a digital signature: an encrypted mathematical algorithm made up of characters or "bits" that establishes a signature unique to the message to which it is attached and the identity of the signing party. The cryptography software used to create and verify a digital signature is characterized as a "key system," which encodes plain text into cryptic, unintelligible strings. At the receiving end, the software unlocks or decodes encrypted materials back into intelligible text. While different key systems exist, the public key infrastructure (PKI) is most favored and holds the greatest potential for widespread adoption for the Internet world of electronic commerce. PKI is essentially a triangle consisting of three components: (1) a public key accessible by recipients of digitally signed documents, (2) a private key used by the sender of a digitally signed document, and (3) a digital certificate issued by a trusted certificate authority. Under PKI, a public and private key are created based on a mathematical relationship. Each key is a unique string of digital data, and the mathematical relationship used to create a set of private and public keys may be used to confirm a correspondence between the two. The private key is known only to the signer of an electronic message and is used to create a digital signature, which is affixed to an electronic document. The public key is known more widely by any number of potential recipients and is used by the recipient to authenticate a digital signature on an electronic document purportedly signed by the sender. The digital certificate is an electronic record listing the name of the private key holder, the corresponding public key information and identification of the certificate authority: the recipient of a digitally signed electronic document relies upon the digital certificate to confirm the relationship between the public key and the identity of the party who has digitally signed an electronic document. A certificate authority, or CA, is a trusted, third party that issues certificates based on a process of authenticating the identity of the private key holder. Obtaining a digital certificate may entail a simple name and e-mail address check or a thorough credit check, depending upon the value associated with the signed document. Certificate authorities may be government agencies, financial institutions, public notaries or private businesses, depending on the provisions of the particular digital signature legislation. The technology of digital signatures facilitates online contracting by providing the benefits of source authentication, message integrity, and non-repudiation. Source authentication is the process used to determine the identity of the message sender and is achieved in a digital signature through the PKI triangle. Message integrity evidences that a message has not been modified or replaced while in transit from a sender to recipient and is achieved by embedding a "checksum," a summary of the document's contents, into the digital signature itself. If source authentication and message integrity indicate that the signature has not been forged and the message has not been manipulated, non-repudiation is the principle which states that the sender should not be allowed to deny responsibility for the message content. Promoting electronic commerce through electronic or digital signature legislation has three potential paths: differing legislation drafted and adopted by individual states, uniform standards adopted by all states as part of a uniform act, or federal legislation preempting state initiatives in this area. Since digital signatures may play a significant role in the validation of electronic contracting, it is no surprise that the federal government has backed away from addressing the issue, as states have traditionally developed their own contract laws. Yet, less than half of all U.S. states have enacted digital or electronic signature legislation to date, and those that have are creating a wave of uneven rules and jurisdictional issues associated with online interstate commerce. As a result, electronic or digital signature legislation may be ripe for a single federal standard. Some of the variances between state legislation include, for example, the definition of digital signatures; the legal effect of using a digital signature; the "burden of proof" required to prove a fraudulent use of a digital signature and escape the rule of non-repudiation; the appointment, licensing and liability of a certificate authority; and the scope of the legislation and the governmental body who regulates the process. While some states have passed legislation that specifically addresses digital signatures, others have legislated on the more general subject of electronic signatures. While statutes that employ the broad electronic signature definition should provide the flexibility necessary to support the emergence of new and superior technologies, that very breadth creates a new problem -- some electronic signatures will be more secure than others. For example, typing a name onto an online order form is less secure than attaching a digital signature to the same form, and a digital signature in turn could be less secure than a retina scan. Should all of these electronic signatures have the same legal effect? A few states, including California, Georgia, Kansas and Nebraska, have taken steps to avoid this problem by imposing threshold security measures as a prerequisite to electronic signature validity. Legislation in these states requires that, to be valid, an electronic signature must be (1) unique to and exclusively controlled by the person using it; (2) verifiable; (3) correlated to the message in a way that is self-invalidating if the message is manipulated; and (4) conforming to regulations established by the Secretary of State. The first two requirements seek to establish the source authentication and message integrity created in PKI with the intent of making conforming electronic signatures subject to the rule of non-repudiation. Even with these measures in place, some proponents of true digital signature legislation -- as opposed to electronic signature legislation -- argue that electronic signature statutes that do not mandate the use of PKI are more vulnerable to attack and will lead to further incompatible and non-interoperable signature and certificate systems. Another disparity among the states addressing the matter is the scope of digital or electronic signature legislation. Statutes enacted in Arizona, Delaware, Indiana and New Mexico, for example, only apply to communication with or within state agencies. In contrast, many other states including Florida, Kansas, Minnesota, Mississippi, Utah and Washington, have applied their respective signature statutes to public and private transactions alike. Most have agreed that each state's Secretary of State or Department of Commerce will regulate the electronic signature infrastructure, and that licensing of certificate authorities is necessary. Yet, it is not clear that certificates issued by a CA licensed in one state will be honored in another state: a key issue in the typically interstate world of online transactions. In short, electronic signature legislation is not uniform and many issues remain unresolved. So while the problem is obvious, the solution is not. Yet, several alternatives are being considered, including federal digital signature legislation. Several bills are before Congress, including the Secure Public Networks Act, introduced by Senators McCain and Kerrey and approved by the Senate Commerce Committee on June 19, 1997. Additionally, the Clinton Administration has proposed similar key recovery (or key escrow) legislation in its Electronic Data Security Act of 1997. However, the legislation has run into the national debate surrounding encryption. The federal government fears that the U.S. companies' exporting of strong encryption software necessary for PKI may impair the crime fighting abilities of law enforcement agencies; meanwhile, most in the computer industry believe that strong encryption is already available worldwide and that U.S. restrictions simply put U.S. companies at an unnecessary competitive disadvantage. While federal legislation would solve uniformity issues, reaching consensus on encryption may thwart passage of legislation that actually facilitates electronic commerce. Another alternative is to foster private sector solutions. For example, the National Automated Clearing House Association (NACHA), the organization that processes and clears checks through the banking system, recently announced the formation of a coalition of state government associations and the Internet Council of NACHA. Its approach is to develop reliable and trusted business models that will lead to operating rules, performance standards, sound business practices and certificate interoperability for government and commercial Internet applications. The goal is to provide a market-based means to evaluate the trustworthiness and performance of digital signature certification authorities. State contracting laws will have to catch up to electronic commerce, so state law alternatives are in progress. Two projects, both sponsored by the National Conference of Commissioners on Uniform State Laws (NCCUSL), are underway. The first is a proposed new article for the Uniform Commercial Code (UCC), a code that has been adopted in all states to provide fairly uniform laws regarding the sale of goods. A new article of the UCC, Article 2B, is being drafted to cover software transactions and licenses of information. Part of the project, however, is to establish laws for electronic commerce, including laws that will allow electronic signatures (including digital signatures and other technologies). Once those rules are established in Article 2B, they will serve as a basis for integration throughout the remainder of UCC as appropriate. In other words, the groundwork for a uniform electronic signature act is being laid by Article 2B, although it will not include the level of detail present in acts devoted wholly to digital or electronic signatures. This means that state acts will likely serve as an overlay to Article 2B. To help achieve a uniform overlay, NCCUSL is also drafting a uniform electronic commerce act as its second project in this area. Which of these alternatives will best promote electronic commerce? Only time will tell. In the meantime, the state law projects deserve the participation and support of all parties interested in moving the law forward for the purpose of promoting electronic commerce. ### Timothy Nielander and Christopher Weinstein are associates in the intellectual property and technology practice group at Preston Gates & Ellis LLP in Seattle. Preston Gates focuses on technology, securities and international business law. The firm's 275 attorneys practice in eight West Coast offices, Washington, D.C., and Hong Kong. For more information, visit the Preston Gates Web site at www.prestongates.com, or contact the authors at chrisgw@prestongates.com or timothyn@prestongates.com. Originally published in EC.COM Magazine. Data Privacy in the Era of High-Tech Marketing By J.D. Fugate For many U.S. businesses, utilizing the Internet to gather, analyze and trade information about consumers is an extremely lucrative practice. After all, direct marketing is a multi-billion dollar industry, not to mention one of the most successful ways to reach a target audience. For many other companies who do not engage in extensive direct marketing, the opportunity simply to "harvest" information from customers or visitors to their World Wide Web sites is too attractive to pass up. Nonetheless, companies should be aware of a growing backlash by consumers against ever-increasing data collection and use. Nowhere is this outrage more prevalent than in the emerging world of online marketing. Although the current U.S. legal structure protects most traditional direct marketing activities, the online environment is facing additional regulation, driven both by global pressure and unprecedented access to information. These changes warrant close attention from companies who use the Internet for data collection. Whether industry self-regulation can fend off tighter legal constraints on database collection and marketing at federal, state and local levels remains to be seen. However, trend-conscious businesses should be aware that high-level discussions among government, trade associations and consumer groups now taking place may shape the future of how and why information is collected online. Consumer Privacy Law Given the rapid changes in the technological landscape versus the more staid pace of the courts, there is little case law specifically involving online data collection and marketing. While that is likely to change in the near term, cases challenging the use of personal information by private entities -- based on "inherent rights to privacy" -- have been largely unsuccessful. An excellent example is Dwyer vs. American Express Company. In this case, American Express defended its right to compile data on card members' spending habits, categorize them into groups such as "Value Oriented" or "Rodeo Drive Chic" and rent the list to merchants. American Express prevailed, partly on the basis that using the card is a voluntary act that reveals spending habits and shopping preferences when analyzed. This legal victory bolsters the practices of data collection, analysis and sale, provided the practices are not deceptive. In terms of specific data privacy laws, the focus is primarily on the circumstances surrounding the acts of data collection and disclosure to others, rather than any inherent rights in the content of the information collected. For instance, the Electronic Communications Privacy Act of 1986 delineates criminal and civil penalties for unauthorized access to electronic communications, while in transmission or storage. Because the Act provides "prior consent" and "business use" exceptions, the key is whether the information is validly obtained. This emphasis on whether use is authorized or otherwise proper is a direct result of First Amendment case law, which generally does not respect ownership and control of non-confidential information. Any government regulation of data collection and use will be measured against the strong Constitutional presumption in favor of the free flow of information. How Information is Collected Online The fact that few laws exist to limit online data collection is distressing to consumer advocates. Although much of the information found on the Internet is "public," and therefore can be found elsewhere, the Web provides a unique opportunity for people to access or collect information more quickly and easily than ever before. On the surface, companies frequently collect information through online registration forms or surveys. In fact, many even require this information for access to the Web site content. On a much less visible level, data collection is happening on most sites through technology called "cookies." While we're inclined to think of cookies as a reward for good behavior, online cookies may or may not appeal to the recipient. Cookies are small encoded files that attach to the Web surfer's hard drive and provide identifying information about that person's computer. They follow users by tracking their time and movement online, somewhat like a pair of muddy footprints. On the downside of this technology, a user's e-mail address could be gathered through cookie technology and added to a list for sending unsolicited mail ("spam"). In this regard, some have even called them the paparazzi of cyberspace. There are also indisputable benefits, however. Cookies store information that enables users to connect to frequently visited sites without having to reenter log-in, preference and security information. They also can allow companies to funnel customized information to users upon request. Most advanced browsers can be configured by the user to alert users that a cookie is being offered and to give them an opportunity to accept or reject it. The Pressure of Public Opinion Cookie technology combined with traditional data collection methods can produce very meaningful information to Web marketers. However, consumers repeatedly express the desire to remain anonymous online. In the 1997 Graphic, Visualization & Usability Center's (GVU) 8th WWW User Survey, 63 percent of respondents strongly disagreed with the idea that content providers should have the right to resell user information. In addition, nearly three-fourths of survey respondents somewhat or strongly agreed with the development of new laws to protect privacy on the Internet. It is easy to see the potential for public opinion to sway key decision makers toward regulation of online activities. This may account for the recent introduction of three anti-spamming laws in Congress, the Netizen Protection Act of 1997, the Unsolicited Electronic Mail Choice Act of 1997 and the Electronic Mailbox Protection Act of 1997. All of these preserve commercial free speech, but mandate "opt-in" or "opt-out" mechanisms, and in some cases require the word "advertisement" in the subject header. Special Rules for Marketing to Kids Marketing to children online raises special concerns and legal issues. The Center for Media Education recently conducted a major investigation of online marketing aimed at children. The Center found that not only were children being lured into completing personal surveys through the use of enticing rewards, but the advertising and editorial content were often interwoven into a seamless product. Although this practice is considered deceptive in other media, neither the Internet nor ISPs are currently regulated in a way that would prevent it online. Additional concerns included the development of interactive "spokescharacters," personalized, "microtargeted" ads and other techniques used to captivate children at length, as well as the creation of detailed profiles on children based on data collection. These findings and a petition from the Center sparked a separate examination of the issues by the Federal Trade Commission (FTC) in 1997, with a heavy focus on the KidsCom Web site. This virtual playground offered games for kids ages 4 to 15, but required children to first provide personal information. Although the FTC believed KidsCom violated its guidelines (Section 5 of the FTC Act), it did not recommend enforcement action against the parent company, The KidsCom Company. One reason KidsCom averted government action was its rapid and significant site modifications, including a feature to notify parents via e-mail about its collection practices, the implementation of a parental approval process before releasing information to third parties, and the disclosure of its data collection practice and purpose to site visitors. KidsCom also added a cartoon icon and text to identify advertising content on the site. Additionally, there was no evidence that KidsCom released the collected information for commercial purposes. In a letter to the Center for Media Education, the FTC warned that "hereafter, staff may recommend law enforcement proceedings against marketers who engage in deceptive information practices, or who unfairly use personally identifiable information collected from children." The number of companies who could be affected is daunting. In a recent informal survey, the FTC found that approximately 86 percent of child-oriented Web sites were collecting basic personal information, although fewer than 30 percent posted a privacy policy or confidentiality statement. The KidsCom case should serve as an example to other Web marketers; the FTC may not show such leniency the next time it uncovers "unfair" practices targeting children. International Considerations At Play While most stakeholders agree that children need special protection from potentially unfair or deceptive marketing practices, the line is not as clear for adults. The voices against regulating the Internet are strong domestically, and have received support from the White House for a laissez faire approach. Because the Internet spans international boundaries, deciding whether or not to regulate data collection and database marketing is not simply up to the United States, however – it is a global question that is complicated by movement of some foreign governments to standardize privacy guidelines. Computerized databases lie at the heart of the European Union's Directive on the Protection of Personal Data, adopted in 1995. To meet the new requirements, EU member nations must enact legislation requiring companies acting within their borders to ensure that personal data (including, but not limited to, data collected on the Internet) is (a) processed fairly and lawfully; (b) collected and possessed for specified, explicit, legitimate purposes; (c) accurate and kept current; and (d) kept no longer than deemed necessary to fulfill the stated purpose. Under the Directive, consumers must also be given the explicit right to access the information, correct or block inaccuracies, and object to the information's use. Furthermore, barring a compelling public benefit, an individual's consent is required for companies to collect "sensitive" information, such as race, religion or sexual orientation. All EU member states are required to enact legislation to comply with the new standards by October 1998. After this time, EU countries may restrict the exportation of personal data for commercial purposes to countries that do not have comparable or "adequate" privacy regulations. It is possible that the United States, with its First Amendment protection of free speech, may be Constitutionally unable to enact comparable protections. Self-Regulation as a Solution The EU member nations are just beginning to define their own standards of adequacy, which means that U.S. proposals touting industry self-regulation may or may not be sufficient. It is also conceivable that certain industry segments will implement standards that are considered adequate, while others will not. U.S. financial institutions, for example, are quickly mobilizing to devise an acceptable industry policy. This group collects and stores a great deal of personal information for the purpose of fraud prevention. Without proper guidelines in place for the domestic collection and use of customer data, it is conceivable that the transmission of such data from European institutions to affiliates in the United States could be impeded by the EU Directive. At a House Banking Financial Institutions Subcommittee hearing in September 1997, four banking industry groups presented a united front and proposed "Eight Principles" for the protection of their customers' privacy. The principles reflect a commitment to the accuracy and security of information collected, but do not restrict the marketing of information to third parties to the same extent as the EU Directive. They also do not enable customers to directly access and correct the stored data. In the computer and technology arena, many companies are backing a nonprofit consortium called TRUSTe. A member of TRUSTe is entitled to prominently display one of three "trustmarks" on its Web site to alert users to the level of data collection in place. "No exchange" indicates that no personally identifiable information is used by the site. "One-to-one exchange" means that data is collected only for the site owner's use, and "third-party exchange" means that data may be provided to third parties with the user's knowledge and consent. The group also recommends placing a prominent and understandable privacy policy on the member's site. Certainly, the "seal-of-approval" concept is a good one. The question remains: Will this be enough to prevent more restrictive government solutions? Federal legislation is pending, but has not yet been reported out of committee. Unfolding Online Policy Companies that collect and utilize personal data, obtained over the Internet or otherwise, should keep a close eye on the unfolding legal landscape. This is particularly significant for those engaged in information exchange with EU member states. Since legislation designed to mirror the EU Directive may conflict with First Amendment rights, existing and emerging self-regulation policies may be the only immediate options available. In the meantime, Web marketers must recognize that today's seemingly limitless data collection opportunities may not last. ### J. D. Fugate is an associate in the Technology and Intellectual Property Department at Preston Gates & Ellis LLP in Seattle. Mr. Fugate assists clients with electronic commerce and technology licensing matters. Preston Gates focuses on technology, securities and international business law. The firm's 275 attorneys practice in eight West Coast offices, Washington, D.C., and Hong Kong. For more information, visit the Preston Gates Web site at www.prestongates.com, or contact the author at jdfugate@prestongates.com. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From sjmz@hplb.hpl.hp.com Thu, 19 Mar 1998 11:05:30 +0000 Date: Thu, 19 Mar 1998 11:05:30 +0000 From: Stefek Zaba sjmz@hplb.hpl.hp.com Subject: US Senate hearings tue17mar98 For those of us who haven't already seen reports: there is a writeup and detailed testimony transcripts from a US senate hearing on encryption policy held two days ago, at the ACP (Americans for Computer Privacy) website under http://www.computerprivacy.org/ Pointers to the hearing transcripts are currently on their homepage: they have obscure long-term-filing URLS along the lines of http://www.computerprivacy.org/archive/03171998-5.shtml for example - that one's the executive director of the Law Enforcement Society of America testifying that in *his* organization's view, the needs of law enforcement are best served by widespread adoption of unescrowed encryption. I guess he won't be invited to Louis Freeh's next Christmas party, then :-) Cheers, Stefek From I.Brown@cs.ucl.ac.uk Thu, 19 Mar 1998 11:21:31 +0000 Date: Thu, 19 Mar 1998 11:21:31 +0000 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: Crypto in the Guardian Online There's a great review of three books on Internet security, including Whit Diffie's latest, in today's Guardian Online. [http://online.guardian.co.uk/reviews/890237162-revbks.html] A few quotes: "There could hardly be a better time to bring out a book linked to the confusing stalemate that stands for government policy on control of the Internet. And that=92s not a dig at the current New Labour government, no= t least because a hefty thump would be more in order." "In Washington, the Clinton administration has brought together the industry=92s top gurus for advice on what to do next, but still none of them is happy to talk about their deliberations; and in London the Department of Trade and Industry is organising round tables after its disastrous first foray into the arena. " "Traders that cannot guarantee the confidentiality of their transactions, whether they are banks or lawyers or car component manufacturers, will not attract business. Meanwhile, political terrorists and criminal groups can put up two fingers to the official restrictions, and use whatever means they like to ensure their success." Ian :D From nbohm@ernest.net Thu, 19 Mar 1998 12:49:15 +0000 Date: Thu, 19 Mar 1998 12:49:15 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: Law Society The list may be interested to know that the Law Society has set up a group under the chairmanship of Tony Girling, a past President, to look at the legal implications of electronic communications, with particular reference to security and authentication. I have been asked to serve on a subgroup considering the policy of the European Union on these issues. (For overseas list members: the Law Society represents the solicitors profession in England and Wales; solicitors being, at the risk of some oversimplification, the general practice half of the legal profession.) Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From octobersdad@reporters.net Thu, 19 Mar 1998 13:03:30 +0000 Date: Thu, 19 Mar 1998 13:03:30 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Crypto elsewhere The following is copied from the SWATCH list. I've only just got back online and haven't had a chance to check it out yet myself. ===================FORWARDED MESSAGE========================== Emitting from Loughborough this time. Be afraid. Be very afraid. ;) ftp://ftp.ietf.org/internet-drafts/draft-hamilton-fix-dns-00.txt (I suspect that it's shooting itself in the foot early in paragraph 3 which suggests that escrowed private keys would be about as much use as... well, read it... ) tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From pleyland@microsoft.com Thu, 19 Mar 1998 09:05:15 -0800 Date: Thu, 19 Mar 1998 09:05:15 -0800 From: Paul Leyland pleyland@microsoft.com Subject: Crypto elsewhere > I suspect that it's shooting itself in the foot early in paragraph > 3 which suggests that escrowed private keys would be about as > much use as... well, read it... ) I did read it. I conclude that I must be missing something. Section 3 explicitly states that weak cryptography and escrowed keys are *not* acceptable: > 3. Security considerations > Use of strong cryptographic authentication such as PGP is essential > for the correct operation of this system. Compromised cryptographic > protocols (e.g. using 40 bit keys, or escrowed private keys) would > *not* be appropriate, since these weaknesses are now well known > outside the cryptological community - e.g. in the print and > broadcast media. My emphasis added. Am I missing something? Paul From richard@turnpike.com Thu, 19 Mar 1998 16:20:19 +0000 Date: Thu, 19 Mar 1998 16:20:19 +0000 From: Richard Clayton richard@turnpike.com Subject: Crypto elsewhere In article , T Bruce Tober writes >The following is copied from the SWATCH list. I've only just got back >online and haven't had a chance to check it out yet myself. > >===================FORWARDED MESSAGE========================== >Emitting from Loughborough this time. Be afraid. Be very afraid. ;) > >ftp://ftp.ietf.org/internet-drafts/draft-hamilton-fix-dns-00.txt I think you will find that this is really just an "in-joke" which probably explains why the description of the system is so haphazard and so limited... It arose, as I heard it, from a late night discussion over some beers about a way to run DNS by consensus rather than using a central authority. The reason for the discussion was the Magaziner proposal (comment period nearly complete!). The discussion, as I recall, was reported to the IETF mailing list in general detail, this seems to be just a document to write it up for posterity. The model Hamilton & Knight choose is Netnews where in theory it is all chaotic but in practice nothing happens in the Big8 without a PGP signed message from tale and nothing happens in uk.* without a PGP signed message from control@usenet.org.uk etc etc Basically, the draft proposes a scheme whereby top level DNS domains would be promulgated by signed messages - and it would be down to individual DNS server managers to decide what to honour... That's pretty much what we have at the moment - most people honour the domains in the a. b. etc root name servers and ignore the AlterNIC. All this does is codify the way it really works (people trust people) but they add the potential to increase chaos in the future. The example they gave originally was what would happen if a government decided they owned part of the namespace *.uk for example, but the rest of the Internet disagreed with them... The risks of fragmentation of name space are, however, far too horrible to contemplate seriously. So, bottom line: it's an amusing idea, but I don't view it as a serious suggestion for solving any real problems. In particular I don't see the people who would currently be trusted to sign messages currently being interested in an ordered anarchy. Mind you, what do I know ? >(I suspect that it's shooting itself in the foot early in paragraph > 3 which suggests that escrowed private keys would be about as > much use as... well, read it... ) read it by all means, but I don't think you need to give it much mind. USG green papers on DNS are doubtless of interest to many on this list, but not the topic of this list, so I shall say no more -- richard richard.clayton @ T U R N P I K E .com http://www.demon.net/news/features/crypto/ for Demon's views on crypto "Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM From sjmz@hplb.hpl.hp.com Thu, 19 Mar 1998 18:15:42 +0000 Date: Thu, 19 Mar 1998 18:15:42 +0000 From: Stefek Zaba sjmz@hplb.hpl.hp.com Subject: Crypto elsewhere Paul Leyland, in response to Bruce Tober, in response to draft-hamilton-fix-dns-00.txt, writes: > > I suspect that it's shooting itself in the foot early in paragraph > > 3 which suggests that escrowed private keys would be about as > > much use as... well, read it... ) > > I did read it. I conclude that I must be missing something. Section 3 > explicitly states that weak cryptography and escrowed keys are *not* > acceptable: > I too am Confused. On the narrow point, like Paul I read this Internet Draft as vigorously rejecting "feel-goodware" signatures - though its language seems a little confused, as there are no fielded Internet security protocols which use a 40-bit symmetric key based signature or a 40-bit hash. On the broader point, there already *is* a standards-track proposal - and implemented, *freely exportable* code! - for secured DNS: see http://www.ietf.org/html.charters/dnssec-charter.html in general and RFCs 2065 and 2137 in particular. (The code is freely exportable from the US precisely because confidentiality is a non-goal, unlike strong authentication for the secured information.) Perhaps the authors are suggesting that PGP-signing DNS zone updates would be a good transitional move before the more widespread deployment of secure DNS; that's a kinder interpretation than that they're simply unaware of it. Cheers, Stefek From bill@dial.pipex.com Thu, 19 Mar 1998 21:24:10 +0000 Date: Thu, 19 Mar 1998 21:24:10 +0000 From: Bill Thompson bill@dial.pipex.com Subject: Crypto Policy Announcement Due Tomorrow (Fri 20/3) I have been informed by a good source that the crypto policy will be announced tomorrow afternoon as a written answer from Barbara Roche. It should be available mid-afternoon at Westminster and will be in Hansard. I don't have any details of what is in there. Perhaps David H would like to do the ukcrypto list one last service and post the full text as soon as it is officially available :-) Bill Thompson ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bill Thompson +44 (0) 1223 245963 0411 557361 - new mobile - new number http://dspace.dial.pipex.com/bill/ From martin@net.lut.ac.uk Fri, 20 Mar 1998 11:55:56 +0000 Date: Fri, 20 Mar 1998 11:55:56 +0000 From: Martin Hamilton martin@net.lut.ac.uk Subject: Crypto elsewhere -----BEGIN PGP SIGNED MESSAGE----- T Bruce Tober writes: | Emitting from Loughborough this time. Be afraid. Be very afraid. ;) :-))) -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNRJZSdZdpXZXTSjhAQHPewQAl5xKSrNddRiMAIiY8YLJKPHMcEOK341X f0ucn5LMwAdk1cixYJOp2/1XhF2vPcBmZN/b7oaY7PHP/YUMdBPf0XiggQvbrTI/ JiCgn3RSihpHKm8uKnc1f+1PbPT5PrrF9Qp2OywqY0ZH/she9F13PHemPOIBuUr5 3qsRQiHVkWs= =1z0D -----END PGP SIGNATURE----- From jya@pipeline.com Fri, 20 Mar 1998 07:31:58 -0500 Date: Fri, 20 Mar 1998 07:31:58 -0500 From: John Young jya@pipeline.com Subject: PGP Ups US Export Laws Thanks to David Crawford and Adam Back. The New York Times, March 20, 1998, pp. D1, D5. Export Laws Challenged by Sale Of Encryption Software Abroad By John Markoff San Francisco, March 19 -- An American maker of data-scrambling software said today that it would circumvent United States export policies by allowing its Dutch subsidiary to begin selling an international version of Pretty Good Privacy, a strong encryption program that does not provide a back door for law enforcement surveillance. Because the company, Network Associates, is the nation's largest independent maker of computer security software, its action could have a serious effect on Unites States export policies on software. Network Associates' decision to sell a program specifically prohibited by the Commerce Department comes at a tine when the Clinton Administration is already fighting Congressional attempts to end export controls on encryption software for fear that such restrictions will hurt the ability of American industry to compete internationally. "This is the biggest challenge yet to the U.S. policy," Ted Julian, an analyst at the Forrester Group in Cambridge, Mass., said. "It potentially has a tremendous consumer base." The battle over data scrambling -- software that hides everything from love letters to passwords to credit card numbers from prying eyes -- has become a bitter struggle in recent years between the American software industry and privacy advocates on one side and national security and law enforcement officials on the other. The Clinton Administration, in the name of fighting crime and terrorism, has been trying to force the industry to build back doors into encryption software to make it possible for law enforcement officials to secretly decode private messages. Opponents argue that the keys to the proposed back doors could be too easily stolen, compromising not only privacy but also the security of credit card numbers and other highly personal information. The Government does not restrict powerful encryption software domestically but, with very few exceptions, it limits export licenses to codes that can be easily cracked. Earlier this week, Justice Department officials testified before Congress that they had no plans to introduce domestic controls on strong encryption technology. Government officials said yesterday that they had not yet determined whether Network Associates would be violating United States laws in selling P.G.P internationally. "We'll be looking at this very closely," William A. Reinsch, the Under Secretary for export administration, said. "The question of whether or not this product is based on legal or illegal export of U.S. technology is a question to be investigated. If the Government determines that it was illegal, then we'll take appropriate action." In part, that decision will hinge on whether the entire software package was developed independently from the United States company, Mr. Reinsch said. Network Associates executives said that in developing the international version of P.G.P. they took care not to violate United States laws. The international version was developed by Network Associates in Europe in partnership with a small group of cryptographers at Cnlab Software in Switzerland. Network Associates said that the international version would be marketed by its European subsidiary, Networks Associates International B.V., based in the Netherlands. "We're not sure what the impact of this will be," Peter Watkins, general manager of the company's Net Tools Secure Division. said. "This is the first time that a U.S. company has taken this approach, but there are no prohibitions against this." While United States laws restrict the export of strong encryption products, there are no restrictions on exporting the text of the original source code. This loophole allows programmers in other countries to translate the source code into new software programs. P.G.P was written in the early 1990's by a privacy activist and computer programmer, Philip Zimmermann, and was freely distributed in the United States. Mr. Zimmermann also made his source code available internationally in text form. As a result, versions of the program have long been widely available in many countries. Network Associates' executives said they had met with Commerce Department officials earlier this year to explain their plan but the department had not responded. Mr. Reinsch said that his staff had been briefed by the company. Richard Hornstein, vice president of legal affairs for Network Associates, said the Justice Department was notified because "we wanted to make sure they felt comfortable about this, but there was no way the Commerce Department should have a role." Network Associates is not the first United States company to attempt to use an international partnership to circumvent export restrictions. Currently C2net Software Inc., an Oakland, Calif., security software concern, sells an international version of its Web server which has powerful built-in cryptography. The company said that the international version of the product was developed overseas independently from the United States product. Sun Microsystems has run into Government opposition to a similar project which was based on a cooperative development project with Elvis+, a company formed by scientists from the former Soviet space program. [End] From danny@spesh.com Fri, 20 Mar 1998 13:43:20 +0000 Date: Fri, 20 Mar 1998 13:43:20 +0000 From: Danny O'Brien danny@spesh.com Subject: Crypto Policy Announcement Due Tomorrow (Fri 20/3) Well, I've checked Written Questions for Answer on Friday 20 March 1998 http://www.parliament.the-stationery-office.co.uk/pa/cm199798/cmordbk1/80320 w01.htm and Order of Business Friday 20th March 1998 http://www.parliament.the-stationery-office.co.uk/pa/cm199798/cmagenda/ob980 320.htm with no luck. Is there any other way a written question could have slipped in? Best wishes, D. At 21:24 19/03/98 +0000, Bill Thompson believed it to be the case that: >I have been informed by a good source that the crypto policy will be >announced tomorrow afternoon as a written answer from Barbara Roche. >It should be available mid-afternoon at Westminster and will be in Hansard. > >I don't have any details of what is in there. > >Perhaps David H would like to do the ukcrypto list one last service and post >the full text as soon as it is officially available :-) > >Bill Thompson >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Bill Thompson +44 (0) 1223 245963 > 0411 557361 - new mobile - new number > http://dspace.dial.pipex.com/bill/ > > > From Markus.Kuhn@cl.cam.ac.uk Fri, 20 Mar 1998 17:21:51 +0000 Date: Fri, 20 Mar 1998 17:21:51 +0000 From: Markus Kuhn Markus.Kuhn@cl.cam.ac.uk Subject: Unpleasant EU Move A number of people have written letters to their MEP with regard to the planned Conditional Access Directive and the Anastassopoulos report. Copies of these letters are now available on http://www.cl.cam.ac.uk/~mgk25/ca-law/ If you want to add a letter, it might be a good idea to do this well before 14 April, the date of the planned discussion and vote in the EP Legal Affairs Committee on this directive. Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: From Alec.Muffett@UK.Sun.COM Fri, 20 Mar 1998 17:44:05 +0000 Date: Fri, 20 Mar 1998 17:44:05 +0000 From: Alec Muffett - SunLabs Alec.Muffett@UK.Sun.COM Subject: Unpleasant EU Move >A number of people have written letters to their MEP with regard to the >planned Conditional Access Directive and the Anastassopoulos report. >Copies of these letters are now available on > > http://www.cl.cam.ac.uk/~mgk25/ca-law/ I suspect that I shall have to write one, because I get the distinctly uneasy impression that the Anastassopoulos report would kill off further development of free software - eg: "Crack", "COPS", "Satan", "ISS" - as well as supress development of some large variety of commercial security-testing products... It would be a great blow to the worldwide security-tool export industry. - alec -- alec muffett, sun microsystems laboratories, alec.muffett @ uk.sun.com bai'eck - jesus was a yorkshireman From Daniel_Sabbagh@vnu.co.uk Fri, 20 Mar 1998 18:33:49 +0100 Date: Fri, 20 Mar 1998 18:33:49 +0100 From: Daniel_Sabbagh@vnu.co.uk Daniel_Sabbagh@vnu.co.uk Subject: Unpleasant EU Move This article appeared in Computing yesterday. Some further notes, unpublished, follow clarifying the DTI position As Markus Kuhn noted, the amendments orginally cited by Ross Anderson have not yet been accepted. So there is still time to lobby. The committee votes on April 16. Hope this helps. text: Alarm over hacker law Euro law to ban public discussion of IT security Draft European legislation to outlaw any devices or software that can be used to hack into pay-TV systems could also make it illegal to publicly discuss computer security weaknesses, write Daniel Sabbagh and Colin Barker. Alarm bells have been sounded by the UK?s IT academic community ? and echoed by the DTI ? over a series of amendments to a draft directive aimed at suppressing the activities of pirates who provide illegal, low-cost access to satellite TV broadcasts around Europe. The amendments, which are under consideration by a European Parliament committee, would make it illegal to disseminate information about security holes in conditional access systems. These could be defined as anything from pay-TV systems to subscription Web sites. ?The proposed amendments to the draft directive go way over the top,? said Dr Ross Anderson, a secu- rity specialist at the Cambridge University Computer Laboratory. ?In any engineering activity, we need constant feedback. Security is like bridge building: engineers learn how to build them safely by understanding why they fall down,? he added. The key amendment calls upon member states to prohibit ?the advertising and provision of information concerning activities and measures facilitating unauthorised access? to a wide range of electronic systems, including computers. It is also believed that the UK?s DTI is unhappy about the broad-ranging amendments, and has lobbied the British MEPs on the committee accordingly. The European Parliament?s legal affairs committee will vote on the proposed amendments on 16 April. But the measure will take from six to 18 months to be adopted ? and will then have to be enacted by member states, a process that could take up to two years. 19 March 1998 Notes: It emerged just as Computing went to press with this, that the DTI have taken no formal position on these amendments. Hence the suggestion in the article below that DTI 'is unhappy'. And despite DTI's claims of lobbying against the amendment, one Labour euro MEP on the committee considering the amendment (legal affairs and citizens rights), claimed that the DTI had not issued any line to take on the controversial amendments. Dan Sabbagh Senior Reporter Computing. From pgut001@cs.auckland.ac.nz Sat, 21 Mar 1998 09:46:23 (NZST) Date: Sat, 21 Mar 1998 09:46:23 (NZST) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: EU Crypto Free Trade Area Nicholas Bohm wrote: >At 14:30 12/03/1998, Peter Gutmann wrote: >>Nicholas Bohm writes: >>>[Standard COCOM/Wassenaar software note] >>> >>>This seems to open a fairly wide road, given the amount of public domain >>>crypto software to be found nowadays. >>Are you sure the regulations don't include a little footnote somewhere which >>creates another exception specifically for encryption software? The pre-1996 >>European versions and Candian version don't have this, but most 1996 and >>later versions do seem to have it. > >If so I certainly missed it; and the text I quoted expressly overrode the >content of all the categories, so an exception to it could not have been >tucked away inside the categories. > >Can you quote me the text of the note you have in mind from previous versions? >That would make a further check rather easier. General Software Note (GSN) (This note overrides any control within section D of Categories 0 to 9) With the exception of Category 5, Part 2 (Information Security), Categories 0 to 9 of this list do not control `software' which is either: a. Generally available to the public by being: 1. Sold from stock at retail selling points, without restriction, by means of: a. Over-the-counter transactions; b. Mail order transactions; or c. Telephone order transactions; and 2. Designed for installation by the user without further substantial support by the supplier; or b. `In the public domain'. `In the public domain' is defined as: "`Technology' or `software' which has been made available without restrictions upon its further dissemination (copyright restrictions do no remove `technology' or `software' from being `in the public domain'". (`technology' and `software' are further defined). The exception for infosec products only appeared in about 1997-1997, just after it was used to get a Canadian government ruling that various crypto programs (including my own) were exportable. Could someone try this in the UK? All you need to do is write to the DTI and ask for permission to export various bits of software (say, SSLeay, PGP, and it'd be nice to have a ruling on cryptlib as well because I've already got one from the Canadian govt saying that export to the UK is allowed, this would make a good precedent to use). You have to fill in lots of paperwork and wait for up to a year for them to figure out that there really isn't any way they can stop the export, and for their lawyers to advise them that taking it to court would be suicidal. Peter. From nbohm@ernest.net Fri, 20 Mar 1998 22:56:33 +0000 Date: Fri, 20 Mar 1998 22:56:33 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: EU Crypto Free Trade Area At 09:46 21/03/1998, Peter Gutmann wrote: >Nicholas Bohm wrote: >>At 14:30 12/03/1998, Peter Gutmann wrote: >>>Nicholas Bohm writes: >>>>[Standard COCOM/Wassenaar software note] >>>> >>>>This seems to open a fairly wide road, given the amount of public domain >>>>crypto software to be found nowadays. >>>Are you sure the regulations don't include a little footnote somewhere which >>>creates another exception specifically for encryption software? The pre-1996 >>>European versions and Candian version don't have this, but most 1996 and >>>later versions do seem to have it. >> >>If so I certainly missed it; and the text I quoted expressly overrode the >>content of all the categories, so an exception to it could not have been >>tucked away inside the categories. >> >>Can you quote me the text of the note you have in mind from previous versions? >>That would make a further check rather easier. > > General Software Note (GSN) > > (This note overrides any control within section D of Categories 0 to 9) > > With the exception of Category 5, Part 2 (Information Security), Categories 0 > to 9 of this list do not control `software' which is either: > > a. Generally available to the public by being: > 1. Sold from stock at retail selling points, without restriction, by > means of: > a. Over-the-counter transactions; > b. Mail order transactions; or > c. Telephone order transactions; and > 2. Designed for installation by the user without further substantial > support by the supplier; or > b. `In the public domain'. > >`In the public domain' is defined as: > >"`Technology' or `software' which has been made available without restrictions > upon its further dissemination (copyright restrictions do no remove > `technology' or `software' from being `in the public domain'". > >(`technology' and `software' are further defined). > >The exception for infosec products only appeared in about 1997-1997, just after >it was used to get a Canadian government ruling that various crypto programs >(including my own) were exportable. Could someone try this in the UK? All you >need to do is write to the DTI and ask for permission to export various bits of >software (say, SSLeay, PGP, and it'd be nice to have a ruling on cryptlib as >well because I've already got one from the Canadian govt saying that export to >the UK is allowed, this would make a good precedent to use). You have to fill >in lots of paperwork and wait for up to a year for them to figure out that >there really isn't any way they can stop the export, and for their lawyers to >advise them that taking it to court would be suicidal. > >Peter. The note you have quoted is the same as the one I found, apart from the exception in your version "With the exception of Category 5, Part 2 (Information Security),". I am sure there was no such exception in the Regulations I referred to. I think it is clear that PGP is in the public domain, but I do not know the position on the other software you mention. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From pgut001@cs.auckland.ac.nz Sat, 21 Mar 1998 13:23:31 (NZST) Date: Sat, 21 Mar 1998 13:23:31 (NZST) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: EU Crypto Free Trade Area >The note you have quoted is the same as the one I found, apart from the >exception in your version "With the exception of Category 5, Part 2 >(Information Security),". I am sure there was no such exception in the >Regulations I referred to. In that case someone should apply for export permission to get a ruling from the DTI. They can't deny the export without changing the regulations (the Canadian govt has already been through this). You just need to be really persistent, having a lawyer to help you is also useful. I've already tried this for NZ, the result was the ridiculous ruling that you can't even publish academic research of take a copy of Dr.Dobbs out of the country without a government permit, which is unlikely to be granted. >I think it is clear that PGP is in the public domain, but I do not know the >position on the other software you mention. They both qualify as "in the public domain": >`In the public domain' is defined as: > >"`Technology' or `software' which has been made available without restrictions > upon its further dissemination (copyright restrictions do no remove > `technology' or `software' from being `in the public domain')". > >(`technology' and `software' are further defined). In any case the either/or clause applies to *any* mass-market software. You could do the same for commercial products, although I guess companies wouldn't want to risk annoying the government. There are links to both SSLeay and cryptlib on my crypto link farm, http://www.cs.auckland.ac.nz/~pgut001/links.html. Peter. From aba@dcs.ex.ac.uk Sat, 21 Mar 1998 03:05:33 GMT Date: Sat, 21 Mar 1998 03:05:33 GMT From: Adam Back aba@dcs.ex.ac.uk Subject: FBI Changes Tack? Chris Sundt writes: > [a big blob of uuencoded and-then-some encoded mail] here is what he said when you unpick that: -Adam ====================================================================== Date: Sat, 21 Mar 98 00:00:17 +0000 Original-Encoded-Information-Types: Undefined Content-Identifier: 12208 From: "C Sundt" To: UKcrypto@maillist.ox.ac.uk Importance: normal Subject: FBI Changes Tack? Mime-Version: 1.0 The following Reuters piece was passed to me by a journalist who called me to as k if it could have any impact on the UK position - I said that was a tough one t o answer as I didn't know what the UK position was! However, it does appear to s how the FBI changing tack. Chris Sundt All opinions are my own and do not represent in any way those of the company I w ork for. Tuesday March 17, 9:16 pm Eastern Time FBI changes tactics in U.S. encryption debate By Aaron Pressman WASHINGTON, March 17 (Reuters) - The FBI on Tuesday backed away from controversial legislation requiring data scrambling products sold in the United States to allow law enforcers secretly to crack any coded message. But instead of new laws, the bureau hopes voluntary concessions by manufacturers of encryption technology will give it the same capabilities, officials said. The Federal Bureau of Investigation and the Clinton administration have long been at odds with high-tech companies, civil libertarians and Internet users over regulation of encryption, an increasingly critical means of securing electronic commerce and communications over the Internet. Encryption products use mathematical formulas to scramble information, such as a credit card number or e-mail message sent over the Internet, and render itunreadable without a password or software ``key.'' The FBI fears the proliferation of strong encryption will give criminals a powerful tool to thwart its investigations, according to Barry Smith, supervisory special agent in the FBI's Congressional affairs office. Although FBI director Louis Freeh last year favored new laws to guarantee access to coded messages, Smith said the bureau is now backing Vice President Al Gore's renewed dialogue with industry to find a mutually acceptable approach. ``Law enforcement is concerned that we have the technical capability under strict legal procedures to gain access to the plain text of criminally related communications or electronically stored data,'' Smith said in a telephone interview. ``If industry provides us those technical solutions to address our public safety needs in the area encrypted communications and encrypted stored data, that's fine,'' he added. ``Then there's really no need for a legislative solution.'' But Smith added that if Congress considers legislation moving in the other direction, the FBI might renew its lobbying campaign. A bill authored by Virginia Republican Rep. Bob Goodlatte would dramatically ease strict export limits on encryption while forbidding certain types of mandatory law enforcement access. The bill was approved in vari ous versions by five House committees last year and and could be voted on by the full House in a few months. ``If legislative action continues to move forward that threatens public safety and national security, obviously everyone will have to reassess where we are,'' Smith said. Industry officials said the renewed dialogue was unlikely to resolve the historic split over encryption in the high-tech industry between software and hardware companies. Hardware companies including IBM Corp (IBM - news) and Hewlett-Packard (HWP - news) have worked closely with the administration while software firms like Microsoft (MSFT - news) and Netscape Communications (NSCP - news) have opposed the administration. ``IBM has advocated a dialogue for some time between government and industry,'' IBM public policy director Aaron Cross said. Commercial solutions might be available to meet the needs both of customers and law enforcement, Cross said. Cross also urged the administration to ``take the idea of any form of domestic control off the table once and for all.'' Software firms and privacy advocates worried that the latest negotiations would do little to address their concerns. ``There is nothing new here and the stalemate isn't going to be broken with so many players left out,'' one software lobbyist who declined to be identified said. Earlier on Tuesday, principal associate deputy attorney general Robert Litt told a Senate subcommittee the administration was not seeking legislation to regulate domestic use of encryption. ``We are not looking for any mandatory controls domestically at this time,'' Litt told members of the Judiciary Committee's Constitution, Federalism and Property Rights Subcommittee. But Litt staked out the FBI's position that such legislation would be permitted by the U.S. Constitution. Two top legal scholars, Kathleen Sullivan of Stanford University and Richard Epstein of the University of Chicago, opposed Litt's interpretation. They told lawmakers legislation backed by the FBI would likely violate the First Amendment's free speech clause, the Fourth Amendment's search and seizure provisions and the Fifth Amendment's limit on self-incrimination. From gladman@seven77.demon.co.uk Sat, 21 Mar 1998 09:25:19 -0000 Date: Sat, 21 Mar 1998 09:25:19 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: EU Crypto Free Trade Area As a matter of interest does anyone know of a prosecution, either here in the UK or in another country, for not complying with the crypto export control laws? I have not researched this but I have asked this question many times and no-one has come up with a case that has gone to court. I should also mention that Trusted Information Systems ran a study which involved purchasing many software packages from 'export controlled' countries. They were able to purchase many strong crypto packages with no concern on the part of the suppliers for gaining export licenses. They documented such exports from the UK. Not being a lawyer, I don't know the significance in the courts of a situation where the authorities are seen, over a long period, not to enforce a law. I would certainly be interested to hear from any lawyers on the list on what might happen in court if someone is now singled out for prosecution when so many other openly documented breaches of the regulations have been ignored. I would have at least hoped that the courts would ask themselves what made the case before them so special. It seems to me that laws that are not supported by citizens, and not enforced by the appropriate authorities, should be repealed. The crypto export control laws in the UK are now clearly damaging and yet the DTI have allowed themselves to swallow the GCHQ argument that they should remain. I have written to Mrs Roche (via email) on this issue but, despite a reminder, Mrs Roche has not even had the decency to acknowledge my input. My letter was written in February, just after the 'we are about to announce our new policy' disaster and this explains the contents of the first half of it. In view of the complete disinterest on the part of Mrs Roche, I now openly publish it here. Brian ---------------------------------------------------------------------------- --------------- To: The Honourable Barbara Roche MP Department of Trade and Industry 22nd February 1998 Dear Ms Roche, UK CRYPTOGRAPHIC AND TTP POLICY DEVELOPMENT I am writing to you to express my concern and dismay at recent events in the development and announcement of UK policy on cryptography and Trusted Third Party (TTP) services. This is a vitally important issue for the UK and it is essential that any policy that emerges has the widespread support of ***ALL*** citizens of the UK in whose name it will be advocated. I would maintain that it is important prior to setting out policy that your Department should consider the various policy options in an open and democratic way so that everyone impacted by any announced policy feels that they have had a chance to influence the direction it will take. Traditionally, of course, policy development has taken place in secret but I had thought (and hoped) that your government in particular was committed to a more open approach and I am therefore concerned at what now appears to be happening. While I consider a closed approach to policy formulation undemocratic, it is at least equally unfair to all UK citizens in that everyone impacted by the policy is being treated in the same way. However a policy of selective consultation, leaks, accusations and denials of the form now underway converts this process from one that is simply undemocratic into one that is both undemocratic and unethical in that the vast majority of UK citizens are being denied the right to have their voices heard whilst a privileged few are given this opportunity. I associate such patronage and privilege with a past age and it comes as some surprise to find that such practices are still in use by a government that I had thought stood up for equality of treatment for all UK citizens. I would wish that you should undertake open consultation prior to policy announcement. If, however, you must form policy in secret then do so but expect to be criticised by people such as myself for being undemocratic. If, however, you enter into a process of selective consultation and leaks then you will have moved from simply being undemocratic to being unethical as well and I, for one, will not hesitate to bring this into the open. I have stopped short of doing this as I hope this appeal to you might bear fruit and bring a more open, organised and careful approach to the policy formulation and announcement process. I might add that at least one means for more open consultation exists in that I have worked with others to establish a mechanism for achieve this (see my Web page at: http//www.seven77.demon.co.uk//). Although your officials have sometimes been helpful here they have mostly stayed silent, especially so in recent months. Turning to the policy itself, I can only hope that the rumours flying around at the moment are wide of the mark. Any attempt to introduce key recovery or key escrow for confidentiality keys on any other basis than a COMPLETELY voluntary one is doomed to failure (if you doubt this consider the US experience). But there is a much more important issue in that the current focus on this aspect of policy has taken the spotlight off another area where you could make some simple policy changes that are not in any way damaging and yet will be enormously beneficial and widely welcomed in business and commerce and by UK private citizens. Our existing export controls on cryptography were put in place in the depths of the cold war and have hardly changed since then. They impose severe market constraints on export (through licensing) even for the countries within the EU, all of whom are supposed to be our friends. At the end of the cold war it was widely recognised that these laws were too restrictive and the Wassenaar agreement was put in place to maintain controls on export to Libya, Syria,.... on a non-proliferation basis but we have not changed our laws to bring this less restrictive regime into effect (I suspect this is because the dark forces of NSA and GCHQ, to which I am strongly opposed, have been against this). By announcing changes to our export licensing regime for cryptographic products to remove such controls except for export to proscribed countries you would be taking a step that is not in any way damaging and yet would be of enormous benefit to business and commerce within the UK and Europe. This would be a concrete demonstration of UK government support for electronic commerce and the open electronic market. Such a policy announcement would have truly enormous benefits and would bring universal and widespread support in that: * it would remove contraints on UK companies in exporting to our EU partners in an area where the UK is very strong * it would be seen in the EC as a move to support an open electronic commerce market in Europe * it would be in line with the recent EU communication on such matters * it would be an enormous plus for the UK at a time when we hold the Presidency of the EU Not least of course it would also be a clear demonstration that the principles set out by the Labour Party prior to the election were being put into practice. In reality this is a far more important practical step than anything to do with LEAK (Law Enforcement Access to Keys) and is a step that you could take that would command truly enormous support from industry, commerce and private citizens in the UK. Moreover it would be seen as a bold and popular step in a wider European context at a time when there is much excitement about the impact of electronic commerce and the Information Society. To be able to announce changes in policy that promote and open market in Europe for the products that will underpin secure electronic commerce at a time when we hold the EU Presidency is surely an opporunity which is too good to miss? Especially so when it shows the government to be carrying through its stated pre-election policy. In summary, therefore, I ask you to consider seriously shifting the emphasis of the policy changes away from the LEAK issue towards changes in our cryptographic export control regime to promote the development of the secure electronic commerce market in Europe. I believe that if you are able to do this you will convert a potentially damaging process into one which will command almost universal support and popularity both here in the UK and more widely in the EU. I urge you to give such changes your most serious consideration. I would be happy to expand on these ideas if appropriate. Yours sincerely, Dr Brian Gladman From georgefoot@oxted.demon.co.uk Sat, 21 Mar 1998 11:12:05 +0000 (GMT) Date: Sat, 21 Mar 1998 11:12:05 +0000 (GMT) From: George Foot georgefoot@oxted.demon.co.uk Subject: Announcement by Mrs. Roche There was a rumour a day or so ago that Mrs. Roche would be making an announcement in Parliament. Was this announcement made ? Was it of any interest in connection with encryption policy ? George -- George Foot georgefoot@oxted.demon.co.uk Web Page. http://www.oxted.demon.co.uk From aba@dcs.ex.ac.uk Sat, 21 Mar 1998 11:30:07 GMT Date: Sat, 21 Mar 1998 11:30:07 GMT From: Adam Back aba@dcs.ex.ac.uk Subject: export cases and data points (Re: EU Crypto Free Trade Area) Brian Gladman writes: > As a matter of interest does anyone know of a prosecution, either here in > the UK or in another country, for not complying with the crypto export > control laws? I did read some years ago about some people in the US who exported satellite decoder cards (coincidentally containing DES hardware). These people were, the story goes, prosecuted under ITAR. One presumes this was just a handy law to prosecute them with, or a handy law to add to their list of charges. Perhaps some of our legal people know where details of this case can be found. Another interesting data point would be for the DTI to publish case histories for the crypto export process: percentage of cases turned down, countries to, purposes, reasons for denial, and category of export permission given. Of coures they won't do that because it suits GCHQ's purposes to have the whole process shrouded in secrecy. Adam From nbohm@ernest.net Sat, 21 Mar 1998 12:24:55 +0000 Date: Sat, 21 Mar 1998 12:24:55 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: EU Crypto Free Trade Area At 09:25 21/03/1998 -0000, Brian Gladman wrote: [snip] >Not being a lawyer, I don't know the significance in the courts of a >situation where the authorities are seen, over a long period, not to enforce >a law. I would certainly be interested to hear from any lawyers on the list >on what might happen in court if someone is now singled out for prosecution >when so many other openly documented breaches of the regulations have been >ignored. I would have at least hoped that the courts would ask themselves >what made the case before them so special. The existence of unprosecuted crimes does not entitle prosecuted criminals to an acquittal. (Think about speeding offences.) This remains the case where the prosecutions are selective on objectionable grounds (for example, street sellers of conventional newspapers unmolested, street sellers of politically controversial newspapers moved on or prosecuted for obstructions). If you are VERY lucky with your judge, you might be able to bring in issues of this kind in support of a plea in mitigation of sentence. In an outrageous case, you might get a sentence consisting of an absolute discharge (i.e. no penalty at all), by way of two fingers to the prosecutor. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From gladman@seven77.demon.co.uk Sat, 21 Mar 1998 13:00:46 -0000 Date: Sat, 21 Mar 1998 13:00:46 -0000 From: Brian Gladman gladman@seven77.demon.co.uk Subject: EU Crypto Free Trade Area -----Original Message----- From: Nicholas Bohm To: ukcrypto@maillist.ox.ac.uk Date: 21 March 1998 12:30 Subject: Re: EU Crypto Free Trade Area >At 09:25 21/03/1998 -0000, Brian Gladman wrote: > >[snip] > >>Not being a lawyer, I don't know the significance in the courts of a >>situation where the authorities are seen, over a long period, not to enforce >>a law. I would certainly be interested to hear from any lawyers on the list >>on what might happen in court if someone is now singled out for prosecution >>when so many other openly documented breaches of the regulations have been >>ignored. I would have at least hoped that the courts would ask themselves >>what made the case before them so special. > >The existence of unprosecuted crimes does not entitle prosecuted criminals >to an acquittal. (Think about speeding offences.) This remains the case >where the prosecutions are selective on objectionable grounds (for example, >street sellers of conventional newspapers unmolested, street sellers of >politically controversial newspapers moved on or prosecuted for obstructions). > >If you are VERY lucky with your judge, you might be able to bring in issues >of this kind in support of a plea in mitigation of sentence. In an >outrageous case, you might get a sentence consisting of an absolute >discharge (i.e. no penalty at all), by way of two fingers to the prosecutor. Thanks Nicholas, I was hoping that 'the law is not an ass' but it seems that it might be! The speeding offence analogy does not quite fit my model since there are many prosecutions for speeding and no evidence that the authorities turn a blind eye to it. In the case of the crypto export laws there is long term evidence of no action by the authorities in the face of a number of well documented exports. So my interest is in a situation where: * a law has been on the books for many years * it has never ever been used to mount a prosecution * despite the fact that it has been visibly broken many times during this long period I suspect that your answer is still valid but it would be a first use of the law in question and it might be seen as a precedent. I hence wondered whether, in such a situation, some wider issues might be allowed to carry weight. Brian From nbohm@ernest.net Sat, 21 Mar 1998 19:04:49 +0000 Date: Sat, 21 Mar 1998 19:04:49 +0000 From: Nicholas Bohm nbohm@ernest.net Subject: EU Crypto Free Trade Area At 13:00 21/03/1998 -0000, Brian Gladman wrote: >-----Original Message----- >From: Nicholas Bohm >To: ukcrypto@maillist.ox.ac.uk >Date: 21 March 1998 12:30 >Subject: Re: EU Crypto Free Trade Area > >>At 09:25 21/03/1998 -0000, Brian Gladman >wrote: >> >>[snip] >> >>>Not being a lawyer, I don't know the significance in the courts of a >>>situation where the authorities are seen, over a long period, not to >>>enforce law. I would certainly be interested to hear from any lawyers on the >>>list on what might happen in court if someone is now singled out for >>>prosecution >>>when so many other openly documented breaches of the regulations have been >>>ignored. I would have at least hoped that the courts would ask themselves >>>what made the case before them so special. >> >>The existence of unprosecuted crimes does not entitle prosecuted criminals >>to an acquittal. (Think about speeding offences.) This remains the case >>where the prosecutions are selective on objectionable grounds (for example, >>street sellers of conventional newspapers unmolested, street sellers of >>politically controversial newspapers moved on or prosecuted for >obstructions). >> >>If you are VERY lucky with your judge, you might be able to bring in issues >>of this kind in support of a plea in mitigation of sentence. In an >>outrageous case, you might get a sentence consisting of an absolute >>discharge (i.e. no penalty at all), by way of two fingers to the >prosecutor. > >Thanks Nicholas, I was hoping that 'the law is not an ass' but it seems that >it might be! > >The speeding offence analogy does not quite fit my model since there are >many prosecutions for speeding and no evidence that the authorities turn a >blind eye to it. In the case of the crypto export laws there is long term >evidence of no action by the authorities in the face of a number of well >documented exports. So my interest is in a situation where: > >* a law has been on the books for many years > >* it has never ever been used to mount a prosecution > >* despite the fact that it has been visibly broken many times during this >long period > >I suspect that your answer is still valid but it would be a first use of the >law in question and it might be seen as a precedent. I hence wondered >whether, in such a situation, some wider issues might be allowed to carry >weight. I accept the feebleness of the speeding analogy, although I suspect that it reflects how a court would in fact reason. I don't think the points you emphasise would make any difference in principle (i.e. to the issue of guilt or innocence; they would help on the mitigation). Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From sbaker@steptoe.com Sat, 21 Mar 1998 12:50:59 -0500 Date: Sat, 21 Mar 1998 12:50:59 -0500 From: Stewart Baker sbaker@steptoe.com Subject: Re[2]: FBI Changes Tack? The FBI has not changed its goals. It has changed tactics after concluding that it is unlikely to get the kind of legislation it wants this year from this Congress. So it has agreed that it will not seek legislation -- that it could not get this year anyway -- and will instead engage in a dialogue with industry for the next two months. What I find significant about Bob Litt's testimony is that the Justice Department seems to be setting the stage for supporting Louis Freeh's call for domestic controls on encryption. That won't happen unless the dialogue fails (still the most likely outcome), but in the long run it could widen the rift within the Administration over domestic controls. Apart from the FBI's conclusion that its legislative proposal is in trouble, none of this is particularly good news for industry. Stewart ______________________________ Reply Separator _________________________________ Subject: Re: FBI Changes Tack? Author: at INTERNET Date: 3/20/98 10:05 PM Chris Sundt writes: > [a big blob of uuencoded and-then-some encoded mail] here is what he said when you unpick that: -Adam ====================================================================== Date: Sat, 21 Mar 98 00:00:17 +0000 Original-Encoded-Information-Types: Undefined Content-Identifier: 12208 From: "C Sundt" To: UKcrypto@maillist.ox.ac.uk Importance: normal Subject: FBI Changes Tack? Mime-Version: 1.0 The following Reuters piece was passed to me by a journalist who called me to as k if it could have any impact on the UK position - I said that was a tough one t o answer as I didn't know what the UK position was! However, it does appear to s how the FBI changing tack. Chris Sundt All opinions are my own and do not represent in any way those of the company I w ork for. Tuesday March 17, 9:16 pm Eastern Time FBI changes tactics in U.S. encryption debate By Aaron Pressman WASHINGTON, March 17 (Reuters) - The FBI on Tuesday backed away from controversial legislation requiring data scrambling products sold in the United States to allow law enforcers secretly to crack any coded message. But instead of new laws, the bureau hopes voluntary concessions by manufacturers of encryption technology will give it the same capabilities, officials said. The Federal Bureau of Investigation and the Clinton administration have long been at odds with high-tech companies, civil libertarians and Internet users over regulation of encryption, an increasingly critical means of securing electronic commerce and communications over the Internet. Encryption products use mathematical formulas to scramble information, such as a credit card number or e-mail message sent over the Internet, and render itunreadable without a password or software ``key.'' The FBI fears the proliferation of strong encryption will give criminals a powerful tool to thwart its investigations, according to Barry Smith, supervisory special agent in the FBI's Congressional affairs office. Although FBI director Louis Freeh last year favored new laws to guarantee access to coded messages, Smith said the bureau is now backing Vice President Al Gore's renewed dialogue with industry to find a mutually acceptable approach. ``Law enforcement is concerned that we have the technical capability under strict legal procedures to gain access to the plain text of criminally related communications or electronically stored data,'' Smith said in a telephone interview. ``If industry provides us those technical solutions to address our public safety needs in the area encrypted communications and encrypted stored data, that's fine,'' he added. ``Then there's really no need for a legislative solution.'' But Smith added that if Congress considers legislation moving in the other direction, the FBI might renew its lobbying campaign. A bill authored by Virginia Republican Rep. Bob Goodlatte would dramatically ease strict export limits on encryption while forbidding certain types of mandatory law enforcement access. The bill was approved in vari ous versions by five House committees last year and and could be voted on by the full House in a few months. ``If legislative action continues to move forward that threatens public safety and national security, obviously everyone will have to reassess where we are,'' Smith said. Industry officials said the renewed dialogue was unlikely to resolve the historic split over encryption in the high-tech industry between software and hardware companies. Hardware companies including IBM Corp (IBM - news) and Hewlett-Packard (HWP - news) have worked closely with the administration while software firms like Microsoft (MSFT - news) and Netscape Communications (NSCP - news) have opposed the administration. ``IBM has advocated a dialogue for some time between government and industry,'' IBM public policy director Aaron Cross said. Commercial solutions might be available to meet the needs both of customers and law enforcement, Cross said. Cross also urged the administration to ``take the idea of any form of domestic control off the table once and for all.'' Software firms and privacy advocates worried that the latest negotiations would do little to address their concerns. ``There is nothing new here and the stalemate isn't going to be broken with so many players left out,'' one software lobbyist who declined to be identified said. Earlier on Tuesday, principal associate deputy attorney general Robert Litt told a Senate subcommittee the administration was not seeking legislation to regulate domestic use of encryption. ``We are not looking for any mandatory controls domestically at this time,'' Litt told members of the Judiciary Committee's Constitution, Federalism and Property Rights Subcommittee. But Litt staked out the FBI's position that such legislation would be permitted by the U.S. Constitution. Two top legal scholars, Kathleen Sullivan of Stanford University and Richard Epstein of the University of Chicago, opposed Litt's interpretation. They told lawmakers legislation backed by the FBI would likely violate the First Amendment's free speech clause, the Fourth Amendment's search and seizure provisions and the Fifth Amendment's limit on self-incrimination. From jya@pipeline.com Sun, 22 Mar 1998 09:58:35 -0500 Date: Sun, 22 Mar 1998 09:58:35 -0500 From: John Young jya@pipeline.com Subject: Rivest's Chaffing and Winnowing The New York Times, March 22, 1998, p. 31. New Method To Veil Data Could Upstage Export Policy Cryptologists find a way to foil eavesdroppers without secret codes. By John Markoff San Francisco, March 21 -- One of the nation's leading computer scientists has proposed a novel technique for scrambling data that could circumvent Government export policies aimed at limiting the foreign sale of encryption technology. The technique, which was described this week in an Internet discussion among computer researchers, was introduced by Ronald L. Rivest, a computer scientist at the Massachusetts Institute of Technology and one of the inventors of the most widely used commercial encryption scheme, RSA. The new approach, which is described in a short technical paper that has been posted to Mr. Rivest's M.I.T. Web site (http://theory.lcs.mit.edu/~rivest/chaffing.txt), is described as "chaffing and winnowing" digital information instead of encrypting it. According to Mr. Rivest's paper, it is possible to hide a message by breaking it into packets that are then secretly identified as good information, or "wheat," and gibberish, or "chaff," in such a way that an eavesdropper cannot distinguish the two. Because the individual packets would not be encrypted, Mr. Rivest said, such a system would circumvent current export restrictions. The two principal ways of communicating in secret are encryption and steganography. Steganography uses computer techniques to embed a secret message in a document like a digital image. In encryption, secret information is encoded using functions that require difficult mathematical tasks to decode, and it has become the standard way of transmitting secret information electronically. There are no restrictions on the domestic use of this technology, but the Government has been trying to force the industry to adopt standards that would permit law-enforcement officials to have mathematical keys allowing them to decode messages without the knowledge of the sender or receiver. The Clinton Administration says the standards are needed to fight crime and terrorism. Opponents argue that the Government decoding keys, to be stored in computers, could easily be stolen, compromising privacy and the security of credit card numbers and other personal information. In terms of exports, with few exceptions the Government limits the software to codes that can be easily broken. "Winnowing does not employ encryption, and so does not have a 'decryption key,' " Mr. Rivest wrote in his paper. "As usual, the policy debate about regulating technology ends up being obsoleted by technological innovations." Peter Neumann, an SRI International computer scientist who has read Mr. Rivest's paper, said that although "there is still no certainty that this is a practical idea," if it works, "it throws another clinker at the Justice Department." Other cryptography experts said they were uncertain whether it would be possible to skirt Government export restrictions in this way, but that the idea was an impressive new approach that might have valuable commercial applications. "He's a very clever guy," said George Spix, a Microsoft researcher who specializes in cryptography policy issues. " It goes to show that for all the technological wizardry in the world, there's nothing like an intellect." One of the potential limitations of the new method is that the total information transmitted might need to be hundreds of times larger than the actual message. Mr. Rivest said, however, that he had discussed the idea with Adi Shamir, an Israeli cryptographer, and that Mr. Shamir had proposed compression methods that would reduce the total transmission to only about twice the actual message size. The strength of the idea for chaffing and winnowing is that it is possible to prove mathematically that a message cannot be decoded, Mr. Rivest said. He said he had come up with the idea recently while teaching an undergraduate computer course. In addition to his role as associate director of the Laboratory of Computer Science at M.I.T., Mr. Rivest is a consultant and shareholder in RSA Data Security Inc., a company that develops encryption software. "I put the winnowing and chaffing idea out there to stimulate debate,"' Mr. Rivest said. "I hope it will help clear up some of the issues that have been raised in the policy discussion. [End] From dwadsw@etna.demon.co.uk Sun, 22 Mar 1998 17:04:05 +0000 Date: Sun, 22 Mar 1998 17:04:05 +0000 From: David Wadsworth dwadsw@etna.demon.co.uk Subject: Rivest's winnowing and chaffing Ron Rivest has just published an article on his web site that describes a technique called "winnowing and chaffing". This involves sending a message in clear, split into segments, each of which has a MAC appended. The text is then obscured by inserting random fragments of text with invalid MACs appended. This obscuring process could be done by anyone, not necessarily the originator. The intended recipient knows the secret of authenticating the MAC,and simply rejects any invalid fragment to retrieve the original message.This means in a trivial case it is impossible for a third party who doesn't know the secret,to distinguish between:- War has been declared War has not been declared If the fragments are "War has * not * been declared *" (Asterisks represent MACS) He suggests that even in countries which ban all kinds of encryption this should be permissable, because the original message is there in plain text for any one to read! If objections were made to the use of the technique, it could always be claimed that a third party had inserted the text fragments. It would also be possible to multiplex several messages together, relying on the winnowing by each recipient to decode the intended one. Knowledge of this technique could explain some of the suggestions that private keys used only for signatures or authentication should be made accessible to the authorities. His article is at: http://theory.lcs.mit.edu/~rivest/chaffing.txt -- David Wadsworth | Tonto.... I've got a feeling we're not in Kansas dwadsw@etna.demon.co.uk | anymore .....The Lone Ranger of Oz From sjmz@hplb.hpl.hp.com Sun, 22 Mar 1998 19:36:28 +0000 Date: Sun, 22 Mar 1998 19:36:28 +0000 From: Stefek Zaba sjmz@hplb.hpl.hp.com Subject: plea for refs to auth-only key escrow proposals En passant while describing Ron Rivest's in-yer-face-stego technique, David W writes: > Knowledge of this technique could explain some of the suggestions that > private keys used only for signatures or authentication should be made > accessible to the authorities. I'd very much like to know where such suggestions have been made in the context of the UK proposals: both the Mar97 consultation document and David Hendon's reply to Charles Lindsay's open letter made it clear that the UK proposals recognised the overriding importance of *not* escrowing signature-only private keys. (No technical suggestions have been made for how a distinction might be enforced, or how to avoid sig-only keys being used to sign certs for self-held encryption keys, mind you.) References to texts which suggest otherwise would be of great interest to me, and I suspect many on this list. Thanks in advance, Stefek PS Cynical speculation that an initial regime restricting the scope of escrow to encryption-only or mixed-purpose keys would be followed reluctantly a year or two later by an extension to sig-only keys because the spirit of regulation has been abused by forces inimical to an ordered society resulting in a tragic inability of the forces which defend our liberties to act in a particularly outrageous instance of an assault on our democratic structures - documentary evidence for which those defensive forces would dearly love to provide to the cynics but are prevented from doing so by reason of operational security - are *not* required, unless done with particularly amusing style, deep inside knowledge (preferably backed by documentation), or other redeeming feature: readers of this list are generally capable of providing their own cynicism :-) From sbaker@steptoe.com Sat, 21 Mar 1998 12:50:59 -0500 Date: Sat, 21 Mar 1998 12:50:59 -0500 From: Stewart Baker sbaker@steptoe.com Subject: Re[2]: FBI Changes Tack? The FBI has not changed its goals. It has changed tactics after concluding that it is unlikely to get the kind of legislation it wants this year from this Congress. So it has agreed that it will not seek legislation -- that it could not get this year anyway -- and will instead engage in a dialogue with industry for the next two months. What I find significant about Bob Litt's testimony is that the Justice Department seems to be setting the stage for supporting Louis Freeh's call for domestic controls on encryption. That won't happen unless the dialogue fails (still the most likely outcome), but in the long run it could widen the rift within the Administration over domestic controls. Apart from the FBI's conclusion that its legislative proposal is in trouble, none of this is particularly good news for industry. Stewart ______________________________ Reply Separator _________________________________ Subject: Re: FBI Changes Tack? Author: at INTERNET Date: 3/20/98 10:05 PM Chris Sundt writes: > [a big blob of uuencoded and-then-some encoded mail] here is what he said when you unpick that: -Adam ====================================================================== Date: Sat, 21 Mar 98 00:00:17 +0000 Original-Encoded-Information-Types: Undefined Content-Identifier: 12208 From: "C Sundt" To: UKcrypto@maillist.ox.ac.uk Importance: normal Subject: FBI Changes Tack? Mime-Version: 1.0 The following Reuters piece was passed to me by a journalist who called me to as k if it could have any impact on the UK position - I said that was a tough one t o answer as I didn't know what the UK position was! However, it does appear to s how the FBI changing tack. Chris Sundt All opinions are my own and do not represent in any way those of the company I w ork for. Tuesday March 17, 9:16 pm Eastern Time FBI changes tactics in U.S. encryption debate By Aaron Pressman WASHINGTON, March 17 (Reuters) - The FBI on Tuesday backed away from controversial legislation requiring data scrambling products sold in the United States to allow law enforcers secretly to crack any coded message. But instead of new laws, the bureau hopes voluntary concessions by manufacturers of encryption technology will give it the same capabilities, officials said. The Federal Bureau of Investigation and the Clinton administration have long been at odds with high-tech companies, civil libertarians and Internet users over regulation of encryption, an increasingly critical means of securing electronic commerce and communications over the Internet. Encryption products use mathematical formulas to scramble information, such as a credit card number or e-mail message sent over the Internet, and render itunreadable without a password or software ``key.'' The FBI fears the proliferation of strong encryption will give criminals a powerful tool to thwart its investigations, according to Barry Smith, supervisory special agent in the FBI's Congressional affairs office. Although FBI director Louis Freeh last year favored new laws to guarantee access to coded messages, Smith said the bureau is now backing Vice President Al Gore's renewed dialogue with industry to find a mutually acceptable approach. ``Law enforcement is concerned that we have the technical capability under strict legal procedures to gain access to the plain text of criminally related communications or electronically stored data,'' Smith said in a telephone interview. ``If industry provides us those technical solutions to address our public safety needs in the area encrypted communications and encrypted stored data, that's fine,'' he added. ``Then there's really no need for a legislative solution.'' But Smith added that if Congress considers legislation moving in the other direction, the FBI might renew its lobbying campaign. A bill authored by Virginia Republican Rep. Bob Goodlatte would dramatically ease strict export limits on encryption while forbidding certain types of mandatory law enforcement access. The bill was approved in vari ous versions by five House committees last year and and could be voted on by the full House in a few months. ``If legislative action continues to move forward that threatens public safety and national security, obviously everyone will have to reassess where we are,'' Smith said. Industry officials said the renewed dialogue was unlikely to resolve the historic split over encryption in the high-tech industry between software and hardware companies. Hardware companies including IBM Corp (IBM - news) and Hewlett-Packard (HWP - news) have worked closely with the administration while software firms like Microsoft (MSFT - news) and Netscape Communications (NSCP - news) have opposed the administration. ``IBM has advocated a dialogue for some time between government and industry,'' IBM public policy director Aaron Cross said. Commercial solutions might be available to meet the needs both of customers and law enforcement, Cross said. Cross also urged the administration to ``take the idea of any form of domestic control off the table once and for all.'' Software firms and privacy advocates worried that the latest negotiations would do little to address their concerns. ``There is nothing new here and the stalemate isn't going to be broken with so many players left out,'' one software lobbyist who declined to be identified said. Earlier on Tuesday, principal associate deputy attorney general Robert Litt told a Senate subcommittee the administration was not seeking legislation to regulate domestic use of encryption. ``We are not looking for any mandatory controls domestically at this time,'' Litt told members of the Judiciary Committee's Constitution, Federalism and Property Rights Subcommittee. But Litt staked out the FBI's position that such legislation would be permitted by the U.S. Constitution. Two top legal scholars, Kathleen Sullivan of Stanford University and Richard Epstein of the University of Chicago, opposed Litt's interpretation. They told lawmakers legislation backed by the FBI would likely violate the First Amendment's free speech clause, the Fourth Amendment's search and seizure provisions and the Fifth Amendment's limit on self-incrimination. From nd@hplb.hpl.hp.com Mon, 23 Mar 1998 08:50:42 +0000 Date: Mon, 23 Mar 1998 08:50:42 +0000 From: Neil Dunbar nd@hplb.hpl.hp.com Subject: EU Crypto Free Trade Area This is a cryptographically signed message in MIME format. --------------ms68A1DC61A00B688EEFD1D3C4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Brian Gladman wrote: > So my interest is in a situation where: > > * a law has been on the books for many years > > * it has never ever been used to mount a prosecution > > * despite the fact that it has been visibly broken many times during this > long period > > I suspect that your answer is still valid but it would be a first use of the > law in question and it might be seen as a precedent. Definitely in the 'I am not a lawyer, but...' vein: In Scots law, there is (I believe) something called 'disuitude' (sp?), which seems to correspond to what you describe. If a law is deemed through lack of use to be obsolete, then a judge can hold that it is no longer applicable. This is to stop people being hanged for stealing sheep (of course, in Scotland, the problem isn't *stealing* sheep :) ) The criterion that the law has *never* been used doesn't apply: just that the law hasn't been used in a long time. I do get the impression that Scots judges are more than a little reluctant to apply the principle, which seems to me like legal nitroglycerine. NB: This probably translates into Australian law, which is based in large part on Scots law. Nicholas, can you fill in more detail? Without a copy of Enid Marshall to hand, I'm floundering a bit... Neil -- ------------------------------ Name: Neil Dunbar Email: nd@hplb.hpl.hp.com Address: HP Laboratories, Filton Road, Stoke Gifford, Bristol BS12 6QZ Tel: +44 (0) 117 922 9471 Fax: +44 (0) 117 922 9742 "If I could choose the life I lead, then I would be a spaceman..." --All statements are the author's own, and not the opinion of HP-- --------------ms68A1DC61A00B688EEFD1D3C4 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIILEQYJKoZIhvcNAQcCoIILAjCCCv4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CSEwggKPMIIB+KADAgECAgITuDANBgkqhkiG9w0BAQQFADCBvjELMAkGA1UEBhMCWkExFTAT BgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3 dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lv bjE+MDwGA1UEAxM1VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgS2V5IDE5OTcu MDYuMjQgMDg6MjcwHhcNOTgwMTE0MTQwMzEwWhcNOTkwMTE0MTQwMzEwWjBEMR8wHQYDVQQD ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSEwHwYJKoZIhvcNAQkBFhJuZEBocGxiLmhwbC5o cC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAvjvLKwleNmlJH6iwRSc40DUOVanBdPYJ 4s5l3Gl/uuqnoFLsF+wi7CWOIytHjLMxbz/574RxZipYWNY0eR4V6wIDAQABo1kwVzAUBglg hkgBhvhCAQEBAf8EBAMCBaAwDgYDVR0PAQH/BAQDAgWgMCEGA1UdIwQaMBigFgQUwnHQEQCl 8dtpDBe8inySCQC4tVkwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQBB+vj/+7Ef /sbOr0WfLK28yFyRJNvjjPC1RJyKeJxuA3qPVC88Aug7g+XDkJep/SJk2b2N+oyWy94w9INZ oMOvJ4Kg/7qkaz7OK0tvouE08+5RBJ/5IDUIUrPM6waaUldRHvCpVrrPIOPJSVnCLElhEZtq t+f8Qt3OsV7HrP+U/DCCA1kwggLCoAMCAQICAQUwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNV BAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgG A1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vydmlj ZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkG CSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05NzA2MjQwODI5 MzNaFw05ODA2MjQwODI5MzNaMIG+MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgw JgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMT4wPAYDVQQDEzVUaGF3 dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBLZXkgMTk5Ny4wNi4yNCAwODoyNzCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmBiIWFWIEY0KmVvmYg5q5SB1nygAV7Kha3+I6yHW bf8Ci3V+0CmYq1kRArkgKcL3OpaORKJIlzK6K2XTUmkyzIoVmoAnd+GFudvTEZClvmsYd1np B1vEzBfwyRJgY+zNcsrFpOTTCSMXa1IYY3Pu4ECmUxFskuX5l2AgxWY9Oz8CAwEAAaNSMFAw EgYDVR0TAQH/BAgwBgEB/wIBADAkBgNVHSMBAQAEGjAYoBYEFHJJwnM0xlX0C3ZygX539Ifn xrIOMBQGCWCGSAGG+EIBAQEB/wQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCwhN9nslfhhkSp DUPDo8kS3BqASk2i6pAMji/woqWOj++l7SMSroG32jbbIovbn0lP5xYKZWN1BkhYIxlHv0Pd ECzHQ/DtLcZp3m7kV3XAp4MwuqkAm8zF517vLloBI+iyfRvc2mxaf7LWFJKSukUVU8hHlzoX M+GPFVog1M37OTCCAy0wggKWoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYT AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMg RGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05NjAxMDEwMDAwMDBa Fw0yMDEyMzEyMzU5NTlaMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBl MRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYD VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWls QHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANRp19SwlGRbcelH2AxR tupykbCEXn0tDY97Et+FJXUodDpCLGMnn5V7S+9+GYcdhuqj3bnOlmQawhRuRKx85o/oTQ9x H0A4pgCjh3j2+ZSGXq3qwF5269kUo11uenwMpUtVfwYZKX+emibVars4JAhqmMex2qOYkf15 2+VaxBy5AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAx+yS fk749ZalZ2IqpPBNEWDQb41gWGGsJrtSNVwIzzD7qEqWih9iQiOMFw/0umScF6xHKd+dmF7S bGBxXKKs3Hnj524ARx+1DSjoAp3kmv0T9KbZfLH43F8jJgmRgHPQFBveQ6mDJfLmnC8Vyv6m q4oHdYsM3VGEa+T40c53ooExggG4MIIBtAIBATCBxTCBvjELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUg Q29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE+ MDwGA1UEAxM1VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgS2V5IDE5OTcuMDYu MjQgMDg6MjcCAhO4MAkGBSsOAwIaBQCggYowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNOTgwMzIzMDg1MDQzWjAjBgkqhkiG9w0BCQQxFgQUaJDn9iEmQ/+p DUOlpnKhjDUpp/cwKwYJKoZIhvcNAQkPMR4wHDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC AIAwDQYJKoZIhvcNAQEBBQAEQFjXhFSay0hiHte0OBnM3XBpl/OIzn9071zJT8Tz9fLQt7Yh /NdEq86WqJ33fX+1ONHbuSZKjDnqiIuYdqGFTnQ= --------------ms68A1DC61A00B688EEFD1D3C4-- From steved@lawman.u-net.com Mon, 23 Mar 1998 22:27:45 -0000 Date: Mon, 23 Mar 1998 22:27:45 -0000 From: Stephen Doogan steved@lawman.u-net.com Subject: EU Crypto Free Trade Area On 23-Mar-98, Neil Dunbar wrote: >Brian Gladman wrote: >In Scots law, there is (I believe) something called 'disuitude' (sp?), >which seems to correspond to what you describe. If a law is deemed >through lack of use to be obsolete, then a judge can hold that it is >no longer applicable. This is to stop people being hanged for stealing >sheep (of course, in Scotland, the problem isn't *stealing* sheep :) ) Remember Hadrians Wall wasn't built to keep us out, it was built in such as way as to stop us nicking your sheep cattle and women (apologies to any ladies reading this). You are right about the concept of desuitude, but it only applies to act of the old Scottish Parliament ie. pre-1707 of which a surprising number are still in force. And only has force, either where there has been a long standing practice contrary to the old legislation, (such as JamesI's law against playing football since it was resulting in damage both to individuals and crops). It explicitly does not apply to Acts of the Westminster Parliament. >The criterion that the law has *never* been used doesn't apply: just >that the law hasn't been used in a long time. I do get the impression >that Scots judges are more than a little reluctant to apply the principle, >which seems to me like legal nitroglycerine. Not really, it's more of a damp squid when it's applicability is considered, it's really just a doctrine which tidies up Scots law, it's a pity that the English don't adopt something similar in my opinion >NB: This probably translates into Australian law, which is based in >large part on Scots law. >Nicholas, can you fill in more detail? Without a copy of Enid Marshall >to hand, I'm floundering a bit... Section 3-10 :-)) (at least in the 5th Edition I don't have a more recent copy handy) Stephen From lpchiew@pc.jaring.my Wed, 25 Mar 1998 00:51:49 +0800 Date: Wed, 25 Mar 1998 00:51:49 +0800 From: griffin lpchiew@pc.jaring.my Subject: Swedish Certification Authority Sorry to interupt the list with this irrelevant request for assistance, but I am looking for a Swedish CA vendor urgently whose name I have forgotten. I have tried 6 various search engines to get a list of Swedish CA developers/vendors but have failed miserably. Can someone please help me? Thanks. From georgefoot@oxted.demon.co.uk Tue, 24 Mar 1998 17:21:56 +0000 (GMT) Date: Tue, 24 Mar 1998 17:21:56 +0000 (GMT) From: George Foot georgefoot@oxted.demon.co.uk Subject: Swedish Certification Authority On Tue 24 Mar, griffin wrote: > Sorry to interupt the list with this irrelevant > request for assistance, but I am looking for > a Swedish CA vendor urgently whose name I have > forgotten. I have tried 6 various search engines > to get a list of Swedish CA developers/vendors > but have failed miserably. > There are two Certification Authorities mentioned in the Global Trust Register: (1) COST Top Level CA Computer Security Technologies CST AB Stockholm, Sweden http://www.cost.se/pca.htm (2) World Wide Wedlin CA Linkoping Ostergotland Sweden ca@wedlin.pp.se http://www.wedlin.pp.se/ca/ Please understand that I know absolutely nothing about these authorities. I am simply taking the names from the printed register. George Foot -- George Foot georgefoot@oxted.demon.co.uk Web Page. http://www.oxted.demon.co.uk From jsmall@gn.apc.org Tue, 24 Mar 1998 20:38:47 +0000 (GMT) Date: Tue, 24 Mar 1998 20:38:47 +0000 (GMT) From: Jill S Small jsmall@gn.apc.org Subject: Swiss CA experiment If anyone is interested, it seems that there is a nascent Swiss CA? I'm on the Geneva ISOC email list and so received an announcement about a forthcoming meeting they'll be having addressing this. No email/phone/address contact, but name and organisation and software they're using. In case anyone is interested. Sorry if this is unrelated... ---------- Forwarded message ---------- [snip] A local Certification Authority with the SSLeay freeware. Presented by Martin Ouwehand,Central Computing Service,Swiss Federal Institute of Technology,Lausanne We will present our first experiences in the setting-up of a local Certification Authority (CA) at the EPFL (Swiss Federal Institute of Technology, Lausanne) using Eric Young's free software SSLeay. From j.o.hughes@btinternet.com Tue, 24 Mar 1998 21:14:00 +0000 Date: Tue, 24 Mar 1998 21:14:00 +0000 From: John Hughes j.o.hughes@btinternet.com Subject: Swedish Certification Authority FYI, COST is now part of Entegrity Solutions. If any one wants to contain you can find my details below. John At 17:21 24/03/98 +0000, you wrote: >On Tue 24 Mar, griffin wrote: >> Sorry to interupt the list with this irrelevant >> request for assistance, but I am looking for >> a Swedish CA vendor urgently whose name I have >> forgotten. I have tried 6 various search engines >> to get a list of Swedish CA developers/vendors >> but have failed miserably. >> >There are two Certification Authorities mentioned in >the Global Trust Register: > >(1) COST Top Level CA >Computer Security Technologies CST AB >Stockholm, Sweden > >http://www.cost.se/pca.htm > >(2) World Wide Wedlin CA >Linkoping Ostergotland Sweden > >ca@wedlin.pp.se > >http://www.wedlin.pp.se/ca/ > > >Please understand that I know absolutely nothing about >these authorities. I am simply taking the names from the >printed register. > >George Foot > >-- >George Foot >georgefoot@oxted.demon.co.uk >Web Page. http://www.oxted.demon.co.uk > > > > ------------------------------------------------------------------- | John Hughes j.o.hughes@btinternet.com | | ENTEGRITY Solutions Home Office Tel: +44(0)1525 380160 | | Main Office Tel: +44(0)181 876 8666 | | www.entegrity.com Mobile: +44(0)468 055070 | ------------------------------------------------------------------- From j.o.hughes@btinternet.com Tue, 24 Mar 1998 22:09:00 +0000 Date: Tue, 24 Mar 1998 22:09:00 +0000 From: John Hughes j.o.hughes@btinternet.com Subject: Swedish Certification Authority oophs should of course said "contact me"" That the problem working late at night! John At 21:14 24/03/98 +0000, you wrote: >FYI, > >COST is now part of Entegrity Solutions. If any one wants to contain you >can find my details below. > > >John > > >At 17:21 24/03/98 +0000, you wrote: >>On Tue 24 Mar, griffin wrote: >>> Sorry to interupt the list with this irrelevant >>> request for assistance, but I am looking for >>> a Swedish CA vendor urgently whose name I have >>> forgotten. I have tried 6 various search engines >>> to get a list of Swedish CA developers/vendors >>> but have failed miserably. >>> >>There are two Certification Authorities mentioned in >>the Global Trust Register: >> >>(1) COST Top Level CA >>Computer Security Technologies CST AB >>Stockholm, Sweden >> >>http://www.cost.se/pca.htm >> >>(2) World Wide Wedlin CA >>Linkoping Ostergotland Sweden >> >>ca@wedlin.pp.se >> >>http://www.wedlin.pp.se/ca/ >> >> >>Please understand that I know absolutely nothing about >>these authorities. I am simply taking the names from the >>printed register. >> >>George Foot >> >>-- >>George Foot >>georgefoot@oxted.demon.co.uk >>Web Page. http://www.oxted.demon.co.uk >> >> >> >> > > ------------------------------------------------------------------- >| John Hughes j.o.hughes@btinternet.com | >| ENTEGRITY Solutions Home Office Tel: +44(0)1525 380160 | >| Main Office Tel: +44(0)181 876 8666 | >| www.entegrity.com Mobile: +44(0)468 055070 | > ------------------------------------------------------------------- > > > ------------------------------------------------------------------- | John Hughes j.o.hughes@btinternet.com | | ENTEGRITY Solutions Home Office Tel: +44(0)1525 380160 | | Main Office Tel: +44(0)181 876 8666 | | www.entegrity.com Mobile: +44(0)468 055070 | ------------------------------------------------------------------- From goodyer@well.ox.ac.uk Wed, 25 Mar 1998 00:00:44 +0000 (GMT) Date: Wed, 25 Mar 1998 00:00:44 +0000 (GMT) From: Dr I. D. Goodyer goodyer@well.ox.ac.uk Subject: Administrivia: Re: Swedish Certification Authority On Wed, 25 Mar 1998, griffin wrote: > Sorry to interupt the list with this irrelevant > request for assistance, but I am looking for > a Swedish CA vendor urgently whose name I have > forgotten. I have tried 6 various search engines > to get a list of Swedish CA developers/vendors > but have failed miserably. Please, if you wish to answer this request make sure you check that you send the message directly to Griffin and not to the whole list. This will insure that we will not to clog up the list with off topic discussion. Thanks Ian ukcrypto list owner. From aba@dcs.ex.ac.uk Wed, 25 Mar 1998 00:22:21 GMT Date: Wed, 25 Mar 1998 00:22:21 GMT From: Adam Back aba@dcs.ex.ac.uk Subject: Administrivia: Re: Swedish Certification Authority Ian Goodyer writes: > Please, if you wish to answer this request make sure you check that you > send the message directly to Griffin and not to the whole list. This will > insure that we will not to clog up the list with off topic discussion. I have noticed over the past few months numerous messages going to the list which were clearly intended to be private mail. Followed often by "oops, that was meant to be private!" The reason for this is that the Reply-To: is set to the list address by the list software. I vote it gets changed to have no reply to. On the lists I have been on where there is a Reply-To: set to list address it has invariably caused trouble, and embarrasment for inadvertent posters of private email. With no reply-to, the "reply to author only" function in most email clients starts working as advertised once more. Paul argued for reply-to on the basis that it stimulates discussion, but I tend to dislike this configuration. Adam From octobersdad@reporters.net Wed, 25 Mar 1998 04:41:04 +0000 Date: Wed, 25 Mar 1998 04:41:04 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Smart Cards to Rule sez Gates The following is from: ============================================= || || TechWeb News || || Tuesday March 24, 1998 || || http://www.techweb.com || || A CMP Service || ============================================= And is an abridgement to within fair use guidelines (I hope) ============================================= By Jason Busch, InternetWeek contributor In recent months, smart cards have become the new security darling for a range of vendors, from Microsoft to Sun. Many have heralded the technology as a panacea for transaction and security issues. Microsoft likes smart cards because Windows supports chip readers; Sun sees them as yet another place for Java. In determining their own security needs, however, IT managers must look beyond the vendor hype to determine whether smart cards are really necessary for their customers. We should not forget that smart cards have failed in the domestic market until now. Many industry observers have written them off entirely as expensive and unnecessary. But electronic commerce has the potential to make smart cards a viable security solution-for both consumer transactions and, subsequently, enterprise security. Speaking at the National Automated Clearing House Association's Payments '98 Conference, Bill Gates observed that future smart cards will have one great advantage over other security solutions-price. "Smart cards can be very inexpensive.We can go with simple, public-key, eight-bit smart cards, where the price will be under $1, in the very near future," Gates remarked. We all know that Gates is dreaming about the Windows cash register-which makes the recent Microsoft alliance with NCR even more historically appropriate-but smart cards have the potential to economically transform the way IT managers approach authentication and authorization issues. Once smart cards become integral to consumer transactions-from buying groceries to trading stocks-it will only be a matter of time before they migrate to a majority of enterprise security infrastructures. Consumer acceptance of the cards will translate to a corporate willingness to implement the technology throughout company divisions, from IT departments to warehouse distribution. We should not discount the importance of winning cultural acceptance of smart cards before they can migrate into other areas; tying a person's identity to a flat wafer 1/20th the size of a Kit-Kat is quite an Orwellian concept. Perhaps this explains why the largest deployment of noncommercial smart cards to date is in an organization where the priority of duty over rights is an established tradition-the military. But as the U.S. Navy has observed, there's no doubt that smart cards go a long way in securing an IT infrastructure and keeping track of employees. Smart cards will never be a replacement for VPNs, digital certificates, firewalls, encryption software and intrusion-detection tools, but the additional layer of protection they offer is invaluable. Their convenience factor should not be discounted, either. For companies with a highly mobile workforce, for example, smart cards will facilitate better communication. Managers will be better able to locate employees, whether they're checking E-mail at home or working at a remote office. Smart cards also will facilitate and simplify the virtual office by making computer sharing only a card swipe away. As prices for smart cards plunge over the next 12 months, these products will become even more attractive. New technology has shown that smart cards can work with existing platforms. With Toshiba's and Fischer's recent announcement of an inexpensive joint product that allows stan- dard floppy disk drives to read and write data to smart cards, IT will be able to leverage existing resources to deploy smart cards throughout the enterprise. Once smart cards penetrate the domestic transaction and electronic commerce market, they will quickly become a standard part of enterprise security. Lower costs and cultural acceptance will be the signals that smart cards will soon be as common as E-mail in the corporate world. ======================ENDS+++++++++++++++++++++++++++++++ Oh yes, and you might be interested in the following: === Headlines =============================== --- Novell To Work More Closely With Microsoft --- At the annual BrainShare '98 conference in Salt Lake City, Novell's CEO, Eric Schmidt, and vice president of product strategy, Chris Stone, both emphasized that Novell will work more closely with Microsoft. http://www.techweb.com/news/story/TWB19980324S0008 Sounds to me as though Novell has collapsed ("Yowsa, yowsa, massa sir, we'll do jest as y'all sez we should, massa bill") tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From octobersdad@reporters.net Wed, 25 Mar 1998 04:33:13 +0000 Date: Wed, 25 Mar 1998 04:33:13 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Administrivia: Re: Swedish Certification Authority In message <199803250022.AAA04680@server.eternity.org>, Adam Back writes > >Paul argued for reply-to on the basis that it stimulates discussion, And so it does. The errant reply to the list is not that often seen, though in the eyes of the senders (and I've been one on another list) it can be one too many or at least seem that way because of the embarrassment it can cause. But the other way (replay to author) is also a pia in that one is (and I speak for myself) constantly forgetting that th4e response is going only to the author and great thoughts and contributions to the on-going discussion are lost. I would rather the infrequent embarassment of a private letter sent to the list than a public contribution not made. It's really easy to hit delete on messages you don't want to bother with and by just reading the subj or author line you can usually tell which those are at a glance. And yes, I know, one should never just a message by its cover. tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From Denis.Russell@ncl.ac.uk Wed, 25 Mar 1998 09:00:03 +0000 Date: Wed, 25 Mar 1998 09:00:03 +0000 From: Denis.Russell@ncl.ac.uk Denis.Russell@ncl.ac.uk Subject: Administrivia: Re: Swedish Certification Authority At 4:33 am +0000 25/3/98, T Bruce Tober wrote: >In message <199803250022.AAA04680@server.eternity.org>, Adam Back > writes >> >>Paul argued for reply-to on the basis that it stimulates discussion, > >And so it does. ... I would rather the >infrequent embarassment of a private letter sent to the list than a >public contribution not made. >... I agree with this. . Denis Russell email: Denis.Russell@ncl.ac.uk Computing Service Tel: (+44) 191 222 8243 University of Newcastle Fax: (+44) 191 222 8765 Newcastle upon Tyne NE1 7RU ENGLAND From pgregg@tibus.net Wed, 25 Mar 1998 09:11:47 +0000 Date: Wed, 25 Mar 1998 09:11:47 +0000 From: Paul Gregg pgregg@tibus.net Subject: Administrivia: Re: Swedish Certification Authority In message <199803250022.AAA04680@server.eternity.org>, Adam Back writes: | | The reason for this is that the Reply-To: is set to the list address | by the list software. | | I vote it gets changed to have no reply to. On the lists I have been | on where there is a Reply-To: set to list address it has invariably | caused trouble, and embarrasment for inadvertent posters of private | email. I'd concur - See: http://www.e-solutions.de/reply-to-harmful.html Paul Gregg -- The Internet Business Ltd, Holywood House, Innis Court, Holywood, BT18 9HF pgregg@tibus.net http://www.tibus.net/ Phone: +44 (0)1232-424190 Fax: +44 (0)1232-424709 Eight out of every five people are math illiterates. From pleyland@microsoft.com Wed, 25 Mar 1998 01:25:15 -0800 Date: Wed, 25 Mar 1998 01:25:15 -0800 From: Paul Leyland pleyland@microsoft.com Subject: Administrivia: Reply-to list or author? My vote remains as it always was: leave well alone. Like Bruce, I've very occasionally been embarassed and I've more often failed to make a point that ought to have been public. The embarassment is fleeting; the contributions are (or should be) long-lived. Anyway, the present policy gives people an incentive to think before they type, rather than afterwards. 8-) Paul > -----Original Message----- > From: T Bruce Tober [SMTP:octobersdad@reporters.net] > Sent: Wednesday, March 25, 1998 4:33 AM > To: ukcrypto@maillist.ox.ac.uk > Subject: Re: Administrivia: Re: Swedish Certification Authority > > In message <199803250022.AAA04680@server.eternity.org>, Adam Back > writes > > > >Paul argued for reply-to on the basis that it stimulates discussion, > > And so it does. The errant reply to the list is not that often seen, > though in the eyes of the senders (and I've been one on another list) it > can be one too many or at least seem that way because of the > embarrassment it can cause. But the other way (replay to author) is also > a pia in that one is (and I speak for myself) constantly forgetting that > th4e response is going only to the author and great thoughts and > contributions to the on-going discussion are lost. I would rather the > infrequent embarassment of a private letter sent to the list than a > public contribution not made. > > It's really easy to hit delete on messages you don't want to bother with > and by just reading the subj or author line you can usually tell which > those are at a glance. And yes, I know, one should never just a message > by its cover. ... From goodyer@well.ox.ac.uk Wed, 25 Mar 1998 09:31:25 +0000 (GMT) Date: Wed, 25 Mar 1998 09:31:25 +0000 (GMT) From: Dr I. D. Goodyer goodyer@well.ox.ac.uk Subject: Administrivia: Re: Swedish Certification Authority On Wed, 25 Mar 1998, Paul Gregg wrote: OK. Enough already! At the risk of sounding like a broken record please send your requests to change the reply-to line (or to leave it as it is) directly to me and not to the whole list! After a few days I will let you know what the majority of people think and act accordingly - at the moment it is 3:2 for changing the reply-to header. In the meantime please try and keep posts that do not relate to ukcrypto off the list - thanks. Ian From meredith@mot.com Wed, 25 Mar 1998 10:46:11 +0000 Date: Wed, 25 Mar 1998 10:46:11 +0000 From: Andrew Meredith meredith@mot.com Subject: Administrivia: Re: Swedish Certification Authority Paul Gregg wrote: > > In message <199803250022.AAA04680@server.eternity.org>, > Adam Back writes: > | > | The reason for this is that the Reply-To: is set to the list > | address by the list software. > | > | I vote it gets changed to have no reply to. On the lists I have > | been on where there is a Reply-To: set to list address it has > | invariably caused trouble, and embarrasment for inadvertent > | posters of private email. > > I'd concur - See: http://www.e-solutions.de/reply-to-harmful.html > > Paul Gregg For those using Netscape (Yeah I know) try clicking on the author of this mail. What you *should* have got is a dialog box with "Andrew Meredith" in the top box and meredith@mot.com in the email box. For those who can't do this, the result is that despite clicking on my header, the ukcrypto address gets filled in. This is indicative of the expected/correct usage for the reply-to header. It is supposed to be the correct address of the author, as Chip's web page quite rightly stated. FWIW I agree with Adam. Andy M PS If there are any .sig haters around. Please take the following in the spirit of presenting a business card. This is my first posting to this list, and so I felt I should introduce myself. I will be clipping it off any further posts. ___________________________________________________________________ Andrew Meredith BEng AMIEE Lead Engineer Tel: +44(0) 1793 565377 GPD Software Group Fax: +44(0) 1793 565161 GSM Products Division Mobile: +44(0) 802 389007 Motorola Num Pager: +44(0) 1523 821322 16, Euroway, Blagrove Txt Pager: +44(0) 1523 523523 Swindon, SN5 8YQ, UK Email: meredith@mot.com ___________________________________________________________________ From jeremy.hilton@jhconsulting.co.uk Wed, 25 Mar 1998 12:02:18 -0000 Date: Wed, 25 Mar 1998 12:02:18 -0000 From: Jeremy Hilton jeremy.hilton@jhconsulting.co.uk Subject: GBI2000 Programme update 1998 Global Business Infrastructure 2000 (GBI 2000) Conference Kurhaus Hotel, Scheveningen, The Hague, March 31st - 2nd April 1998 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D PLEASE NOTE Accommodation at a preferential conference rate may now=20 be in short supply =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Tuesday 31st March =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote Lorin Brass, CEO of Shell Services International=20 Session 1 International Co-operation=20 Ms. Lily Lin; International Hotel School, The Hague. Deniz Erocal; Business Industry Advisory Committee (BIAC) to the OECD PAul Timmers; European Commission DG3 Heleen Brabander-Ypes Netherlands Ministry of Economic Affairs Ake Nilson; Marinade and ICC Chris Sundt; ICL and the Confederation of British Industry Session 2 User Choice and Market Driven Development Bob Carter; CEO Inter Clear Jan Andersson; Sweden Post Dean Adams; The Open Group Michael Brady; Siemens Ag =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Wednesday 1st April (Parallel Session) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote Martin Roe; Head of Major Programmes and Standards The UK Post Office Session 3 Liability=20 Chris Taper, EEMA, Clare Wardle, UK Post Office Legal Services Anne-Wil Duthler, KPMG, legal aspects of PKIs/TTPs=20 Yves LeRoux, Digital Hany Elmanawy, Universal Postal Union=20 Samoera Jacobs; Belsign Session 4 Standardisation and User Trust=20 Ed Roeback; U.S. Department of Commerce Jeremy Hilton, The Post Office=20 David Lacey, Shell Services International Anton Pronk, NNI Marco Romagnoli, Telecom Italia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Wednesday 1st April (Parallel Session) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote=20 Stephen Walker, President and CEO, Trusted Information Systems ICE Session One - Government Initiatives David M. Balenson, ICE Project Leader, TIS Edward Roback, US National Institute of Standards and Technology=20 Session Two - Panel - KRISIS & EuroTrust Initiatives Helmut Kurt, IABG Alan Liddle, Trusted Information Systems Paddy Holahan, Baltimore Technologies Session Three - Cryptographic Technologies =20 David Aucsmith, Security Architect, Intel Bob Frith, President, Key Recovery Alliance (KRA) David Balenson, KRA Protocol Team Pierre Boucher, Director of Government Programs, Entrust Glenn Pittaway, Microsoft UK=20 Session Four - Industry Perspectives =20 Paddy Holahan, Baltimore Technologies Niccol=F2 Galimberti, Marketing Manager, Telsy Prof. Henry Beker, Chairman and Chief Executive, Zergo Limited Dr. Roger Schell, Senior Development Manager, Novell Frank Jorinssen, Utimaco Belgium nv Steve Mathews, PC Security Ltd. Glenn Gramling, Hewlett Packard ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wednesday 1st April=20 Conference Dinner - Admission by ticket only Speaker: Nigel Hickson; UK DTI ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Thursday 2nd April - GBI 2000 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote Henk de Vries, Netherlands Ministry of Transport & Public Works Session 5 Lawful Access=20 Nick Mansfield, Shell Services International. John Smith, UK DTI Key Recovery/Escrow debate Moderator: Martin Roe; UK Post Office Bob Frith, Motorola and President of the Key Recovery Alliance.=20 David Balenson, Trusted Information Systems=20 Pierre Boucher, Entrust=20 Session 6 Privacy=20 Stephanie Perrin - Canadian Government drs. John J. Borking, NL Data Protection Registrar Francis Aldhouse - UK Deputy Data Protection Registrar Marc Rotenberg - EPIC Simon Davies - Privacy International Ross Anderson - Cambridge University ******************** Delegate Registration Form ********************* Global Business Infrastructure 2000 Conference The Hague, The Netherlands 31st March - 2nd April 1998 Fax to Anne Hilton, JH Consulting Ltd, +44 (0)1249 783289 or Email to gbi2000@icx.org Name: =20 Company: =20 Address: =20 =20 Phone: =20 Fax: =20 E-Mail: =20 Payment Method: Credit Card/Cheque =20 Credit Card Number: Expiry Date: =20 ************************** Payment Details ************************** The conference is organised on a not-for-profit basis. Charge per=20 delegate per day payable in advance is =A3250 or =A3580 for all 3 days,=20 which covers beverages, lunch, administration and conference=20 location. Optional conference dinner on Wednesday night is =A360.=20 Charges cover administration, conference location, beverages and=20 lunch. All payments by credit card, cheque or bankers order in=20 advance, please. Attendance fee includes coffee, tea and soft drinks at Registration=20 and during Conference breaks, plus a full Buffet Lunch. Tuesday, 31st March 1998:...Y/N Wednesday, 1st April 1998:...Y/N Thursday, 2nd April 1998:...Y/N All 3 days, 31st March - 2nd April 1998:...Y/N Tickets are required for the following event: I will attend the dinner on Wednesday, 1st April 1998:...Y/N.. Total Amount:............... Value Added tax is included in all quoted conference prices Payment Methods By Credit Card (Mastercard and Visa Only) By faxing +44 (0)1249 783289 - Anne Hilton (JHCL) with your credit=20 card number and expiry date. By Cheque Cheques payable to: International Computers Limited Send to: Anne Hilton, JH Consulting Ltd, 1 Hunters Meadow, Yatton=20 Keynell, Chippenham, Wilts, SN14 7JF, UK. Your registration will be confirmed after processing. Please remember=20 to make suitable travel and accommodation arrangements in good time.=20 We look forward to welcoming you at the conference. Accommodation and travel details follow the programme details. ************************* Accommodation ************************* We have arranged a block booking in the Kurhaus Hotel where the=20 conference takes place for participants of the 1998 Global Business=20 Infrastructure 2000 (GBI 2000) Conference, March 31st - 2nd April=20 1998. You can book a single room for the special rate of NLG 247.50 per=20 night, including breakfast and tax. Please do not forget to mention=20 the GBI 2000 conference as reference by booking your accommodation. Kurhaus Hotel (NLG 247.50 incl. Breakfast and tax) Gevers Deynootplein 30 2586 CK Den Haag The Netherlands Tel. +31 (0)70 - 4 16 26 36 Fax +31 (0)70 - 4 16 26 46 Other hotels in the surroundings of the Kurhaus: Europa hotel ( NLG 308, 35 incl. Breakfast and tax) Zwolsestraat 2 2587VJ Scheveningen Tel. +31 (0)70 - 3 51 26 51 Fax+31 (0)70 - 3 50 64 73 Carlton Beach Hotel (NLG 290,-- incl. Breakfast and tax) Gevers Deynootweg 201 2508AK Scheveningen Tel. +31 (0)70 - 3 54 14 14 Fax + 31(0)70 - 3 52 00 20 Hotel in the centre of The Hague: Novotel (NLG 240,-- incl. Breakfast and tax) Hofweg 5-7 2511 AA Den Haag Tel. +31 (0)70 - 3 64 88 46 Fax +31 (0)70 - 3 56 28 89 ************************* Travel Details ************************* Local Airport - Schiphol Amsterdam (International airport with=20 regular flights from around the globe) By taxi: From Schiphol Amsterdam airport a taxi will cost approx. NLG 150.=20 Please do not forget to agree a fixed price in advance. By train: From the airport direct to The Hague CS (Central Station). This takes=20 approx. 40 minutes. From the Hague CS you can take tram number 1 or 9=20 to Scheveningen. The tram stop is almost at the end of the line just=20 in front of the Kurhaus hotel. You can also take a taxi from The=20 Hague CS which will cost approx. NLG 25 By car: From Amsterdam you take the A44 via Wassenaar to the Haque or the A4=20 to the Hague. Arriving in the Hague you follow the signs=20 Scheveningen, following the road Scheveningen Strand (Beach) you will=20 end up at the Gevers Deynootplein where the Kurhaus is located. From chl@clw.cs.man.ac.uk Wed, 25 Mar 1998 09:31:06 GMT Date: Wed, 25 Mar 1998 09:31:06 GMT From: Charles Lindsey chl@clw.cs.man.ac.uk Subject: Administrivia: Re: Swedish Certification Authority On Wed, 25 Mar 1998 00:22:21 GMT Adam Back said... > > I vote it gets changed to have no reply to. On the lists I have been > on where there is a Reply-To: set to list address it has invariably > caused trouble, and embarrasment for inadvertent posters of private > email. > I disagree. List that do not set their replies to the list are a confounded nuisance. It is much more common to reply to the list and find that you have only replied to one person than the converse situation. And I am on lists of both types. This list is meant to be for discussion of cryptography problems within the UK. Let us leave it that way. Charles H. Lindsey ---------At Home, doing my own thing------------------------ Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From jeremy.hilton@jhconsulting.co.uk Wed, 25 Mar 1998 12:02:18 -0000 Date: Wed, 25 Mar 1998 12:02:18 -0000 From: Jeremy Hilton jeremy.hilton@jhconsulting.co.uk Subject: GBI2000 Programme update 1998 Global Business Infrastructure 2000 (GBI 2000) Conference Kurhaus Hotel, Scheveningen, The Hague, March 31st - 2nd April 1998 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D PLEASE NOTE Accommodation at a preferential conference rate may now=20 be in short supply =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Tuesday 31st March =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote Lorin Brass, CEO of Shell Services International=20 Session 1 International Co-operation=20 Ms. Lily Lin; International Hotel School, The Hague. Deniz Erocal; Business Industry Advisory Committee (BIAC) to the OECD PAul Timmers; European Commission DG3 Heleen Brabander-Ypes Netherlands Ministry of Economic Affairs Ake Nilson; Marinade and ICC Chris Sundt; ICL and the Confederation of British Industry Session 2 User Choice and Market Driven Development Bob Carter; CEO Inter Clear Jan Andersson; Sweden Post Dean Adams; The Open Group Michael Brady; Siemens Ag =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Wednesday 1st April (Parallel Session) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote Martin Roe; Head of Major Programmes and Standards The UK Post Office Session 3 Liability=20 Chris Taper, EEMA, Clare Wardle, UK Post Office Legal Services Anne-Wil Duthler, KPMG, legal aspects of PKIs/TTPs=20 Yves LeRoux, Digital Hany Elmanawy, Universal Postal Union=20 Samoera Jacobs; Belsign Session 4 Standardisation and User Trust=20 Ed Roeback; U.S. Department of Commerce Jeremy Hilton, The Post Office=20 David Lacey, Shell Services International Anton Pronk, NNI Marco Romagnoli, Telecom Italia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Wednesday 1st April (Parallel Session) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote=20 Stephen Walker, President and CEO, Trusted Information Systems ICE Session One - Government Initiatives David M. Balenson, ICE Project Leader, TIS Edward Roback, US National Institute of Standards and Technology=20 Session Two - Panel - KRISIS & EuroTrust Initiatives Helmut Kurt, IABG Alan Liddle, Trusted Information Systems Paddy Holahan, Baltimore Technologies Session Three - Cryptographic Technologies =20 David Aucsmith, Security Architect, Intel Bob Frith, President, Key Recovery Alliance (KRA) David Balenson, KRA Protocol Team Pierre Boucher, Director of Government Programs, Entrust Glenn Pittaway, Microsoft UK=20 Session Four - Industry Perspectives =20 Paddy Holahan, Baltimore Technologies Niccol=F2 Galimberti, Marketing Manager, Telsy Prof. Henry Beker, Chairman and Chief Executive, Zergo Limited Dr. Roger Schell, Senior Development Manager, Novell Frank Jorinssen, Utimaco Belgium nv Steve Mathews, PC Security Ltd. Glenn Gramling, Hewlett Packard ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wednesday 1st April=20 Conference Dinner - Admission by ticket only Speaker: Nigel Hickson; UK DTI ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Thursday 2nd April - GBI 2000 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Keynote Henk de Vries, Netherlands Ministry of Transport & Public Works Session 5 Lawful Access=20 Nick Mansfield, Shell Services International. John Smith, UK DTI Key Recovery/Escrow debate Moderator: Martin Roe; UK Post Office Bob Frith, Motorola and President of the Key Recovery Alliance.=20 David Balenson, Trusted Information Systems=20 Pierre Boucher, Entrust=20 Session 6 Privacy=20 Stephanie Perrin - Canadian Government drs. John J. Borking, NL Data Protection Registrar Francis Aldhouse - UK Deputy Data Protection Registrar Marc Rotenberg - EPIC Simon Davies - Privacy International Ross Anderson - Cambridge University ******************** Delegate Registration Form ********************* Global Business Infrastructure 2000 Conference The Hague, The Netherlands 31st March - 2nd April 1998 Fax to Anne Hilton, JH Consulting Ltd, +44 (0)1249 783289 or Email to gbi2000@icx.org Name: =20 Company: =20 Address: =20 =20 Phone: =20 Fax: =20 E-Mail: =20 Payment Method: Credit Card/Cheque =20 Credit Card Number: Expiry Date: =20 ************************** Payment Details ************************** The conference is organised on a not-for-profit basis. Charge per=20 delegate per day payable in advance is =A3250 or =A3580 for all 3 days,=20 which covers beverages, lunch, administration and conference=20 location. Optional conference dinner on Wednesday night is =A360.=20 Charges cover administration, conference location, beverages and=20 lunch. All payments by credit card, cheque or bankers order in=20 advance, please. Attendance fee includes coffee, tea and soft drinks at Registration=20 and during Conference breaks, plus a full Buffet Lunch. Tuesday, 31st March 1998:...Y/N Wednesday, 1st April 1998:...Y/N Thursday, 2nd April 1998:...Y/N All 3 days, 31st March - 2nd April 1998:...Y/N Tickets are required for the following event: I will attend the dinner on Wednesday, 1st April 1998:...Y/N.. Total Amount:............... Value Added tax is included in all quoted conference prices Payment Methods By Credit Card (Mastercard and Visa Only) By faxing +44 (0)1249 783289 - Anne Hilton (JHCL) with your credit=20 card number and expiry date. By Cheque Cheques payable to: International Computers Limited Send to: Anne Hilton, JH Consulting Ltd, 1 Hunters Meadow, Yatton=20 Keynell, Chippenham, Wilts, SN14 7JF, UK. Your registration will be confirmed after processing. Please remember=20 to make suitable travel and accommodation arrangements in good time.=20 We look forward to welcoming you at the conference. Accommodation and travel details follow the programme details. ************************* Accommodation ************************* We have arranged a block booking in the Kurhaus Hotel where the=20 conference takes place for participants of the 1998 Global Business=20 Infrastructure 2000 (GBI 2000) Conference, March 31st - 2nd April=20 1998. You can book a single room for the special rate of NLG 247.50 per=20 night, including breakfast and tax. Please do not forget to mention=20 the GBI 2000 conference as reference by booking your accommodation. Kurhaus Hotel (NLG 247.50 incl. Breakfast and tax) Gevers Deynootplein 30 2586 CK Den Haag The Netherlands Tel. +31 (0)70 - 4 16 26 36 Fax +31 (0)70 - 4 16 26 46 Other hotels in the surroundings of the Kurhaus: Europa hotel ( NLG 308, 35 incl. Breakfast and tax) Zwolsestraat 2 2587VJ Scheveningen Tel. +31 (0)70 - 3 51 26 51 Fax+31 (0)70 - 3 50 64 73 Carlton Beach Hotel (NLG 290,-- incl. Breakfast and tax) Gevers Deynootweg 201 2508AK Scheveningen Tel. +31 (0)70 - 3 54 14 14 Fax + 31(0)70 - 3 52 00 20 Hotel in the centre of The Hague: Novotel (NLG 240,-- incl. Breakfast and tax) Hofweg 5-7 2511 AA Den Haag Tel. +31 (0)70 - 3 64 88 46 Fax +31 (0)70 - 3 56 28 89 ************************* Travel Details ************************* Local Airport - Schiphol Amsterdam (International airport with=20 regular flights from around the globe) By taxi: From Schiphol Amsterdam airport a taxi will cost approx. NLG 150.=20 Please do not forget to agree a fixed price in advance. By train: From the airport direct to The Hague CS (Central Station). This takes=20 approx. 40 minutes. From the Hague CS you can take tram number 1 or 9=20 to Scheveningen. The tram stop is almost at the end of the line just=20 in front of the Kurhaus hotel. You can also take a taxi from The=20 Hague CS which will cost approx. NLG 25 By car: From Amsterdam you take the A44 via Wassenaar to the Haque or the A4=20 to the Hague. Arriving in the Hague you follow the signs=20 Scheveningen, following the road Scheveningen Strand (Beach) you will=20 end up at the Gevers Deynootplein where the Kurhaus is located. From lawya@lucs-01.novell.leeds.ac.uk Wed, 25 Mar 1998 18:02:57 GMT0BST Date: Wed, 25 Mar 1998 18:02:57 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: US official concedes that key recovery is inferior to alternativ Members will find the following EPIC press release of interest. Yaman ================================================================== U.S. OFFICIAL CONCEDES THAT "KEY RECOVERY" ENCRYPTION IS INFERIOR TO ALTERNATIVE PRIVACY TECHNIQUES FOR IMMEDIATE RELEASE CONTACT: Wednesday, March 25, 1998 David Sobel/Dave Banisar (202) 544-9240 WASHINGTON, DC -- A top U.S. official acknowledged more than a year ago that the Internet privacy technique championed by the Clinton Administration is "more costly and less efficient" than alternative methods that the government seeks to suppress. The concession is contained in a newly-released high-level document on encryption policy obtained by the Electronic Privacy Information Center (EPIC). In a November 1996 memorandum to other government officials, William A. Reinsch, the Commerce Department's Under Secretary for Export Administration, discussed the Administration's efforts to promote "escrowed" or "recoverable" encryption techniques in overseas markets. Such techniques enable government agents to unscramble encrypted information and they form the cornerstone of current U.S. encryption policy. After noting that government regulations permit the export of non- escrowed encryption products only to "safe end-users" such as foreign police and security agencies, Reinsch recognized the inferiority of the Administration's favored technology: Police forces are reluctant to use "escrowed" encryption products (such as radios in patrol cars). They are more costly and less efficient than non-escrowed products. There can be long gaps in reception due to the escrow features -- sometimes as long as a ten second pause. Our own police do not use recoverable encryption products; they buy the same non-escrowable products used by their counterparts in Europe and Japan. Ironically, Reinsch's concession is contained in a memorandum that discusses the Administration's strategy to "help the market transition from non-recoverable products to recoverable products." According to EPIC Legal Counsel David Sobel, the newly released document "suggests that the Clinton Administration is trying to sell key recovery technology while quietly recognizing its inferiority. This approach will ultimately weaken the global position of the American computer industry and hold back the development of the privacy protections so badly needed on the Internet." EPIC and other critics of current U.S. encryption policy have long maintained that "key escrow" and "key recovery" approaches compromise the security of private information by providing "backdoor" access to encrypted data. The Reinsch memo was released in response to a Freedom of Information Act request EPIC submitted to the Department of State concerning the international activities of former U.S. "crypto czar" David Aaron. That request is the subject of a pending federal lawsuit initiated by EPIC last year. The memorandum is available at the EPIC website at: http://www.epic.org/crypto/key_escrow/reinsch_memo.html - end ..................................................................... . . David L. Sobel, Legal Counsel * +1 202 544 9240 (tel) Electronic Privacy Information Center * +1 202 547 5482 (fax) 666 Pennsylvania Ave., SE Suite 301 * sobel@epic.org Washington, DC 20003 USA * http://www.epic.org . ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From proff@iq.org Thu, 26 Mar 1998 12:33:58 +1100 (EST) Date: Thu, 26 Mar 1998 12:33:58 +1100 (EST) From: proff@iq.org proff@iq.org Subject: Administrivia: Re: Swedish Certification Authority > > I vote it gets changed to have no reply to. On the lists I have been > > on where there is a Reply-To: set to list address it has invariably > > caused trouble, and embarrasment for inadvertent posters of private > > email. This doesn't matter on a moderated list. Cheers, Julian. From proff@iq.org Thu, 26 Mar 1998 12:33:58 +1100 (EST) Date: Thu, 26 Mar 1998 12:33:58 +1100 (EST) From: proff@iq.org proff@iq.org Subject: Administrivia: Re: Swedish Certification Authority > > I vote it gets changed to have no reply to. On the lists I have been > > on where there is a Reply-To: set to list address it has invariably > > caused trouble, and embarrasment for inadvertent posters of private > > email. This doesn't matter on a moderated list. Cheers, Julian. From octobersdad@reporters.net Thu, 26 Mar 1998 00:47:20 +0000 Date: Thu, 26 Mar 1998 00:47:20 +0000 From: T Bruce Tober octobersdad@reporters.net Subject: Privacy in the News FYI From comp.privacy digest. ------- Forwarded message follows ------- The Chronicle-Herald Mail-Star ( Halifax, NS, Canada ) reported: As a prosecutor, Paul Patterson helped handcuff criminals, but as an authority on technological change, he does not want to see the Internet shackled. "It would be an imposition on the public that will not be effective," says Mr. Patterson, holder of the University College of Cape Breton Chair in Management of Technological Change. Forcing everyone to use a government-approved coding method will be workable in "a few rare instances," but is, as a general rule, "doomed to failure". That might not be what the Canadian government wants to hear as it seeks public input to a proposal to undermine the confidentiality of all communications over the World Wide Web. It seeks a universal coding technique that its agents can plug into to find out what users are saying and doing. The government's ideas are contained in an Industry Canada booklet. The deadline for public submissions is 21 April 1998. The government document favours using the Internet for more commerce by introducing encoding services that assure secure transactions and payment arrangements. Ottawa, a signatory to a number of international agreements dealing with proposed scrutiny of the Net, also wants to deal with criminal activity. At stake, says the document, is the government's ability to prevent terrorism, interdict trade in illicit materials and drugs, block money laundering efforts and fight the child pornography and hate propaganda trade, while protecting commercial and national secrets. Mr. Patterson, who says that the government perhaps sees this as a way to "wiretap the Internet", is skeptical. Misuse of the Internet is always a possibility, but you cannot prevent it because the proposed solution is "out of all proportion to the dangers". Worse, he adds, a government-held key to Internet activity would have a chilling effect on the free exchange of ideas. On a personal level, Mr. Patterson said that he considers the proposals merely the latest attempt ( by the federal government ) to pull a fast one. He saw a form of natural justice that, in asking for public discussion, the government will likely find most of the responses from the Internet. Still, if there is to be an encryption law, he said, applications for invasive activity by police must come under the strict control of a judge. The courts have a long history of using good judgment on wire taps, he noted. However, Mr. Patterson suggested that any professional criminal will merely develop methods of avoiding being spied on. How about a message written in, say, Klingon? he posed. You could encrypt it, but it would not be anything but gibberish to a lawful intruder. The chief worry, he insisted, is that, eventually, whoever monitors the Net will begin to use peoples' and companies' ideas for their own or others' benefit. What if government turns the watching over to a private-sector agency? Who will watch the watcher? tbt -- Sign all messages with non-escrowed keys, don't give in to government tyrany. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm -- |Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832| | Freelance PhotoJournalist - IT, Business, The Arts and lots more | | Website - http://www.homeusers.prestel.co.uk/crecon/ | | PGP Key Details follow: | | RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5 D15C 0D2E C617 2671 | | DSS/DH key ID 0xB1445118 | | DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB 1788 6930 78FB B144 5118 | From Prunesquallor@compuserve.com Thu, 26 Mar 1998 02:05:13 -0500 Date: Thu, 26 Mar 1998 02:05:13 -0500 From: John R T Brazier Prunesquallor@compuserve.com Subject: IRA Crypto Article Dear All, Anyone seen the below (found in the March issue of 'Business & Technology= ', which I've only just got to through the stack)? I can't remember seeing i= t appear here, and it seems odd. Why has this story appeared now (with the DTI about to make pronouncements), and what are the details (ie are the Army really keeping informant lists in a breakable system)? Are we talkin= g about Excel-type password protection? Does the story have any accuracy? = Cheers, John B. www.proproco.co.uk -------------------------------------------------------------------------= -- ---------------------------- IRA cracks Army encryption codes The IRA has broken through the low-level encryption being used by the British Army, raising fears that it can now access stored information tha= t was previously thought to be safe. It stole Army information, including four computer disks, from a Welsh Guards intelligence agent, named as Sergeant RA Davies by Republican newspaper An Phoblacht. In a story on 29th January, the paper claimed th= e IRS had intercepted British intelligence documents and was attempting to access the disks. Sources claim the IRA has now cracked the encryption on the disks, which held spreadsheets, reports, analyses, names and addresses. It is believe= d the data included a list of Army informants. Intelligence experts have long claimed that the IRA was already capable o= f accessing Inland Revenue and DSS computers, usually through internal sympathisers. But this latest incident shows the terrorists have the expertise to break low-level computerised protection. Neil Barrett, principal consultant at Bull Information Systems and an expert in computer security and information warfare, said "If true, it's handed the IRA an object lesson on how to break these computer systems. = It doesn't mean it will be able to break all systems, but it does mean that the threat level has rocketed up. It also makes it very apparent that th= e IRA is willing to exercise a level of skill in hacking that it wasn't publicly known to have had in the past." An MoD spokesman in Northern Ireland said: "We cannot comment on operational matters, but the incident is being investigated. The information is of the lowest classification as far as we are aware." An Phoblacht claimed the IRA also seized a manual called Operational Intelligence Aide Memoire, which describes two databases used by the Army= in Northern Ireland: Crucible, for general purpose intelligence, and Vengeful, for vehicle intelligence. From Prunesquallor@compuserve.com Thu, 26 Mar 1998 05:28:24 -0500 Date: Thu, 26 Mar 1998 05:28:24 -0500 From: John R T Brazier Prunesquallor@compuserve.com Subject: Computing Article: Banks & Keys Recovery Dear All, 26th March Issue of Computing (computignet.co.uk), lead article below. Al= so on the front page the Post Office is starting up as a digital signature certifier. Cheers, John B ----------------------------------------- Banks slam snoops Major users split over government's attempt to regulate cyberspace = Europe's banks have rejected a controversial key recovery encryption sche= me on the eve of an expected government announcement imposing the policy on the UK, writes Dan Sabbagh. Computing has learned that the European Committee on Banking Standards (ECBS) - a powerful consortium of financial institutions - has filed a submission with the European Commission arguing against key recovery. The= committee's stance is backed by the UK's banks, which are represented by industry body APACS. It is understood that the submission, which will not be made public, says= that many European banks are 'fundamentally opposed' to the introduction = of statutory regulations for key recovery in Europe. Financiers, it maintain= s, 'cannot see any benefit for European banks and their customers'. Key recovery schemes require individuals and companies that use encryptio= n to deposit a copy of their encryption keys with a 'trusted third party'. These keys are then made avail- able to law enforcement agencies, on production of a warrant, allowing them access to encrypted private transmissions. The Department of Trade and Industry is thought to be close to unveiling = a key recovery scheme for UK encryption users in the face of opposition fro= m civil liberties campaigners and a growing number of corporates, including= Microsoft. The ECBS' argument has been broadly endorsed by NatWest. Tim Jones, managing director of retail banking services at NatWest, said: 'Key recovery is a brutal and expensive way to achieve law enforcement.' = Jones said that he believed there were simpler ways to allow access to encrypted data. He added that, in his opinion, medium-strength encryption= - 64-bit DES - should not necessitate key recovery because codes could be cracked 'with a couple of Crays and a following wind'. Steve Thomas, head of security at APACS, outlined the objections of Europe's banks. 'If key recovery is so good for business, as its supporte= rs argue, then we don't need a statutory framework to introduce it. Giving u= p any keys to a third party must reduce the security of any system,' he sai= d. Thomas stressed that other alternatives could be explored. 'Banks can provide text for legal inspection without the need for this complex infrastructure,' he said. Long-standing opponents of key recovery welcomed the banks' move. Brian Gladman, former deputy director general of NATO's technical centre, said:= 'This is a serious blow to the government's attempt to enforce key recovery.' In a further set back for key recovery advocates, the US Department of Justice and the FBI conceded that they will no longer insist on legislati= on requiring a key recovery system to be developed in the US. From richard@turnpike.com Thu, 26 Mar 1998 12:04:10 +0000 Date: Thu, 26 Mar 1998 12:04:10 +0000 From: Richard Clayton richard@turnpike.com Subject: Computing Article: Banks & Keys Recovery In article <199803260528_MC2-3802-72CF@compuserve.com>, John R T Brazier writes >Jones said that he believed there were simpler ways to allow access to >encrypted data. He added that, in his opinion, medium-strength encryption - >64-bit DES - should not necessitate key recovery because codes could be >cracked 'with a couple of Crays and a following wind'. Blaze et al estimated it at $38/key in 1995 (spend $300M and you get to crack them in 12 seconds, spend $300K and it takes 3 hours). These bankers are clearly intending to move only small value cheques around http://www.bsa.org/policy/encryption/cryptographers.html -- richard richard.clayton @ T U R N P I K E .com http://www.demon.net/news/features/crypto/ for Demon's views on crypto "Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM From lawya@lucs-01.novell.leeds.ac.uk Thu, 26 Mar 1998 16:53:48 GMT0BST Date: Thu, 26 Mar 1998 16:53:48 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: New ACLU Report Challenges Clinton Scare Tactics on Encryption This would be of interest to some of you in the list. Yaman New ACLU Report Challenges Clinton Scare Tactics on Encryption FOR IMMEDIATE RELEASE Tuesday, March 17, 1998 WASHINGTON -- Charging that the Clinton Administration is using scare tactics to acquire vast new powers to spy on all Americans, the American Civil Liberties Union today issued a white paper on the escalating battles over wiretapping in the digital age. The new ACLU report -- Big Brother in the Wires -- says that the current struggle over cryptography policy holds far-reaching and possibly irrevocable consequences for all Americans. It makes an impassioned case for limiting the government's ability to seize and review private communications -- whether they are telephone conversations, FAX messages, electronic mail, electronic fund transfers or medical records -- by permitting the use of strong encryption. The report comes as Congress grapples with fundamental disagreements over encryption policy. On one side of the policy impasse are the law enforcement and national security agencies -- the Justice Department, the FBI, the National Security Council, the Drug Enforcement Agency and many state and local agencies. On the other side are the communications industry, the country's leading cryptographers and computer scientists and civil liberties and privacy advocates. "We are now at an historic crossroads," the report says. "We can use emerging technologies to protect our personal privacy, or we can succumb to scare tactics and to exaggerated claims about the law enforcement value of electronic surveillance and give up our cherished rights, perhaps forever." The ACLU report is being circulated to key members of Congress in an effort to convince them to stand up to law enforcement's exaggerated claims and give Americans the right to protect their personal communications. "If President Clinton and federal law enforcement authorities have their way, new technology will make possible a much more intrusive and omniscient level of surveillance than has ever been possible before," said ACLU Legislative Counsel Gregory T. Nojeim. "Congress must reject this blatant power grab," Nojeim concluded, "and keep Big Brother out of our wires." The ACLU report can be found at: http://www.aclu.org/issues/cyber/wiretap_ brother.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties (UK) at: http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm Read CR&CL (UK) Report, 'Who Watches the Watchmen' http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From martin@mrrl.lut.ac.uk Thu, 26 Mar 1998 18:06:57 +0000 Date: Thu, 26 Mar 1998 18:06:57 +0000 From: martin@mrrl.lut.ac.uk martin@mrrl.lut.ac.uk Subject: Crypto elsewhere -----BEGIN PGP SIGNED MESSAGE----- Stefek Zaba writes: | I too am Confused. On the narrow point, like Paul I read this Internet | Draft as vigorously rejecting "feel-goodware" signatures - though its | language seems a little confused, as there are no fielded Internet | security protocols which use a 40-bit symmetric key based signature or a | 40-bit hash. The language probably seems confused because it was being written at 4am, so as to catch the Internet Drafts deadline for the LA IETF :-) The document really ought to have a proper "security considerations" section, since a) this is something that usually gets skipped(!) and b) proper authentication of control messages would be very important if people were actually to go for this scheme. It's difficult to find the right level to pitch these things at, though. The comment about 40 bit keys was really just a throwaway reference to the practice of crippling a perfectly decent crypto algorithm by forcing a chunk of the keyspace to a known value - e.g. for export from the US. So, don't read too much into it. I suppose the flipside is that if you mention terms like "key escrow" too much in an RFC you end up coming across like an extra from the X Files! | On the broader point, there already *is* a standards-track | proposal - and implemented, *freely exportable* code! - for secured DNS: | see http://www.ietf.org/html.charters/dnssec-charter.html in general and | RFCs 2065 and 2137 in particular. (The code is freely exportable from the | US preciselybecause confidentiality is a non-goal, unlike strong | authentication for the secured information.) Perhaps the authors are | suggesting that PGP-signing DNS zone updates would be a good transitional | move before the more widespread deployment of secure DNS; that's a kinder | interpretation than that they're simply unaware of it. I think you're getting too bound up in the crypto aspect - things like PGP and DNSSEC are orthogonal to the problem (if you believe it's a problem :-) of centralized control of key portions of the DNS, and real or imagined abuse of the current "monopoly" situation. The issue we're addressing is how best to distribute *authority* for chunks of the Internet domain name space. The crypto element of this is all about trust and authentication. PGP already has a substantial installed base plus a well established public key infrastructure, which seems to make it a good candidate. Usenet News appears to be a very effective way to periodically distribute information to large numbers of interested parties. QED ? Ciao! Martin -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNRqZPdZdpXZXTSjhAQFzJQP+M5isz80TyWPLVFq+7tD/IyUAH3Iy2UaG jnqW7el+W35aA5rZUxV4Al8g0Hr37VMr6lDwqcekK+7Rjp9PCmObv1bLNQ2Pg6EA TRoKcMvzJ3Lfyh/R/ZE+hrPGT4SLoQaSKlw8sAjVczH+3qvk4yEWS3HnfnAzeCmy LpGSS5V4Bt4= =m/gP -----END PGP SIGNATURE----- From jya@pipeline.com Thu, 26 Mar 1998 20:09:04 -0500 Date: Thu, 26 Mar 1998 20:09:04 -0500 From: John Young jya@pipeline.com Subject: Junger v. USA Crypto Law Suit Notice To: pr_list4@samsara.LAW.CWRU.Edu Subject: Press Release Date: Thu, 26 Mar 1998 15:37:38 -0500 From: "Peter D. Junger" Press Release New Judge to Decide Whether Export Restrictions on Software Violate Constitutional Guarantees of Freedom of Speech and of the Press Reply Briefs in Junger v. Daley Available on World Wide Web Government Argues that Much Software is Harmful ---------------------------------------------------------------- Cleveland, Ohio, Tuesday, March 26, 1998 For Immediate Release For More Information Contact: Peter D. Junger (216) 368-2535 Gino Scarselli (216) 291-8601 Or see URL: http://samsara.law.cwru.edu/comp_law/jvc/ To be added to, or removed from, the list of those who were sent this press release, please send e-mail to . _________________________________________________________________ Cleveland, Ohio, March 26 -- A status conference in the case of Junger v. Daley, the suit in which a law professor at Case Western Reserve University in Cleveland, Ohio seeks to enjoin the enforcement by the United States Department of Commerce of the export regulations on encryption software, will be held Friday, March 27, at 10:00 a.m. in the chambers of Federal District Judge James S. Gwin in the federal courthouse in Akron, Ohio. The case turns on the issue of whether the publication in electronic form of encryption software---software that is used to preserve the privacy of electronic communications and data stored on a computer---is entitled to protection under the First Amendment to the United States Constitution. Judge Gwin, a recent appointee to the federal bench who previously served on the Ohio Court of Common Pleas, has replaced Judge Donald C. Nugent as the judge responsible for the litigation. The plaintiff, Professor Peter Junger, who teaches a course in Computing and the Law and who wishes to publish his class materials containing some encryption programs on his World Wide Web server, seeks an injunction against the enforcement by the defendant, Commerce Secretary Daley, of the export regulations promulgated the Department of Commerce that require anyone who wishes to publish encryption software of the Internet or on the World Wide Web to first obtain a license from the Bureau of Export Administration. Both sides have filed for summary judgment. Junger argues that the freedoms of speech and of the press that are secured by the First Amendment protect the writing and publication of computer programs. The government, on the other hand, argues that computer programs are not entitled to the protection of the First Amendment because they are ``functional''. Each side has filed a brief in support of its motion for summary judgment. These briefs and the complaint and motions for summary judgment are available at and . In addition both sides have filed reply briefs that are now available at: In his reply brief the plaintiff's lawyers argue: ``Making software available on the Internet and the World Wide Web is publication of that software, and publication in that medium is entitled to the unqualified protection of the First Amendment.'' The government responds to this argument in its reply brief by claiming that software is a ``functional item'' and thus not entitled to protection as speech. In furtherance of this claim it points out, ``Much software ... is designed to cause substantial harm,'' and that ``software can be used to invade privacy, commit fraud, and substantially disrupt and endanger people's lives.'' ``That is rather a perverse argument,'' says Junger, ``considering that encryption software is used to protect against exactly the harms that the government lists and that there is no law against the use of encryption software, while, of course, there are laws against invading privacy, committing fraud, and substantially disrupting and endangering people's lives. It is clear that the government does not claim just the right to regulate the writing and publication of encryption software. It claims the right to forbid the writing and publication of any type of computer program whatsoever without being in any way restricted by the First Amendment. There are, of course, some types of speech, like obscenity, that the courts have held are not entitled to the protection of the First Amendment, but no court has ever subscribed to the government's remarkable theory that the First Amendment does not protect functional speech.'' ``My case,'' says Junger, ``is not just about the constitutionality of the regulations forbidding the export of encryption software, though that is an extremely important issue. The real issue is whether the First Amendment protects the writing and publication of any type of computer program.'' -30- From lawya@lucs-01.novell.leeds.ac.uk Fri, 27 Mar 1998 10:24:49 GMT0BST Date: Fri, 27 Mar 1998 10:24:49 GMT0BST From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: Police Access to Encrypted Messages - BNA Electronic Commerce an Dear All, The following piece is very interesting and mentions a secret policy paper which at least we were aware of when we released the initial warning with a Cyber-Rights & Cyber-Liberties (UK) press release which was followed by a Global Internet Liberty Campaign Statement on what has been reported in the media. Now the following BNA report mentions an anonymous UK officialtalking about this internal paper. Comments by David Hendon of DTI is also included in the coverage. Maybe David would like to explain us all about this internal policy paper which was issued to the EU ministers during the Birmingham summit. Of course we will never be able to see that internal policy paper as there are no laws on Freedom of Information in this country but soon that will change as well! All the best. Yaman BNA Electronic Commerce and Law Report March 25, 1998. ----- Cryptography U.K. President of EU Kicks Off Debate on Police Access to Encrypted Messages BRUSSELS-The United Kingdom, in its capacity as the current holder of the European Union presidency, has prepared a policy paper calling for law enforcement authorities to have access to encrypted electronic communications under certain circumstances. The document, submitted to an EU police working group at the end of February, states that "where an encryption key is used for confidentiality purposes, it may be necessary for law enforcement agencies to have lawful access in certain circumstances. This access may need to be either overt or covert," a U.K. official told BNA, speaking on the condition of anonymity. Exactly which circumstances would require access have not been determined, said the U.K. official. The paper was drawn up after an informal meeting of EU justice and home affairs ministers at the end of January when the ministers concluded that there was a "need for possibilities of interception by law enforcement authorities." The U.K. paper is further evidence that, as in the United States, there is a split between law enforcement agencies and industryrelated government departments and industry itself over the encryption issue. The British government also argued in the policy paper that under what it calls a "backdoor key" approach, law enforcement agencies must be allowed fast access to encrypted messages in order to combat the increasingly sophisticated communications methods used by criminal organizations and terrorists, the U.K. official said. But another official, David Hendon of the U.K.'s Department of Trade and Industry, said it would be wrong to surmise that the United Kingdom is about to pursue a mandatory key escrow policy. "Of course to be 100 percent sure of getting keys, you would need to have mandatory escrow. But we don't think this is realistic or in any way attainable and so it would be wrong to make a connection that the U.K. is about to announce such a thing-which, to be clear, we are not," said Hendon. Hendon explained that the paper's reference to "overt" and "covert" does not imply a call for "back door keys." By overt, he said, "we were referring to a search warrant that is served on the owner of a PC," for example. "By covert, we were referring to encryption related to interception of realtime communications. Obviously in this case, if the suspect knows his communications are being bugged, he won't say anything that helps the investigators." This, said Hendon, is a significant point because U.K. law does not permit interceptions to be used as evidence. Rather, an interception enables evidence gathering. Covert access is also necessary in terrorism investigations because the goal there is to step the terrorist act before it occurs, he said. Rift With E Commerce Boosters. "There seems to be widespread support among the member states for the report," added the anonymous U.K. official. She also stated that some European Commission officials would like to think that the U.K. "was out on a limb with this approach," but they were wrong. Indeed, both Telecommunications Commissioner Martin Bangemann and Internal Market Commissioner Mario Monti have argued over the course of the past year that there is no need for a system where law enforcement agencies must be given a key to encryption codes. "If the current trend continues there will likely be a showdown in the EU with those in favor of promoting a single market for electronic commerce against access to encryption codes versus those who believe law enforcement agencies need to have access to encryption," said the U.K. official. As part of research compiled before presenting the report, the Netherlands conducted a survey on the status of encryption legislation and the socalled "trusted third party" concept where the keys are deposited with a neutral body. Twelve of the 15 EU member states responded and some of the results, which the U.K. presidency used in its report, were as follows: * One member state (France) has a law requiring the public or companies to surrender encryption keys to crime detection or state security services while the United Kingdom and the Netherlands require this only under certain circumstances. * In five member states (Spain, the United Kingdom Sweden, the Netherlands, and France) there is either new or revised legislation under discussion. * In four member states (the United Kingdom, Denmark, the Netherlands, and Greece) trusted third parties (TTPs) are in use. *No experience in any member state has been gained from the TTPs by crime detection and state security services. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yaman Akdeniz Cyber-Rights & Cyber-Liberties