[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

An article on forthcoming UK encryption policy

Wollen die Briten jetzt den Franzosen 
nacheifern? Oder will der Geheimdienst 
nur die Nachrichtenstrukturen testen?

FYI

Rigo

>Date: Wed, 11 Feb 1998 19:33:01 GMT0BST
>From: "Yaman Akdeniz" <lawya@lucs-01.novell.leeds.ac.uk>
>Subject: An article on forthcoming UK encryption policy
>To: gilc-plan@privacy.org
>Reply-To: gilc-plan@gilc.org
>
>Date: Wed, 11 Feb 1998 10:14:13 -0500
>From: Matthew Gaylor <freematt@coil.com>
>Subject: Next Week's British Encryption Ban
>
>To: Fax Tony Blair
><remote.printer.prime.minister@8.1.9.0.5.2.9.1.7.1.4.4.tpc.int>,chris@
>rand.demon .co.uk From: Sean Gabb <old.whig@virgin.net> Subject: Free
>Life Commentary - Next Week's British Encryption Ban
>
>
>Free Life Commentary
>Editor:  Sean Gabb
>Issue Number Ten
>Tuesday 10th February 1998, 11:20pm
>
>==========================
>"Over himself, over his own mind and body,
>the individual is sovereign"
>(J.S. Mill, On Liberty, 1859)
>==========================
>
>           Next Week's British Encryption Ban
>                      by Sean Gabb
>
>                        ========
>                Copy Faxed to Tony Blair,
>        as well as Published on the Internet
>                        ========
>
>
>Earlier this evening, I was given confidential information by someone
>close to a British Cabinet Minister.  I am not in the habit of
>speaking to such people, let alone having them leak state secrets to
>me.  But that is what happened.  In publishing what I heard, I am now
>risking a prosecution under the Official Secrets Acts - or, more
>likely, being made to look ridiculous if what I predict does not
>happen.  These risks being accepted, here is the leak.
>
>Next Tuesday, the 17th February 1998, the Department of Trade and
>Industry will announce plans to outlaw the use of strong encryption
>software within the United Kingdom.  We are to be encouraged - and
>ultimately forced - to encrypt our e-mail only in ways that will allow
>the authorities to read it.
>
>My source was vague about the details of the scheme, saying that they
>had not yet been circulated to the full Cabinet.  But I imagine that
>it will be more or less a reprint of the Conservative Government's
>public consultation paper of March 1997.  This came to nothing because
>of the change of Government, and it was even hoped that Labour would
>have a more liberal policy on Internet regulation.  However, Margaret
>Beckett, the Minister now responsible for trade and industrial policy,
>is neither bright nor forceful; and she was early captured by the
>officials who in theory are supposed to do her bidding.  If next
>Tuesday's consultation paper differs at all from the last one, it will
>be only in matters of small detail and presentation.  For this reason,
>it is probably safe to take the last paper as a guide to what we can
>expect.
>
>The Government will propose creating a network of what are called
>Trusted Third Parties, or TTPs.  These are to be organisations
>licensed to provide encryption services to the public - that is,
>software, consultancy and other support.  Because they have been
>licensed by the State, we are to be encouraged to believe that they
>really are trustworthy - that they are not distributing bad encryption
>software, or robbing their clients in other ways.  But just in case we
>decide not to believe any of this, it will be made illegal for any
>unlicensed person to offer encryption services.  Here, it is worth
>quoting from last year's consultation paper:
>
>    The legislation will prohibit an organisation from offering or
>providing encryption services to the UK public without a licence.
>Prohibition will be irrespective of whether a charge is made for such
>services.  The offering of encryption services to the UK public (for
>example via the Internet) by an unlicensed TTP outside of the UK will
>also be prohibited.  For this purpose, it may be necessary to place
>restrictions on the advertising and marketing of such services to the
>public.
>
>Enacted into law, this would make it illegal for me to copy encryption
>software from my hard disk for a friend, and for computer magazines to
>include it on their free cover disks.  It would also allow a strict
>supervision of the material and the links given access to by British
>sites on the World Wide Web.
>
>The paper never clarifies why we need TTPs in the first place, or why
>- their need granted - they can only be trusted if licensed by the
>State. But it does say a lot about law enforcement and national
>security.  Or, to be more accurate, it does say a lot in the usual
>code about the need to fill in any last potholes on the road to a
>British police state.
>
>Starting with the Interception of Communications Act 1985, the British
>State has given itself powers of surveillance that a Third World
>dictator might envy.  It can tap our phones on the word of a Minister.
>It can burgle our homes and leave recording devices behind on the word
>of a senior policeman.  It can trawl through and inspect any records
>on us held by any organisation.  It can do all this without our
>knowledge, and without any effective system of appeal and redress. 
>The relevant laws are careful to describe the permissions for this as
>"warrants". But they really are no more than what in France before the
>Revolution were called Lettres du Cachet - things that our ancestors
>boasted did not and could not exist in the freer air of England.
>
>The spread of personal computers seemed likely at first to extend the
>scope of surveillance still further.  This had until then been limited
>by cost.  For all the theoretical risks, sending letters in sealed
>envelopes through the post has always been reasonably secure:  the
>costs of interception can only be justified in exceptional cases.  For
>the same reason, most private papers are safe.  But the routing of an
>increasing amount of mail through the Internet promised to bring down
>the costs of surveillance to the point where everyone could be
>watched. The storage of records on computers connected to the Internet
>promised to make it possible for the authorities to spy on people by
>remote control.
>
>The problem is the development of strong encryption software like pgp,
>and its growing popularity among millions of ordinary people who,
>though not criminals, have a strong regard for privacy.  It allows us
>to keep our e-mail and private records secret to all but the most
>determined and expensive attacks.  It gives to us the benefits of
>instant communication and mass data storage, but keeps the authorities
>- despite their new powers of surveillance - no better informed than
>in the old days of due process and envelope steaming.
>
>Therefore all the talk of Trusted Third Parties.  The terms of their
>licences will require them to sell encryption software with keys that
>cannot be modified by their clients, and to collect and store copies
>of these keys for handing over to the authorities.  Last year's
>document is full of promises about "strict safeguards" and the like. 
>But the reality is this:
>
>    The legislation will provide that the Secretary of State may issue
>    a
>warrant requiring a TTP to disclose private encryption keys... or a
>body covered by that warrant.
>
>No mention of judicial involvement at the time, or judicial review
>afterwards - just more police state commands.
>
>We can ignore anything the Government parrots next week about law
>enforcement and national security - or, for that matter, child
>pornography and complex fraud.  These really are just code words.  If
>I were a criminal, or a terrorist, or a foreign spy, the last
>encryption software I would use would come from a Trusted Third Party.
> Strong encryption packages are available all over the Internet, or
>can pass from hand to hand on a single floppy disk.  Nor would I worry
>much about laws against the transmission of data encrypted with
>unlicensed software.  There are ways of keeping the authorities from
>even knowing that an Internet message contains encrypted data.
>
>Somewhere, I have an early version of a program called Steganography,
>created by Romana Machado.  This takes an encrypted text and merges it
>into a graphics file.  My version produces a visible degradation of
>picture quality.  Almost certainly, the newer releases have solved
>this problem.  Assuming I had them, and were sufficiently unpatriotic
>- neither applies in my case, let me add - I could e-mail this
>country's battle plans straight off to Saddam Hussain merged invisibly
>into a picture of my dog.  GCHQ would never notice until the Scud
>missiles began landing on Cheltenham.
>
>No - the encryption ban will be aimed at us, the honest public.  We
>are the people who tend to respect the law - or at least to be afraid
>of it enough to comply in most cases.  It is our privacy that is to be
>stripped away.  It is we who are to become like Winston Smith, living
>for every moment when the telescreens are not monitoring our facial
>expressions.
>
>Why this is desired I cannot say.  But we are living though an age of
>withering trust in the common people.  In this country, we are not
>trusted to possess guns for our self-defence - or indeed to carry
>carpet knives locked inside our cars.  We are not trusted to choose
>and administer our own medicines, or to bring up our own children in
>the manner of our choice, or to decide whether or not oxtail soup
>might be bad for us.  Plugging in the telescreens is only a logical
>next step.
>
>Normally, when I write on these issues, I work myself into a frenzy of
>pessimism.  At the moment, though, I feel rather optimistic.  Next
>Tuesday's proposals will cause an uproar.  This will not come from the
>so-called civil liberties groups like Liberty - excepting a few small
>bodies like the Libertarian Alliance, they have all been taken over by
>New Labour apparatchiks who can be trusted to keep their mouths shut.
>It will come from the big business interests.
>
>British Telecom is the third or fourth largest telecommunications
>company in the world.  If operates in more than 40 markets, often
>needing to provide its clients with very secure networks.  In the City
>of London there are more representative offices of foreign banks than
>in the rest of the European Union combined.  These have a taste for
>confidentiality.  There are many other large interests - all paying
>billions in taxes, all likely to be very hostile to any scheme that
>will make them appear less useful to foreign clients.  We have a
>Labour Government that still needs to establish itself in the public
>mind as a party friendly to business.  These facts can surely be
>trusted to ensure the dropping of a scheme that would not merely turn
>the country into a full police state, but also do the greatest damage
>to British business since nationalisation.
>
>Or so I hope.
>==========================
>Free Life Commentary is an independent journal of comment, published
>on the Internet.  To receive regular issues, send e-mail to Sean Gabb
>at old.whig@virgin.net
>
>Issues are archived at
>
>        <http://freespace.virgin.net/old.whig/>
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Yaman Akdeniz <lawya@leeds.ac.uk>
>Cyber-Rights & Cyber-Liberties (UK) at:
>http://www.leeds.ac.uk/law/pgs/yaman/yaman.htm
>
>Read CR&CL (UK) Report, 'Who Watches the Watchmen'
>http://www.leeds.ac.uk/law/pgs/yaman/watchmen.htm
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>