I take a keen interest in UK government policies on cryptography and information security. I am often asked where I stand on a number of issues and this page summarises my position on some of the issues involved.
Here is a short paper describing the UK government organisations involved in cryptography and information security (with a shamelessly biased view of their effectiveness). This paper is an update of the one I published on the ‘ukcrypto’ list.
UK Government Cryptography Policy
June 1996 – The Conservative Party – Give them what’s good for them not what they need
When the previous government first published its policy on cryptography in June 1996 I provided a critique of the proposals and ran a web based survey of views on them with the following results. These results suggested that the proposed policy was very unpopular with informed UK citizens.
I also ran a survey of views on the extent of acceptable government access to encrypted material on the UK National Information Infrastructure, with results that showed that there was only minority support for government access to encrypted information without the consent of the owner.
April 1998 – The Labour Government – Government Policy Set By The Civil Service
In April 1998, despite an ‘encryption friendly’ pre-election policy which promised no key escrow,
the Government announced a ‘key escrow’ policy that was little different to that of the previous government. It is clear that they had swallowed the civil service propaganda and made a rapid reversal of their policy. These revised proposals were announced by the Department of Trade and Industry on 27th April 1998 and my response to them is here. This policy raised many objections from both industry and private citizens in the UK.
March to May 1999 – The Labour Government – Government Policy Set By Industry
In early 1999 the Government issued a further policy paper entitled “Building Confidence in Electronic Commerce” that was intended to be more acceptable to industry. But while accepting the need for a voluntary licensing regime in place of a mandatory one,
this paper still advocated a ‘Trusted Third Party (TTP)’ approach to confidentiality services with key escrow.
This generated a storm of protest from both industry and the public. My own comments are available here (it is interesting to note that this paper contains some surprising technical errors. See, for example, the discussion of key disclosure and self-incrimination and the description of ‘crypto-viral’ extortion).
The House of Commons Trade and Industry Committee considered this policy and heard a lot of evidence, the majority of which was critical.
They produced a report that suggested the need for significant changes in what was being proposed.
In consequence the Government had yet another rethink and announced in late March that it would drop the key escrow requirement provided industry came up with an acceptable alternative approach.
The Prime Minister commissioned a rapid high level study by the Performance and Innovation Unit of the Cabinet Office leading to a further report published in May 1999 under the heading “Encryption and Law Enforcement”.
I have worked with colleagues in Cyber-Rights and Cyber-Liberties (UK) to produce a response to this latest policy initiative, which makes some valuable proposals but also contains some significant weaknesses.
However, provided its weaknesses can be remedied, it may offer a sound basis on which to build.
Year 2000 – The Labour Government – A Policy For The People – Sadly No!
While export controls on encryption products have now been almost completely removed,
the UK government has passed a Bill in Parliament – the Regulation of Investigatory Powers Act – that includes provisions to allow a number of UK authorities to seize the encryption keys belonging to UK citizens. These powers can be used against entirely honest,
law abiding citizens who do not even have to be under suspicion.
The UK Government claims that the keys of honest citizens are not at risk because they will be able to offer the plaintext instead of keys
but the legislation does not give key owners any such rights.
While the UK Government has accepted that key owners should not have to hand over their keys without knowing that they be safe while in government hands,
it has repeatedly refused to provide the information that key owners need in order to make such an assessment. In practice,
maintaining the safety and security of keys will be very difficult task and this will mean that those whose keys are seized
will have no choice but to assume that their security has been compromised as a result.
This legislation will also undermine the majority of the digital signatures offered by UK citizens
. Such signatures will be untrustworthy where the keys providing them are controlled by pass phrases that also control access to confidentiality keys.
In such situation the key owners cannot guarantee that they alone have access and this undermines the integrity of signatures made with their keys.
Other countries, most notably Germany and Ireland,
have explicitly rejected such measures and hence provide a better base for e-commerce development than the UK.
Export Controls on Cryptographic Products
A number of governments co-ordinate their export controls on cryptographic products through an international mechanism known as the Wassenaar Arrangement. UK controls on cryptography are often justified by quoting this agreement but a careful consideration of its provisions shows that it should not be used to impede genuine civil transactions and trade. But this is precisely the impact that these cryptographic export controls now have. I have produced a paper that analyses the Wassenaar Agreement and shows that controls on civil cryptographic products are contrary to its stated objectives.
The White Paper on Strategic Export Controls
In 1998 the UK government published a White Paper setting out its proposals for improving the operation of strategic export controls in response to the findings of the Scott Report.
This White Paper sets out a number of proposals for improving the effectiveness of export controls but also includes a proposal to extend the scope of such controls to include intangible goods,
that is, goods such as software transferred by electronic means.
While the proposals to improve the clarity of export control objectives are very welcome, the proposal to extend the scope of controls to intangible goods is a thoroughly bad idea.
In practice there is no well defined boundary that separates ‘intangible goods’ on the one hand and
‘ideas’ on the other and this means that once we give the government the ability to control intangible goods we are on a slippery slope which could easily end
with the government controlling the export of ideas as well. This is a dangerous path to follow:
“I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it.” – Thomas Jefferson to Archibald Stuart, 1791.
Quite apart from the principles involved, the extension of controls to intangible goods could have an enormous and detrimental impact on research and development in the UK, much of which is now carried out in an international context. If research and development teams in universities and industry need licenses in order to exchange ideas with their overseas colleagues we will very quickly find that high quality R&D will go elsewhere. This is precisely what is happening in the United States where efforts to control cryptographic intangibles have simply resulted in companies setting up laboratories overseas.
The effect has thus been to export high-technology jobs and this is exactly the effect we can expect in the UK.
Ross Anderson has produced a paper expressing his position on the impact of these proposals on Universities. I share his concerns and I have accordingly made my position known by sending an open letter to the relevant part of the DTI.
It appears that the prospects of direct UK legislation on intangible exports has now receded only to be replaced by similar plans for European Community legislation.
Cryptography Policy Principles
Cryptographic algorithms are the creations of mathematicians, scientists and engineers whose efforts should benefit the whole of society and not just the privileged few chosen by governments.
The actions of GCHQ and successive UK governments over the last 50 years to monopolise and control the use of cryptography using secret policies operated by unaccountable bodies is unjustified,
unethical and morally bankrupt.
It is a classic example of the abuse of power that always results
when excessive secrecy is combined with a lack of democratic accountability and control.
UK government policies on the control of cryptography must be arrived
at though informed public debate leading to a widespread consensus among informed and interested citizens that:
(1) any controls are truly in their interests as they judge them; and (2) not detrimental to the development of democracy and human freedom on a global scale.
In the absence (as now) of such a democratically derived policy I intend to work with other scientists and
engineers of like mind to ensure that any attempt by the UK
(or any other government) to control or limit the development,
publication, provision or use of cryptographic knowledge or technology will fail.
Since some may suggest that this is an anarchist stance
I will restate it as “I prefer democracy in place of anarchy but anarchy in place of dictatorship”.
Law Enforcement Access to Keys (LEAK) and to Encrypted Information
I am prepared to consider any direct evidence presented to show that UK law enforcement authorities are being hampered by encryption.
I have seen no evidence that this is a current problem of any significance. Although there may be some future impact,
I believe that the positive benefits of the widespread deployment of cryptography
in crime prevention and detection will far outweigh any negative impact that this might have.
If there is any law enforcement access requirement it can only be to
encrypted information and not to the keys being used.
There are hence no circumstances in which I support any requirements for government or
law enforcement access to encryption keys. I support the need for law enforcement authorities to be able to
use a ‘search warrant’ style of access to the decrypted text of encrypted material but not the keys being used.
The need to back up cryptographic keys is highly application dependent and
requires a careful consideration of the consequences of key loss compared
with the additional risks involved in keeping spare copies of keys or the information involved.
It is important that the owners of information protected using encryption are entirely free
to decide for themselves how they wish to guard against the possibility of key loss or damage.
There is no case for products which make the strength of the primary cryptography which
they offer dependent in some way on the use of key recovery.
There is even less reason for making export approval dependent on the existence of key recovery mechanisms. William Reinsch,
Head of the US Bureau of Export Administration
(speaking at a recent EPIC conference in Washington) characterised such policies as ‘neither efficient, nor fair,
but available’, a characterisation which well illustrates the moral bankruptcy involved.
Here is a paper I presented on Key Recovery (and Key Escrow) at the EPIC Cryptography Conference in Washington DC last year.
I oppose all forms of key escrow that are designed to provide government or law enforcement access to encryption keys. I have both ethical and technical objections to such schemes.
Although many democratic countries have institutions and approaches that can significantly limit and control government abuse of key escrow capabilities,
this is not more generally true and in many countries these would undoubtedly be used as a means of oppression.
If democratic countries implement such measures they then have no moral or
ethical basis on which to deny these facilities to governments that will use them against their own citizens.
The ability of encryption to allow people to interact with each other on
a global scale without fear of oppression by
their governments is just about the most potent capability mankind
has had for advancing democracy and human freedom on a global scale.
I consider it a tragedy that the United States in particular,
with its strong tradition of promoting democracy and human freedom,
should be seeking to deny this technology to those who most need it.
I support the conclusions of expert international cryptographers who
have assessed the risks of key escrow and concluded that they are very significant.
In particular I see no economic or technical basis for successful third party key escrow services.
In order to be economically sound such services will need to support many clients and
this involves holding critical security data in large,
network connected computer systems.
Designing and operating such computer systems to the levels of security this
would require is well beyond the current state of the art.
Although it is possible to reduce the risks by splitting keys between a number of separate computer systems,
the resulting services will then be prohibitively expensive and uneconomic to provide or use.
I thus believe that there are no sound commercial arguments for offering or using third party key escrow services. Third party key escrow is only necessary in order to meet government requirements for access to keys;
government efforts to promote such services as commercially
sound are simply attempts to meet their own requirements without having to foot the bill.