[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(fwd) TBTF for 3/9/98: Pushy


Forwarded message follows:
On Sun, 8 Mar 1998 17:20:11 -0600, dawson@world.std.com (Keith Dawson)
Am Sun, 8 Mar 1998 17:20:11 -0600 schrieb Keith Dawson:

TBTF for 3/9/98: Pushy

 T a s t y   B i t s   f r o m   t h e   T e c h n o l o g y   F r o n t

 This issue: < http://www.tbtf.com/archive/03-09-98.html >

..Brits fighting to stave off crypto ban

  Mr. Louis Freeh, meet Mr. Jack Straw

    In March of 1997 the then-Tory British government's Department of
    Trade & Industry proposed licensing "trusted third parties" to
    offer encryption services and requiring them to escrow users'
    private keys. The Labor party, then in opposition, decried this
    proposal, and their election manifesto [9] codified their oppo-
    sition. But rumors have been circulating for a month now that the
    current Labor government is about to propose a scheme very like
    the year-old proposal [10].

    On 2/10 Sean Gabb published this leak [11] of government plans to
    announce mandatory domestic key escrow. On 2/19 an official of the
    DTI did give a presentation [12] on policy suggestions for digital
    signatures -- and said that the domestic encryption part of the
    policy had been delayed by the "completely wrong announcements on
    the Internet," by which he apparently meant [11]. Now more than two
    weeks have gone by and no policy paper has been published; rumors
    continue to swirl that the policy, when it is released, will some-
    how link encryption with digital signatures. Microsoft Europe has
    issued a response [13] to this possibility that sets out the is-
    sues very nicely. Meanshile, the proprietors of NTKnow have set
    up a mailing list for fast-breaking British crypto news. To sub-
    scribe, mail majordomo@lists.unfortu.net with message: subscribe
    crypto-announce .

    [9]  http://www.labour.org.uk/views/info%2Dhighway/content.html
    [10] http://www.tbtf.com/archive/02-02-98.html#s07
    [11] http://freespace.virgin.net/old.whig/flc010.htm
    [12] http://www.liberty.org.uk/cacib/legal/crypto/icx2.html
    [13] http://www.liberty.org.uk/cacib/legal/crypto/microsoft.html

..Strict EU privacy rules coming

  Will it become illegal to push a cookie on a European?

    Next October, EU rules go into effect governing the flow of personal
    data across national borders. If EU countries strictly implement
    these rules, they would have to cut off large amounts of corporate
    and personal commerce with countries that don't implement similarly
    strict privacy protections. Outside the EU, only Norway, Iceland,
    Slovenia, New Zealand, and Switzerland have laws governing the use
    of private data by commercial firms. Here is a summary of the dir-
    ective on "Transborder Flows of Personal Data," taken from an art-
    icle [14] covering possible impacts on the US, Canada, Australia,
    and Japan:

      > Among the Directive's requirements are that the member country
      > statutes provide individuals with the right to advance notice
      > of a data collector's intent to collect and use their personal
      > data, the right to access and correct data collected about
      > them, and the right to object to certain data transfers. The
      > Directive further requires that... data collectors process
      > personal data only for specified, explicit, and legitimate
      > purposes; that data collectors maintain the security and con-
      > fidentiality of personal data; and that statutes provide ju-
      > dicial remedies for violations.

    If the directive were applied liberally it could mean that Website
    operators would have to get permission from European users before
    setting a cookie, and would have to disclose the intended uses of
    cookie data and of personal data captured in site registration.
    The more suspect uses of cookies -- by ad sites for example --
    would seem to be banished entirely, as their only intent is col-
    lecting and correlating personal data for purposes of unsolicited

    Articles 25 and 26 [15] are at the center of the problems the dir-
    ective poses for non-EU countries. Article 25 lays out the stric-
    tures and Article 26 gives some conditions under which they might
    be relaxed. No one seems to know [16] how the EU countries will
    implement the privacy directive.

    [14] http://www.info-law.com/eupriv.html
    [15] http://www2.echo.lu/legal/en/dataprot/directiv/chap4.html