[428] in cryptography@c2.net mail archive
Analysis of proposed UK ban on use of non-escrowed crypto.
daemon@ATHENA.MIT.EDU (Adam Back)
Sat Mar 22 00:01:18 1997
Date: Sat, 22 Mar 1997 01:47:44 GMT
From: Adam Back <aba@dcs.ex.ac.uk>
To: cypherpunks@cyberpass.net, cryptography@c2.net
CC: trei@process.com, ttp.comments@ciid.dti.gov.uk, rja14@cl.cam.ac.uk,
aba@dcs.ex.ac.uk
In-reply-to: <199703212015.MAA18706@blacklodge.c2.net> (trei@process.com)
[This commentary is cc'd to <ttp.comments@ciid.dti.gov.uk> for the
attention of one Nigel Hickson, this address is given in the document
for comments. They did ask for comments. I will also be writing up
more formal comments, there are specific areas for which comments are
requested, see near the end of the DTI document at one of the URLs
below]
Hi folks,
I spent the last couple of hours reading _the_ document, and here are
the interesting quotes and translations, plus a few comments.
This commentary is longish (~300 lines), but the real document is
longer (~2000 lines), so if you're interested you might as well start
with this one, and grep around for the interesting parts in the big
document, which is stored here:
http://www.dti.gov.uk/pubs/
and mirrored by Ross Anderson here:
http://www.cl.cam.ac.uk/users/rja14/dti.html
Following on from Ross Anderson's analysis of the DTI paper, I've read
the paper through, and here are some more quotes, and translations.
: * Use of licensed TTPs is voluntary - those wishing to do otherwise
: are at liberty to do so - The market will decide if it wants to use
: TTP services and not Government. The Government believes that the
: benefits of this scheme will far outweigh any others. Of course
: those wishing to use any other cryptographic solutions can continue
: to do so, but they will not be able to benefit from the convenience,
: and interoperability of licensed TTP services.
Which on first reading seems to say that you don't have to use TTPs.
However re-reading the above in the light of this (whoah!):
: The legislation will provide that bodies wishing to offer or provide
: encryption services to the public in the UK will be required to
: obtain a licence. The legislation will give the Secretary of State
: discretion to determine appropriate licence conditions.
This seems to imply an outright ban on use of non-escrowed crypto,
regressing UK crypto policy to a similar dark ages view as countries
like Iraq, and Iran. The fact that the licensing conditions will be
decided at the Secretary of State's "discretion" is also in line with
Iraq, Iran, dictator style.
The _license_ referred to seems to be "a license to be a TTP" from the
context, which implies that only products with TTP in them will be
licensable. No exception for freeware either: it says "offer or
provide".
Also looking through the list of criteria to be accepted for a TTP,
you need to be a bigish corporation, so individuals obtaining a TTP
license is impossible, and hence so is individuals writing crypto
software and giving it to others is illegal.
So the first paragraph, which I will now try to translate from this
simply incredible piece of government newspeak:
: * Use of licensed TTPs is voluntary - those wishing to do otherwise
: are at liberty to do so - The market will decide if it wants to use
: TTP services and not Government. The Government believes that the
could be more honestly rephrased:
Your choices are either to use TTPs or to not use encryption at all
because other encryption is outlawed! This is really a free, market
driven situation, and we'll see what the market decides! (Jeesh!)
(Either this is the translation, or the document directly contradicts
itself. Please someone tell me I'm wrong.)
Under the short section with the above gem outlawing crypto it says:
More on the crypto ban, from further into the document:
: The legislation will prohibit an organisation from offering or
: providing encryption services to the UK public without a
: licence.
There's your domestic distribution of non-escrowed crypto ban, and
export ban in one, and...
: Prohibition will be irrespective of whether a charge is
: made for such services. The offering of encryption services to the
: UK public (for example via the Internet) by an unlicensed TTP
: outside of the UK will also be prohibited. For this purpose, it may
: be necessary to place restrictions on the advertising and marketing
: of such services to the public.
that was your import ban, and government censorship of foreign crypto
advertisements, and web pages offering non-escrowed crypto.
Mmm, maybe we've out-done Iran and Iraq in our apparently Neanderthal
crypto policy.
Oh yeah, the kicker to the above ban is what `encryption services' are
defined to include, basically anything related to authentication,
signatures, key certification, key servers, confidentiality, etc. etc.
Looks like you can't even *clear sign* a document with PGP anymore.
(There are exemptions for banks, and media moguls)
Another clarification of the crypto ban: it is a criminal offense (no
less) to offer or provide crypto services without a license:
: we intend that it will be a criminal offence for a body to offer or
: provide licensable encryption services to the UK public without a
: valid licence.
Another interesting quote: The mandatory delivery time for users keys
to the government in the TTP network is one hour. They don't just
want your keys, they want them _fast_.
: The Government would welcome views on whether this legislation
: should establish a rebuttable presumption in any proceedings that a
: document has been signed by the person or persons named in a
: certificate issued by a licensed TTP who has provided encryption
: services in relation to that document. A similar presumption could
: also apply to the certification by a licensed TTP of the integrity
: of a document. This would have the effect of placing the burden of
: proof on a person wishing to challenge the identity of a signatory
: of a document or the integrity of a document.
Which suggests that they may take the approach of making digital
signatures signed with keys certified and held by TTPs legally
binding, but not non-escrowed keys. Just to encourage you to use TTPs
with identity-escrow, and signature-escrow even if all you wanted was
to clear sign your documents. Presumably the law-enforcement and
intelligence services think they have some need to be able to
arbitrarily forge documents. Although they do say:
However, they acknowledge the difference between keys for
authentication (signature keys) and keys for confidentiality
(encryption keys), and imply that they will not have access to
signature keys:
: Separation between confidentiality and authentication /
: non-repudiation is needed, not least to ensure that the ability of
: the authorities to decrypt data does not also put them in a position
: of being able to impersonate anyone.
If this can be taken at face value, the fears about impersonation and
forgery might be misplaced. I wouldn't count on being able to take
that at face value, they may just escrow the signature keys but only
release them under other tighter conditions. (Say national security
conditions?). Who knows.
And this caught my eye as a loop-hole enabling jurisdiction shopping:
: ... here will be no provision requiring UK clients to use a UK
: licensed TTP. They are, and will be, free to register with foreign
: TTPs. It will therefore be necessary (for law enforcement purposes)
: to establish arrangements with other countries for the exchange of
: keys. The UK Government believes that these arrangements will be on
: the basis of dual legality i.e. whereby the criteria for access is
: satisfied in both countries.
So a UK person can use a French TTP, and they promise not to access
the keys in their database unless you simultaneously satisfy the
criteria for access in both UK and France.
One would presume they will work hard to harmonise the criteria for
access, so that this wouldn't pose a problem. Otherwise you could
creatively register with all available countries, and use appropriate
nationality keys to protect your communications, shopping for a
jurisdiction which would not consider your communications a crime.
However, one presumes the criteria for access will be "if any EU
spooks, or EU law enforcement, or any one with `pull' asks for the
key, that's good enough for us."
Indeed near the end of the document, it seems they have addressed this:
: If the UK and other countries adopt a system of Trusted Third
: Parties (TTPs) providing confidentiality services including
: encryption on a key escrow basis, it will be open to encryption
: users to register with a TTP abroad. Unless workable arrangements
: are in place for the authorities to gain access to keys escrowed
: with TTPs in other countries, criminals may choose to register with
: TTPs abroad in order to evade national legislation providing for
: access to keys held by TTPs licensed in their own country.
They go on to discuss how they would get around this problem.
More light-heartedly, I think I found a loop-hole: an employer can
offer cryptographic protection between it's employees:
: Similarly, an employer offering cryptographic protection between its
: employees, (whatever the functionality) would not be covered by this
: legislation. However should it decide to extend the protection
: service to its suppliers, then it would require a licence.
I hereby offer to employ anyone indefinately at a rate of 0 pounds per
hour, to correspond amongst themselves using PGP. I will supply
copies of PGP to my `employees' on receipt of a blank disk and SAE,
together with a contract of employment.
In the requirements for TTPs, the import of the following quote is
interesting:
: Technical assurance of IT security equipment used for key management
: and storage. Evaluation of the security system and IT security
: products will need to be undertaken, for example UK ITSEC, although
: formal evaluation by an independent third party may not be the sole
: evaluation procedure.
:
: The Government seeks comments on whether mandatory ITSEC formal
: evaluation would be appropriate
If they did make formal ITSEC evaluation a requirement for a TTP, it
would provide another barrier to becoming a TTP. Non-UK readers (and
UK readers not familiar with local crypto politics) might be
interested to know that ITSEC costs around 200,000 GBP, ($ 300,000 US)
and that the people who provide the ITSEC evaluation are a group
within the CESG (Communications Electronics Security Group) which is a
working alias of GCHQ, the UK equivalent of NSA. The people at CESG
are the brains and part of the political pressure for the whole TTP
setup. How fortunate that they also get to evaluate the security
requirements, and at a time when they are having to switch to
self-funding mode (part of a government efficiency drive, which is now
reaching into even spook circles). Mandatory ITSEC requirements for
TTPs would provide marvelous job security for the people at CESG.
(Really, there are no conflicts of interest here, you can _trust_ big
brother).
But just in case someone has both the money, financial stability,
blah, blah, and is slips through, they can reject TTP license
applications on basis of `suitability of individuals' to the task:
: Checks will be made to ensure that those who own, or effectively
: control, an organisation, are suitable candidates for ownership of a
: TTP.
This one's interesting also:
: 11. It should ensure that attempted abuse by the sender can be
: noticed by the receiver.
:
: It should be impractical for user to subvert or bypass the legal
: access provisions. If the recipient contributes to the process of
: producing the data encryption key then this applies to both parties.
They want there to be no practical ways to use the TTP key frame work,
and end up with a non-escrowed communication link.
That's impossible. To give an immediate example, they allow for
non-escrowed signature keys a few lines above, which are certified by
the TTP. To make a subliminal channel simply _encrypt_ with the
signature key.
There also a large number of subliminal channels in various signature
schemes, and opportunities in super-encrypted stego-encoded plain
text, etc ,etc.
In addition you get poor service:
: It would be unwise to presume permanent availability of all parts of
: a network. TTPs need to provide a timely service, but not
: necessarily a 24-hour one for users.
Ie the TTPs key servers will not necessarily provide usable service
anyway to the users. To the government however, they have to provide
A1 super fast delivery of users keys on penalty of loosing the TTP
license.
These two from the FAQ section are amusing also, I couldn't have asked
better questions myself:
: If such a system is not mandatory why bother, surely crooks and
: terrorists will use something else ?
:
: Criminals will often make use of whatever technology is conveniently
: available to them. We expect TTPs to have a major role in conveying
: secure electronic communications, especially where a payment for
: legitimate services is involved.
The good old NSA/Freeh argument: criminals and terrorists are stupid.
Yawn, yah right.
: Surely this is just a front for security agencies to expand their
: "big brother" role ?
:
: No. The UK accepts that businesses have a need to safeguard both the
Hey, you mispelled `yes'. Yes meshes perfectly with the rest of the
answer:
: integrity and confidentiality of their information, and is keen to
: find effective means of meeting this need. The TTP approach will
: provide such a means, but in a way that would also meet another
: important need, namely to preserve the effectiveness of the existing
: powers to intercept communications. Similar safeguards to those that
: already exist under the Interception of Communications Act 1985 will
: be established. Widespread encryption has the potential to make
: legally intercepted messages unreadable, to the detriment of all law
: abiding citizens.
Finally let me comment on the patronising fatherly tone of the opening
preamble to the document:
: The Government's view is that new developments in information and
: communication technologies offer exciting opportunities in the
: UK. Advances in the computing, telecommunications and creative
: sectors, combined with the world-wide explosion of electronic
: commerce, are revolutionising the delivery and availability of
: information and services. The Government wants to ensure that
: everyone in the UK is able to benefit from these developments and
: that they are able to play a part in the emerging information
: society.
If the government wants to ensure everyone in the UK is able to
participate in the `emerging information society', the best thing they
could do is get _right_ out of the way. Seriously.
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<:
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
