Re: Euro-move to key-escrow encryption

1995-09-25

Introduction from moderator:

The following message contains more background about the Council of
Europe's recommendation regarding cryptography.  It comes from a
posting to other lists and is reprinted by permission from Ross
Anderson.

Andy

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

According to an article in `Communications Week International', the
34-nation Council of Europe has agreed to outlaw strong encryption
products which do not make keys available to governments.

The article, `Euro-Clipper chip scheme proposed', is on the front page
of the magazine's issue 151, dated 18th September, which arrived in my
mail this morning.

It relates that the policy was approved on the 8th September at
Strasbourg by the Council, and coincides with an attempt by the
European Commission to propose a pan-European encryption standard. The
Council - unlike the Commission - has no statutory powers to enforce
its recommendations. However, Peter Csonka, the chairman of the
committee that drafted the document (and an administrative officer at
the Council's division of crime problems) says that `it is rare for
countries to reject Council of Europe recommendations'.

The proposal would make telecomms operators responsible for decrypting
traffic and supplying it to governments when asked.  It would also
`change national laws to enable judicial authorities to chase hackers
across borders'.

Opposition to this measure was expressed by Mike Strezbek, VP
responsible for European telecomms at JP Morgan, who said that his
organisation `will challenge any attempt to limit the power of our
network encryption technologies very strongly'.

Czonka said that the Council had given consideration to business
interests but had tries to strike a balance between privacy and
justice. However, `it remains possible that cryptography is available
to the public which cannot be deciphered,' his document says. `This
might lead to the conclusion to put restrictions on the possession,
distribution, or use of cryptography.'

Apparently another international organisation, the OECD, has called a
conference of its members in December to devise a strategy on
encryption.

I for one will be making clear to my MP that his stand on this issue
will determine how I cast my ballot at the next election. I note that
John Major stated in a 1994 parliamentary written reply to David Shaw
MP that the government did not intend to legislate on data encryption.
I am disppointed that government policy has changed to the point of
supporting the Council of Europe, and that this change has sneaked
through during the parliamentary recess.

Ross Anderson

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Sender: •••@••.•••

In a message dated 95-09-23 09:45:24 EDT, you write:

The battle escalated on September 18 when a group called the Council
of Europe, with representatives from 34 countries, proposed outlawing
any form of encryption in which governments do not hold keys.



With this post, I will show my ignorance, but humor me, please. Say in the
future, most nations outlaw any encryption system which cannot be cracked by
government officials. How would they know you are encrypting your
communications unless they in fact tried to intercept your communications and
were thwarted by the encryption. With the volume of electronic communications
being what it is and increasing every day, can anyone tell me the statistics
on encryption use? Assume most governments use the key escrow system, what is
to prevent individuals from developing encryption techniques which aren't
revealed to the governmental agencies? (Besides being illegal. Most highways
have a speed limit, but who obeys those laws?) What would the penalties be,
and are there any proposals out that mention possible punishment? One final
question and y'all can flame away on this newbie net-head wanna-be, What's
the big deal on encryption anyway? If you're silly enough to put all you're
business' secrets into an  e-mail message which as even the "virgin" users of
elctronic communications know isn't all that safe from determined prying
eyes, then dont you deserve to get burned. If it absolutly positivly has to
get there in seconds, wouldn't a fax be easier? There are ways to secure
phone lines right? Oh well, I've got BBQ sauce smeared all over me so flame
away...

Thanks
OLmaniac


 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
 Posted by --  Andrew Oram  --  •••@••.••• --  Cambridge, Mass., USA
                 Moderator:  CYBER-RIGHTS (CPSR)

    World Wide Web:
        http://jasper.ora.com/andyo/cyber-rights/cyber-rights.html
        http://www.cs.virginia.edu/~hwh6k/public/cyber-rights.html
    FTP:
        ftp://jasper.ora.com/pub/andyo/cyber-rights

You are encouraged to forward and cross-post messages and online materials,
pursuant to any contained copyright & redistribution restrictions.
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~