From 100557.3537@compuserve.com Tue, 1 Jun 1999 08:14:51 -0400 Date: Tue, 1 Jun 1999 08:14:51 -0400 From: Michael Thick 100557.3537@compuserve.com Subject: PIU report on Encryption and Law enforcement RELEASED Dear All, could I tap the collective wisdom? I am a member of the "Caldicott and Babies validation group" (the only connection appears to = be the title!) which is charged with producing and signing off the business case for issuing and recording NHS numbers to babies at birth. They are proposing a number of worrying things: 1) NHSnet will be used to communicate between the issuing authority and maternity without any form of additional security. 2) They are planning to hold a "linkage" between mother and baby at NSTS level to "facilitate" epidemiology of paediatric and neonatal morbidity, again with no plans for additional controls for confidentiality. Medical members of the panel registered disquiet, but I feel that some additional pressure will be useful. Any thoughts? Michael Thick From jei@zor.hut.fi Tue, 1 Jun 1999 15:34:32 +0300 (EEST) Date: Tue, 1 Jun 1999 15:34:32 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: FW:Clinton Foreign Policy (fwd) :) ---------- Forwarded message ---------- Date: Tue, 11 May 1999 09:58:59 -0400 From: Peter Capelli Subject: FW:Clinton Foreign Policy U.S. TO BEGIN BOMBING ENGLAND UNLESS PEACE ACCORD IS RATIFIED BY ENGLAND AND BREAK-AWAY PROVINCE OF N. IRELAND The White House -- President Clinton announced today that an all out bombing offensive against England will begin in two weeks, unless a peace accord is ratified by England and its break-away province of Northern Ireland. Along with liberating Northern Ireland, the President said that all British culinary institutes would be fair game for bombing. After the attack, NATO peace keeping troops will be sent in to ensure that all dentists can operate safely and without the threat of attack. "Using the fine logic we crafted in the Kosovo intervention, we have decided to add, incrementally, to the list of peace initiatives around the world," he said in a prepared statement. A background briefing indicated that on a weekly schedule, the Clinton administration would intervene in the following areas: Week one -- Bombing of England to free Northern Ireland, and to destroy the legendarily bad cuisine fabrication facilities. Week two -- Bombing of Ankara, Baghdad and Teheran to free the Kurds. Oh yeah, let's not forget all of the oil reserves we would gain. Week three -- Bombing of several random African countries to stop the Hutus from killing Tutsis. Week four -- Bombing of both Istanbul and Athens to solve the Cyprus problem, and end the argument over whether Socrates was actually homosexual or not. Week five -- Bombing of Madrid to free the Basque Country, also to shut up the people at PETA because one target would be the bull fighting rings. Week six -- Bombing of Ottawa to free the Quebecois. Week seven -- Bombing of Jakarta to free the Timor Islands. Week eight -- Bombing of Switzerland because it is due time that they were bullied. Week nine -- Bombing of Paris to free Corsica, and those wishing to use deodorant and razors. Week ten -- Bombing of Washington, D.C. to free the Confederate of Southern States, held captive for 139 years, and to free up more Senate seats for Hillary to possibly run for. Week eleven -- Bombing of North Dakota so that South Dakota might finally be recognized as a "real" state. "This schedule will do until we can come up with others," said Madeline Albright, Secretary of State. When asked whether or not the US would bomb Beijing in order to free Tibet she responded, "something that practical would never be on a military agenda." Pete Capelli - NSEC - pcapelli@nsec.net "Those who would give up essential liberty for temporary safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 PGP Key ID:3AD72805 From jei@zor.hut.fi Tue, 1 Jun 1999 16:34:36 +0300 (EEST) Date: Tue, 1 Jun 1999 16:34:36 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Echelon Story on Australian TV (fwd) ---------- Forwarded message ---------- Date: Sun, 23 May 1999 11:33:08 +1000 (EST) From: James Morris Subject: Echelon Story on Australian TV The cover story for this week's "Sunday" program in Australia (a mainstream news & current affairs show here) was titled "Big Brother is Watching". It covered Australia's role in Echelon with some very interesting admissions from the DSD and various ex-spooks. Here's an excerpt from the Web transcript: In an unprecedented statement to the Sunday program, the director of Australia's Defence Signals Directorate (DSD), Martin Brady, reveals what spying the DSD allows on Australian citizens and companies. DSD also officially acknowledges for the first time that it is a signatory of the hitherto secret UK-USA alliance, that endorses cooperation with counterpart intel ligence organisations in the United Kingdom, the US, Canada and New Zealand. See the rest online at http://sunday.ninemsn.com.au/ - James. -- James Morris From 100557.3537@compuserve.com Tue, 1 Jun 1999 08:14:51 -0400 Date: Tue, 1 Jun 1999 08:14:51 -0400 From: Michael Thick 100557.3537@compuserve.com Subject: PIU report on Encryption and Law enforcement RELEASED Dear All, could I tap the collective wisdom? I am a member of the "Caldicott and Babies validation group" (the only connection appears to = be the title!) which is charged with producing and signing off the business case for issuing and recording NHS numbers to babies at birth. They are proposing a number of worrying things: 1) NHSnet will be used to communicate between the issuing authority and maternity without any form of additional security. 2) They are planning to hold a "linkage" between mother and baby at NSTS level to "facilitate" epidemiology of paediatric and neonatal morbidity, again with no plans for additional controls for confidentiality. Medical members of the panel registered disquiet, but I feel that some additional pressure will be useful. Any thoughts? Michael Thick From jei@zor.hut.fi Tue, 1 Jun 1999 16:34:36 +0300 (EEST) Date: Tue, 1 Jun 1999 16:34:36 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Echelon Story on Australian TV (fwd) ---------- Forwarded message ---------- Date: Sun, 23 May 1999 11:33:08 +1000 (EST) From: James Morris Subject: Echelon Story on Australian TV The cover story for this week's "Sunday" program in Australia (a mainstream news & current affairs show here) was titled "Big Brother is Watching". It covered Australia's role in Echelon with some very interesting admissions from the DSD and various ex-spooks. Here's an excerpt from the Web transcript: In an unprecedented statement to the Sunday program, the director of Australia's Defence Signals Directorate (DSD), Martin Brady, reveals what spying the DSD allows on Australian citizens and companies. DSD also officially acknowledges for the first time that it is a signatory of the hitherto secret UK-USA alliance, that endorses cooperation with counterpart intel ligence organisations in the United Kingdom, the US, Canada and New Zealand. See the rest online at http://sunday.ninemsn.com.au/ - James. -- James Morris From jya@pipeline.com Tue, 01 Jun 1999 10:23:50 -0400 Date: Tue, 01 Jun 1999 10:23:50 -0400 From: John Young jya@pipeline.com Subject: Citizens' Right to Know The New York Times, June 1, 1999, p. A22. Editorial The Citizens' Right to Know After years of talk from the Labor Party about ending Britain's culture of secrecy, Tony Blair's Government has just proposed a sadly inadequate law governing the disclosure of government information. In effect, Britain is bucking a trend that has helped citizens elsewhere learn what their governments are doing and prevent official misconduct. In other nations, freedom of information laws have improved the policy-making process and provided a check against government abuses. The laws, most of which have been adopted in the past quarter-century, emphasize that government information belongs to the people. They accompany other transparency laws, which require Web-site publication of government data or publication of proposed laws in documents such as the Federal Register or Congressional Record. Together these laws have nourished democracy by restricting government powers to withhold important information. Sweden approved the first freedom of information law in 1766, saying that anyone could go to a government agency and look up documents in the files. Today at least 15 countries and Hong Kong have such laws, including Hungary and several Western European and Asian countries and former British colonies. South Africa's new democratic government put freedom of information in the country's new Constitution, and is now facing the challenge of financing a law and developing ways for citizens who cannot read or write to make oral requests. Japan is the latest to pass a freedom of information law, spurred in part by its Health Ministry's slowness in dealing with H.I.V.-tainted blood products, a scandal in which at least 400 people died. The United States passed a weak law in 1966, but it was greatly strengthened in 1974, after Watergate. It requires government agencies to publish many kinds of information, and allows anyone in the world to request the release of specific documents. The government may withhold several types of information, including material that violates privacy or damages the national security. Mr. Blair's new bill is weaker than previous proposals that both of Britain's major parties have made, and in some areas even softens current disclosure laws. It gives public officials the right to withhold information that relates to the formulation of government policy, material they believe could prejudice the workings of government, and even any request they consider "vexatious." No law is perfect. America's Freedom of Information Act works best for the businesses that are its biggest users and have long relationships with the agencies they query. Industries the government regulates, like pharmaceuticals, want early information about new standards and whatever the government can tell them about the competition. Some agencies with crucial information, such as the Central Intelligence Agency and the Pentagon, can take five years to respond to a disclosure request. Agencies routinely underfinance their information offices, and suffer no penalties for defying the disclosure law. They also abuse the permitted exceptions, using them to hide embarrassing behavior. Despite these flaws, however, Americans have been able to use freedom of information laws to learn about matters as diverse as the Bay of Pigs, housing discrimination and safety problems at nuclear plants. Many government officials admit that even though they resent disclosure provisions, the laws have given citizens a fundamental tool to expose and restrain government arrogance. ----- Archived at: http://jya.com/rtk.htm From jei@zor.hut.fi Wed, 2 Jun 1999 03:52:52 +0300 (EEST) Date: Wed, 2 Jun 1999 03:52:52 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: PIU report on Encryption and Law enforcement RELEASED (fwd) On Tue, 1 Jun 1999, Michael Thick wrote: > Dear All, could I tap the collective wisdom? I am a member of the > "Caldicott and Babies validation group" (the only connection appears to be > the title!) which is charged with producing and signing off the business > case for issuing and recording NHS numbers to babies at birth. They are > proposing a number of worrying things: > 1) NHSnet will be used to communicate between the issuing authority and > maternity without any form of additional security. > 2) They are planning to hold a "linkage" between mother and baby at NSTS > level to "facilitate" epidemiology of paediatric and neonatal morbidity, > again with no plans for additional controls for confidentiality. > Medical members of the panel registered disquiet, but I feel that some > additional pressure will be useful. Any thoughts? > Michael Thick Speaking of babies, how about this for a death-toll in the US vs Iraq war: 1,500,000 people dead, including 750,000 children under five. ============================================================= From: New Worker Online Subject: Sanctions -- war by other means! Sanctions -- war by other means! Book review by Karen Dabrowska Imposing economic sanctions -- Legal remedy or genocidal tool? by Geoff Simons, published by Pluto Press, 1999, pp256, =A312.99 (pbk). DO sanctions work? This is the question asked by Geoff Simons in the preface to his latest book. He concludes that sanctions are so diverse -- in their type, ambition and manner of applicalion -- that no general answer is possible. Sanctions are variously porous, ineffectual, counterproductive, misdirected, persuasive, effectual and devastating. They invariably have some impact, and they may achieve covert objectives different to those that are publicly proclaimed: the deliverers of sanctions often have hidden agendas. For example, United States efforts to keep Iraqi oil off world markets may have more to do with regulating energy prices than with any worry about weapons of mass destruction. The book has three main aims: *To illustrate the historical continuity of the economic sanctions option as a powerful means of coercion. The emphasis is primarily on sanctions as a means of economic warfare, a concomitant to naked violence, though it should be equally obvious that economic measures call be used to drastic effect also within a purely domestic context; *To illustrate the character and impact of particular sanctions regimes. It is one thing to block the shipment of arms (and not much else) to an apartheid South Africa, quite another to subject a mediaeval city or a modern Arab country to a total years-long economic blockade. Any attempt to judge the morality or efficacy of the sanctions option must consider the range of possible measures set against the goals to be achieve= d; *To indicate that the use of the sanctions option has many implications in ethics and law. Sanctions have a long history dating back to the Megarian Decree in Greece enacted by Pericles in 432BC. The specific reasons for the decree are debated but some commentators have noted that it followed the kidnapping of three Aspasian women. In the 19th century sieges generally involved land-based targets, though action was often taken against coastal fortifications and garrisons receiving supplies by river. The 20th century witnessed the imposition of sanctions by both the League of Nations and the United Nations which proved largely ineffectual as no attempt was made to impose comprehensive economic sanctions on plainly recalcitrant states. During the colonial era the most powerful members of the Security Council were directly supporting Portugal in its struggle to maintain colonial control. The United Slates has played a major role in the imposition of sanctions. The cases of Cuba, Vietnam, Libya, Iran and Iraq are discussed, suggesting that the United Nations is like a little dog on the American lead. America's influence in the Security Council is plain: resolutions are blocked or adopted largely according to how Washington judges their likely impact on US foreign policy. The United states, like the other permanent members of the Council, has the power of veto which means that American approval is essential for any resolution to stand. However, there are important limits to US sway in the Security Council: resolutions that Washington would welcome are not always adopted. The United States would have a UN-mandated embargo against Libyan oil, but was blocked by the energy appetites of the European powers; Washington would have liked tough UN sanctions against north Korea in the early 1990s but was blocked by the threat of a Chinese veto in the Security Council. In such circumstances the US resorts to the option of imposing unilateral sanctions, following Ihe exercise of defined presidential powers or, according to new domestic legislation. In short, Washington will exploit its unrivalled influence in international bodies where it can; when blocked it will take independent action -- which in turn may irritate other influential states and groups in the international community. The book ends with a case study of Iraq where sanctions imposed following the invasion of Kuwait in 1990 have caused the deaths of more than 1,500,000 people including 750,000 children under five. Simons concludes that the use of virtual economic siege has reduced the Iraqis to penury, disease and starvation. The United States was able to contrive international measures of a geoocidal nature for the gradual exterminatian of a national people in violation of UN conventions, other elements of international law and all human decency. (Please mention the New Worker Online when ordering the book) From jya@pipeline.com Wed, 02 Jun 1999 15:00:28 -0400 Date: Wed, 02 Jun 1999 15:00:28 -0400 From: John Young jya@pipeline.com Subject: Germany Frees Crypto The German cabinet today released a policy statement on the unrestricted use of encryption (an English translation would be welcome): http://www.bmwi.de/presse/1999/0602prm1.html It says, pardon my German, that for worldwide protection against economic espionage and electronic interception strongest encryption is to be allowed Germans, and the German crypto industry will be supported to develop superior products. And, though unrestricted encryptoon that may mean its increased usage for criminal purposes, the need for protection of commerce overrides; a report on criminal use is to be prepared and submitted within two years. Echelon is not specifically mentioned, but it hovers. France and Germany, who would have thought they'd feel threatened by UKUSA. Thanks to the online publication Future Zone for pointing: http://futurezone.orf.at/futurezone.orf?read=detail&id=1513&tmp=75421 From shavital@netvision.net.il Wed, 2 Jun 1999 23:17:47 +0300 Date: Wed, 2 Jun 1999 23:17:47 +0300 From: Shalom Avital shavital@netvision.net.il Subject: Germany Frees Crypto I value the information, which looks too good to be true. I thank in advance for an English translation, if somebody is willing to take care of that. Charly At 3:00 PM -0400 6/2/99, John Young wrote: >The German cabinet today released a policy statement on >the unrestricted use of encryption (an English translation >would be welcome): > > http://www.bmwi.de/presse/1999/0602prm1.html > >It says, pardon my German, that for worldwide protection >against economic espionage and electronic interception >strongest encryption is to be allowed Germans, and the >German crypto industry will be supported to develop >superior products. And, though unrestricted encryptoon >that may mean its increased usage for criminal purposes, the >need for protection of commerce overrides; a report on >criminal use is to be prepared and submitted within two >years. > >Echelon is not specifically mentioned, but it hovers. France >and Germany, who would have thought they'd feel threatened >by UKUSA. > >Thanks to the online publication Future Zone for pointing: > > http://futurezone.orf.at/futurezone.orf?read=detail&id=1513&tmp=75421 --- Shalom Avital From rguerra@interlog.com Wed, 2 Jun 1999 23:04:44 -0400 Date: Wed, 2 Jun 1999 23:04:44 -0400 From: Robert Guerra rguerra@interlog.com Subject: Fwd: Treasury Board approved a Policy for Public Key Infrastructure Management thought this might be of interest... >Date: Sun, 30 May 1999 13:35:04 -0300 (ADT) >From: M Taylor >To: efc-talk@efc.ca >Subject: Treasury Board approved a Policy for Public Key Infrastructure > Management >Reply-To: M Taylor >X-EFC-Web-Site: http://www.efc.ca >X-EFC-Archive: gopher://insight.mcmaster.ca/11/org/efc >Status: RO > > Fri, 28 May 1999 > >For those who may be interested, the Treasury Board (a committee of Cabinet) >approved yesterday evening a Policy for Public Key Infrastructure Management >in the Government of Canada. The policy provides direction to government >departments with respect to the issuance and use of certificates and >provides a governance structure for the Government of Canada PKI. >... > >-- >M Taylor mctaylor@ / privacy.nb.ca Robert Guerra WWW Page PGPKeys From Theodor.SCHLICKMANN@DG3.cec.be Thu, 3 Jun 1999 09:52:04 +0200 Date: Thu, 3 Jun 1999 09:52:04 +0200 From: Theodor.SCHLICKMANN@DG3.cec.be Theodor.SCHLICKMANN@DG3.cec.be Subject: Re(2): Germany Frees Crypto Just as a test, I tried the machine translation ... !!! Raw Machine Translation !!! =BBEr hat!=AB=20 Christiane Schulzki-Haddouti 02.06.99=20 Also Schily signs; Federal Government for liberal Kryptopolitik.=20 The last weeks were for the German network municipality an exciting tim= e. Already three weeks ago collar Economics Minister Mueller had settled h= is signature under the cabinet presentation to the German Kryptopolitik. A= lone the signature of petrols Schily took time. There would be still "clarificat= ion requirement" was called it mysterious from the ministry of the Interior= - one day after the window camber of Ulrich Sandl, not clarified still - the departmental head in the collar Ministry of Economic Affairs, who had c= reated the cabinet presentation. Allegedly secret service co-ordinator Uhlau w= as not merged zureichend into the negotiations. Also there were protest faxes = on the part of the punishing pursuers against the presentation. Starting enoug= h for the surprise, which flowed in the case of some observers into deserts consp= iracy theories. Nevertheless there had been discussions and meetings lasting = for months of various working groups - and not least a drastic change of go= vernment. But also the new Federal Minister of the Interior was considered to las= t as an uncertain candidate. "Does it have now, or doesn't it have ? "the last = code question in the German Kryptodiskussion was. Finally the day before yes= terday the releasing message: "It has ! "=20 Today it is official: The Federal Cabinet referred clear placing in the= matter of Kryptopolitik. The agreement negotiated between collar Ministry of E= conomic Affairs and Federal Ministry of the Interior puts its main interest on = the economic interests. Quintessential point and motive of the German polic= y are situated in the "improved protection German user in the world-wide info= rmation networks by application of probably cryptographic procedures". In the consideration between the interests of the punishing pursuers, conditio= n protection and Federal Intelligence Agency, as well as who believe them= selves by the application of encoding in their reconnaissance work disabled the endangerment by "illegal reconnoitering, manipulating or destroying dat= a" - with damages in billion level - decided the cabinet for intensified user pro= tection against foreign feeler gauges, Hacker and other intruders.=20 In five "corner points of the German Kryptopolitik" the development coo= rdinates for the next two years harden: Also in the future encoding procedures a= nd products without restriction may be developed, established, marketed an= d used in Germany. German Kryptohersteller are to be strengthened in their effici= ency as well as in the international competitiveness. Although the Wassenaar-Exportregime imposes certain limitations, one abolished withi= n the European Union with a first revision of the EG-Dual-Use-Verordnung the intra-Community export check for cryptographic bulk goods. The office f= or collar export checks at present whether the existing export inspection procedu= res can be simplified.=20 Important step into the information society=20 !!! Raw Machine Translation !!! Thomas Roessler, speakers of the "pumping association information techn= ology and society" (FITUG) welcomed the decision. The cabinet took thereby "an im= portant step into the information society". He hopes that the Federal Governmen= t advocates now "also in the international limit - for example with the Wassenaar-Verhandlungen - a free world-wide Exportierbarkeit of cryptog= raphic products at least for the frame market. The Federal Government wants to= pump also the "previously only low awareness of the users" in the future. A = first step was already taken for this by the initiative for "safety in the In= ternet".=20 The Kryptodebatte, which assumed ideological trains in the last years s= ometimes, is not completed yet however with the signatures under the cabinet pres= entation. The Federal Ministry of the Interior granted itself a temporal reservat= ion: After two years a report is to be submitted, in which is to be evaluate= d, to which extent the abuse of Kryptoverfahren for illegal purposes takes pl= ace. At the same time however also the technical configuration of the criminal investigation and police authorities is to be improved. Thomas Roessler= sees therein a reorientation:=20 "The decision of the Federal Government for an evaluation of the actual= influence of procedures for the confidentiality protection on the prose= cution shows that the Federal Government refrained from the partly paralysing Kryptodebatte of the last years."=20 Germany does not go a national special way with its Kryptopolitik. Only= two weeks ago the g8 working group "High Tech criminality" in Paris decided= to carry out an evaluation study in each state. Among other things the following= questions are to be answered: In how much cases do punishing pursuers d= iscover with searchings and seizings encoded material ? To what extent the clar= ification of criminal offences prevented by the use of encoding procedures ? In o= ne year already results are to be present. If then the debate starts again arou= nd an adjustment of encoding procedures, she will be able to refer to strong experiences and no more only to fears.=20 The corner points in detail:=20 !!! Raw Machine Translation !!! 1. The Federal Government does not intend to limit the free availabilit= y of encoding products in Germany. She sees a crucial condition for the data= security of the citizens, for the development of the electronic course of busine= ss as well as for the protection of company secrets in the applying of safe e= ncoding. The Federal Government becomes therefore the distribution of safe encod= ing in Germany actively supported. Among it in particular pumping the security= awareness ranks with the citizens, the economy and the administration. = 2. The Federal Government aims at strengthening the confidence of the u= sers into the safety of the encoding. Measures therefore taking, in order to crea= te a confidence limit for safe encoding, in particular by it the Ueberpruefb= arkeit of encoding products on its safety functions improves and the use of check= ed products recommends.=20 3. The Federal Government considers the ability of German manufacturers= for reasons of the safety of state, economics and society for the developme= nt and manufacture of safe and efficient encoding products unrenouncable. It w= ill take measures, in order to strengthen the international competitiveness of t= his sector.=20 4. The legal powers of the criminal investigation and police authoritie= s may not be eroded by the distribution of strong encoding procedures for telecommunication monitoring. The responsible Federal Ministries will t= herefore keep an eye further attentively and will report the development after t= he end of two years for this. Independently of it the Federal Government advocate= s in the limit of its possibilities the improvement of the technical competences= of the criminal investigation and police authorities.=20 5. The Federal Government attaches big importance to the international cooperation in the area of the encoding politics. She enters for open s= tandards developed at the market and interoperable systems and will advocate the= strengthening of the multilateral and bilateral cooperation.=20 Copyright =A9 in 1996-99 ALL Rights Reserved. All rights reserve publis= hing house for Heinz Heise, Hanover read modified: 02.06.99=20 !!! Raw Machine Translation !!! http://www.heise.de/tp/deutsch/inhalt/te/2908/1.html=20 =20 =20 TEXT W98463=20 SYSTRAN-RTF-INFORMATIONS =20 CELEX =20 DATE=3D99/06/03 TIME=3D09.36.00=20 =20 =20 = From roessler@guug.de Thu, 3 Jun 1999 12:06:56 +0200 Date: Thu, 3 Jun 1999 12:06:56 +0200 From: Thomas Roessler roessler@guug.de Subject: Germany Frees Crypto Shalom Avital wrote on ukcrypto: > I value the information, which looks too good to be true. > I thank in advance for an English translation, if somebody is willing to > take care of that. The text is rather lengthy. I'll try to give a translation of the actual framework ("Eckpunkte" in German). I beg your pardon for the mistakes I'll undoubtedly make; I'm not a native English speaker. ------------------------------ cut 1. The Federal Government does not plan to limit the free availability of encryption products in Germany. It considers the application of secure encryption to be a crucial requirement for the citizens' privacy, for the development of electronic commerce, and for the protection of business secrets. The Federal Government will therfore actively support the distribution of secure encryption. This includes in particular increasing the security consciousness of citizens, business, and administration. 2. The Federal Government strives for strengthening users' trust in the security of encryption. It will therefore take measures to create a framework for trustworthy secure encryption, in particular by improving the possibilities for reviewing encryption products for their security, and by recommending the use of reviewed products. 3. For reasons of national security, and the security of business and society, the Federal Government considers the ability of German manufacturers to develop and manufacture secure and efficient encryption products indispensible. It will take measures to strenghten the international competitiveness of this sector. 4. The spreading of strong encryption must not undermine the legal possibilities of prosecution and security authorities [police and intelligence communities may be a better translation]. The responsible Federal Ministries will cautiously watch the development and present a report after two years. Additionally, the Federal Government will work on improving the technical skills of prosecution and security authorities. 5. The Federal Government attaches importance to international cooperation on encryption policy. It encourages market-driven, open standards and interoperable systems and will work to strengthen multilateral and bilateral cooperation. ------------------------------ cut I hope this somewhat rough translation is precise enough for your purposes. From Brian.Randell@newcastle.ac.uk Thu, 3 Jun 1999 12:40:50 +0100 Date: Thu, 3 Jun 1999 12:40:50 +0100 From: Brian Randell Brian.Randell@newcastle.ac.uk Subject: Germany Frees Crypto Re the message from Thomas Roessler : .... >The text is rather lengthy. I'll try to give a translation of the >actual framework ("Eckpunkte" in German). I beg your pardon for the >mistakes I'll undoubtedly make; I'm not a native English speaker. .... >I hope this somewhat rough translation is precise enough for your >purposes. Excellent - many thanks. I would like to think your translation was precise enough to prompt comments to UKCRYPTO on the German Government's new policy from our DTI colleagues. Mind you, I can't recall any such comments regarding the earlier French policy change! :-) Cheers Brian Randell Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK EMAIL = Brian.Randell@newcastle.ac.uk PHONE = +44 191 222 7923 FAX = +44 191 222 8232 URL = http://www.cs.ncl.ac.uk/~brian.randell/ From david@crimbles.demon.co.uk Thu, 03 Jun 1999 13:59:23 +0100 Date: Thu, 03 Jun 1999 13:59:23 +0100 From: David Crookes david@crimbles.demon.co.uk Subject: Germany Frees Crypto At 12:06 PM 6/3/99 +0200, you wrote: > >The text is rather lengthy. I'll try to give a translation of the >actual framework ("Eckpunkte" in German). I beg your pardon for the >mistakes I'll undoubtedly make; I'm not a native English speaker. > Thank's for the translation. It was very useful. Your English is fine! One thing that wasn't mention in your translation was whether there is a policy change regarding the export of strong encryption products from Germany. Was this covered at all? Regards, Dave From shavital@netvision.net.il Thu, 3 Jun 1999 16:03:55 +0300 Date: Thu, 3 Jun 1999 16:03:55 +0300 From: Shalom Avital shavital@netvision.net.il Subject: Germany Frees Crypto At 12:06 PM +0200 6/3/99, Thomas Roessler wrote: >Shalom Avital wrote on ukcrypto: > >> I value the information, which looks too good to be true. > >> I thank in advance for an English translation, if somebody is willing to >> take care of that. > >The text is rather lengthy. I'll try to give a translation of the >actual framework ("Eckpunkte" in German). I beg your pardon for the >mistakes I'll undoubtedly make; I'm not a native English speaker. [cut] Thank you indeed for your time and work. I'm not a native English speaker, either, but I'll venture to say your English is outstanding. Charly --- Shalom Avital From rguerra@interlog.com Wed, 2 Jun 1999 23:04:44 -0400 Date: Wed, 2 Jun 1999 23:04:44 -0400 From: Robert Guerra rguerra@interlog.com Subject: Fwd: Treasury Board approved a Policy for Public Key Infrastructure Management thought this might be of interest... >Date: Sun, 30 May 1999 13:35:04 -0300 (ADT) >From: M Taylor >To: efc-talk@efc.ca >Subject: Treasury Board approved a Policy for Public Key Infrastructure > Management >Reply-To: M Taylor >X-EFC-Web-Site: http://www.efc.ca >X-EFC-Archive: gopher://insight.mcmaster.ca/11/org/efc >Status: RO > > Fri, 28 May 1999 > >For those who may be interested, the Treasury Board (a committee of Cabinet) >approved yesterday evening a Policy for Public Key Infrastructure Management >in the Government of Canada. The policy provides direction to government >departments with respect to the issuance and use of certificates and >provides a governance structure for the Government of Canada PKI. >... > >-- >M Taylor mctaylor@ / privacy.nb.ca Robert Guerra WWW Page PGPKeys From david@crimbles.demon.co.uk Thu, 03 Jun 1999 13:59:23 +0100 Date: Thu, 03 Jun 1999 13:59:23 +0100 From: David Crookes david@crimbles.demon.co.uk Subject: Germany Frees Crypto At 12:06 PM 6/3/99 +0200, you wrote: > >The text is rather lengthy. I'll try to give a translation of the >actual framework ("Eckpunkte" in German). I beg your pardon for the >mistakes I'll undoubtedly make; I'm not a native English speaker. > Thank's for the translation. It was very useful. Your English is fine! One thing that wasn't mention in your translation was whether there is a policy change regarding the export of strong encryption products from Germany. Was this covered at all? Regards, Dave From david.hayes@wcom.com Thu, 03 Jun 1999 10:45:49 -0500 Date: Thu, 03 Jun 1999 10:45:49 -0500 From: David Hayes david.hayes@wcom.com Subject: Germany Frees Crypto The really interesting thing about this is that Germany does not seem to demand that a criminal suspect decrypt anything, even with a warrant/subpoena. Neither does Germany make use of crypto a separate criminal offense when used to evade prosecution for a more traditional crime. Is there some point of German law that already covers this? If not, then Germany is clearly distinguished from France (who does require decryption on court order), and I believe all of the proposed liberalizations of U.S. law presently in Congress. Who would have thought that ECHELON would turn out to be a program to improve civil liberties? David Hayes, exercising the right of free typing on my own behalf. My employer pays no attention to my opinions. david@hayes-family.org From David_Conrad@isc.org Thu, 03 Jun 1999 10:29:47 -0700 Date: Thu, 03 Jun 1999 10:29:47 -0700 From: David R. Conrad David_Conrad@isc.org Subject: Germany Frees Crypto Hi, > 5. The Federal Government attaches importance to international > cooperation on encryption policy. It encourages market-driven, > open standards and interoperable systems and will work to > strengthen multilateral and bilateral cooperation. Does this mean the German government will not allow export of strong crypto developed within Germany? Regards, -drc From roessler@guug.de Thu, 3 Jun 1999 19:01:36 +0200 Date: Thu, 3 Jun 1999 19:01:36 +0200 From: Thomas Roessler roessler@guug.de Subject: Germany Frees Crypto On 1999-06-03 13:59:23 +0100, David Crookes wrote: > One thing that wasn't mention in your translation was whether there > is a policy change regarding the export of strong encryption > products from Germany. Was this covered at all? In the somewhat lengthy text accompanying the framework, there is a note that strengthening the international competitiveness of German crypto manufacturers is an important goal of the Federal Government. The text then references the European Directive On Dual-Use-Goods - this year's edition of that Directive has taken crypto from the list of goods whose export is controlled even inside the European Union. Additionally, there is a note that Germany's equivalent of the BXA (it's called Bundesausfuhramt) is considering a simplification of export control procedures. There is no explicit reference to this year's Wassenaar negotiations. From jya@pipeline.com Thu, 03 Jun 1999 13:58:08 -0400 Date: Thu, 03 Jun 1999 13:58:08 -0400 From: John Young jya@pipeline.com Subject: Germany Frees Crypto David Conrad wrote: >> 5. The Federal Government attaches importance to international >> cooperation on encryption policy. It encourages market-driven, >> open standards and interoperable systems and will work to >> strengthen multilateral and bilateral cooperation. > >Does this mean the German government will not allow export of strong >crypto developed within Germany? My reading of the full statement, via Babelfish, is that Germany will abide the Wassenaar Arrangement export controls on encryption but will work to loosen them in concert with other signators. This is not a novel, for there are several countries which claim to hold the same position -- Denmark, Sweden, others -- but have not been able heretofore to budge the US-dominated members -- which, ta da, turn out to be those 2nd and 3rd tier members of UKUSA. So, while Echelon-favoritism may eventually fracture Wassenaar, it could also turn out that the whole gang of 33 will be seduced by those special upper tier membership privileges of real-time access. As someone working on an Echelon story asked elsewhere, just what strength of crypto can NSA crack these days. From nbohm@ernest.net Thu, 03 Jun 1999 19:37:27 +0100 Date: Thu, 03 Jun 1999 19:37:27 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Germany Frees Crypto At 01:58 PM 6/3/1999 -0400, John Young wrote: >David Conrad wrote: > >>> 5. The Federal Government attaches importance to international >>> cooperation on encryption policy. It encourages market-driven, >>> open standards and interoperable systems and will work to >>> strengthen multilateral and bilateral cooperation. >> >>Does this mean the German government will not allow export of strong >>crypto developed within Germany? > >My reading of the full statement, via Babelfish, is that Germany will >abide the Wassenaar Arrangement export controls on encryption but >will work to loosen them in concert with other signators. It is sometimes overlooked that the Wassenaar Arrangement requires its members to control the export of cryptography, but does not require them to prohibit it. It is perfectly compliant for a member state to place cryptography on its export control lists but to grant an open general export licence for it. (Even the UK applies an open general export licence to much Wassenaar controlled material, although not to cryptography.) [snip] Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From jei@zor.hut.fi Thu, 3 Jun 1999 22:15:12 +0300 (EEST) Date: Thu, 3 Jun 1999 22:15:12 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: [ISN] U.K. Crypto Policy May Have Hidden Agenda (fwd) ---------- Forwarded message ---------- Date: Thu, 3 Jun 1999 10:50:28 -0600 (MDT) From: cult hero To: InfoSec News Subject: [ISN] U.K. Crypto Policy May Have Hidden Agenda http://www.nytimes.com/techweb/TW_U_K_Crypto_Policy_May_Have_Hidden_Agenda.html June 3, 1999 U.K. Crypto Policy May Have Hidden Agenda Filed at 5:06 a.m. EDT By Madeleine Acey for TechWeb, CMPnet Despite its abandonment of key escrow, the U.K. could be counting on the ignorance of new Internet users to provide law enforcement easy access to private communications, according to privacy campaigners. Following a meeting in London on Wednesday, where ISPs drafted a code of practice for protecting user privacy, ISP and civil liberties groups both derided British and European Union attempts to regulate the use of encryption, caching and unsolicited email. ISP organizations, such as the London Internet Exchange -- or LINX -- described government policy as "extremely stupid," "misguided" and "infeasible." But some said they found it hard to believe incompetence was behind it. LINX chairman Keith Mitchell said the latest version of proposed legislation regarding law enforcement access to encrypted email and computer files was based on a "misguided conception" that ISPs would provide users with encryption. A senior government official said last week the government expected most warrants demanding keys to encrypted material would be served on service providers. "The only encryption of any use on the Internet is end-to-end. The keys are generated between the users. All the ISP is going to see is an encrypted data stream," Mitchell said. "I still don't know a single Home Office employee that has an email address," he said. But of the encryption warrant policy, he said the government "either doesn't understand or is deliberately misunderstanding." "I think they are deliberate," said Yaman Akdeniz of Cyber-Rights & Cyber-Liberties. "They don't want to give away what they want to do." He said there was a lot of pressure on lawmakers from the National Criminal Intelligence Service, which wanted easy access. "The Home Office believes users will go to [third parties], like the Post Office, to get keys," said Nicholas Bohm, spokesman for the Foundation for Information Policy Research. "They should not be promoting a policy where private keys are generated by anybody but the user." He, along with Akdeniz, said it was possible the government was planning to create a new market, favorable to easy law enforcement access, where new Internet users -- unaware of the tradition of free user-to-user encryption -- would go to "trusted third parties" for encryption services because they were endorsed by the government as safe. "If these new services are there, many people will use them," Akdeniz said. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] From nigelhickson@compuserve.com Thu, 3 Jun 1999 17:20:27 -0400 Date: Thu, 3 Jun 1999 17:20:27 -0400 From: Nigel Hickson nigelhickson@compuserve.com Subject: Germany Frees Crypto Colleagues = Many thanks for translation; saves the DTI purse. Policy looks very similar to ours (DTI). = Nigel = From jbrazier@proproco.co.uk Thu, 3 Jun 1999 23:38:59 +0100 Date: Thu, 3 Jun 1999 23:38:59 +0100 From: John R T Brazier jbrazier@proproco.co.uk Subject: Germany Frees Crypto Dear Thomas et al, Thanks for your excellent translation. One hopes that Stephen Byers (who = has had a rough few weeks and is probably sick of this topic) will take = note for the UK legislation. By the way, does anyone know what has = happened to this? It was all terribly urgent during the consultation = period. One other interesting thing is Point (3) of the framework: is this a = nice way of saying that Wassenaar is dead? At least from the German = government point of view? Cheers, JB -----Original Message----- From: owner-ukcrypto@maillist.ox.ac.uk = [mailto:owner-ukcrypto@maillist.ox.ac.uk] On Behalf Of Thomas Roessler Sent: Thursday, June 03, 1999 11:07 AM To: ukcrypto@maillist.ox.ac.uk Cc: Cryptography List Subject: Re: Germany Frees Crypto Shalom Avital wrote on ukcrypto: > I value the information, which looks too good to be true. > I thank in advance for an English translation, if somebody is willing = to > take care of that. The text is rather lengthy. I'll try to give a translation of the actual framework ("Eckpunkte" in German). I beg your pardon for the mistakes I'll undoubtedly make; I'm not a native English speaker. ------------------------------ cut 1. The Federal Government does not plan to limit the free availability of encryption products in Germany. It considers the application of secure encryption to be a crucial requirement for the citizens' privacy, for the development of electronic commerce, and for the protection of business secrets. The Federal Government will therfore actively support the distribution of secure encryption. This includes in particular increasing the security consciousness of citizens, business, and administration. 2. The Federal Government strives for strengthening users' trust in the security of encryption. It will therefore take measures to create a framework for trustworthy secure encryption, in particular by improving the possibilities for reviewing encryption products for their security, and by recommending the use of reviewed products. 3. For reasons of national security, and the security of business and society, the Federal Government considers the ability of German manufacturers to develop and manufacture secure and efficient encryption products indispensible. It will take measures to strenghten the international competitiveness of this sector. 4. The spreading of strong encryption must not undermine the legal possibilities of prosecution and security authorities [police and intelligence communities may be a better translation]. The responsible Federal Ministries will cautiously watch the development and present a report after two years. Additionally, the Federal Government will work on improving the technical skills of prosecution and security authorities. 5. The Federal Government attaches importance to international cooperation on encryption policy. It encourages market-driven, open standards and interoperable systems and will work to strengthen multilateral and bilateral cooperation. ------------------------------ cut I hope this somewhat rough translation is precise enough for your purposes. From jbrazier@proproco.co.uk Thu, 3 Jun 1999 23:57:56 +0100 Date: Thu, 3 Jun 1999 23:57:56 +0100 From: John R T Brazier jbrazier@proproco.co.uk Subject: Germany Frees Crypto -----Original Message----- From: owner-ukcrypto@maillist.ox.ac.uk = [mailto:owner-ukcrypto@maillist.ox.ac.uk] On Behalf Of John Young Sent: Thursday, June 03, 1999 6:58 PM To: ukcrypto@maillist.ox.ac.uk Cc: cryptograph@c2.net; David_Conrad@isc.org Subject: Re: Germany Frees Crypto As someone working on an Echelon story asked elsewhere, just what=20 strength of crypto can NSA crack these days. Dear John &c, Because of another discussion on another list, I think I can put = together an argument for an NSA capability of breaking 80 bit keys (or = perhaps longer) within a few days for block ciphers like RC5. Of course, = it's full of assumptions, and will take me a few days to check a few = things, but if you're interested ... Cheers, John B From jya@pipeline.com Thu, 03 Jun 1999 18:16:01 -0400 Date: Thu, 03 Jun 1999 18:16:01 -0400 From: John Young jya@pipeline.com Subject: Germany Frees Crypto Peter Haefner has provided an English translation of the full German statement, "Cornerstones of German Encryption Policy": http://jya.com/de-crypto-all.htm From david@crimbles.demon.co.uk Fri, 04 Jun 1999 09:05:29 +0100 Date: Fri, 04 Jun 1999 09:05:29 +0100 From: David Crookes david@crimbles.demon.co.uk Subject: Germany Frees Crypto At 11:57 PM 6/3/99 +0100, John R T Brazier wrote: > >Because of another discussion on another list, I think I can put together an >argument for an NSA capability of breaking 80 bit keys (or perhaps longer) >within a few days for block ciphers like RC5. Of course, it's full of >assumptions, and will take me a few days to check a few things, but if >you're interested ... > I'm interested...... Cheers, Dave From jei@zor.hut.fi Fri, 4 Jun 1999 12:18:22 +0300 (EEST) Date: Fri, 4 Jun 1999 12:18:22 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: [ISN] U.K. Crypto Policy May Have Hidden Agenda (fwd) http://www.nytimes.com/techweb/TW_U_K_Crypto_Policy_May_Have_Hidden_Agenda.html June 3, 1999 U.K. Crypto Policy May Have Hidden Agenda Filed at 5:06 a.m. EDT By Madeleine Acey for TechWeb, CMPnet Despite its abandonment of key escrow, the U.K. could be counting on the ignorance of new Internet users to provide law enforcement easy access to private communications, according to privacy campaigners. Following a meeting in London on Wednesday, where ISPs drafted a code of practice for protecting user privacy, ISP and civil liberties groups both derided British and European Union attempts to regulate the use of encryption, caching and unsolicited email. ISP organizations, such as the London Internet Exchange -- or LINX -- described government policy as "extremely stupid," "misguided" and "infeasible." But some said they found it hard to believe incompetence was behind it. LINX chairman Keith Mitchell said the latest version of proposed legislation regarding law enforcement access to encrypted email and computer files was based on a "misguided conception" that ISPs would provide users with encryption. A senior government official said last week the government expected most warrants demanding keys to encrypted material would be served on service providers. "The only encryption of any use on the Internet is end-to-end. The keys are generated between the users. All the ISP is going to see is an encrypted data stream," Mitchell said. "I still don't know a single Home Office employee that has an email address," he said. But of the encryption warrant policy, he said the government "either doesn't understand or is deliberately misunderstanding." "I think they are deliberate," said Yaman Akdeniz of Cyber-Rights & Cyber-Liberties. "They don't want to give away what they want to do." He said there was a lot of pressure on lawmakers from the National Criminal Intelligence Service, which wanted easy access. "The Home Office believes users will go to [third parties], like the Post Office, to get keys," said Nicholas Bohm, spokesman for the Foundation for Information Policy Research. "They should not be promoting a policy where private keys are generated by anybody but the user." He, along with Akdeniz, said it was possible the government was planning to create a new market, favorable to easy law enforcement access, where new Internet users -- unaware of the tradition of free user-to-user encryption -- would go to "trusted third parties" for encryption services because they were endorsed by the government as safe. "If these new services are there, many people will use them," Akdeniz said. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] From waste@zor.hut.fi Fri, 4 Jun 1999 12:43:40 +0300 (EEST) Date: Fri, 4 Jun 1999 12:43:40 +0300 (EEST) From: Putrefied Cow waste@zor.hut.fi Subject: Germany Frees Crypto On Thu, 3 Jun 1999, John R T Brazier wrote: > One other interesting thing is Point (3) of the framework: is this > a nice way of saying that Wassenaar is dead? At least from the > German government point of view? I'd say no. The WA was, and still is serving it's purpose in the sense that UKUSA managed to enforce other nations to adopt their policies on what they should be allowed to export and where. Very nice work by the UKUSA, I'd say. BTW, A long time ago in Finland, I remember reading that the GSM phones could have had strong enough crypto that the NSA couldn't crack it, and that because of it the UKUSA forced Nokia's hand and made them adopt a weak crypto that is easily cracked. So essentially now every GSM phone is insecure as they can be listened into from spy-satellites. Is this really the case? Is there anything that could be done about it? ++ J From david.hayes@wcom.com Thu, 03 Jun 1999 10:45:49 -0500 Date: Thu, 03 Jun 1999 10:45:49 -0500 From: David Hayes david.hayes@wcom.com Subject: Germany Frees Crypto The really interesting thing about this is that Germany does not seem to demand that a criminal suspect decrypt anything, even with a warrant/subpoena. Neither does Germany make use of crypto a separate criminal offense when used to evade prosecution for a more traditional crime. Is there some point of German law that already covers this? If not, then Germany is clearly distinguished from France (who does require decryption on court order), and I believe all of the proposed liberalizations of U.S. law presently in Congress. Who would have thought that ECHELON would turn out to be a program to improve civil liberties? David Hayes, exercising the right of free typing on my own behalf. My employer pays no attention to my opinions. david@hayes-family.org From David_Conrad@isc.org Thu, 03 Jun 1999 10:29:47 -0700 Date: Thu, 03 Jun 1999 10:29:47 -0700 From: David R. Conrad David_Conrad@isc.org Subject: Germany Frees Crypto Hi, > 5. The Federal Government attaches importance to international > cooperation on encryption policy. It encourages market-driven, > open standards and interoperable systems and will work to > strengthen multilateral and bilateral cooperation. Does this mean the German government will not allow export of strong crypto developed within Germany? Regards, -drc From jei@zor.hut.fi Thu, 3 Jun 1999 22:15:12 +0300 (EEST) Date: Thu, 3 Jun 1999 22:15:12 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: [ISN] U.K. Crypto Policy May Have Hidden Agenda (fwd) ---------- Forwarded message ---------- Date: Thu, 3 Jun 1999 10:50:28 -0600 (MDT) From: cult hero To: InfoSec News Subject: [ISN] U.K. Crypto Policy May Have Hidden Agenda http://www.nytimes.com/techweb/TW_U_K_Crypto_Policy_May_Have_Hidden_Agenda.html June 3, 1999 U.K. Crypto Policy May Have Hidden Agenda Filed at 5:06 a.m. EDT By Madeleine Acey for TechWeb, CMPnet Despite its abandonment of key escrow, the U.K. could be counting on the ignorance of new Internet users to provide law enforcement easy access to private communications, according to privacy campaigners. Following a meeting in London on Wednesday, where ISPs drafted a code of practice for protecting user privacy, ISP and civil liberties groups both derided British and European Union attempts to regulate the use of encryption, caching and unsolicited email. ISP organizations, such as the London Internet Exchange -- or LINX -- described government policy as "extremely stupid," "misguided" and "infeasible." But some said they found it hard to believe incompetence was behind it. LINX chairman Keith Mitchell said the latest version of proposed legislation regarding law enforcement access to encrypted email and computer files was based on a "misguided conception" that ISPs would provide users with encryption. A senior government official said last week the government expected most warrants demanding keys to encrypted material would be served on service providers. "The only encryption of any use on the Internet is end-to-end. The keys are generated between the users. All the ISP is going to see is an encrypted data stream," Mitchell said. "I still don't know a single Home Office employee that has an email address," he said. But of the encryption warrant policy, he said the government "either doesn't understand or is deliberately misunderstanding." "I think they are deliberate," said Yaman Akdeniz of Cyber-Rights & Cyber-Liberties. "They don't want to give away what they want to do." He said there was a lot of pressure on lawmakers from the National Criminal Intelligence Service, which wanted easy access. "The Home Office believes users will go to [third parties], like the Post Office, to get keys," said Nicholas Bohm, spokesman for the Foundation for Information Policy Research. "They should not be promoting a policy where private keys are generated by anybody but the user." He, along with Akdeniz, said it was possible the government was planning to create a new market, favorable to easy law enforcement access, where new Internet users -- unaware of the tradition of free user-to-user encryption -- would go to "trusted third parties" for encryption services because they were endorsed by the government as safe. "If these new services are there, many people will use them," Akdeniz said. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] From david@crimbles.demon.co.uk Fri, 04 Jun 1999 09:05:29 +0100 Date: Fri, 04 Jun 1999 09:05:29 +0100 From: David Crookes david@crimbles.demon.co.uk Subject: Germany Frees Crypto At 11:57 PM 6/3/99 +0100, John R T Brazier wrote: > >Because of another discussion on another list, I think I can put together an >argument for an NSA capability of breaking 80 bit keys (or perhaps longer) >within a few days for block ciphers like RC5. Of course, it's full of >assumptions, and will take me a few days to check a few things, but if >you're interested ... > I'm interested...... Cheers, Dave From waste@zor.hut.fi Fri, 4 Jun 1999 12:43:40 +0300 (EEST) Date: Fri, 4 Jun 1999 12:43:40 +0300 (EEST) From: Putrefied Cow waste@zor.hut.fi Subject: Germany Frees Crypto On Thu, 3 Jun 1999, John R T Brazier wrote: > One other interesting thing is Point (3) of the framework: is this > a nice way of saying that Wassenaar is dead? At least from the > German government point of view? I'd say no. The WA was, and still is serving it's purpose in the sense that UKUSA managed to enforce other nations to adopt their policies on what they should be allowed to export and where. Very nice work by the UKUSA, I'd say. BTW, A long time ago in Finland, I remember reading that the GSM phones could have had strong enough crypto that the NSA couldn't crack it, and that because of it the UKUSA forced Nokia's hand and made them adopt a weak crypto that is easily cracked. So essentially now every GSM phone is insecure as they can be listened into from spy-satellites. Is this really the case? Is there anything that could be done about it? ++ J From ptemple@onlinemagic.com Fri, 04 Jun 1999 15:14:54 +0100 Date: Fri, 04 Jun 1999 15:14:54 +0100 From: Phillip Temple ptemple@onlinemagic.com Subject: Germany Frees Crypto At 12:43 PM 6/4/99 +0300, Putrefied Cow wrote: > >BTW, A long time ago in Finland, I remember reading that the GSM >phones could have had strong enough crypto that the NSA couldn't >crack it, and that because of it the UKUSA forced Nokia's hand and >made them adopt a weak crypto that is easily cracked. > >So essentially now every GSM phone is insecure as they can be >listened into from spy-satellites. The original specs for GSM had strong crypto. From the previous discussions I remember, it was rather a case of different national interests having different agendas re: eavesdropping. I don't think it applied to any one manufacturer, it was rather across the board. Hence handsets sold to different nations had different levels of being crippled (by blanking xxx of the top bits of the key). There was also the story of the Sicily Mafia buying German mobile phones to stop the Italian law enforcement from listening in. I'm sure someone can come up with more accurate details than my vague recollections. The UKUSA alliance probably also had a hand in these dealings? Phillip. From waste@zor.hut.fi Fri, 4 Jun 1999 17:18:10 +0300 (EEST) Date: Fri, 4 Jun 1999 17:18:10 +0300 (EEST) From: Putrefied Cow waste@zor.hut.fi Subject: [IWAR] CRYPTO Germany Endorses Strong Crypto (fwd) Sorry about forwarding. ---------- Forwarded message ---------- Date: Thu, 3 Jun 1999 21:29:52 -0700 (PDT) From: 7Pillars Partners Reply-To: iwar@sirius.infonex.com To: g2i list , IWAR list Subject: [IWAR] CRYPTO Germany Endorses Strong Crypto Germany Endorses Strong Crypto Wired News Report 5:20 p.m. 3.Jun.99.PDT In an apparent response to corporate spying allegedly conducted in Europe by the United States, Germany is encouraging citizens and businesses to use strong cryptography. "[Germany] considers the application of secure encryption to be a crucial requirement for citizens' privacy, for the development of electronic commerce, and for the protection of business secrets," reads a translated version of a policy framework document released Wednesday by Germany's Federal Department of Business and Technology (BMWI). "The federal government will therefore actively support the distribution of secure encryption. This includes in particular increasing the security consciousness of citizens, business, and administration." Australia recently became the first nation to admit it participates in Echelon, a previously secret global surveillance network capable of intercepting electronic communications anywhere in the world. Echelon is said to be principally operated by the United States' National Security Agency and its UK equivalent, the Government Communications Headquarters. In addition to Australia, the system relies on cooperation with other signals-intelligence agencies in Canada and New Zealand. Earlier this month, UK investigative journalist Duncan Campbell submitted Interception Capabilities 2000, his report on Echelon, to the European Parliament's Science and Technology Options Assessment Panel. Campbell had been asked to investigate the system in the wake of charges made last year in the European Parliament that Echelon was being used to funnel European government and industry secrets into US hands. In the wake of the report, the Australian government confirmed the Echelon alliance to media in follow-up interviews. Though Wednesday's German government statement does not mention Echelon, the document alludes to the specter of industrial espionage. "For reasons of national security, and the security of business and society, the federal government considers the ability of German manufacturers to develop and manufacture secure and efficient encryption products indispensable," the statement said. The government added that it would take additional measures to strengthen its domestic crypto software industry. The policy also cautioned that while encryption may be used to criminal ends, the need to protect electronic commerce overrides any such concerns. The department said it would prepare and release a report on the criminal uses of cryptography within two years. The US government restricts the export of strong crypto on the grounds that it might be used by terrorists and hostile nations to conceal communications. From waste@zor.hut.fi Fri, 4 Jun 1999 17:34:47 +0300 (EEST) Date: Fri, 4 Jun 1999 17:34:47 +0300 (EEST) From: Putrefied Cow waste@zor.hut.fi Subject: God Save the Keys God Save the Keys June 03, 1999 The United States may have been the first country to guarantee its citizens freedom of speech, but when it comes to guaranteeing private speech in the digital age, jolly old England may be one step ahead. Unlike its U.S. Justice Department counterpart, the United Kingdom's Home Office recently softened its position on requiring companies that use strong encryption to deposit a copy of their "keys" with an agency of the government or a "trusted" third party. Last week, while in London, I was briefed by a Home Office representative about the agency's change of heart in this classic battle between law enforcement's desire to catch bad guys and British subjects' right to communicate in privacy. Just as in the United States, British law-enforcement officials and businesses have locked horns over the issue of encryption. Companies that do business over the Internet insist they must be able to use the strongest encryption available and that they--not any government--should decide who keeps the keys to unlock that data. The Clinton administration and its counterparts in the United Kingdom have long argued that the government needs the ability to access a "key" to privately encrypted messages. They argue that this allows warrant-wielding law-enforcement officials to fight crime by breaking the encrypted code of terrorists, pedophiles and other criminals. The FBI remains steadfast in its pursuit of the right to peer into your data, regardless of whether you're suspected of breaking the law. But the U.K.'s Home Office is expected to announce later this week that it has given up in its efforts to require British subjects--even suspected criminals--to turn over their encryption keys to the government, third parties or law-enforcement officials. The new proposal is an amendment to a March proposal disseminated by the Department of Trade and Industry. Under the March proposal, users weren't required to deposit keys into escrow, but they would be forced to turn over keys when so ordered by a court. Even that somewhat more liberal procedure, however, could jeopardize a company's security, because it could reveal codes that could be used to decipher other encrypted data that wasn't the subject of the court order. The new proposal, which has not yet been presented to Parliament, wouldn't require any disclosure of encryption keys, just a legible copy of encrypted material. Rather than ask for the combination to a suspected criminal's safe, the government would require the criminal to open the safe and turn over a copy of whatever the government wanted to see. Failure to comply with a lawful order could result in a two-year prison sentence. It will call for penalties to individuals who refuse to turn over legible copies of suspected data when presented with a warrant or court order. Cyberlibertarians Although the proposal falls short for cyberlibertarians on both sides of the Atlantic, it's a move in the right direction from British officials' previous demands and the tactics promulgated by the Clinton administration. Shari Steele, Staff Counsel for the Electronic Frontier Foundation agrees that the British proposal is a "step in the right direction" but feels that it falls short of what is needed to assure secure communications in the digital age. "We don't like the idea of making encryption a greater crime," she says. Today, even if you're handed a search warrant in the United States or Britain, "you're not required to open the safe." If the police want to break it open, that's one thing, but with encryption, "they want their job to be easier." Steele's arguments are consistent with the EFF's strong support of civil liberties in cyberspace, yet I can understand where law enforcement is coming from in its desire to have tools that can break down the digital safes of suspected criminals. Cops (and bobbies) are afraid criminals will gain the upper hand if they are able to use encryption to make it virtually impossible for law enforcement to gather the evidence needed to prosecute crimes. Yet, one of the greatest crimes I can imagine is one that would undermine freedom of speech. True, the First Amendment is a U.S. ordinance, but the British adopted many of the same concepts once they became a constitutional monarchy. I've always felt that if one is to err, it's better to err on the side of freedom. Nevertheless, the Brits may be onto something. By focusing on the data of suspected criminals rather than the keys of legitimate businesses, they are at least putting the onus where it belongs. While it may not be enough, it's a significant step in the right direction. From jei@zor.hut.fi Fri, 4 Jun 1999 19:25:26 +0300 (EEST) Date: Fri, 4 Jun 1999 19:25:26 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Germany Frees Crypto On Thu, 3 Jun 1999, David Hayes wrote: > Who would have thought that ECHELON would turn out to be a program to > improve civil liberties? Well, I did for one. Let's just hope it doesn't stop with Germany. Keep publishing more reports and information about Echelon! ;-) Even if most governments don't care about civil liberties, they do care about economic espionage and the fact that they are losing billions of dollars to US if they don't protect themselves and their citizens from their spy-systems. Which means, that governments will have to get their citizens to use crypto and spook-secure systems. :-) National crypto-industries can expect huge benefits the better these facts about echelon spying are conveyed and presented to the local governments. ++ J From paul@hedonism.demon.co.uk 04 Jun 1999 19:08:55 +0100 Date: 04 Jun 1999 19:08:55 +0100 From: Paul Crowley paul@hedonism.demon.co.uk Subject: More on fortifying Lotus Notes Ian BROWN writes: > Paul Crowley wrote: > >Is that because Lotus has been engineered such that it's harder to > >reverse-engineer or modify? Because presumably if we could find > >where the NSA's public key is stored in the binary, a Lotus-Fortify > >program could replace it with a randomly-generated one for which the > >private key has been discarded? > > "Playing hide and seek with stored keys" by Adi Shamir and Nicko van > Someren describes how to use the high entropy of keys compared to > program instructions and data to find an embedded key... > > http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf I've finally fetched and read this paper, and it seems to be pretty straightforward to implement. A few questions: * What legal hurdles stand in the way of (a) using a bunch of tools to search the binary files that come with Notes to find the embedded public key, (b) publishing the key, and (c) writing a program to find the key and scramble it? * How do I tell when I've found it? Do we have an example of plaintext and ciphertext encrypted with this key, do we know what public key algorithm they use and what key formats that might imply? * What should be done to the key once it's found? Is it sufficient to replace most of it with random noise, or is it important that it be replaced with a real key? cheers, -- __ \/ o\ paul@hedonism.demon.co.uk http://www.hedonism.demon.co.uk/paul/ \ / /\__/ Paul Crowley Upgrade your legacy NT machines to Linux /~\ From lists@notatla.demon.co.uk Sat, 5 Jun 1999 00:16:11 +0100 Date: Sat, 5 Jun 1999 00:16:11 +0100 From: lists@notatla.demon.co.uk lists@notatla.demon.co.uk Subject: More on fortifying Lotus Notes Paul Crowley > * What legal hurdles stand in the way of (a) using a bunch of tools to > search the binary files that come with Notes to find the embedded > public key, (b) publishing the key, and (c) writing a program to find > the key and scramble it? The tools are already here. od will show you the content dd if=INPUT_FILE of=df bs=1 count=3 seek=10374 conv=notrunc I've just writen 3 'A's into a binary of 'df'. 002882: 64 20 41 76 41 41 41 61 62 6c 65 20 43 61 70 61 d AvAAAable Capa Writing a real binary editor is not that hard either. * What should be done to the key once it's found? Is it sufficient to > replace most of it with random noise, or is it important that it be > replaced with a real key? Experiment ought to find that out. It would be fairly easy for them to have some built-in check at encryption time, but they may not have bothered. Not much is really worth doing in a model where someone can make arbitrary changes to the binaries you ship. From duncan@gn.apc.org Sat, 05 Jun 1999 01:21:10 +0100 Date: Sat, 05 Jun 1999 01:21:10 +0100 From: Duncan Campbell duncan@gn.apc.org Subject: More on fortifying Lotus Notes 4 June 99 The issue of the NSA trapdoor in the International Edition of Lotus Notes 4 is attracting a number of argumentative strands in different places : http://www.heise.de/tp/english/inhalt/te/2898/1.html http://www.heise.de/bin/tp/forum/get/telepolis/2115.html Its also been one of the more commented on issues arising from the new European Parliament report on Echelon. http://www.iptvreports.mcmail.com/ic2kreport.htm#_Toc448565572 One of the features there and in private correspondence I've had is that IBM/Lotus folk feel aggrieved because their crypto system is better than MS Mail and other US competitors, so I'm being unfair in pointing out how it has been tailored to suit NSA surveillance. That position is understandable. MS Mail (and Netscape, etc) are completely crypto-crippled, while Lotus pretends not to be, by having an NSA trapdoor instead. Choose (a) MS (b) Lotus or (c) something not made in the US (or other UKUSA nation) and not required to be NSA surveillance - friendly. Now that the crypto barriers are coming down completely within the EU, there can be no justification for EU customers buying export-controlled US-licensed software for any communications or information security application. This is the nightmare that US manufacturers warned the US goverment about. Now they have to face the consequences. Duncan Campbell >Paul Crowley > > > * What legal hurdles stand in the way of (a) using a bunch of tools to > > search the binary files that come with Notes to find the embedded > > public key, (b) publishing the key, and (c) writing a program to find > > the key and scramble it? > >The tools are already here. > > od will show you the content > > dd if=INPUT_FILE of=df bs=1 count=3 seek=10374 conv=notrunc > I've just writen 3 'A's into a binary of 'df'. >002882: 64 20 41 76 41 41 41 61 62 6c 65 20 43 61 70 61 d AvAAAable Capa > >Writing a real binary editor is not that hard either. > > >* What should be done to the key once it's found? Is it sufficient to > > replace most of it with random noise, or is it important that it be > > replaced with a real key? > >Experiment ought to find that out. It would be fairly easy for them to >have some built-in check at encryption time, but they may not have >bothered. Not much is really worth doing in a model where someone can >make arbitrary changes to the binaries you ship. From nbohm@ernest.net Sun, 06 Jun 1999 11:42:54 +0100 Date: Sun, 06 Jun 1999 11:42:54 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: More on fortifying Lotus Notes At 07:08 PM 6/4/1999 +0100, Paul Crowley wrote: >Ian BROWN writes: >> Paul Crowley wrote: >> >Is that because Lotus has been engineered such that it's harder to >> >reverse-engineer or modify? Because presumably if we could find >> >where the NSA's public key is stored in the binary, a Lotus-Fortify >> >program could replace it with a randomly-generated one for which the >> >private key has been discarded? >> >> "Playing hide and seek with stored keys" by Adi Shamir and Nicko van >> Someren describes how to use the high entropy of keys compared to >> program instructions and data to find an embedded key... >> >> http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf > >I've finally fetched and read this paper, and it seems to be pretty >straightforward to implement. A few questions: > >* What legal hurdles stand in the way of (a) using a bunch of tools to >search the binary files that come with Notes to find the embedded >public key, (b) publishing the key, and (c) writing a program to find >the key and scramble it? Check the terms of the Notes licence. Unless the licence imposes an explicit contractual prohibition, neither searching a file nor modifying it (manually or automatically) are copyright infringements. Publishing the key would be a copyright infringement; but why bother? Also check that the licence does not prohibit the user from modifying the program or running the program as modified. Users concerned about the risk of invalidating their Notes licences by making its encryption secure against the NSA may wish to raise the matter with Lotus. >* How do I tell when I've found it? Do we have an example of plaintext >and ciphertext encrypted with this key, do we know what public key >algorithm they use and what key formats that might imply? > >* What should be done to the key once it's found? Is it sufficient to >replace most of it with random noise, or is it important that it be >replaced with a real key? Presumably a single change to one bit of a public key would prevent decipherment with the private key, since the two no longer correspond. (If the program somehow tests for the correctness of the public key, however, then presumably the test must also be modified to provide the right answer for the modified key.) >cheers, >-- > __ >\/ o\ paul@hedonism.demon.co.uk http://www.hedonism.demon.co.uk/paul/ \ / >/\__/ Paul Crowley Upgrade your legacy NT machines to Linux /~\ > > > Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From duncan@gn.apc.org Sun, 06 Jun 1999 12:41:03 +0100 Date: Sun, 06 Jun 1999 12:41:03 +0100 From: Duncan Campbell duncan@gn.apc.org Subject: More on fortifying Lotus Notes Edinburgh 6 June 99 NSA Workfactor Restoration (NWR ???) for Lotus Notes NSA Trapdoor Edition Sorry folks, its a little bit harder than you think. At 06/06/99 11:42 , you wrote: >At 07:08 PM 6/4/1999 +0100, Paul Crowley wrote: > >Ian BROWN writes: > >> Paul Crowley wrote: > >> >Is that because Lotus has been engineered such that it's harder to > >> >reverse-engineer or modify? Because presumably if we could find > >> >where the NSA's public key is stored in the binary, a Lotus-Fortify > >> >program could replace it with a randomly-generated one for which the > >> >private key has been discarded? [...] >Presumably a single change to one bit of a public key would prevent >decipherment with the private key, since the two no longer correspond. (If >the program somehow tests for the correctness of the public key, however, >then presumably the test must also be modified to provide the right answer >for the modified key.) To prevent you giving NSA its present of the WRF, Lotus Notes 4 International Edition works as follows. 1. The full session key is sent encrypted - presumably as part of the RSA session set up. 2. The recipient programme looks for the WRF and extracts it. 3. Using NSA's public key, it re-encrypts the 24 bit section of the session key. 4. It then compares the result of that encryption with the WRF. If the two do not match, then it will refuse to decrypt the incoming message. Therefore, your Lotus Fortify patch will have to operate on both sender and recipient. If you can get to the NSA public key inside both functions, and change each in the same way, then does that work? I would presume so but list members will know if that intuition is right. From lists@notatla.demon.co.uk Sun, 6 Jun 1999 14:07:35 +0100 Date: Sun, 6 Jun 1999 14:07:35 +0100 From: lists@notatla.demon.co.uk lists@notatla.demon.co.uk Subject: More on fortifying Lotus Notes Duncan Campbell > 3. Using NSA's public key, it re-encrypts the 24 bit section of the session > key. > 4. It then compares the result of that encryption with the WRF. If the two > do not match, then it will refuse to decrypt the incoming message. > Therefore, your Lotus Fortify patch will have to operate on both sender and > recipient. If you can get to the NSA public key inside both functions, > and change each in the same way, then does that work? I'd expect so, but it may be easier than that. There is likely to be a section of code that makes a yes-no decision on whether the two WRFs match. Replacing the few bytes concerned with the same comparison in the opposite sense (i.e. approve if different) or with inactivity (NOP) instructions may do the job. I read a paper a few years ago where somebody described using these techniques to defeat copy protection and it never took above 4 hours. It requires some familiarity with the assembly language involved. The programmer can make life a bit more complicated by having more than one check, and by not flagging the relevant instructions by putting them close to the bail_with_error function. Really subtle people don't rely on an explicit yes-no decision but use some result of the calculation in an important place later during execution. Wrong numbers then cause some unrelated-looking failure. Unfortunately I don't know any modern assembly language - nobody knows how to write books these days. Books hundreds of pages long omit the few page appendix which is all you really want. From dave@xemu.demon.co.uk Sun, 6 Jun 1999 14:49:16 +0100 Date: Sun, 6 Jun 1999 14:49:16 +0100 From: Dave Bird dave@xemu.demon.co.uk Subject: More on fortifying Lotus Notes In article <199906061307.OAA08481@notatla.demon.co.uk>, lists@notatla.demon.co.uk writes >The programmer can make life a bit more complicated by having more than one >check, and by not flagging the relevant instructions by putting them close >to the bail_with_error function. Another trick is to figure on automatic dis-assembly going straight down the text (and put a valid load-with-32bit-constant opcode in front) rather than jumped to (where it executes as a conditional junp). -- ^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/ (..)__u news:alt.smoking.mooses From ben@algroup.co.uk Sun, 06 Jun 1999 14:57:16 +0100 Date: Sun, 06 Jun 1999 14:57:16 +0100 From: Ben Laurie ben@algroup.co.uk Subject: More on fortifying Lotus Notes Dave Bird wrote: > > In article <199906061307.OAA08481@notatla.demon.co.uk>, > lists@notatla.demon.co.uk writes > >The programmer can make life a bit more complicated by having more than one > >check, and by not flagging the relevant instructions by putting them close > >to the bail_with_error function. > > Another trick is to figure on automatic dis-assembly going straight > down the text (and put a valid load-with-32bit-constant opcode in > front) rather than jumped to (where it executes as a conditional junp). Good disassemblers can spot this trick. Besides, the wise reverse engineer reverse-engineers with a debugger (or an ICE if budget permits :-), not a disassembler. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Sun, 06 Jun 1999 15:00:23 +0100 Date: Sun, 06 Jun 1999 15:00:23 +0100 From: Ben Laurie ben@algroup.co.uk Subject: More on fortifying Lotus Notes lists@notatla.demon.co.uk wrote: > Unfortunately I don't know any modern assembly language - nobody knows how > to write books these days. Books hundreds of pages long omit the few page > appendix which is all you really want. Unfortunately, modern assemblers take a few hundred pages just to describe the instructions! For example, the i486 instruction set takes 289 pages! Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From lists@notatla.demon.co.uk Sun, 6 Jun 1999 15:36:50 +0100 Date: Sun, 6 Jun 1999 15:36:50 +0100 From: lists@notatla.demon.co.uk lists@notatla.demon.co.uk Subject: More on fortifying Lotus Notes I found the article I referred to. I got it from an ftp server in Italy, maybe in September 1994. Let me know off list of you want it. I also thought I should explain why in my last post I thought it was easier to act on a program by neutralising a test than by making the (bogus) public keys match at both ends of the communication. The session-key leakage is 24 bits (2^24=16777216). If the same bogus public key gets into wide circulation among L-Fortify users then the NSA only has to compute 2^24 encryptions with that key and they are in a position about as good as they already have. This is a lookup table that can be stored on a single disk even if it is stored in full which should not be necessary. If all versions of Notes are using different keys for the NSA, and changing them periodically then this is much better. To attack a single user they will then have to crack the whole 64-bit session key and derive what information they can from that (perhaps from serveral messages) about the public key. Only when studying the public key becomes pointless and they attack only session keys (itself not a major task) will the Lotus trapdoor be removed. From I.Brown@cs.ucl.ac.uk Sun, 06 Jun 1999 15:51:46 +0100 Date: Sun, 06 Jun 1999 15:51:46 +0100 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: The great white e-bird has landed The Times, Friday 4 June 1999 Opinion By James Woodhuysen Has the Government fallen victim to a cargo cult? Like South Sea Islanders bowing down before a piece of engineering washed up on their shores, ministers exhibit irrational awe in the face of information technology. Like the Islanders, they know that this alien but exotic development is powerful; but their confused reaction betrays a failure to understand the technology they revere... E-commerce has flourished without government intrusion. Now that it has grown big enough to attract ministerial attention, the dead hand of the State constricts the modest success which the market nurtured... http://www.the-times.co.uk/news/pages/tim/99/06/04/timopnope01002.html?1044816 From lists@notatla.demon.co.uk Sun, 6 Jun 1999 15:58:45 +0100 Date: Sun, 6 Jun 1999 15:58:45 +0100 From: lists@notatla.demon.co.uk lists@notatla.demon.co.uk Subject: More on fortifying Lotus Notes Ben Laurie : > Good disassemblers can spot this trick. Besides, the wise reverse > engineer reverse-engineers with a debugger (or an ICE if budget permits > :-), not a disassembler. Wrox Press "Assembly Language Master Class" ISBN 1-874416-34-6 See page 126ff. The trick I like most is on p129 where the Pentium pipeline stores the next few instructions of a self-modifying program. The pipeline is unwriteable by the program in normal execution. It can tell whether it is being run under a single-step debugger in which case the pipeline would not be in use. and > Unfortunately, modern assemblers take a few hundred pages just to > describe the instructions! For example, the i486 instruction set takes > 289 pages! rats! From duncan@gn.apc.org Sun, 06 Jun 1999 16:26:40 +0100 Date: Sun, 06 Jun 1999 16:26:40 +0100 From: Duncan Campbell duncan@gn.apc.org Subject: More on fortifying Lotus Notes There is only one NSA public key for all of Lotus IE, wherever, SFAIK. The Lotus position on preventing tampering with the WRF, as follows "You might wonder what's to prevent someone from deleting the Workfactor Reduction Field from a document or the setup protocol of a network connection. This is similar to the problem faced in the Clipper design to assure that the LEAF field was not removed from a conversation. In a software only implementation, it is not possible to prevent tampering entirely. The easiest form of tampering would be to smuggle the North American Edition CD out of the U.S. or pass it to someone over the Internet. The best a software implementation can do in terms of tamper resistance is to make it impossible to remove the Workfactor Reduction Field without modifying both the source of the data and the destination.. This can be done by having the destination check for the presence of the Workfactor Reduction Field and refuse to decrypt the data if it is not there or not correct. The destination can't decrypt the Workfactor Reduction Field to check it, but knowing the bulk data key and the government public key, it can regenerate the WRF and compare the result with the supplied value. RSA has the convenient property that the same value encrypted twice produces the same result; it would be somewhat more complex (but still possible) to duplicate this functionality with other public key algorithms. [Note: for this to work, the random pad that was used in creating the WRF must be delivered to the recipient of the message. For it to be secure, it must be delivered encrypted since a clever attacker who knew the pad could do 2^24 trial encryptions to get 24 bits of the key and then do 2^40 trial decryptions to recover the rest.]" Another Lotus NSA-friendly point : The International Edition is limited to 512 bit RSA keys for data confidentiality (ie, the session generating and passing the bulk data key. Duncan From ben@algroup.co.uk Sun, 06 Jun 1999 16:45:36 +0100 Date: Sun, 06 Jun 1999 16:45:36 +0100 From: Ben Laurie ben@algroup.co.uk Subject: More on fortifying Lotus Notes lists@notatla.demon.co.uk wrote: > > Ben Laurie : > > Good disassemblers can spot this trick. Besides, the wise reverse > > engineer reverse-engineers with a debugger (or an ICE if budget permits > > :-), not a disassembler. > > Wrox Press "Assembly Language Master Class" ISBN 1-874416-34-6 > See page 126ff. The trick I like most is on p129 where the Pentium pipeline > stores the next few instructions of a self-modifying program. The pipeline > is unwriteable by the program in normal execution. It can tell whether it > is being run under a single-step debugger in which case the pipeline would > not be in use. Yep, but I can tell (by thinking hard) that it is using this trick, and simulate the results. This is why an ICE is preferred, of course - less thought involved! BTW, I remember this was used years ago to distinguish 386 SX and DX models - they had different length prefetch queues. And if you want to see some _really_ bizarre stuff that pipelines can do, see the code in OpenSSL where adding instructions that do nothing useful gives huge performance gains on P2s! Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Sun, 06 Jun 1999 16:50:43 +0100 Date: Sun, 06 Jun 1999 16:50:43 +0100 From: Ben Laurie ben@algroup.co.uk Subject: More on fortifying Lotus Notes Duncan Campbell wrote: > Another Lotus NSA-friendly point : The International Edition is limited to > 512 bit RSA keys for data confidentiality (ie, the session generating and > passing the bulk data key. That's a general requirement for export. Until recently, that is. 1024 bit keys are now permitted. As are 56 bit symmetric keys. In the case of SSL/TLS certs can have bigger keys, but an ephemeral 512 bit key is generated to secure the sessions. Because of the cost of key generation, this key is typically reused for many sessions. TLS has grown some new ciphersuites to support the relaxed restrictions, BTW. I think MS even shipped them in MSIE5 (but I could be wrong). Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From gladman@seven77.demon.co.uk Sun, 6 Jun 1999 19:30:07 +0100 Date: Sun, 6 Jun 1999 19:30:07 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Germany Frees Crypto From: John Young To: Cc: ; Sent: 03 June 1999 18:58 Subject: Re: Germany Frees Crypto [snip] > As someone working on an Echelon story asked elsewhere, just what > strength of crypto can NSA crack these days. > In my view this question has to be posed and answered carefully. The reality is that most crypto cracks are not done by breaking the algorithms but by exploiting weaknesses in their implementation. It fairly clear that we are already using algorithms that would be way beyond NSA's ability to break by brute force if they were implemented perfectly and operated in a perfect environment. We already use 128+ bit keys in many of our algorithms and yet it is very clear that few if any applications come even close to the levels of security that such key lengths offer. In the work on AES several papers show how easy it is to get at keys on smartcards and Markus Kuhn at Cambridge has recently published an excellent paper on this. And, of course, software is several orders of magnitude easier to subvert so we can see that we really do not have to worry about algorithm strength but rather the strength of implementations. These have a ***LONG*** way to go before they even come close to matching the security offered by current algorithms and key lengths. Having worked on military systems the one thing that I can with confidence is that the only area in crypto where the 'government machine' remains ahead of the open world is in the issue of implementation assurance. Governments have learnt from a lot of practical experience how easy it is to undermine algorithm security during implementation. The open world still has to learn much of this. I believe that this will happen at a rapidly increasing rate so I don't think this advantage will last much more than a few more years but it is there now and it means that key length just gives an unlikely upper limit on the security that applications offer. But a wider issue is that the question has to be asked in a context. If NSA conducts a targeted attack on a specific message it can clearly break keys a great deal longer than 56 bits (using DES as a benchmark). But if we achieved a situation in which all email was truly protected to even 40 bits then much of the internet would be instantly out of NSA's reach since to do 'keyword' searches and the like requires a huge volume of traffic to be decrypted and here even 40 bit encryption would pose an insurmountable barrier. So if we could find ways of achieving, as a matter of routine, ***ACTUAL*** cryptographic security at even DES strength, much of the 'State Sponsored Information Piracy' we currently hear about would not be possible. IMHO this won't happen, not because it cannot be done, but rather because most users prefer functionality over security and, given the chance to put processor and software improvements into one or the other, the market will, for the present at least, continue to be driven by functionality. Of course there are applications that, used properly, give good security but they are used by a very small fraction of the user community, most of whom will continue to be content to exchange email in the clear. This is made worse by the fact that most large companies don't seem to be aware of the need for good implementation assurance in offering security solutions and hence provide solutions that seem to offer security performance but which, in reality, are worse than useless because they give user's a comfortable feeling while offering no real protection. My own hope is that a convergence of the open source software and cryptographic communities will now bring a rapid change in this situation. The technical community can offer the world good protection and government's are powerless to stop this happening if we choose to do it. Frankly I have stopped short of pushing this line vigorously in public but I am fed up with the UK government's protestations of being positive about crypto whilst doing all it can 'behind the scenes' to prevent its spread. Good evidence of this is the UK government's stance in Wassenaar, an arrangement that states very that it cannot be used to used to justify actions which impede genuine commercial transactions. Yet despite this clear statement, the UK government - the DTI no less - has continued to use this agreement to seek restrictions on the export of civil cryptographic products that cannot even remotely be considered to fall within its provisions. And if anyone doubts the UK government's desire to hide its actions in Wassenaar from the public eye, just look at the recent paper on 'Encryption and Law Enforcement' issued by the PIU. Here export controls on cryptography are ***not even mentioned*** even though it is very clear that they fall at the heart of the study remit as a major consideration in the relationship between encryption and e-commerce. But worse than simply not covering export controls, this paper actually ***LIES*** about government actions by saying: "However, apart from the OECD Guidelines on Cryptography Policy, there has been remarkably little co-ordination of policy on encryption matters." when almost everyone on this list knows very well that the government has had a long standing role in a host of international efforts designed to restrict the spread of cryptography. I am amazed (maybe I shouldn't be) that the government would tell such deliberate and shameful lies in a document with a preface signed by the Prime Minister. In fact I have been so taken aback by this that I have been at a loss about how best to react to it - it is hard to know where UK citizens can turn when there is such deliberate dishonesty and lack of ethics right at the heart of government. It will be interesting to find out whether the Prime Minister and the Head of the PIU are aware of the fact that a document put out in their name contains such deliberate distortions of the truth. I hope that journalists on the ukcrypto list will do what they can to discover the level within government at which this attempt to mislead the UK public has been orchestrated. Brian Gladman From nigelhickson@compuserve.com Sun, 6 Jun 1999 16:36:31 -0400 Date: Sun, 6 Jun 1999 16:36:31 -0400 From: Nigel Hickson nigelhickson@compuserve.com Subject: Germany Frees Crypto Brian = Just seen; the PIU document was talking about coordination on encryption policy; not on export controls. Why should we lie abou Wassenaar? We we= re simply trying to make point (something I thought you wd be in favour of) that there has been little coordination on broad encryption policies in t= he round. = Nigel Hickson = From georgefoot@oxted.demon.co.uk Sun, 6 Jun 1999 22:29:46 +0100 Date: Sun, 6 Jun 1999 22:29:46 +0100 From: George Foot georgefoot@oxted.demon.co.uk Subject: Germany Frees Crypto To Nigel Hickson: I am baffled by the expression "broad encryption policies in the round". An explanation would be appreciated. Many thanks. George In message <199906061636_MC2-7869-8A8F@compuserve.com>, Nigel Hickson writes >Brian > >Just seen; the PIU document was talking about coordination on encryption >policy; not on export controls. Why should we lie abou Wassenaar? We were >simply trying to make point (something I thought you wd be in favour of) >that there has been little coordination on broad encryption policies in the >round. > >Nigel Hickson > -- George Foot georgefoot@oxted.demon.co.uk http://www.oxted.demon.co.uk From paul@hedonism.demon.co.uk 06 Jun 1999 22:33:46 +0100 Date: 06 Jun 1999 22:33:46 +0100 From: Paul Crowley paul@hedonism.demon.co.uk Subject: More on fortifying Lotus Notes lists@notatla.demon.co.uk writes: > The session-key leakage is 24 bits (2^24=16777216). If the same bogus > public key gets into wide circulation among L-Fortify users then the > NSA only has to compute 2^24 encryptions with that key and they are in > a position about as good as they already have. This is a lookup table > that can be stored on a single disk even if it is stored in full which > should not be necessary. Happily, those 24 bits are padded with random data before encryption to prevent just such an attack. The padding is sent encrypted so the WRF can be checked on receipt. I don't have the skills for poring through binaries reversing tests. Crackers who strip copy-protection mechanisms get very good at this sort of thing, though programmers are also getting good at making the cracker's job harder with some obfuscation tricks. If there's code for checking the integrity of the public key, I'm going to be straight out of my depth. Can anyone think of a way of confirming a guess at which bit of the binary might be the public key more efficient than changing it and seeing what breaks? Notes is so full of bugs that it would be hard to tell whether a particular change had introduced one. Where might I find documentation of the Notes encrypted message format such that I can see whether a given change affects the WRF? -- __ \/ o\ paul@hedonism.demon.co.uk http://www.hedonism.demon.co.uk/paul/ \ / /\__/ Paul Crowley Upgrade your legacy NT machines to Linux /~\ From fmz1@juno.com Sun, 6 Jun 1999 16:03:41 PDT Date: Sun, 6 Jun 1999 16:03:41 PDT From: F. Michael Zimmerman fmz1@juno.com Subject: PERSONAL HORROR STORIES WANTED -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like to solicit horror stories from people regarding bad experiences they have had online due to compromises in their privacy. My public key block follows this message. I intend to use these anecdotes to illustrate the importance of encryption and security, but I shall not name names without the express permission of respondents. I am not interested in urban legends. I want incidents which have happened TO the respondents. If the incidents occurred on a local BBS, that is fine but please note the fact. F. Michael Zimmerman * PGP public keys available on request! 29BE 0D90 88FA 9DCD 22A5 DDC0 1751 677A 1B01 CE34 [DSS ]3072/1024 3A46 5DB1 E892 CBEC AD1A 18F2 AA98 6AB9 [RSA 2048] B82F 5F41 4C28 BB8D DA0B 88BA C39E 9883 [RSA 1024] On Sun, 6 Jun 1999 15:12:33 +0200 Jan Bruners writes: > >Sorry, I posted an opinion similar to Brian's again. But I cannot >think >about an effective way to reach computer newbies other than bundling >the >quick start manual with new computers (which would imply cooperating >with...hm... not quite trustable companies) or setting up banners on >web >portals (which would imply cooperating, too, or cost money). > >Maybe (only maybe) the strategy of a well-known online bookstore >would >help: They pay people for putting the comanpany's banner on their >homepage. >If we could get a lot of people in academic institutions and >non-profit-organisations to host the quick start manual (which could >be a >rather small PDF-file) along with an interesting little banner, the >problem >would reach at least a lot of students. The talk-show crowd would be >the >next (and more difficult) step. >Personally, I would like to start now writing a comprehensive PGP for >dummies, or rather translate it to German, and then publish it on as >many >sites as possible. Much work for me, a small step for PGP. >Michael Zimmermann seems to have some talent in writing colourful >examples >for the importance of cryptography. So, would you agree to write the >kind >of foreword you proposed? I could extract a more formal second chapter >from >the PGP manual, if no one else does. > >>Perhaps what I have in mind is something which would be more >effective >>in demonstrating to the average Internet newbie the value of >>encryption. Stories of political repression do little good here. >>Most of the people of whom I speak do not think they have anything >to >>hide, so they are not interested. Horror stories drawn from >everyday >>experiences would be far more effective. This might be more >>accurately termed publicity than documentation, but the two need not >>be mutually exclusive. The publicity aspect would come if and when >>these stories find their way to the places where these ordinary >users >>conduct their activities. The stories should grab them and make >them >>think, "MY GOSH THAT COULD HAVE BEEN ME!" Then they will be looking >>for solutions. >> -----BEGIN PGP SIGNATURE----- Version: 5.5.3a Comment: Why not lie to the government? It lies to you. iQA/AwUBN1r9+BdRZ3obAc40EQJSswCgvv8OSpJyCnpFKy/zc/WLPUp1mYkAoJB/ GvEqOoO7oZTRGGX5Lnj4RJdU =39bl -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 5.5.3a Comment: Why not lie to the government? It lies to you. mQGiBDWaSBwRBAD6ms4hiRs0M+JQ6LtV0gl44vBiUGxBNv69pDZ11KfpZtroq/Mj EqKK/aOQZh2hAcJOAEroi9RkmhY1O19950z1A6KnXEzLWEeALPI9/1T/c5vNdZ/m 8XQYnr08QoK+uTMZqiSi0zPMFLbpiDGDsxg+bFxMjSRAwtZh3S+5dfk/uQCg/+lY JGuyxDZBo/uoH9ZFuETCricEAKn+nw8pt2+WMuxf6FJ9p5/d6dEHwwzeQt1sl4qj 8idsrqhMCVAemlgYPXeyXT1rek70F8CzFtleyqqgC2pZpqfO/2PH3OQbM0/TLqbo KAfkzNlqP8F+sZ+tD+vMAR9nj3P6onYA9kIm5Y/quo/Jwe5S9cTi7WOBr+vX5Oxh EYkDBAC1wRpAwwruqunETRyzZ2TR7DDa5Qz6fGz3WNqSpV8xRjfrDnsc0MZOnv81 1paQh+5c7EFiXWY3gmzJHKnNKoYUPuepcRE4udtk+yFI5HtopazIR9xQ5kQDsJPF 9e1tF3z+uXIWOQGjtnPja+M0YBPsvYBJjiVFAoOhE6RlPeIYQokARgQgEQIABgUC Nf6EMwAKCRBJhVZ6Fj3IZP0hAKDUZIV67pfwUZ7mTC89rSbjTTTL7ACcCJK5WWk+ 9VZOl0dp3HY3XHu8iX+0JEZyYW5jaXMgTS4gWmltbWVybWFuIDxmbXoxQGp1bm8u Y29tPokAUQQQEQIAEQUCNZpIHAUJAeKFAAQLAQMCAAoJEEmFVnoWPchkTFkAoPiS 3nuFv7qJ9OZgaOn9dGkCofjXAJ992N/S9cyf2mHGkU6GLx7HwrfSBIkARgQQEQIA BgUCNZquCgAKCRClwXruV5qqVf1jAJ9PcO4ryHpiRrF2PYQwxZRCF3QJdgCgu21S eY80ztv/RSH4gmpWxvnWY7mJAEYEEBECAAYFAjWarjsACgkQIqsaixFHvh/WYACg sfm0fYPxLKwkF7XYtUYB+HVO3l0AoJzYSP6ESswvnWXj5bqIQjVWOTHTiQBGBBAR AgAGBQI1mq6BAAoJECbpFNIB80DOBigAoJtzDcDHiYLKWUL4G3K5pJsfDdoOAKCo RMSRWgkrHyTaU9+lY8dKRThzkYkBFQMFEDX4bTmQPP1gz/PVxQEByl8H/30eF4fl ul2bUIjA3X+4wXVS74LKPTVtzD8Oavf60+APZjD4gGiXDYspZYGyPwKlb4Fy3Tra gmBl/fkL/5CGeOKL33PBmb3svQeH3VlXjmAl7wfxSmL3+wEQff+LrAHrUc9Tr0vy 1hMEkL5P3fGxH9pagJsiTsoOyG66sv6atV44QZLSdAbAeKcRDjn/ffnk9iql2f3D LoHs4DxD8VAF7gNbvSRn7AFp5Yndag0jsPCBw9eiG8j68i7taKcqkjXh/PoTTA5X qW3aUU8/lVsjy5V1NZUcPmk8ozZ8lSy9pPOxeHu2UwyV/aaHRAZKGSHJH8sXZqxX V8S+GgrS62r/bKu5Aw0ENZqhzBAMAP8DxSqL6W0IhBE2z9gSK80xCO5DQARcOYxB lpQE3fJgw0yCDs6Aw/fEegKVGj8XX0cad+P2PeG5D0F8llPsIl+2YtVHIZQze4y1 FCYCJX14xje1+jssKsveTAzY+xJ4/ZgBicvSvcIJQowoqcdgiQICGArWSNEPDJZW 4GDA8wLjWF+5Jo1edXgQs4jkcA+Jcoaljstq7hF5IY7wteXCZKhI4570g1XwiSs+ BewuF8RA3wDVTw30oexjf5bwqhig314QQPC/MT1Q641u7N0hKIcrD50mImudKcDi DAx1nzoNfF6/S93HXx6U/WzxoUatLcy9auyW1u18e4PxWgG/YLKGggFkIPqvqyam +BSXwHaYXUj62weuKpxVTHFVu1oGHkfrjZNmP+Ojh7gOJ/dw8NNfUD65eLUdu40B EDgmKJjpBS4uFxGSYkFDD11rBBuTz+dPU6R6XhYgngg5IYuOcaJ96+WbpR7BOmMX Oh9WiKR6jsdHd4TImLN5A4o2/uKXlwACAgwAk6KHJUz3U4r6IesUgZrfYGOr5YUB cRxKVvCn1r4bn5DR5gKPpGBSLwdwAcC7sP4KJBIyG3/4Ean1nMjuZaPQcxBfyxUG 1Dssnu7u4JC8+j1/uir8l+Z0iDpq92PlQ+mQ3MAcJbkdshUP53Cg/EAsS+I5apYl ablw9PN9/c0UbSHk3PCvWW9pBwzVvbpUO7tw6ZkxL7ez5R6jfgoE6G8u6fFke4zC 0W3JJ0r6qsuSbzSUCMXdFdf/KAE+wiM8H0xzUxxVWCYKi/HvOlESWPt6XnsPcj4/ vQyqAPrxdhwzPHfJR/D2R5SEfM11mP8FGIDVWgSIyC5fqkwwchRYZNeNkmLS2Tjh bz+tNlYRBqwg355M6PGt64uFcxM4n/mVR5gD/kbBKqTm4ttfbl/n5D34n6KOTk0D MMO32YBJPN26uxG8jpegbFYIsEnd3dizHqeQX42d0UzBLm5zdlI0BZ7YxZCsi6uG 10znXoVbEJ0cwEb+CYc1Iy6KIEtOQIEtsqNjiQBMBBgRAgAMBQI1mqHNBQkB4oUA AAoJEEmFVnoWPchkl54AnjVtWwTXpzasnnhogiVDoK5HBgsVAKCFfib3I0FfRKyc Y3+eU0qXfwV4V5kAjQMwwAoLAAABBADOxs9Fa4Ys6IFqUlCFD72y03lK4k670XVR w3fy42pYWvbZnf48NiomRWJVRxAOH0M6IRT4m/6HYNeiHtebc7vInPPNQLFXOmqq qROl+rGq96Dpwgbz2CIJo9Wqo7G8XEJdfiLObAUCrMsSh1bNNJyPFTARJz7T+nHA XTv8V0gpZQAFEYkAlQMFIDX+eFTAXTv8V0gpZQEBjd8D+wTITo4Ojva9u8WtnjTY h8y/BzFUY7TPJQvCwy0amVV1A3AFv015cFVDEhwzTd0sJGJUWZ0wSaJO95JXHATN Mt1q3DgfBUrlqLbjd2BtL9ztMqKdQeiUi2kHi5wPwDOl+yDKPW63ILUOCzIMVvlr xLketYXGFbVjvv+EGDykMZrttCRGLiBNaWNoYWVsIFppbW1lcm1hbiA8Zm16MUBq dW5vLmNvbT6JAJUDBRA1FbYtwF07/FdIKWUBAehgA/9oExT8+lt/QRifgYQHK3T6 K3rib169yg81h7vfbvjXVAYQfUMHxHZjdnE8dgo64MyIMRNs5zvQiXts57gXg8K/ CK8K87AOmwGZmf7kZN0u2Ay0Tk7u4UwcbQ4rO9MZAna0LJx3vrCo64kbSD5IHiKM LSld34tJQlH79dGyDCKksokAPwMFEDVuOuClwXruV5qqVREC/VkAoPuxVewKeFkP vizM373z/88a2VSKAJ9yfseVwWWxLHziw00YYTcsV1A844kAPwMFEDVuO0kiqxqL EUe+HxEC72YAoPk18GsDbbjDeGFxdFG/tWV5tylMAKDjOeesaMv6q5awyekVrIbj G4W4vokAPwMFEDVuO4cm6RTSAfNAzhEC2V8AoKjKAy9Q/LrzaAMorWzc/Q/AHaR6 AKD3QPRNBUdkLhNcfRd5lTMg3t/hMYkAlQMFEDVuPCbIGIF8Gg/vmQEBklAD/3x0 jxGTNkZ8b+3eM9Ljllc3UUQfmlCV0Z2KfScSWa7G3bWt1E4JoE0Dly3VQ/ho7rx6 tUn5dRvn1d8sheVYpQ8A+mC1qbRA3azzEyxrotLZeQHdb05QDKDovOumN1teRVFz oKc7QC3HKW7q4Dr9dZ6lbGxCGKRIOzoEnhPcs0vKiQBGBBARAgAGBQI1mrAWAAoJ EEmFVnoWPchk3yIAnjbOgRt7FUjRSxtnxXg1sDCy6oQpAJkBpm8FHMSr3VQwBSYe DJ+R3BFg2IkBFQMFEDX4bXeQPP1gz/PVxQEBWF8H/ivgmhCqOI9m7Sag8eOy1BzW 6MPHvMmxR0pS9Jw8laKKcZb1Px40iFcYkBYmzI3X1PVUMQK80oXIea7Q2sSoyUNX YlWaavNXSK3j2UDJmdTUbODBkHQmRYbarcYlWIZobJdqAMejanuErw+faC8YGz/a glTAYiJ8vyobv8LiAfYVL+VRbZ1p0QxDaigZGE+xEfhb536+7bL8OVC+humDajkp we7D9BK5F9liJmAUX3kMJutloLlI7MXqwz74QkSVdjPPKXzc3wynKu1kBLjHCtOk 6q3CZ5C0cBccQpElxq3gGYzdcv8NvHFefKOrw2iQIBGSzdMz2U7COV8gkDfA9mK0 FEYuIE1pY2hhZWwgWmltbWVybWFutDZGLiBNaWNoYWVsIFppbW1lcm1hbiA8TWlr ZS5aaW1tZXJtYW5AY29jb251dC5naWdvLmNvbT6ZAaIENT9CyhEEAPT6ZxeY79Hr cB7yIjERsoueWptu/FTBH98t4XGFBerT8A7R2Pz9pqsOdhFbIARNOFiuDE5gqCIT BIUaKQDeCxRzOzdDZ6ZQQe7TQWgIHbKByOKaoizXrRLzC1QsRc6pwBfPEglzDYbt 5pk08so3JsEkIs+bE31xfblOraFwokFPAKD/YTu67B3YWGcC+0GksTaV5fWdOwQA thQDx8wiDMVJxrdh3cpo6mgSnll5w31k6qzNQ2KohGbF7GIT54Rbx39/h5MVc7CD UUVJGef+Qp1448u6ntGqvekunsrlewBD3T16nQiG58AvPX5aEjK5tNGq7ouKpZbE nVW3JK76OytTi+z3g2dzWRVFXirHhX+LmP9leJWkrDED/1T6sqrz3sosL9GZgiRS 6UacWwnRm97KO7HReOhrIVnPEVCyUntJKQgxg9eAIarXMZb7ny+eO2bm1WaUcOKO 1U2P8zcLJ9ERQTDzgnf4fziaYUo37ndoXpDl0Vc9VcSFhjUUCfcTMwn0o5ev8/OV uYdyx2N8TO04BYgfPiVEEBDfiQBGBCARAgAGBQI1/oNXAAoJEKXBeu5XmqpV/DkA oKbji5a1TxtKzJ1Mjf6UQd0EH34rAKDf02dxtZ0qIo1EaFQKbaqJ8lvLnLQiRi4g TWljaGFlbCBaaW1tZXJtYW4gPGZtekBqcHMubmV0PokAUQQQEQIAEQUCNT9CygUJ AeEzgAQLAwECAAoJEKXBeu5XmqpVorIAoNL5RhklgYFSCFglIts8PHOsxrwCAJ9o PYsDqI6gRNMBPWCLjvkZXoltHYkAlQMFEDVuOhrAXTv8V0gpZQEBskID/jhS0qoa MamPfcHqHMbq2zZEyWXmw/KHyWfiEZ+Cktjq9Y+va8Hl+sVm0WrmnuX/UCrl75Cv bMK2KMGHKbaPsvbXLV3xH//rfkFhep7ivjp4ZQtPjsFamlNdGUlmrx0yQuw+a2eZ q9sVf86GJC/h77B6Ul+DBYP5CeaWsyD1gZXoiQA/AwUQNW47RyKrGosRR74fEQL1 eACggb55l79vspBHrN4wO8dOWHW1H5oAoJYBdJ3f6hlaah8mUOCGDVBznZfxiQA/ AwUQNW47hSbpFNIB80DOEQKM9wCeNVBrjQSGUOyIK9KonyKKHRBrsSAAoLkJYc84 VSO199/nTACTQArWg3/diQCVAwUQNW48GcgYgXwaD++ZAQEMbwQAhG6iyKasnXJW J+gYKJSx/9ee72UQD7k2Zwri0cXy6PZjNAiH0fTI72YsCqY0UFQKVBUAxce1rDCK yF+HYspoiBg/mke1fFKnUpAU49qr3PHc24l1nK8/IybFBS0KD6pAxvdWy3JoAG2v 0yQR/CfHVgMXrzk2Bi8kFAp2CW/0aBeJAEYEEBECAAYFAjWasBMACgkQSYVWehY9 yGR8SwCfX3oUAI0UW5RAuKmF8mHlGt5TFr8AnRny2Z6zCN9XorcSkDPBNM/1QO9N iQEVAwUQNfhtVZA8/WDP89XFAQGMaAf9FIvgaAerUjc+yC5IA2qgJYeCUHyYGvpa HcZXcXM8yXZWK7Q9WIwrolGCutVTA3GLPTsBi5Wjsx0F/XkWzFEhWM04W9hj0vXE eSRAPrCc3VQPAxNXnIp0O3sv9s6UQf7zAGm7XmJoo4U9plLRPZmP5gLt2zFeE4L4 C+XLUWI9nV6M2ovqE8VJB9FODhQ6RrZsihJfuWy5ilfLepmBpV0RyBpMKSqigP3T XKd8am0CrZEoDoOIGxT9NswIfi1ZrNO7NU7Q5Hy8bPoAa8jvqztMmMlctGXxmKty lLiwCZJkwnrQhrEJn4h2gRq2YDvT2Q6MTs4jGesZ3M82HT3kEJV3Y7kDDQQ1P70v EAwA4jsI0VxYZlRrimv0fpj/OhBxaXyX2Ndye64w/rvqsvZJPfBMCgL9S1US3N8/ Fm/M82VLF00kPcN7s1rwfQigu/RxupitE3xDxkEjTF7U2qeN0QkRMdIeqGKkNT6L yXgMQrGz6Zm4DC2YbCK+T8TPT8GHMlDOj02GjXtsxePiB1shqt36CPLp/md1NRZE E3PIx+jTaUbjLlBYIVaHXlZc7BaTEeRFN7y5j6snabdlmsoIgKOT5FByiTyDl4V9 1I+Kr2dx8mJ5UODCWVdVYGcG+nUTfK4YYx+oNSFgWupFf/zF+ZYK01OcIxfCHO56 pUHRDKuceoYk7iI/GDl48/NM2p8ofROjd5PBVnrVzh3O8G2+b0r9yFiph42unot/ waQ8JpzJUtQsKp+xRdXDT/To+P898JNrqSAm9sdfHpCsiIFh1ufWCdD6nV3QlhEe j0A/F01XMNcoBxAIFcxDglr1UnV8sgdvP79rPkCL3iCtz4+CSXU7r8SHHCcguxqo 9R9PAAICDADE2f9AiwLOQBu8raRMLWcF/KZZFSPwIqiZXPDrUxnoz+U1glmOLXHH mRk1DqTq1gsNbrZwo3IO1JlCqlyqFQldqE0LWr0oNs4/DkZCoS7Xux/okpA7QEr3 UTFKRpkV5MVrm01Wbmv5onRl2LfxbiFIh5Fw2595yn+T1dpTY5buO345mOqQQNDt DHbOg+9pjTixieNIhl/uABthhgfEZId/zLHNQ1yIu3/ghYW1iL/IaL/O+RCeuVn9 +yMBRamXWrCLOoyglT1E42Z0aROaP0nm2jgV5ZzAKEFP9wtQIHwoJp4Cxv3evvxC zDdYULA6eOONkoEyl8WQKJtOrFr1GopHJru/0Y3SJ2tDRu9JFPl45RVUc6xUg4II ++XdyFY3TmvK8V/fx5CMtUQxyR++IpbGDObpMCOgnxaPS8fhp/XgU2/7Od0wpPBq 7vOG12BfFDx+bdG0N8wcCGgT+46t4644dvVY44YPEIBRPm1pXSidQHYksOrcG30W 1z0s8ZtcuySJAEwEGBECAAwFAjU/vTAFCQHhM4AACgkQpcF67leaqlVvcQCfYW4V z+Y64jFXfI7SQxdGCQOXFBIAoKG8nz95e4yOi1F3gp84TeLNnicCmQGiBDWJyzAR BADMV+WtOr6bYVf558Ia7cQ5skd02VdabWkSZj8RY/K3KqIJtuRBbU9P1VM/9oDV Xof7kISAgN8SSnDeqRuWLuF5/hf/Awwj/qHHGM8b8Tc/sbw8ooi7kkGaItOIdbS3 /o8w2zoWYbMsFKnJjEnP26dqxMGu8M9fK7RA3XQpkhW+mQCg/3qKGRWOrx5uq1Mz FUAjv601B40D/3R1A4izPkoZ9p3OclFZJUyC4pQG38q0pNpUaM2tWJDQ5gIpQxOQ 5R75seDWuMfGgRBi9t3OaUmYMwcB7uQKvgGgzRfFJKTF/XNXbiIf1OUJ4mO7ZtaZ spg2sN+TjqiLVZpSGIzPxQzqIyEyZRKv7M1dk8EE82PhCh8WqogwF9zaA/9ezUtj K2HxpAvtRmN+9LpTfB5Qj0UMSm3dM6em69CDPIln3fn5MtvLqP+QQcg59rUv3Has qZAEFBHs0RvotKPuOwj/+aQEJQJdO2JZJP78sl+N6EqaiQSmtBSWR/nPJ56840c9 g+/BL4fgWjk08s8iqZlV9hBIgUkihtvFigUqQ4kARgQgEQIABgUCNZpFHAAKCRDY 0dcHxjIJgNwHAJ9vcd/6fbTbIxVD/Qrd5Oups5I49QCgyKSnsajv6WzQRSF+CpOf joF50dW0JEZyYW5jaXMgTS4gWmltbWVybWFuIDxmbXoxQGp1bm8uY29tPokASwQQ EQIACwUCNYnLMAQLAwIBAAoJENjR1wfGMgmAcz4AnRlEiwxfJ8CIK54uOVF0QIzF CyYiAJ9jjyE8jV4N1Q/nE8mGhQEOHf95XLkDDQQ1ictKEAwAzB13VyQ4SuLE8OiO E2eXTpITYfbb6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ngw+Po1gr9oSgmC66p rrNlD6IAUwGgfNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkItAjbBJstoXp18mAkK jX4t7eRdefXUkk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4 INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3b zpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9G AFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67 VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM 2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICC/4uEG2oOdUw cYC/1OWmA0VhO+oAXaoxQMK/CJ/ECkcDVe5Q27Qml2tJLkiHFdgQETYyg5sdEnBt nFA2gv1VPl9CMhCOET4ezX3PleLa+QsaLQ3I0Hgi2rfA2i7fWLmRhOZXeCKaq+s0 xcJHzW+J37YqPt5FtLcNW/SaNE/5OPEEpASvBxUqXlb8P0YD5o/UHS7tiZcBawK5 NNk2QsKtKKfGBS73wtPHF9OWpfRN73VQe4CgSCPPE+20JQ9Hr4nmj/4Ih6koKEAR /bKlR0Jrfsls4R9Nd/NtoGIIK6RJ2qxP+VxYutK5OAzHMvt8K+8H99dKpIjujuz2 4xn8F73Y6abFTasy8Hc15XbTUjrnfguX13LQMAki2o5uUXofYJ91R7HJFCkb8guT T3ODy+PNUc+7IyP0PBfKRqFJuigRO7SGRcC8iREKxoiZtu8oXGSCcqlaNzaZHO5W tDUK4/iWxQMjrE/CjjD8ZEww+Y3w6MqhRZwtBwBONNztHwlYVV/wsX6JAEYEGBEC AAYFAjWJy0sACgkQ2NHXB8YyCYCe4ACfUfZeYppgCK6BnVsY+nVg6ppuRPEAn0sZ CrS8mp4/1QBvYezD5sDuI5qKmQENAzX4WXIBbgEIAMQYm2iPplhZ0sNgBocuQ+iz J7QAwpzmEG2k25y0YEoYCAWOErChlSA8ptXMj50dqwwOKjvyOi+6tInpPDWNTPMM IS0xIYIjRHFZ3FFVvC7+sXXLMIpn12sCBvcTCCDsxyuRpwlnTohdMuTpmWX9beee 5Kiookpd7gd+msbIvPp7ySjpBLDJ7DxNxjCWDB9t4JLF2Xv5oMs43NWJHt/GNuaa WJ3wca/XlT3A7BqBLO6ICPK49TwpQpF6gePeblD8EfG6u/q42eDlqz0PcrvwyMN7 3R8701CPg/Ke7a09io9U5NanhgwFDR48doql3/XOv7HLjhf22ITYkDz9YM/z1cUA BRGJARQDBSA1/njhkDz9YM/z1cUBAbfcB/iZCRA9nZMTa3a4fabR8R88W7rudGJD oj8qCdpldKhamAtiV/SfyyG7V5P8R2XBM3Wk26Zhm3w/dh3E3oEGz7rc9wLU7E++ 7W5wGbvNzfPiMputBLU7n4o9ojPhEcLMNSHqjC/VNUxHKLgOzeHhEah7X1kAi+sa DKlN+h849iD2lYB00/mQRzNqWIhkt1Nn+WaW8cWGhWHW/LDrpYULIXKDu6uZQju2 8eS5G236piniPnoBBNHnQwWHw/9E3iMaqX2nVVWl1d6i8MGVaLeaaNHVeQiXybPd Amvct/leEUWUAsOzGHyCoeIC5N3is0yUd+xihdyKB10b4DEoSYD06Mu0IkYuIE1p Y2hhZWwgWmltbWVybWFuIDxmbXpAanBzLm5ldD6JARUDBRA1+FlzkDz9YM/z1cUB ATI+CAC5Xk2x9jCRJ7uvuPcsXg/FNoHeynJBTQw5OteEqnmSSJvsE19L6YEnoJ7R lkFE5Or0MKXU7tF6AFA3lKl5phRFPSWThduhcjDqLpQTdj3PJwNCIgGVcuieZbfT kBdhvfNuj7CN1Gvl/5v4RZc8HU6NU53vgpq4V4xj0QD3/suiothvqhQnmLtSD4M8 MRU9itYv2j3ByGUVo9UEx/8a0M3Eeww2ToI1TfkyRVm0aXsTGgGkpI2ej7femoup 0F519sYC6X/anIzOxRjlVfsW1XJbtLWXU2bxHIKTCWeQmV97ufjinAdl+nzXe2r+ 3/KLRojkVNDnLuZlaNCEFy+/knO2iQCVAwUQNfhb3sBdO/xXSCllAQGYSgP9GfKD k+iRas125Hq/bk1v1hKAdiQQLIKj2aSHWFN+HytTLQ/SIn5t7yQe+KCIBO/U0xkH ZSseqMSikzuqQJJp2hv4G15qsTSpcafPHNX8AGZ94temjSOLBSerpWowuPODVox+ 1HbXhH2oQ8D740rvgFukXqhL7HGvrr3Z5bSsx9WJAEYEEBECAAYFAjX4XMoACgkQ pcF67leaqlXVYgCgnTyEWBfs16gxHHPsrb/LgCFQvV8An1Y5ygyNQ8luxyt7S2ac GlqhqGMwiQBGBBARAgAGBQI1+F5PAAoJECKrGosRR74fG7MAoMo6ThFE/9Y4B/S2 WE/JOeU9lKasAJ9lk4wgJeoPTEvluoDPFdx+kvmS64kARgQQEQIABgUCNfhkagAK CRAm6RTSAfNAztzuAKCl6Zumls17ui62HZtXG2JZF61xVgCfUsMPvEc79BuwYjmE rop9JLJLKO6JAJUDBRA1+GXSyBiBfBoP75kBAW0ZA/9WavE6Ouel1x2V84JLJlMr ARkzBkv1vaBX1oTcPIC2UoBCty2YYlr0p96BYNMdokAyTrCJeiMw20DZ6i8uVQuH +cdMtJX2scG413tQqZt/IQJLLZc8DVVm0PQhE6TdCL9ynv0Lfh/pdlbqZNDID3OZ PVD3FgIPch3IyCC3ajOJ5YkARgQQEQIABgUCNfhpBAAKCRBJhVZ6Fj3IZLtQAKDQ O0nIu719C3ovBWbwdkvuZvLXvgCgjPevZx2z+hB9mHx+kyDjl1ptMdyZAQ0DNf59 8wAAAQgAqq8r2Lt4ncdyvEIA+tak/7GMCCc0thhJEBtiJBv6DhdlbR+zWBDS/3/i XtjTqjksV0tWX90MsNJI5Y2FPid/4xIsHwHdiDgZsoVqIJE+AxOcoA06OuBMPPXn 3LPlNqBx/XGAkt7gywYxKB1FUIDg4rXWZN//3Huc+rtqCs4dXuTg1VaVX+u4E58A 1tcgtxe03Z36+5m+aLao/yMkzrq3f1qeDrU2BqYqFrSthAutabOQYjx5llj6/4Gn SHVGpYtT8k94ksVIq78gw5c7drZ+NjToYTLTuAMz/lli0y5e7tyUugxilV3AFtO8 qbRbL3t63AG+Aj7E+lWpakIxtxM2lwAFEbQkRi4gTWljaGFlbCBaaW1tZXJtYW4g PGZtejFAanVuby5jb20+iQEVAwUQNqvqXKlqQjG3EzaXAQHutQgAmaHdozUKLtfW uV4iu8h8SZpBRX5o9rngH2MS7zCcKURWrCCqw3tWdUn0z1HJU952y0UESRnhf+aQ mgN0XiETthsjvwW9ZBB378ePdovpxq7WUxoVIaVssgXSfxa4DR/iq1iojfszKqkj 1M0Lwap1S6vt9Q3DlhBiPhge7OZ1YA2Y6oelZ56mRf5vba8kKvIQyDGVuJmE5oE4 eJYjsSU6MVOBzVaAK4WvYeiKJEvuadlhoN0YlPmaBoeA/3KXc12z2GcCL0XYX1De NACjVtGVhJuL8yUTdNiIZNA3OHrPOxxljln2qxG4Hh1NpE8jKYGEfeqEybxOZDjw O3uvOzsewbQkRnJhbmNpcyBNLiBaaW1tZXJtYW4gPGZtejFAanVuby5jb20+iQEV AwUQNf5986lqQjG3EzaXAQEhEggAht2ykdHBfrYntlYhe5GZTjY/bxNv4MkRyR8f +pMIAIBEWJ1Bnd5Z4YDkTqArVQM/PIxcVsYQ4PASetnGvIfaxphy48KuDg8TTI8s bqxNPmzK1Q3BhQRSCHgxlMHp4hNR74mbrex9qSKySRX1tyuwQZLx/tem8vlSNzUq 2iPSMTXFTS3MtJ2WBeWlTAZDma9UEaEoVgQboeqhanPp80/ISQ7VDE88Z89WfktU VIRbtIfwyaVYkGN0oT2goqUCpU1IcEIy0rKQKMzTHX9REG+YhW7YxecLA4NJiftB IIxa6GTk2DczOwC1O3fTzP7T1sKw8hJCnN/aJBo3niSS62FaB4kARgQQEQIABgUC Nf76QgAKCRAXUWd6GwHONAEIAJ9XTGmds7y4JCAaSt3CkULXmBKKOACgn8HvB8dN o8HCPgMYzbGiyYJDSg+0IkYuIE1pY2hhZWwgWmltbWVybWFuIDxmbXpAanBzLm5l dD6JARUDBRA1/oBaqWpCMbcTNpcBAe2dCACDX7NykLqT0GHyYIaGy3Sp8amG8UgD vvX/ZwYmLViBqZUzvxMBozm137GlTe8LFRuoGkJiEbvJ1YMy3HVLIxVR7WzEw2Ml yrIGXCgAsopMvlIyK7vsdklZtJMHRvf5pvMDxwIIPAJKVRnzbHmrwD186vpVft+j 1CKljgqRz+D9G2dJW8oUVVjOghG2frec2tqB1Kg2BzlMPHYRLulxh1U7FEBAnt7A cVxe2rnepzyHhg/N1j41n7k/OZsT0FptpRu+dw9UZ9r+Hr3GBkzi91g2L07M0lFB pqvJSeYnoVvVXowLlA7nS6d1vxaVDO9DFIHKr3+Btu0XvtoAnZzEFIKCtCdQLiBD LiBDb25zdWx0aW5nIDxwY2NvbnN1bHRpbmdAanBzLm5ldD6JARUDBRA1/oDdqWpC MbcTNpcBAdKXB/oCe2nxk1yhPKch9WBuaa1FEiE2nz7W9LqGHGoxrX9egjI6gA9B kySPF9j6puK5Ci74XxWmCkQMfsAWU9P5ykDj62McOkf+bA64FfhqHIIcJZQukfP2 79BWWskIi8VRfTXnbmYZOjjuf4nglqNZkhShNk/e9HVCrcUkK6uL0oWDIgxTnqSk MVlyIg3raBhZugnf0TlkFto9bIpe9u0242K6ixg6ITWmv7bf5sv1DT5agGPnspzG q63Bu/g8NQN6L0PZtpe4BqCk6pOkJkObd/xnf2qHbxIDMPg6ZU/+nVB75JHxY8OB gXqkUnr0vjupFgDqVtnpcxuRmu5P9vXzCRaHmQGiBDX+h38RBADS1a5I8DhXCTuI 9lQiIm7Dj+lV3/GSVVtc1YpPLiqejW9+uS3eU9kfW7iBEbMshocqLf6VMYEk6ZJE 3LLmYRPCzOAnaWtRSthc0eu6r8WxRQTyqsnA0hpKzeN8ZUh1XYKCuvMCC1SQjWGV sdL+8tzZzwtnWOCjDY31IMe7OZuZmQCg/x1F/AkZbM/ZVEog9dafAYNFuukD/1mj ndJcEHwvxFS5XFgnNXwm4BliGWtoHoTLPoZCbcm1ph/26yXSlrqPXdMTvRfdzF+P sUbdVV2bDK5m+u3LPlq/UaPVT2C++rJSl3oa8NepKMynXE+lPbklwvumm7vgADWw givMHIQmW23v7eHHU05nfztgJmCFuigRoa5PwVt7BACQL8wsIZNBjaoX1ARHnrCy A2kLFuXrpZbB8ohSEKNUIMddmhIZIC24gDXtnxlKi7iZ6JAGL7tUAFYMki3KhmLt KkEQ2uI8prlA9NW0i8PXi1xtA2INUFNNUkh4vi9sWOhC3PFh1IHkRYbIZJGdHCge 2ffmb16YVQfg1tufeoa4bLQkRi4gTWljaGFlbCBaaW1tZXJtYW4gPGZtejFAanVu by5jb20+iQBLBBARAgALBQI2q+jiBAsBAwIACgkQF1FnehsBzjTrcACgsSzpy0mh GiyZXeZgfUC6Gl7EQSIAoNEGNmrapYn1mfsZtqoARwZvk88jtCRGcmFuY2lzIE0u IFppbW1lcm1hbiA8Zm16MUBqdW5vLmNvbT6JAEsEEBECAAsFAjX+h38ECwEDAgAK CRAXUWd6GwHONHzFAJ9gvSLmQEyXNhfRwuvy04OpBoH/VQCfQiW0bb9rXRI/SuTu Qa6sgFVrg1e0IkYuIE1pY2hhZWwgWmltbWVybWFuIDxmbXpAanBzLm5ldD6JAEsE EBECAAsFAjX++SQECwEDAgAKCRAXUWd6GwHONCs1AJ40sqB3nLH6hb1VL3dMed8Y FUXbQACg3Au0lvprNaEyjgL0aSI/J+jFFge0J1AuIEMuIENvbnN1bHRpbmcgPHBj Y29uc3VsdGluZ0BqcHMubmV0PokASwQQEQIACwUCNf75qgQLAQMCAAoJEBdRZ3ob Ac404DAAn1YLIbBNfiaSz9CIclpTQfPr2lpnAKCa6qUY+PZDka8aY4E5qo+560/G k7kDDQQ1/ugLEAwA5jo52ATv/OtLw/K3CqbPJ17un0D/DkD4o6m93LxBDTxcvwep vvR5tqbc78Osv/7piOEZb3LJ0FVskObDzUjWh4i7CmI0lertbtrTbPvX9Hjo5isi sDFCRbUGZEYz6qRHsuJrrMQlb8CMbie88zRiG5q6vQr4IPtRDTX9oqgwFEcrQ8Lr 6pkkZWBTOdQJzF6AurixPDnC4LkhswlrHb1g27yW/huABQguQFq7N3ONlIored5e Bk//eXjsLrr9jPIgQBVBF8c/VapNy8KUQ0pwnz+QnAqXb/n9F1q56UDWD4Hzlscg A5ZDVrl4FJnTCQbzaqtwUBNxVhN8txAr6K52tBC5kviCJXFpkdVHfCLKzrzGvXq5 p2wuwD9PQDhOEI3989xeMqaNf8p7YjlapWKlNtLqq0HqS5D+eyk84fXOtB4kh3ME lXVO7AT0XxF0jxh+lDNcVROGSTBFBfK4I2XCtwDrcvROTLiWg0dePsiPusbhqmgW MYXY2RCMJrdwYcihAAICDACivTPusggG7yayoNaszrlMTjPaQpV3+TgTdn3soIM5 Gegmo8P9R5kiTOuTa2jObD0OG4UgP+1SugKSbd7sInmY9XCkph08CBg5yaTet+MR sP7jq1xN7wt89oeSyKzl3aEBlYdQIHXTPJp2HYYscoCTQgYZeuG7Xcpdi3P00Th8 RNvDSkPnnqU/C0Ke8IcLmVGezSh9aD9XQkVdeAV3YCEyAqC+4jT4dLbdMX37ruya CHsIwtOFCMyhBiTg8+VLJQ0rJ8IcshKjgIpSqLGSSR/DUr0A12tpRbTJxCf7G5+K kaEhjiad4JJuZZOGWc73KlnKP92TKpQwPJIf4Kpfoo7PymfykhVR8KPHldzVPRzr edMGtCn07yh906zEC2ImNmV5SnmnD8HE0laQ1pFEVsEfFS3Y3glu2+WeWEqB/2Li 7P71b6lVg1KUzTXd27wtMFyebWfkEJirMDGM1AggmDqO9Sapwr9np0Uf1k5I65ZL jJbLfxer9zyy7ExkL0mpIC6JAEYEGBECAAYFAjX+6AwACgkQF1FnehsBzjT+bACg xaoiwnnYG+znXuH/gFhh4UBvKb0An0YQGe+L6ynzkhEiGuy6Tl0xkgmEmQCNAzYC jlMAAAEEAMCdufgGlhwtkciUSigTwgIN+EoXfxy+PaKoImmSEukKZj3oZMjgra2r l3SL98DdpXXHuDT132u8MNeJf3ZZ9KpByllivTvFlNBF60XZqobmVcF6ev48wKhP tqtTyCWy2a4sd7QJ1NHGlq37oGV71SX/CGzYn8f/ZN6T2+wcdEU9AAURtCRGLiBN aWNoYWVsIFppbW1lcm1hbiA8Zm16MUBqdW5vLmNvbT6JAJUDBRA2q+r63pPb7Bx0 RT0BAcY3A/9bQ/EWOf8K/YXPwTbCA2+kSoXyX9serBIhKKGghYlJePELB1YvAU7f DaDSds3hpVT08TbC8EJRI1rG/CXTUgu9qD3uLE1UBnHHETTa2RKwW0U7xJ6u+Jl7 Wi+QzItr1/+pdAand7TR1822EnhDoJJT7J9CPlRMImMZOJu6qNREebQkRnJhbmNp cyBNLiBaaW1tZXJtYW4gPGZtejFAanVuby5jb20+iQCVAwUQNgKOU96T2+wcdEU9 AQEgnwP/SxAmvoCCiawiNHoY4lwNMrkDzbO1DIHn9n9wFh8ssuQ25seYvfzD9wq6 CqlKWREmx42dq8ZtyfMAIk0JapFU0qbRkg32TO3baAHVdYbsioWkUsJegjHidrlH etNFAu1iUY8sp2CnyBG0zuiUGpcm+xgSvkW4lPCsfDjeiJfMJde0IkYuIE1pY2hh ZWwgWmltbWVybWFuIDxmbXpAanBzLm5ldD6JAJUDBRA2Ao8j3pPb7Bx0RT0BAT8+ A/0XAiB6LD+HS8tfjjK2NbWX5+WWYy5kEawfCRFbYX3qgEem/ErcKlXGqoK0hO66 EOboXhy3E9GajpW31P+SidhTpmYdIU4c6J9YQbo1tbtHgF9yQdoiAOqV51uWKxCA hEjA9KW9YIlI8uJzREmJpwpzdFEcGXdkSGxH3T7D3KBeYLQnUC4gQy4gQ29uc3Vs dGluZyA8cGNjb25zdWx0aW5nQGpwcy5uZXQ+iQCVAwUQNgKPiN6T2+wcdEU9AQEd cAP+OrpJc0zSrBKV5t7LodalQe76AY5PvTQUXUIZDYYPaQM8H1vMA/QvCqDtUDjm Ozyoo0gf0Agbqnbq4wGsF7O77AXO49SPeMeSmXvxNU4QEbC/Vv38AKd+wZFkjrNg WUGdiKziK6h9bNcmUYql5zTXNizGsly6nJoYtpDyHB9p4P0= =hhH8 -----END PGP PUBLIC KEY BLOCK----- ________________________________________________________________ Get secure free e-mail that you don't need Web access to use from Juno, the world's second largest online service. Download your free software at http://www.juno.com/getit.b.html. From dparkins@alien.bt.co.uk Mon, 07 Jun 1999 08:41:05 +0100 Date: Mon, 07 Jun 1999 08:41:05 +0100 From: David Parkinson dparkins@alien.bt.co.uk Subject: More on fortifying Lotus Notes At 16:50 06/06/99 +0100, Ben Laurie wrote: >That's a general requirement for export. Until recently, that is. 1024 >bit keys are now permitted. As are 56 bit symmetric keys. According to my print out of the Dual-Use List, category 5, Part 2: [...controlled items include...] A "symmetric algorithm" employing a key length in excess of 56-bits; An "Asymmetric algorithm" where the security of the algorithm is based on.....Factorisation of Integers in excess of 512 bits (eg RSA). i.e. 56-bit symmetric ok, 1024 RSA still a no-no. However if we look at Note 3 (The Cryptography Note), we find there is no mention of "asymmetric algorithms", just symmetric. Could be read as "mass-market" products (such as Lotus Notes(?), Netscape, IE5, Exchange) can employ 64-bit symmetric keys with RSA >512 bits? David From gladman@seven77.demon.co.uk Mon, 7 Jun 1999 09:07:24 +0100 Date: Mon, 7 Jun 1999 09:07:24 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Germany Frees Crypto Hi Nigel, >From: Nigel Hickson >To: >Sent: 06 June 1999 21:36 >Subject: Re: Germany Frees Crypto > >Brian > >Just seen; the PIU document was talking about coordination on encryption >policy; not on export controls. Why should we lie abou Wassenaar? We were >simply trying to make point (something I thought you wd be in favour of) >that there has been little coordination on broad encryption policies in the >round. > >Nigel Hickson > Thank you for your quick reaction to my flame. The remit given to the PIU was: * to study the needs of law enforcement agencies and of business; * to examine the merits of the current encryption policy (and in particular key escrow, which is explained in chapter 5); and, if necessary, * to identify proposals that would satisfy both the need to promote encryption for electronic commerce and the Government's duty to ensure that public safety is not jeopardised. Although there is clearly an emphasis on key escrow, it says 'current encryption policy' and here it is not sensible to omit coverage of export controls when many of us have been saying for years that these are impeding the development of e-commerce. I am also very confident that one of the arguments used in promoting Wassenaar crypto controls has been law enforcement requirements so this again shows the relevance of Wassenaar within the remit of the PIU study. I hence maintain my surprise that the document makes ***no mention*** of the crypto export control issue, something that is quite amazing given the study remit. In terms of international co-ordination of encryption policy, various arms of the UK government machine, especially GCHQ, have a long standing set of international relationships within which policies on encryption are discussed. Moreover within Europe, the Senior Officials Group on Informaton Security and the EU Cryptography Working Group are attended by the UK. The UK has been heavily involved in continuing discussions with the US (Aaron et al) on the topic of encryption controls. And the GCHQ/NSA axis continues to discuss in detail the issues involved in trying to limit the spread of cryptography. Moreover a number of nations co-operate 'behind the scenes' in such bodies as ETSI to limit the strength of the encryption technologies deployed within telecommunications systems. But despite this extensive international coordination of encryption policy the PIU document claims that there is "remarkably little international co-ordination"! I don't often accuse the government of barefaced lies but on this occasion there is no other word to describe what the PIU document has said. I would certainly support a statement that said "there has been remarkably little ***open and publicly accountable *** international co-ordination of encryption polices" and this might be what was meant but this is NOT what the PIU report says. Most often I believe that these situations are the result of mistakes rather than conspiracies but on this occassion I find it ***VERY*** hard to see this as anything but a deliberate attempt to divert attention from one of the key issues in the development of e-commerce. When someone is stamping on your toes (crypto export controls) and beating you over the head with a sledge hammer (key escrow), it is a relief when they give up the sledge hammer but it is important not to forget that they are still stamping on your toes! Key escrow can be seen as an excellent way of diverting attention from the export control issue and the PIU study provides a clear insight into this intention. Those of us who want these controls removed should not allow our attention to be diverted in this way. Perhaps you or David can explain why you consider encryption export controls to be outside the remit of this PIU study? Brian From ben@algroup.co.uk Mon, 07 Jun 1999 10:41:14 +0100 Date: Mon, 07 Jun 1999 10:41:14 +0100 From: Ben Laurie ben@algroup.co.uk Subject: More on fortifying Lotus Notes Nicholas Bohm wrote: > > At 07:08 PM 6/4/1999 +0100, Paul Crowley wrote: > >Ian BROWN writes: > >> Paul Crowley wrote: > >> >Is that because Lotus has been engineered such that it's harder to > >> >reverse-engineer or modify? Because presumably if we could find > >> >where the NSA's public key is stored in the binary, a Lotus-Fortify > >> >program could replace it with a randomly-generated one for which the > >> >private key has been discarded? > >> > >> "Playing hide and seek with stored keys" by Adi Shamir and Nicko van > >> Someren describes how to use the high entropy of keys compared to > >> program instructions and data to find an embedded key... > >> > >> http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf > > > >I've finally fetched and read this paper, and it seems to be pretty > >straightforward to implement. A few questions: > > > >* What legal hurdles stand in the way of (a) using a bunch of tools to > >search the binary files that come with Notes to find the embedded > >public key, (b) publishing the key, and (c) writing a program to find > >the key and scramble it? > > Check the terms of the Notes licence. Unless the licence imposes an > explicit contractual prohibition, neither searching a file nor modifying it > (manually or automatically) are copyright infringements. Publishing the > key would be a copyright infringement; but why bother? > > Also check that the licence does not prohibit the user from modifying the > program or running the program as modified. Users concerned about the risk > of invalidating their Notes licences by making its encryption secure > against the NSA may wish to raise the matter with Lotus. I thought that reverse engineering and modifying a program for the benefit of the licence holder were specifically allowed, regardless of licence? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Mon, 07 Jun 1999 11:27:49 +0100 Date: Mon, 07 Jun 1999 11:27:49 +0100 From: Ben Laurie ben@algroup.co.uk Subject: More on fortifying Lotus Notes David Parkinson wrote: > > At 16:50 06/06/99 +0100, Ben Laurie wrote: > >That's a general requirement for export. Until recently, that is. 1024 > >bit keys are now permitted. As are 56 bit symmetric keys. > > According to my print out of the Dual-Use List, category 5, Part 2: > > [...controlled items include...] > A "symmetric algorithm" employing a key length in excess of 56-bits; > An "Asymmetric algorithm" where the security of the algorithm is based > on.....Factorisation of Integers in excess of 512 bits (eg RSA). > > i.e. 56-bit symmetric ok, 1024 RSA still a no-no. > > However if we look at Note 3 (The Cryptography Note), we find there is > no mention of "asymmetric algorithms", just symmetric. > Could be read as "mass-market" products (such as Lotus Notes(?), Netscape, > IE5, Exchange) can employ 64-bit symmetric keys with RSA >512 bits? I'm talking about US export, not EU export (since Lotus is a US company). EU export rules only apply to certain destinations, unlike US export ones. UK rules also have all that amusing stuff about licences (i.e. you can only apply for one if export is prohibited, in which case you are unlikely to get it, but the fact that they didn't let you apply doesn't mean you didn't need one and its entirely your fault if you did. Catch 22, anyone?). Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From Ross.Anderson@cl.cam.ac.uk Mon, 07 Jun 1999 11:34:51 +0100 Date: Mon, 07 Jun 1999 11:34:51 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: `Germany Frees Crypto' - do you believe it? Some people are under the impression that France and Germany have freed crypto. However, export controls look like being tightened. Guess who organised that? As Brian eloquently puts it: > Moreover within Europe, the Senior Officials Group on Informaton > Security and the EU Cryptography Working Group are attended by the UK. > The UK has been heavily involved in continuing discussions with the US > (Aaron et al) on the topic of encryption controls. And the GCHQ/NSA > axis continues to discuss in detail the issues involved in trying to > limit the spread of cryptography. Moreover a number of nations > co-operate 'behind the scenes' in such bodies as ETSI to limit the > strength of the encryption technologies deployed within > telecommunications systems. After last year's DTI white paper on export controls proposed to control `intangible exports' as in the USA (but worse), there was an explosion of outrage; a report from the Trade and Industry Select Committee trashed the idea. Officials said that we shouldn't worry as there was no parliamentary time for a bill this century. However the relationships to which Brian refers above seem to have been exploited to cause the EU to issue a draft regulation in much the same terms as the bill (see http://www.cl.cam.ac.uk/users/rja14/#Lib for details). When speaking to the relevant DTI wallahs, I detect a distinct note of gloating to the effect that `we outsmarted you by doing this through Europe - you can't stop us now'. GCHQ's agenda is obviously to stop people like Brian and me having crypto source code on our web pages. They don't seem to have understood that: (a) the public domain exemption will apply to the Serpent home page which will still be there. If the exemption is removed, the Serpent home page will still be available in Norway, Israel, Taiwan ...; (b) there will be enormous harm done to industrial R&D and to university teaching . Essentially everything we do in the School of Technology, and much of what's done in the School of Medicine, will fall under the net, so we'll have to get personal export licences for an awful lot of foreign students. The system may just collapse unless we take our courses fully public domain (I have done this: check out http://www.cl.cam.ac.uk/Teaching/1998/Security/). But fully public domain research would undermine the DTI's efforts to make us do all our research in collaboration with industry; (c) the absurdity and chaos will bring the arms control regime into disrepute. At present, judges confronted with an arms smuggler throw away the key; but given a couple of years of confrontation with RSA T-shirts and newspaper stories of ludicrous official decisions, the DTI will be laughed out of court; (d) even with an EU regulation, they can't create a new criminal offence - of unlicensed talking to a foreigner - without primary legislation. However, with an EU regulation in place, the UK government will find itself compelled to introduce this. Those clever people at the DTI clearly hoped that, in going via Europe rather than sponsoring UK legislation directly, they could avoid a confrontation that might embarrass ministers. But they have merely ensured that the confrontation will happen on the worst possible terms. Once the regulation is passed, the government will have been painted into a corner by Brussels; they will have to legislate; they won't be able to delay and obfuscate, as with crypto policy, in the hope that the problem will go away somehow; the apparent `European' source of the stupidity will ensure that the Tories savage it; its intrusive and disproportionate nature will get the Lib Dems up in arms; the DTI's finesse of the select committee will upset Labour back benchers (who are divided anyway because the hard left want all arms exports banned); and the furore will be even worse than with crypto policy as it will affect many more people. For example, the metallurgy people next door to us use a focussed ion beam machine to prepare samples for electron microscopy. This is an export controlled device (you can also use it to break smartcards); until now all that meant was filling a form when you bought it and another when you put it in a skip seven years later. But under the new regime, every foreigner with access to the software will need a personal export licence - that's most of the research students and some of the undergrads. Also, the current practice of swapping programs with metallurgists in other countries will be choked off. Stand by for some very unhappy materials scientists (and engineers and chemists and physicists and medics and botanists and ...). Nigel, you used to be at export control before you moved to crypto policy. I bet you're glad you escaped in time! Ross From chl@clw.cs.man.ac.uk Mon, 7 Jun 1999 10:02:53 +0100 Date: Mon, 7 Jun 1999 10:02:53 +0100 From: Charles Lindsey chl@clw.cs.man.ac.uk Subject: More on fortifying Lotus Notes On Sun, 6 Jun 1999 15:36:50 +0100 lists@notatla.demon.co.uk said... > The session-key leakage is 24 bits (2^24=16777216). If the same bogus > public key gets into wide circulation among L-Fortify users then the > NSA only has to compute 2^24 encryptions with that key and they are in > a position about as good as they already have. This is a lookup table > that can be stored on a single disk even if it is stored in full which > should not be necessary. But presumably any other bad guy who wants to decrypt Lotus messages can also generate that table. So Lotus is already insecure against attackers other than the NSA. (if they are sufficiently clueful and determined). Charles H. Lindsey ---------At Home, doing my own thing------------------------ Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From chl@clw.cs.man.ac.uk Mon, 7 Jun 1999 10:06:38 +0100 Date: Mon, 7 Jun 1999 10:06:38 +0100 From: Charles Lindsey chl@clw.cs.man.ac.uk Subject: More on fortifying Lotus Notes On Sun, 06 Jun 1999 12:41:03 +0100 Duncan Campbell said... > > To prevent you giving NSA its present of the WRF, Lotus Notes 4 > International Edition works as follows. > > 1. The full session key is sent encrypted - presumably as part of the RSA > session set up. > > 2. The recipient programme looks for the WRF and extracts it. > > 3. Using NSA's public key, it re-encrypts the 24 bit section of the session > key. > > 4. It then compares the result of that encryption with the WRF. If the two > do not match, then it will refuse to decrypt the incoming message. So this suggests that a Lotus Fortify would have to not send the WRF at all, and instead send the necessary incantations to make it look like a message originating from the N. American version. Doesn't sound that much more difficult. Charles H. Lindsey ---------At Home, doing my own thing------------------------ Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From dparkins@alien.bt.co.uk Mon, 07 Jun 1999 12:26:48 +0100 Date: Mon, 07 Jun 1999 12:26:48 +0100 From: David Parkinson dparkins@alien.bt.co.uk Subject: More on fortifying Lotus Notes At 11:27 07/06/99 +0100, Ben Laurie wrote: >David Parkinson wrote: >> >> At 16:50 06/06/99 +0100, Ben Laurie wrote: >> >That's a general requirement for export. Until recently, that is. 1024 >> >bit keys are now permitted. As are 56 bit symmetric keys. >> >> According to my print out of the Dual-Use List, category 5, Part 2: >> >> [...controlled items include...] >> A "symmetric algorithm" employing a key length in excess of 56-bits; >> An "Asymmetric algorithm" where the security of the algorithm is based >> on.....Factorisation of Integers in excess of 512 bits (eg RSA). >> >> i.e. 56-bit symmetric ok, 1024 RSA still a no-no. >> >> However if we look at Note 3 (The Cryptography Note), we find there is >> no mention of "asymmetric algorithms", just symmetric. >> Could be read as "mass-market" products (such as Lotus Notes(?), Netscape, >> IE5, Exchange) can employ 64-bit symmetric keys with RSA >512 bits? > >I'm talking about US export, not EU export (since Lotus is a US >company). > I was quoting from the Wassenaar Arrangement of which the US is a signatory along with other non-EU countries. Regards David From 100022.723@compuserve.com Mon, 7 Jun 1999 07:56:03 -0400 Date: Mon, 7 Jun 1999 07:56:03 -0400 From: Dietrich Cerny 100022.723@compuserve.com Subject: Germany Frees Crypto Hi, the following text is the official translation of the "Eckpunkte der deutschen Cryptopolitik" and their justification. Regards Dietrich Cerny Key Elements of Germany's Encryption Policy Introduction Up to the early Nineties, programs and chips for the secure encryption of messages were a relatively insignificant niche segment of the computer industry. However, this niche segment has since gained substantial importance for the economic and social development of the information society as a whole. After all, "information" as a production factor is increasingly becoming a coveted raw material. More effective protection of this raw material can decide on the success or failure of businesses and thus on employment opportunities in the information age. Today, this protection can only be effectively guaranteed by using powerful cryptographic procedures. In any event, the efficiency of this technology is today greater then ever before. The encryption controversy in Germany The encryption controversy revolves around the question as to whether and to what extent the use of cryptographic procedures should be restricted by law. This question has been the subject of controversial debate in many democratic industrial nations in recent years. In Germany, too, there has been an intensive discussion involving the Federal Ministries with their differing standpoints, the economy and numerous groups in society. In October 1997, the Federal Cabinet adopted the "Progress Report of the Federal Government - Info 2000: Germany's Way to an Information Society", which contained a passage on encryption policy: "It was agreed within the Federal Government to forgo the introduction in this legislative term of a statutory regulation concerning the putting into circulation and utilisation of encryption products and procedures, meaning that the unrestricted freedom of the user as regards the selection and use of encryption systems will remain unchanged. The Federal Government will continue to closely monitor further developments in the field of cryptography, particularly in the context of European and international cooperation, and will initiate further measures for the implementation of its goals, if necessary". However, the Federal Government has not yet adopted a binding and unequivocal standpoint. Cryptography and business interests The markets for encryption products are today displaying high growth rates, primarily because of the dynamic development of digital business transactions. In addition to the traditional protection of confidentiality, important fields of application for cryptographic systems today include, for example, copyright protection, digital signatures and digital money. Beyond this, cryptography is a cross-sectional technology which is indispensable for the system architecture and development of complex electronic commerce applications. Consequently, far larger markets are indirectly affected, e.g. those of telecommunication, on-line banking or telemedicine. Security standards of a kind that were mainly still the reserve of major companies and government agencies a few years ago, because of the high costs, have now also become affordable for medium-sized enterprises and private households. Nevertheless, encryption products are currently still not used to the necessary extent in Germany. This is often due to a lack of the necessary IT security-consciousness, even though unauthorised spying, manipulation or destruction of data can cause substantial economic damage. German manufacturers of encryption products have good prospects for keeping pace in the international competition for new markets, provided that the framework conditions necessary in this context are guaranteed. In view of the strategic importance of this sector, many leading industrial nations are making a major effort to strengthen its economic and technical efficiency in their own country. Cryptography and security interests The use of cryptographic procedures is extremely important for efficient technical crime prevention. This applies both to guaranteeing the authenticity and integrity of data traffic and to protecting confidentiality. On the other hand, this protection of confidentiality can favour criminals. For example, it can be expected that the growing user-friendliness of encryption products will result in their increasing spread in criminal circles. This can pose problems for the criminal prosecution authorities. Surveillance measures lawfully ordered by a judge must remain effective, even if the target person protects the information in question by means of a cryptographic procedure. To date, the abuse of encryption technologies in Germany has not caused any serious problems in the process of criminal prosecution. However, this fact cannot be used to make a forecast for the future. Consequently, there is a need to actively assess the impact of this technology in relation to the interests of the criminal prosecution and security authorities in Germany in an attempt to identify undesirable developments in such good time that they can be effectively counteracted - on the basis of alternative strategies, if necessary. Based on the national debate to date and on international developments, the Federal Government herewith adopts the following key elements for its encryption policy: 1. The Federal Government has no intention of restricting the free availability of encryption products in Germany. It regards the use of secure encryption as a decisive prerequisite for data protection for the public, for the development of electronic business transactions and for the protection of company secrets. The Federal Government will thus actively support the spread of secure encryption in Germany. This particularly includes the promotion of security-consciousness among the public, in the economy and in the administration. 2. It is the aim of the Federal Government to strengthen the confidence of users in the security of encryption. It will therefore take steps to establish a framework of confidence for secure encryption, specifically by improving the verifiability of the security functions of encryption products and recommending the use of tested products. 3. For reasons relating to the security of the state, the economy and society, the Federal Government considers it indispensable that German manufacturers be capable of developing and manufacturing secure and powerful encryption products. It will take steps to improve the international competitiveness of this sector. 4. The spread of powerful encryption procedures must not undermine the statutory telecommunications surveillance authority of the criminal prosecution and security authorities. The responsible Federal Ministries will therefore continue to monitor developments closely and report on this subject after two years. Independently of this, the Federal Government will support the improvement of the technical competencies of the criminal prosecution and security authorities within the framework of its capabilities. 5. The Federal Government attaches great importance to international cooperation in the field of encryption policy. It advocates open standards and interoperable systems developed in the market and will support the strengthening of multilateral and bilateral cooperation. From Brian.Randell@newcastle.ac.uk Mon, 7 Jun 1999 13:02:11 +0100 Date: Mon, 7 Jun 1999 13:02:11 +0100 From: Brian Randell Brian.Randell@newcastle.ac.uk Subject: `Germany Frees Crypto' - do you believe it? Ross: Do you have any objection to my spreading your spendid message of a few minutes ago on this topic far and wide? Cheers Brian Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK EMAIL = Brian.Randell@newcastle.ac.uk PHONE = +44 191 222 7923 FAX = +44 191 222 8232 URL = http://www.cs.ncl.ac.uk/~brian.randell/ From ben@algroup.co.uk Mon, 07 Jun 1999 13:25:36 +0100 Date: Mon, 07 Jun 1999 13:25:36 +0100 From: Ben Laurie ben@algroup.co.uk Subject: More on fortifying Lotus Notes David Parkinson wrote: > > At 11:27 07/06/99 +0100, Ben Laurie wrote: > >David Parkinson wrote: > >> > >> At 16:50 06/06/99 +0100, Ben Laurie wrote: > >> >That's a general requirement for export. Until recently, that is. 1024 > >> >bit keys are now permitted. As are 56 bit symmetric keys. > >> > >> According to my print out of the Dual-Use List, category 5, Part 2: > >> > >> [...controlled items include...] > >> A "symmetric algorithm" employing a key length in excess of 56-bits; > >> An "Asymmetric algorithm" where the security of the algorithm is based > >> on.....Factorisation of Integers in excess of 512 bits (eg RSA). > >> > >> i.e. 56-bit symmetric ok, 1024 RSA still a no-no. > >> > >> However if we look at Note 3 (The Cryptography Note), we find there is > >> no mention of "asymmetric algorithms", just symmetric. > >> Could be read as "mass-market" products (such as Lotus Notes(?), Netscape, > >> IE5, Exchange) can employ 64-bit symmetric keys with RSA >512 bits? > > > >I'm talking about US export, not EU export (since Lotus is a US > >company). > > > > I was quoting from the Wassenaar Arrangement of > which the US is a signatory along with other non-EU countries. Nevertheless the US allow 1024 bit asymmetric key export. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From Brian.Randell@newcastle.ac.uk Mon, 7 Jun 1999 13:05:12 +0100 Date: Mon, 7 Jun 1999 13:05:12 +0100 From: Brian Randell Brian.Randell@newcastle.ac.uk Subject: Germany Frees Crypto Brian: I've just asked Ross whether he minds my circulating his response to your message of Sun, 6 Jun 1999 19:30:07 +0100 on this topic far and wide. Assuming he agrees, would you object to my including your message with it, to provide context? Cheers Brian Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK EMAIL = Brian.Randell@newcastle.ac.uk PHONE = +44 191 222 7923 FAX = +44 191 222 8232 URL = http://www.cs.ncl.ac.uk/~brian.randell/ From dave@xemu.demon.co.uk Mon, 7 Jun 1999 13:45:54 +0100 Date: Mon, 7 Jun 1999 13:45:54 +0100 From: Dave Bird dave@xemu.demon.co.uk Subject: Woods vs Chalef, High court on the Strand, 10am Tuesday. [copied to a couple of mailing-lists] Woods versus Chalef, the long-running libel case against the "Church" of $coentology, comes to trial on Tuesday; and the clams will cave in and ask for leave to apologise in open court. There will be a celeb- ration afterwards. Around 11:30 or noon we will be in the HOGGSHEAD (cross the road, a few yards rightwards, then continue down Essex St for about 20 yards). Given fair weather we may go for a meal at the pavilion in Lincolns Inn, i.e. 5 minutes walk back though the courts area. Regards, Dave. |~/ |~/ ~~|;'^';-._.-;'^';-._.-;'^';-._.-;'^';-._.-;||';-._.-;'^';||_.-;'^'0-|~~ P | Woof Woof, Glug Glug ||____________|| 0 | P O | Who Drowned the Judge's Dog? | . . . . . . . '----. 0 | O O | answers on *---|_______________ @__o0 | O L |{a href="news:alt.religion.scientology"}{/a}_____________|/_______| L and{a href="http://www.xemu.demon.co.uk/clam/lynx/q0.html"}{/a}XemuSP4(:) From nbohm@ernest.net Mon, 07 Jun 1999 15:52:23 +0100 Date: Mon, 07 Jun 1999 15:52:23 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: More on fortifying Lotus Notes At 10:41 AM 6/7/1999 +0100, Ben Laurie wrote: >Nicholas Bohm wrote: >> >> At 07:08 PM 6/4/1999 +0100, Paul Crowley wrote: >> >Ian BROWN writes: >> >> Paul Crowley wrote: >> >> >Is that because Lotus has been engineered such that it's harder to >> >> >reverse-engineer or modify? Because presumably if we could find >> >> >where the NSA's public key is stored in the binary, a Lotus-Fortify >> >> >program could replace it with a randomly-generated one for which the >> >> >private key has been discarded? >> >> >> >> "Playing hide and seek with stored keys" by Adi Shamir and Nicko van >> >> Someren describes how to use the high entropy of keys compared to >> >> program instructions and data to find an embedded key... >> >> >> >> http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf >> > >> >I've finally fetched and read this paper, and it seems to be pretty >> >straightforward to implement. A few questions: >> > >> >* What legal hurdles stand in the way of (a) using a bunch of tools to >> >search the binary files that come with Notes to find the embedded >> >public key, (b) publishing the key, and (c) writing a program to find >> >the key and scramble it? >> >> Check the terms of the Notes licence. Unless the licence imposes an >> explicit contractual prohibition, neither searching a file nor modifying it >> (manually or automatically) are copyright infringements. Publishing the >> key would be a copyright infringement; but why bother? >> >> Also check that the licence does not prohibit the user from modifying the >> program or running the program as modified. Users concerned about the risk >> of invalidating their Notes licences by making its encryption secure >> against the NSA may wish to raise the matter with Lotus. > >I thought that reverse engineering and modifying a program for the >benefit of the licence holder were specifically allowed, regardless of >licence? Not quite. Section 50B of the Copyright, Designs & Patents Act 1988, as amended by the Copyright (Computer Programs) Regulations 1992 in order to implement the Software Directive (Council Directive No 91/250/EEC), permits decompilation of a program if this is necessary in order to obtain information required in order to create an independent program which can be operated with the program to be decompiled. This is a fairly limited right of decompilation. It might apply in the present case if the fortifying program can be regarded as "an independent program which can be operated with the program to be decompiled"; but I wonder whether the fortifying program is really independent. Perhaps it is. Even so, this does not by itself permit Notes to be run in a modified form if this is prohibited by the licence terms. And section 50C, which permits modification, does not override a contrary licence term. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From whgiii@openpgp.net Mon, 07 Jun 1999 11:20:04 -0500 Date: Mon, 07 Jun 1999 11:20:04 -0500 From: William H. Geiger III whgiii@openpgp.net Subject: More on fortifying Lotus Notes -----BEGIN PGP SIGNED MESSAGE----- In <3.0.5.32.19990607155223.00948d20@mail.netkonect.co.uk>, on 06/07/99 at 03:52 PM, Nicholas Bohm said: >Not quite. Section 50B of the Copyright, Designs & Patents Act 1988, as >amended by the Copyright (Computer Programs) Regulations 1992 in order to >implement the Software Directive (Council Directive No 91/250/EEC), >permits decompilation of a program if this is necessary in order to >obtain information required in order to create an independent program >which can be operated with the program to be decompiled. >This is a fairly limited right of decompilation. It might apply in the >present case if the fortifying program can be regarded as "an independent >program which can be operated with the program to be decompiled"; but I >wonder whether the fortifying program is really independent. Perhaps it >is. >Even so, this does not by itself permit Notes to be run in a modified >form if this is prohibited by the licence terms. And section 50C, which >permits modification, does not override a contrary licence term. Well if you really want to put an end to the silliness of weak or backdoored crypto there is a direct way of doing so: hit them where it hurts; in the wallet. There are to legal principles that can be used to do so: #1 Most western countries have some type of consumer protection laws in place to protect consumers against defective products. By all current industry standards, a product that uses either weak "export" encryption or has crypto "backdoors" is defective. #2 Most western countries have criminal fraud statutes. If a software company markets & advertizes a software product as "secure" but uses weak "export" encryption or has crypto "backdoors" they have committed fraud. These two legal principles can be used to attack the software vendors both in the civil courts (#1) and in the criminal courts (#2). Export restrictions by the USG are not a defences for there actions. Imagine if instead of software we were talking about cars. All cars that Ford exports has the wheels fall off if the driver goes over 30kph. In addition to this Ford marketing advertizes the car as safe for driving at highway speeds. Would your courts allow the defence that the USG mandates it so it is ok? While IANAL, and do not know all the nuances of the European court systems, it seems like an open and shut case, and would put a quick end to the entire crypto export issue. PS: If one really wanted to have fun, name the USG as a criminal co-conspirator in the fraud case . - -- - --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii Hi Jeff!! :) - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i OS/2 for non-commercial use Comment: Registered_User_E-Secure_v1.1b1_ES000000 Charset: cp850 wnUDBQE3W/WX0fdTsSGZnTUBAfggAwC8Rt+sCYpTpgRINMYTjJ4Eo5mfoYlEHLZe HDAPgCQQ5CTglDKX4wVQOLC1FRRuttlvbzPEJiwQfp0jPb6z0qck90w/d1buEKTu b0b8Ps8rgysHNsrjINlDp1p5u6GMzUY= =He2z -----END PGP SIGNATURE----- From jei@zor.hut.fi Mon, 7 Jun 1999 20:39:06 +0300 (EEST) Date: Mon, 7 Jun 1999 20:39:06 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Technology a threat to right of privacy Silicon Valley Technology a threat to right of privacy Silicon Valley (Irish Times; 06/04/99) Last week, the US Congress requested that its intelligence services provide a detailed report about a global electronic eavesdropping system know as Echelon. They refused. Now congress is moving to make its request law. Echelon is just one of the emerging uses of technology that is eroding a basic human right, privacy. The system indiscriminately monitors satellite and Internet communications traffic using keyword searches in the case of e-mail, and scanning for certain telephone numbers in the case of mobile phones. The report was requested by Congress's House Committee on Intelligence and specifically asked that National Security Agency and the Central Intelligence Agency provide an account as to what legal standard they use to monitor US citizens. Another system, currently in the pipeline is EU's Enfopol, a specification that will provide European law enforcement officials with an electronic back door into the computer systems of Internet Service Providers and mobile telecommunications companies. Furthermore, later this year, the EU plans to introduce new encryption (a technology that scrambles data so that it cannot be read by eavesdroppers) legislation, which may affect people's right to exchange messages that cannot be read by law enforcement. Indeed, Internet and electronic privacy will be one of the biggest issues affecting citizens in the next century. Unfortunately law makers in Ireland, Europe and the US are staggeringly e naive about the effects these new laws, systems and so-called specifications will have on their future. The problem is one of ignorance. Law makers often don't understand technology and don't look far enough into the future to see how Internet and wireless communications will touch virtually every aspect of our lives in the not too distant future. But why the concern? Police and intelligence services are only trying to catch terrorist, criminals and child pornographers. True, if they are to catch these people they need to be able to track their movements, ensure that they are not shifting large amounts of money into offshore bank accounts and nip their next deadly or grossly illegal plans in the bud. Surely, you couldn't object to that? Unless, of course, you would object to passing a law that would enable police go through your credit-card receipts without a court order, tap your telephone at will and make a list of every place you visited, and every person you talked to without proper judicial control. Because that is what these systems allow. Increasingly people are buying goods and services on the Internet. This not only includes a novel from say, Amazon.com, but banking, share trading and even insurance services. Back-door access to mobile telephone records will not only provide access to conversations but pinpoint the location of the mobile phone and therefore its user. Furthermore, governments mistakenly believe that their judicial system will protect their citizens from abuses of these new methods of data collection and surveillance. However perhaps it's not just the local police force that should concern us, but the police force and intelligence agencies of foreign governments. Take the Echelon system, for example, it was established under the UKUSA agreement by the US's National Security Agency, and Britain's General Communications Headquarters to monitor the communications of the eastern bloc countries. While Echelon was designed as a system to monitor spies, according to a recent report prepared for the European Parliament's Scientific and Technology Options Assessment Panel there is evidence that member-countries also use the Echelon system for industrial espionage. The report states that British intelligence routinely collects information such as "company plans, telexes, faxes, and transcribed phone calls," and that the **NSA** provides weekly reports to the US department of commerce. The report recommends that Europe adopts strong encryption technology rather than restrict it and points out that it is the larger nations that have invested in spying activities, leaving smaller nations vulnerable. While few could object to these systems to apprehend criminals there needs to be awareness of exactly what powers they give governments and law enforcement. There also needs to be a way to ensure that they are being used correctly. It has taken centuries to gain the right to privacy, surely we should not throw it away so readily. From streaky_Bacon@email.msn.com Mon, 7 Jun 1999 11:26:25 +0100 Date: Mon, 7 Jun 1999 11:26:25 +0100 From: Michael Bacon streaky_Bacon@email.msn.com Subject: Germany Frees Crypto On Sunday, June 06, 1999 7:30 PM, Brian Gladman [SMTP:gladman@seven77.demon.co.uk] wrote: > From: John Young > To: > Sent: 03 June 1999 18:58 > Subject: Re: Germany Frees Crypto > > [snip] > > As someone working on an Echelon story asked elsewhere, just what > > strength of crypto can NSA crack these days. > > > > In my view this question has to be posed and answered carefully. The > reality is that most crypto cracks are not done by breaking the algorithms > but by exploiting weaknesses in their implementation. It fairly clear that > we are already using algorithms that would be way beyond NSA's ability to > break by brute force if they were implemented perfectly and operated in a > perfect environment. [snip -MB] > ... Governments > have learnt from a lot of practical experience how easy it is to undermine > algorithm security during implementation. The open world still has to learn > much of this. >From practical experience implementing crypto systems world-wide in the late 80s I fully agree with Brian's comment on the situation in the 'open world'. My experience was that: a) the design of many algorithms was such that they did not deliver the strength suggested by the key space available; b) their implementation in hardware (or software) did not always match the design - eg. a message encrypted using the supplier's model of the algorithm would not decrypt using the product (and v.v.); c) mechanisms for the automatic generation of keys did not check for 'weak keys'; d) the key management systems were relatively simple to compromise (even accidentally); e) implementation of the key management processes (by the users) was generally badly flawed (or quickly deteriorated) so as to expose old, current or new keys to simple examination. In a large commercial organisation I saw one 'secure modem' rack with the current keys (a) all the same, and (b) written on a 'yellow sticky' on the rack! > The open world still has to learn much of this. > I believe that this will happen at a rapidly increasing rate > so I don't think this advantage will last much more than a few more years > but it is there now and it means that key length just gives an unlikely > upper limit on the security that applications offer. Here I disagree with Brian. My experience is that companies tolerate security but don't appreciate it's value. Recently a major industrial name enquired of me about implementing e-mail security world-wide. On investigation I found that the same message would be sent by a number of different electronic media (e-mail, fax, telex, even telephone). They were only interested in securing e-mail and wanted to use encryption, I explained that replicating and sending the message in clear by other means in addition to e-mail made a nonsense of their case for encrypted e-mail and also compromised the security offered by the cyrpto system for non-replicated messages. Their reaction was one of disbelief and 'complete ignoral'. I pointed out that in many of their offices a single telephone line would carry e-mail (dial-up) telephone and fax and that it was trivial to tap telephones. This too was met with bland incredulity. Not too long ago in a South American country the MD of the operating compamy of a 'household name' insisted on installing a digitally encrypted telephone for his exclusive use. Of course, he wanted it in his office and was oblivious to the fact that it, and his conversations, would be compromised by 'bugging' his office (we took a large number of bugs out of his office during a sweep - and not just to prove our point!). He's probably still using it, and thinking that it's 'secure'! I don't think that the necessary improvement in procedures will be executed properly by everyone and properly maintained. There are two ends (at least) to a crypto communication, both need to be rigourous in their approach to crypto. In _big_ organisations (especially operating world-wide) that is close to impossible to achieve over any period after initial implementation and training - ask the auditors! "You can tell all of the people all of the time, but only some of them will listen and only some of the time. Fewer of them will obey even less of the time." From Q.G.Campbell@newcastle.ac.uk Mon, 7 Jun 1999 23:08:55 +0100 (GMT) Date: Mon, 7 Jun 1999 23:08:55 +0100 (GMT) From: Quentin Campbell Q.G.Campbell@newcastle.ac.uk Subject: ATM scam An aquaintance of ours recently lost 600 pounds through unauthorised withdrawls from ATMs. It transpires that 200 pounds was withdrawn each day from her account over the Bank Holiday weekend. She had previously used her card in an ATM at a local supermarket just before the Bank Holiday. I understand that there has been a spate of similar thefts of card info recently by tampering with the ATM in such a way that card details and PIN can be recorded remotely. Does anyone have any further information on the technique(s) used? Are ATMs in bank lobbies less vulnerable? Is this another example of a poorly implemented security system (ref. Brian Gladman and others) or is this classed as a different type of failure? The other interesting feature of this incident is that the bank appears to be up-front about what has been going on. There has been no attempt to hide the fact that other customers have been stung in a similar way recently and it has even given some details on how the scam operates. It was the garbled version that I got that has prompted this posting. The bank appears to be responding rapidly to restore the accounts affected (and presumably their customers' confidence in the bank). The bank involved was Lloyds-TSB. Are UK banks' ATMs all of very similar technology and security features or are some more vulnerable than others to the sort of tampering that appears to have gone on here? Just curious since we also are with Lloyds-TSB. :-( Quentin From whgiii@openpgp.net Tue, 08 Jun 1999 01:56:48 -0500 Date: Tue, 08 Jun 1999 01:56:48 -0500 From: William H. Geiger III whgiii@openpgp.net Subject: More on fortifying Lotus Notes -----BEGIN PGP SIGNED MESSAGE----- In <87emjpxbd1.fsf@hedonism.demon.co.uk>, on 06/06/99 at 10:33 PM, Paul Crowley said: >lists@notatla.demon.co.uk writes: >> The session-key leakage is 24 bits (2^24=16777216). If the same bogus >> public key gets into wide circulation among L-Fortify users then the >> NSA only has to compute 2^24 encryptions with that key and they are in >> a position about as good as they already have. This is a lookup table >> that can be stored on a single disk even if it is stored in full which >> should not be necessary. >Happily, those 24 bits are padded with random data before encryption to >prevent just such an attack. The padding is sent encrypted so the WRF >can be checked on receipt. >I don't have the skills for poring through binaries reversing tests. >Crackers who strip copy-protection mechanisms get very good at this sort >of thing, though programmers are also getting good at making the >cracker's job harder with some obfuscation tricks. If there's code for >checking the integrity of the public key, I'm going to be straight out of >my depth. >Can anyone think of a way of confirming a guess at which bit of the >binary might be the public key more efficient than changing it and seeing >what breaks? Notes is so full of bugs that it would be hard to tell >whether a particular change had introduced one. Where might I find >documentation of the Notes encrypted message format such that I can see >whether a given change affects the WRF? While this seems like an interesting project, whouldn't the user community be better served if one just wrote a PGP plug-in for Notes? I am not a Notes user so I am not sure if we are talking document encryption or client/server communication encryption. If it is the second, a ssh tunnel should work. - -- - --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii Hi Jeff!! :) - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i OS/2 for non-commercial use Comment: Registered_User_E-Secure_v1.1b1_ES000000 Charset: cp850 wnUDBQE3XL+p0fdTsSGZnTUBAcNFAv0VuwNidJrBzWalB/hYZ6HthrfFE1HFn7Go yfA6btF9L7UBWQH3muEeXiIrmQ89J3jjvFuGwysc9q/ivqCePcOqJde9qikqzDQe ONxlsGUmyxBJ3w9KBWvrnFuKyfVVLmM= =qEIL -----END PGP SIGNATURE----- From gladman@seven77.demon.co.uk Tue, 8 Jun 1999 08:55:55 +0100 Date: Tue, 8 Jun 1999 08:55:55 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Germany Frees Crypto From: Michael Bacon To: Sent: 07 June 1999 11:26 AM Subject: RE: Germany Frees Crypto [snip] > > The open world still has to learn much of this. > > I believe that this will happen at a rapidly increasing rate > > so I don't think this advantage will last much more than a few more years > > but it is there now and it means that key length just gives an unlikely > > upper limit on the security that applications offer. > > Here I disagree with Brian. My experience is that companies tolerate > security but don't appreciate it's value. Recently a major industrial name > enquired of me about implementing e-mail security world-wide. On > investigation I found that the same message would be sent by a number of > different electronic media (e-mail, fax, telex, even telephone). They > were only interested in securing e-mail and wanted to use encryption, I > explained that replicating and sending the message in clear by other means > in addition to e-mail made a nonsense of their case for encrypted e-mail > and also compromised the security offered by the cyrpto system for > non-replicated messages. Their reaction was one of disbelief and 'complete > ignoral'. I pointed out that in many of their offices a single telephone > line would carry e-mail (dial-up) telephone and fax and that it was trivial > to tap telephones. This too was met with bland incredulity. > I agree with you here - maybe my original post was badly worded. What I meant was that the open world will increasingly discover the ***technical*** implementation requirements that need to be met if an application that relies on cryptography is to achieve the level of security provided by the underlying algorithm(s). However, I am doubtful that this will change things much since thee needs to be pressure from consumers before companies will be prepared to make these quite substantial investments. I agree completely that there is the much wider issue of educating users since it is only too obvious from even Enigma, 50+ years ago, that a superhuman effort by designers can be thrown away in an instant by just one or two lapses in security in operational use. You are right - until the community at large values security and privacy, we will not have any. Brian From Ross.Anderson@cl.cam.ac.uk Tue, 08 Jun 1999 10:22:21 +0100 Date: Tue, 08 Jun 1999 10:22:21 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: ATM scam > Does anyone have any further information on the technique(s) used? `Why Cryptosystems Fail' - http://www.cl.cam.ac.uk/ftp/users/rja14/wcf.ps.gz > The other interesting feature of this incident is that the bank appears > to be up-front about what has been going on. Enough people have gone to jail for ATM fraud by now that the old defence of `our systems are infallible' won't work. Preumably that's why we now need an electronic commerce bill to give a `rebuttable presumption of validity' to digital signatures :-) > Are UK banks' ATMs all of very similar technology and security features Yes, they have to be to network > or are some more vulnerable than others Also yes, since the managers at some banks are vastly less clueful than at others :-) Ross From Ross.Anderson@cl.cam.ac.uk Tue, 08 Jun 1999 11:46:27 +0100 Date: Tue, 08 Jun 1999 11:46:27 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: ATM scam For the sake of the postscript-challenged I've manufactured an html version of `Why Cryptosystems Fail'. It's at http://www.cl.cam.ac.uk/users/rja14/wcf.html Ross From aba@dcs.ex.ac.uk Sun, 6 Jun 1999 20:45:13 +0100 Date: Sun, 6 Jun 1999 20:45:13 +0100 From: Adam Back aba@dcs.ex.ac.uk Subject: More on fortifying Lotus Notes Ant writes: > The session-key leakage is 24 bits (2^24=16777216). If the same > bogus public key gets into wide circulation among L-Fortify users > then the NSA only has to compute 2^24 encryptions with that key and > they are in a position about as good as they already have. This is > a lookup table that can be stored on a single disk even if it is > stored in full which should not be necessary. There is also a salt -- the random padding inside the RSA encryption. That would prevent pre-computation. Adam From dwadsw@etna.demon.co.uk Tue, 8 Jun 1999 17:21:49 +0100 Date: Tue, 8 Jun 1999 17:21:49 +0100 From: David Wadsworth dwadsw@etna.demon.co.uk Subject: ATM scam In article , Quentin Campbell writes >An aquaintance of ours recently lost 600 pounds through unauthorised >withdrawls from ATMs. It transpires that 200 pounds was withdrawn each day >from her account over the Bank Holiday weekend. She had previously used >her card in an ATM at a local supermarket just before the Bank Holiday. > >I understand that there has been a spate of similar thefts of card info >recently by tampering with the ATM in such a way that card details and PIN >can be recorded remotely. Does anyone have any further information on the >technique(s) used? Are ATMs in bank lobbies less vulnerable? > There were reports on this in the papers last week (I believe it was somewhere in the Times). It was what I like to call the 'Machine in the Middle' attack. A false front was installed over the front of the ATM, which intercepted and recorded the card details and the PIN numbers via a superimposed keyboard and magnetic card reader. The thieves chose Supermarket locations, and the Bank Holiday, when people were in a hurry, and weren't likely to ask questions about why the ATM had changed its external appearance. Also being a Bank holiday, large amounts of cash could then be withdrawn without arousing suspicion, and without the victims noticing the transactions until it was too late. I can think of a few ways to defeat this attack, but they cost money, so they probably won't be implemented. The ATM could be modified to detect any overlay, using one or more photo cells or capacitive detectors. It might also be possible to project an external magnetic field around the card slot, to mess up any attempts to read the card externally, although this couldn't be too strong or it would delete info on the card. Perhaps a mu-metal extension to the card slot would hamper the thieves. The better crypto solution would be to use a smart card and a challenge- response protocol which didn't betray any information to an eavesdropping third party. Cheers -- David Wadsworth | Tonto.... I've got a feeling we're not in Kansas dwadsw@etna.demon.co.uk | anymore .....The Lone Ranger of Oz From lawya@lucs-01.novell.leeds.ac.uk Tue, 8 Jun 1999 18:34:56 +0000 Date: Tue, 8 Jun 1999 18:34:56 +0000 From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: New EPIC Crypto report is available Cryptography and Liberty 1999 An International Survey of Encryption Policy Electronic Privacy Information Center Washington, DC is now available through http://www.epic.org/reports/crypto1999.html Executive Summary Most countries in the world today have no controls on the use of cryptography. In the vast majority of countries, cryptography may be freely used, manufactured, and sold without restriction. This is true for both leading industrial countries and for developing countries. There is a movement towards international relaxation of regulations relating to encryption products, coupled with a rejection of key escrow and recovery policies. Many countries have recently adopted policies expressly rejecting requirements for key escrow systems and a few countries, most notably France, have dropped their escrow systems. There are a small number of countries where strong domestic controls on the use of cryptography exist. These are mostly countries where human rights command little respect. Recent trends in international law and policy point toward continued relaxation of controls on cryptography. The Organization for Economic Cooperation and Development's Cryptography Policy Guidelines and the Ministerial Declaration of the European Union, both released in 1997, argue for the liberalization of controls on cryptography and the development of market-based, user driven cryptography products and services. There is a growing awareness worldwide of encryption and an increasing number of countries have developed policies, driven by the OECD guidelines. Export controls remain the most powerful obstacle to the development and free flow of encryption. The revised December 1998 Wassenaar Arrangement may roll back some of the liberalization sought by the OECD, particularly by restricting the key lengths of encryption products that can be exported without approval licenses. However, several major countries have already indicated that they do not plan to adopt new restrictions. The United States government continues to lead efforts for encryption controls around the world. The U.S. government has exerted economic and diplomatic pressure on other countries in an attempt to force them into adopting restrictive policies. The U.S. position may be explained, in part, by the dominant role that national intelligence and federal law enforcement agencies hold in the development of encryption policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mr. Yaman Akdeniz, Director, Cyber-Rights & Cyber-Liberties (UK) URL: http://www.cyber-rights.org E-mail: lawya@cyber-rights.org Read the CR&CL (UK) Reports at: http://www.cyber-rights.org/reports/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From alan@kable.co.uk Wed, 9 Jun 1999 10:16:58 +0100 Date: Wed, 9 Jun 1999 10:16:58 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: ATM scam Quentin Campbell writes > >I understand that there has been a spate of similar thefts of card info >recently by tampering with the ATM in such a way that card details and PIN >can be recorded remotely. Does anyone have any further information on the >technique(s) used? Are ATMs in bank lobbies less vulnerable?=20 My wife's personal experience from yesterday, at a legit bank machine (installed in a railway station) in south-east London: She took out = =A350. The printed slip which emerged immediately afterwards showed =A3100. The = person next in the queue got a slip showing someone else's balance. The = machine then closed down. My wife complained to our bank manager (at the = nearest branch, about a mile away): the machine was reprinting skips from old transactions, he said, and the slip she'd been issued referred to = someone else's account - he pointed out the abbreviated account number on the = slip, showing that it was another account, and confirmed on the bank's = computer system that the right deduction had been made.=20 He called the printing of other people's slips a "backing up process". Curious way of backing up your data, I'd have thought: spilling it out = onto a railway station. Obvious security (indeed, data protection) worries = here which others are better qualified to shout about. The bank manager was, he said, getting three or four complaints a day = about this machine - the busiest in the area. The bank aimed for its machines = to be working 95% of the time. This one struggled to make 90% - though = that's a separate concern from security worries. That's just bloody = inconvenience. (And, in case any bank people are reading this, I expect it is a clear contravention of the Data Protection Act to try to match up my name at = the foot of this e-mail with any accounts you might hold to try to identify = the bank and the manager in question - so watch it!)=20 Nevertheless, if Quentin wants to follow up, he should get in touch separately. - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July=20 Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 = 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at=20 http://www.streetmap.co.uk/streetmap.dll?grid2map?X=3D531650&Y=3D181750&= arrow=3DY From ptemple@onlinemagic.com Fri, 04 Jun 1999 15:14:54 +0100 Date: Fri, 04 Jun 1999 15:14:54 +0100 From: Phillip Temple ptemple@onlinemagic.com Subject: Germany Frees Crypto At 12:43 PM 6/4/99 +0300, Putrefied Cow wrote: > >BTW, A long time ago in Finland, I remember reading that the GSM >phones could have had strong enough crypto that the NSA couldn't >crack it, and that because of it the UKUSA forced Nokia's hand and >made them adopt a weak crypto that is easily cracked. > >So essentially now every GSM phone is insecure as they can be >listened into from spy-satellites. The original specs for GSM had strong crypto. From the previous discussions I remember, it was rather a case of different national interests having different agendas re: eavesdropping. I don't think it applied to any one manufacturer, it was rather across the board. Hence handsets sold to different nations had different levels of being crippled (by blanking xxx of the top bits of the key). There was also the story of the Sicily Mafia buying German mobile phones to stop the Italian law enforcement from listening in. I'm sure someone can come up with more accurate details than my vague recollections. The UKUSA alliance probably also had a hand in these dealings? Phillip. From waste@zor.hut.fi Fri, 4 Jun 1999 17:18:10 +0300 (EEST) Date: Fri, 4 Jun 1999 17:18:10 +0300 (EEST) From: Putrefied Cow waste@zor.hut.fi Subject: [IWAR] CRYPTO Germany Endorses Strong Crypto (fwd) Sorry about forwarding. ---------- Forwarded message ---------- Date: Thu, 3 Jun 1999 21:29:52 -0700 (PDT) From: 7Pillars Partners Reply-To: iwar@sirius.infonex.com To: g2i list , IWAR list Subject: [IWAR] CRYPTO Germany Endorses Strong Crypto Germany Endorses Strong Crypto Wired News Report 5:20 p.m. 3.Jun.99.PDT In an apparent response to corporate spying allegedly conducted in Europe by the United States, Germany is encouraging citizens and businesses to use strong cryptography. "[Germany] considers the application of secure encryption to be a crucial requirement for citizens' privacy, for the development of electronic commerce, and for the protection of business secrets," reads a translated version of a policy framework document released Wednesday by Germany's Federal Department of Business and Technology (BMWI). "The federal government will therefore actively support the distribution of secure encryption. This includes in particular increasing the security consciousness of citizens, business, and administration." Australia recently became the first nation to admit it participates in Echelon, a previously secret global surveillance network capable of intercepting electronic communications anywhere in the world. Echelon is said to be principally operated by the United States' National Security Agency and its UK equivalent, the Government Communications Headquarters. In addition to Australia, the system relies on cooperation with other signals-intelligence agencies in Canada and New Zealand. Earlier this month, UK investigative journalist Duncan Campbell submitted Interception Capabilities 2000, his report on Echelon, to the European Parliament's Science and Technology Options Assessment Panel. Campbell had been asked to investigate the system in the wake of charges made last year in the European Parliament that Echelon was being used to funnel European government and industry secrets into US hands. In the wake of the report, the Australian government confirmed the Echelon alliance to media in follow-up interviews. Though Wednesday's German government statement does not mention Echelon, the document alludes to the specter of industrial espionage. "For reasons of national security, and the security of business and society, the federal government considers the ability of German manufacturers to develop and manufacture secure and efficient encryption products indispensable," the statement said. The government added that it would take additional measures to strengthen its domestic crypto software industry. The policy also cautioned that while encryption may be used to criminal ends, the need to protect electronic commerce overrides any such concerns. The department said it would prepare and release a report on the criminal uses of cryptography within two years. The US government restricts the export of strong crypto on the grounds that it might be used by terrorists and hostile nations to conceal communications. From waste@zor.hut.fi Fri, 4 Jun 1999 17:34:47 +0300 (EEST) Date: Fri, 4 Jun 1999 17:34:47 +0300 (EEST) From: Putrefied Cow waste@zor.hut.fi Subject: God Save the Keys God Save the Keys June 03, 1999 The United States may have been the first country to guarantee its citizens freedom of speech, but when it comes to guaranteeing private speech in the digital age, jolly old England may be one step ahead. Unlike its U.S. Justice Department counterpart, the United Kingdom's Home Office recently softened its position on requiring companies that use strong encryption to deposit a copy of their "keys" with an agency of the government or a "trusted" third party. Last week, while in London, I was briefed by a Home Office representative about the agency's change of heart in this classic battle between law enforcement's desire to catch bad guys and British subjects' right to communicate in privacy. Just as in the United States, British law-enforcement officials and businesses have locked horns over the issue of encryption. Companies that do business over the Internet insist they must be able to use the strongest encryption available and that they--not any government--should decide who keeps the keys to unlock that data. The Clinton administration and its counterparts in the United Kingdom have long argued that the government needs the ability to access a "key" to privately encrypted messages. They argue that this allows warrant-wielding law-enforcement officials to fight crime by breaking the encrypted code of terrorists, pedophiles and other criminals. The FBI remains steadfast in its pursuit of the right to peer into your data, regardless of whether you're suspected of breaking the law. But the U.K.'s Home Office is expected to announce later this week that it has given up in its efforts to require British subjects--even suspected criminals--to turn over their encryption keys to the government, third parties or law-enforcement officials. The new proposal is an amendment to a March proposal disseminated by the Department of Trade and Industry. Under the March proposal, users weren't required to deposit keys into escrow, but they would be forced to turn over keys when so ordered by a court. Even that somewhat more liberal procedure, however, could jeopardize a company's security, because it could reveal codes that could be used to decipher other encrypted data that wasn't the subject of the court order. The new proposal, which has not yet been presented to Parliament, wouldn't require any disclosure of encryption keys, just a legible copy of encrypted material. Rather than ask for the combination to a suspected criminal's safe, the government would require the criminal to open the safe and turn over a copy of whatever the government wanted to see. Failure to comply with a lawful order could result in a two-year prison sentence. It will call for penalties to individuals who refuse to turn over legible copies of suspected data when presented with a warrant or court order. Cyberlibertarians Although the proposal falls short for cyberlibertarians on both sides of the Atlantic, it's a move in the right direction from British officials' previous demands and the tactics promulgated by the Clinton administration. Shari Steele, Staff Counsel for the Electronic Frontier Foundation agrees that the British proposal is a "step in the right direction" but feels that it falls short of what is needed to assure secure communications in the digital age. "We don't like the idea of making encryption a greater crime," she says. Today, even if you're handed a search warrant in the United States or Britain, "you're not required to open the safe." If the police want to break it open, that's one thing, but with encryption, "they want their job to be easier." Steele's arguments are consistent with the EFF's strong support of civil liberties in cyberspace, yet I can understand where law enforcement is coming from in its desire to have tools that can break down the digital safes of suspected criminals. Cops (and bobbies) are afraid criminals will gain the upper hand if they are able to use encryption to make it virtually impossible for law enforcement to gather the evidence needed to prosecute crimes. Yet, one of the greatest crimes I can imagine is one that would undermine freedom of speech. True, the First Amendment is a U.S. ordinance, but the British adopted many of the same concepts once they became a constitutional monarchy. I've always felt that if one is to err, it's better to err on the side of freedom. Nevertheless, the Brits may be onto something. By focusing on the data of suspected criminals rather than the keys of legitimate businesses, they are at least putting the onus where it belongs. While it may not be enough, it's a significant step in the right direction. From jei@zor.hut.fi Fri, 4 Jun 1999 19:25:26 +0300 (EEST) Date: Fri, 4 Jun 1999 19:25:26 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Germany Frees Crypto On Thu, 3 Jun 1999, David Hayes wrote: > Who would have thought that ECHELON would turn out to be a program to > improve civil liberties? Well, I did for one. Let's just hope it doesn't stop with Germany. Keep publishing more reports and information about Echelon! ;-) Even if most governments don't care about civil liberties, they do care about economic espionage and the fact that they are losing billions of dollars to US if they don't protect themselves and their citizens from their spy-systems. Which means, that governments will have to get their citizens to use crypto and spook-secure systems. :-) National crypto-industries can expect huge benefits the better these facts about echelon spying are conveyed and presented to the local governments. ++ J From jei@zor.hut.fi Mon, 7 Jun 1999 20:39:06 +0300 (EEST) Date: Mon, 7 Jun 1999 20:39:06 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Technology a threat to right of privacy Silicon Valley Technology a threat to right of privacy Silicon Valley (Irish Times; 06/04/99) Last week, the US Congress requested that its intelligence services provide a detailed report about a global electronic eavesdropping system know as Echelon. They refused. Now congress is moving to make its request law. Echelon is just one of the emerging uses of technology that is eroding a basic human right, privacy. The system indiscriminately monitors satellite and Internet communications traffic using keyword searches in the case of e-mail, and scanning for certain telephone numbers in the case of mobile phones. The report was requested by Congress's House Committee on Intelligence and specifically asked that National Security Agency and the Central Intelligence Agency provide an account as to what legal standard they use to monitor US citizens. Another system, currently in the pipeline is EU's Enfopol, a specification that will provide European law enforcement officials with an electronic back door into the computer systems of Internet Service Providers and mobile telecommunications companies. Furthermore, later this year, the EU plans to introduce new encryption (a technology that scrambles data so that it cannot be read by eavesdroppers) legislation, which may affect people's right to exchange messages that cannot be read by law enforcement. Indeed, Internet and electronic privacy will be one of the biggest issues affecting citizens in the next century. Unfortunately law makers in Ireland, Europe and the US are staggeringly e naive about the effects these new laws, systems and so-called specifications will have on their future. The problem is one of ignorance. Law makers often don't understand technology and don't look far enough into the future to see how Internet and wireless communications will touch virtually every aspect of our lives in the not too distant future. But why the concern? Police and intelligence services are only trying to catch terrorist, criminals and child pornographers. True, if they are to catch these people they need to be able to track their movements, ensure that they are not shifting large amounts of money into offshore bank accounts and nip their next deadly or grossly illegal plans in the bud. Surely, you couldn't object to that? Unless, of course, you would object to passing a law that would enable police go through your credit-card receipts without a court order, tap your telephone at will and make a list of every place you visited, and every person you talked to without proper judicial control. Because that is what these systems allow. Increasingly people are buying goods and services on the Internet. This not only includes a novel from say, Amazon.com, but banking, share trading and even insurance services. Back-door access to mobile telephone records will not only provide access to conversations but pinpoint the location of the mobile phone and therefore its user. Furthermore, governments mistakenly believe that their judicial system will protect their citizens from abuses of these new methods of data collection and surveillance. However perhaps it's not just the local police force that should concern us, but the police force and intelligence agencies of foreign governments. Take the Echelon system, for example, it was established under the UKUSA agreement by the US's National Security Agency, and Britain's General Communications Headquarters to monitor the communications of the eastern bloc countries. While Echelon was designed as a system to monitor spies, according to a recent report prepared for the European Parliament's Scientific and Technology Options Assessment Panel there is evidence that member-countries also use the Echelon system for industrial espionage. The report states that British intelligence routinely collects information such as "company plans, telexes, faxes, and transcribed phone calls," and that the **NSA** provides weekly reports to the US department of commerce. The report recommends that Europe adopts strong encryption technology rather than restrict it and points out that it is the larger nations that have invested in spying activities, leaving smaller nations vulnerable. While few could object to these systems to apprehend criminals there needs to be awareness of exactly what powers they give governments and law enforcement. There also needs to be a way to ensure that they are being used correctly. It has taken centuries to gain the right to privacy, surely we should not throw it away so readily. From alan@kable.co.uk Wed, 9 Jun 1999 10:16:58 +0100 Date: Wed, 9 Jun 1999 10:16:58 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: ATM scam Quentin Campbell writes > >I understand that there has been a spate of similar thefts of card info >recently by tampering with the ATM in such a way that card details and PIN >can be recorded remotely. Does anyone have any further information on the >technique(s) used? Are ATMs in bank lobbies less vulnerable?=20 My wife's personal experience from yesterday, at a legit bank machine (installed in a railway station) in south-east London: She took out = =A350. The printed slip which emerged immediately afterwards showed =A3100. The = person next in the queue got a slip showing someone else's balance. The = machine then closed down. My wife complained to our bank manager (at the = nearest branch, about a mile away): the machine was reprinting skips from old transactions, he said, and the slip she'd been issued referred to = someone else's account - he pointed out the abbreviated account number on the = slip, showing that it was another account, and confirmed on the bank's = computer system that the right deduction had been made.=20 He called the printing of other people's slips a "backing up process". Curious way of backing up your data, I'd have thought: spilling it out = onto a railway station. Obvious security (indeed, data protection) worries = here which others are better qualified to shout about. The bank manager was, he said, getting three or four complaints a day = about this machine - the busiest in the area. The bank aimed for its machines = to be working 95% of the time. This one struggled to make 90% - though = that's a separate concern from security worries. That's just bloody = inconvenience. (And, in case any bank people are reading this, I expect it is a clear contravention of the Data Protection Act to try to match up my name at = the foot of this e-mail with any accounts you might hold to try to identify = the bank and the manager in question - so watch it!)=20 Nevertheless, if Quentin wants to follow up, he should get in touch separately. - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July=20 Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 = 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at=20 http://www.streetmap.co.uk/streetmap.dll?grid2map?X=3D531650&Y=3D181750&= arrow=3DY From andreas@andreas.org 09 Jun 1999 18:27:10 +0200 Date: 09 Jun 1999 18:27:10 +0200 From: Andreas Bogk andreas@andreas.org Subject: Germany Frees Crypto Phillip Temple writes: > Hence [GSM] handsets sold to different nations had different levels of > being crippled (by blanking xxx of the top bits of the key). There The number of blanked keybits is 10, and is not dependent of the handset, but of the implementation of the authentication algorithms A3/A8 in the SIM chipcard and the Authentication center of the network provider. I haven't seen a single provider who didn't cripple the keylength. Andreas -- Reality is two's complement. See: ftp://ftp.netcom.com/pub/hb/hbaker/hakmem/hacks.html#item154 From daw@cs.berkeley.edu 9 Jun 1999 18:15:35 -0700 Date: 9 Jun 1999 18:15:35 -0700 From: David Wagner daw@cs.berkeley.edu Subject: Germany Frees Crypto In article <199906041415.PAA09095@onlinemagic.com>, Phillip Temple wrote: > The original specs for GSM had strong crypto. From the previous > discussions I remember, it was rather a case of different national > interests having different agendas re: eavesdropping. I don't think > it applied to any one manufacturer, it was rather across the board. > Hence handsets sold to different nations had different levels of > being crippled (by blanking xxx of the top bits of the key). There > was also the story of the Sicily Mafia buying German mobile > phones to stop the Italian law enforcement from listening in. Interesting. It seems to work a little differently now. Today, you get three choices: semi-weak-ish (54-bit A5/1), very-weak (54-bit A5/2), or cleartext (A5/0). The only variation in security is in the choice of algorithm, not in how many bits of the key are zeroed. Export controls on base stations are used to control which countries get which algorithm. Every modern GSM handset supports all three algorithms (I believe). Everyone that I know of seems to be uniformly blanking the top 10 bits, and no more. I think it should, in principle, be possible for providers to weaken targeted users by fixing more bits of the key (if they modify both the HLR _and_ the user's SIM), but I don't know of anyone who is doing this. If you know of any exceptions to this rule, I would be interested in hearing more information... From Ross.Anderson@cl.cam.ac.uk Thu, 10 Jun 1999 09:28:24 +0100 Date: Thu, 10 Jun 1999 09:28:24 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: ATM scam Alan Burkitt-Gray wrote: > he pointed out the abbreviated account number on the slip, > showing that it was another account, ... Isn't it time, Alan, that you started to alert your government readers to the consumer issues that arise if there is suddenly a `rebuttable presumption of validity' for electronic transactions, thanks to the new e-commerce bill? The furore over `phantom withdrawals' that happened in the early 90's looks certain to be repeated, to the great embarrassment of ministers. Then we can go on to talk about the safety issues of the NHS network ... :-) Ross From Q.G.Campbell@newcastle.ac.uk Thu, 10 Jun 1999 10:46:09 +0100 (GMT) Date: Thu, 10 Jun 1999 10:46:09 +0100 (GMT) From: Quentin Campbell Q.G.Campbell@newcastle.ac.uk Subject: ATM scam Security would be easy if humans were not involved. Bank card security: the good, the bad and the inconvenient... Good: our bank adds my photo and my signature. Bad: our bank contrived to issue duplicate Debit cards to a large group of customers who were due for renewal in May. No warning was subsequently issued to explain or ask us to check whether both were received. Inconvenient: our bank changes the PAN on each card when it re-issues them. It does this, it says, to "protect us from fraud". The change has no practical impact on my use of the card but is inconvenient because I have to notify "Card Safe" (cf "Sentinel", etc) of the new PAN. The bank will consider doing this on my behalf in future as part of the service. I have made this posting because I am slightly embarrassed at being annoyed by a security feature (the PAN change) that is carried out for my protection. As Brian Gladman, Ross Anderson and others point out, security measures cannot work unless they are operated correctly; no short cuts because the procedures are "inconvenient". However is this realistic within the consumer environment? It seems to me that banks and other commercial organisations still have a lot to learn about the behaviour of their customers. :-( Quentin -- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------- "Any opinions expressed above are mine. The University can get its own." From alecm@coyote.UK.Sun.COM Thu, 10 Jun 1999 11:36:23 +0100 Date: Thu, 10 Jun 1999 11:36:23 +0100 From: Alec Muffett alecm@coyote.UK.Sun.COM Subject: BP Item on the "Today" programme on Radio4 just before 9am this morning, saying that Bletchley Park has been "saved for the nation", with some comment from a Government type en-route to BP, and a chat with one of the BP Trust executives. Apparently they're not getting Govt money, but they *are* getting the land... Does anyone have any more information? - alec From Ian_Miller@scientia.com Thu, 10 Jun 1999 12:02:46 +0100 Date: Thu, 10 Jun 1999 12:02:46 +0100 From: Ian Miller Ian_Miller@scientia.com Subject: Debit Cards (was: RE: ATM scam) At 10:46 10/06/99 +0100, you wrote: >Security would be easy if humans were not involved. Bank card security: >the good, the bad and the inconvenient... > There is another way in which human failings render debit-card horribly insecure. The shop assistant almost never checks that the number on the slip being signed matchs the number on the card. This is the only check that the card is not a trivial clone, i.e. a card with some else's debit card details written onto the magentic strip. The viability of this method of fraud was proven by an investigation for German TV. They wrote the details of one of the journalists on the debit-card of a German lady shopaholic who had had all her cards withdrawn. They did this with kit available from a high-street computer shop. They sent her shopping and filmed her having no problem at all using the card all over town. This is very worrying especially in view of the proposed `rebuttable presumption of validity'. Personally I refuse to have a debit-card at all for this reason. To date I have considered credit cards adequately safe because I can refuse (and have refused) to pay the bill when necessary. However with a proposed 'presumption', it will make credit cards much more dangerous. Ian From gladman@seven77.demon.co.uk Thu, 10 Jun 1999 12:09:44 +0100 Date: Thu, 10 Jun 1999 12:09:44 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Germany Frees Crypto >From: Nigel Hickson >To: >Cc: Cryptography List >Sent: 03 June 1999 22:20 PM >Subject: Re: Germany Frees Crypto > >Colleagues > >Many thanks for translation; saves the DTI purse. Policy > very similar to ours (DTI). In some respects I think Nigel is right to suggest that the German crypto policy announcement contains some elements that mirror aspects of UK policy. At the same time, however, any objective assessment of the German announcement, including its general tone and many of its details, gives a somewhat different perspective and suggests that there are a number of significant differences that cannot easily be dismissed. I would cite the following extracts from the english translation of the German text as evidence of clear differences between the UK and the German positions (I omit discussion of areas of similarity). --------------------- "The Federal Government has no intention of restricting the free availability of encryption products in Germany. It regards the use of secure encryption as a decisive prerequisite for data protection for the public, for the development of electronic business transactions and for the protection of company secrets. The Federal Government will thus actively support the spread of secure encryption in Germany. This particularly includes the promotion of security-consciousness among the public, in the economy and in the administration." Firstly, it is significant that the there is immediate recognition of the central importance of encryption for "data protection for the public", something that the UK government has consistently failed to do in its own encryption policy. The German text clearly recognises the ***public*** interest - the best we have out of the UK government is to recognise the ***business*** interest. If anyone doubts this difference, look at the groups consulted in the study prior to the publication of the PIU report on "Encryption and Law Enforcemen t". Of course the reasons for this are obvious - Germany sees Echelon as a threat whereas we (that is the UK government) sees it as an asset. This policy difference, and the reasons for it, could hardly be more transparent. Duncan Campbell and the European Parliament have done a good job here. Secondly, we can see from the text that the German government will ***actively support*** the spread of secure encryption in Germany. This is the exact opposite of UK government policy as I understand it. So Nigel, could you please obtain a public statement, from an appropriate UK government minister, announcing that it is now UK government policy "TO ACTIVELY SUPPORT THE SPREAD OF SECURE ENCRYPTION IN THE UK". I and many others on this list would welcome such a statement, which I assume should now be possible if you are right about the similarity of UK and German positions. After all, it would hardly be accurate to suggest that the two policies are similar if one actively supports the widespread deployment of encryption while the other actively discourages it. --------------------- "The use of cryptographic procedures is extremely important for efficient technical crime prevention. This applies both to guaranteeing the authenticity and integrity of data traffic and to protecting confidentiality." This is a statement of the ***benefits*** of encryption in combating crime, something that never gets the coverage it deserves in UK government policy (I accept that it is not completely absent). --------------------- "To date, the abuse of encryption technologies in Germany has not caused any serious problems in the process of criminal prosecution. However, this fact cannot be used to make a forecast for the future." This is a much more honest assessment of the law enforcement problem posed by encryption than has ever appeared in any UK policy statements. It is quite obvious to anyone who studies these issues that encryption does not pose any serious threat to current law enforcement activities in the UK. The policy here is at very most a reaction to a perceived ***future threat***, which our civil servants continuously attempt to justify with what Nicholas Bohm rightly characterises as 'dodgy statistics' in order to suggest that this is a current and 'urgent' problem. It isn't. In contrast the German position is honest and straightforward - "its not a problem now, but it might be in future, and if this proves to be the case we may ***then*** have to take action". This is exactly the policy that I and many others suggested almost three years ago in response to the first round of UK policy deliberations. --------------------- "3. For reasons relating to the security of the state, the economy and society, the Federal Government considers it indispensable that German manufacturers be capable of developing and manufacturing secure and powerful encryption products. It will take steps to improve the international competitiveness of this sector." Germany will provide strong encryption products for the international market. Not exactly a ringing endorsement of Wassenaar and a clear indication that Germany will join the growing group of nations that will seek to remove export controls on cryptographic products. Many are surprised at the way the US (and the UK) have been able to dupe their European partners into applying crypto export controls that are actually being used to their disadvantage. Given that these nations must have known about Echelon for many years before it became public knowledge, it is not obvious why the changes in encryption policy made by France, Germany and other non-Echelon nations have taken so long. The answer is very complex but it boils down to a battle in each country between two lobbies within government - the 'crypto-averse' intelligence community and the 'crypto-friendly' information (and information infrastructure) protection community. The complexity arises because international intelligence sharing arrangements are different in different areas, my guesses being: 1. criminal intelligence - shared interest among most nations 2. military intelligence - no comment 3. political intelligence - ad hoc, determined by circumstances 4. economic intelligence - no shared interest - 'dog eat dog' This means that there will always be a heated debate between different factions when considering the overall balance of advantage in the intelligence business in any one country. When politicians eventually have to decide whether to back exploitation or protection, the decision "do we get more from other nations than other nations get from us" is never an easy one. And anyone who thinks that this is about law enforcement is living on another planet. But the above list shows why we can expect to see the 'Anglo Saxon' nations increasingly making use of criminal intelligence as the primary 'cover story' for advocating continued crypto controls in Wassenaar. [I should make it clear that I am NOT offering here any evidence from my civil service career either for or against the existence of economic intelligence. Of the four areas listed above, the only one I have ***any*** knowledge of is item 2]. --------------------- My advice to the US and UK governments is to give up cryptography export controls in Wassenaar (and elsewhere) while these governments still have some credibility left. These controls are well past their 'sell by' date, they undermine the protection which e-commerce and the global information society now need and, most of all, their continued advocacy will put politicians and civil servants increasingly at odds with their public in an acrimonious battle which no longer makes any real sense. The future problems that cryptography might pose for society will be more easily countered if we all invest the resources consumed by this issue to more constructive ends. Nations will also need to consider item 4 above: economic intelligence. If we want the rule of law to apply in cyberspace, nations will have to respect information assets owned by others and this means giving up item 4 for the very same reasons that nations eventually recognised the need to stop sponsoring piracy on the high seas in the past. Nations gave up their sponsorship of piracy then when they came to realise that they each gained more from a safe global trading environment than they did in encouraging pirates to plunder the trade routes of other nations. We are now in an analogous situation in cyberspace with some nations claiming to support the global information society - a development which requires respect for the information assets of others - whilst secretly pursuing economic intelligence collection in what amounts to a direct modern analogue of the State sponsored piracy of past ages. The global information society (and the associated global electronic trading environment) cannot truly flourish while nations sponsor (or are perceived by others to sponsor) information piracy in cyberspace. ------------------- Returning to the question "are German and UK policies on encryption similar", I leave others to decide for themselves. My own view is that they are significantly different in terms of the principles they advocate. Brian Gladman From jei@zor.hut.fi Thu, 10 Jun 1999 17:35:42 +0300 (EEST) Date: Thu, 10 Jun 1999 17:35:42 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Connected: Espionage Springtime for spies and cops ... Connected: Espionage Springtime for spies and cops Advances in technology and acquiescent legislators have given law enforcement and national security agencies unprecedented powers to monitor our conversations and track our movements, says Simon Davies (Daily Telegraph London; 06/10/99) These are exciting times for conspiracy theorists. Never before has so much been revealed about the most secret inner workings of government. Few people could have missed the recent mass of revelations about the vast web of covert national security operations in Britain and abroad. Secret spy bases, endemic surveillance of the telephone system and tales of astounding technology spying on our private lives have become dinner-table talk. The floodgates were opened by a 1997 report to the European Parliament, confirming the existence of Echelon, a huge network of spy installations that routinely trawls the entire global telecommunications system, using supercomputers to search through millions of messages and phone calls for key words. More than one government has been embarrassed by the report's disclosures about the activities of the secret American spy base at Menwith Hill in Yorkshire, which eavesdrops on most European communications. The existence of Echelon has been confirmed by the Australian government. Reaction to the report was swift. On September 14, the plenary session of the European Parliament, convening in Strasbourg, took the unprecedented step of openly debating the activities of RAF Menwith Hill and the American National Security Agency (**NSA**). MEPs demanded more openness and accountability of this once hidden activity. Bravo for democracy? Not really. Earlier this year, that same parliament approved laws that will force all telecommunications companies in Europe to make their equipment "wiretap friendly", in effect making them agents of the state. In doing so, the parliament has laid the foundations for a massive eavesdropping system, capable of intercepting all mobile phones, Internet communications, fax messages and pagers throughout Europe. The system, known as Enfopol, will be aided by a "subject tagging" system capable of tracking "targets" wherever they travel. Known as the "International User Requirements for Interception" (IUR), the tagging system will create a data-processing and transmission network that involves not only the names, addresses and phone numbers of targets and associates, but email addresses, credit-card details, PINs and passwords. The system will also merge mobile phone data to create a comprehensive geographic location tracking system. The plan was drawn up in secret by police and justice officials as part of a Europe-wide strategy to create a seamless web of telecommunications surveillance across all national boundaries. The strategy was devised by national security agencies and by the FBI, which instigated with Brussels a top- secret planning organisation called the International Law Enforcement Telecommunications Seminar (Ilets). In time the two technical systems - one designed for national security and one for law enforcement - will merge, and in the process will finally eliminate national control over surveillance activities. At first sight, these revelations are startling. But Europe and the United States have been spying together for many years. In 1947, in the face of the Soviet threat, the governments of Britain, America, Canada, Australia and New Zealand signed a security pact known as the "Quadripartite", or "United Kingdom - United States" (UKUSA) agreement. It is probably one of the most secret documents in the world. Under its terms, the five nations carved up the world into five spheres of influence, and each was assigned particular targets (Britain, for example, was responsible for intercepting the Chinese, through its Hong Kong listening post, while America was given other responsibilities to cover from its listening posts in Taiwan, Japan and Korea). The UKUSA Agreement standardised terminology, codewords, intercept handling procedures; arrangements for cooperation, sharing of information and access to facilities. The exchange of data and personnel was an important component of the agreement. **NSA** staff from Fort Meade could work from Menwith Hill, or even the Canberra facilities of Australia's Defence Signals Directorate, to intercept local communications, without either nation having formally to approve or disclose the interception. The prime objective of this arrangement was to ensure that all communications throughout the world could be intercepted for the benefit of the signatories. But the birth of digital communications and the Internet created new headaches for the alliance. Accordingly, since the Eighties, the British and American governments have engineered a worldwide effort to boost the capability of their intelligence services to eavesdrop on personal conversations. The campaign has two legal strategies: the first is to make it mandatory for all digital telephone switches, cellular and satellite phones and all developing communication technologies to incorporate surveillance capabilities; the second seeks to limit the dissemination of encryption software. In the late Eighties, in a programme known internally as "Operation Root Canal", American law enforcement officials demanded that telephone companies change their equipment to facilitate the interception of messages. The companies refused, but in 1994, after several years of lobbying, Congress enacted the Communications Assistance for Law Enforcement Act (Calea). Calea requires that terrestrial carriers, cellular phone services and other entities ensure that all their "equipment, facilities or services" are capable of expeditiously enabling the government to intercept "all wire and oral communications carried by the carrier concurrently with their transmission". Communications must be interceptable in such a form that they could be transmitted to a remote government facility. Manufacturers must work with industry and law enforcement to ensure that their equipment meets federal standards. A court can fine a company $10,000 a day for each product that does not comply. While the FBI lobbied Congress and pressured American companies into accepting a tougher Calea, it also leant on American allies to adopt it as an international standard. Europe was the primary target. Since the Seventies, Brussels has taken steps to create a supra- national policing system for Europe. The Schengen system removed the impediment of national borders, and the creation of Europol gives Europe its own version of the FBI. The most recent events have been confirmed by a new European Parliament study - Interception Capabilities 2000 - released last month. In 1991, the FBI held a series of secret meetings with EU member states to persuade them to incorporate Calea into European law. Washington is now pushing the International Telecommunications Union to adopt the standards globally. The second part of the global strategy was to ensure that intelligence and police agencies could understand every communication they intercepted. They attempted to impede the development of cryptography and other security measures, fearing that these technologies would reduce their ability to monitor the emissions of foreign governments and to investigate crime. The result of these efforts has been twofold. First, national borders have disintegrated. National security agencies can now intercept any communication worldwide. Second, the distinction between traditional police and security agencies has been blurred. The future is a seamless, borderless, surveillance web which touches all facets of our communication. Words to watch Echelon A global monitoring system under the auspices of the American National Security Agency, designed to search phone calls, emails, telexes and faxes for key words. Enfopol A massive eavesdropping system capable of intercepting all mobile phone calls, Internet communications, fax messages and pagers throughout Europe. IUR "International User Requirements for Interception" - a tagging system, currently being designed, to create a data processing and transmission network to track suspects. The system will also merge mobile phone data to create a comprehensive geographic location tracking system. Europol The European equivalent of the American Federal Bureau of Investigation; formed to tackle the international drugs trade but has recently had its mandate widened. UKUSA The secret signals intelligence agreement set up in 1947 that divided the world into five regions to be watched over by Australia, Canada, New Zealand, Britain and America. Calea Communications Assistance for Law Enforcement Act - an American law that requires phone operators to help the government intercept traffic. The EU is under pressure to adopt a similar measure. (Copyright 1999 (c) The Telegraph plc, London) _____via IntellX_____ {A2:DailyTelegraphLondon-0610.00556} 06/10/99 From jei@zor.hut.fi Thu, 10 Jun 1999 17:40:52 +0300 (EEST) Date: Thu, 10 Jun 1999 17:40:52 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: [ISN] A Mouse That Roars? Forwarded From: William Knowles http://www.washingtonpost.com/wp-srv/national/dotmil/arkin.htm A Mouse That Roars? By William M. Arkin Special to washingtonpost.com Monday, June 7, 1999 Last week, Newsweek reported that President Clinton approved a covert operation in May to find an electronic silver bullet to do what the White House at the time believed the air war couldn't. According to the report, the CIA would conduct a cyberwar against Milosevic, specifically going after his financial assets in banks throughout Europe. Is the keyboard mightier than the sword? Before Allied Force, the intelligence agencies held a cyberwar exercise to answer this very question. At center stage was the Information Operations Technology Center (IOTC), activated last year and made up of the best cyberwarriors of the U.S. government. Housed at National Security Agency headquarters at Fort Meade, Md., IOTC brings together highly secret capabilities: NSA's P42 information warfare cell, the CIA's Critical Defense Technologies Division, the Pentagon's "special technology operations." Military sources familiar with the March demonstration say there is no question that the keyboard covert operators wowed the Joint Staff with their computer attack capabilities. But they are adamant in insisting that cyberbombs are more laboratory technologies than usable weapons. In fact, the sources point out, the only cyberwar raging is inside the U.S. government where Washington lawyers and policymakers, military leaders, and official hackers battle over the value and legality of network attack. Where's The Bits? --------------------------------------------------------------------------- The day bombs started falling on Yugoslavia, the Air Force Association convened a high-level symposium in San Antonio, Tex., to address the status of information warfare. Washingtonpost.com has obtained a transcript of the two-day proceeding. Gen. John Jumper, commander of U.S. Air Forces in Europe, joined the closed-door session via satellite from his headquarters in Germany. "I have not had much sleep over the last 48 hours, and I am probably not as sharp or prepared as I would like to be," he apologized. Tired or not, the senior air force officer in Europe wasted no time blasting the bias of information warriors to fight battles solely at the "strategic level." He was referring to the very sort of effort Newsweek would speculate about two months later. "When we hear talk of information warfare," Jumper said, "the mind conjures up notions of taking some country's piece of sacred infrastructure in a way that is hardly relevant to the commander at the operational and tactical level." "I would submit that we are not there with information warfare," he concluded. Networking Network Attack ---------------------------------------------------------------------------- Brig. Gen. John B. Baker, commander of the Air Intelligence Agency and head of the Pentagon's Joint Command and Control Warfare Center, followed Jumper. "In my hat as the air force component commander for NSA," he warned, "I spend a lot of time working ... on how to exploit what is going on out there in computer networks." But when it comes to going beyond collecting computer transmissions as raw intelligence to actually manipulating and exploiting the "zeroes and ones" for military value, Baker said, "we have a ways to go." --------------------------------------------------------------------------- Despite all the new information warfare organizations that have been established of late, he lamented that cyberwarriors did not yet have the stature of other warriors: "Effects-based warfare," that is, methods geared to achieve an outcome and not cause traditional damage lacks the "visually pleasing destruction from an armed bomb." Baker stressed that part of the problem in any kind of computer network attack is the concerns on the part of policy-makers in Washington with regard to legality and "traceability." Jumper described his experience: "I picture myself around that same targeting table where you have the fighter pilot, the bomber pilot, the special operations people and the information warriors. As you go down the target list, each one takes a turn raising his or her hand saying, I can take that target.' When you get to the info warrior, the info warrior says, "I can take the target, but first I have to go back to Washington and get a finding." Seeking permission invariably results in artificial restrictions and hesitations in attacking targets, Jumper stressed. From a field perspective, he said, the process of seeking the "special" operation cedes too much decision-making to inside the Beltway. Finding The Way The unusually candid discussions of the institutional and military stumbling blocks to an information warfare future contrasts with the Hollywood vision of cyberwar so common in the mainstream media these days. Still, Maj. Gen. Bruce A. "Orville" Wright told the symposium that "Within the area of computer network exploitation, there is tremendous investment, which, with a little bit of fine tuning, can be turned into a computer network attack capability." The IOTC, Wright said, "is a great organization that has a bright future." He should know. As Deputy Director for Information Operations for the Joint Chiefs of Staff, he is the military head of the interagency center and the top cyber-warrior in the U.S. military. But the key word is future. With the shooting war against Yugoslavia over, it should be crystal clear to anyone that exotic American cyberbombs have not aided the effort in any way. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] From nbohm@ernest.net Thu, 10 Jun 1999 17:36:22 +0100 Date: Thu, 10 Jun 1999 17:36:22 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Germany Frees Crypto At 12:09 PM 6/10/1999 +0100, Brian Gladman wrote: [snip] >--------------------- >"3. For reasons relating to the security of the state, the economy and >society, the Federal Government considers it indispensable that German >manufacturers be capable of developing and manufacturing secure and powerful >encryption products. It will take steps to improve the international >competitiveness of this sector." > >Germany will provide strong encryption products for the international >market. Not exactly a ringing endorsement of Wassenaar and a clear >indication that Germany will join the growing group of nations that will >seek to remove export controls on cryptographic products. [snip] Perhaps this helps explain why it seems to be taking so long for the EU to implement Wassenaar. As I have observed before, all that Wassenaar requires of its members is to put some crypto products on the control list: they can freely permit export of anything they want without committing any breach of the arrangement. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From nbohm@ernest.net Thu, 10 Jun 1999 18:06:22 +0100 Date: Thu, 10 Jun 1999 18:06:22 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Debit Cards (was: RE: ATM scam) At 12:02 PM 6/10/1999 +0100, Ian Miller wrote: >This is very worrying especially in view of the proposed `rebuttable >presumption of validity'. Personally I refuse to have a debit-card at all >for this reason. To date I have considered credit cards adequately safe >because I can refuse (and have refused) to pay the bill when necessary. >However with a proposed 'presumption', it will make credit cards much more >dangerous. As far as I know there is no difference between debit and credit cards here: if the cardholder was not present, then the card issuer cannot charge the card holder's account (no evidence on which to do so), and will rely on whatever rights there may be to charge the transaction back through the system to the merchant. The presumption would indeed undermine this important element of consumer protection. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From baz@dwpub.com Thu, 10 Jun 1999 18:52:42 +0100 Date: Thu, 10 Jun 1999 18:52:42 +0100 From: Barry de la Rosa baz@dwpub.com Subject: Warning: Real Melissa-like virus This is a multi-part message in MIME format. ------=_NextPart_000_0001_01BEB372.6BB63720 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry it's off topic, but this has already brought down one media company (which shall of course remain un-named for now). It's called Worm.ExploreZip, and comes as an email attachment called zipped_files.exe (although be warned this may change.) Full description available at: http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html - -- Barry de la Rosa Reporter, PC Week (UK) Work: barry_delarosa@vnu.co.uk +44 (0)171 316 9364 Home: baz@dwpub.com +44 (0)181 675 0142 Pager: 07654 500 062 PGP DSS Key 0x12363109 PGP RSA Key 0x83543B99 Please send PGP key if available - -- Progress (n.): The process through which Usenet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBN1/7aWL4hE8SNjEJEQLrOgCgpKy3esYSUVmZ49gtCENdbV0D7s4AnAin Wzvb+/5hQOzvvR5DLAqkBj2r =hwqf -----END PGP SIGNATURE----- ------=_NextPart_000_0001_01BEB372.6BB63720 Content-Type: text/x-vcard; name="Barry de la Rosa.vcf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="Barry de la Rosa.vcf" BEGIN:VCARD VERSION:2.1 N:de la Rosa;Barry FN:Barry de la Rosa ORG:VNU Business Publications;PC Week TITLE:Reporter TEL;WORK;VOICE:0171 316 9364 TEL;HOME;VOICE:0181 675 0142 TEL;WORK;FAX:0171 316 9355 ADR;WORK:;2nd Floor;32-34 Broadwick Street;London;;W1A 2HG;United = Kingdom LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:2nd Floor=3D0D=3D0A32-34 = Broadwick Street=3D0D=3D0ALondon W1A 2HG=3D0D=3D0AUnited Kingdo=3D m ADR;HOME;ENCODING=3DQUOTED-PRINTABLE:;;15 Atkins = Road=3D0D=3D0ABalham;SW12 0AA;;;United Kingdom LABEL;HOME;ENCODING=3DQUOTED-PRINTABLE:15 Atkins = Road=3D0D=3D0ABalham=3D0D=3D0ASW12 0AA=3D0D=3D0AUnited Kingdom ROLE:Journalist BDAY:19700202 EMAIL;PREF;INTERNET:barry_delarosa@vnu.co.uk EMAIL;INTERNET:baz@dwpub.com EMAIL;INTERNET:bpdlr@hotmail.com REV:19990331T145926Z END:VCARD ------=_NextPart_000_0001_01BEB372.6BB63720-- From andreas@andreas.org 09 Jun 1999 18:27:10 +0200 Date: 09 Jun 1999 18:27:10 +0200 From: Andreas Bogk andreas@andreas.org Subject: Germany Frees Crypto Phillip Temple writes: > Hence [GSM] handsets sold to different nations had different levels of > being crippled (by blanking xxx of the top bits of the key). There The number of blanked keybits is 10, and is not dependent of the handset, but of the implementation of the authentication algorithms A3/A8 in the SIM chipcard and the Authentication center of the network provider. I haven't seen a single provider who didn't cripple the keylength. Andreas -- Reality is two's complement. See: ftp://ftp.netcom.com/pub/hb/hbaker/hakmem/hacks.html#item154 From daw@cs.berkeley.edu 9 Jun 1999 18:15:35 -0700 Date: 9 Jun 1999 18:15:35 -0700 From: David Wagner daw@cs.berkeley.edu Subject: Germany Frees Crypto In article <199906041415.PAA09095@onlinemagic.com>, Phillip Temple wrote: > The original specs for GSM had strong crypto. From the previous > discussions I remember, it was rather a case of different national > interests having different agendas re: eavesdropping. I don't think > it applied to any one manufacturer, it was rather across the board. > Hence handsets sold to different nations had different levels of > being crippled (by blanking xxx of the top bits of the key). There > was also the story of the Sicily Mafia buying German mobile > phones to stop the Italian law enforcement from listening in. Interesting. It seems to work a little differently now. Today, you get three choices: semi-weak-ish (54-bit A5/1), very-weak (54-bit A5/2), or cleartext (A5/0). The only variation in security is in the choice of algorithm, not in how many bits of the key are zeroed. Export controls on base stations are used to control which countries get which algorithm. Every modern GSM handset supports all three algorithms (I believe). Everyone that I know of seems to be uniformly blanking the top 10 bits, and no more. I think it should, in principle, be possible for providers to weaken targeted users by fixing more bits of the key (if they modify both the HLR _and_ the user's SIM), but I don't know of anyone who is doing this. If you know of any exceptions to this rule, I would be interested in hearing more information... From alecm@coyote.UK.Sun.COM Thu, 10 Jun 1999 11:36:23 +0100 Date: Thu, 10 Jun 1999 11:36:23 +0100 From: Alec Muffett alecm@coyote.UK.Sun.COM Subject: BP Item on the "Today" programme on Radio4 just before 9am this morning, saying that Bletchley Park has been "saved for the nation", with some comment from a Government type en-route to BP, and a chat with one of the BP Trust executives. Apparently they're not getting Govt money, but they *are* getting the land... Does anyone have any more information? - alec From jei@zor.hut.fi Thu, 10 Jun 1999 17:35:42 +0300 (EEST) Date: Thu, 10 Jun 1999 17:35:42 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Connected: Espionage Springtime for spies and cops ... Connected: Espionage Springtime for spies and cops Advances in technology and acquiescent legislators have given law enforcement and national security agencies unprecedented powers to monitor our conversations and track our movements, says Simon Davies (Daily Telegraph London; 06/10/99) These are exciting times for conspiracy theorists. Never before has so much been revealed about the most secret inner workings of government. Few people could have missed the recent mass of revelations about the vast web of covert national security operations in Britain and abroad. Secret spy bases, endemic surveillance of the telephone system and tales of astounding technology spying on our private lives have become dinner-table talk. The floodgates were opened by a 1997 report to the European Parliament, confirming the existence of Echelon, a huge network of spy installations that routinely trawls the entire global telecommunications system, using supercomputers to search through millions of messages and phone calls for key words. More than one government has been embarrassed by the report's disclosures about the activities of the secret American spy base at Menwith Hill in Yorkshire, which eavesdrops on most European communications. The existence of Echelon has been confirmed by the Australian government. Reaction to the report was swift. On September 14, the plenary session of the European Parliament, convening in Strasbourg, took the unprecedented step of openly debating the activities of RAF Menwith Hill and the American National Security Agency (**NSA**). MEPs demanded more openness and accountability of this once hidden activity. Bravo for democracy? Not really. Earlier this year, that same parliament approved laws that will force all telecommunications companies in Europe to make their equipment "wiretap friendly", in effect making them agents of the state. In doing so, the parliament has laid the foundations for a massive eavesdropping system, capable of intercepting all mobile phones, Internet communications, fax messages and pagers throughout Europe. The system, known as Enfopol, will be aided by a "subject tagging" system capable of tracking "targets" wherever they travel. Known as the "International User Requirements for Interception" (IUR), the tagging system will create a data-processing and transmission network that involves not only the names, addresses and phone numbers of targets and associates, but email addresses, credit-card details, PINs and passwords. The system will also merge mobile phone data to create a comprehensive geographic location tracking system. The plan was drawn up in secret by police and justice officials as part of a Europe-wide strategy to create a seamless web of telecommunications surveillance across all national boundaries. The strategy was devised by national security agencies and by the FBI, which instigated with Brussels a top- secret planning organisation called the International Law Enforcement Telecommunications Seminar (Ilets). In time the two technical systems - one designed for national security and one for law enforcement - will merge, and in the process will finally eliminate national control over surveillance activities. At first sight, these revelations are startling. But Europe and the United States have been spying together for many years. In 1947, in the face of the Soviet threat, the governments of Britain, America, Canada, Australia and New Zealand signed a security pact known as the "Quadripartite", or "United Kingdom - United States" (UKUSA) agreement. It is probably one of the most secret documents in the world. Under its terms, the five nations carved up the world into five spheres of influence, and each was assigned particular targets (Britain, for example, was responsible for intercepting the Chinese, through its Hong Kong listening post, while America was given other responsibilities to cover from its listening posts in Taiwan, Japan and Korea). The UKUSA Agreement standardised terminology, codewords, intercept handling procedures; arrangements for cooperation, sharing of information and access to facilities. The exchange of data and personnel was an important component of the agreement. **NSA** staff from Fort Meade could work from Menwith Hill, or even the Canberra facilities of Australia's Defence Signals Directorate, to intercept local communications, without either nation having formally to approve or disclose the interception. The prime objective of this arrangement was to ensure that all communications throughout the world could be intercepted for the benefit of the signatories. But the birth of digital communications and the Internet created new headaches for the alliance. Accordingly, since the Eighties, the British and American governments have engineered a worldwide effort to boost the capability of their intelligence services to eavesdrop on personal conversations. The campaign has two legal strategies: the first is to make it mandatory for all digital telephone switches, cellular and satellite phones and all developing communication technologies to incorporate surveillance capabilities; the second seeks to limit the dissemination of encryption software. In the late Eighties, in a programme known internally as "Operation Root Canal", American law enforcement officials demanded that telephone companies change their equipment to facilitate the interception of messages. The companies refused, but in 1994, after several years of lobbying, Congress enacted the Communications Assistance for Law Enforcement Act (Calea). Calea requires that terrestrial carriers, cellular phone services and other entities ensure that all their "equipment, facilities or services" are capable of expeditiously enabling the government to intercept "all wire and oral communications carried by the carrier concurrently with their transmission". Communications must be interceptable in such a form that they could be transmitted to a remote government facility. Manufacturers must work with industry and law enforcement to ensure that their equipment meets federal standards. A court can fine a company $10,000 a day for each product that does not comply. While the FBI lobbied Congress and pressured American companies into accepting a tougher Calea, it also leant on American allies to adopt it as an international standard. Europe was the primary target. Since the Seventies, Brussels has taken steps to create a supra- national policing system for Europe. The Schengen system removed the impediment of national borders, and the creation of Europol gives Europe its own version of the FBI. The most recent events have been confirmed by a new European Parliament study - Interception Capabilities 2000 - released last month. In 1991, the FBI held a series of secret meetings with EU member states to persuade them to incorporate Calea into European law. Washington is now pushing the International Telecommunications Union to adopt the standards globally. The second part of the global strategy was to ensure that intelligence and police agencies could understand every communication they intercepted. They attempted to impede the development of cryptography and other security measures, fearing that these technologies would reduce their ability to monitor the emissions of foreign governments and to investigate crime. The result of these efforts has been twofold. First, national borders have disintegrated. National security agencies can now intercept any communication worldwide. Second, the distinction between traditional police and security agencies has been blurred. The future is a seamless, borderless, surveillance web which touches all facets of our communication. Words to watch Echelon A global monitoring system under the auspices of the American National Security Agency, designed to search phone calls, emails, telexes and faxes for key words. Enfopol A massive eavesdropping system capable of intercepting all mobile phone calls, Internet communications, fax messages and pagers throughout Europe. IUR "International User Requirements for Interception" - a tagging system, currently being designed, to create a data processing and transmission network to track suspects. The system will also merge mobile phone data to create a comprehensive geographic location tracking system. Europol The European equivalent of the American Federal Bureau of Investigation; formed to tackle the international drugs trade but has recently had its mandate widened. UKUSA The secret signals intelligence agreement set up in 1947 that divided the world into five regions to be watched over by Australia, Canada, New Zealand, Britain and America. Calea Communications Assistance for Law Enforcement Act - an American law that requires phone operators to help the government intercept traffic. The EU is under pressure to adopt a similar measure. (Copyright 1999 (c) The Telegraph plc, London) _____via IntellX_____ {A2:DailyTelegraphLondon-0610.00556} 06/10/99 From jei@zor.hut.fi Thu, 10 Jun 1999 17:40:52 +0300 (EEST) Date: Thu, 10 Jun 1999 17:40:52 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: [ISN] A Mouse That Roars? Forwarded From: William Knowles http://www.washingtonpost.com/wp-srv/national/dotmil/arkin.htm A Mouse That Roars? By William M. Arkin Special to washingtonpost.com Monday, June 7, 1999 Last week, Newsweek reported that President Clinton approved a covert operation in May to find an electronic silver bullet to do what the White House at the time believed the air war couldn't. According to the report, the CIA would conduct a cyberwar against Milosevic, specifically going after his financial assets in banks throughout Europe. Is the keyboard mightier than the sword? Before Allied Force, the intelligence agencies held a cyberwar exercise to answer this very question. At center stage was the Information Operations Technology Center (IOTC), activated last year and made up of the best cyberwarriors of the U.S. government. Housed at National Security Agency headquarters at Fort Meade, Md., IOTC brings together highly secret capabilities: NSA's P42 information warfare cell, the CIA's Critical Defense Technologies Division, the Pentagon's "special technology operations." Military sources familiar with the March demonstration say there is no question that the keyboard covert operators wowed the Joint Staff with their computer attack capabilities. But they are adamant in insisting that cyberbombs are more laboratory technologies than usable weapons. In fact, the sources point out, the only cyberwar raging is inside the U.S. government where Washington lawyers and policymakers, military leaders, and official hackers battle over the value and legality of network attack. Where's The Bits? --------------------------------------------------------------------------- The day bombs started falling on Yugoslavia, the Air Force Association convened a high-level symposium in San Antonio, Tex., to address the status of information warfare. Washingtonpost.com has obtained a transcript of the two-day proceeding. Gen. John Jumper, commander of U.S. Air Forces in Europe, joined the closed-door session via satellite from his headquarters in Germany. "I have not had much sleep over the last 48 hours, and I am probably not as sharp or prepared as I would like to be," he apologized. Tired or not, the senior air force officer in Europe wasted no time blasting the bias of information warriors to fight battles solely at the "strategic level." He was referring to the very sort of effort Newsweek would speculate about two months later. "When we hear talk of information warfare," Jumper said, "the mind conjures up notions of taking some country's piece of sacred infrastructure in a way that is hardly relevant to the commander at the operational and tactical level." "I would submit that we are not there with information warfare," he concluded. Networking Network Attack ---------------------------------------------------------------------------- Brig. Gen. John B. Baker, commander of the Air Intelligence Agency and head of the Pentagon's Joint Command and Control Warfare Center, followed Jumper. "In my hat as the air force component commander for NSA," he warned, "I spend a lot of time working ... on how to exploit what is going on out there in computer networks." But when it comes to going beyond collecting computer transmissions as raw intelligence to actually manipulating and exploiting the "zeroes and ones" for military value, Baker said, "we have a ways to go." --------------------------------------------------------------------------- Despite all the new information warfare organizations that have been established of late, he lamented that cyberwarriors did not yet have the stature of other warriors: "Effects-based warfare," that is, methods geared to achieve an outcome and not cause traditional damage lacks the "visually pleasing destruction from an armed bomb." Baker stressed that part of the problem in any kind of computer network attack is the concerns on the part of policy-makers in Washington with regard to legality and "traceability." Jumper described his experience: "I picture myself around that same targeting table where you have the fighter pilot, the bomber pilot, the special operations people and the information warriors. As you go down the target list, each one takes a turn raising his or her hand saying, I can take that target.' When you get to the info warrior, the info warrior says, "I can take the target, but first I have to go back to Washington and get a finding." Seeking permission invariably results in artificial restrictions and hesitations in attacking targets, Jumper stressed. From a field perspective, he said, the process of seeking the "special" operation cedes too much decision-making to inside the Beltway. Finding The Way The unusually candid discussions of the institutional and military stumbling blocks to an information warfare future contrasts with the Hollywood vision of cyberwar so common in the mainstream media these days. Still, Maj. Gen. Bruce A. "Orville" Wright told the symposium that "Within the area of computer network exploitation, there is tremendous investment, which, with a little bit of fine tuning, can be turned into a computer network attack capability." The IOTC, Wright said, "is a great organization that has a bright future." He should know. As Deputy Director for Information Operations for the Joint Chiefs of Staff, he is the military head of the interagency center and the top cyber-warrior in the U.S. military. But the key word is future. With the shooting war against Yugoslavia over, it should be crystal clear to anyone that exotic American cyberbombs have not aided the effort in any way. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] From Bruce.Taylor@hedb.uib.no Fri, 11 Jun 1999 11:15:26 +0200 Date: Fri, 11 Jun 1999 11:15:26 +0200 From: Bruce Taylor Bruce.Taylor@hedb.uib.no Subject: ATM scam (fwd) Another report of this method can be found in Risks Digest 20.31 Bruce >--------- Forwarded message ---------- >Date: Mon, 7 Jun 1999 23:08:55 +0100 (GMT) >From: Quentin Campbell >Reply-To: ukcrypto@maillist.ox.ac.uk >To: ukcrypto@maillist.ox.ac.uk >Subject: ATM scam > >An aquaintance of ours recently lost 600 pounds through unauthorised >withdrawls from ATMs. It transpires that 200 pounds was withdrawn each day >from her account over the Bank Holiday weekend. She had previously used >her card in an ATM at a local supermarket just before the Bank Holiday. > >I understand that there has been a spate of similar thefts of card info >recently by tampering with the ATM in such a way that card details and PIN >can be recorded remotely. Does anyone have any further information on the >technique(s) used? Are ATMs in bank lobbies less vulnerable? > >Is this another example of a poorly implemented security system (ref. >Brian Gladman and others) or is this classed as a different type of >failure? > >The other interesting feature of this incident is that the bank appears to >be up-front about what has been going on. There has been no attempt to >hide the fact that other customers have been stung in a similar way >recently and it has even given some details on how the scam operates. It >was the garbled version that I got that has prompted this posting. > >The bank appears to be responding rapidly to restore the accounts affected >(and presumably their customers' confidence in the bank). > >The bank involved was Lloyds-TSB. Are UK banks' ATMs all of very similar >technology and security features or are some more vulnerable than others >to the sort of tampering that appears to have gone on here? Just curious >since we also are with Lloyds-TSB. :-( > >Quentin > Bruce Taylor Bruce.Taylor@hedb.uib.no HF fakultetets EDB-seksjon Computing Section, Faculty of the Arts Universitetet i Bergen N-5007 Bergen NORWAY From J.Goldberg@Cranfield.ac.uk Fri, 11 Jun 1999 10:34:00 +0100 (GMT) Date: Fri, 11 Jun 1999 10:34:00 +0100 (GMT) From: Jeffrey Goldberg J.Goldberg@Cranfield.ac.uk Subject: BP On Thu, 10 Jun 1999, Alec Muffett wrote: > Apparently [the Bletchley Park Trust] are not getting Govt money, but > they *are* getting the land... > > Does anyone have any more information? May I recommend that you join the BletchleyPark disuccsion list http://www.cranfield.ac.uk/ccc/bpark/list-info.html And repost your question there. So far postings have only been reports of press reports, but Christine Large and Tony Sale are both members of that list an should give us details soon. Also check out http://www.bletchleypark.org.uk/press.htm for press releases. There are two dated June 10 and one June 7. -j -- Jeffrey Goldberg +44 (0)1234 750 111 x 2826 Cranfield Computer Centre FAX 751 814 J.Goldberg@Cranfield.ac.uk http://WWW.Cranfield.ac.uk/public/cc/cc047/ Relativism is the triumph of authority over truth, convention over justice. From alan@kable.co.uk Fri, 11 Jun 1999 10:49:52 +0100 Date: Fri, 11 Jun 1999 10:49:52 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: BP -----Original Message----- Alec M wrote: Item on the "Today" programme on Radio4 just before 9am this morning, saying that Bletchley Park has been "saved for the nation", ..... Does anyone have any more information? Have a look at http://www.bletchleypark.org.uk/ which is the website of the Bletchley Park Trust. Different bits of the site have been owned by BT and the Govt agency which owns its non-military lands. Both, as far as I recall, wanted to sell it off for housing - BT obviously wants to increase its minute profits and the agency has no option but to maximise return under whatever rules are set for it. I think some of the site is still to be used for development but there's some deal to restore the main house and some of the huts and turn them into a museum (or what the radio programme I heard called a theme park) on computing. Has GCHQ still got a Colossus or a Bombe they can let the museum have, I wonder? They've got at least one Enigma machine but they claim they are ten a penny, really. Alan - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at http://www.streetmap.co.uk/streetmap.dll?grid2map?X=531650&Y=181750&arrow=Y From Piete.Brooks@cl.cam.ac.uk Fri, 11 Jun 1999 11:05:14 +0100 Date: Fri, 11 Jun 1999 11:05:14 +0100 From: Piete Brooks Piete.Brooks@cl.cam.ac.uk Subject: BP > Does anyone have any more information? I saw it yesterday in http://www.bletchleypark.org.uk/press.htm -- still there June 10 1999 SEVEN YEARS' NEGOTIATION PRODUCE FEELGOOD DEAL FOR BLETCHLEY PARK Bletchley Park, home of the WW2 codebreakers and the world's first ... From pete@sorted.org Fri, 11 Jun 1999 11:05:50 +0100 Date: Fri, 11 Jun 1999 11:05:50 +0100 From: Pete Bentley pete@sorted.org Subject: BP At Thu, 10 Jun 1999 11:36:23 BST, Alec Muffett writes:- > Item on the "Today" programme on Radio4 just before 9am this morning, > saying that Bletchley Park has been "saved for the nation" [...] >=20 > Does anyone have any more information? >From http://www.theregister.co.uk/990610-000025.html:- Posted 10/06/99 3:57pm by Tony Smith BT saves Station X for exploitation Bletchley Park, site of the British successful attempts to crack Nazi cyphers during World War 2 and old stomping ground of this reporter, is finally destined to become a crypto theme park. Today, Bletchley Park Trust chairman Sir Philip Duncombe announced that British Telecom and land-owning quango Pace have saved the site for the Nation from the clutches of the local authority, Milton Keynes District Council. Milton Keynes, famous for its cornflake box school of architecture and possessor of one of the highest young male suicide rates in the country, had considered turning the home of the world's first electronic computer into prime development land. However, thanks to funding from BT and Pace, the Bletchley Park Trust will be able to buy the site and turn it into a major heritage centre. BT and Pace will own the site, originally known by its codename, Station X, and lease it for a 250-year period to the Trust. While we welcome the preservation of this important national -- nay, international -- monument, we can't help be worried by the dreaded phrase 'heritage centre'. If it's anything like most such locations in the tourist-tempting British Isles, visitors can expected to be hawked Alan Turing Towel Sets, Wolfpacks of Biscuits, Bletchley Baseball Hats, Colossus Cream Teas, the Admiral Doenitz Bouncy Castle and other such tat. =AE From maxsec@usa.net Fri, 11 Jun 1999 11:08:14 +0100 Date: Fri, 11 Jun 1999 11:08:14 +0100 From: Martin Hepworth maxsec@usa.net Subject: BP Alec Muffett wrote: > > Item on the "Today" programme on Radio4 just before 9am this morning, > saying that Bletchley Park has been "saved for the nation", with some > comment from a Government type en-route to BP, and a chat with one of > the BP Trust executives. Apparently they're not getting Govt money, > but they *are* getting the land... > > Does anyone have any more information? > > - alec Alec Should be (according to the actual press release) BT, not BP. For a fuller list of links etc see http://slashdot.org/article.pl?sid=99/06/10/1220202&mode=thread Martin From alecm@coyote.UK.Sun.COM Fri, 11 Jun 1999 11:20:30 +0100 Date: Fri, 11 Jun 1999 11:20:30 +0100 From: Alec Muffett alecm@coyote.UK.Sun.COM Subject: BP [reply-to: set to me; probably doesn't require a list followup] >At Thu, 10 Jun 1999 11:36:23 BST, Alec Muffett writes:- I suspect that I really am going to regret that this mail took 24hrs to hit ukcrypto; I already have lots of answers now that the news has had time to propagate... 8-) Just as a nitpick of the press release: >Around half the total site will be acquired by the Trust in a >250 year lease from co-owners PACE, the government land >agency and British Telecom. ...does anyone know what the other half of the site is to be used for? Last time I was there, there was a very nice military vehicles exhibit, and I was wondering if that area will survive? - alec -- alec muffett, sun professional services, alec.muffett @ uk.sun.com we had joy, we had fun, we were forking on a sun From Bruce.Taylor@hedb.uib.no Fri, 11 Jun 1999 11:15:26 +0200 Date: Fri, 11 Jun 1999 11:15:26 +0200 From: Bruce Taylor Bruce.Taylor@hedb.uib.no Subject: ATM scam (fwd) Another report of this method can be found in Risks Digest 20.31 Bruce >--------- Forwarded message ---------- >Date: Mon, 7 Jun 1999 23:08:55 +0100 (GMT) >From: Quentin Campbell >Reply-To: ukcrypto@maillist.ox.ac.uk >To: ukcrypto@maillist.ox.ac.uk >Subject: ATM scam > >An aquaintance of ours recently lost 600 pounds through unauthorised >withdrawls from ATMs. It transpires that 200 pounds was withdrawn each day >from her account over the Bank Holiday weekend. She had previously used >her card in an ATM at a local supermarket just before the Bank Holiday. > >I understand that there has been a spate of similar thefts of card info >recently by tampering with the ATM in such a way that card details and PIN >can be recorded remotely. Does anyone have any further information on the >technique(s) used? Are ATMs in bank lobbies less vulnerable? > >Is this another example of a poorly implemented security system (ref. >Brian Gladman and others) or is this classed as a different type of >failure? > >The other interesting feature of this incident is that the bank appears to >be up-front about what has been going on. There has been no attempt to >hide the fact that other customers have been stung in a similar way >recently and it has even given some details on how the scam operates. It >was the garbled version that I got that has prompted this posting. > >The bank appears to be responding rapidly to restore the accounts affected >(and presumably their customers' confidence in the bank). > >The bank involved was Lloyds-TSB. Are UK banks' ATMs all of very similar >technology and security features or are some more vulnerable than others >to the sort of tampering that appears to have gone on here? Just curious >since we also are with Lloyds-TSB. :-( > >Quentin > Bruce Taylor Bruce.Taylor@hedb.uib.no HF fakultetets EDB-seksjon Computing Section, Faculty of the Arts Universitetet i Bergen N-5007 Bergen NORWAY From alecm@coyote.UK.Sun.COM Fri, 11 Jun 1999 11:20:30 +0100 Date: Fri, 11 Jun 1999 11:20:30 +0100 From: Alec Muffett alecm@coyote.UK.Sun.COM Subject: BP [reply-to: set to me; probably doesn't require a list followup] >At Thu, 10 Jun 1999 11:36:23 BST, Alec Muffett writes:- I suspect that I really am going to regret that this mail took 24hrs to hit ukcrypto; I already have lots of answers now that the news has had time to propagate... 8-) Just as a nitpick of the press release: >Around half the total site will be acquired by the Trust in a >250 year lease from co-owners PACE, the government land >agency and British Telecom. ...does anyone know what the other half of the site is to be used for? Last time I was there, there was a very nice military vehicles exhibit, and I was wondering if that area will survive? - alec -- alec muffett, sun professional services, alec.muffett @ uk.sun.com we had joy, we had fun, we were forking on a sun From nbohm@ernest.net Fri, 11 Jun 1999 12:37:39 +0100 Date: Fri, 11 Jun 1999 12:37:39 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Integrity of forms One often has to fill in forms. This can be tricky with a wordprocessor, and one is often reduced to the retrograde step doing it by hand, when one might like to advance progressively to doing it by email. The advantage to the recipient of the use of the printed form is its integrity: they can see that their own text is unaltered. If the user scanned the form into text and used a wordprocessor or email, the recipient would have to check the received form to ensure that there had been no accidental or deliberate changes which altered its effect. An example would be a printed form of guarantee required by a bank. A guarantor who slipped an undetected "not" into a guarantee might reduce its worth to the bank quite considerably. A conventional digital signature would secure the integrity of the uncompleted form, but would be destroyed by the insertions properly made by the person completing it. It would of course be different if the insertions constituted a separate "layer". Has anyone come across the use of cryptography to assure the integrity of a form for completion in this way? It could be a quite widespread e-commerce requirement. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From ben@algroup.co.uk Fri, 11 Jun 1999 13:47:26 +0100 Date: Fri, 11 Jun 1999 13:47:26 +0100 From: Ben Laurie ben@algroup.co.uk Subject: BP Alec Muffett wrote: > > [reply-to: set to me; probably doesn't require a list followup] > > >At Thu, 10 Jun 1999 11:36:23 BST, Alec Muffett writes:- > > I suspect that I really am going to regret that this mail took 24hrs to hit > ukcrypto; I already have lots of answers now that the news has had time to > propagate... 8-) > > Just as a nitpick of the press release: > > >Around half the total site will be acquired by the Trust in a > >250 year lease from co-owners PACE, the government land > >agency and British Telecom. > > ...does anyone know what the other half of the site is to be used for? > Last time I was there, there was a very nice military vehicles > exhibit, and I was wondering if that area will survive? I was told that BT are going to move all their Internet services there. Now, with all the recent talk about Enfopol, I'm sure we shouldn't read anything sinister into that :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Fri, 11 Jun 1999 14:13:48 +0100 Date: Fri, 11 Jun 1999 14:13:48 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Integrity of forms Nicholas Bohm wrote: > > One often has to fill in forms. This can be tricky with a wordprocessor, > and one is often reduced to the retrograde step doing it by hand, when one > might like to advance progressively to doing it by email. > > The advantage to the recipient of the use of the printed form is its > integrity: they can see that their own text is unaltered. If the user > scanned the form into text and used a wordprocessor or email, the recipient > would have to check the received form to ensure that there had been no > accidental or deliberate changes which altered its effect. > > An example would be a printed form of guarantee required by a bank. A > guarantor who slipped an undetected "not" into a guarantee might reduce its > worth to the bank quite considerably. > > A conventional digital signature would secure the integrity of the > uncompleted form, but would be destroyed by the insertions properly made by > the person completing it. It would of course be different if the > insertions constituted a separate "layer". > > Has anyone come across the use of cryptography to assure the integrity of a > form for completion in this way? It could be a quite widespread e-commerce > requirement. It isn't really a cryptographic problem, surely? All you need to be able to do is to differentiate the original form from the responses. The form then needs to be checked to be sure it is the same as the original. To be sure, this could be done with a one-way hash, for example, but it is just as easy to simply compare it to an unadulterated form. What really needs to happen, I'd say, is for there to be agreed ways to deliver forms to the punters and for them to be able to fill them in and sign them without major hassle, and without screwing around with the "fixed" parts of the form. What would be neat, for example, would be for browsers to allow you to sign an HTML form before pressing the "submit" button. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Fri, 11 Jun 1999 14:34:45 +0100 Date: Fri, 11 Jun 1999 14:34:45 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Integrity of forms Ben Laurie wrote: > What would be neat, for example, would be for browsers to allow you to > sign an HTML form before pressing the "submit" button. BTW, despite the hype, XML probably actually is a good basis for this. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From neil@hyperion.co.uk Fri, 11 Jun 1999 14:53:57 +0100 Date: Fri, 11 Jun 1999 14:53:57 +0100 From: Neil McEvoy neil@hyperion.co.uk Subject: Integrity of forms > What would be neat, for example, would be for browsers to allow you to > sign an HTML form before pressing the "submit" button. We have implemented a system to do just this in a prototype for the University of Surrey, to enable distance learners to submit requests for university services, such as photocopies. Neil ----------------------------------------------------------------- Neil McEvoy 8 Frederick Sanger Road Director, Consult Hyperion Guildford, Surrey, GU2 5YD, UK mailto:neil@hyperion.co.uk Tel: +44 (0)1483 301793 http://www.hyperion.co.uk Fax: +44 (0)1483 561657 Where people, networks and money come together...consult Hyperion From Ross.Anderson@cl.cam.ac.uk Fri, 11 Jun 1999 14:59:16 +0100 Date: Fri, 11 Jun 1999 14:59:16 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Integrity of forms Nick: > Has anyone come across the use of cryptography to assure the integrity of a > form for completion in this way? It could be a quite widespread e-commerce > requirement. We have a system in which you can protect the integrity of style sheets, so that for example someone filling out an electronic cheque would automatically end up with something which would satisfy the legal requirements under the Bills of Exchange Act (assuming of course that the style sheet were competently designed). Further information at http://www.cl.cam.ac.uk/~jhl21/jikzi-cpw/ Ben Laurie: > What really needs to happen, I'd say, is for there to be agreed ways to > deliver forms to the punters and for them to be able to fill them in and > sign them without major hassle, and without screwing around with the > "fixed" parts of the form. Unfortunately, browsers already support this. That's why you can't buy a book from Amazon without giving them a phone number. This is actually a serious erosion of consumers' rights compared with the world of paper, where if you send in an order with a cheque but leave the `phone' part of the form blank (or write `NOYB') the chances are that the order will get processed. Incidentally, the Data Protection Registrar, to whom I complained about Amazon, has taken the view that what they do is fine. I am increasingly concerned about the plan to appoint her Information Commissioner too. A commissioner who won't stand up for the rights of the little guy against big guns such as Amazon or the Department of Health isn't likely to be much use. Ross s From nicko@ncipher.com Fri, 11 Jun 1999 13:58:52 -0400 Date: Fri, 11 Jun 1999 13:58:52 -0400 From: Nicko van Someren nicko@ncipher.com Subject: Integrity of forms Since version 4.03, Netscape web browsers have had the ability to sign the data in forms submitted by the user. The signing takes place with the user's S/MIME email signing key and the use is presented with the exact text to be signed before the signature is applied. The standard mode of this is that a Javascript code fragment in the form page takes the important fields from the form and turns them into a readable string, and this string gets signed, so that the user knows in what context their field values are to be used. Details can be found at: http://developer.netscape.com/tech/security/formsign/formsign.html Nicko Nicholas Bohm wrote: > One often has to fill in forms. This can be tricky with a wordprocessor, > and one is often reduced to the retrograde step doing it by hand, when one > might like to advance progressively to doing it by email. > > The advantage to the recipient of the use of the printed form is its > integrity: they can see that their own text is unaltered. If the user > scanned the form into text and used a wordprocessor or email, the recipient > would have to check the received form to ensure that there had been no > accidental or deliberate changes which altered its effect. > > An example would be a printed form of guarantee required by a bank. A > guarantor who slipped an undetected "not" into a guarantee might reduce its > worth to the bank quite considerably. > > A conventional digital signature would secure the integrity of the > uncompleted form, but would be destroyed by the insertions properly made by > the person completing it. It would of course be different if the > insertions constituted a separate "layer". > > Has anyone come across the use of cryptography to assure the integrity of a > form for completion in this way? It could be a quite widespread e-commerce > requirement. From gladman@seven77.demon.co.uk Fri, 11 Jun 1999 15:07:49 +0100 Date: Fri, 11 Jun 1999 15:07:49 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Integrity of forms From: Nicholas Bohm To: Sent: 11 June 1999 12:37 PM Subject: Integrity of forms > One often has to fill in forms. This can be tricky with a wordprocessor, > and one is often reduced to the retrograde step doing it by hand, when one > might like to advance progressively to doing it by email. > > The advantage to the recipient of the use of the printed form is its > integrity: they can see that their own text is unaltered. If the user > scanned the form into text and used a wordprocessor or email, the recipient > would have to check the received form to ensure that there had been no > accidental or deliberate changes which altered its effect. But someone can also easily scan and reprint the form and hence introduce changes in what appears to be the original. I have run several experiments by doing this (without change to content) to see if anyone would pick up that the form I gave back was not the one I had been given. This has never been noticed and this was still true even when I made some quite obvious changes to layout. My conclusion was that the idea that 'printed' text is hard to change is very ingrained. And, of course, since modern computer based scanning and printing is very affordable, accurate and easy to use, there are probably all sorts of scams that are now easily possible (and, I suspect, less risky than copying banknotes). > An example would be a printed form of guarantee required by a bank. A > guarantor who slipped an undetected "not" into a guarantee might reduce its > worth to the bank quite considerably. > > A conventional digital signature would secure the integrity of the > uncompleted form, but would be destroyed by the insertions properly made by > the person completing it. It would of course be different if the > insertions constituted a separate "layer". > > Has anyone come across the use of cryptography to assure the integrity of a > form for completion in this way? It could be a quite widespread e-commerce > requirement. The short answer for me is 'no'. In MS Word (and I suspect other word processors as well) it would not be difficult for the form originator to write Visual Basic code that checked the incoming form against an original whilst also putting the entries into a database. In fact it would be quite likely that automated entry extraction code would work in this sort of way. Digital signature technology would probably be overkill for this specific requirement (and probably a complication as well). Brian Gladman From ben@algroup.co.uk Fri, 11 Jun 1999 15:50:25 +0100 Date: Fri, 11 Jun 1999 15:50:25 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Integrity of forms Neil McEvoy wrote: > > > What would be neat, for example, would be for browsers to allow you to > > sign an HTML form before pressing the "submit" button. > > We have implemented a system to do just this in a prototype for the > University of Surrey, to enable distance learners to submit requests for > university services, such as photocopies. Cool. Implemented how? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Fri, 11 Jun 1999 15:52:44 +0100 Date: Fri, 11 Jun 1999 15:52:44 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Integrity of forms Ross Anderson wrote: > Ben Laurie: > > > What really needs to happen, I'd say, is for there to be agreed ways to > > deliver forms to the punters and for them to be able to fill them in and > > sign them without major hassle, and without screwing around with the > > "fixed" parts of the form. > > Unfortunately, browsers already support this. That's why you can't buy a > book from Amazon without giving them a phone number. This is actually a > serious erosion of consumers' rights compared with the world of paper, > where if you send in an order with a cheque but leave the `phone' part of > the form blank (or write `NOYB') the chances are that the order will get > processed. > > Incidentally, the Data Protection Registrar, to whom I complained about > Amazon, has taken the view that what they do is fine. I am increasingly > concerned about the plan to appoint her Information Commissioner too. A > commissioner who won't stand up for the rights of the little guy against > big guns such as Amazon or the Department of Health isn't likely to be > much use. Whilst I don't disagree with any of this, it is somewhat tangential to my point which was that you need to be able to fill _and sign_ forms, which browsers do not support, AFAIK. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Fri, 11 Jun 1999 15:56:30 +0100 Date: Fri, 11 Jun 1999 15:56:30 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Integrity of forms Nicko van Someren wrote: > > Since version 4.03, Netscape web browsers have had the ability to sign > the data in forms submitted by the user. The signing takes place with > the user's S/MIME email signing key and the use is presented with the > exact text to be signed before the signature is applied. The standard > mode of this is that a Javascript code fragment in the form page takes the > important fields from the form and turns them into a readable string, and > this string gets signed, so that the user knows in what context their > field values are to be used. > > Details can be found at: > http://developer.netscape.com/tech/security/formsign/formsign.html Blimey. Shame they don't draw attention to this kind of useful stuff! Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From alan@kable.co.uk Fri, 11 Jun 1999 15:55:19 +0100 Date: Fri, 11 Jun 1999 15:55:19 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: Integrity of forms Brian Gladman wrote .... .... My conclusion was that the idea that 'printed' text is hard to change is very ingrained. And, of course, since modern computer based scanning and printing is very affordable, accurate and easy to use, there are probably all sorts of scams that are now easily possible (and, I suspect, less risky than copying banknotes). onstituted a separate "layer". .... In MS Word (and I suspect other word processors as well) it would not be difficult for the form originator to write Visual Basic code that checked the incoming form against an original whilst also putting the entries into a database. There are fairly few programs in use for design and layout of forms and other printed documents - mainly MS Word for basic wordprocessing and document layout, QuarkXpress for fancier publication-quality layout - and all of these are easily available. Most designers use a limited range of fonts (Times New Roman, Helvetica, Univers and so on) which are very standardised - though even fancy fonts are available relatively easily. With care a document can be reproduced exactly - there's no magic in it - and printed on a good quality desktop printer. It's not like in the old days, where printing was a mysterious art and a document printed by one print works would inevitably look different from a document done by another. On the other point, MS Word has a version control system (Tools > Track Changes > Compare Documents in Word 97) which works quite well and could be automated. Alan - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at http://www.streetmap.co.uk/streetmap.dll?grid2map?X=531650&Y=181750&arrow=Y From octobersdad@reporters.net Fri, 11 Jun 1999 16:08:36 +0100 Date: Fri, 11 Jun 1999 16:08:36 +0100 From: T Bruce Tober octobersdad@reporters.net Subject: BP In message <71C96B3A586ED2119DC3204C4F4F5020050810@SERVER>, Alan Burkitt-Gray writes > > > > > > > > > > > -----Original Message----- > Alec M wrote: > Item on the "Today" programme on Radio4 just before 9am this >morning, > saying that Bletchley Park has been "saved for the nation", ..... >Does anyone have any more information? See article in Grunaiad today. It's been made a heritage site. tbt -- | Bruce Tober, , | | Birmingham, UK, EU +44-121-242-3832 (NEW mobile - 0780-374-8255). | | Freelance Journalist. PGP details at my website | | *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* | | My New Domain will be online very soon at | From j.o.hughes@btinternet.com Fri, 11 Jun 1999 20:40:40 +0100 Date: Fri, 11 Jun 1999 20:40:40 +0100 From: John Hughes j.o.hughes@btinternet.com Subject: Integrity of forms Nicholas, look at the products from uwi.com They have the ability to sign a web form that consist of the input data *and* the form. John -----Original Message----- From: Nicholas Bohm [SMTP:nbohm@ernest.net] Sent: 11 June 1999 12:38 To: ukcrypto@maillist.ox.ac.uk Subject: Integrity of forms One often has to fill in forms. This can be tricky with a wordprocessor, and one is often reduced to the retrograde step doing it by hand, when one might like to advance progressively to doing it by email. The advantage to the recipient of the use of the printed form is its integrity: they can see that their own text is unaltered. If the user scanned the form into text and used a wordprocessor or email, the recipient would have to check the received form to ensure that there had been no accidental or deliberate changes which altered its effect. An example would be a printed form of guarantee required by a bank. A guarantor who slipped an undetected "not" into a guarantee might reduce its worth to the bank quite considerably. A conventional digital signature would secure the integrity of the uncompleted form, but would be destroyed by the insertions properly made by the person completing it. It would of course be different if the insertions constituted a separate "layer". Has anyone come across the use of cryptography to assure the integrity of a form for completion in this way? It could be a quite widespread e-commerce requirement. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From nbohm@ernest.net Sat, 12 Jun 1999 10:27:58 +0100 Date: Sat, 12 Jun 1999 10:27:58 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Integrity of forms Thanks for the several helpful replies. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From Ross.Anderson@cl.cam.ac.uk Sun, 13 Jun 1999 14:47:54 +0100 Date: Sun, 13 Jun 1999 14:47:54 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Surprising High Court ruling on privacy this list has from time to time touched on medical privacy, especially in the context of GCHQ's determination to prevent encryption on the NHS wide network or at least impose escrow. Recently there has been an extremely surprising judgment in the High Court, which may end up having the opposite effect to that which appears to have been intended by a no doubt well meaning judge: >http://www.rpsgb.org.uk/55.htm > >Prescription data sale ruled unlawful > >The [English] High Court has ruled that pharmacists cannot lawfully >sell anonymous prescription data because to do so involves breaching >patient confidentiality even though no-one can be identified. In the UK, unline the USA, most of the objectionable secondary uses of personal health information are in the public rather than the private sector. Private health informatics firms have for several years had to abide by professional sensibilities and de-identify data properly before using it for any purposes outside immediate health care; if they don't, then associations such as the BMA will simply tell their members not to supply the information. The current court case amounted to an attempt by central government to wrest this control away from the professions, and unfortunately it seems to have succeeded. The Department of Health has an appalling record on privacy. Readers may recall that Whitehall bureaucrats have a database called HES (Hospital Episode Statistics) which contains summary records of all hospital treatment - diagnostic and treatment codes, costs and outcomes. For years, this information was claimed to be anonymous. But I found out in 1996 that patients are identified on it by postcode and date of birth - a combination which identifies about 98% of UK residents. Given that HES by its nature contains most really sensitive medical facts - such as all lawful terminations of pregnancy and most treatment for HIV infection - this was extremely disturbing. There was a big public row, which had two main outcomes. Firstly, the government set up a committee headed by Dame Fiona Caldicott to look into data flows in the National Health Service. Secondly, the BMA reached an agreement with private sector healthcare informatics firms that data would be de-identified properly; for example, instead of postcode plus date of birth, records should be identified by postcode sector, year of birth and a provider-specific pseudonym. Most of the private sector firms were already following good practice; the agreement consolidated this and opened the possibility of firms getting BMA `approval' for properly designed and operated systems. The Caldicott committee turned out to be a disappointment. It had been advertised as a neutral body of experts, but developed rapidly into a typical government whitewash. It contained neither a lawyer, nor an expert on computer security; it ended up approving the current state of affairs, including some data flows that clearly contravene the criminal law. What it did do was to get the issue off the agenda from late 1996 until after the last election. But the private sector side of things seemed to developing fine. Firms started to develop all sorts of new health management services, including the system that was the subject of the recent litigation. The company that designed it, IMS, sought approval from the BMA's General Practice Committee who asked me to evaluate it. I looked at it on a number of occasions in 1997-8 as it was developed and eventually after they fixed all the flaws I could find, it got approved. The Department of Health's action in seeking to ban it is unsurprising. They are on the defensive against the argument that `Well, Health Secretary, you claim that you need identifiable records of all hospital care episodes and all pharmacy prescriptions in order to manage the health service; but private sector firms can supply all the information which you claim to extract using de-identified data and systems which are approved by the medics'. The judge's action in supporting them is yet another argument for replacing the mandatory Latin courses in law degrees by mandatory computer science courses. It is likely to remove one of the more significant pressures on the civil service for a more ethical approach to personal health information, and by knocking the private sector out of much of the business it will mean that much health care management will in the future be done with easily identifiable data. The demise of private sector competition will untilamtely mean that anybody who wants such data will have to buy it from the NHS Executive, so in addition to the erosion of privacy, an industry will in effect have been privatised without compensation. List members (with the possible exception of Nigel) will no doubt hope that IMS manages to win the appeal. URLs: the story of the 1996 conflict between the BMA and the DoH on de-identification of medical data, which led to Caldicott, is at: http://www.cl.cam.ac.uk/users/rja14/bmaupdate/bmaupdate.html The Caldicott Report itself is at: http://www.imt4nhs.exec.nhs.uk/general/caldico/index.htm Some of the more obvious mistakes in Caldicott are described at: http://www.cl.cam.ac.uk/~rja14/caldicott/caldicott.html The security mechanisms in the IMS system are described in `Protecting the identity of doctors in drug prescription analysis', V Matyas, Health Informatics Journal v 4 no 3-4 (Dec 98) pp 205--2091, Ross From hans.nilsson@iD2tech.com Sun, 13 Jun 1999 22:00:44 +0200 Date: Sun, 13 Jun 1999 22:00:44 +0200 From: Hans Nilsson hans.nilsson@iD2tech.com Subject: SV: Integrity of forms Nick, There are number of companies with products for formsssigning on the = market, e.g. http://www.jetform.com/ http://www.signform.com/ http://www.uwi.com/ Most of these products are using the Microsoft Crypto-API, which means = that you can sign, either with a soft key in your browser, or using a smart = card through a hardware cryptograhic Service Provider. See e.g. http://www.id2tech.com/products/2d.html Regards Hans Nilsson > -----Ursprungligt meddelande----- > Fr=E5n: Nicholas Bohm [SMTP:nbohm@ernest.net] > Skickat: den 11 juni 1999 13:38 > Till: ukcrypto@maillist.ox.ac.uk > =C4mne: Integrity of forms >=20 > One often has to fill in forms. This can be tricky with a = wordprocessor, > and one is often reduced to the retrograde step doing it by hand, = when one > might like to advance progressively to doing it by email. >=20 > The advantage to the recipient of the use of the printed form is its > integrity: they can see that their own text is unaltered. If the = user > scanned the form into text and used a wordprocessor or email, the > recipient > would have to check the received form to ensure that there had been = no > accidental or deliberate changes which altered its effect. >=20 > An example would be a printed form of guarantee required by a bank. = A > guarantor who slipped an undetected "not" into a guarantee might = reduce > its > worth to the bank quite considerably. >=20 > A conventional digital signature would secure the integrity of the > uncompleted form, but would be destroyed by the insertions properly = made > by > the person completing it. It would of course be different if the > insertions constituted a separate "layer". >=20 > Has anyone come across the use of cryptography to assure the = integrity of > a > form for completion in this way? It could be a quite widespread > e-commerce > requirement. >=20 > Regards, >=20 > Nicholas Bohm >=20 > Salkyns, Great Canfield, > Takeley, Bishop's Stortford CM22 6SX, UK >=20 > Phone 01279 871272 (+44 1279 871272) > Fax 01279 870215 (+44 1279 870215) > Mobile 0860 636749 (+44 860 636749) >=20 > PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: > 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 > PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: > 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF >=20 From streaky_Bacon@email.msn.com Fri, 11 Jun 1999 09:34:45 +0100 Date: Fri, 11 Jun 1999 09:34:45 +0100 From: Michael Bacon streaky_Bacon@email.msn.com Subject: Germany Frees Crypto On Friday, June 04, 1999 3:15 PM, Phillip Temple [SMTP:ptemple@onlinemagic.com] wrote: > At 12:43 PM 6/4/99 +0300, Putrefied Cow wrote: > > > >BTW, A long time ago in Finland, I remember reading that the GSM > >phones could have had strong enough crypto that the NSA couldn't > >crack it, and that because of it the UKUSA forced Nokia's hand and > >made them adopt a weak crypto that is easily cracked. > > > >So essentially now every GSM phone is insecure as they can be > >listened into from spy-satellites. > > The original specs for GSM had strong crypto. From the previous > discussions I remember, it was rather a case of different national > interests having different agendas re: eavesdropping. I don't think > it applied to any one manufacturer, it was rather across the board. > Hence handsets sold to different nations had different levels of > being crippled (by blanking xxx of the top bits of the key). There > was also the story of the Sicily Mafia buying German mobile > phones to stop the Italian law enforcement from listening in. Unless there has been a recent change, I believe that the French cellular system doesnot use crypto. This poses the interesting issue of making a call in Basle with roaming enabled. The cell-phone is (roughly) equally likely to logon to (at random) a French, a German or a Swiss network - with varying degrees of protection. Michael (Streaky) Bacon From streaky_Bacon@email.msn.com Fri, 11 Jun 1999 09:52:21 +0100 Date: Fri, 11 Jun 1999 09:52:21 +0100 From: Michael Bacon streaky_Bacon@email.msn.com Subject: ATM scam - slightly off-topic reply On Wednesday, June 09, 1999 10:17 AM, Alan Burkitt-Gray [SMTP:alan@kable.co.uk] wrote: >Quentin Campbell writes >> >>I understand that there has been a spate of similar thefts of card > info >>recently by tampering with the ATM in such a way that card details > and PIN >>can be recorded remotely. Does anyone have any further information > on the >>technique(s) used? Are ATMs in bank lobbies less vulnerable? > > My wife's personal experience from yesterday, at a legit bank machine > (installed in a railway station) in south-east London: She took out ?50. [snip - MB] My wife complained to our bank manager (at the nearest > branch, about a mile away): [snip - MB] (he) confirmed on the bank's computer > system that the right deduction had been made. [snip - MB] > (And, in case any bank people are reading this, I expect it is a clear > contravention of the Data Protection Act to try to match up my name at the > foot of this e-mail with any accounts you might hold to try to identify the > bank and the manager in question - so watch it!) > Sorry, but I suspect that the Banks' DP Registration(s) will cover this - those that I've seen would - and it might be argued that the general "Crime and taxation" exemption covers this (sort of) purpose. If this case hadn't been reported through the Bank's normal channels then I'm sure that the Bank's security / investigations people would feel justified in following up by tracing the customer>bank>branch link in case there was skull-duggery at the branch. Michael (Streaky) Bacon From hans.nilsson@iD2tech.com Sun, 13 Jun 1999 22:00:44 +0200 Date: Sun, 13 Jun 1999 22:00:44 +0200 From: Hans Nilsson hans.nilsson@iD2tech.com Subject: SV: Integrity of forms Nick, There are number of companies with products for formsssigning on the = market, e.g. http://www.jetform.com/ http://www.signform.com/ http://www.uwi.com/ Most of these products are using the Microsoft Crypto-API, which means = that you can sign, either with a soft key in your browser, or using a smart = card through a hardware cryptograhic Service Provider. See e.g. http://www.id2tech.com/products/2d.html Regards Hans Nilsson > -----Ursprungligt meddelande----- > Fr=E5n: Nicholas Bohm [SMTP:nbohm@ernest.net] > Skickat: den 11 juni 1999 13:38 > Till: ukcrypto@maillist.ox.ac.uk > =C4mne: Integrity of forms >=20 > One often has to fill in forms. This can be tricky with a = wordprocessor, > and one is often reduced to the retrograde step doing it by hand, = when one > might like to advance progressively to doing it by email. >=20 > The advantage to the recipient of the use of the printed form is its > integrity: they can see that their own text is unaltered. If the = user > scanned the form into text and used a wordprocessor or email, the > recipient > would have to check the received form to ensure that there had been = no > accidental or deliberate changes which altered its effect. >=20 > An example would be a printed form of guarantee required by a bank. = A > guarantor who slipped an undetected "not" into a guarantee might = reduce > its > worth to the bank quite considerably. >=20 > A conventional digital signature would secure the integrity of the > uncompleted form, but would be destroyed by the insertions properly = made > by > the person completing it. It would of course be different if the > insertions constituted a separate "layer". >=20 > Has anyone come across the use of cryptography to assure the = integrity of > a > form for completion in this way? It could be a quite widespread > e-commerce > requirement. >=20 > Regards, >=20 > Nicholas Bohm >=20 > Salkyns, Great Canfield, > Takeley, Bishop's Stortford CM22 6SX, UK >=20 > Phone 01279 871272 (+44 1279 871272) > Fax 01279 870215 (+44 1279 870215) > Mobile 0860 636749 (+44 860 636749) >=20 > PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: > 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 > PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: > 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF >=20 From nbohm@ernest.net Mon, 14 Jun 1999 11:45:23 +0100 Date: Mon, 14 Jun 1999 11:45:23 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Surprising High Court ruling on privacy At 02:47 PM 6/13/1999 +0100, Ross Anderson wrote: >this list has from time to time touched on medical privacy, especially >in the context of GCHQ's determination to prevent encryption on the >NHS wide network or at least impose escrow. > >Recently there has been an extremely surprising judgment in the High >Court, which may end up having the opposite effect to that which >appears to have been intended by a no doubt well meaning judge: > > > >http://www.rpsgb.org.uk/55.htm > > > >Prescription data sale ruled unlawful > > > >The [English] High Court has ruled that pharmacists cannot lawfully > >sell anonymous prescription data because to do so involves breaching > >patient confidentiality even though no-one can be identified. This does seem an odd result. 55.htm says in its report: >>>> For Source Informatics, Mr Michael Beloff, QC, said that rare drugs and rare drug combinations would be excluded from the company's scheme and that there was no danger of patients being identified. However, the judge said that the company had recognised that there was a remote risk that certain information of a rare kind might conceivably enable a patient to be identified. Although he agreed there was no rational basis for such concerns, he said that systems did not always work perfectly and that a risk, however small, remained. "Pharmacists provide a service to the community as a whole," he said. "It is a matter of real importance that they retain the trust of the public. For them to breach their patients' confidence for their personal gain does not seem to me to be acceptable unless it could be said that the breach of confidence is itself in the public interest." <<<<<<<< I could not find a report of this case on the Court Service Website, and it would be useful to see the full judgement in order to be sure what the reasoning is. The report above suggests that a risk of individual or system error leading to a failure of the anonymisation process was the basis for the decision. But it seems strange that a risk characterised as "remote" and providing "no rational basis for such concerns" should have been decisive. It is worth noting that this was a challenge by judicial review of DHSS guidelines, not a complaint by an individual that there had been any breach of confidence, so the argument was entirely on the basis of hypothetical facts. It is of course very desireable that judges should be so ready to recognise that computer systems are not infallible, and be so tenderly solicitous of remote risks of breaches of confidence, even if this leads to an unhappy result. I cannot help wondering whether an action by an individual against a pharmacist would have received the same sympathy as this attempt to challenge Government guidelines. One must hope that if the Court of Appeal or the House of Lords take a different view of the result, it will not undermine either the importance of medical privacy or a realistic approach to the risks of error! Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From roessler@guug.de Mon, 14 Jun 1999 15:18:24 +0200 Date: Mon, 14 Jun 1999 15:18:24 +0200 From: Thomas Roessler roessler@guug.de Subject: new rules of process & digital signatures Accroding to some reports in German newspapers, new rules of process have been adopted in England and Wales. Is anything known on implications for the recognition of electronic documents and digital signatures in civil processes? From David.Sweigert@GSC.GTE.Com Mon, 14 Jun 1999 09:34:19 -0400 Date: Mon, 14 Jun 1999 09:34:19 -0400 From: Sweigert, David David.Sweigert@GSC.GTE.Com Subject: new email New email address: David.Sweigert@gsc.gte.com replaces dsweiger@bbn.com From paul@hedonism.demon.co.uk 14 Jun 1999 14:47:54 +0100 Date: 14 Jun 1999 14:47:54 +0100 From: Paul Crowley paul@hedonism.demon.co.uk Subject: More on fortifying Lotus Notes If anyone is interested in pursuing this one further, I guess we should take it off the mailing list, so contact me privately and if there's enough interest I'll create a onelist or somesuch. I've put together a quick implementation of Shamir and van Someren's algorithm on http://www.hedonism.demon.co.uk/paul/download/ -- __ \/ o\ paul@hedonism.demon.co.uk Software imagination and flexibility \ / /\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/cv.html /~\ Employ me! Linux, Unix, crypto, Perl, C/C++, distance work... Edinburgh UK. From I.Brown@cs.ucl.ac.uk Mon, 14 Jun 1999 15:00:16 +0100 Date: Mon, 14 Jun 1999 15:00:16 +0100 From: Ian BROWN I.Brown@cs.ucl.ac.uk Subject: new rules of process & digital signatures >Accroding to some reports in German newspapers, new rules of process >have been adopted in England and Wales. They're most likely referring to the fact that lawyers and judges now have to speak in English rather than Latin ;) A lot of old legal terms have been given alternatives that are supposedly clearer to laymen (e.g. changing 'writ' to 'claim form'). But apart from giving judges the power to manage cases more closely, that's all there is to it... >Is anything known on implications for the recognition of electronic >documents and digital signatures in civil processes? ...so therefore, I don't think so. For more information, see http://www.telegraph.co.uk:80/et?ac=000116192758126&r tmo=wsMnoA0b&atmo=FFFFFFrX&pg=/et/99/4/26/nlaw26.html From I.Brown@cs.ucl.ac.uk Mon, 14 Jun 1999 15:11:02 +0100 Date: Mon, 14 Jun 1999 15:11:02 +0100 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: Too many rules will tangle the web An article in today's Telegraph article starts promisingly: 'REGULATION of trading over the internet should be "with a light touch" and left almost exclusively to the industry itself - this is expected to be the principal recommendation of a Cabinet Office study being sent to Prime Minister Tony Blair in two weeks' time...' But then goes loopy... 'Another idea is the "walled garden" suggested by the interactive television sites being planned - a selection of approved and watched suppliers allowed to do business through the medium. But the report may warn that the gardens might then need to be patrolled to prevent monopolies and to allow small newcompanies access.' Who on EARTH came up with *this* imbecilic idea?! 'The third way of reassuring consumers is to have a "trusted third party", like a bank, vouch for the people at either end of the deal. Barclays is setting up an alliance of banks to create Identrust to do this internationally...' Do they *still* not get the point that people walking into physical shops don't have to show their passport for every transaction?! This nonsense is repeated so often I'm starting to wonder if there is actually a hidden aim: to help the taxation of e-commerce by monitoring it all in vast detail. You can see the regulation now: "All shops in our wonderful 'walled garden' must supply details of all transactions, including identity of the customer..." http://www.telegraph.co.uk:80/et?ac=000116192758126&rtmo=Q93pmxkR&atmo=FFFFFFrX&pg=/et/99/6/14/cbnet14.html From danny@flirble.org Mon, 14 Jun 1999 15:16:00 +0100 Date: Mon, 14 Jun 1999 15:16:00 +0100 From: Danny O'Brien danny@flirble.org Subject: More on fortifying Lotus Notes We've publicised this on NTK in the past, and I'd be interested in keeping an eye on it. If you do set up a separate mailing list, I'd like to be involved. d. On Mon, Jun 14, 1999 at 02:47:54PM +0100, Paul Crowley wrote: > If anyone is interested in pursuing this one further, I guess we > should take it off the mailing list, so contact me privately and if > there's enough interest I'll create a onelist or somesuch. I've put > together a quick implementation of Shamir and van Someren's algorithm > on http://www.hedonism.demon.co.uk/paul/download/ > -- > __ > \/ o\ paul@hedonism.demon.co.uk Software imagination and flexibility \ / > /\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/cv.html /~\ > Employ me! Linux, Unix, crypto, Perl, C/C++, distance work... Edinburgh UK. From gladman@seven77.demon.co.uk Mon, 14 Jun 1999 15:11:44 +0100 Date: Mon, 14 Jun 1999 15:11:44 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Surprising High Court ruling on privacy From: Ross Anderson To: Sent: 13 June 1999 14:47 PM Subject: Surprising High Court ruling on privacy [snip] > > > >Prescription data sale ruled unlawful > > > >The [English] High Court has ruled that pharmacists cannot lawfully > >sell anonymous prescription data because to do so involves breaching > >patient confidentiality even though no-one can be identified. My first reaction to this decision was that it does seem to be in the public interest when considered initially since the prospect that pharmacists, unaided, could make data anonymous seems pretty remote to me. > In the UK, unline the USA, most of the objectionable secondary uses of > personal health information are in the public rather than the private > sector. Private health informatics firms have for several years had to > abide by professional sensibilities and de-identify data properly > before using it for any purposes outside immediate health care; if > they don't, then associations such as the BMA will simply tell their > members not to supply the information. I am always amazed that in the health business the last people to have any control are the patients. I remain unconvinced that it is right to have this data controlled by either the government or by the private sector. I have sympathy with the 'medics' doing it provided they do it using mechanisms with full, open public accountability. > The current court case amounted to an attempt by central government > to wrest this control away from the professions, and unfortunately it > seems to have succeeded. This is not my area but it seems to me that we need to look in some detail at 'who did what to who' to understand this ruling. What role did central government play in this court case? [snip] > The judge's action in supporting them is yet another argument for > replacing the mandatory Latin courses in law degrees by mandatory > computer science courses. It is likely to remove one of the more > significant pressures on the civil service for a more ethical approach > to personal health information, and by knocking the private sector out > of much of the business it will mean that much health care management > will in the future be done with easily identifiable data. The demise > of private sector competition will untilamtely mean that anybody who > wants such data will have to buy it from the NHS Executive, so in > addition to the erosion of privacy, an industry will in effect have > been privatised without compensation. > > List members (with the possible exception of Nigel) will no doubt hope > that IMS manages to win the appeal. I wish I understood the issue well enough to come to this conclusion. In at least some respects this seems to be a tussle between the government and the private sector ownership of health data. SInce I don't agree with ***either*** of these groups owning this data, I'm not sure that I win by voting one way or the other. This amounts to the question 'is private industry more or less ethical than government?' Given the way that parts of industry conspire with government to deliberately weaken crypto in telecommunications, this is not an easy judgement to make! Is there any evidence on which to judge the ethics of the 'health sector' of industry compared with government? What real control do the medics have? Is it no more than the informal control suggested earlier - an informal "behave or we won't let you have the data"? And where is Elizabeth France in all of this - am I wrong in slowly gaining the impression that our Data Protection Registrar is getting increasingly out of her depth in cyberspace through a lack of technical understanding of what is happening? I would certainly agree that this ruling raises more questions than it answers. Brian Gladman From danny@flirble.org Mon, 14 Jun 1999 15:16:00 +0100 Date: Mon, 14 Jun 1999 15:16:00 +0100 From: Danny O'Brien danny@flirble.org Subject: More on fortifying Lotus Notes We've publicised this on NTK in the past, and I'd be interested in keeping an eye on it. If you do set up a separate mailing list, I'd like to be involved. d. On Mon, Jun 14, 1999 at 02:47:54PM +0100, Paul Crowley wrote: > If anyone is interested in pursuing this one further, I guess we > should take it off the mailing list, so contact me privately and if > there's enough interest I'll create a onelist or somesuch. I've put > together a quick implementation of Shamir and van Someren's algorithm > on http://www.hedonism.demon.co.uk/paul/download/ > -- > __ > \/ o\ paul@hedonism.demon.co.uk Software imagination and flexibility \ / > /\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/cv.html /~\ > Employ me! Linux, Unix, crypto, Perl, C/C++, distance work... Edinburgh UK. From hans.nilsson@iD2tech.com Mon, 14 Jun 1999 18:03:18 +0200 Date: Mon, 14 Jun 1999 18:03:18 +0200 From: Hans Nilsson hans.nilsson@iD2tech.com Subject: European Electronic Signature Standardization In case you have missed, the EESSI project (http://www.ict.etsi.org/activities/eessi/eessi.htm) will hold an Open Meeting presenting its result on July 1 in Brussels (http://www.ict.etsi.org/activities/eessi/open%20meeting/Open%20meeting.htm) Hans Nilsson From nbohm@ernest.net Mon, 14 Jun 1999 17:00:09 +0100 Date: Mon, 14 Jun 1999 17:00:09 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: new rules of process & digital signatures At 03:18 PM 6/14/1999 +0200, Thomas Roessler wrote: >Accroding to some reports in German newspapers, new rules of process >have been adopted in England and Wales. > >Is anything known on implications for the recognition of electronic >documents and digital signatures in civil processes? Ian Brown correctly says there are no such implications. Progress in the use of information technology by the courts tends to be in the direction of videoconferencing, remote access to transcripts of proceedings in near real time, remote access to case management information, co-ordination of document formats etc. There is no sign that security or authentication issues have had much impact. The Registrar of Companies accepts some corporate documents for filing in electronic form, but the authentication procedures are non-cryptographic (and provide scarcely any effective authentication whatever). Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From david@swarb.demon.co.uk Mon, 14 Jun 1999 17:11:43 +0100 Date: Mon, 14 Jun 1999 17:11:43 +0100 From: David Swarbrick david@swarb.demon.co.uk Subject: Surprising High Court ruling on privacy In message <007c01beb66f$eb106d60$966adec2@FortyTwo>, Brian Gladman writes >From: Ross Anderson >To: >> >Prescription data sale ruled unlawful >> > >> >The [English] High Court has ruled that pharmacists cannot lawfully >> >sell anonymous prescription data because to do so involves breaching >> >patient confidentiality even though no-one can be identified. > >What real control do the medics have? Is it no more than the informal >control suggested earlier - an informal "behave or we won't let you have the >data"? > >And where is Elizabeth France in all of this - am I wrong in slowly gaining >the impression that our Data Protection Registrar is getting increasingly >out of her depth in cyberspace through a lack of technical understanding of >what is happening? > >I would certainly agree that this ruling raises more questions than it >answers. It seemed to me to be a welcome addition to the growing volume of case law establishing the right of confidence. The NHS seemed to think it wrong to allow the transfer of data. The court agreed, and asserted the right of the original owners of the confidence - the patients - not to have that confidence breached. Unless I have misread it, or the report misses out something, it seems a welcome decision. For a court to say that a patient's rights are to be respected seems straightforward enough. It does not say he NHS s to be trusted - only that in this case, their wish to 'discourage' such data transfers was not unlawful. -- David Swarbrick, Solicitor, Brighouse, West Yorkshire Web: http://www.swarb.co.uk. david@swarb.demon.co.uk Tel: +44(0)1484 722531 Home of the law-index (9500+ case digests). IT Law and contracts. The Law Society regulates us in the conduct of investment business From Ross.Anderson@cl.cam.ac.uk Mon, 14 Jun 1999 18:38:44 +0100 Date: Mon, 14 Jun 1999 18:38:44 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Surprising High Court ruling on privacy Brian complains: > the prospect that pharmacists, unaided, could make data anonymous > seems pretty remote to me. In this case, I think they were fairly well aided. For a technical description of the anonymity mechanisms that were used, see: http://www.fi.muni.cz/usr/matyas/XTR_HIJ_draft.pdf David Swarbrick adds: > The NHS seemed to think it wrong to allow the transfer of data. Just to anyone other than themselves ... > The court agreed, and asserted the right of the original owners of the > confidence - the patients - not to have that confidence breached. I have a copy of the judgment, Queen's Bench CO 4490/97, 28/5/99, R and the Dept of Health ex parte Source Informatics Ltd. The argument is overwhelmingly legal rather than technical and turns on the nature of `authorised use' of data. The judge ducked the issue of existing state sector abuses (where `anonymous' means that your name and address have been replaced by your NHS number, and your date of birth and postcode have been left on for safety's sake) but willing to believe that the much more thorough private sector practice exposed patients to material risk. Rather than tackling the computer science, or looking at the broader issue of whether a monopoly over the re-use of personal health information should be granted to a serial abuser, he seems to have found comfort in some old precedents which he could play off against each other. > For a court to say that a patient's rights are to be respected seems > straightforward enough. If only he'd said that ... but all the judge said was that the NHS was entitled to recommend that any pharmacist interested in the proposal should seek legal advice. This is maybe where the DoH were clever in setting the case up: what judge would ever advise people against taking legal advice? Ross From prunesquallor@proproco.co.uk Mon, 14 Jun 1999 19:51:46 +0100 Date: Mon, 14 Jun 1999 19:51:46 +0100 From: John R T Brazier prunesquallor@proproco.co.uk Subject: Surprising High Court ruling on privacy Dear All, But the Pharmaceutical companies actually don't want patient data. Pharma companies want a lot more information on Doctors' prescribing habits, as they can then measure the effectiveness of their marketing and selling. Historically, this data has been impossible to get hold of. IMS, which has steadily been absorbing other medical/pharmaceutical information companies, started developing a system to try and produce this data across the UK. Because they and the pharma companies are actually relatively ethical, this was all done with the help/advice of the medical profession and its bodies. The result was that IMS were to implement a system that anonymised both patients and Doctors, and any purchasing pharmaceutical company has to agree to abide by the rules. IMS were also to be explicitly responsible for any information leakage. Then the NHS leapt in ... It seems a bit sad. Assuming IMS could guarantee the security of the system (Xponent), then everyone had something to gain: IMS and the pharmacists directly, the pharmaceutical companies indirectly as they improved their sales and marketing, the doctors as they wouldn't get badgered by inappropriate representatives, and possibly patients overall as a large database on the demographics of prescriptions built up. What isn't clear is why the NHS are trying to stop it, although the suspicion is that they think the data is 'theirs' - and perhaps they'll sell it in future. I believe IMS are appealing. JB -----Original Message----- From: owner-ukcrypto@maillist.ox.ac.uk [mailto:owner-ukcrypto@maillist.ox.ac.uk] On Behalf Of David Swarbrick Sent: 14 June 1999 17:12 To: ukcrypto@maillist.ox.ac.uk Subject: Re: Surprising High Court ruling on privacy It seemed to me to be a welcome addition to the growing volume of case law establishing the right of confidence. The NHS seemed to think it wrong to allow the transfer of data. The court agreed, and asserted the right of the original owners of the confidence - the patients - not to have that confidence breached. Unless I have misread it, or the report misses out something, it seems a welcome decision. For a court to say that a patient's rights are to be respected seems straightforward enough. It does not say he NHS s to be trusted - only that in this case, their wish to 'discourage' such data transfers was not unlawful. From gladman@seven77.demon.co.uk Mon, 14 Jun 1999 19:30:56 +0100 Date: Mon, 14 Jun 1999 19:30:56 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Surprising High Court ruling on privacy From: Ross Anderson To: Sent: 14 June 1999 18:38 PM Subject: Re: Surprising High Court ruling on privacy > Brian complains: > > > the prospect that pharmacists, unaided, could make data anonymous > > seems pretty remote to me. > > In this case, I think they were fairly well aided. For a technical > description of the anonymity mechanisms that were used, see: > > http://www.fi.muni.cz/usr/matyas/XTR_HIJ_draft.pdf Thanks Ross, I'll take a look. > David Swarbrick adds: > > > The NHS seemed to think it wrong to allow the transfer of data. > > Just to anyone other than themselves ... > > > The court agreed, and asserted the right of the original owners of the > > confidence - the patients - not to have that confidence breached. > > I have a copy of the judgment, Queen's Bench CO 4490/97, 28/5/99, R > and the Dept of Health ex parte Source Informatics Ltd. The argument > is overwhelmingly legal rather than technical and turns on the nature > of `authorised use' of data. As always we need to see the detail and when we do most of won't understand it because it appears to be in Latin! [snip] > > For a court to say that a patient's rights are to be respected seems > > straightforward enough. > > If only he'd said that ... but all the judge said was that the NHS was > entitled to recommend that any pharmacist interested in the proposal > should seek legal advice. This is maybe where the DoH were clever in > setting the case up: what judge would ever advise people against > taking legal advice? Agreed, this seems very weak and pretty useless in terms of asserting patients rights. Maybe we need a new 'ukcrypto' style group to co-ordinate an attack on the DOH and to assert our rights to control our own medical data? Maybe one exists already? I would certainly join up as this is a big issue of principle for me. Moreover, if GCHQ and the government think I am going to accept their insecurity schemes for protecting my medical data, they have another fight on thir hands. Brian From hans.nilsson@iD2tech.com Mon, 14 Jun 1999 18:03:18 +0200 Date: Mon, 14 Jun 1999 18:03:18 +0200 From: Hans Nilsson hans.nilsson@iD2tech.com Subject: European Electronic Signature Standardization In case you have missed, the EESSI project (http://www.ict.etsi.org/activities/eessi/eessi.htm) will hold an Open Meeting presenting its result on July 1 in Brussels (http://www.ict.etsi.org/activities/eessi/open%20meeting/Open%20meeting.htm) Hans Nilsson From prunesquallor@proproco.co.uk Mon, 14 Jun 1999 19:51:46 +0100 Date: Mon, 14 Jun 1999 19:51:46 +0100 From: John R T Brazier prunesquallor@proproco.co.uk Subject: Surprising High Court ruling on privacy Dear All, But the Pharmaceutical companies actually don't want patient data. Pharma companies want a lot more information on Doctors' prescribing habits, as they can then measure the effectiveness of their marketing and selling. Historically, this data has been impossible to get hold of. IMS, which has steadily been absorbing other medical/pharmaceutical information companies, started developing a system to try and produce this data across the UK. Because they and the pharma companies are actually relatively ethical, this was all done with the help/advice of the medical profession and its bodies. The result was that IMS were to implement a system that anonymised both patients and Doctors, and any purchasing pharmaceutical company has to agree to abide by the rules. IMS were also to be explicitly responsible for any information leakage. Then the NHS leapt in ... It seems a bit sad. Assuming IMS could guarantee the security of the system (Xponent), then everyone had something to gain: IMS and the pharmacists directly, the pharmaceutical companies indirectly as they improved their sales and marketing, the doctors as they wouldn't get badgered by inappropriate representatives, and possibly patients overall as a large database on the demographics of prescriptions built up. What isn't clear is why the NHS are trying to stop it, although the suspicion is that they think the data is 'theirs' - and perhaps they'll sell it in future. I believe IMS are appealing. JB -----Original Message----- From: owner-ukcrypto@maillist.ox.ac.uk [mailto:owner-ukcrypto@maillist.ox.ac.uk] On Behalf Of David Swarbrick Sent: 14 June 1999 17:12 To: ukcrypto@maillist.ox.ac.uk Subject: Re: Surprising High Court ruling on privacy It seemed to me to be a welcome addition to the growing volume of case law establishing the right of confidence. The NHS seemed to think it wrong to allow the transfer of data. The court agreed, and asserted the right of the original owners of the confidence - the patients - not to have that confidence breached. Unless I have misread it, or the report misses out something, it seems a welcome decision. For a court to say that a patient's rights are to be respected seems straightforward enough. It does not say he NHS s to be trusted - only that in this case, their wish to 'discourage' such data transfers was not unlawful. From lawya@lucs-01.novell.leeds.ac.uk Tue, 15 Jun 1999 13:47:41 +0000 Date: Tue, 15 Jun 1999 13:47:41 +0000 From: Yaman Akdeniz lawya@lucs-01.novell.leeds.ac.uk Subject: "Critical letter on the UK Encryption policy sent to the Prime M Cyber-Rights & Cyber-Liberties (UK) Press Release "Critical letter on the UK Encryption policy sent to the Prime Minister" 15 June, 1999 LEEDS - In a letter sent to the Prime Minister, the Board Members of Cyber-Rights & Cyber-Liberties (UK) criticised the recently published Cabinet Office Report entitled Encryption and Law Enforcement. The letter states that "while we welcome this report as an initial step, we are concerned to find that it places too much emphasis on the value of encryption in support of business interests whilst giving insufficient attention to the interests and concerns of consumers and private citizens." The letter (which is available through http://www.cyber-rights.org/reports/blair-letter.htm) also stated that the board members of Cyber-Rights & Cyber-Liberties (UK) are surprised and concerned about the legislative proposals that the Cabinet Office report contains, which seem to propose steps that could remove important civil rights and protections. Dr. Brian Gladman, Technology Policy Adviser for Cyber-Rights & Cyber-Liberties (UK) stated that: "The absence of any coverage of cryptography export controls and their detrimental impact on electronic commerce is a surprising and serious omission. This appears to be an attempt on the part of Government to divert attention from an area where their ongoing actions are totally inconsistent with their stated aim of promoting electronic commerce." Mr. Nicholas Bohm,E-Commerce Policy Adviser for Cyber-Rights & Cyber-Liberties (UK) added that: "It would be a grave embarrassment, both for the Government and for Britain's position in the world of electronic commerce, for the Government's E-Commerce Bill to be found inconsistent with the Human Rights Act." Mr. Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK) concluded that: "The joint government industry forum is a step in the right direction. However, it will only succeed if representation is widened to include representatives from consumer, civil liberties and public interest bodies in order to ensure that the interests of UK citizens are fully recognised, represented, and protected. Public accountability, openness and transparency will also be essential if such a forum is to command the trust and confidence of the UK public." Notes for the Editors The Cyber Rights & Cyber-Liberties (UK) letter has been sent to The Right Honourable Tony Blair, PC, MP, The Prime Minister on Monday, June 14, 1999. The Cyber-Rights & Cyber-Liberties (UK) letter is available at http://www.cyber-rights.org/reports/blair-letter.htm A PDF version of this letter is available at http://www.cyber-rights.org/reports/blair-letter.pdf The Cabinet Office report entitled Encryption and Law Enforcement is at: http://www.cabinet-office.gov.uk/Innovation/1999/encryption/index.htm This press release will be available at http://www.cyber-rights.org/crypto For a list of Cyber Rights & Cyber-Liberties (UK) reports and papers see http://www.cyber-rights.org/reports. Contact Information Dr Brian Gladman, Technology Policy Adviser, Cyber Rights & Cyber-Liberties (UK) Telephone: 01905 748990, dial +44 1905 748990 if you are abroad. E-mail: brg@cyber-rights.org Mr Nicholas Bohm, E-Commerce Policy Adviser, Cyber Rights & Cyber-Liberties (UK) Telephone: 01279 871272, dial +44 1279 871272 if you are abroad. E-mail: nbohm@cyber-rights.org Mr Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK) Telephone: 0498-865116, dial +44 498 865116 if you are abroad. E-mail: lawya@cyber-rights.org This is a copy of the letter sent to the PM but the more detailed version of this letter with the annexe is available through the web pages: Open Letter to: The Right Honourable Tony Blair, PC, MP, The Prime Minister 10 Downing Street London SW1 The Cabinet Office PIU Paper on Encryption and Law Enforcement Dear Prime Minister, 1. This is a response from the Board Members of Cyber-Rights & Cyber-Liberties (UK) to the Cabinet Office Paper entitled "Encryption and Law Enforcement" published in May 1999 by the Performance and Innovation Unit. 2. We should say at the outset that we are pleased to see that the Cabinet Office is now considering the Government's policy on encryption. It has been clear for several years that such a change was needed in order to reconcile the different interests of the many departments that are involved. 3. The objectives of the study and the report as set out in your introduction are most welcome. The promotion of electronic commerce promises to bring significant benefits for UK citizens and encryption services, used effectively, can provide the safety, security and privacy that citizens need if they are to have trust in the information handling that is involved. We warmly welcome the Government's commitment to these aims and hope that the outline approach set out in this report can be further developed to provide encryption policies that meet Government aims whilst also commanding the support of industry and private citizens. 4. However, while we welcome this report as an initial step, we are concerned to find that it places too much emphasis on the value of encryption in support of business interests whilst giving insufficient attention to the interests and concerns of consumers and private citizens. Privacy 5. A significant failing of the report is that it does not adequately recognise the value of encryption for maintaining and improving the privacy of UK citizens by ensuring that their communications and stored personal data are protected from access by others. Although the use of information technology in electronic commerce will offer major new services for consumers, it will also create many new avenues through which the privacy and personal safety of UK citizens could be undermined. If citizens are to have confidence in electronic commerce and in the electronic information handling that this involves it is vital that their privacy is adequately ensured. The use of encryption is now universally seen as a primary way in which this can be achieved. 6. We are concerned that privacy issues are not sufficiently covered in the PIU report and feel that this is the result of an unbalanced view of the value of encryption. In large measure the report is written from a perspective which sees encryption use as a threat to law enforcement rather than a way of improving the safety, security and privacy of law abiding citizens. 7. In an ideal world it would be possible to provide encryption for lawful use whilst denying its benefits to criminals and others with malign intent. In the real world, however, effective encryption of the kind needed to protect the interests of law abiding citizens cannot be provided in a form that prevents criminals also deriving advantages from its use. In this situation Government policy cannot prevent criminal use and should instead aim to ensure that encryption provides net overall benefits for society. The requirement set out at the end of part four of the report that "the development of electronic communications, which promises many benefits to businesses and individuals, should not also give assistance to those who are engaged in serious crime" is hence an ideal but unrealistic policy objective. If such a requirement had been applied to other ex-isting technologies, none could ever have been used for the benefit of society, since they have all provided benefits for criminals as well. (The private car is just one of innumerable examples.) We therefore urge the Government to give an assurance that its encryption policy objectives are designed to ensure a net benefit for society and not to deny encryption use by law abiding citizens simply be-cause it can also be used by criminals. Involvement and Consultation 8. In many areas it is possible to have a dialogue between Government and industry without giving separate consideration to the interests of the UK public. This will be true, for example, where either the Government or industry has a clear alignment with public interests to an extent that ensures that these are adequately protected in the processes of policy development. 9. Sadly in the field of encryption policy such an approach is certain to fail since neither the Government nor industry commands the full trust of the public in this area. 10. Successive UK Governments have maintained a long-standing but largely covert policy of protecting the ability of intelligence agencies to freely collect information with scant regard for the impact of such a policy on the safety, security or privacy of UK citizens. This emphasis may have been justified during the Cold War period, but the reaction of informed public opinion to the growing volume of published information about that policy now suggests that it no longer commands widespread public sup-port. 11. A serious consequence of this lack of balance in the formulation of UK Government encryption policy is that many UK citizens do not see the Government as truly acting in their interests - in short they no longer trust the Government in this respect. And in the case of your own Government this lack of trust was greatly reinforced by the sudden and unexplained change of policy on encryption that occurred soon after the last election. 12. UK citizens have even more to fear from an alignment between Government and industry in which their own interests are not independently represented. Historically, telecommunications companies have co-operated `behind the scenes' with Governments to ensure that agencies of Government can access the private communications of their customers without their consent. Such abuses have been commonplace in telecommunications generally and have even been pursued through international standards bodies, where governments have obtained the support of industry for seriously weakening the encryption provided for telecommunications in order to ensure that it is possible to infringe the privacy of users. 13. For these reasons we are deeply dismayed to find that the study team has, in the main, consulted precisely those organisations that are implicated in such activities. As far as can be seen, no attempt was made to consult or involve civil liberties or public interest organisations. Moreover, the study team has quite consciously excluded such interests during its work, an action that does much to undermine public confidence in its conclusions and recommendations. 14. In our view this major weakness in the policy formulation process must be remedied if the Government is to restore full public confidence in its encryption policies and the way in which they are formed. A New Approach 15. We welcome, with two major reservations, the proposal for a `new approach' based on co-operation between Government and industry. 16. Our first reservation is that the activities of the proposed forum and its subordinate bodies will need to be subject to clear lines of public accountability if they are to command the support and confidence of the UK public. 17. Our second reservation is that the forum must be extended to include representation from consumer organisations, civil liberties and public policy review bodies and from lay members of the public. Without such wider involvement, the forum and its supporting bodies could easily develop into a conspiracy between Government and industry to undermine the interests of private citizens as has occurred in the past (this has happened, for example, in the European Telecommunications Standards Institute, where encryption standards have been deliberately weakened so that the privacy of users could be infringed without their consent). 18. We hence emphasise that our support for the approach now being advocated is conditional on changes being introduced to meet these concerns. In the form currently advocated we could never have confidence in the operation of the bodies envisaged in these proposals. Legislative Issues 19. We are surprised and concerned about the legislative proposals that the report contains, which seem to us to propose steps that could remove important civil rights and protections. 20. With public key cryptography only message recipients have decryption keys and this means that a guilty party can compromise an innocent party's key by sending them an encrypted message that causes law enforcement authorities to seek access. The key needed for this belongs to the recipient and is almost certain to protect not only the targeted message but many other messages as well. In such circumstances it is surely unjust to impose a requirement to reveal keys on an entirely innocent party who is not involved in any wrongdoing. It should be sufficient for this party to offer a decrypted copy of the targeted message if they are able to do so. The creation of a situation in which a guilty party can put an entirely innocent party at risk in this way is surely not a step that any democratic Government would consciously take. 21. Worse even than this, a guilty party can use a random key to send a message to an innocent party for which the latter has never possessed any decryption key. If faced with a requirement to decrypt this message, or to provide the decryption key, this innocent party would have to prove that they do not possess such a key. For all practical purposes such a proof would never be possible. 22. To impose such an impossible burden of proof on an accused must amount to an infringement of the presumption of innocence embodied under article 6 of the European Convention on Human Rights. This would be contrary to the recently enacted Human Rights Act 1998 and would create a miscarriage of justice by seriously infringing the right to a fair trial because the accused may not be in a position to provide evidence at all. 23. We cannot support such proposals, which we believe would be a serious curtailment of important and well-established civil rights. Other Concerns 24. In addition to these concerns we also have a number of more detailed observations on these and other points that are set out in the Annex to this letter. 25. We remain ready to work constructively with the Government to seek further evolution of the proposals set out in the PIU report to meet the reservations expressed here. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mr. Yaman Akdeniz, Director, Cyber-Rights & Cyber-Liberties (UK) URL: http://www.cyber-rights.org E-mail: lawya@cyber-rights.org Read the CR&CL (UK) Reports at: http://www.cyber-rights.org/reports/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ptemple@onlinemagic.com Tue, 15 Jun 1999 16:53:51 +0100 Date: Tue, 15 Jun 1999 16:53:51 +0100 From: Phillip Temple ptemple@onlinemagic.com Subject: new rules of process & digital signatures At 03:18 PM 6/14/99 +0200, Thomas Roessler wrote: >Accroding to some reports in German newspapers, new rules of process >have been adopted in England and Wales. > >Is anything known on implications for the recognition of electronic >documents and digital signatures in civil processes? Tony Blair has stated he wants a percentage of government business done by electronic means within a short period, and by a certain date he wants all government business. I don't have the article to hand so am not going to risk numbers ;-) The government is funding a number of projects towards these ends. Phillip. From ptemple@onlinemagic.com Tue, 15 Jun 1999 17:01:27 +0100 Date: Tue, 15 Jun 1999 17:01:27 +0100 From: Phillip Temple ptemple@onlinemagic.com Subject: new rules of process & digital signatures Apologies for not making myself clear enough (typical you realise 5 seconds after hitting send). I was linking gov't business to civil process through hopefully being able to pay fines, etc, via electronic means. Ok, this may not make much difference to the legal system but it could be a start. Phillip. From duncan@gn.apc.org Tue, 15 Jun 1999 17:14:32 +0100 Date: Tue, 15 Jun 1999 17:14:32 +0100 From: Duncan Campbell duncan@gn.apc.org Subject: PIU report and human rights 15 June 1999 The caped crypto-liberty crusaders, Yaman (Akdeniz), Brian (Gladman) and Nick (Bohm) have written a pretty fine letter to Blair http://www.cyber-rights.org/reports/blair-letter.htm which I assume will arrive on this list shortly. A central point they make relates to the PIU (Performance and Innvation Unit) report http://www.cabinet-office.gov.uk/Innovation/1999/encryption/index.htm on "Encryption and UK Law Enforcement". In endorsing the DTI suggestion for a power to demand encryption keys, the PIU add the suggestion that the burden of proof be reversed such that the recipient of a key disclosure order has to prove that that they do not possess they keys sought. It is trite to point out that this is logically absurd and rather more significant to point out that it is legally untenable. Article 6 of the European Convention outlaws any requirement for the defendant to a criminal action to prove their innocence. It is always be for the prosecution to show that the defendant does possess the keys and will not hand them over. Lawyers among us may care to note and find out about an Article 6 case that is going through the Appeal Courts as we speak. This is happening AFAIK because UK judges are already treating the Human Rights Act as though it were in force, for the very sensible reason that it will have retrospective effect once it is in force. The case in issue is R v Kebilene and others, where the defendants do not dispute possession of material relevant to bomb construction which may have been passed to others fighting for civil rights in Algeria. Under recent amendments to the Prevention of Terrorism Acts, they have to prove that their intention was not to bring about terrorist offences. This law appears clearly to breach Article 6, and if this contention is upheld on appeal, the charges will be dismissed. Re crypto : my own view is that that flaw in the PIU notion that breaches Article 6 will be spotted on day one and would never actually have to be taken out of the Bill in Parliament. But it is another indication of how completely flustered HMG are over this entire issue. After the drubbing from the T&I Select Committee and given the confusion that PIU has shown up over the proposed crypto key disclosure law, surely the right thing to do is ditch the e-commerce bill entirely and put the crypto issue into the IOCA review, which is where it belongs all along. Any takers? Blair should take a hint from the Germans, and just watch what happens with liberalised crypto over a couple of years. No-one disputes that law enforcement will start to face real problems, but how bad will they really be. And what solutions will work best? The last three years has shown the catastrophic effects of running a secret agenda and thinking that authoritarian solutions are the answer to everything. Society will not collapse between now and 2002 if a few crimes are committed with crypto. Why not wait and see? Duncan Campbell At 15/06/99 14:30 , you wrote: >Cyber-Rights & Cyber-Liberties (UK) Press Release > >"Critical letter on the UK Encryption policy sent to the Prime >Minister" > >15 June, 1999 > >LEEDS - In a letter sent to the Prime Minister, the Board Members of >Cyber-Rights & Cyber-Liberties (UK) criticised the recently published >Cabinet Office Report entitled Encryption and Law Enforcement. The >letter states that "while we welcome this report as an initial step, >we are concerned to find that it places too much emphasis on the value >of encryption in support of business interests whilst giving >insufficient attention to the interests and concerns of consumers and >private citizens." > >The letter (which is available through >http://www.cyber-rights.org/reports/blair-letter.htm) also stated that >the board members of Cyber-Rights & Cyber-Liberties (UK) are surprised >and concerned about the legislative proposals that the Cabinet Office >report contains, which seem to propose steps that could remove >important civil rights and protections. > >Dr. Brian Gladman, Technology Policy Adviser for Cyber-Rights & >Cyber-Liberties (UK) stated that: > >"The absence of any coverage of cryptography export controls and their >detrimental impact on electronic commerce is a surprising and serious >omission. This appears to be an attempt on the part of Government to >divert attention from an area where their ongoing actions are totally >inconsistent with their stated aim of promoting electronic commerce." > >Mr. Nicholas Bohm,E-Commerce Policy Adviser for Cyber-Rights & >Cyber-Liberties (UK) added that: > >"It would be a grave embarrassment, both for the Government and for >Britain's position in the world of electronic commerce, for the >Government's E-Commerce Bill to be found inconsistent with the Human >Rights Act." > >Mr. Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK) >concluded that: > >"The joint government industry forum is a step in the right direction. >However, it will only succeed if representation is widened to include >representatives from consumer, civil liberties and public interest >bodies in order to ensure that the interests of UK citizens are fully >recognised, represented, and protected. Public accountability, >openness and transparency will also be essential if such a forum is to >command the trust and confidence of the UK public." > >Notes for the Editors > >The Cyber Rights & Cyber-Liberties (UK) letter has been sent to The >Right Honourable Tony Blair, PC, MP, The Prime Minister on Monday, >June 14, 1999. > >The Cyber-Rights & Cyber-Liberties (UK) letter is available at >http://www.cyber-rights.org/reports/blair-letter.htm > >A PDF version of this letter is available at >http://www.cyber-rights.org/reports/blair-letter.pdf > >The Cabinet Office report entitled Encryption and Law Enforcement is >at: > > >This press release will be available at >http://www.cyber-rights.org/crypto > >For a list of Cyber Rights & Cyber-Liberties (UK) reports and papers >see http://www.cyber-rights.org/reports. > >Contact Information > >Dr Brian Gladman, Technology Policy Adviser, >Cyber Rights & Cyber-Liberties (UK) >Telephone: 01905 748990, dial +44 1905 748990 if you are abroad. >E-mail: brg@cyber-rights.org > >Mr Nicholas Bohm, E-Commerce Policy Adviser, >Cyber Rights & Cyber-Liberties (UK) >Telephone: 01279 871272, dial +44 1279 871272 if you are abroad. >E-mail: nbohm@cyber-rights.org > >Mr Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK) >Telephone: 0498-865116, dial +44 498 865116 if you are abroad. E-mail: >lawya@cyber-rights.org > >=============================== > >This is a copy of the letter sent to the PM but the more detailed >version of this letter with the annexe is available through the web >pages: > >Open Letter to: >The Right Honourable Tony Blair, PC, MP, The Prime Minister >10 Downing Street >London SW1 > >The Cabinet Office PIU Paper on Encryption and Law Enforcement > >Dear Prime Minister, > >1. This is a response from the Board Members of Cyber-Rights & >Cyber-Liberties (UK) to the Cabinet Office Paper entitled "Encryption >and Law Enforcement" published in May 1999 by the Performance and >Innovation Unit. > >2. We should say at the outset that we are pleased to see that the >Cabinet Office is now considering the Government's policy on >encryption. It has been clear for several years that such a change >was needed in order to reconcile the different interests of the many >departments that are involved. > >3. The objectives of the study and the report as set out in your >introduction are most welcome. The promotion of electronic commerce >promises to bring significant benefits for UK citizens and encryption >services, used effectively, can provide the safety, security and >privacy that citizens need if they are to have trust in the >information handling that is involved. We warmly welcome the >Government's commitment to these aims and hope that the outline >approach set out in this report can be further developed to provide >encryption policies that meet Government aims whilst also commanding >the support of industry and private citizens. > >4. However, while we welcome this report as an initial step, we are >concerned to find that it places too much emphasis on the value of >encryption in support of business interests whilst giving >insufficient attention to the interests and concerns of consumers and >private citizens. > >Privacy > >5. A significant failing of the report is that it does not adequately >recognise the value of encryption for maintaining and improving the >privacy of UK citizens by ensuring that their communications and >stored personal data are protected from access by others. Although >the use of information technology in electronic commerce will offer >major new services for consumers, it will also create many new >avenues through which the privacy and personal safety of UK citizens >could be undermined. If citizens are to have confidence in >electronic commerce and in the electronic information handling that >this involves it is vital that their privacy is adequately ensured. >The use of encryption is now universally seen as a primary way in >which this can be achieved. > >6. We are concerned that privacy issues are not sufficiently covered >in the PIU report and feel that this is the result of an unbalanced >view of the value of encryption. In large measure the report is >written from a perspective which sees encryption use as a threat to >law enforcement rather than a way of improving the safety, security >and privacy of law abiding citizens. > >7. In an ideal world it would be possible to provide encryption for >lawful use whilst denying its benefits to criminals and others with >malign intent. In the real world, however, effective encryption of >the kind needed to protect the interests of law abiding citizens >cannot be provided in a form that prevents criminals also deriving >advantages from its use. In this situation Government policy cannot >prevent criminal use and should instead aim to ensure that encryption >provides net overall benefits for society. The requirement set out >at the end of part four of the report that "the development of >electronic communications, which promises many benefits to businesses >and individuals, should not also give assistance to those who are >engaged in serious crime" is hence an ideal but unrealistic policy >objective. If such a requirement had been applied to other ex-isting >technologies, none could ever have been used for the benefit of >society, since they have all provided benefits for criminals as >well. (The private car is just one of innumerable examples.) We >therefore urge the Government to give an assurance that its >encryption policy objectives are designed to ensure a net benefit for >society and not to deny encryption use by law abiding citizens simply >be-cause it can also be used by criminals. > >Involvement and Consultation > >8. In many areas it is possible to have a dialogue between >Government and industry without giving separate consideration to the >interests of the UK public. This will be true, for example, where >either the Government or industry has a clear alignment with public >interests to an extent that ensures that these are adequately >protected in the processes of policy development. > >9. Sadly in the field of encryption policy such an approach is >certain to fail since neither the Government nor industry commands >the full trust of the public in this area. > >10. Successive UK Governments have maintained a long-standing but >largely covert policy of protecting the ability of intelligence >agencies to freely collect information with scant regard for the >impact of such a policy on the safety, security or privacy of UK >citizens. This emphasis may have been justified during the Cold War >period, but the reaction of informed public opinion to the growing >volume of published information about that policy now suggests that >it no longer commands widespread public sup-port. > >11. A serious consequence of this lack of balance in the formulation >of UK Government encryption policy is that many UK citizens do not >see the Government as truly acting in their interests - in short they >no longer trust the Government in this respect. And in the case of >your own Government this lack of trust was greatly reinforced by the >sudden and unexplained change of policy on encryption that occurred >soon after the last election. > >12. UK citizens have even more to fear from an alignment between >Government and industry in which their own interests are not >independently represented. Historically, telecommunications >companies have co-operated `behind the scenes' with Governments to >ensure that agencies of Government can access the private >communications of their customers without their consent. Such abuses >have been commonplace in telecommunications generally and have even >been pursued through international standards bodies, where >governments have obtained the support of industry for seriously >weakening the encryption provided for telecommunications in order to >ensure that it is possible to infringe the privacy of users. > >13. For these reasons we are deeply dismayed to find that the study >team has, in the main, consulted precisely those organisations that >are implicated in such activities. As far as can be seen, no attempt >was made to consult or involve civil liberties or public interest >organisations. Moreover, the study team has quite consciously >excluded such interests during its work, an action that does much to >undermine public confidence in its conclusions and recommendations. > >14. In our view this major weakness in the policy formulation >process must be remedied if the Government is to restore full public >confidence in its encryption policies and the way in which they are >formed. > >A New Approach > >15. We welcome, with two major reservations, the proposal for a `new >approach' based on co-operation between Government and industry. > >16. Our first reservation is that the activities of the proposed >forum and its subordinate bodies will need to be subject to clear >lines of public accountability if they are to command the support and >confidence of the UK public. > >17. Our second reservation is that the forum must be extended to >include representation from consumer organisations, civil liberties >and public policy review bodies and from lay members of the public. >Without such wider involvement, the forum and its supporting bodies >could easily develop into a conspiracy between Government and >industry to undermine the interests of private citizens as has >occurred in the past (this has happened, for example, in the >European Telecommunications Standards Institute, where encryption >standards have been deliberately weakened so that the privacy of >users could be infringed without their consent). > >18. We hence emphasise that our support for the approach now being >advocated is conditional on changes being introduced to meet these >concerns. In the form currently advocated we could never have >confidence in the operation of the bodies envisaged in these >proposals. > >Legislative Issues > >19. We are surprised and concerned about the legislative proposals >that the report contains, which seem to us to propose steps that >could remove important civil rights and protections. > >20. With public key cryptography only message recipients have >decryption keys and this means that a guilty party can compromise an >innocent party's key by sending them an encrypted message that >causes law enforcement authorities to seek access. The key needed >for this belongs to the recipient and is almost certain to protect >not only the targeted message but many other messages as well. In >such circumstances it is surely unjust to impose a requirement to >reveal keys on an entirely innocent party who is not involved in any >wrongdoing. It should be sufficient for this party to offer a >decrypted copy of the targeted message if they are able to do so. >The creation of a situation in which a guilty party can put an >entirely innocent party at risk in this way is surely not a step >that any democratic Government would consciously take. > >21. Worse even than this, a guilty party can use a random key to >send a message to an innocent party for which the latter has never >possessed any decryption key. If faced with a requirement to >decrypt this message, or to provide the decryption key, this >innocent party would have to prove that they do not possess such a >key. For all practical purposes such a proof would never be >possible. > >22. To impose such an impossible burden of proof on an accused must >amount to an infringement of the presumption of innocence embodied >under article 6 of the European Convention on Human Rights. This >would be contrary to the recently enacted Human Rights Act 1998 and >would create a miscarriage of justice by seriously infringing the >right to a fair trial because the accused may not be in a position >to provide evidence at all. > >23. We cannot support such proposals, which we believe would be a >serious curtailment of important and well-established civil rights. > >Other Concerns > >24. In addition to these concerns we also have a number of more >detailed observations on these and other points that are set out in >the Annex to this letter. > >25. We remain ready to work constructively with the Government to >seek further evolution of the proposals set out in the PIU report to >meet the reservations expressed here. >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Mr. Yaman Akdeniz, >Director, Cyber-Rights & Cyber-Liberties (UK) >URL: http://www.cyber-rights.org >E-mail: lawya@cyber-rights.org > >Read the CR&CL (UK) Reports at: >http://www.cyber-rights.org/reports/ >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From gladman@seven77.demon.co.uk Wed, 16 Jun 1999 09:05:58 +0100 Date: Wed, 16 Jun 1999 09:05:58 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Siate Update I have just updated my page at: http://www.seven77.demon.co.uk/ with some new material. I have slightly updated the paper on 'UK infosec organisations' that I posted here a few months ago. I have also added some more material on the AES effort. And I have bought together various posts on crypto policy in the UK. Please don't all download the big pdf papers at once - otherwise Demon will get annoyed with me and move me to the 'bad boys' web server! Brian From nbohm@ernest.net Wed, 16 Jun 1999 10:27:46 +0100 Date: Wed, 16 Jun 1999 10:27:46 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: PIU report and human rights: e-commerce Bill At 05:14 PM 6/15/1999 +0100, Duncan Campbell wrote: [snip] >Re crypto : my own view is that that flaw in the PIU notion that breaches >Article 6 will be spotted on day one and would never actually have to be >taken out of the Bill in Parliament. But it is another indication of how >completely flustered HMG are over this entire issue. After the drubbing >from the T&I Select Committee and given the confusion that PIU has shown up >over the proposed crypto key disclosure law, surely the right thing to do >is ditch the e-commerce bill entirely and put the crypto issue into the >IOCA review, which is where it belongs all along. Any takers? There is in fact some unglamorous but useful work for a sensible E-Commerce Bill to do, as I argued in a letter recently published in the Law Society's Gazette: "The DTI should go all out to remove unnecessary obstacles to the use of electronic documents, should leave the market to discover whether public key infrastructures are of any real use, and should give consumers some added protection by extending card issuers' joint liability with merchants to overseas transactions and the use of debit cards. Those are measures that would really do something to make the UK a good place for electronic commerce. And now that attempts to push through key escrow on the back of electronic commerce legislation have at last been abandoned, the DTI should leave criminal justice legislation to a separate Bill in the hands of the Home Office: otherwise it will only continue to leave the unwise impression that the Internet is all about crime." There are a few cases where the law requires paper between private parties, and would need legislation (and some administrative adaptations) to accept electronic documents. Those I can think of are: Contracts dealing with interests in land Contracts of guarantee Contracts of marine insurance Legal assignments of debt Assignments of patents and trademarks Trust instruments Wills There are no doubt many requirements for official forms, returns, etc, etc, to be on paper, which also need adaptation. There is a real job of work here and, as the Select Committee observed, the DTI hasn't buckled down to it. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From gladman@seven77.demon.co.uk Wed, 16 Jun 1999 11:11:34 +0100 Date: Wed, 16 Jun 1999 11:11:34 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: PIU report and human rights From: Duncan Campbell To: Sent: 15 June 1999 17:14 PM Subject: PIU report and human rights [snip] > Blair should take a hint from the Germans, and just watch what happens with > liberalised crypto over a couple of years. No-one disputes that law > enforcement will start to face real problems, but how bad will they really Actually, in practice, I do. I would agree that if we (and criminals) took our security and privacy seriously, law enforcement authorities might face problems but there is little real evidence to suggest that security or privacy is high up the agenda in most people's minds when they enter cyberspace. It is possible that vigorous and proactive government action - as might now happen in Germany - might change this but I cannot see our government - or, more importantly, the US - taking such a pro-crypto stance for some time to come. And since most people rely on processors and software provided under the watchful eye of the US government, it may be sometime before we see products that are truly secure. We want to change this, of course, but until we convince people - and large IT suppliers - that ***real*** securiy is something that matters I don't see law enforcement having too much difficulty. After all, we are all free to deploy - globally - 56-bit decryption and if we all did this as a mater of routine (using products that actually achieved this level of protection) the internet would be a much safer environment. Your (Duncan's) first-class exposure of the Echelon activity shows how much intelligence collection goes on and how easy it would be to prevent a significant part of this. By using layered protection: 1. secure IP/IPv6 at the network layer (and for some applications TLS); 2. SSL (or its derivatives) at the process to process layer 3. applications layer security at the applications layer (S/MIME, PGP,....) even at 56-bits we would have a very solid infrastructure. Of course this again assumes that product suppliers achieve the security implied by the algorithms and protocols they employ and this is a gigantic assumption. But even here there may be good news on the horizon - open source software - but it remains to be seen whether this can conquer the desktop as well as the server market. If it can then the convergence of the open source 'OS' and 'crypto' communities might just change the balance of power. So at a technical level better security is possible but it is not happening because there are too many confused messages about security and privacy. We could, if we really wanted to, remove much of the abuse of privacy in cyberspace. But do we want to? And would society be the better for it? As a society we have to decide whether we want to stop State sponsored economic and commercial intelligence, knowing that this might equally mean that we also have to give up much political, military, terrorist and criminal intelligence as well. This is a crucially important debate but one that is frustrated because the intelligence community is much too secretive about its broad objectives. If we had known about Echelon earlier - from those who claim to represent our interests - we might then have been able to make reasonsed judgements about the balance between the safety we achieve through personal privacy and that we achieve because governments are able to see wider threats to our freedom because they can collect criminal, terrorist, military and political intelligence. But they have failed to make their case and Echelon is hence seen by most, rightly or wrongly, as a threat to their privacy and a wider threat to society (at least when seen in global rather than anglo-saxon terms). Its sad that we have to conduct this debate at the sordid level of spurious law enforcement arguments and a fight over cryptography export controls that no longer serve any useful purpose ***for anyone***. The US and the UK sould give up cryptography export controls and allow the debate to move to the real issues: 1. Is there a conflict between the safety we achieve through individual, personal privacy and that we achieve because we can collectively watch the anti-social behaviour of others in society? 2. If there is such a conflict (and I don't know that there is), what is the right balance between individual, personal privacy and our ability to collectively benefit from criminal, terrorist, military and political intelligence? Of course we cannot answer these questions while our government continues to be 'economical with the truth' in describing its polices and its motivations in these areas. Brian Gladman From ptemple@onlinemagic.com Tue, 15 Jun 1999 16:53:51 +0100 Date: Tue, 15 Jun 1999 16:53:51 +0100 From: Phillip Temple ptemple@onlinemagic.com Subject: new rules of process & digital signatures At 03:18 PM 6/14/99 +0200, Thomas Roessler wrote: >Accroding to some reports in German newspapers, new rules of process >have been adopted in England and Wales. > >Is anything known on implications for the recognition of electronic >documents and digital signatures in civil processes? Tony Blair has stated he wants a percentage of government business done by electronic means within a short period, and by a certain date he wants all government business. I don't have the article to hand so am not going to risk numbers ;-) The government is funding a number of projects towards these ends. Phillip. From ptemple@onlinemagic.com Tue, 15 Jun 1999 17:01:27 +0100 Date: Tue, 15 Jun 1999 17:01:27 +0100 From: Phillip Temple ptemple@onlinemagic.com Subject: new rules of process & digital signatures Apologies for not making myself clear enough (typical you realise 5 seconds after hitting send). I was linking gov't business to civil process through hopefully being able to pay fines, etc, via electronic means. Ok, this may not make much difference to the legal system but it could be a start. Phillip. From gdmr@dcs.ed.ac.uk Wed, 16 Jun 1999 12:08:24 +0100 Date: Wed, 16 Jun 1999 12:08:24 +0100 From: George Ross gdmr@dcs.ed.ac.uk Subject: "The Scotsman" on key escrow -----BEGIN PGP SIGNED MESSAGE----- In an article entitled "The Last Frontier" in the Interactive section of = yesterday's Scotsman newspaper, on-line at http://www.scotsman.com/cgi-bin/t3-2.cgi/Scotsman.taf?_function=3Ddetail&= Articles_uid1=3D700&_UserReference=3DF3BDF29BAA31D7D637677EA9 we find the following paragraph: Nowhere is this better illustrated than in the Government=92s imminent climbdown over the significant area of "key escrow" in its forthcoming e-commerce bill. Here, a fairly reasonable attempt to have access to som= e kind of "master key" to any software encryption or scrambling used by UK companies was strongly resisted by almost all user groups, the leading t= rade publication Computer Weekly and the Government=92s own trade and industr= y select committee, even though it means criminals and terrorists, as well= as legitimate interests, can communicate without fear of eavesdropping. The= bulk of the resistance was on purely commercial grounds, saying that, as the committee report put it: "The Government intended to use legislation to = control cryptography rather than encourage e-commerce." There's an "email the editor" link on the home page, should anyone want t= o = follow up this or any of the article's other claims. - -- = Dr George D M Ross, Division of Informatics, University of Edinburgh Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ Mail: gdmr@dcs.ed.ac.uk Voice: +44 131 650 5147 Fax: +44 131 667 7209= PGP: 1024/B74A4F7D 14 E8 B3 00 20 04 68 F8 95 40 CB 36 A4 D4 FA 90 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBN2eFp2U939K3Sk99AQHHCQQAhjOEzKZSeng4o2/c5z0Rm+dRgi0s6v5t bUak1Oqe8WLJKCokTnr9BWfE+hX1Wta2CYJfw/DwltAfs5tMkLdodpBzSs22jqwO Ru22NTV8NRWZhmqx7YAvx0Pk5XEY1v6PqzhdW+mKVZi/UYTcXJjCTYAO0qBZ7eNk 3lFHz8NxGfU= =9O4V -----END PGP SIGNATURE----- From dave@xemu.demon.co.uk Wed, 16 Jun 1999 13:30:21 +0100 Date: Wed, 16 Jun 1999 13:30:21 +0100 From: Dave Bird dave@xemu.demon.co.uk Subject: new rules of process & digital signatures In article <199906151554.QAA26479@onlinemagic.com>, Phillip Temple writes >At 03:18 PM 6/14/99 +0200, Thomas Roessler wrote: >>Accroding to some reports in German newspapers, new rules of process >>have been adopted in England and Wales. >> >>Is anything known on implications for the recognition of electronic >>documents and digital signatures in civil processes? > >Tony Blair has stated he wants a percentage of government business >done by electronic means within a short period, and by a certain date >he wants all government business. I don't have the article to hand so >am not going to risk numbers ;-) I sat in a pub with a middle-ranking DTI person who assured me the absolute certain result of this was that their amount of electronic transactions would be, modestly, 1.5% short of that figure on paper by the due date. Many things might happen in the real world, but that is what the documents would say...... -- ^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/ (..)__u news:alt.smoking.mooses From gladman@seven77.demon.co.uk Wed, 16 Jun 1999 18:56:45 +0100 Date: Wed, 16 Jun 1999 18:56:45 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: My SIte Michael Froomkin, seeing my bandwidth concerns, suggested that John Young might host my site or some of its contenst on his first class crypto site at http://jya.com/ I approached John earlier today and he has very kindly agreed to host the PDF documents (some of which are quite large). Accordingly I have redirected my links to these files to point to John's site. My thanks to both John and to Michael for this most helpful support. I might say, for those who don't know it, that John's site is the place to go for crypto news. My apologies to Netscape users who found that they could not access my site - I am using Frontapge 2000 and it worked ok with IE5! It should be ok now. Brian From gladman@seven77.demon.co.uk Wed, 16 Jun 1999 21:15:58 +0100 Date: Wed, 16 Jun 1999 21:15:58 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Article by Duncan Campbell A colleague has pointed me to a Telepolis article by Duncan (Campbell) in which I am quoted. This article is available at: http://www.heise.de/tp/english/inhalt/te/2945/1.html Without in any way wanting to detract from Duncan's excellent work in bringing light to a murky world, I would like to clarify my own position on one issue that Duncan raises. The words from me that Duncan quotes are in the following extract: > But the PIU report also came under attack. Industry experts and > academics criticised the report for claiming that there had been > "remarkably little [international] co-ordination of policy on > encryption matters". > > According to former British government cryptographer Brian Gladman, (this is wrong but I rather like it! - I was an Information Security specialist in MOD) > this statement was one of a series of "deliberate and shameful lies in > a document with a preface signed by the Prime Minister". > > I have been so taken aback by this that I have been at a loss about > how best to react to it - it is hard to know where UK citizens can > turn when there is such deliberate dishonesty and lack of ethics right > at the heart of government. > Brian Gladman The point I was making here - and one which I stand by - is that it is simply a lie to suggest that there is 'remarkably little [international] of policy on encryption matters'. To back this up I gave a number of examples (I could have given quite a few more) but I made no comment on the effectiveness or otherwise of the organisations I mentioned. Duncan goes on to say: > Gladman's concerns about the infiltration of the two EU groups were > confirmed by sources in Brussels. It was believed that a senior GCHQ > official who had been attached to the Commission for five years was a > "British spy" whose job had been to impede the development of > effective cryptographic security in Europe as much as possible. In fact, for the record, let me say that I have always had confidence in ***all*** the staff at the European Commission, who I believe have worked hard to move forward with crypto in Europe. The problem they have had is that this area of work is controlled by the ***national representatives*** on the Senior Officials Group on Information Security (SOGIS) since 'national security' responsibility has never been delegated to the Commission. Although others may have different views, I have nothing but admiration for some of the efforts made by the staff in the Commission to break through these barriers. So the legendary 'zero strength' cryptography that characterises European R&D is not the fault of the staff in Brussels but rather that of certain national representatives. And guess which country has the worst record here (although I would admit that France has competed pretty effectively for first place until quite recently). I would also add that one of the groups I mentioned - the EU Cryptography Working Group - has, in my limited experience of its operation, been making a genuine attempt to be 'on the side of the angels'. Again, however, its efforts to be crypto-friendly have been frustrated by 'behind the scenes' intervention by the UK (and, maybe, some other countries as well). Its fashionable to blame Brussels for everything but on this particular occasion this is simply not fair. Returning to my charge that the UK government is lying to UK citizens on the extent of international co-ordination of encryption, I have seen only a half hearted attempt by Nigel to answer the charge by claiming that they meant 'coordination in the round'. George Foot asked for clarification of this but, as far as I know, obtained none. Maybe George obtained this clarification privately? Brian Gladman From georgefoot@oxted.demon.co.uk Thu, 17 Jun 1999 15:12:13 +0100 Date: Thu, 17 Jun 1999 15:12:13 +0100 From: George Foot georgefoot@oxted.demon.co.uk Subject: Article by Duncan Campbell Dear Brian, RE: Your enquiry -- see below. I have not received any explanation of the expression "broad encryption policies in the round" In fact I have not received any reply whatever. Regards George. In message <003b01beb835$14b77f20$966adec2@FortyTwo>, Brian Gladman writes >Returning to my charge that the UK government is lying to UK citizens on the >extent of international co-ordination of encryption, I have seen only a half >hearted attempt by Nigel to answer the charge by claiming that they meant >'coordination in the round'. George Foot asked for clarification of this >but, as far as I know, obtained none. Maybe George obtained this >clarification privately? > > Brian Gladman -- George Foot georgefoot@oxted.demon.co.uk http://www.oxted.demon.co.uk From Pete.Chown@skygate.co.uk Fri, 18 Jun 1999 10:32:52 +0100 Date: Fri, 18 Jun 1999 10:32:52 +0100 From: Pete Chown Pete.Chown@skygate.co.uk Subject: PIU report and human rights We're saved! Duncan Campbell has arrived! :-) Duncan Campbell wrote: > It is trite to point out that [a reversed burden of proof] is logically > absurd and rather more > significant to point out that it is legally untenable. Article 6 of the > European Convention outlaws any requirement for the defendant to a criminal > action to prove their innocence. Also interesting is Funke v. France [1993] 16 EHRR 297. In this case the applicant was asked to hand over statements and correspondence relating to foreign bank accounts, on pain of a fine or imprisonment. He refused and in the event was fined. The ECHR decided that Article 6(2) -- the presumption of innocence -- created a right to avoid self incrimination. It was decided that this right had been infringed by the requirement to hand over correspondence. It seems to me that the whole idea of law enforcement access to encryption keys could fall within the scope of this precedent. The only exception would be if a key was found without any positive action being required by the defendant. For example if the police were executing a search warrant and found an unencrypted private key on a computer, the defendant has not had to do anything active and so this could not be described as self-incrimination. ----------------------------------------------------------------------- Pete Chown, email pc@skygate.co.uk, phone +44 (0) 181 680 8393, fax +44 (0) 181 688 8013, mobile +44 (0) 468 765 645, post 58 Foss Avenue, Croydon, CR0 4EU, England From khushil.dep@cyberlife.co.uk Fri, 18 Jun 1999 10:46:39 +0100 Date: Fri, 18 Jun 1999 10:46:39 +0100 From: khushil.dep@cyberlife.co.uk khushil.dep@cyberlife.co.uk Subject: PIU report and human rights Could it not however be argued that the defendant had left it unencrypted on his own computer and So through stupidly had managed to incriminate himself? Or am I missing the law here? :-) *** Khushil Dep Product Tester CyberLife Technology Ltd "Run For It!" -----Original Message----- From: owner-ukcrypto@maillist.ox.ac.uk [mailto:owner-ukcrypto@maillist.ox.ac.uk] On Behalf Of Pete Chown Sent: 18 June 1999 10:33 To: ukcrypto@maillist.ox.ac.uk Subject: Re: PIU report and human rights We're saved! Duncan Campbell has arrived! :-) Duncan Campbell wrote: > It is trite to point out that [a reversed burden of proof] is logically > absurd and rather more > significant to point out that it is legally untenable. Article 6 of the > European Convention outlaws any requirement for the defendant to a criminal > action to prove their innocence. Also interesting is Funke v. France [1993] 16 EHRR 297. In this case the applicant was asked to hand over statements and correspondence relating to foreign bank accounts, on pain of a fine or imprisonment. He refused and in the event was fined. The ECHR decided that Article 6(2) -- the presumption of innocence -- created a right to avoid self incrimination. It was decided that this right had been infringed by the requirement to hand over correspondence. It seems to me that the whole idea of law enforcement access to encryption keys could fall within the scope of this precedent. The only exception would be if a key was found without any positive action being required by the defendant. For example if the police were executing a search warrant and found an unencrypted private key on a computer, the defendant has not had to do anything active and so this could not be described as self-incrimination. ----------------------------------------------------------------------- Pete Chown, email pc@skygate.co.uk, phone +44 (0) 181 680 8393, fax +44 (0) 181 688 8013, mobile +44 (0) 468 765 645, post 58 Foss Avenue, Croydon, CR0 4EU, England From alan@kable.co.uk Fri, 18 Jun 1999 10:39:43 +0100 Date: Fri, 18 Jun 1999 10:39:43 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: new rules of process & digital signatures Thomas Roessler wrote: Tony Blair has stated he wants a percentage of government business done by electronic means within a short period, and by a certain date he wants all government business. I don't have the article to hand so am not going to risk number Not quite right. He said in Oct 1997 that he wants 25% of business TO BE POSSIBLE electronically by 2002. The Modernising Government white paper, published in March 1999, developed the targets so now it is "50% of dealings SHOULD BE CAPABLE of electronic delivery by 2005 and 100% by 2008". The White Paper's available on-line and you'll find analysis of Cabinet Office's Central - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at http://www.streetmap.co.uk/streetmap.dll?grid2map?X=531650&Y=181750&arrow=Y From alan@kable.co.uk Fri, 18 Jun 1999 10:45:14 +0100 Date: Fri, 18 Jun 1999 10:45:14 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: FW: new rules of process & digital signatures Sorry. Pressed the "send button" too early. It's Friday, and it's been a busy week. Real version follows. Alan B-G -----Original Message----- From: Alan Burkitt-Gray Sent: Friday, June 18, 1999 10:40 AM To: 'ukcrypto@maillist.ox.ac.uk' Subject: RE: new rules of process & digital signatures Thomas Roessler wrote: Tony Blair has stated he wants a percentage of government business done by electronic means within a short period, and by a certain date he wants all government business. I don't have the article to hand so am not going to risk number Corrected version of earlier posting: Not quite right. He said in Oct 1997 that he wants 25% of business TO BE POSSIBLE electronically by 2002. The Modernising Government white paper, published in March 1999, developed the targets so now it is "50% of dealings SHOULD BE CAPABLE of electronic delivery by 2005 and 100% by 2008". The White Paper's available on-line and the Cabinet Office Central IT Unit (www.citu.gov.uk) is monitoring how each department is getting on. Our own website also has quite a lot about the White Paper and the targets. Alan B-G - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at http://www.streetmap.co.uk/streetmap.dll?grid2map?X=531650&Y=181750&arrow=Y From I.Brown@cs.ucl.ac.uk Fri, 18 Jun 1999 11:53:14 +0100 Date: Fri, 18 Jun 1999 11:53:14 +0100 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: M$ encrypting filesystem Windows 2000 comes as standard with the ability to encrypt files on an NTFS partition. Of course, the international version uses 40-bit encryption. But even worse, *all* versions will only allow encryption if a "recovery agent" is configured. If you remove the recovery agent, Windows stops encrypting, just like that. M$ has obviously been liasing very closely with Fort Meade over this one... http://www.microsoft.com/windows/server/Deploy/security/EncrFile.asp The Word document there says some interesting things: "in circumstances where multiple recovery agents are needed for the domain or where the recovery agent needs to be different from the domain administrator due to legal or corporate policy, you may need to identify certain users as recovery agents" NSA as your local friendly recovery agent, perhaps? "Recovery agents may need to recover files or folders if a user loses his or her key or leaves the company, or if there is a legal requirement to do so." Mmmm mmm! As Ross Anderson says, this is garbage anyway. Companies want *data* recovery, not key recovery. What Windows *should* do is provide this service as part of backup procedures, sending the plaintext of backup data over a secure link to a secure backup centre where it can be re-encrypted under other keys. This removes the security vulnerability of having one or more master recovery keys that can be used to gain access to files on any computer in an organisation. The backup centre can be guarded a lot more effectively. Ian From I.Brown@cs.ucl.ac.uk Fri, 18 Jun 1999 11:57:11 +0100 Date: Fri, 18 Jun 1999 11:57:11 +0100 From: Ian Brown I.Brown@cs.ucl.ac.uk Subject: More EFS lameness > EFS supports encryption and decryption of files stored on local drives > as well as those stored on remote file servers. In the case of remote > servers, you can encrypt files and folders on the server but your data is > not protected if you access a file over the network. Windows 2000 > provides network protocols such as Secure Sockets Layer/Private > Communication Technology (SSL/PCT) to encrypt data access over the > network. Why doesn't it just decrypt a remote file locally, *after* it has been transferred over the network? From david@swarb.demon.co.uk Wed, 16 Jun 1999 17:08:08 +0100 Date: Wed, 16 Jun 1999 17:08:08 +0100 From: David Swarbrick david@swarb.demon.co.uk Subject: PIU report and human rights: e-commerce Bill In message <3.0.5.32.19990616102746.0093f4a0@mail.netkonect.co.uk>, Nicholas Bohm writes >At 05:14 PM 6/15/1999 +0100, Duncan Campbell wrote: > > >There are a few cases where the law requires paper between private parties, >and would need legislation (and some administrative adaptations) to accept >electronic documents. Those I can think of are: > >Contracts dealing with interests in land ... etc > >There are no doubt many requirements for official forms, returns, etc, etc, >to be on paper, which also need adaptation. There is a real job of work >here and, as the Select Committee observed, the DTI hasn't buckled down to it. > A recent and live discussion has been about the practice of Virgin.net. Their T&Cs suggest that they acquire the copyright in all materials transmitted through their systems. They do seem to seek to enforce this condition! Apart from the other (substantial) issues, this raises one of whether a tick accepting T&Cs can constitute an assignment of future copyrights. An assignment of copyright must be in writing. -- David Swarbrick, Solicitor, Brighouse, West Yorkshire Web: http://www.swarb.co.uk. david@swarb.demon.co.uk Tel: +44(0)1484 722531 Home of the law-index (9500+ case digests). IT Law and contracts. The Law Society regulates us in the conduct of investment business From alan@kable.co.uk Fri, 18 Jun 1999 14:39:28 +0100 Date: Fri, 18 Jun 1999 14:39:28 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: PIU report and human rights: e-commerce Bill -----Original Message----- From: David Swarbrick [SMTP:david@swarb.demon.co.uk] Sent: Wednesday, June 16, 1999 5:08 PM To: ukcrypto@maillist.ox.ac.uk Subject: Re: PIU report and human rights: e-commerce Bill In message <3.0.5.32.19990616102746.0093f4a0@mail.netkonect.co.uk>, Nicholas Bohm writes >At 05:14 PM 6/15/1999 +0100, Duncan Campbell wrote: > > >There are a few cases where the law requires paper between private parties, >and would need legislation (and some administrative adaptations) to accept >electronic documents. Those I can think of are: > >Contracts dealing with interests in land ... etc > >There are no doubt many requirements for official forms, returns, etc, etc, >to be on paper, which also need adaptation. There is a real job of work >here and, as the Select Committee observed, the DTI hasn't buckled down to it. David Swarbrick writes... A recent and live discussion has been about the practice of Virgin.net. Their T&Cs suggest that they acquire the copyright in all materials transmitted through their systems. They do seem to seek to enforce this condition! I'm only a journalist, but Virgin.net's now a free site and therefore the user pays no money (or anything else) to Virgin for the use of web space. Hence, I would have thought, there is no contract and Virgin could not enforce acquisition of copyright in any case. Or am I missing something? Alan - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at http://www.streetmap.co.uk/streetmap.dll?grid2map?X=531650&Y=181750&arrow=Y From khushil.dep@cyberlife.co.uk Fri, 18 Jun 1999 10:46:39 +0100 Date: Fri, 18 Jun 1999 10:46:39 +0100 From: khushil.dep@cyberlife.co.uk khushil.dep@cyberlife.co.uk Subject: PIU report and human rights Could it not however be argued that the defendant had left it unencrypted on his own computer and So through stupidly had managed to incriminate himself? Or am I missing the law here? :-) *** Khushil Dep Product Tester CyberLife Technology Ltd "Run For It!" -----Original Message----- From: owner-ukcrypto@maillist.ox.ac.uk [mailto:owner-ukcrypto@maillist.ox.ac.uk] On Behalf Of Pete Chown Sent: 18 June 1999 10:33 To: ukcrypto@maillist.ox.ac.uk Subject: Re: PIU report and human rights We're saved! Duncan Campbell has arrived! :-) Duncan Campbell wrote: > It is trite to point out that [a reversed burden of proof] is logically > absurd and rather more > significant to point out that it is legally untenable. Article 6 of the > European Convention outlaws any requirement for the defendant to a criminal > action to prove their innocence. Also interesting is Funke v. France [1993] 16 EHRR 297. In this case the applicant was asked to hand over statements and correspondence relating to foreign bank accounts, on pain of a fine or imprisonment. He refused and in the event was fined. The ECHR decided that Article 6(2) -- the presumption of innocence -- created a right to avoid self incrimination. It was decided that this right had been infringed by the requirement to hand over correspondence. It seems to me that the whole idea of law enforcement access to encryption keys could fall within the scope of this precedent. The only exception would be if a key was found without any positive action being required by the defendant. For example if the police were executing a search warrant and found an unencrypted private key on a computer, the defendant has not had to do anything active and so this could not be described as self-incrimination. ----------------------------------------------------------------------- Pete Chown, email pc@skygate.co.uk, phone +44 (0) 181 680 8393, fax +44 (0) 181 688 8013, mobile +44 (0) 468 765 645, post 58 Foss Avenue, Croydon, CR0 4EU, England From markc@chiark.greenend.org.uk Fri, 18 Jun 1999 15:13:16 +0100 (BST) Date: Fri, 18 Jun 1999 15:13:16 +0100 (BST) From: Mark Carroll markc@chiark.greenend.org.uk Subject: PIU report and human rights: e-commerce Bill On Fri, 18 Jun 1999, Alan Burkitt-Gray wrote: (snip) > I'm only a journalist, but Virgin.net's now a free site and therefore the > user pays no money (or anything else) to Virgin for the use of web space. > Hence, I would have thought, there is no contract and Virgin could not > enforce acquisition of copyright in any case. (snip) As far as I know, there doesn't have to be any transfer of money for a contract to exist. -- Mark From Ian_Miller@scientia.com Fri, 18 Jun 1999 16:12:35 +0100 Date: Fri, 18 Jun 1999 16:12:35 +0100 From: Ian Miller Ian_Miller@scientia.com Subject: PIU report and human rights: e-commerce Bill At 17:08 16/06/99 +0100, you wrote: >A recent and live discussion has been about the practice of Virgin.net. >Their T&Cs suggest that they acquire the copyright in all materials >transmitted through their systems. They do seem to seek to enforce this >condition! > Assuming for the moment this is valid and enforcable, what would it imply for encrypted traffic? Would they obtain the copyright of the plaintext or only of the cyphertext? Does copyright on the cyphertext have any real meaning? Ian From alan@kable.co.uk Fri, 18 Jun 1999 16:37:04 +0100 Date: Fri, 18 Jun 1999 16:37:04 +0100 From: Alan Burkitt-Gray alan@kable.co.uk Subject: PIU report and human rights: e-commerce Bill -----Original Message----- Mark Carroll wrote: As far as I know, there doesn't have to be any transfer of money for a contract to exist. I thought the essence of a contract was that there was a two-way exchange. Something for something. Hence the existence of peppercorn rents - you have to pay something, even 1p a year, to rent, hire or buy goods or services otherwise there is no contract and therefore no conditions can be imposed. If I were a Virgin.net user I'd be giving Virgin nothing (BT's paying them something out of what it earns from my phone bill, but that's a BT-Virgin contract). So Virgin couldn't impose conditions. Alan - ALAN BURKITT-GRAY, Editor, Government Computing The independent magazine about information age public service, for the people who are going to make it happen NEXT ISSUE: July-August 1999, due early July Published monthly by Kable Ltd The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 8420 website http://www.kable.co.uk (includes advance features information) e-mail alan@kable.co.uk Where's Kable? Look at http://www.streetmap.co.uk/streetmap.dll?grid2map?X=531650&Y=181750&arrow=Y From phr@doc.ic.ac.uk Fri, 18 Jun 1999 17:09:21 +0100 Date: Fri, 18 Jun 1999 17:09:21 +0100 From: Philip Rowlands phr@doc.ic.ac.uk Subject: PIU report and human rights: e-commerce Bill Ian Miller wrote: > > Assuming for the moment this is valid and enforcable, what would it > imply for encrypted traffic? Would they obtain the copyright of the > plaintext or only of the cyphertext? Does copyright on the cyphertext > have any real meaning? I imagine it would be a "derived work", perfectly copyright-able. Read http://old.law.columbia.edu/my_pubs/anarchism.html for a discussion of streams of numbers being copyrighted. Phil From Pete.Chown@skygate.co.uk Fri, 18 Jun 1999 17:57:57 +0100 Date: Fri, 18 Jun 1999 17:57:57 +0100 From: Pete Chown Pete.Chown@skygate.co.uk Subject: PIU report and human rights: e-commerce Bill I could see it being very messy if Virgin.net tried to enforce their copyright transfer condition. Obviously there can be no transfer of copyright if there is no writing. But then you have a situation similar to the cases on informal transfers of land. It is possible that equitable ownership of the copyright might pass to Virgin while legal ownership stayed with the subscriber. Mark Carroll wrote: > As far as I know, there doesn't have to be any transfer of money for a > contract to exist. No... The wrapper from a chocolate bar, marriage and a peppercorn have all been held to be good consideration for a contract. ----------------------------------------------------------------------- Pete Chown, email pc@skygate.co.uk, phone +44 (0) 181 680 8393, fax +44 (0) 181 688 8013, mobile +44 (0) 468 765 645, post 58 Foss Avenue, Croydon, CR0 4EU, England From georgefoot@oxted.demon.co.uk Sat, 19 Jun 1999 11:25:04 +0100 Date: Sat, 19 Jun 1999 11:25:04 +0100 From: George Foot georgefoot@oxted.demon.co.uk Subject: Public Keys and the Web Page. A Solution for Problems of Public Key Distribution. A sustained debate on the problems of Key Distribution within Public Key cryptosystems has exposed difficulties but has neither found a solution nor shown the way ahead with any clarity. I cannot understand why we look for complex remedies when simpler solutions which are now available would seem to offer almost everything we require. Most companies and organizations of importance and an enormous number of others at all levels of distinction have a Web Page. The Web Page is a phenomenon of our times and its significance in our society is growing rapidly. E-Commerce flourishes amongst Web Pages. The commercial Web Page advertises the company and displays its products or its services, provides specifications and performs many other tasks of a commercial character. Commercial Web Pages are not created by legislative decree. They exist because of business enterprise and are kept alive by business flair. The pressures of competitive business are an incentive to maintain the accuracy of information provided on a commercial Web Page. Web Pages can be modified at any time with ease with the advantage that the information they display is generally more reliable and topical than similar information in a Directory or Brochure or other printed document which can only be issued at intervals, A Web Page is likely to provide at the minimum the telephone number, the Fax number and the E-Mail address of the company sponsoring the Web Page: This is already comprehensive information for commercial purposes. Where better than the Web Page to include the company's Public Key and to arrange that an encrypted message can be sent to the company via the medium of the Web Page while the Web Page is still visible ? A good assurance of the correctness and the authenticity of a Public Key is provided if that Public Key appears regularly on the Web Page of a company over a lengthy period during which it is constantly subject to public scrutiny. Did I hear you say that this assurance is not absolute ? That is true. Absolute certainty is unobtainable. However a Web Page can distribute 1,000,000 Web Pages world- wide with daily changes if required. A Certification Authority which can handle the same task has still to prove its competence and its viability. Consider also these situations: (a) It is a delusion that a Private Key can be securely held for a long period, perhaps years, under busy commercial conditions in the face of carelessness and malice within the company and subtle intrusion from without. (B) It is impossible to revoke a compromised Public Key thoroughly and promptly and to erase it from every database world-wide in which it may have been stored. But it is simple to announce the invalidity of a Public Key on a Web Page. (C) A company may desire to change its Private Key frequently -- perhaps every day -- as a security precaution. A contentious practice perhaps but experience may support it: Impractical ? Not if the "Key-of-the-Day" appears on the Web Page but entirely impossible otherwise. All these intractable problems are far closer to a solution if Web Page access is the regular route to Public Key verification and Public Key usage. This practice would be a significant improvement for which an equivalent is not available. But does Government impress on us that such practical measures are a safeguard which we should not neglect or does Government propose that we rely on academic and untried formularies ? One does not belittle any solutions unless they involve legislation which would hinder progress. Let them continue. But I am an advocate of business solutions which evolve from business experience with the aid of finely honed business skills -- leaving legislation to follow and not to forestall experience. I hope that this posting may be well received as the type of discussion feature which this mailing list encourages. Thank you: George -- George Foot georgefoot@oxted.demon.co.uk http://www.oxted.demon.co.uk From nbohm@ernest.net Sat, 19 Jun 1999 13:22:51 +0100 Date: Sat, 19 Jun 1999 13:22:51 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Virgin.net (was PIU report and human rights: e-commerce Bill) I think a condition of a free internet service which attempted to exact a transfer of all the copyright in the subscriber's material would be outrageous. I have't seen the virgin.net terms which have been mentioned, and can't comment on their purpose or effect. But some comments in this list have been mistaken. 1 If an ISP offers a connection to the internet in return for a transfer of the subscriber's existing or future copyright in materials submitted, that is a commercial bargain in which each side gives a promise of value. There is no absence of "consideration" such as to make either party's promises contractually unenforceable. The absence of money is irrelevant (which indeed is why a peppercorn rent is as good as a penny rent). 2 Assignments of copyright must be in writing, but the definition of "writing" in section 178 of the Copyright, Designs and Patents Act 1988 provides that writing includes any form of notation or code, whether by hand or otherwise, and regardless of the method by which, or medium in or on which, it is recorded. It is the one exception I know of where a definition of writing is adopted different from that in the schedule to the Interpretation Act 1978, which effectively requires paper. So absence of paper does not invalidate the assignment. 3 An agreement to assign future copyrights is effective to vest them in the assignee when they come into existence. As to existing copyrights, which might be relevant, since a subscriber might well use the internet to distribute material existing before taking out his subscription to the service, an assignment is required. As a transfer of property on sale it would be subject to stamp duty on the value of the property transferred. I don't know what arrangements exist for paying stamp duty on stampable electronic documents: probably none. But it would commonly be the case that the value involved would fall below the relevant threshhold (I think from memory GBP 60,000), in which case if the assignment contained the appropriate certificate for value, no stamp duty would be payable. (If stamp duty is payable, either because the value is beyond the limit, or because no certificate has been given, then the unstamped document is inadmissible in evidence and effectively unenforceable. It might be possible to stamp it late, probably paying a penalty, to overcome this problem.) 4 Perhaps more relevant than this digression, the right basis for an attack on such a term must be the unfair contract terms legislation, both out home-grown 1978 Act and the EU inspired regulations (with which I admit less familiarity). The term seems grossly unreasonable, without any sensible commercial or legal justification. I find it hard to believe it would withstand any serious challenge. Any victim would be well-advised to raise the issue with the Office of Fair Trading. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From Ross.Anderson@cl.cam.ac.uk Sat, 19 Jun 1999 22:27:49 +0100 Date: Sat, 19 Jun 1999 22:27:49 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Public Keys and the Web Page. George writes: > Where better than the Web Page to include the company's > Public Key and to arrange that an encrypted message can be > sent to the company via the medium of the Web Page while the > Web Page is still visible ? Indeed. I've kept my own PGP key on my web page for years. So have most people. Most companies who use SSL do the same kind of thing (even if they have a cert, how much can you trust Verisign given the disclaimers :-) > A company may desire to change its Private Key > frequently -- perhaps every day -- as a security precaution. > A contentious practice perhaps but experience may support > it: Impractical ? Not if the "Key-of-the-Day" appears on > the Web Page but entirely impossible otherwise. I agree completely - and for two years now I've set students a standard project exercise to write an applet which when clicked will open a mail composition window in the client browser, get the text, encrypt it and send it back to the server. With such a mechanism you can change keys as often as you want. Once `decryption warrants' become law, I reckon this approach could become very popular. > But I am an advocate of business solutions which evolve from > business experience with the aid of finely honed business > skills -- leaving legislation to follow and not to forestall > experience. In recent research we've been following the business experience of the publishing industry. We started off by devising mechanisms that were suitable for protecting online medical books - if you're a doctor you want to make sure that an online drug dosage database you're relying on is genuine (see for details). We're now going further: we want users to be able to put together more or less arbitrary security tags and processes in just about any way that makes sense. So any document - web page, letter, book, whatever - should be able to contain not just links but also security metadata such as hashes of cited articles, public encryption keys, public signature verification keys, timestamps, and so on, in ways that will be compatible with XML. More at Ross From gladman@seven77.demon.co.uk Sun, 20 Jun 1999 09:49:31 +0100 Date: Sun, 20 Jun 1999 09:49:31 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Public Keys and the Web Page. From: Ross Anderson To: Sent: 19 June 1999 22:27 PM Subject: Re: Public Keys and the Web Page. > George writes: > > > Where better than the Web Page to include the company's > > Public Key and to arrange that an encrypted message can be > > sent to the company via the medium of the Web Page while the > > Web Page is still visible ? > > Indeed. I've kept my own PGP key on my web page for years. So have > most people. Most companies who use SSL do the same kind of thing > (even if they have a cert, how much can you trust Verisign given the > disclaimers :-) I too like Goerge's idea which avoids the problems of relying on one or two third parties with all the vulnerabilities that these introduce. It does require some vigilence on the part of the web page owner to ensure that their web page(s) are not being consistently subverted but this does not pose too much of a problem once it is recognised that this sort of attack is possible and needs to be detected and/or countered. [snip] > We're now going further: we want users to be able to put together more > or less arbitrary security tags and processes in just about any way > that makes sense. So any document - web page, letter, book, whatever - > should be able to contain not just links but also security metadata > such as hashes of cited articles, public encryption keys, public > signature verification keys, timestamps, and so on, in ways that will > be compatible with XML. Agreed, XML does seem to offer a good basic mechanism for adding security functionality to information streams. Brian From David.Goodenough@dga.co.uk Sun, 20 Jun 1999 13:27:46 +0100 Date: Sun, 20 Jun 1999 13:27:46 +0100 From: David.Goodenough@dga.co.uk David.Goodenough@dga.co.uk Subject: Public Keys and the Web Page. The problem that this does not address is the one asked on this list some months ago, which was that I can be confident that my credit card details are only visible in two places , assuming I have a nice strong 128 bit SSL pipe, i.e. here and the other end: The question is, where is the other end? To put it another way, if it goes wrong, who do I sue. This mechanism provides little checking that the organisation at the other end is who they say they are and that they are an identifiable legal entitiy that you could sue. This problem is actually worse if the key changes frequently, as you do not even have the reasurance that it is the same one as last time, it would provide a perfect cover for the interloper as the key would be expected to change. "Brian Gladman" on 20-06-99 09:49:31 AM Please respond to ukcrypto@maillist.ox.ac.uk To: ukcrypto@maillist.ox.ac.uk cc: (bcc: David Goodenough/DGA/GB) Subject: Re: Public Keys and the Web Page. From: Ross Anderson To: Sent: 19 June 1999 22:27 PM Subject: Re: Public Keys and the Web Page. > George writes: > > > Where better than the Web Page to include the company's > > Public Key and to arrange that an encrypted message can be > > sent to the company via the medium of the Web Page while the > > Web Page is still visible ? > > Indeed. I've kept my own PGP key on my web page for years. So have > most people. Most companies who use SSL do the same kind of thing > (even if they have a cert, how much can you trust Verisign given the > disclaimers :-) I too like Goerge's idea which avoids the problems of relying on one or two third parties with all the vulnerabilities that these introduce. It does require some vigilence on the part of the web page owner to ensure that their web page(s) are not being consistently subverted but this does not pose too much of a problem once it is recognised that this sort of attack is possible and needs to be detected and/or countered. [snip] > We're now going further: we want users to be able to put together more > or less arbitrary security tags and processes in just about any way > that makes sense. So any document - web page, letter, book, whatever - > should be able to contain not just links but also security metadata > such as hashes of cited articles, public encryption keys, public > signature verification keys, timestamps, and so on, in ways that will > be compatible with XML. Agreed, XML does seem to offer a good basic mechanism for adding security functionality to information streams. Brian From gladman@seven77.demon.co.uk Sun, 20 Jun 1999 13:55:59 +0100 Date: Sun, 20 Jun 1999 13:55:59 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Public Keys and the Web Page. From: To: Sent: 20 June 1999 13:27 PM Subject: Re: Public Keys and the Web Page. > The problem that this does not address is the one asked on this list some > months ago, which was that I can be confident that my credit card details > are only visible in two places , assuming I have a nice strong 128 bit SSL > pipe, i.e. here and the other end: The question is, where is the other > end? To put it another way, if it goes wrong, who do I sue. > > This mechanism provides little checking that the organisation at the other > end is who they say they are and that they are an identifiable legal > entitiy that you could sue. This problem is actually worse if the key > changes frequently, as you do not even have the reasurance that it is the > same one as last time, it would provide a perfect cover for the interloper > as the key would be expected to change. This is why I said that this approach relies on the (alleged) owner of the page being vigilant. As you say they not only have to be sure that their page is not being changed, they also have to ensure that someone else is not pretending to be them. However, despite these weaknesses I do think that the idea has merits. Brian From ben@algroup.co.uk Sun, 20 Jun 1999 14:23:58 +0100 Date: Sun, 20 Jun 1999 14:23:58 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Public Keys and the Web Page. George Foot wrote: > > > > A Solution for Problems of Public Key Distribution. > > A sustained debate on the problems of Key Distribution > within Public Key cryptosystems has exposed difficulties but > has neither found a solution nor shown the way ahead with > any clarity. > > I cannot understand why we look for complex remedies when > simpler solutions which are now available would seem to > offer almost everything we require. > > Most companies and organizations of importance and an > enormous number of others at all levels of distinction have > a Web Page. The Web Page is a phenomenon of our times and > its significance in our society is growing rapidly. > > E-Commerce flourishes amongst Web Pages. The commercial Web > Page advertises the company and displays its products or > its services, provides specifications and performs many > other tasks of a commercial character. > > Commercial Web Pages are not created by legislative decree. > They exist because of business enterprise and are kept alive > by business flair. > > The pressures of competitive business are an incentive to > maintain the accuracy of information provided on a > commercial Web Page. Web Pages can be modified at any time > with ease with the advantage that the information they > display is generally more reliable and topical than similar > information in a Directory or Brochure or other printed > document which can only be issued at intervals, > > A Web Page is likely to provide at the minimum the telephone > number, the Fax number and the E-Mail address of the company > sponsoring the Web Page: This is already comprehensive > information for commercial purposes. > > Where better than the Web Page to include the company's > Public Key and to arrange that an encrypted message can be > sent to the company via the medium of the Web Page while the > Web Page is still visible ? > > A good assurance of the correctness and the authenticity of > a Public Key is provided if that Public Key appears > regularly on the Web Page of a company over a lengthy period > during which it is constantly subject to public scrutiny. > > Did I hear you say that this assurance is not absolute ? > That is true. Absolute certainty is unobtainable. > > However a Web Page can distribute 1,000,000 Web Pages world- > wide with daily changes if required. A Certification > Authority which can handle the same task has still to prove > its competence and its viability. > > Consider also these situations: > > (a) It is a delusion that a Private Key can be securely held > for a long period, perhaps years, under busy commercial > conditions in the face of carelessness and malice within the > company and subtle intrusion from without. That rather depends on what the key is used for and how it is used. > (B) It is impossible to revoke a compromised Public Key > thoroughly and promptly and to erase it from every database > world-wide in which it may have been stored. But it is > simple to announce the invalidity of a Public Key on a Web > Page. This is what certificate revocation lists are for, and they have the advantage that they can be processed by a machine, unlike a key slapped on a webpage somewhere. > (C) A company may desire to change its Private Key > frequently -- perhaps every day -- as a security precaution. > A contentious practice perhaps but experience may support > it: Impractical ? Not if the "Key-of-the-Day" appears on > the Web Page but entirely impossible otherwise. Hmm. And this is what directories are for. And they have the advantage you only have to secure a few directories instead of every fathead's webpages. Also, this is entirely at odds with your earlier statement: "A good assurance of the correctness and the authenticity of a Public Key is provided if that Public Key appears regularly on the Web Page of a company over a lengthy period during which it is constantly subject to public scrutiny." And, of course, the correctness of regularly changing public keys can be easily assured by a CA, and again gives the advantage of reducing the burden of security. > All these intractable problems are far closer to a solution > if Web Page access is the regular route to Public Key > verification and Public Key usage. This practice would be a > significant improvement for which an equivalent is not > available. Perhaps I'm missing something, but I don't see how the proposed solution differs from any other key distribution mechanism in terms of complexity, and it seems to rely rather heavily on human intervention, which is usually the best way to ensure that it is done incorrectly on a regular basis. > But does Government impress on us that such practical > measures are a safeguard which we should not neglect or does > Government propose that we rely on academic and untried > formularies ? As far as I know Government doesn't say anything about these matters, which suits me fine, because I hired them to run the country, not my websites. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From ben@algroup.co.uk Sun, 20 Jun 1999 14:39:03 +0100 Date: Sun, 20 Jun 1999 14:39:03 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Public Keys and the Web Page. Ross Anderson wrote: > > George writes: > > > Where better than the Web Page to include the company's > > Public Key and to arrange that an encrypted message can be > > sent to the company via the medium of the Web Page while the > > Web Page is still visible ? > > Indeed. I've kept my own PGP key on my web page for years. So have > most people. Most companies who use SSL do the same kind of thing > (even if they have a cert, how much can you trust Verisign given the > disclaimers :-) As have I, but that has not prevented people from becoming confused by a key that appears on keyservers as mine, but is, in fact, not. > We're now going further: we want users to be able to put together more > or less arbitrary security tags and processes in just about any way > that makes sense. So any document - web page, letter, book, whatever - > should be able to contain not just links but also security metadata > such as hashes of cited articles, public encryption keys, public > signature verification keys, timestamps, and so on, in ways that will > be compatible with XML. > > More at Cute. But I'm obviously missing something, because I completely fail to see why: B -> A: A, Y, h(X,NB) is wrong, but: B -> A: A, h(X,NB), Y is not. Why should ordering matter? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From nbohm@ernest.net Sun, 20 Jun 1999 16:27:54 +0100 Date: Sun, 20 Jun 1999 16:27:54 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: Public Keys and the Web Page. At 01:27 PM 6/20/1999 +0100, David.Goodenough@dga.co.uk wrote: >The problem that this does not address is the one asked on this list some >months ago, which was that I can be confident that my credit card details >are only visible in two places , assuming I have a nice strong 128 bit SSL >pipe, i.e. here and the other end: The question is, where is the other >end? To put it another way, if it goes wrong, who do I sue. In the case of credit cards, sue the card issuer. That's what the banking system is there for, and trying to invent a PKI to replace it is liable to be wasteful. >This mechanism provides little checking that the organisation at the other >end is who they say they are and that they are an identifiable legal >entitiy that you could sue. This problem is actually worse if the key >changes frequently, as you do not even have the reasurance that it is the >same one as last time, it would provide a perfect cover for the interloper >as the key would be expected to change. This may argue for a longlife signature key which verifies a succession of shortlife confidentiality keys. The signature key (or rather its fingerprint) could appear in the owner's corporate literature, letterhead, business cards, trade directories, etc, etc, providing a multiplicity of channels too hard to spoof at any tolerable cost. This makes revocation difficult, like changing a telephone number. But it may be that making revocation difficult is less of a problem than letting machines rely on the the certificate revocation lists of a PKI, which may themselves be vulnerable to sophisticated corruptions. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From mischief@lanesbry.com Sun, 20 Jun 1999 16:54:05 +1000 Date: Sun, 20 Jun 1999 16:54:05 +1000 From: mischief mischief@lanesbry.com Subject: PIU report and human rights: e-commerce Bill Alan Burkitt-Gray wrote: > > -----Original Message----- > Mark Carroll wrote: > As far as I know, there doesn't have to be any transfer of money for > a > contract to exist. > > I thought the essence of a contract was that there was a two-way exchange. > Something for something. Hence the existence of peppercorn rents - you have > to pay something, even 1p a year, to rent, hire or buy goods or services > otherwise there is no contract and therefore no conditions can be imposed. > If I were a Virgin.net user I'd be giving Virgin nothing (BT's paying them > something out of what it earns from my phone bill, but that's a BT-Virgin > contract). So Virgin couldn't impose conditions. > Alan > If i understand the agreement correctly, in exchange for access to virgin.net, the user gives up copyright to everything they transmit over virgin.net. You are being obtuse. A journalist such as yourself values your words at more than 1p per year. > - > ALAN BURKITT-GRAY, Editor, Government Computing > The independent magazine about information age public service, > for the people who are going to make it happen > NEXT ISSUE: July-August 1999, due early July > Published monthly by Kable Ltd > The Courtyard, 55 Charterhouse Street, London EC1M 6HA, UK > tel (direct) 020 7608 8403, (switchboard) 020 7608 0900; fax 020 7608 8420 > website http://www.kable.co.uk (includes advance features information) > e-mail alan@kable.co.uk > > Where's Kable? Look at > http://www.streetmap.co.uk/streetmap.dll?grid2map?X=531650&Y=181750&arrow=Y From jei@zor.hut.fi Sun, 20 Jun 1999 20:38:40 +0300 (EEST) Date: Sun, 20 Jun 1999 20:38:40 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: Could Open Source Software Help Prevent Sabotage? (fwd) http://linuxtoday.com/stories/6876.html Could Open Source Software Help Prevent Sabotage? Jun 18th, 11:07:50 [ The opinions expressed by authors on Linux Today are their own. They speak only for themselves and not for Linux Today. ] -lt ed Linux Today reader Miko Wakabayashi has been doing a little thinking about an article she just read: This may not be directly releated to LINUX, but.... it underscores a point about software. Imagine a Chinese agent working at Microsoft. How difficult do you think it would be to insert a little "backdoor" into a Windows .dll file or somewhere else? With the Government jumping into NT left and right, a secret backdoor or even an "easter egg" that shuts the system down on command could cripple our entire defense network, law enforcement and just about anything else. How much easier it would be to fight a war against an enemy whose computers are all crashed beyond repair? They used to worry that the Soviets would detonate a nuclear device in the atmosphere causing an EMP spike to cripple our computer networks. If a spy inserted as little as 5 lines of code into every Windows system in the country, a signal could be broadcast over the internet to simultaneously crash every NT server and workstation with an internet connection. Firewall be damned, it is NT based as well. With the dozens of "accidental" security holes in NT, how hard would it be to create one intentionally, and a trusted programmer in Redmond could do this easily and hide it fairly effectively. In my opinion, articles like this as well as the Eeye announcement, absolutely requires that we insist the Government adopt Open Source software. That way the agencies can control their own systems and it would be impossible to hide security holes and backdoors. Plus if one is uncovered, it can be fixed right away. This is a scary article[1] and can be used to promote the adoption of Linux in any enterprise. Daniel Oran wrote a novel "Ulterior Motive" about "MegaSoft" inserting secret code into their operating system that enabled them to spy on people. Now we know Microsoft can do this and has already admitted to doing this. Can you imagine the implications of a spy having total access to the CIA, NSA, FBI, IRS, the Pentagon and every other agency? Think about it, then write your congressperson. [1] http://www.worldnetdaily.com/bluesky_dougherty/19990618_xnjdo_missile_fa.shtml From matthew-l@itconsult.co.uk Sun, 20 Jun 1999 19:23 +0000 (GMT) Date: Sun, 20 Jun 1999 19:23 +0000 (GMT) From: Matthew Richardson matthew-l@itconsult.co.uk Subject: PIU report and human rights: e-commerce Bill -----BEGIN PGP SIGNED MESSAGE----- > If i understand the agreement correctly, in exchange for access to > virgin.net, the user gives up copyright to everything they transmit over > virgin.net. Whilst the discussion thus far has related to the potential outrageousness of this with respect to web pages, the question of email has not been mentioned. An ISP seeking to claim copyright over someone's private email would seem to present a significant number of issues! I have tried searching for the text of the offending terms and conditions, but have failed to locate them. Does anyone have a URL? Best wishes, Matthew -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAgUBN20wowKwLwcHEv69AQEVfwP+M2AB0+BtOtbkBrFAAIg2aZR3La57v958 OD69Hphr8FHJwnWqeZRafAuds7CORhn2fXrmoYV+fTxv7hcy02oPTHUiF/77dLVZ dVm9PePw/k3nLyzt7sv8LQXVEWr+0RwWj/3u2aO0SPtXbhYza7vKAo4mwpl/q5km raXqv5c58i0= =K3rn -----END PGP SIGNATURE----- From cme@acm.org Sun, 20 Jun 1999 14:43:22 -0700 Date: Sun, 20 Jun 1999 14:43:22 -0700 From: Carl Ellison cme@acm.org Subject: Public Keys and the Web Page. Nicholas Bohm wrote: [snip] > This may argue for a longlife signature key which verifies a succession of > shortlife confidentiality keys. The signature key (or rather its > fingerprint) could appear in the owner's corporate literature, letterhead, > business cards, trade directories, etc, etc, providing a multiplicity of > channels too hard to spoof at any tolerable cost. > > This makes revocation difficult, like changing a telephone number. But it > may be that making revocation difficult is less of a problem than letting > machines rely on the the certificate revocation lists of a PKI, which may > themselves be vulnerable to sophisticated corruptions. A long lifetime key can be made that doesn't need to be revoked, with enough care. This reduces the probability of having to go to that step to something very tolerable -- expensive if/when it happens -- but so rare that the expected expense is tiny. Making the special system that keeps and uses the long-life key is a job yet to be done, but we know how to do that. - Carl -- Carl M. Ellison cme@alum.mit.edu http://www.pobox.com/~cme PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 ``Officer, officer, arrest that man! He's whistling a dirty song.'' [Jean Ellison] From David.Goodenough@dga.co.uk Sun, 20 Jun 1999 22:15:53 +0100 Date: Sun, 20 Jun 1999 22:15:53 +0100 From: David.Goodenough@dga.co.uk David.Goodenough@dga.co.uk Subject: Public Keys and the Web Page. As to your first point, there is more to eCommerce than Credit Card details. There are also all of the problems associated with personal data to mention but one. I think you have hit upon one of the fundamental problems, and that is the separation between encryption and signatures. Most modern browsers commit the cardinal sin of using the same key for both functions, and this is a real problem. The browser manufacturers need to be persuaded of the error of their ways. Revocation is also not the only solution to the problem of the currency of keys. This is I believe one of the big errors in the last consultation round, as it assumed this was the only option in town and required a certificate to have the relevant components to enable revocation and that the infrastructure provided revocation. Once you have a good signature infrastructure in place, then the passing of public keys for encryption, which can change as often as you like, becomes a trivial problem. It is also, as you rightly point out, very important that the signatures have a long shelf life. Nicholas Bohm on 20-06-99 04:27:54 PM Please respond to ukcrypto@maillist.ox.ac.uk To: ukcrypto@maillist.ox.ac.uk cc: (bcc: David Goodenough/DGA/GB) Subject: Re: Public Keys and the Web Page. At 01:27 PM 6/20/1999 +0100, David.Goodenough@dga.co.uk wrote: >The problem that this does not address is the one asked on this list some >months ago, which was that I can be confident that my credit card details >are only visible in two places , assuming I have a nice strong 128 bit SSL >pipe, i.e. here and the other end: The question is, where is the other >end? To put it another way, if it goes wrong, who do I sue. In the case of credit cards, sue the card issuer. That's what the banking system is there for, and trying to invent a PKI to replace it is liable to be wasteful. >This mechanism provides little checking that the organisation at the other >end is who they say they are and that they are an identifiable legal >entitiy that you could sue. This problem is actually worse if the key >changes frequently, as you do not even have the reasurance that it is the >same one as last time, it would provide a perfect cover for the interloper >as the key would be expected to change. This may argue for a longlife signature key which verifies a succession of shortlife confidentiality keys. The signature key (or rather its fingerprint) could appear in the owner's corporate literature, letterhead, business cards, trade directories, etc, etc, providing a multiplicity of channels too hard to spoof at any tolerable cost. This makes revocation difficult, like changing a telephone number. But it may be that making revocation difficult is less of a problem than letting machines rely on the the certificate revocation lists of a PKI, which may themselves be vulnerable to sophisticated corruptions. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From David.Goodenough@dga.co.uk Sun, 20 Jun 1999 22:06:55 +0100 Date: Sun, 20 Jun 1999 22:06:55 +0100 From: David.Goodenough@dga.co.uk David.Goodenough@dga.co.uk Subject: Public Keys and the Web Page. But how would they know, what would they do if they found out, and where would it leave those who had been duped? "Brian Gladman" on 20-06-99 01:55:59 PM Please respond to ukcrypto@maillist.ox.ac.uk To: ukcrypto@maillist.ox.ac.uk cc: (bcc: David Goodenough/DGA/GB) Subject: Re: Public Keys and the Web Page. From: To: Sent: 20 June 1999 13:27 PM Subject: Re: Public Keys and the Web Page. > The problem that this does not address is the one asked on this list some > months ago, which was that I can be confident that my credit card details > are only visible in two places , assuming I have a nice strong 128 bit SSL > pipe, i.e. here and the other end: The question is, where is the other > end? To put it another way, if it goes wrong, who do I sue. > > This mechanism provides little checking that the organisation at the other > end is who they say they are and that they are an identifiable legal > entitiy that you could sue. This problem is actually worse if the key > changes frequently, as you do not even have the reasurance that it is the > same one as last time, it would provide a perfect cover for the interloper > as the key would be expected to change. This is why I said that this approach relies on the (alleged) owner of the page being vigilant. As you say they not only have to be sure that their page is not being changed, they also have to ensure that someone else is not pretending to be them. However, despite these weaknesses I do think that the idea has merits. Brian From lists@notatla.demon.co.uk Mon, 21 Jun 1999 08:06:02 +0100 Date: Mon, 21 Jun 1999 08:06:02 +0100 From: lists@notatla.demon.co.uk lists@notatla.demon.co.uk Subject: PIU report and human rights: e-commerce Bill matthew-l@itconsult.co.uk (Matthew Richardson): > An ISP seeking to claim copyright over someone's private email would > seem to present a significant number of issues! > I have tried searching for the text of the offending terms and > conditions, but have failed to locate them. Does anyone have a URL? No, but you can see this on www.ibm.com.... IBM does not want to receive confidential or proprietary information from you through our Web site. Please note that any information or material sent to IBM will be deemed NOT to be confidential. By sending IBM any information or material, you grant IBM an unrestricted, irrevocable license to use, reproduce, display, perform, modify, transmit and distribute those materials or information, and you also agree that IBM is free to use any ideas, concepts, know-how or techniques that you send us for any purpose. .... I dislike the 'irrevocable' in the above paragraph, given the revoke-for-no-reason provision of the postfix licence. From gladman@seven77.demon.co.uk Mon, 21 Jun 1999 08:33:37 +0100 Date: Mon, 21 Jun 1999 08:33:37 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Public Keys and the Web Page. From: To: Sent: 20 June 1999 22:06 PM Subject: Re: Public Keys and the Web Page. > But how would they know, what would they do if they found out, and where > would it leave those who had been duped? > This would depend on many things. If they were being careful they might want to use other channels to check the validity of the claims on the web page. They might want to check with others who may have used it, ..... The problem of trusting the web page is not different in principle to trusting an advert in a paper. Many paper ads are not checked by the publisher and in this sense they mirror the problems of web pages. If a lot depended on the web page/key it would not be sensible to use it without further checking but this also applies to other ways of obtianing keys as well. And if they had been duped, whether or not they had recourse would depend on many considerations. If they used the key in a financial transaction and paid by credit card they would go back to the card company. If the web page or the key it contains had been signed by someone offering insurance, the terms of this insurance might give them cover. The latter is a sort of CA but I would put the emphasis on the signing company as an INSURANCE company and not as a key signing company (where CA concept puts it). I would be the last to suggest that keys on web pages is the ultimate solution to the key distribution problem but this approach has merits sitting alongside other mechanisms. There is not going to be a single approach here - we are going to live in a world with a rich variety of approaches to key distribution: 1. personal key exchange 2. paper and web page publication 3. keys that are signed by an insurance entity 4. keys that are signed by a trusted entity The government would have us believe that 3 and 4 offer the only way of doing this - both government and EU efforts concentrate on these and largely ignore the first two possibilities. In practice there will be many sitautions where method 1 will work and will offer less risk than any of the other methods. Brian From gladman@seven77.demon.co.uk Mon, 21 Jun 1999 09:21:41 +0100 Date: Mon, 21 Jun 1999 09:21:41 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Public Keys and the Web Page. From: Ben Laurie To: Sent: 20 June 1999 14:23 PM Subject: Re: Public Keys and the Web Page. > George Foot wrote: > > > > A Solution for Problems of Public Key Distribution. > > [snip] > Hmm. And this is what directories are for. And they have the advantage > you only have to secure a few directories instead of every fathead's > webpages. On the one hand we have security critical information on millions of web pages while on the other this resides in a few directories. This is the central debate in the distributed information systems security field - is it better to centralise or to distribute security critical information? In practice which approach is better depends on the threat model and here it is certainly not true that the directory solution will always be better. Securing a few directories may be easier than securing a million web pages but centralisation of the information makes an attack more profitable and this allows a concentration of attacking resource as well. The other interesting phenomenon here is that there are millions of web pages available but (as far as we know) only a very small number that have been subverted. The amazing thing about the internet is that despite the fact that it is wide open to abuse, such abuse appears to be very limited in practice. > Perhaps I'm missing something, but I don't see how the proposed solution > differs from any other key distribution mechanism in terms of > complexity, and it seems to rely rather heavily on human intervention, > which is usually the best way to ensure that it is done incorrectly on a > regular basis. I don't think the human issue is one to be easily dismissed. The whole problem with applications of public key cryptography in such areas as digital signatures is that we are taking something that humans can see and understand - a written signature - and replacing it with a lot of technology that is completely obscure from their point of view. The very fact that an individual sees a web page and decides that they are going to trust the key it contains is a good thing in human terms and and, rightly or wrongly, many will feel a lot more comfortable with this than with having to depend on an infrastructure that, historically at least, governments have been seeking to subvert for purposes that are not seen by the public as being in their interests. Brian From I.G.Batten@ftel.co.uk Mon, 21 Jun 1999 09:41:47 +0100 (BST) Date: Mon, 21 Jun 1999 09:41:47 +0100 (BST) From: Ian G Batten I.G.Batten@ftel.co.uk Subject: Public Keys and the Web Page. This is a multi-part message in MIME format... ------------=_929954498-23966-0 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Md5: QNR1foLcQ+9HnUTHaR+Njg== In article <000801bebb1c$3f2f5ea0$966adec2@FortyTwo>, Brian Gladman wrote: > This is why I said that this approach relies on the (alleged) owner of the > page being vigilant. As you say they not only have to be sure that their Difficult, though, in these days of transparent proxying. If I subvert the infrastructure of an ISP which enforces caching via a transparent proxy, as I believe Freeserve do, I could serve false keys to all the users of that ISP. Given a correctly implemented man in the middle attack, this could be quite lucrative. The owner of the page wouldn't see the change unless they too happened to access it via the subverted proxy, and it might be possible to hand out the original, legitimate key in response to queries that come from the legitimate owner. ian ------------=_929954498-23966-0 Content-Type: application/pgp-signature Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Description: PGP Information -----BEGIN PGP MESSAGE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: jP8pNL7HLGi6WcgJ8Pw9CIQE7qMWn5Y6 iQB1AwUBN236wsoy0yij3IvtAQExoQMAr4x9zLxLMEu6lMyh6VsfGfu03JuJSl66 dAWt94GMctcsOmJ38hancGhW8GfZigXQ4LTqzOQfmuv5y3NLna3mUnN0fYj9/NHA 7A32IN0lWrogjhQARy0TSO4JMogLMuPQ =BXWU -----END PGP MESSAGE----- ------------=_929954498-23966-0-- From nbohm@ernest.net Mon, 21 Jun 1999 09:46:28 +0100 Date: Mon, 21 Jun 1999 09:46:28 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: PIU report and human rights: e-commerce Bill At 08:06 AM 6/21/1999 +0100, lists@notatla.demon.co.uk wrote: >matthew-l@itconsult.co.uk (Matthew Richardson): > >> An ISP seeking to claim copyright over someone's private email would >> seem to present a significant number of issues! > >> I have tried searching for the text of the offending terms and >> conditions, but have failed to locate them. Does anyone have a URL? > > >No, but you can see this on www.ibm.com.... > > IBM does not want to receive confidential or proprietary information > from you through our Web site. Please note that any information or > material sent to IBM will be deemed NOT to be confidential. By sending > IBM any information or material, you grant IBM an unrestricted, > irrevocable license to use, reproduce, display, perform, modify, > transmit and distribute those materials or information, and you also > agree that IBM is free to use any ideas, concepts, know-how or > techniques that you send us for any purpose. .... > >I dislike the 'irrevocable' in the above paragraph, given the >revoke-for-no-reason provision of the postfix licence. It is at least much more reasonable than the alleged virgin.net terms. It is aimed at solving a well-known problem (which long predates the Web), which is that many companies involved in product research and development receive unsolicited suggestions for product improvements from people who subsequently claim their ideas have been stolen. The text above is just a Web-adapted version of existing ways of trying to avoid getting lumbered with unwanted legal consequences of unsolicited confidential disclosure of copyright material. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From nicko@ncipher.com Mon, 21 Jun 1999 11:16:45 +0100 Date: Mon, 21 Jun 1999 11:16:45 +0100 From: Nicko van Someren nicko@ncipher.com Subject: Public Keys and the Web Page. George Foot wrote: > A good assurance of the correctness and the authenticity of > a Public Key is provided if that Public Key appears > regularly on the Web Page of a company over a lengthy period > during which it is constantly subject to public scrutiny. Last August Ross Anderson gave a Rump Session talk at Crypto'98 on why this is a bad idea. If you post an unauthenticated public key to your web site then if you are not very careful I, the evil cracker, can subvert the Net so that you see the key you posted but everyone else sees a subverted key. Under a number of algorithms it is possible to make a second public key which allows the decryption of messages by both the intended recipient and the creator of the second key. The fact that the key is not certified means that the message sender can not tell if the key has been changed. > Consider also these situations: > > (a) It is a delusion that a Private Key can be securely held > for a long period, perhaps years, under busy commercial > conditions in the face of carelessness and malice within the > company and subtle intrusion from without. There is a fair amount of evidence to the contrary. A system built with both good key management technology and good personnel management policy should be as hard to subvert as any other part of the business. A billion people drink the (public) Coca Cola but very few know the (private) list of ingredients. > (B) It is impossible to revoke a compromised Public Key > thoroughly and promptly and to erase it from every database > world-wide in which it may have been stored. But it is > simple to announce the invalidity of a Public Key on a Web > Page. Again this is a matter of policy and practice. Rather than trying to remove keys from databases you can use protocols like OCSP to get a recent statement of validity. On the other hand expecting people to trust recent changes to your web site seems to push against the very foundations of the mechanism you have been proposing, i.e. your key has safety in the numbers of hits. > (C) A company may desire to change its Private Key > frequently -- perhaps every day -- as a security precaution. > A contentious practice perhaps but experience may support > it: Impractical ? Not if the "Key-of-the-Day" appears on > the Web Page but entirely impossible otherwise. You started your post by telling us that we should implicitly trust a key on your web site because if it been there for a while and left unchanged then you must be happy with the key that we are all seeing. Now you say that you want to change it every day, so there is no historical weight to your key any more. You could have a long term signature verification key on your web site and change (and sign) the encryption key daily but of course this is just a form of certification. We don't seem to be gaining anything here. Nicko From Pete.Chown@skygate.co.uk Mon, 21 Jun 1999 11:44:01 +0100 Date: Mon, 21 Jun 1999 11:44:01 +0100 From: Pete Chown Pete.Chown@skygate.co.uk Subject: Public Keys and the Web Page. George Foot wrote: > (a) It is a delusion that a Private Key can be securely held > for a long period, perhaps years, under busy commercial > conditions in the face of carelessness and malice within the > company and subtle intrusion from without. If you keep the key in a tamper resistant hardware unit you are probably a bit better off. At least then either the key is safe or the hardware device has disappeared. You can't have the situation where the key has been copied without your knowledge. (Of course you can still have the situation where a single message has been signed without your knowledge.) I think the idea of distributing *signed* keys from a website is a good one. But for unsigned keys there are just too many unknowns. If you end up using a false key, you will never know who was responsible. At least if a CA signed the false key you know that they are responsible. ----------------------------------------------------------------------- Pete Chown, email pc@skygate.co.uk, phone +44 (0) 181 680 8393, fax +44 (0) 181 688 8013, mobile +44 (0) 468 765 645, post 58 Foss Avenue, Croydon, CR0 4EU, England From chl@clw.cs.man.ac.uk Mon, 21 Jun 1999 10:40:59 +0100 Date: Mon, 21 Jun 1999 10:40:59 +0100 From: Charles Lindsey chl@clw.cs.man.ac.uk Subject: Public Keys and the Web Page. On Sat, 19 Jun 1999 11:25:04 +0100 George Foot said... > > A Web Page is likely to provide at the minimum the telephone > number, the Fax number and the E-Mail address of the company > sponsoring the Web Page: This is already comprehensive > information for commercial purposes. > > Where better than the Web Page to include the company's > Public Key and to arrange that an encrypted message can be > sent to the company via the medium of the Web Page while the > Web Page is still visible ? Surprisingly, I looked for a top-level public key (or at least a fingerprint) on www.thawte.com and did not find one (also, their top-level PGP signing key is poorly attested in the usual PGP key sites). But another suggestion I have heard is that organisations could include their public keys (or at least fingerprints thereto) in text records within their DNS entries. Could people comment on how secure this would be? Certainly it would enable extremely rapid propagation of revocations. Charles H. Lindsey ---------At Home, doing my own thing------------------------ Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From gladman@seven77.demon.co.uk Mon, 21 Jun 1999 11:53:26 +0100 Date: Mon, 21 Jun 1999 11:53:26 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Public Keys and the Web Page. Ian G Batten wrote in message news:199906210841.JAA23983@europa.ftel.co.uk... >In article <000801bebb1c$3f2f5ea0$966adec2@FortyTwo>, >Brian Gladman wrote: >> This is why I said that this approach relies on the (alleged) owner of the >> page being vigilant. As you say they not only have to be sure that their >Difficult, though, in these days of transparent proxying. If I subvert >the infrastructure of an ISP which enforces caching via a transparent >proxy, as I believe Freeserve do, I could serve false keys to all the >users of that ISP. Given a correctly implemented man in the middle >attack, this could be quite lucrative. The owner of the page wouldn't >see the change unless they too happened to access it via the subverted >proxy, and it might be possible to hand out the original, legitimate key >in response to queries that come from the legitimate owner. You are right, much is being trusted in the assumption that a web page belongs to who it seems to. I guess that we should be surprised at how well the link works in practice for 99.9.....% of web pages. Taking a key off a web page is not very safe in princple but it does seem, at the moment at least, pretty safe in practice. Safe, that is, in the sense that, of all the keys that now exist on all web pages, only a minute proportion of them have been subverted. This raises the question of whether we need to do something to improve an infrastructure that is wide open to abuse but one in which there appears to be very little abuse in practice (at the moment). Authentication of hosts, especially those that can impact on the security, privacy or safety of internet users, does seem a step worth taking. But I am not much interested in 'CA style' authentication of keys as such - what I would be interested is in keys signed by an agency who said: "we will guarantee financial transactions up to £xxxx made using the site authenticated with this key signed by us" Although some will argue that this is exactly what a CA does, my empahsis is on the 'insurance' first, with the key signing process simply being a way of delivering this to end users. In contrast the whole discussion of digital signatures and CAs has been focussed on the key signing process with the semantic intent involved in signing taking a very secondary role. This is 'putting the cart before the horse' and it is hence not surprising to find that we are still talking about digital signatures rather than putting them into practice. Brian From gladman@seven77.demon.co.uk Mon, 21 Jun 1999 12:09:19 +0100 Date: Mon, 21 Jun 1999 12:09:19 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: PIU report and human rights: e-commerce Bill From: Nicholas Bohm To: Sent: 21 June 1999 9:46 AM Subject: Re: PIU report and human rights: e-commerce Bill > At 08:06 AM 6/21/1999 +0100, lists@notatla.demon.co.uk wrote: > >matthew-l@itconsult.co.uk (Matthew Richardson): > At 08:06 AM 6/21/1999 +0100, lists@notatla.demon.co.uk wrote: > >matthew-l@itconsult.co.uk (Matthew Richardson): > > > >> An ISP seeking to claim copyright over someone's private email would > >> seem to present a significant number of issues! > > > >> I have tried searching for the text of the offending terms and > >> conditions, but have failed to locate them. Does anyone have a URL? > > > > > >No, but you can see this on www.ibm.com.... > > > > IBM does not want to receive confidential or proprietary information > > from you through our Web site. Please note that any information or > > material sent to IBM will be deemed NOT to be confidential. By sending > > IBM any information or material, you grant IBM an unrestricted, > > irrevocable license to use, reproduce, display, perform, modify, > > transmit and distribute those materials or information, and you also > > agree that IBM is free to use any ideas, concepts, know-how or > > techniques that you send us for any purpose. .... > > > >I dislike the 'irrevocable' in the above paragraph, given the > >revoke-for-no-reason provision of the postfix licence. > > It is at least much more reasonable than the alleged virgin.net terms. > Still not acceptable though. For an ISP to claim free use of anything that they happen to display to the world when acting on behalf of a customer is scandalous. It is quite common to see web pages offering software for which commercial use involves a license and a fee. The above terms would allow IBM to use this code for free. Not an ISP I would want to do business with! Brian From ben@algroup.co.uk Mon, 21 Jun 1999 12:45:17 +0100 Date: Mon, 21 Jun 1999 12:45:17 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Public Keys and the Web Page. Charles Lindsey wrote: > > On Sat, 19 Jun 1999 11:25:04 +0100 > George Foot said... > > > > > A Web Page is likely to provide at the minimum the telephone > > number, the Fax number and the E-Mail address of the company > > sponsoring the Web Page: This is already comprehensive > > information for commercial purposes. > > > > Where better than the Web Page to include the company's > > Public Key and to arrange that an encrypted message can be > > sent to the company via the medium of the Web Page while the > > Web Page is still visible ? > > Surprisingly, I looked for a top-level public key (or at least a > fingerprint) on www.thawte.com and did not find one (also, their > top-level PGP signing key is poorly attested in the usual PGP key > sites). http://www.thawte.com/certs/trustmap.html (took me about 10 seconds to find). > But another suggestion I have heard is that organisations could include > their public keys (or at least fingerprints thereto) in text records > within their DNS entries. Could people comment on how secure this > would be? Certainly it would enable extremely rapid propagation of > revocations. DNS is not currently hugely secure, though that is being worked on. However, propagation of revocations is not really the problem, IMO - what is needed is standards for accessing them, and for applications to actually use them (which is also being worked on). Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From I.G.Batten@ftel.co.uk Mon, 21 Jun 1999 13:26:41 +0100 (BST) Date: Mon, 21 Jun 1999 13:26:41 +0100 (BST) From: Ian G Batten I.G.Batten@ftel.co.uk Subject: Public Keys and the Web Page. This is a multi-part message in MIME format... ------------=_929967995-26989-0 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Md5: sTlpdNWIlVQYl+tIVwryyQ== You write: > You are right, much is being trusted in the assumption that a web page > belongs to who it seems to. I guess that we should be surprised at how w= ell > the link works in practice for 99.9.....% of web pages. That's because there's so little at stake. Were there to be financial mileage in the subversion of a web page, we'd see the problem rather more. Recall the bloke that redirected one of the registries a while ago? Sure, the DNS is more secure than it was, but plenty of people are still running old servers. All those tricks with additional information still work, to an extent. > at the moment at least, pretty safe in practice. Safe, that is, in the > sense that, of all the keys that now exist on all web pages, only a minute > proportion of them have been subverted. Safe, that is, in the sense that, of all the keys that now exist on all web pages, only a minute proportion of them have the slightest financial value. ian > ------------=_929967995-26989-0 Content-Type: application/pgp-signature Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Description: PGP Information -----BEGIN PGP MESSAGE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: WVWlDL80Fg8O/K/I84AIiNJneSQNnXuz iQB1AwUBN24ve8oy0yij3IvtAQGqkwMA0He20nIDRxNH8GINrqFTc36knrYOCLmw kuhjrKiNu8jdV+RJ5ddnuHb2YWeH6d3+ymdbdSFqaxq5vBan1+Mx9z5vplfGGPF1 3QFEhDZr+vugZlaLWZfA52EklO2i8upQ =SvN9 -----END PGP MESSAGE----- ------------=_929967995-26989-0-- From Ross.Anderson@cl.cam.ac.uk Mon, 21 Jun 1999 14:14:56 +0100 Date: Mon, 21 Jun 1999 14:14:56 +0100 From: Ross Anderson Ross.Anderson@cl.cam.ac.uk Subject: Public Keys and the Web Page. > Surprisingly, I looked for a top-level public key (or at least a > fingerprint) on www.thawte.com and did not find one (also, their > top-level PGP signing key is poorly attested in the usual PGP key > sites). Look at the Global Internet Trust Register - Thawte have an A on that. They also have an A in the previous, 1998, edition (which is available online free). More at http://www.cl.cam.ac.uk/Research/Security/Trust-Register/index.html Ross From nbohm@ernest.net Mon, 21 Jun 1999 15:41:44 +0100 Date: Mon, 21 Jun 1999 15:41:44 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: PIU report and human rights: e-commerce Bill At 12:09 PM 6/21/1999 +0100, Brian Gladman wrote: > >From: Nicholas Bohm >To: >Sent: 21 June 1999 9:46 AM >Subject: Re: PIU report and human rights: e-commerce Bill >> At 08:06 AM 6/21/1999 +0100, lists@notatla.demon.co.uk wrote: >> >matthew-l@itconsult.co.uk (Matthew Richardson): >> At 08:06 AM 6/21/1999 +0100, lists@notatla.demon.co.uk wrote: >> >matthew-l@itconsult.co.uk (Matthew Richardson): >> > >> >> An ISP seeking to claim copyright over someone's private email would >> >> seem to present a significant number of issues! >> > >> >> I have tried searching for the text of the offending terms and >> >> conditions, but have failed to locate them. Does anyone have a URL? >> > >> > >> >No, but you can see this on www.ibm.com.... >> > >> > IBM does not want to receive confidential or proprietary information >> > from you through our Web site. Please note that any information or >> > material sent to IBM will be deemed NOT to be confidential. By sending >> > IBM any information or material, you grant IBM an unrestricted, >> > irrevocable license to use, reproduce, display, perform, modify, >> > transmit and distribute those materials or information, and you also >> > agree that IBM is free to use any ideas, concepts, know-how or >> > techniques that you send us for any purpose. .... >> > >> >I dislike the 'irrevocable' in the above paragraph, given the >> >revoke-for-no-reason provision of the postfix licence. >> >> It is at least much more reasonable than the alleged virgin.net terms. >> > >Still not acceptable though. For an ISP to claim free use of anything that >they happen to display to the world when acting on behalf of a customer is >scandalous. It is quite common to see web pages offering software for which >commercial use involves a license and a fee. The above terms would allow IBM >to use this code for free. Not an ISP I would want to do business with! I don't think these are IBM's terms for acting as an ISP (if they were, I would agree with you). I think they are what IBM are saying to those who communicate with them in response to an IBM web page. In that context their terms make better sense. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From pgut001@cs.auckland.ac.nz Tue, 22 Jun 1999 02:51:53 (NZST) Date: Tue, 22 Jun 1999 02:51:53 (NZST) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: PIU report and human rights: e-commerce Bill >No, but you can see this on www.ibm.com.... > > IBM does not want to receive confidential or proprietary information > from you through our Web site. Please note that any information or > material sent to IBM will be deemed NOT to be confidential. By sending > IBM any information or material, you grant IBM an unrestricted, > irrevocable license to use, reproduce, display, perform, modify, > transmit and distribute those materials or information, and you also > agree that IBM is free to use any ideas, concepts, know-how or > techniques that you send us for any purpose. .... This is just the standard CYA legal disclaimer which IBM have been using for decades. All it's saying is "Don't send us anything confidential without signing an agreement to cover it first". The only change is that they used to give it to you as molecules rather than electrons. Peter. From pgut001@cs.auckland.ac.nz Tue, 22 Jun 1999 02:53:07 (NZST) Date: Tue, 22 Jun 1999 02:53:07 (NZST) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: Public Keys and the Web Page. "Brian Gladman" writes: >Ben Laurie > >>George Foot wrote: >>> >>> A Solution for Problems of Public Key Distribution. >>> >[snip] > >>Hmm. And this is what directories are for. And they have the advantage >>you only have to secure a few directories instead of every fathead's >>webpages. >On the one hand we have security critical information on millions of web >pages while on the other this resides in a few directories. This is the >central debate in the distributed information systems security field - is it >better to centralise or to distribute security critical information? I think you're taking the wrong approach to this. On the one had we have millions of web pages while on the other we have very little information stored in a few nonexistant directories. The debate isn't "is it better to centralise or to distribute security critical information", it's "is it better to distribute keys via web pages or to wait another decade or two in the hope that some sort of directory system will eventually appear". I'll go with the one which works (do you even know where to *find* a directory which has X.509 certs in it, let alone know how to get (say) my cert from such a beast?). Peter. From david@swarb.demon.co.uk Mon, 21 Jun 1999 15:15:59 +0100 Date: Mon, 21 Jun 1999 15:15:59 +0100 From: David Swarbrick david@swarb.demon.co.uk Subject: PIU report and human rights: e-commerce Bill In message <71C96B3A586ED2119DC3204C4F4F502005EB47@SERVER>, Alan Burkitt-Gray writes > >There are a few cases where the law requires paper between private >parties, > >and would need legislation (and some administrative adaptations) to >accept > >electronic documents. Those I can think of are: > > > >Contracts dealing with interests in land > ... > etc > > > >There are no doubt many requirements for official forms, returns, >etc, etc, > >to be on paper, which also need adaptation. There is a real job of >work > >here and, as the Select Committee observed, the DTI hasn't buckled >down to it. > David Swarbrick writes... > > A recent and live discussion has been about the practice of >Virgin.net. > Their T&Cs suggest that they acquire the copyright in all materials > transmitted through their systems. They do seem to seek to enforce >this > condition! > > >I'm only a journalist, but Virgin.net's now a free site and therefore the >user pays no money (or anything else) to Virgin for the use of web space. >Hence, I would have thought, there is no contract and Virgin could not >enforce acquisition of copyright in any case. >Or am I missing something? I think we all are - including Virgin. It does appear hat hey try to assert copyright control. Someone complained in uk.legal hat he had been asked for ten pounds for leave to set his former virgin site up elsewhere. -- David Swarbrick, Solicitor, West Yorkshire Web: http://www.swarb.co.uk/ david@swarb.freeuk.com Tel: +44(0)1484 722531 Home of the law-index (9500+ case digests). IT and IP Law and contracts. The Law Society regulates us in the conduct of investment business From gladman@seven77.demon.co.uk Mon, 21 Jun 1999 16:45:05 +0100 Date: Mon, 21 Jun 1999 16:45:05 +0100 From: Brian Gladman gladman@seven77.demon.co.uk Subject: Public Keys and the Web Page. From: Peter Gutmann To: Sent: 22 June 1999 2:53 AM Subject: Re: Public Keys and the Web Page. > "Brian Gladman" writes: > > >Ben Laurie > > > >>George Foot wrote: > >>> > >>> A Solution for Problems of Public Key Distribution. > >>> > >[snip] > > > >>Hmm. And this is what directories are for. And they have the advantage > >>you only have to secure a few directories instead of every fathead's > >>webpages. > > >On the one hand we have security critical information on millions of web > >pages while on the other this resides in a few directories. This is the > >central debate in the distributed information systems security field - is it > >better to centralise or to distribute security critical information? > > I think you're taking the wrong approach to this. On the one had we have > millions of web pages while on the other we have very little information > stored in a few nonexistant directories. The debate isn't "is it better to > centralise or to distribute security critical information", it's "is it > better to distribute keys via web pages or to wait another decade or two in > the hope that some sort of directory system will eventually appear". I'll > go with the one which works (do you even know where to *find* a directory > which has X.509 certs in it, let alone know how to get (say) my cert from > such a beast?). > > Peter. > The issue of the balance of advantage in distribution or centralisation still stands but I would agree that if there are no directories anyway it becomes a purely academic point. I havn't followed this theme much but there do seem to be a lot of PGP key servers around. Possibly too many since I cannot get rid of a dud key from them. Brian From ben@algroup.co.uk Mon, 21 Jun 1999 17:08:05 +0100 Date: Mon, 21 Jun 1999 17:08:05 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Public Keys and the Web Page. Peter Gutmann wrote: > > "Brian Gladman" writes: > > >Ben Laurie > > > >>George Foot wrote: > >>> > >>> A Solution for Problems of Public Key Distribution. > >>> > >[snip] > > > >>Hmm. And this is what directories are for. And they have the advantage > >>you only have to secure a few directories instead of every fathead's > >>webpages. > > >On the one hand we have security critical information on millions of web > >pages while on the other this resides in a few directories. This is the > >central debate in the distributed information systems security field - is it > >better to centralise or to distribute security critical information? > > I think you're taking the wrong approach to this. On the one had we have > millions of web pages while on the other we have very little information > stored in a few nonexistant directories. The debate isn't "is it better to > centralise or to distribute security critical information", it's "is it > better to distribute keys via web pages or to wait another decade or two in > the hope that some sort of directory system will eventually appear". I'll > go with the one which works (do you even know where to *find* a directory > which has X.509 certs in it, let alone know how to get (say) my cert from > such a beast?). I quite agree that distributing keys by any convenient methods (and webpages certainly rank high - though if SSL is involved, the protocol does it for you) instead of waiting for directories is a good idea. Especially since the whole X500 directory scheme is wrongheaded and no less doomed than it always has been. However, the issue really is whether one can trust keys obtained in such a way, which is where CAs and CRLs come in. Webpages and other ad hoc key distribution methods are no substitute for those at all. And that's where centralised directories come in (for the CRLs). Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From Ian_Miller@scientia.com Mon, 21 Jun 1999 18:15:34 +0100 Date: Mon, 21 Jun 1999 18:15:34 +0100 From: Ian Miller Ian_Miller@scientia.com Subject: PIU report and human rights: e-commerce Bill David Swarbrick wrote: >It does appear hat hey try to >assert copyright control. Someone complained in uk.legal hat he had been >asked for ten pounds for leave to set his former virgin site up >elsewhere. The relevant T&Cs are at http://www.virgin.net/vnet/subscriber/terms/virginnet.htm which states:- "All information and material submitted to and accepted by Virgin Net via the Service or that you publish on any public area via the Service shall be deemed and remain the property of Virgin Net. Virgin Net shall be free to use, edit, copy, republish and distribute (for any purpose) any such information and material and any ideas, concepts, know-how or techniques contained in such information or materials. Virgin Net shall not be subject to any obligations of confidence regarding such information or materials except as required by law." However there is nothing, that I can see, in T&Cs that requires that the subscriber only post material that they own the copyright of. It may be quite legal to post someone else's material. (e.g. For anything released under the GPL there is general permission to copy.) I fail to see how the subscriber can assign Virgin a third party's copyright. Do Virgin imagine that if one of their subscribers mirrors another web-site they are suddenly copyright holder of the material? Ian Ian From nbohm@ernest.net Mon, 21 Jun 1999 18:55:09 +0100 Date: Mon, 21 Jun 1999 18:55:09 +0100 From: Nicholas Bohm nbohm@ernest.net Subject: PIU report and human rights: e-commerce Bill At 06:15 PM 6/21/1999 +0100, Ian Miller wrote: >David Swarbrick wrote: >>It does appear hat hey try to >>assert copyright control. Someone complained in uk.legal hat he had been >>asked for ten pounds for leave to set his former virgin site up >>elsewhere. > >The relevant T&Cs are at >http://www.virgin.net/vnet/subscriber/terms/virginnet.htm which states:- >"All information and material submitted to and accepted by Virgin Net via >the Service or that you publish on any public area via the Service shall be >deemed and remain the property of Virgin Net. Virgin Net shall be free to >use, edit, copy, republish and distribute (for any purpose) any such >information and material and any ideas, concepts, know-how or techniques >contained in such information or materials. Virgin Net shall not be subject >to any obligations of confidence regarding such information or materials >except as required by law." > >However there is nothing, that I can see, in T&Cs that requires that the >subscriber only post material that they own the copyright of. It may be >quite legal to post someone else's material. (e.g. For anything released >under the GPL there is general permission to copy.) I fail to see how the >subscriber can assign Virgin a third party's copyright. Do Virgin imagine >that if one of their subscribers mirrors another web-site they are suddenly >copyright holder of the material? In my view this does not assign existing or future copyright. It is not expressed as an assignment or as an agreement to assign, and does not mention copyright. A provision that "information and material shall be deemed the property of Virgin Net" is not an assignment. At most it precludes the subscriber from objecting to what Virgin Net does with the information or material. And on the principle that doubtful terms are interpreted against the interests of the party who proposes them (or construed contra proferentem, in the jargon), any attempt to extend the terms from their obvious purpose of liberating Virgin Net from contstraints to the wider purpose of imposing restraints on the subscriber would be bound to fail. Any attempt to charge a subscriber for republishing a web page is misconceived, and not a little arrogant. Even if Virgin Net in some (obscure) sense owns the page in its possession, there is nothing to give it ownership of the copy in the subscriber's possession. In the end I doubt if it would be regarded as going further than the IBM text so elegantly construed by Peter Gutman. Regards, Nicholas Bohm Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 01279 870215 (+44 1279 870215) Mobile 0860 636749 (+44 860 636749) PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint: 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07 PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From pgut001@cs.auckland.ac.nz Tue, 22 Jun 1999 05:59:55 (NZST) Date: Tue, 22 Jun 1999 05:59:55 (NZST) From: Peter Gutmann pgut001@cs.auckland.ac.nz Subject: Public Keys and the Web Page. Ben Laurie writes: >However, the issue really is whether one can trust keys obtained in such a >way, which is where CAs and CRLs come in. Webpages and other ad hoc key >distribution methods are no substitute for those at all. I don't really see what the difference between a certificate snarfed off an untrusted web page and one read from an untrusted directory is, in both cases you're going to need some sort of extra verification (either via a CA or some out-of-band means), the only real difference is that web pages and software to access them are practically universal, while directories and software to access them are practically nonexistant. >And that's where centralised directories come in (for the CRLs). Although this is really a signal for the thread to turn into a CRL debate :-), you don't really need a centralised directory for CRL's, there are many possible alternatives such as suicide certs (requiring a CA to revoke a key on your behalf doesn't make much sense, it's *your* key and not the CA's). Short-duration certs (1 day/1 week/1 month), and all the other ideas which were presented in a whole batch of papers at FC'98 are other possibilities. Even making the assumption that CRL's are the way to handle cert revocations, having them in a centralised directory is probably a bad idea - one of the many failings of the CRL model of revocation is that by halting delivery of the CRL, you break the security of the system. smurf the directory where the CRL's are stored and your entire PKI falls apart. Peter. From lists@notatla.demon.co.uk Mon, 21 Jun 1999 19:41:04 +0100 Date: Mon, 21 Jun 1999 19:41:04 +0100 From: lists@notatla.demon.co.uk lists@notatla.demon.co.uk Subject: No subject Nicholas Bohm is right: > I don't think these are IBM's terms for acting as an ISP (if they were, I > would agree with you). I think they are what IBM are saying to those who > communicate with them in response to an IBM web page. In that context > their terms make better sense. The terms I quoted were for information provided to IBM, not for anything they observed while acting as an ISP. From prunesquallor@proproco.co.uk Mon, 21 Jun 1999 20:04:15 +0100 Date: Mon, 21 Jun 1999 20:04:15 +0100 From: John R T Brazier prunesquallor@proproco.co.uk Subject: PIU report and human rights: e-commerce Bill At 06:15 PM 6/21/1999 +0100, Ian Miller wrote: >David Swarbrick wrote: >>It does appear hat hey try to >>assert copyright control. Someone complained in uk.legal hat he had been >>asked for ten pounds for leave to set his former virgin site up >>elsewhere. > >The relevant T&Cs are at >http://www.virgin.net/vnet/subscriber/terms/virginnet.htm which states:- >"All information and material submitted to and accepted by Virgin Net via >the Service or that you publish on any public area via the Service shall be >deemed and remain the property of Virgin Net. Virgin Net shall be free to >use, edit, copy, republish and distribute (for any purpose) any such >information and material and any ideas, concepts, know-how or techniques >contained in such information or materials. Virgin Net shall not be subject >to any obligations of confidence regarding such information or materials >except as required by law." > >However there is nothing, that I can see, in T&Cs that requires that the >subscriber only post material that they own the copyright of. It may be >quite legal to post someone else's material. (e.g. For anything released >under the GPL there is general permission to copy.) I fail to see how the >subscriber can assign Virgin a third party's copyright. Do Virgin imagine >that if one of their subscribers mirrors another web-site they are suddenly >copyright holder of the material? In my view this does not assign existing or future copyright. It is not expressed as an assignment or as an agreement to assign, and does not mention copyright. A provision that "information and material shall be deemed the property of Virgin Net" is not an assignment. At most it precludes the subscriber from objecting to what Virgin Net does with the information or material. And on the principle that doubtful terms are interpreted against the interests of the party who proposes them (or construed contra proferentem, in the jargon), any attempt to extend the terms from their obvious purpose of liberating Virgin Net from contstraints to the wider purpose of imposing restraints on the subscriber would be bound to fail. Any attempt to charge a subscriber for republishing a web page is misconceived, and not a little arrogant. Even if Virgin Net in some (obscure) sense owns the page in its possession, there is nothing to give it ownership of the copy in the subscriber's possession. In the end I doubt if it would be regarded as going further than the IBM text so elegantly construed by Peter Gutman. Regards, Nicholas Bohm On the other hand, has Virgin now in some way become responsible for everything that appears on their Service, as they have now laid a claim to ownership of it? This could have unforeseen consequences from their point of view! Regards, John B From ben@algroup.co.uk Mon, 21 Jun 1999 20:39:00 +0100 Date: Mon, 21 Jun 1999 20:39:00 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Public Keys and the Web Page. Peter Gutmann wrote: > > Ben Laurie writes: > > >However, the issue really is whether one can trust keys obtained in such a > >way, which is where CAs and CRLs come in. Webpages and other ad hoc key > >distribution methods are no substitute for those at all. > > I don't really see what the difference between a certificate snarfed off an > untrusted web page and one read from an untrusted directory is, in both > cases you're going to need some sort of extra verification (either via a CA > or some out-of-band means), the only real difference is that web pages and > software to access them are practically universal, while directories and > software to access them are practically nonexistant. I think we're in agreement here, so I'm not going to argue. > >And that's where centralised directories come in (for the CRLs). > > Although this is really a signal for the thread to turn into a CRL debate :-), > you don't really need a centralised directory for CRL's, there are many > possible alternatives such as suicide certs (requiring a CA to revoke a key > on your behalf doesn't make much sense, it's *your* key and not the CA's). The problem is that unless I know where to go to find the suicide cert, it's err, difficult to find, and that's the joy of CRLs. > Short-duration certs (1 day/1 week/1 month), and all the other ideas which > were presented in a whole batch of papers at FC'98 are other possibilities. Yep. Short-duration certs+CAs is currently economically unviable, though (not because it really is, but because CAs are doing some heavy milking). > Even making the assumption that CRL's are the way to handle cert revocations, > having them in a centralised directory is probably a bad idea - one of the > many failings of the CRL model of revocation is that by halting delivery of > the CRL, you break the security of the system. smurf the directory where the > CRL's are stored and your entire PKI falls apart. Hmm. That argument applies to _any_ revocation method for a particular cert. Of course, this is a strong argument for short-lived certs, but see above. Anyone for a not-for-profit CA? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From whgiii@openpgp.net Mon, 21 Jun 1999 15:31:06 -0500 Date: Mon, 21 Jun 1999 15:31:06 -0500 From: William H. Geiger III whgiii@openpgp.net Subject: Public Keys and the Web Page. In <376E94D4.98FA0F60@algroup.co.uk>, on 06/21/99 at 08:39 PM, Ben Laurie said: >> Even making the assumption that CRL's are the way to handle cert revocations, >> having them in a centralised directory is probably a bad idea - one of the >> many failings of the CRL model of revocation is that by halting delivery of >> the CRL, you break the security of the system. smurf the directory where the >> CRL's are stored and your entire PKI falls apart. >Hmm. That argument applies to _any_ revocation method for a particular >cert. Of course, this is a strong argument for short-lived certs, but see >above. Well the real problem here is "off-line" verification and the false assumption that if I don't have a CRL then the cert is valid. All certs should be presumed invalid until proven otherwise (ie: confirmation from the issuing CA that the cert is valid). A real world model for this is CC transactions. All CC transactions are first verified & approved by the CC company before they are accepted. -- --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii Hi Jeff!! :) --------------------------------------------------------------- From ben@algroup.co.uk Mon, 21 Jun 1999 21:47:24 +0100 Date: Mon, 21 Jun 1999 21:47:24 +0100 From: Ben Laurie ben@algroup.co.uk Subject: Public Keys and the Web Page. William H. Geiger III wrote: > > In <376E94D4.98FA0F60@algroup.co.uk>, on 06/21/99 > at 08:39 PM, Ben Laurie said: > > >> Even making the assumption that CRL's are the way to handle cert revocations, > >> having them in a centralised directory is probably a bad idea - one of the > >> many failings of the CRL model of revocation is that by halting delivery of > >> the CRL, you break the security of the system. smurf the directory where the > >> CRL's are stored and your entire PKI falls apart. > > >Hmm. That argument applies to _any_ revocation method for a particular > >cert. Of course, this is a strong argument for short-lived certs, but see > >above. > > Well the real problem here is "off-line" verification and the false > assumption that if I don't have a CRL then the cert is valid. All certs > should be presumed invalid until proven otherwise (ie: confirmation from > the issuing CA that the cert is valid). A real world model for this is CC > transactions. All CC transactions are first verified & approved by the CC > company before they are accepted. That's not actually true - I regularly buy stuff without CC verification. However, I agree that a model where you use positive verification rather than CRLs is more secure. It also reduces the attack on validation sites to a DoS instead of a successful prolongation of the life of a revoked cert. The correspondence with CCs is interesting: for low value transactions CRLs are preferred, because they are cheaper. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi From chl@clw.cs.man.ac.uk Mon, 21 Jun 1999 21:47:24 +0100 Date: Mon, 21 Jun 1999 21:47:24 +0100 From: Charles Lindsey chl@clw.cs.man.ac.uk Subject: Public Keys and the Web Page. On Mon, 21 Jun 1999 14:14:56 +0100 Ross Anderson said... > Look at the Global Internet Trust Register - Thawte have an A on that. > They also have an A in the previous, 1998, edition (which is available > online free). > > More at http://www.cl.cam.ac.uk/Research/Security/Trust-Register/index.html All I can find there is a pdf file gtr1998.pdf, which appears to be password protected :-( . Charles H. Lindsey ---------At Home, doing my own thing------------------------ Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From chl@clw.cs.man.ac.uk Mon, 21 Jun 1999 21:51:34 +0100 Date: Mon, 21 Jun 1999 21:51:34 +0100 From: Charles Lindsey chl@clw.cs.man.ac.uk Subject: Public Keys and the Web Page. On Mon, 21 Jun 1999 12:45:17 +0100 Ben Laurie said... > > http://www.thawte.com/certs/trustmap.html (took me about 10 seconds to > find). Unfortunately, that site seems to contain only X509 certificates. Can't find their PGP key there. Charles H. Lindsey ---------At Home, doing my own thing------------------------ Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From whgiii@openpgp.net Mon, 21 Jun 1999 16:26:57 -0500 Date: Mon, 21 Jun 1999 16:26:57 -0500 From: William H. Geiger III whgiii@openpgp.net Subject: Public Keys and the Web Page. In <376EA4DC.4F428988@algroup.co.uk>, on 06/21/99 at 09:47 PM, Ben Laurie said: >That's not actually true - I regularly buy stuff without CC >verification. However, I agree that a model where you use positive >verification rather than CRLs is more secure. It also reduces the attack >on validation sites to a DoS instead of a successful prolongation of the >life of a revoked cert. The correspondence with CCs is interesting: for >low value transactions CRLs are preferred, because they are cheaper. Things must be a little different in the UK. Over here even the smallest of operations will have a card reader that is connected to the phone line for immediate CC approval. Now years back I remember working in a gas station and the CC companies published books with all the invalid/revoked CC #'s (CRLs) in them. It was a rather inefficient method of doing things, and when things got busy the book was never looked at. That system also failed to address the available credit issue, and there was a month lag time between revocation and the number appearing in the book. IMHO once the CA's move out of the niche market of Identity servers the only practical approach is real time interaction between the client and the CA's servers. Using the certs as a payload for dynamic data is just too inefficient. Say TRW wanted to establish a CA for credit ratings. The would sign the key signifying that they had data on the keyholder. Anyone wanting to get at this data would have to contact the TRW CA directly. The short term/long term cert issue becomes mute in this context as the cert is valid as long as there is corresponding data in the CA's data base. This even has application for the Identity CA's. Name changes, address changes, e-mail address changes, ...ect would no longer require the issuing of a new cert. There is also the privacy/security issues that can be addressed. Because the personal data is no longer contained in the cert access to the data can be controled and regulated. CA's could develop standardized forms for vendors to use that customers would digitally sign determining what information would be released and what would not. Once developers can get past the idea of using the cert as a payload for raw data a wealth of opportunities are available. -- --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii Hi Jeff!! :) --------------------------------------------------------------- From rguerra@interlog.com Mon, 21 Jun 1999 17:14:50 -0400 Date: Mon, 21 Jun 1999 17:14:50 -0400 From: Robert Guerra rguerra@interlog.com Subject: Public Keys and the Web Page. ----- Original Message ----- From: Ben Laurie To: Sent: Monday, June 21, 1999 3:39 PM Subject: Re: Public Keys and the Web Page. > > Anyone for a not-for-profit CA? I sure am.. anyone else? If you are in the UK, ..I believe there is non-for profit CA in the UK. The PGP UK academic PCA, is pgp based, and was started in response to the proposed crypto legislation in the UK. Several of the people involved with it are on this list.. I can't remember the URL, however it should be listed in my www page (see signature) -- Robert Guerra WWW Page PGP Keys From jei@zor.hut.fi Tue, 22 Jun 1999 01:10:40 +0300 (EEST) Date: Tue, 22 Jun 1999 01:10:40 +0300 (EEST) From: Jukka E Isosaari jei@zor.hut.fi Subject: [CTRL] Echelon--Rights Violation in the Information Age (fwd) http://www.zolatimes.com/V3.25/pageone.html Laissez Faire City Times ----- Laissez FaireCity Times June 21, 1999 - Volume 3, Issue 25 Editor & Chief: Emile Zola ------------------------------------------------------------------------ Echelon--Rights Violation in the Information Age by Don Lobo Tiggre The spooks call it "signals intelligence", or SIGINT, in spook-speak. Now that the cold war is over, covert agencies around the world are increasingly turning their SIGINT assets, most notably a vast global electronic spy system known as ECHELON, against civilian targets. It=92s enough to give any decent rights-respecting individual nightmares. What is Echelon? It=92s a highly automated computer system for intercepting and sorting through electronic communications for key words, numbers, and phrases. This includes voice telephone calls, faxes, e-mail, and other broadcast and wire-borne signals=97up to two million calls intercepted per hour, according to one source. The system uses "dictionary" computers to search intercepted communications for information specified by member SIGINT agencies and sends copies of flagged messages back to those agencies. This is accomplished by means of satellite tracking and surveillance ground stations, underwater cable monitoring pods, and internet taps, among other means. The U.S. government has yet to admit that "Echelon" even exists, but the evidence has been around for years. The European Parliament's Science and Technology Options Assessment Panel (STOA) accepted a report last month, entitled Interception Capabilities 2000 (a copy of which can be found at http://www.aci.net/kalliste/echelon/ic2000.htm), on the so-called UKUSA SIGINT alliance and the Echelon system. This is just the most official of a rash of expos=E9s that have been published over the last decade, though the UKUSA alliance goes back to World War II and early elements of Echelon itself are said to be 20 or more years old. The UKUSA alliance principals are reported to be the National Security Agency (NSA) in the U.S., the Government Communications Headquarters (GCHQ) in Britain, the Communications Security Establishment (CSE) in Canada, the Defense Signals Directorate (DSD) in Australia, and the Government Communications Security Bureau (GCSB) in New Zealand. The main reason the UKUSA alliance and the Echelon system are getting mainstream press appears to be economic insecurity on the part of members of the European Union. EU countries are concerned, Britain=92s membership in the alliance notwithstanding, that the system is being used to conduct industrial espionage and otherwise thwart their economic interests=97hence their commissioning of the Interception Capabilities 2000 report. Are You a Target? Jim Bronskill of The Ottawa Citizen, quotes from the the Interception Capabilities 2000 report that: "There is wide-ranging evidence indicating that major governments are routinely utilizing communications intelligence to provide commercial advantage to companies and trade." Bronskill goes on to say: "The findings come as no surprise to Fred Stock, who says he was forced out of CSE [Communications Security Establishment] in 1993 after objecting to the agency's new emphasis on economic intelligence and civilian targets. Mr. Stock, who worked in CSE's Communications Centre in Ottawa, recalls incoming message traffic on dealings with Mexico, France, Germany, Japan and South Korea. The intercepted information covered negotiations on the North American Free Trade Agreement, Chinese grain purchases, French arms sales and Canada's boundary dispute with France over the islands of St-Pierre-Miquelon off Newfoundland's south coast. =91To me, we shouldn't have been doing that.=92 Mr. Stock also maintains the agency routinely received intelligence about environmental protest actions mounted by Greenpeace vessels on the high seas. Other former CSE employees have told similar stories of economic and political spying." Now that the word is out, many people are becoming concerned about the implications of Echelon for civil liberties. Particularly of concern to peaceful activist groups are comments like Mr. Stock=92s about the monitoring of Greenpeace. (You may not care for Greenpeace, but your group may be next.) The Interception Capabilities 2000 report casts doubt on the ability of the system to actually monitor the majority of calls worldwide, as it was once feared to be able to do, but says that the system is being used to monitor traffic around the world relating to target governments, organizations, and individuals. Whom do you suppose qualifies for that honor? Who could stop any abuses of such power? Be the answer what it may, the monitoring of calls is being done as a matter of course=97it=92s automated, in fact=97without any court orders for wiretaps and scarcely any other legal constraints. Even the laws preventing agencies such as NSA from spying on American citizens can be circumvented by the international nature of the beast. Wired magazine=92s Niall McKay observes that: "[John] Pike, of the Federation of American Scientists, believes the intelligence agencies operate in a gray area of international law. For example, there is no law prohibiting the NSA from intercepting telecommunications and data traffic in the United Kingdom and no law prohibiting GCHQ from doing the same thing in the United States." What this means is that all the agencies involved can get around restrictions against spying on their own people by having the other agencies in the alliance do it for them. And that=92s assuming that they even care about such restrictions, given how little oversight outfits like the NSA receive. However, apart from a few watchdog groups and privacy advocates, this is not the major concern of the EU officials who are upset about Echelon. McKay also quotes a British Labor Party member of parliament and a committee member of STOA, Glyn Ford, as saying: "I have no objection to these systems monitoring serious criminals and terrorists. But what is missing here is accountability, clear guidelines as to who they can listen to, and in what circumstances these laws apply." Don=92t Rely on the Fools in Congress That may be the extent of the concerns of a bureaucrat, but the concerns of freedom-loving people everywhere should go far deeper. Even if NSA did have serious congressional oversight, I wouldn=92t sleep any better at night; Congress is the same pack of bloated, self-serving fools (except for Ron Paul) that is leading the charge against human rights and toward socialism in the United States. And, of course, the fact that it=92s all being done automatically by machines working in an international legal vacuum just underscores how little regard those operating the system have for the rights of those they monitor. But wait, it gets worse. According to the Interception Capabilities 2000 report, Lotus built in an NSA "help information" trapdoor to its Notes system, as the Swedish government discovered to its embarrassment in 1997. By then, the system was in daily use for confidential mail by Swedish MPs, 15,000 tax agency staff and 400,000 to 500,000 citizens. (section 43) The report goes on to describe a feature called a "workfactor reduction field" that is built into Notes and incorporated into all email sent by non-US users of the system. The feature "broadcasts 24 of the 64 bits of the key used for each communication", and relies on a public key system that can only be read by the NSA. This should come as no surprise to anyone who=92s been following the National ID debacle, or any of the many other attacks against civil liberties by the U.S. government that show with increasing certainty the attitude among those in power toward the rest of the people: they are cattle, to be numbered, cataloged, labeled, monitored, and completely controlled, in all ways possible. Is this an exaggerated fear? Surely the rule of law still applies in the United States and, based on the principle that people are innocent until proven guilty, the state would not so trample on the rights of the people? A Battlefield Report Maybe the fears are valid. Consider the following incident reported by an Internet activist who shall remain anonymous: In late '96 I was the president of a small (and relatively new) flying school in the Pacific Northwest. Things being slow in that business during the winter, I had taken some time off to visit relatives in the Mid-west, and was keeping up with things at the office via email. One day an FAA inspector left a phone message at the school, asking to speak to our head mechanic. Our maintenance officer promptly fired off an email to me when he heard this message, in which he said, roughly (I have unfortunately lost the original): "We got a call from XXX XXXXXX today asking for our chief mechanic. You know what this means=97we can expect a raid from the feds any day now. Maybe we should make some airplanes disappear." To put this message in perspective, its sender and I were friends who had been around aviation a long time, and had done a lot of flying together, both in the hanger and out. In our everyday lingo, a friendly FAA inspector was a "fed", a helpful visit by an FAA inspection team to ensure that our paperwork was all in order was typically refer to as a "raid". The line about making "airplanes disappear" was a joking reference to a defunct flying club that the two of us had once belonged to, where, when they had a problem getting all the paperwork on an aircraft straight, they had been known to remove all reference to the offending aircraft from their clubhouse, and even to fly it elsewhere in preparation for the FAA's friendly inspection. My friend's ISP got its connectivity to the Internet via satellite connection, so to get from his computer to mine his message was beamed to a satellite, came to ground somewhere in California, then probably traveled via land lines to get back to my ISP which was located in Seattle. To check my mail, I was logging into my ISP from the Mid-west via telnet--so this message did a lot of traveling. When I read my friend's message, I sent a reply saying something like: "Do you really think we have any problems? It would probably be a good idea to have an AI [authorized inspector] double-check the logbooks to make sure everything is in order. See if XXXX XXXXXXXX is available to do this." When the predicted raid came, a couple of weeks later, it was rather unusual in character. Typically, an FAA inspection team for a small flying school would consist of two men=97this time half a dozen showed up. And they seemed even more anal and confrontational than usual, going over the logbooks and the aircraft with a fine-toothed comb, demanding to inspect things that they normally didn't bother with, etc. When they finally had to admit, several grueling hours later, that they could find no major violations in our operation, the head of the inspection team walked up to our maintenance officer, pulled a piece of paper from his briefcase, and presented it angrily to my friend, saying: "Well, what is this all about then?" It was a transcript of my email reply to my friend (in which I had quoted his original message in full). The names mentioned of mechanics and FAA inspectors had been replaced with XXXs, as in my reconstruction above. When my friend demanded to know where they had gotten the transcript, the FAA inspector grabbed it back, and refused to talk about it further. At the time this seemed rather incredible, but since the revelations about the ECHELON system started being spread around the Internet, it has become easier to understand. The message had lots of keywords that are sure to be on someone=92s hot list: "raid", "feds", etc. Since then, I've got a lot of friends set up with PGP... Now, it is entirely possible that this encounter with the Federal Aviation Administration and the intercepted e-mail had nothing to do with Echelon. It almost seems unlike the spooks at Fort Meade to share such small-time intel with the FAA, which isn=92t into "serious" business like catching international terrorists. On the other hand, it seems entirely like the U.S. government of late to intercept the private communications of an individual who hadn=92t even been accused of a crime and use such information to try to "catch" him in some kind of wrong-doing. The Fouth Amendment How l