Germany Frees Crypto

[Brian Gladman]

Hi Nigel,

>From: Nigel Hickson <nigelhickson@compuserve.com>
>To: <ukcrypto@maillist.ox.ac.uk>
>Sent: 06 June 1999 21:36
>Subject: Re: Germany Frees Crypto
>

>Brian
>
>Just seen; the PIU document was talking about coordination on encryption
>policy; not on export controls.  Why should we lie abou Wassenaar?  We were
>simply trying to make point (something I thought you wd be in favour of)
>that there has been little coordination on broad encryption policies in the
>round.
>
>Nigel Hickson
>

Thank you for your quick reaction to my flame.

The remit given to the PIU was:
* to study the needs of law enforcement agencies and of business;
* to examine the merits of the current encryption policy (and in particular
key escrow, which is explained in chapter 5); and, if necessary,
* to identify proposals that would satisfy both the need to promote
encryption for electronic commerce and the Government's duty to ensure that
public safety is not jeopardised.

Although there is clearly an emphasis on key escrow, it says 'current
encryption policy' and here it is not sensible to omit coverage of export
controls when many of us have been saying for years that these are impeding
the development of e-commerce.  I am also very confident that one of the
arguments used in promoting Wassenaar crypto controls has been law
enforcement requirements so this again shows the relevance of Wassenaar
within the remit of the PIU study.

I hence maintain my surprise that the document makes ***no mention*** of the
crypto export control issue, something that is quite amazing given the study
remit.

In terms of international co-ordination of encryption policy, various arms
of the UK government machine, especially GCHQ, have a long standing set of
international relationships within which policies on encryption are
discussed.  Moreover within Europe, the Senior Officials Group on Informaton
Security and the EU Cryptography Working Group are attended by the UK.  The
UK has been heavily involved in continuing discussions with the US (Aaron et
al) on the topic of encryption controls.  And the GCHQ/NSA axis continues to
discuss in detail the issues involved in trying to limit the spread of
cryptography.  Moreover a number of nations co-operate 'behind the scenes'
in such bodies as ETSI to limit the strength of the encryption technologies
deployed within telecommunications systems.

But despite this extensive international coordination of encryption policy
the PIU document claims that there is "remarkably little international
co-ordination"!  I don't often accuse the government of barefaced lies but
on this occasion there is no other word to describe what the PIU document
has said.

I would certainly support a statement that said "there has been remarkably
little ***open and publicly accountable *** international co-ordination of
encryption polices" and this might be what was meant but this is NOT what
the PIU report says.

Most often I believe that these situations are the result of mistakes rather
than conspiracies but on this occassion I find it ***VERY*** hard to see
this as anything but a deliberate attempt to divert attention from one of
the key issues in the development of e-commerce.

When someone is stamping on your toes (crypto export controls) and beating
you over the head with a sledge hammer (key escrow), it is a relief when
they give up the sledge hammer but it is important not to forget that they
are still stamping on your toes!   Key escrow can be seen as an excellent
way of diverting attention from the export control issue and the PIU study
provides a clear insight into this intention.

Those of us who want these controls removed should not allow our attention
to be diverted in this way.

Perhaps you or David can explain why you consider encryption export controls
to be outside the remit of this PIU study?

      Brian