 |
About Me | |
|
|
Background | |
|
|
Policy Analysis | |
|
|
Organisations | |
|
|
Cryptography | |
|
|
Technology | |
|
|
Cryptography | |
|
|
Computing | |
|
|
Mathematics | |
|
|
Papers | |
Results of a Survey of Views on Government Access to Encrypted Information on the United Kingdom National Information Infrastructure
I have recently run a survey of views on government access to information passing across the UK National Information Infrastructure and this page presents an overview of the results so far. In overall terms the response has been disappointing and the figures are based on less than 100 responses. It would be wrong, therefore, to consider these results as an accurate reflection of general views in the UK. Nevertheless they do provide some evidence of what is likely to be acceptable and what is not. The chart below follows the format of the survey and gives percentage results.
| None – no government access allowed. | 10 % did not support any form of Government access |
| Search Warrant – in which judicial authorities approve access to encrypted information via the originators and/or the recipients (who will hence be aware of the action). | 90 % of responses supported search warrant based access |
| Warranted Intercept – in which judicial authorities approve access to encrypted information without the knowledge or consent of originators and/or recipeints (the announced UK government policy). | 30% of resposes supported warranted intercept |
| Unrestricted – access by government without judicial control. | There was no support for unrestricted access |
| No Key Recovery – user organisations generate and manage their own encryption keys without the ability to recover either messages or keys in the event of key loss. No support for government information access. | |
| Voluntary Key Recovery – user organisations generate, manage and archive their own encryption keys whilst providing both for the recovery of lost keys and the ability to respond to search warrants issued against encrypted messages. Support for government information access is voluntary. | 93% of those who responded supported the use of voluntary key recovery approaches |
| Mandatory Key Recovery – user organisations generate, manage and archive their own encryption keys whilst providing both for the recovery of lost keys and the ability to respond to search warrants issued against encrypted messages. Support for government information access is mandatory. | 30% of responses supported mandatory key recovery with user key management |
| Single Party Key Escrow – user organisations generate and manage their own encryption keys but are required to lodge them with an independent, government licenced Third Party to allow warranted interception of encrypted information. | 6% supprted single party key escrow |
| Multiple Party Key Escrow – user organisations generate and manage their own encryption keys but are required to lodge key components with a number of independent, government licenced Third Parties, all of whom have to co-operate in order to provide the keys necessary to allow warranted interception of encrypted information. In answering this assume three Third Parties which are independent, publically accountable bodies operating and reporting under regulations established by Parliament. | 20% supported multiple party key escrow |
| Government Key Management – government sponsored or licenced Third Parties generate and manage encryption keys on behalf of all NII users using a scheme or schemes which are openly specified and subject to public scrutiny. The schemes provide both key recovery for users and also government access via warranted intercept. | 6% supported government sponsored or licenced key management |
| I am a citizen of the United Kingdom | All responses except one were from UK citizens |
These responses suggest that those who argue for the 'search warrant' style of access using voluntary key recovery techniques command significant support. Support for key escrow is low but it would appear that the US did get one aspect of this right in that multiple party escrow is much more acceptable than a single party approach (although support is still low in proportional terms).
Support for the generation and management of keys by third parties as proposed by the UK government appears to be low.
As I said earlier, the number of responses is too low to make these results significant but it does suggest that there is widespread support for Search Warrant access but only minority support for Warranted Intercept. In the latter case support for government sponsored schemes for the mandatory Third Party management of keys appears to be low.