[ISN] Encryption key would lock up criminals

From: mea culpa (jerichoat_private)
Date: Thu Mar 04 1999 - 00:26:49 PST

  • Next message: mea culpa: "[ISN] Security Conference Announcement: the Black Hat Briefings '99"

    Forwarded From: Fearghas McKay <fmat_private>
    Originally From: Yaman Akdeniz
    Tuesday, March 2, 1999 Published at 17:18 GMT
    Encryption key would lock up criminals
    Dr Ross Anderson: "Big business can look after itself."
    By Internet Correspondent Chris Nuttall
    Cyber-criminals would be caught if the government introduced a system
    where the keys to coded e-mail were voluntarily lodged with licensed
    authorities, according to the UK National Criminal Intelligence Service
    NCIS was one of the groups appearing before the House of Commons on
    "Criminals are lazy, greedy and they make mistakes," John Abbott, NCIS
    Director General told the Trade and Industry Select Committee, which is
    hearing witnesses on electronic commerce issues. 
    "We are able to capitalise on this and we anticipate that a licensing
    scheme would allow us to have some successes," said Mr Abbott. 
    Civil liberties campaign
    Civil liberties groups are campaigning against "key escrow" - the term
    used for lodging codes with a third party. They do not want it included in
    a forthcoming Electronic Commerce Bill. 
    A long-awaited consultation paper on the bill from the Department of Trade
    and Industry (DTI) is expected in the next few days. 
    Opponents argue the proposed voluntary licensing system where Trusted
    Third Parties (TTPs) would hold the keys to encrypted data being sent over
    the Internet would never be used by criminals. 
    But an NCIS spokesman, who declined to be identified, told the hearing
    that just as criminals used telephones at every level for their
    activities, so some would use the TTPs. 
    "We would prefer to have a mandatory licensing system because that would
    be more inclusive," said Mr Abbott. 
    "I do recognise that we are moving into new territory, and this would not
    be a complete answer, and if all that is on offer is a voluntary scheme
    then that is better than no scheme at all." 
    Real time access
    The Chief Investigations Officer of HM Customs & Excise, Richard Kellaway,
    told the hearing that real-time access was needed to encrypted data. Mr
    Abbott added that it was no use knowing three days afterwards where a
    consignment of drugs had been exchanged. 
    He admitted that key escrow would not solve the problem of crimes being
    committed on an international scale over the Internet. 
    "But I would urge the government to lead. Law enforcement agencies
    throughout the world are extremely concerned with developments. We
    anticipate the problem will grow over time and certainly the G8 law
    enforcement forum are constantly discussing this and looking for ways
    Business concerns
    Businesses, as well as civil liberties campaigners, have voiced concern at
    the possible proposals on key escrow, and the Post Office stated its
    opposition at the hearing. 
    Jerry Cope, its managing director for strategy, said there were two areas
    of concern: "If people feel this system makes them less secure then they
    will not want to use it. We need to instil confidence. 
    "Then there is the additional cost of regulation and if it is greater than
    in France or Ireland then business will go elsewhere. It is as easy to
    send e- mail from London to Manchester via Paris as it is direct from
    London to Manchester." 
    Mr Cope said there had been a lack of dialogue between business and law
    enforcement agencies and he suggested a possible compromise. Agencies
    would bear the additional costs of being able to extract information from
    TTPs and would only exercise their powers when there was a threat to
    national security. 
    The Post Office will announce later this month that it is launching a
    Trusted Third Party service called ViaCode. 
    Red flag
    The final witness of the day, a leading encryption expert, Dr Ross
    Anderson of Cambridge University, compared key escrow to the red flag that
    had to be waved in front of the first motor cars to warn people of danger. 
    A week after the requirement was removed, there was the first road traffic
    fatality. But no-one would suggest we go back to the red flag today and
    the assumption is made by the police that 99% of those on the road are
    good guys, he said. 
    He added that the police had a long way to go with computers to match
    their current knowledge of the motor car. They had often had to call in
    outsiders such as himself to help with encryption cases. 
    "There are many, many ways of attacking computer systems and inevitably
    TTPs are going to be compromised," he said. "The role of government should
    be protecting the consumer - big business can look after itself." 
    He said the best way forward in terms of legislation was the Australian
    approach that simply recognised that electronic signatures had the same
    force as manuscript signatures. 
    "Key escrow would have to be global to achieve its stated purpose, and
    there is now no prospect of this," he said in an additional written
    submission to the committee. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:13 PDT