Wired: Echelon Furor Ends in a Whimper

George Foot georgefoot at oxted.demon.co.uk
Wed, 11 Jul 2001 22:06:11 +0100 

July 11th. 2001

Some further thoughts:

Facilities to intercept messages of every kind are important weapons of
war for which governments will always make provision and continue to
develop further at large expense to try to secure superiority one over
another.

A form of military alliance is created if such interception facilities are
facilitated by sharing them between a few governments and this co-
operation may be concealed as long as possible.   Various groups of
countries may have different arrangements of this kind but assuredly
each will also have secrets which they are not prepared to disclose one
to the other.

It would be unwise to place any credence on statements made by
governments concerning arrangements of this stealthy character and
in particular any information on overlaps between national and
commercial interests can never be fathomed to the full.

Any release by a government of a cryptosystem intended and
sanctioned for commercial use is suspect inasmuch as suspicions
inevitably arise that the government concerned can break it without too
much trouble.  Thus it may serve its purpose for everyday commercial
use but give rise to endless recriminations (some true, some false) if
there is a leak or appears to be a leak of confidential commercial
information on a particular occasion of importance. 

The most comfortable situation for a commercial enterprise would be to
make use of a cryptosystem devised by itself and revealed to no other
organization.   This independence would be resisted by governments
who would have an exaggerated and paranoiac concern to prevent
such liberties of choice.   Nevertheless freedom to select and use
one's own cryptosystem may come about in practice because of the
immense difficulties in government regulation of encryption which
have been revealed in strenuous discussions on this subject in recent
time.

Would it assist, I ask myself, to use a form of escrow which set out full
details and passwords of a private cryptosystem in a tamper-evident
package which was lodged with a neutral agency and which was only
opened in exceptional circumstances on command of the judiciary itself
when need arose during judicial proceedings.  

I suggest that it might be a condition of the issue of a government
licence for the use of a private cryptosystem that such a tamper-
evident package first be lodged with the neutral agency -- which
agency itself would have no authority to open the package but which
would have the duty to produce the package at any time to show that it
had not been opened.

Of course this procedure would be much less restrictive of the use of
cryptography than governments would like to impose or by nature have
the temperament to permit.    But in these days it is as necessary for
two business men to discuss commercial matters privately when they
are apart as for two diplomats in different countries to conduct
government business in private.

Apologies if the idea outlined above has been discussed previously.

George

In message <006f01c109e4$88d4de90$72289fd4@fortytwo>, Brian
Gladman <brg@gladman.plus.com> writes
 
>End-to-end encryption, as such, does not hide traffic flow information so I
>suspect that collection and storage of encrypted traffic will be
>increasingly selective on the basis of 'who is talking to who' and other
>more subtle distinguishers.
>
>> There are hints in the regulations governing NSA interception that
>> there are other means to identify special data other than its
>> cryptographic attributes. But only generic terms such as "technical"
>> are used for those hints -- that is, when the terms are not censored
>> altogether as cryptographic and TEMPEST terms once were.
>
>When searching for 'needles in haystacks' it pays to use all the help you
>can get.
>
>Paradoxically, as we progressively deploy end-to-end crypto, we force
>information pirates to apply more energy to illicit data acces in end
>systems.  And since data held in the latter is infinitely less protected
>than it is when cryptographically protected in transit, we may not see the
>improvements in information security that we expect from such a deployment.
>
>But, perhaps worse than this, system penetration is an active form of attack
>that poses some really serious safety concerns.  If we find that systems
>penetration is increasingly used, it will not always be obvious before the
>event whether or not 'interfering' with a target system will pose serious
>safety risks.  It is fairly obvious that enemy penetration of defence
>systems could be disastrous but increasingly the same is true of many civil
>systems.
>
>It is hence hardly a surprise that governments are now increasingly
>concerned about civil infrastructure protection but they face a legacy of
>50+ years of government investment in insecurity.  The consequences of the
>continuing inbalance of UK government investment in information expolitation
>and information protection was the primary cause of major disagreements
>between GCHQ and myself in the late 1980s and early 1990s.
>
>    Brian
>
>
>
>

-- 
George Foot
georgefoot@oxted.demon.co.uk
http://www.oxted.demon.co.uk/
http://www.oxted.demon.co.uk/index.html