Forwarded From: privacy <anonat_private> http://www.newscientist.com/ns/19990306/forum.html Under lock and key By Duncan Graham-Rowe GOVERNMENTS hate things going on that they don't know about. Not long ago, many governments insisted that they should have the ability--and the right--to decipher all coded messages. The US government, for example, tried to get organisations to use its clipper chip for encryption. Only the government, of course, would hold the numbers, or keys, that would enable it to read anything encoded by the chip. Encryption looked set to become a major civil liberty issue. The subject might seem somewhat esoteric. Indeed, many people have never even heard of it. But whether you know it or not, you almost certainly depend on computer encryption already. Banks, for example, use encryption software to safeguard their customers' personal identification numbers, or PINs. Many other businesses, and individuals, also have good reasons for wanting to be sure that information such as a credit card number sent over the Internet is not being intercepted--or at least cannot be read if it is. Human rights organisations, for example, often use cryptography to relay sensitive information. People who send coded messages obviously want to use strong encryption software, the best available. And while there is no such thing as an uncrackable code, strong encryption comes pretty close. Even with the fastest supercomputers, it could take years to break most properly encoded messages. And this is what gets governments so worried. Strong encryption makes eavesdropping on other people's communications practically impossible. Many governments argue that being able to decode encrypted messages is essential if they are to crack down on criminal activity, such as the distribution of child pornography on the Internet. As a result, a number of Western governments, including France, Britain and the US, have spent years quietly trying to introduce various versions of what is called key escrow. The idea is that government approved agencies, called "trusted third parties", would be set up to hold the encryption keys on our behalf. Then, when the police want to decode a particular message or set of communications, they would present a warrant to these agencies. It sounds reasonable, but such a system would be open to abuse and far from secure. Besides favouring encryption systems that are easy to crack, key escrow represents a weak link in what would otherwise be an almost impenetrable chain. Worse still, it wouldn't even achieve what it was designed for. If key escrow was in place, few criminals would be stupid enough to use it. In fact, criminals would probably be the only ones with any real privacy. And while all those whose job it is to fight crime argue that this would nevertheless provide a good way of flushing out criminals, to do this effectively you would have to know where to look in the first place, which is a somewhat circular argument. So is it really worth jeopardising our privacy on the off chance that the police might catch a few careless criminals? Not according to the French. Last month, France denounced its own well-established policy of banning commercial encryption, after 200 companies complained to the government about key escrow. Prime Minister Lionel Jospin openly admitted that key escrow was useless in fighting crime and therefore unwarranted. And even the US seems to be backing down, after a spate of TV commercials aimed at embarrassing the government brought the issue out in the open. It also seems likely that export laws will be relaxed so that strong encryption software such as Pretty Good Privacy (PGP) is no longer classified as munitions and banned from export. Britain's Department of Trade and Industry seems to be following suit. After nearly five years of consultation, the e-commerce bill is rumoured to be published this week. Although the official line has been that the government favours key escrow, euphemistically calling it a voluntary system of cryptography, the message that this is unacceptable appears to have been drummed home not just by industry bodies but also, according to popular rumour, by the former trade minister Peter Mandelson. This is a welcome change of heart. It is just a pity that it has come not from governments recognising the futility of key escrow or from listening to the cogent arguments of civil libertarians, but merely in response to pressure from industry. >From New Scientist, 6 March 1999 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:12 PDT