[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
An article on forthcoming UK encryption policy
- To: debate@fitug.de
- Subject: An article on forthcoming UK encryption policy
- From: Rigo Wenning <wenning2@rz.uni-sb.de>
- Date: Thu, 12 Feb 1998 11:34:32 +0100
- Comment: This message comes from the debate mailing list.
- Sender: owner-debate@fitug.de
Wollen die Briten jetzt den Franzosen
nacheifern? Oder will der Geheimdienst
nur die Nachrichtenstrukturen testen?
FYI
Rigo
>Date: Wed, 11 Feb 1998 19:33:01 GMT0BST
>From: "Yaman Akdeniz" <lawya@lucs-01.novell.leeds.ac.uk>
>Subject: An article on forthcoming UK encryption policy
>To: gilc-plan@privacy.org
>Reply-To: gilc-plan@gilc.org
>
>Date: Wed, 11 Feb 1998 10:14:13 -0500
>From: Matthew Gaylor <freematt@coil.com>
>Subject: Next Week's British Encryption Ban
>
>To: Fax Tony Blair
><remote.printer.prime.minister@8.1.9.0.5.2.9.1.7.1.4.4.tpc.int>,chris@
>rand.demon .co.uk From: Sean Gabb <old.whig@virgin.net> Subject: Free
>Life Commentary - Next Week's British Encryption Ban
>
>
>Free Life Commentary
>Editor: Sean Gabb
>Issue Number Ten
>Tuesday 10th February 1998, 11:20pm
>
>==========================
>"Over himself, over his own mind and body,
>the individual is sovereign"
>(J.S. Mill, On Liberty, 1859)
>==========================
>
> Next Week's British Encryption Ban
> by Sean Gabb
>
> ========
> Copy Faxed to Tony Blair,
> as well as Published on the Internet
> ========
>
>
>Earlier this evening, I was given confidential information by someone
>close to a British Cabinet Minister. I am not in the habit of
>speaking to such people, let alone having them leak state secrets to
>me. But that is what happened. In publishing what I heard, I am now
>risking a prosecution under the Official Secrets Acts - or, more
>likely, being made to look ridiculous if what I predict does not
>happen. These risks being accepted, here is the leak.
>
>Next Tuesday, the 17th February 1998, the Department of Trade and
>Industry will announce plans to outlaw the use of strong encryption
>software within the United Kingdom. We are to be encouraged - and
>ultimately forced - to encrypt our e-mail only in ways that will allow
>the authorities to read it.
>
>My source was vague about the details of the scheme, saying that they
>had not yet been circulated to the full Cabinet. But I imagine that
>it will be more or less a reprint of the Conservative Government's
>public consultation paper of March 1997. This came to nothing because
>of the change of Government, and it was even hoped that Labour would
>have a more liberal policy on Internet regulation. However, Margaret
>Beckett, the Minister now responsible for trade and industrial policy,
>is neither bright nor forceful; and she was early captured by the
>officials who in theory are supposed to do her bidding. If next
>Tuesday's consultation paper differs at all from the last one, it will
>be only in matters of small detail and presentation. For this reason,
>it is probably safe to take the last paper as a guide to what we can
>expect.
>
>The Government will propose creating a network of what are called
>Trusted Third Parties, or TTPs. These are to be organisations
>licensed to provide encryption services to the public - that is,
>software, consultancy and other support. Because they have been
>licensed by the State, we are to be encouraged to believe that they
>really are trustworthy - that they are not distributing bad encryption
>software, or robbing their clients in other ways. But just in case we
>decide not to believe any of this, it will be made illegal for any
>unlicensed person to offer encryption services. Here, it is worth
>quoting from last year's consultation paper:
>
> The legislation will prohibit an organisation from offering or
>providing encryption services to the UK public without a licence.
>Prohibition will be irrespective of whether a charge is made for such
>services. The offering of encryption services to the UK public (for
>example via the Internet) by an unlicensed TTP outside of the UK will
>also be prohibited. For this purpose, it may be necessary to place
>restrictions on the advertising and marketing of such services to the
>public.
>
>Enacted into law, this would make it illegal for me to copy encryption
>software from my hard disk for a friend, and for computer magazines to
>include it on their free cover disks. It would also allow a strict
>supervision of the material and the links given access to by British
>sites on the World Wide Web.
>
>The paper never clarifies why we need TTPs in the first place, or why
>- their need granted - they can only be trusted if licensed by the
>State. But it does say a lot about law enforcement and national
>security. Or, to be more accurate, it does say a lot in the usual
>code about the need to fill in any last potholes on the road to a
>British police state.
>
>Starting with the Interception of Communications Act 1985, the British
>State has given itself powers of surveillance that a Third World
>dictator might envy. It can tap our phones on the word of a Minister.
>It can burgle our homes and leave recording devices behind on the word
>of a senior policeman. It can trawl through and inspect any records
>on us held by any organisation. It can do all this without our
>knowledge, and without any effective system of appeal and redress.
>The relevant laws are careful to describe the permissions for this as
>"warrants". But they really are no more than what in France before the
>Revolution were called Lettres du Cachet - things that our ancestors
>boasted did not and could not exist in the freer air of England.
>
>The spread of personal computers seemed likely at first to extend the
>scope of surveillance still further. This had until then been limited
>by cost. For all the theoretical risks, sending letters in sealed
>envelopes through the post has always been reasonably secure: the
>costs of interception can only be justified in exceptional cases. For
>the same reason, most private papers are safe. But the routing of an
>increasing amount of mail through the Internet promised to bring down
>the costs of surveillance to the point where everyone could be
>watched. The storage of records on computers connected to the Internet
>promised to make it possible for the authorities to spy on people by
>remote control.
>
>The problem is the development of strong encryption software like pgp,
>and its growing popularity among millions of ordinary people who,
>though not criminals, have a strong regard for privacy. It allows us
>to keep our e-mail and private records secret to all but the most
>determined and expensive attacks. It gives to us the benefits of
>instant communication and mass data storage, but keeps the authorities
>- despite their new powers of surveillance - no better informed than
>in the old days of due process and envelope steaming.
>
>Therefore all the talk of Trusted Third Parties. The terms of their
>licences will require them to sell encryption software with keys that
>cannot be modified by their clients, and to collect and store copies
>of these keys for handing over to the authorities. Last year's
>document is full of promises about "strict safeguards" and the like.
>But the reality is this:
>
> The legislation will provide that the Secretary of State may issue
> a
>warrant requiring a TTP to disclose private encryption keys... or a
>body covered by that warrant.
>
>No mention of judicial involvement at the time, or judicial review
>afterwards - just more police state commands.
>
>We can ignore anything the Government parrots next week about law
>enforcement and national security - or, for that matter, child
>pornography and complex fraud. These really are just code words. If
>I were a criminal, or a terrorist, or a foreign spy, the last
>encryption software I would use would come from a Trusted Third Party.
> Strong encryption packages are available all over the Internet, or
>can pass from hand to hand on a single floppy disk. Nor would I worry
>much about laws against the transmission of data encrypted with
>unlicensed software. There are ways of keeping the authorities from
>even knowing that an Internet message contains encrypted data.
>
>Somewhere, I have an early version of a program called Steganography,
>created by Romana Machado. This takes an encrypted text and merges it
>into a graphics file. My version produces a visible degradation of
>picture quality. Almost certainly, the newer releases have solved
>this problem. Assuming I had them, and were sufficiently unpatriotic
>- neither applies in my case, let me add - I could e-mail this
>country's battle plans straight off to Saddam Hussain merged invisibly
>into a picture of my dog. GCHQ would never notice until the Scud
>missiles began landing on Cheltenham.
>
>No - the encryption ban will be aimed at us, the honest public. We
>are the people who tend to respect the law - or at least to be afraid
>of it enough to comply in most cases. It is our privacy that is to be
>stripped away. It is we who are to become like Winston Smith, living
>for every moment when the telescreens are not monitoring our facial
>expressions.
>
>Why this is desired I cannot say. But we are living though an age of
>withering trust in the common people. In this country, we are not
>trusted to possess guns for our self-defence - or indeed to carry
>carpet knives locked inside our cars. We are not trusted to choose
>and administer our own medicines, or to bring up our own children in
>the manner of our choice, or to decide whether or not oxtail soup
>might be bad for us. Plugging in the telescreens is only a logical
>next step.
>
>Normally, when I write on these issues, I work myself into a frenzy of
>pessimism. At the moment, though, I feel rather optimistic. Next
>Tuesday's proposals will cause an uproar. This will not come from the
>so-called civil liberties groups like Liberty - excepting a few small
>bodies like the Libertarian Alliance, they have all been taken over by
>New Labour apparatchiks who can be trusted to keep their mouths shut.
>It will come from the big business interests.
>
>British Telecom is the third or fourth largest telecommunications
>company in the world. If operates in more than 40 markets, often
>needing to provide its clients with very secure networks. In the City
>of London there are more representative offices of foreign banks than
>in the rest of the European Union combined. These have a taste for
>confidentiality. There are many other large interests - all paying
>billions in taxes, all likely to be very hostile to any scheme that
>will make them appear less useful to foreign clients. We have a
>Labour Government that still needs to establish itself in the public
>mind as a party friendly to business. These facts can surely be
>trusted to ensure the dropping of a scheme that would not merely turn
>the country into a full police state, but also do the greatest damage
>to British business since nationalisation.
>
>Or so I hope.
>==========================
>Free Life Commentary is an independent journal of comment, published
>on the Internet. To receive regular issues, send e-mail to Sean Gabb
>at old.whig@virgin.net
>
>Issues are archived at
>
> <http://freespace.virgin.net/old.whig/>
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Yaman Akdeniz <lawya@leeds.ac.uk>
>Cyber-Rights & Cyber-Liberties (UK) at:
>http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm
>
>Read CR&CL (UK) Report, 'Who Watches the Watchmen'
>http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>