Introduction from moderator: The following message contains more background about the Council of Europe's recommendation regarding cryptography. It comes from a posting to other lists and is reprinted by permission from Ross Anderson. Andy @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ According to an article in `Communications Week International', the 34-nation Council of Europe has agreed to outlaw strong encryption products which do not make keys available to governments. The article, `Euro-Clipper chip scheme proposed', is on the front page of the magazine's issue 151, dated 18th September, which arrived in my mail this morning. It relates that the policy was approved on the 8th September at Strasbourg by the Council, and coincides with an attempt by the European Commission to propose a pan-European encryption standard. The Council - unlike the Commission - has no statutory powers to enforce its recommendations. However, Peter Csonka, the chairman of the committee that drafted the document (and an administrative officer at the Council's division of crime problems) says that `it is rare for countries to reject Council of Europe recommendations'. The proposal would make telecomms operators responsible for decrypting traffic and supplying it to governments when asked. It would also `change national laws to enable judicial authorities to chase hackers across borders'. Opposition to this measure was expressed by Mike Strezbek, VP responsible for European telecomms at JP Morgan, who said that his organisation `will challenge any attempt to limit the power of our network encryption technologies very strongly'. Czonka said that the Council had given consideration to business interests but had tries to strike a balance between privacy and justice. However, `it remains possible that cryptography is available to the public which cannot be deciphered,' his document says. `This might lead to the conclusion to put restrictions on the possession, distribution, or use of cryptography.' Apparently another international organisation, the OECD, has called a conference of its members in December to devise a strategy on encryption. I for one will be making clear to my MP that his stand on this issue will determine how I cast my ballot at the next election. I note that John Major stated in a 1994 parliamentary written reply to David Shaw MP that the government did not intend to legislate on data encryption. I am disppointed that government policy has changed to the point of supporting the Council of Europe, and that this change has sneaked through during the parliamentary recess. Ross Anderson @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Sender: •••@••.••• In a message dated 95-09-23 09:45:24 EDT, you write: The battle escalated on September 18 when a group called the Council of Europe, with representatives from 34 countries, proposed outlawing any form of encryption in which governments do not hold keys. With this post, I will show my ignorance, but humor me, please. Say in the future, most nations outlaw any encryption system which cannot be cracked by government officials. How would they know you are encrypting your communications unless they in fact tried to intercept your communications and were thwarted by the encryption. With the volume of electronic communications being what it is and increasing every day, can anyone tell me the statistics on encryption use? Assume most governments use the key escrow system, what is to prevent individuals from developing encryption techniques which aren't revealed to the governmental agencies? (Besides being illegal. Most highways have a speed limit, but who obeys those laws?) What would the penalties be, and are there any proposals out that mention possible punishment? One final question and y'all can flame away on this newbie net-head wanna-be, What's the big deal on encryption anyway? If you're silly enough to put all you're business' secrets into an e-mail message which as even the "virgin" users of elctronic communications know isn't all that safe from determined prying eyes, then dont you deserve to get burned. If it absolutly positivly has to get there in seconds, wouldn't a fax be easier? There are ways to secure phone lines right? Oh well, I've got BBQ sauce smeared all over me so flame away... Thanks OLmaniac ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by -- Andrew Oram -- •••@••.••• -- Cambridge, Mass., USA Moderator: CYBER-RIGHTS (CPSR) World Wide Web: http://jasper.ora.com/andyo/cyber-rights/cyber-rights.html http://www.cs.virginia.edu/~hwh6k/public/cyber-rights.html FTP: ftp://jasper.ora.com/pub/andyo/cyber-rights You are encouraged to forward and cross-post messages and online materials, pursuant to any contained copyright & redistribution restrictions. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~