 |
About Me | |
|
|
Background | |
|
|
Policy Analysis | |
|
|
Organisations | |
|
|
Cryptography | |
|
|
Technology | |
|
|
Cryptography | |
|
|
Computing | |
|
|
Mathematics | |
|
|
Papers | |
THE DEPARTMENT OF TRADE AND INDUSTRY PRESS RELEASE ENTITLED:
'GOVERNMENT SETS OUT PROPOSALS
FOR ENCRYPTION ON
PUBLIC TELECOMMUNICATIONS NETWORKS'
Has The UK Government Launched HMS Clipper?
The comments provided here are a refinement of those which I first published to the 'talk.politics.crypto' Internet newsgroup on 14th June 1996. The additions and changes are the result of some further thoughts and a number of responses which I received subsequent to my original posting. I gratefully acknowledge the contributions of the people who responded. I emphasise that I am making these comments as a private citizen of the United Kingdom and in no other capacity.
The text of the press release on TTP services in the UK is appended below with my comments interspersed. I have not seen a copy of the paper referred to in the text and it may be that the issues involved are better covered there.
It is important to recognise that this announcement by the UK Government represents a significant and positive shift in policy in that it has recognised, for the first time, that there is a legitimate requirement for the exploitation of cryptography for information protection beyond Government in the UK. In my view this realisation has come far later than it should have done but the delay makes it no less welcome.
What we now have to determine is whether these words, and the thinking which lies behind them, represent a balanced approach which fair minded people in the UK will accept as reasonable or whether the UK Government has secretly designed and now launched HMS Clipper.
GOVERNMENT SETS OUT PROPOSALS FOR ENCRYPTION ON PUBLIC TELECOMMUNICATIONS NETWORKS
To meet the growing demands to safeguard the integrity and confidentiality of information sent electronically over the public telecommunications networks, the Government has today published a paper on the provision of encryption services.
These services cover the digital signature (an electronic equivalent of a hand-written signature) of electronic documents and the protection of the accuracy and the privacy of their contents. In recognition of the need to set the right balance between commercial and personal confidentiality and the continuing ability of the law enforcement agencies to fight serious crime and terrorism, the Government proposes to introduce the licensing of Trusted Third Parties (TTPs) to provide such services.
Licensed TTPs are the way to offer encryption services to the public. Ultimately, it is for organisations or individuals to consider whether or not the benefits of such licensing will outweigh any existing arrangements that they have.
The use of the phrase '...any existing arrangements that they have.' suggests that there may be choice only for those who already have arrangements. Since the press release will have been carefully staffed we have to assume that this phrasing is deliberate and this may mean that the UK Government is contemplating the regulation of the future use of encryption in business and commerce. The phrasing 'any alternative arrangements which they either have or may wish to make in future' would be better. More on this later.
In a written answer to a parliamentary question from Peter Luff MP (Worcester), Science and Technology Minister Ian Taylor said:
"Following the discussion between Departments to which I referred in my replies to the hon Member for Brigg and Cleethorpes of 6 March, Official Report column 229 and 25 March, Official Report column 411, I am today publishing a paper outlining the Government's policy on the provision of encryption services on public networks. Copies of the paper are available in the library of both Houses."
"The Government aims to facilitate the development of electronic commerce on the emerging global information infrastructure. This is of significant importance in maintaining the UK's competitiveness and is a component of the Department's Information Society Initiative. There is a growing demand for encryption services to safeguard the integrity and confidentiality of electronic information transmitted on public telecommunications networks. The Government therefore proposes to make arrangements for licensing Trusted Third Parties (TTPs) who would provide such services. These TTPs would offer digital signature, data integrity and retrieval, key management and other services for which there is a commercial demand. The licensing policy will aim to protect consumers as well as to preserve the ability of the intelligence and law enforcement agencies to fight serious crime and terrorism by establishing procedures for disclosure to them of the encryption keys, under safeguards similar to those which already exist for warranted interception under the Interception of Communications Act."
This is an important sentence in that it limits the use of disclosed keys by intelligence agencies to 'fighting serious crime and terrorism'. I am not familiar with the Interception of Communications Act (which may also contain this limitation) but it will clearly be important to ensure that this sentiment is reflected in any legislation which is developed.
Another issue here is that disclosure of keys, not the protected information, is called for, a requirement which will have major impact on design in order to ensure that the scope of information access provided by such key disclosure does not extend beyond that permitted by the warrant(s) involved.
A third issue is that, some computer data is not similar to that for which warranted interception is designed and is hence not necessarily amenable to analogous safeguards. An example here is that of system management and control data which is protected with cryptography in order to protect the safe operation of the system involved. Disclosure of keys for such applications could put the operation of the systems involved at risk and this in turn could have extremely serious safety implications for some classes of system. The liability issues here are not obvious since the impact of key disclosure leading to system penetration and failure could be extremely serious.
"Officials within my department have held preliminary discussions with industry groups on the concepts set out in the paper. The Government intends to bring forward proposals for legislation following consultation by DTI on detailed policy proposals."
Good, although it is a pity that the views of the UK public at large seem to have played no part in the formulation of this new Government policy even though it is presented as being in their interests
Notes for editors:
1. Encryption is the process of transforming a document or message text into an unintelligible form that can only subsequently be recovered by someone possessing the corresponding decryption key.
2. TTPs are trustworthy commercial organisations that can provide various information security related services to enable transactions to be conducted securely. Typical services are management of cryptographic keys, time stamping of electronic documents and arbitration of repudiation claims regarding the origin, receipt, delivery and submission of electronic documents.
3. Copies of the Paper are available from the DTI Commercial IT Security Unit on 0171 215 1399 or Fax 0171 931 7194.
PAPER ON REGULATORY INTENT CONCERNING USE OF ENCRYPTION ON PUBLIC NETWORKS
Summary
1. The Government recognises the importance of the development of the Global Information Infrastructure (GII) with respect to the continuing competitiveness of UK companies. Its aim is to facilitate the development of electronic commerce by the introduction of measures which recognise the growing demand for encryption services to safeguard the integrity and confidentiality of electronic information transmitted on public telecommunications networks.
2. The policy, which has been decided upon after detailed discussion between Government Departments, involves the licensing and regulation...
Note here that the policy has been decided - that's it folks - we know what is best for you - you know that you can trust us and we certainly don't want you to think for yourselves - good gracious, that's how revolutions start! What did you say, its all about democracy, Governments serving their citizens, achieving open Government, freedom of information and all that? You mean that we should actually seek views before we set our policy?? No, no, we can't possibly do that - if we did that people might disagree with us and we might then find it difficult to have the policy we want - OOPS, I mean the policy that we have decided is best for you. Any other way would be like having hospitals for the benefit of patients, or trains for the benefit of passengers, and we don't want any of that - Government for the people is OK for the United States but its far too crude an idea for the UK!
... of Trusted Third Parties (hereafter called TTPs) which will provide a range of information security services to their clients, whether they are corporate users or individual citizens. The provision of such information security services will be welcomed by IT users, and will considerably facilitate the establishment of, and industry's participation in, the GII, where trust in the security of communication has been acknowledged to be of paramount importance. The licensing policy will aim to preserve the ability of the intelligence and law enforcement agencies to fight serious crime and terrorism by establishing procedures for disclosure to them of encryption keys, under safeguards similar to those which already exist for warranted interception under the Interception of Communications Act.
3. The Government intends to bring forward proposals for legislation following consultation by the Department of Trade and Industry on detailed policy proposals.
Good, but are things really going to change I wonder?
Background
4. The increased use of IT systems by British business and commerce in the last decade has been a major factor in their improved competitive position in global markets. This reliance on IT systems has, however, brought with it increased security risks; especially concerning the integrity and confidentiality of information passed electronically between trading bodies. The use of encryption services on electronic networks can help solve some of these security problems. In particular TTPs will facilitate secure electronic communications either within a particular trading environment (e.g. between a bank and its customers) or between companies, especially smaller ones, that do not necessarily have any previous trading relationship.
The enthusiasm for TTPs in Europe is strong on idealism but weak on any practical understanding of the legal or the technical issues which will be involved in bringing them into existence. Considering just the technical issues, if two people want to exchange secure information, their respective TTPs must reach a bilateral agreement before they can do so and if no such relationship exists they simply cannot communicate securely. Since the number of bilateral arrangements between N parities grows at an N^2 rate, a world with a large number of TTPs will simply not be practical. Thus, for example, with 30 countries each with about 30 TTPs would involve 1000 TTPs in total and of the order of a million individual bilateral arrangements. It is thus evident that the TTP approach does not scale well and will only likely to be effective with a relatively small number of TTPs. (Dorothy Denning has correctly pointed out that this is not an inherent feature of TTPs but rather a feature of a particular system design being studied by the UK Government)
Since it is implied that TTPs will hold keys for their customers, a small number of TTPs will mean that each TTP will hold an enormous number of keys and hence a very large amount of data which is extremely security sensitive. In this situation a TTP could be managing millions of keys; however, it is hard to conceive of a computer and management regime which would be capable of achieving such a task. Anyone who doubts this should read back issues of comp.risks and the work done by Ross Anderson at Cambridge on security in banking.
By and large I trust my bank to manage my money but I would not currently trust them to manage my keys by using computers. There is simply no evidence to suggest that there are any organisations, banks included, which are currently capable of undertaking a task which involves the use of computers to handle such extreme security requirements. Despite the local risks, therefore, I prefer to manage my own keys. In saying this I would be happy to use key recovery techniques to guard against inadvertent key loss and to provide for information disclosure in response to a search warrant.
Small numbers of TTPs will lead to other dangers in that there may be little or no choice of the architecture of the schemes available in the market. The scenario in which the UK Government licences a small number of TTPs could easily lead to a situation where there is effectively no market for alternative ways of achieving security and hence no real choice. In this situation the idea that the scheme is voluntary would be rather hollow. Of course the Government could claim that this is true and in one sense they would be right - you could have TTP based security or none at all.
5. In developing an encryption policy for the information society, we have also considered how the spread and availability of encryption technology will affect the ability of the authorities to continue to fight serious crime and terrorism. In developing policy in this area, the Government has been concerned to balance the commercial requirement for robust encryption services, with the need to protect users and for the intelligence and law enforcement authorities to retain the effectiveness of warranted interception under the Interception of Communications Act (1985).
6. Consideration by Government has also been given to the requirement for business to trade electronically throughout Europe and further afield. The inter-departmental discussions have therefore taken into account draft proposals by the European Commission, concerning information security (which include the promotion of TTPs), and discussions on similar issues taking place within the OECD.
The Government's Proposals
(a) Licensing
7. By their nature, TTPs, whatever services they may provide, will have to be trusted by their clients. Indeed in a global trading environment there will have to be trust of, and between, the various bodies fulfilling this function. To engender such trust, TTPs providing information security services to the general public will be licensed. ...
It is not obvious that licensing will be better than regulation in providing TTPs which can be trusted. It is almost certain, however, that this will result in far fewer TTPs and this will have benefits in reducing diversity but disadvantages in reducing competition and freedom of choice. A careful analysis will be required to determine whether licensing or regulation offers the better approach.
... The licensing regime would seek to ensure that organisations and bodies desiring to be TTPs will be fit for the purpose. The criteria could include fiduciary requirements (eg appropriate liability cover), competence of employees and adherence to quality management standards. TTPs would also be required to release to the authorities the encryption keys of their clients under similar safeguards to those which already exist. We would expect organisations with existing customers, such as banks, network operators and associations (trade or otherwise) to be prime candidates for TTPs.
See earlier comments. In view of:
- the regularly reported difficulties which large organisations have in the design, development and operation of large, software intensive computer based systems;
- the very limited availability of practical and affordable high assurance computer systems products suitable for the implementation of extremely challenging key generation, management and storage tasks;
- the well known failures of banks, and at least one network operator, to effectively maintain the security of their computer based information;
it would be helpful if the Government could set out its reasons for believing that such organisations are capable of undertaking the full range of TTP tasks envisaged for them.
8. The Government will consult with organisations such as financial services companies, who have made existing arrangements for the use and provision of encryption services, with the intention of avoiding any adverse effects on their competitiveness. It is not the intention of the Government to regulate the private use of encryption. It will, however, ensure that organisations and bodies wishing to provide encryption services to the public will be appropriately licensed.
This paragraph contains the seeds of many difficulties since the definition of 'private use' of encryption is very unclear. If a company uses encryption on a single geographic site is this 'private' use? If this is extended to more than one site using some form of communications, would this be 'private' or 'public' use? If several companies agree to use a common encryption approach among themselves is this 'public' or 'private' use? What if an organised group of individuals does this - does this change the answer?
PGP is already in widespread use on the Internet and this could easily be interpreted as 'public' rather than 'private' use. On the other hand PGP is often used to protect the privacy of individuals not involved in business or commerce and this could be interpreted as 'private'.
What will be the status of the many PGP 'key servers' on the Internet if all 'encryption services' are to be licensed? In practice it seems very difficult to distinguish between a TTP offering keys to its clients and a PGP key server doing almost the same thing. Taking the press statement at face value, therefore, it would seem that PGP key servers may be at risk if the Government intends to licence all encryption services. Beyond this, if a person publishes their PGP public key, or signs someone else's PGP key, are they providing an 'encryption service'?
It seems inevitable that the definition of the boundary between 'private' and 'public' encryption services is going to be very difficult to define.
There is also a lack of clarity in the Government's intent in respect of the use of encryption and encryption services as distinct from their provision. Provision and use are intertwined in the press release and need to be separated so that the Government's intentions in respect of each of these are clarified. Much is said about regulating service provision, and the intention not to regulate 'private' use is set out, but the statement is very imprecise in respect of regulation intentions in respect of 'public' use.
This whole area will be one which needs to be monitored with great care during the legislative process. Although the wording throughout the press release is clever, it seems plausible that the Government is considering the possible regulation of the use of encryption in business and commerce.
If this is correct then the Government is seeking to remove the existing freedom which industry, commerce, businesses and private citizens in the UK have to use whatever cryptography they choose in going about their daily lives (except in very limited areas - amateur radio, for example - I do not believe that there are any current restrictions on the use of cryptography in the UK). If this is the intention then this proposal is HMS Clipper, albeit in a well disguised form.
It will thus be essential that this area of the policy is set out with great clarity and precision if existing freedoms in the use of encryption are to be preserved. In particular it will be important to obtain an unequivocal commitment from the UK Government that the use of TTP based encryption services will be voluntary and that no restrictions of any kind will be placed on the design, development, sale or use of cryptographic products and systems within the UK.
(b) Services Offered
9. The services which a TTP may provide for its customers will be a commercial decision. Typically, provision of authentication services may include the verification of a client's public key, time stamping of documents and digital signatures (which secure the integrity of documents). TTPs may also offer a service of key retrieval (typically for documents and files that have been encrypted by employees) in addition to facilitating the real time encryption of a client's communications.
10. Licensed TTPs operating within a common architectural framework, on a European or even a global basis, will be able to facilitate secure communications between potential business partners in different countries. Providing the respective clients trust their TTPs, secure electronic commerce between parties who have not met will become possible because they will have confidence in the security and integrity of their dealings.
The use of the word 'dealings' here in place of 'communications' implies that more than the communications can be trusted - it is close to saying that if a TTP can be trusted then so can its clients. In practice this will not be the case unless there is a very rigorous vetting process before a TTP takes on any client and it is hard to see that this will be economically justified in many cases. In any event, there is a presumption that criminals and terrorists are operating somewhere within the domain of all TTPs so not everyone can be behaving in a completely trustworthy manner.
(c) Architecture and supporting products
11. It is envisaged that a common architectural framework will be needed to support the information security services being offered by TTPs in different countries. Clearly this will be a matter for negotiation between interested parties taking into account developments in international standards organisations. The architecture would need, however, to support both the provision of integrity and confidentiality and therefore be capable of verifying public encryption keys and escrowing private ones. There is no reason why it should not also support a choice of encryption algorithms, such as those on the ISO (International Standards Organisation) register.
12. In support of such an architectural framework we would envisage manufacturers developing software or hardware products for use by the business community. Such products will need to be consistent with whatever standard (or standards) are arrived at to enable TTPs to interoperate. The type of algorithm used for message encryption, and whether it is implemented in hardware or software, will be a matter of business choice.
Not entirely a business choice since I assume that it will not be possible for two or more co-operating TTPs to use an algorithm or an approach which they do not reveal to the Government since any disclosed keys could then be useless (remember that it is keys that the Government is seeking to gain access to, not the protected information).
(d) European Union
13. The Government is working closely with the European Commission on the development of encryption services through their work on information security. Arrangements concerning lawful interception and the regulation of TTPs in that context are matters for Member States to determine. However, the Commission has an important role in facilitating the establishment of an environment where developments in the use of TTPs can be fostered. The Commission should soon be in a position to bring forward a programme of work involving, for example, the piloting and testing of TTP networks.
It would be nice to have a successful TTP pilot before announcing a policy based on TTP principles. It is surely 'putting the cart before the horse' to announce a policy before its feasibility, its affordability or its practicality have been demonstrated.
(e) OECD
14. The Government are also participating in discussions at the OECD on encryption matters. Where possible we will encourage the development of networks of TTPs which facilitate secure electronic trading on a global basis.
(f) Export Controls
15. Export controls will remain in place for encryption products (whether in hardware or software form) and for digital encryption algorithms. However, to facilitate the participation of business and commerce in the information society the Government will take steps, with our EU partners, with a view to simplifying the export controls applicable to encryption products which are of use with licensed TTPs.
This paragraph is not very helpful since current export controls are lacking in clarity and precision and urgently require revision to remove the confusion and uncertainty which this causes. Now that the UK Government is committed to at least some amendments of these controls it will be important to grasp the opportunity which this provides to establish export control laws for cryptographic products which are precisely and clearly defined and which are limited in scope to the essential minimum to meet openly stated Government objectives whilst also being consistent with modern approaches to computer and network systems engineering.
In particular the current export controls on products which contain no cryptography themselves but which have fully and openly defined interfaces which allow the use of external cryptographic modules need to be removed.
Export controls on cryptographic software need to be better defined in order to ensure that they are truly enforceable.
In the United States a distinction is made between the publication of cryptographic algorithms in descriptive text or computer language source code form on paper and the identical descriptions held on magnetic media or transmitted over networks. The reason for the distinction is that US export controls on cryptography are interpreted to cover export on magnetic media and via networks whilst the export of identical information on paper is not subject to any such control.
In the UK the situation seems to be more sensible in that, as far as I can tell, there are no UK export controls on cryptographic algorithm descriptions in either text or source code form, irrespective of the media involved. However it is possible that there are such controls in theory but that no attempt is made to enforce them, a situation that leads to uncertainty in such areas as international co-operation in R&D or product development. It will hence be necessary during the amendment of UK export controls to ensure that the extent of the export controls on cryptographic algorithm descriptions are clear and precise.
The export controls applicable to cryptographic software in binary and executable form also need to be clarified. Given the widespread international availability of encryption algorithms and software on the Internet it makes no sense to continue with laws that are not enforceable and which have no practical effect. Therefore, in continuing with export controls on cryptographic software, the Government will need to demonstrate that such controls:
- are designed to achieve fully and precisely enunciated Government objectives;
- are capable of being enforced in such a way that these objectives can be substantially achieved without significant impact on other freedoms;
- will not be rendered ineffective by activities which are beyond the Government's control or influence.
Any software export controls that do not meet these criteria should be discontinued.
Consultation
16. Officials from the Department of Trade and Industry have already held preliminary discussions with various industry group on the general concepts surrounding the provision of encryption services through TTPs. A more formal consultation on the Government's proposals will be undertaken by the Department of Trade and Industry with all interested parties prior to the bringing forward of legislative proposals. The Government recognises that the successful facilitation of electronic commerce through the introduction of information security services by TTPs either in the UK or in Europe, will, to a significant extent, depend on their widespread use across business. It will therefore be important to secure the broad acceptance of the business community for the Government's proposals. The Department will pay particular attention to this during the consultation process.
This is a valuable commitment which is somewhat at odds with the earlier statement that the policy '... has been decided ...'. It is clear commitment by the Government to introduce an approach only if it has the support of the UK business community. Since any scheme will also have a large impact on all UK citizens, a way needs to be found to ensure that their voice is heard during the consultation process as well. This could be achieved by involving the Chartered Institutions and the Learned Societies. The Government could also do what the United States has done by commissioning an independent academic review of its proposals. These steps would help significantly in ensuring that any policy which emerges commands widespread support throughout the UK.
Conclusion
If this press release represents the start of a public debate in the UK about the complex balances which need to be struck in the use of encryption to secure our National Information Infrastructure (and the GII), then it has my wholehearted support and I congratulate the UK Government on its publication.
If, however, it is the end of a debate, held behind closed doors, and is hence an attempt by the UK Government to impose an encryption solution on the people of the UK in the absence of an informed public debate about the issues involved, then I will do all that I can to frustrate its progress until such a debate has taken place.
The press release leaves me uncertain about which of these scenarios is correct.
I am not a crypto-anarchist, nor am I a crypto-fascist - if anything I would characterise my views as broadly crypto-liberal on the grounds that this is the only practical stance given that cryptographic knowledge and capabilities are now widespread. No-one should make the mistake of reading these comments as indicating that I am opposed to the objectives which the Government is trying to achieve. The issue is not the objectives themselves, since these would be hard to dispute, but rather the extent to which these are achievable and whether the actual gains which are likely in practice will outweigh the disadvantages which will be involved.
Beyond this, however, I am firmly of the view that everyone in the UK has a right to make an input before Government policy is set in all areas where the policy involved will have a profound impact on their well-being, their prosperity and their common interest in peace, security, freedom and justice. The security of our NII (and that of the wider GII) is just such an area where I fear that the UK Government might possibly be attempting to set a policy before any such debate has taken place.
I urge everyone in the UK who reads these comments to approach their Member of Parliament to seek their assurance that no legislative action will be initiated before there has been an adequate public debate of the issues involved.
I urge those of you in (and associated with) the media in the UK to publicise the Government policy statement and to inform the UK public in a balanced way about the issues which need to be considered in arriving at a sensible UK policy stance.
Brian
Gladman, 15th June 1996.