Irish digital signatures consultation paper

[Nicholas Bohm]

At 11:02 AM 8/14/1999 +0100, Brian Gladman wrote:
>
>----- Original Message -----
>From: Alan Ramsbottom <ACR@als.co.uk>
>To: <ukcrypto@maillist.ox.ac.uk>
>Sent: 14 August 1999 0:05 AM
>Subject: RE: Irish digital signatures consultation paper
>
>
>> >  Can anyone summarise the content?
>>
>> This page might help:
>>
>>    http://www.irlgov.ie/tec/communications/signat.htm
>>
>> -Alan-
>>
>
>Thank you Alan - this is certainly worth reading and suggests that the Irish
>Government is well ahead of our own when it comes to crypto issues.  I am
>less sure on electronic signature matters though.

I think you a bit optimistic on both.

>The statement on crypto policy is very interesting:
>
>---------
>*Users shall have the right to access strong and secure encryption to ensure
>the confidentiality, security and reliability of stored data and electronic
>communications.
>
>*Users shall have the right to choose any cryptographic method.
>
>*The production, import and use of encryption technologies in Ireland shall
>not be subject to any regulatory controls other than obligations relating to
>lawful access.
>
>*The export of cryptographic products is to continue to be regulated in
>accordance with the relevant EU Regulations and Decisions and Irish national
>legislation which reflect the Wassenaar Arrangement on Export Controls for
>Dual-Use Goods and Technologies and Conventional Arms.
>
>*In order to enable lawful access to encrypted data, legislation will be
>enacted to oblige users of encryption products to release, in response to a
>lawful authorisation, either plaintext which verifiably relates to the
>encrypted data in question or the keys or algorithms necessary to retrieve
>the plaintext. Appropriate sanctions will be put in place in respect of
>failure to comply.
>---------
>
>The wording of the last component clearly suggests that users will have a
>choice in responding to 'Irish decryption orders' in that they can supply
>either 'verifiable plaintext' or the 'means to decrypt'.   If this is the
>intention, Irish Government thinking is clearly well ahead of that here in
>the UK.

It very carefully does *not* say who will have the choice.  I wouldn't bet
much on the choice lying with the user.

>The whole tone of this announcment leads to an impression that Irish
>thinking is about e-commerce fiirst and ;aw enforcement access second - the
>exact opposite of the tone of UK proposals.
>
>The wording on crypto export controls is also interesting and quite subtle
>in that Irish regulation will accord with EU and Irish legislation ***which
>reflect*** the Wassenaar Arrangement.  Since the Wassenaar Arrangement
>cannot properly be used to 'impede bona fide commercial transactions' this
>wording ensures that Ireland will continue, as now, to have a highly liberal
>crypto export control regime.

I don't think it goes quite so far as to ensure that conclusion - at best
it may be consistent with it.  It is certainly true that nothing visible in
Wassenaar prevents any member from placing all crypto under an Open General
Export Licence, but I suggest that as far as Ireland is concerned, it's
still "wait and see".  

>If the UK and Ireland proceed as they currently propose, it seems to me that
>it will be Ireland that drives the e-commerce revolution and not the UK.

Ireland certainly gets full marks for keeping the tone sensible, the
temperature law and the atmosphere friendly.  But beware of the blarney.

Regards,

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 871272	(+44 1279 871272)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF