THE DEPARTMENT OF TRADE AND INDUSTRY
PRESS RELEASE ENTITLED:
'GOVERNMENT SETS OUT PROPOSALS
FOR ENCRYPTION ON
PUBLIC TELECOMMUNICATIONS NETWORKS'
Has The UK Government Launched HMS
The comments provided here are a refinement
of those which I first published to the 'talk.politics.crypto'
Internet newsgroup on 14th June 1996. The additions
and changes are the result of some further thoughts and a number of responses
which I received subsequent to my original posting. I gratefully acknowledge
the contributions of the people who responded. I emphasise that I am making
these comments as a private citizen of the United Kingdom and in no
The text of the press release on TTP
services in the UK is appended below with my comments interspersed. I have
not seen a copy of the paper referred to in the text and it may be that
the issues involved are better covered there.
It is important to recognise that
this announcement by the UK Government represents a significant and positive
shift in policy in that it has recognised, for the first time, that there
is a legitimate requirement for the exploitation of cryptography for information
protection beyond Government in the UK. In my view this realisation has
come far later than it should have done but the delay makes it no less welcome.
What we now have to determine is whether
these words, and the thinking which lies behind them, represent a balanced
approach which fair minded people in the UK will accept as reasonable or
whether the UK Government has secretly designed and now launched HMS Clipper.
GOVERNMENT SETS OUT PROPOSALS FOR
ENCRYPTION ON PUBLIC TELECOMMUNICATIONS NETWORKS
To meet the growing demands to safeguard
the integrity and confidentiality of information sent electronically over
the public telecommunications networks, the Government has today published
a paper on the provision of encryption services.
These services cover the digital signature
(an electronic equivalent of a hand-written signature) of electronic documents
and the protection of the accuracy and the privacy of their contents. In
recognition of the need to set the right balance between commercial and
personal confidentiality and the continuing ability of the law enforcement
agencies to fight serious crime and terrorism, the Government proposes to
introduce the licensing of Trusted Third Parties (TTPs) to provide such
Licensed TTPs are the way to offer
encryption services to the public. Ultimately, it is for organisations or
individuals to consider whether or not the benefits of such licensing will
outweigh any existing arrangements that they have.
The use of the phrase '...any
existing arrangements that they have.' suggests that there may
be choice only for those who already have arrangements. Since the press
release will have been carefully staffed we have to assume that this phrasing
is deliberate and this may mean that the UK Government is
contemplating the regulation of the future use of encryption in business
and commerce. The phrasing 'any alternative arrangements which they either
have or may wish to make in future' would be better. More on this later.
In a written answer to a parliamentary
question from Peter Luff MP (Worcester), Science and Technology Minister
Ian Taylor said:
"Following the discussion between
Departments to which I referred in my replies to the hon Member for Brigg
and Cleethorpes of 6 March, Official Report column 229 and 25 March, Official
Report column 411, I am today publishing a paper outlining the Government's
policy on the provision of encryption services on public networks. Copies
of the paper are available in the library of both Houses."
"The Government aims to facilitate
the development of electronic commerce on the emerging global information
infrastructure. This is of significant importance in maintaining the UK's
competitiveness and is a component of the Department's Information Society
Initiative. There is a growing demand for encryption services to safeguard
the integrity and confidentiality of electronic information transmitted
on public telecommunications networks. The Government therefore proposes
to make arrangements for licensing Trusted Third Parties (TTPs) who would
provide such services. These TTPs would offer digital signature, data integrity
and retrieval, key management and other services for which there is a commercial
demand. The licensing policy will aim to protect consumers as well as to
preserve the ability of the intelligence and law enforcement agencies to
fight serious crime and terrorism by establishing procedures for disclosure
to them of the encryption keys, under safeguards similar to those which
already exist for warranted interception under the Interception of Communications
This is an important sentence in that
it limits the use of disclosed keys by intelligence agencies to 'fighting
serious crime and terrorism'. I am not familiar with the Interception of
Communications Act (which may also contain this limitation) but it will
clearly be important to ensure that this sentiment is reflected in any legislation
which is developed.
Another issue here is that disclosure
of keys, not the protected information, is called for, a requirement which
will have major impact on design in order to ensure that the scope of information
access provided by such key disclosure does not extend beyond that permitted
by the warrant(s) involved.
A third issue is that, some computer
data is not similar to that for which warranted interception is designed
and is hence not necessarily amenable to analogous safeguards. An example
here is that of system management and control data which is protected with
cryptography in order to protect the safe operation of the system involved.
Disclosure of keys for such applications could put the operation of the
systems involved at risk and this in turn could have extremely serious safety
implications for some classes of system. The liability issues here are not
obvious since the impact of key disclosure leading to system penetration
and failure could be extremely serious.
"Officials within my department have
held preliminary discussions with industry groups on the concepts set out
in the paper. The Government intends to bring forward proposals for legislation
following consultation by DTI on detailed policy proposals."
Good, although it is a pity that the
views of the UK public at large seem to have played no part in the formulation
of this new Government policy even though it is presented as being in their
Notes for editors:
1. Encryption is the process of transforming
a document or message text into an unintelligible form that can only subsequently
be recovered by someone possessing the corresponding decryption key.
2. TTPs are trustworthy commercial
organisations that can provide various information security related services
to enable transactions to be conducted securely. Typical services are management
of cryptographic keys, time stamping of electronic documents and arbitration
of repudiation claims regarding the origin, receipt, delivery and submission
of electronic documents.
3. Copies of the Paper are available
from the DTI Commercial IT Security Unit on 0171 215 1399 or Fax 0171 931
PAPER ON REGULATORY INTENT CONCERNING
USE OF ENCRYPTION ON PUBLIC NETWORKS
1. The Government recognises the importance
of the development of the Global Information Infrastructure (GII) with respect
to the continuing competitiveness of UK companies. Its aim is to facilitate
the development of electronic commerce by the introduction of measures which
recognise the growing demand for encryption services to safeguard the integrity
and confidentiality of electronic information transmitted on public telecommunications
2. The policy, which has been decided
upon after detailed discussion between Government Departments, involves
the licensing and regulation...
Note here that the policy has
been decided - that's it folks - we know what is best for you -
you know that you can trust us and we certainly don't want you to think
for yourselves - good gracious, that's how revolutions start! What did you
say, its all about democracy, Governments serving their citizens, achieving
open Government, freedom of information and all that? You mean that we should
actually seek views before we set our policy?? No, no, we can't possibly
do that - if we did that people might disagree with us and we might then
find it difficult to have the policy we want - OOPS, I mean the policy that
we have decided is best for you. Any other way would be like having hospitals
for the benefit of patients, or trains for the benefit of passengers, and
we don't want any of that - Government for the people is OK for the United
States but its far too crude an idea for the UK!
... of Trusted Third Parties (hereafter
called TTPs) which will provide a range of information security services
to their clients, whether they are corporate users or individual citizens.
The provision of such information security services will be welcomed by
IT users, and will considerably facilitate the establishment of, and industry's
participation in, the GII, where trust in the security of communication
has been acknowledged to be of paramount importance. The licensing policy
will aim to preserve the ability of the intelligence and law enforcement
agencies to fight serious crime and terrorism by establishing procedures
for disclosure to them of encryption keys, under safeguards similar to those
which already exist for warranted interception under the Interception of
3. The Government intends to bring
forward proposals for legislation following consultation by the Department
of Trade and Industry on detailed policy proposals.
Good, but are things really
going to change I wonder?
4. The increased use of IT systems
by British business and commerce in the last decade has been a major factor
in their improved competitive position in global markets. This reliance
on IT systems has, however, brought with it increased security risks; especially
concerning the integrity and confidentiality of information passed electronically
between trading bodies. The use of encryption services on electronic networks
can help solve some of these security problems. In particular TTPs will
facilitate secure electronic communications either within a particular trading
environment (e.g. between a bank and its customers) or between companies,
especially smaller ones, that do not necessarily have any previous trading
The enthusiasm for TTPs in Europe
is strong on idealism but weak on any practical understanding of the legal
or the technical issues which will be involved in bringing them into existence.
Considering just the technical issues, if two people want to exchange secure
information, their respective TTPs must reach a bilateral agreement before
they can do so and if no such relationship exists they simply cannot communicate
securely. Since the number of bilateral arrangements between N parities
grows at an N^2 rate, a world with a large number of TTPs will simply not
be practical. Thus, for example, with 30 countries each with about 30 TTPs
would involve 1000 TTPs in total and of the order of a million individual
bilateral arrangements. It is thus evident that the TTP approach does not
scale well and will only likely to be effective with a relatively small
number of TTPs. (Dorothy Denning has correctly pointed out that this is
not an inherent feature of TTPs but rather a feature of a particular system
design being studied by the UK Government)
Since it is implied that TTPs will
hold keys for their customers, a small number of TTPs will mean that each
TTP will hold an enormous number of keys and hence a very large amount of
data which is extremely security sensitive. In this situation a TTP could
be managing millions of keys; however, it is hard to conceive of a computer
and management regime which would be capable of achieving such a task. Anyone
who doubts this should read back issues of comp.risks and
the work done by Ross Anderson at Cambridge on security in banking.
By and large I trust my bank to manage
my money but I would not currently trust them to manage my keys by using
computers. There is simply no evidence to suggest that there are any
organisations, banks included, which are currently capable of undertaking
a task which involves the use of computers to handle such extreme security
requirements. Despite the local risks, therefore, I prefer to manage my
own keys. In saying this I would be happy to use key recovery techniques
to guard against inadvertent key loss and to provide for information disclosure
in response to a search warrant.
Small numbers of TTPs will lead to
other dangers in that there may be little or no choice of the architecture
of the schemes available in the market. The scenario in which the UK Government
licences a small number of TTPs could easily lead to a situation where there
is effectively no market for alternative ways of achieving security and
hence no real choice. In this situation the idea that the scheme is voluntary
would be rather hollow. Of course the Government could claim that this is
true and in one sense they would be right - you could have TTP based security
or none at all.
5. In developing an encryption policy
for the information society, we have also considered how the spread and
availability of encryption technology will affect the ability of the authorities
to continue to fight serious crime and terrorism. In developing policy in
this area, the Government has been concerned to balance the commercial requirement
for robust encryption services, with the need to protect users and for the
intelligence and law enforcement authorities to retain the effectiveness
of warranted interception under the Interception of Communications Act (1985).
6. Consideration by Government has
also been given to the requirement for business to trade electronically
throughout Europe and further afield. The inter-departmental discussions
have therefore taken into account draft proposals by the European Commission,
concerning information security (which include the promotion of TTPs), and
discussions on similar issues taking place within the OECD.
The Government's Proposals
7. By their nature, TTPs, whatever
services they may provide, will have to be trusted by their clients. Indeed
in a global trading environment there will have to be trust of, and between,
the various bodies fulfilling this function. To engender such trust, TTPs
providing information security services to the general public will be licensed.
It is not obvious that licensing will
be better than regulation in providing TTPs which can be trusted. It is
almost certain, however, that this will result in far fewer TTPs and this
will have benefits in reducing diversity but disadvantages in reducing competition
and freedom of choice. A careful analysis will be required to determine
whether licensing or regulation offers the better approach.
... The licensing regime would seek
to ensure that organisations and bodies desiring to be TTPs will be fit
for the purpose. The criteria could include fiduciary requirements (eg appropriate
liability cover), competence of employees and adherence to quality management
standards. TTPs would also be required to release to the authorities the
encryption keys of their clients under similar safeguards to those which
already exist. We would expect organisations with existing customers, such
as banks, network operators and associations (trade or otherwise) to be
prime candidates for TTPs.
See earlier comments. In view of:
- the regularly reported difficulties
which large organisations have in the design, development and operation
of large, software intensive computer based systems;
- the very limited availability
of practical and affordable high assurance computer systems products
suitable for the implementation of extremely challenging key generation,
management and storage tasks;
- the well known failures of banks,
and at least one network operator, to effectively maintain the security
of their computer based information;
it would be helpful if the Government
could set out its reasons for believing that such organisations are capable
of undertaking the full range of TTP tasks envisaged for them.
8. The Government will consult with
organisations such as financial services companies, who have made existing
arrangements for the use and provision of encryption services, with the
intention of avoiding any adverse effects on their competitiveness. It is
not the intention of the Government to regulate the private use of encryption.
It will, however, ensure that organisations and bodies wishing to provide
encryption services to the public will be appropriately licensed.
This paragraph contains the seeds
of many difficulties since the definition of 'private use' of encryption
is very unclear. If a company uses encryption on a single geographic site
is this 'private' use? If this is extended to more than one site using some
form of communications, would this be 'private' or 'public' use? If several
companies agree to use a common encryption approach among themselves is
this 'public' or 'private' use? What if an organised group of individuals
does this - does this change the answer?
PGP is already in widespread use on
the Internet and this could easily be interpreted as 'public' rather than
'private' use. On the other hand PGP is often used to protect the privacy
of individuals not involved in business or commerce and this could be interpreted
What will be the status of the many
PGP 'key servers' on the Internet if all 'encryption services' are to be
licensed? In practice it seems very difficult to distinguish between a TTP
offering keys to its clients and a PGP key server doing almost the same
thing. Taking the press statement at face value, therefore, it would seem
that PGP key servers may be at risk if the Government intends to licence
all encryption services. Beyond this, if a person publishes their PGP public
key, or signs someone else's PGP key, are they providing an 'encryption
It seems inevitable that the definition
of the boundary between 'private' and 'public' encryption services is going
to be very difficult to define.
There is also a lack of clarity in
the Government's intent in respect of the use of encryption
and encryption services as distinct from their provision. Provision and
use are intertwined in the press release and need to be separated so that
the Government's intentions in respect of each of these are clarified. Much
is said about regulating service provision, and the intention not to regulate
'private' use is set out, but the statement is very imprecise in respect
of regulation intentions in respect of 'public' use.
This whole area will be one which
needs to be monitored with great care during the legislative process. Although
the wording throughout the press release is clever, it seems plausible that
the Government is considering the possible regulation of the use
of encryption in business and commerce.
If this is correct then the Government
is seeking to remove the existing freedom which industry, commerce, businesses
and private citizens in the UK have to use whatever cryptography
they choose in going about their daily lives (except in very limited areas
- amateur radio, for example - I do not believe that there are any current
restrictions on the use of cryptography in the UK). If this
is the intention then this proposal is HMS Clipper, albeit
in a well disguised form.
It will thus be essential that this
area of the policy is set out with great clarity and precision if existing
freedoms in the use of encryption are to be preserved.
In particular it will be important to obtain an unequivocal commitment
from the UK Government that the use of TTP based encryption services will
be voluntary and that no restrictions of any kind will be placed on the
design, development, sale or use of cryptographic products and systems within
(b) Services Offered
9. The services which a TTP may provide
for its customers will be a commercial decision. Typically, provision of
authentication services may include the verification of a client's public
key, time stamping of documents and digital signatures (which secure the
integrity of documents). TTPs may also offer a service of key retrieval
(typically for documents and files that have been encrypted by employees)
in addition to facilitating the real time encryption of a client's communications.
10. Licensed TTPs operating within
a common architectural framework, on a European or even a global basis,
will be able to facilitate secure communications between potential business
partners in different countries. Providing the respective clients trust
their TTPs, secure electronic commerce between parties who have not met
will become possible because they will have confidence in the security and
integrity of their dealings.
The use of the word 'dealings' here
in place of 'communications' implies that more than the communications can
be trusted - it is close to saying that if a TTP can be trusted then so
can its clients. In practice this will not be the case unless there is a
very rigorous vetting process before a TTP takes on any client
and it is hard to see that this will be economically justified in many cases.
In any event, there is a presumption that criminals and terrorists are operating
somewhere within the domain of all TTPs so not everyone can be behaving
in a completely trustworthy manner.
(c) Architecture and supporting
11. It is envisaged that a common
architectural framework will be needed to support the information security
services being offered by TTPs in different countries. Clearly this will
be a matter for negotiation between interested parties taking into account
developments in international standards organisations. The architecture
would need, however, to support both the provision of integrity and confidentiality
and therefore be capable of verifying public encryption keys and escrowing
private ones. There is no reason why it should not also support a choice
of encryption algorithms, such as those on the ISO (International Standards
12. In support of such an architectural
framework we would envisage manufacturers developing software or hardware
products for use by the business community. Such products will need to be
consistent with whatever standard (or standards) are arrived at to enable
TTPs to interoperate. The type of algorithm used for message encryption,
and whether it is implemented in hardware or software, will be a matter
of business choice.
Not entirely a business choice since
I assume that it will not be possible for two or more co-operating TTPs
to use an algorithm or an approach which they do not reveal to the Government
since any disclosed keys could then be useless (remember that it is keys
that the Government is seeking to gain access to, not the protected information).
(d) European Union
13. The Government is working closely
with the European Commission on the development of encryption services through
their work on information security. Arrangements concerning lawful interception
and the regulation of TTPs in that context are matters for Member States
to determine. However, the Commission has an important role in facilitating
the establishment of an environment where developments in the use of TTPs
can be fostered. The Commission should soon be in a position to bring forward
a programme of work involving, for example, the piloting and testing of
It would be nice to have a successful
TTP pilot before announcing a policy based on TTP principles.
It is surely 'putting the cart before the horse' to announce a policy before
its feasibility, its affordability or its practicality have been demonstrated.
14. The Government are also participating
in discussions at the OECD on encryption matters. Where possible we will
encourage the development of networks of TTPs which facilitate secure electronic
trading on a global basis.
(f) Export Controls
15. Export controls will remain in
place for encryption products (whether in hardware or software form) and
for digital encryption algorithms. However, to facilitate the participation
of business and commerce in the information society the Government will
take steps, with our EU partners, with a view to simplifying the export
controls applicable to encryption products which are of use with licensed
This paragraph is not very helpful
since current export controls are lacking in clarity and precision and urgently
require revision to remove the confusion and uncertainty which this causes.
Now that the UK Government is committed to at least some amendments of these
controls it will be important to grasp the opportunity which this provides
to establish export control laws for cryptographic products which are precisely
and clearly defined and which are limited in scope to the essential minimum
to meet openly stated Government objectives whilst also being consistent
with modern approaches to computer and network systems engineering.
In particular the current export controls
on products which contain no cryptography themselves but which have fully
and openly defined interfaces which allow the use of external cryptographic
modules need to be removed.
Export controls on cryptographic software
need to be better defined in order to ensure that they are truly enforceable.
In the United States a distinction
is made between the publication of cryptographic algorithms in descriptive
text or computer language source code form on paper and the identical descriptions
held on magnetic media or transmitted over networks. The reason for the
distinction is that US export controls on cryptography are interpreted to
cover export on magnetic media and via networks whilst the export of identical
information on paper is not subject to any such control.
In the UK the situation seems
to be more sensible in that, as far as I can tell, there are no UK export
controls on cryptographic algorithm descriptions in either text or source
code form, irrespective of the media involved. However it is possible that
there are such controls in theory but that no attempt is made to enforce
them, a situation that leads to uncertainty in such areas as international
co-operation in R&D or product development. It will hence be necessary during
the amendment of UK export controls to ensure that the extent of the export
controls on cryptographic algorithm descriptions are clear and precise.
The export controls applicable to
cryptographic software in binary and executable form also need to be clarified.
Given the widespread international availability of encryption algorithms
and software on the Internet it makes no sense to continue with laws that
are not enforceable and which have no practical effect. Therefore, in continuing
with export controls on cryptographic software, the Government will need
to demonstrate that such controls:
- are designed to achieve fully
and precisely enunciated Government objectives;
- are capable of being enforced
in such a way that these objectives can be substantially achieved without
significant impact on other freedoms;
- will not be rendered ineffective
by activities which are beyond the Government's control or influence.
Any software export controls that
do not meet these criteria should be discontinued.
16. Officials from the Department
of Trade and Industry have already held preliminary discussions with various
industry group on the general concepts surrounding the provision of encryption
services through TTPs. A more formal consultation on the Government's proposals
will be undertaken by the Department of Trade and Industry with all interested
parties prior to the bringing forward of legislative proposals. The Government
recognises that the successful facilitation of electronic commerce through
the introduction of information security services by TTPs either in the
UK or in Europe, will, to a significant extent, depend on their widespread
use across business. It will therefore be important to secure the broad
acceptance of the business community for the Government's proposals. The
Department will pay particular attention to this during the consultation
This is a valuable commitment which
is somewhat at odds with the earlier statement that the policy '... has
been decided ...'. It is clear commitment by the Government to introduce
an approach only if it has the support of the UK business community. Since
any scheme will also have a large impact on all UK citizens, a way needs
to be found to ensure that their voice is heard during the consultation
process as well. This could be achieved by involving the Chartered Institutions
and the Learned Societies. The Government could also do what the United
States has done by commissioning an independent academic review of its proposals.
These steps would help significantly in ensuring that any policy which emerges
commands widespread support throughout the UK.
If this press release represents the
start of a public debate in the UK about the complex balances
which need to be struck in the use of encryption to secure our National
Information Infrastructure (and the GII), then it has my wholehearted support
and I congratulate the UK Government on its publication.
If, however, it is the end
of a debate, held behind closed doors, and is hence an attempt by
the UK Government to impose an encryption solution on the people of the
UK in the absence of an informed public debate about the issues involved,
then I will do all that I can to frustrate its progress until such a debate
has taken place.
The press release leaves me uncertain
about which of these scenarios is correct.
I am not a crypto-anarchist, nor am
I a crypto-fascist - if anything I would characterise my views as broadly
crypto-liberal on the grounds that this is the only practical stance given
that cryptographic knowledge and capabilities are now widespread. No-one
should make the mistake of reading these comments as indicating that I am
opposed to the objectives which the Government is trying to achieve. The
issue is not the objectives themselves, since these would be hard to dispute,
but rather the extent to which these are achievable and whether the actual
gains which are likely in practice will outweigh the disadvantages which
will be involved.
Beyond this, however, I am firmly
of the view that everyone in the UK has a right to make an input before
Government policy is set in all areas where the policy involved will have
a profound impact on their well-being, their prosperity and their common
interest in peace, security, freedom and justice. The security of our NII
(and that of the wider GII) is just such an area where I fear that the UK
Government might possibly be attempting to set a policy before any such
debate has taken place.
I urge everyone in the UK who reads
these comments to approach their Member of Parliament to seek their assurance
that no legislative action will be initiated before there has been an adequate
public debate of the issues involved.
I urge those of you in (and associated
with) the media in the UK to publicise the Government policy statement and
to inform the UK public in a balanced way about the issues
which need to be considered in arriving at a sensible UK policy stance.
Gladman, 15th June 1996.
Back to Brian Gladman's