Introduction from moderator: You've all heard of PGP, and most of you know that the many governments are trying in one way or another (the Clipper standard in the U.S.) to undermine it and substitute a form of encryption that the government can crack. The battle escalated on September 18 when a group called the Council of Europe, with representatives from 34 countries, proposed outlawing any form of encryption in which governments do not hold keys. I have to thank Jerome Thorel for this information, as well as for the following posting that fills in some details. I realize that a lot is left unclear, such as who has authority to approve and actually put the Council of Europe's proposal into law. More information would be appreciated. Andy @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Sender: •••@••.••• (Jerome Thorel) (This report was first posted on security-related newsgroups.) Here's some key points of the interview I had a few days ago with an official of the telecom security unit of the EU Commission (DG-13) in Brussels -The European Commission will soon make a proposal concerning the use of encryption, in order to propose an infrastructure for secure communications that would satisfy national industries and governments. -This infrastructure "will probably" consist of "Trust Centres" for encryption key management. "A kind of 'electronic notary service'", he said. - The EU Commission "has no plans to interfere with national encryption laws ... because EU members can keep their sovereignty over "national security" concerns". "These trust centers agencies would only apply at the national and not the european level", the official stressed on. "The requirement would almost certainly be for national licensing [of encryption products]". Deadline? -"You could say that it is hoped to submit the proposal to the Council (of ministers -- possibly telecoms) this autumn." I've just had hot confirmations from a senior official in the French government. In fact, the Commission is working closely with members states to find a solution for this "notary" alternative (this is a so-called SOGIS, Senior officers group for information security, that is meeting regularly, composed of members' states experts and chaired by the Commission). The French official said that the UK and France were the most concerned by this "State security" concerns, while Germany would like to see Brussels working as this "trust center" for eventual pan-european key-escrow standard. "We don't want a US-key escrow system with a trust center (for key management) in Brussels", says the official in Paris. We could say that these guidelines are matching the US ones, since these key management and trust centers would be managed by private as well as public interests. The same idea lies behind the new "key-escrow" system the NIST is trying to negociate (Clipper Chip II would "satisfy government and be acceptable to business and private users"). Looks like the Clipper syndrom has fiercely contaminated Euro circles. Wiretaped-citizens of the world, unite! (Some follow-up) The Council of Europe's 34 ambassadors (representatives) approved, in the name of their government, recommendations about legal wiretaps procedures and the use of encryption technologies. The Council statement was prepared by its Crime Problems division. And the approval came on September 11th. Encryption permits to have email and document transfert secure through computer networks, but could be "a break to law enforcement", Peter Csonka, the Council's head of Crime Problems division told Nature. Csonka said the statement voted in Strasbourg was a whole legal approach towards information technology -- from digital signatures to wiretap procedures. "The fact is, that today a hacker can encrypt a stolen document and the police is in distress (désemparé, or crippled)." Jerome Thorel -------------------------------------- Journaliste / Free-lance reporter Avec l'aide du Carte de presse / ID Presscard: 72052 Conservatoire National 76 r Ph. de Girard F-75018 Paris des Arts et Metiers tel 331-40358010, fax-40370853 <http://web.cnam.fr> ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by -- Andrew Oram -- •••@••.••• -- Cambridge, Mass., USA Moderator: CYBER-RIGHTS (CPSR) World Wide Web: http://jasper.ora.com/andyo/cyber-rights/cyber-rights.html http://www.cs.virginia.edu/~hwh6k/public/cyber-rights.html FTP: ftp://jasper.ora.com/pub/andyo/cyber-rights You are encouraged to forward and cross-post messages and online materials, pursuant to any contained copyright & redistribution restrictions. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~