Article by Duncan Campbell

[Brian Gladman]

A colleague has pointed me to a Telepolis article by Duncan (Campbell) in
which I am quoted. This article is available at:

http://www.heise.de/tp/english/inhalt/te/2945/1.html

Without in any way wanting to detract from Duncan's excellent work in
bringing light to a murky world, I would like to clarify my own position on
one issue that Duncan raises.

The words from me that Duncan quotes are in the following extract:

> But the PIU report also came under attack. Industry experts and
> academics criticised the report for claiming that there had been
> "remarkably little [international] co-ordination of policy on
> encryption matters".
>
> According to former British government cryptographer Brian Gladman,

(this is wrong but I rather like it! - I was an Information Security
specialist in MOD)

> this statement was one of a series of "deliberate and shameful lies in
> a document with a preface signed by the Prime Minister".
>
> I have been so taken aback by this that I have been at a loss about
> how best to react to it - it is hard to know where UK citizens can
> turn when there is such deliberate dishonesty and lack of ethics right
> at the heart of government.
>                                Brian Gladman

The point I was making here - and one which I stand by - is that it is
simply a lie to suggest that there is 'remarkably little [international] of
policy on encryption matters'.  To back this up I gave a number of examples
(I could have given quite a few more) but I made no comment on the
effectiveness or otherwise of the organisations I mentioned.  Duncan goes on
to say:

> Gladman's concerns about the infiltration of the two EU groups were
> confirmed by sources in Brussels. It was believed that a senior GCHQ
> official who had been attached to the Commission for five years was a
> "British spy" whose job had been to impede the development of
> effective cryptographic security in Europe as much as possible.

In fact, for the record, let me say that I have always had confidence in
***all*** the staff at the European Commission, who I believe have worked
hard to move forward with crypto in Europe.  The problem they have had is
that this area of work is controlled by the ***national representatives***
on the Senior Officials Group on Information Security (SOGIS) since
'national security' responsibility has never been delegated to the
Commission.  Although others may have different views, I have nothing but
admiration for some of the efforts made by the staff in the Commission to
break through these barriers.

So the legendary 'zero strength' cryptography that characterises European
R&D is not the fault of the staff in Brussels but rather that of certain
national representatives.  And guess which country has the worst record here
(although I would admit that France has competed pretty effectively for
first place until quite recently).

I would also add that one of the groups I mentioned - the EU Cryptography
Working Group - has, in my limited experience of its operation, been making
a genuine attempt to be 'on the side of the angels'.  Again, however, its
efforts to be crypto-friendly have been frustrated by 'behind the scenes'
intervention by the UK (and, maybe, some other countries as well).  Its
fashionable to blame Brussels for everything but on this particular occasion
this is simply not fair.

Returning to my charge that the UK government is lying to UK citizens on the
extent of international co-ordination of encryption, I have seen only a half
hearted attempt by Nigel to answer the charge by claiming that they meant
'coordination in the round'.  George Foot asked for clarification of this
but, as far as I know, obtained none.  Maybe George obtained this
clarification privately?

    Brian Gladman