Analysis of Part I of the (draft) Electronics Communications Act 1999A summary of opinionsIntroductionPart I is all about setting up a statutory, but voluntary, licensing scheme for 'Cryptography Service Providers'. There is provision for bringing this into force at a different time from the rest of the Act, and indeed the Government has said that it may never bring it into force if self-regulation of the industry proves effective. If the scheme was brought into force one might expect an OFCRYPT body to be formed (see Clause 3) - much as we have OFTEL, OFGAS, OFWAT and so on. However, the requirements for what should be done are pretty broad. One somehow suspects that the provisions have been borrowed from elsewhere rather than invented anew - does anyone recognise them ? The actual effect of an OFCRYPT would depend crucially on the various statutory instruments that underpinned it - but none of this is visible as yet - so it's pretty hard to criticise such woolly proposals. Nevertheless, there are a number of significant points to be made. Fundamental problemsThe Government seems to be of the opinion that a lack of trust in Cryptographic Service Providers (CSPs) can be directly ascribed to a lack of regulation of this industry. Since the industry is so far pretty much non-existent it is somewhat puzzling where they have gathered the evidence for this opinion. CSPs may not be the driver for E-Commerce anyway - we may manage for years using just traditional credit cards, or indeed some other scheme (e-cash on smartcards?) may come along. Therefore, even if you buy the 'trust' argument, the Government may be regulating the wrong industry altogether! The Government seems to be envisioning a single register of CSPs whereas the industry may need a number of different schemes and different registers. Once again, the impression is of regulating first and finding out the needs second. If OFCRYPT may not be needed (and even the Government thinks that a self-regulatory scheme of some kind may be best) then why have it in the Bill at all ? If it is needed in future then wouldn't it be far better to have it created by a new Bill where its structure and remit could be properly debated, rather than trying to hide away all the detail within a Statutory Instrument ? The Bill envisions that OFCRYPT will be created at the whim of the Secretary of State. This means that if it is in fact needed it may be created too early or too late. There should be a formal method of recommending its creation - a report from a Select Committee perhaps. The previous history of proposals in this area means that there is a significant risk that Official Licensing might be seen as being a guarantee that any keys held by Licensed Providers were less secure than otherwise - "Licensed to Leak" has not been forgotten. ie: a License may have a negative impact in the marketplace. Finally, there is a significant risk that any Regulations may introduce discredited notions, such as "key escrow" by the back door. We do have Tony Blair's 13th September speech [9mins 30secs in] to rely on: "So let me say clearly today no company or individual will be forced, directly or indirectly, to escrow keys." BUT we've seen so many policy changes in this area that it would be foolish to rely on one Prime Minister's statement. It would be perfectly possible to add a clause prohibiting the introduction of mandatory key escrow as a licensing condition. Rather more 'picky' issuesClause 2(3)(c) is a little odd. It seems that people applying for licenses will have to promise to 'toe the line' not only now, but in an indefinite and as yet undefined future as well. It will be an achievement for anyone to look the Secretary of State in the eye and promise to "be able and willing to comply with any requirements that the Secretary of State is proposing to impose by means of conditions of the approval". Clause 4(1) is a most welcome restriction on OFCRYPT passing on confidential information (a business plan perhaps). However it is almost completely negated by 4(2)(c) which allows for secondary powers to allow anyone to pass it on for any reason, and if you can argue that something within this part of the Bill means that you can pass the information then you're in the clear. One suspects that it will be an extremely complex process to successfully prosecute anyone under Clause 4(5). Clause 4(2)(d) allows confidential information to be divulged "in connection with the investigation of any criminal offence or for the purposes of any criminal proceedings". This is an extremely weak clause when compared with Section 29(3) of the Data Protection Act 1998 which gives a series of hurdles which must be overcome before data can be released in this manner. It seems most inappropriate not to have similar hurdles here. Clause 6(1) describes what sort of CSPs can join this voluntary licensing scheme. Its definition of encryption notably fails to include the concept of encrypting something to store it securely. Clause 6(2) is a masterpiece of unreadability that someone should be submitting for a gobblygook award. It appears to be trying to either include or exclude some people from the licensing scheme (though why they should be considered deserving or undeserving of the Governments rubberstamp is unclear). However, the phrasing "includes references to X if and only if X is no more than incidental to the provision by the same person of X not consisting in X" (X is the supply of computer software and hardware) is the sort of wording that keeps lawyers in business. It has no place in a Bill that is supposed to be engendering trust in anything.
An interchange of opinionsThis material comes from UKCrypto. Please note that the various statements have been edited together to form a readable narrative. People did say all of these things but the 'conversation' was not necessarily in quite this order. In several places, the original spelling has been improved to avoid distracting from the underlying message. Alastair Kelman
Tom Thomson
Nor does it seem reasonable to equate message encryption keys with the keys required to recover. for example, financial records. Storage keys and mesage keys are quite distinct - any reasonable security model keeps them thoroughly distinct, since storage keys are by nature long lived whereas message keys are transient. Since a storage key is not used for information exchange, it does not rquire any certification. Alastair Kelman
Adam Back (amongst many other examples of the use of local escrow)
Thomas Roessler
Tom Thomson
Caspar Bowden
If I was in the CSP business, I'd want to think awfully hard about those 2-5 years in prison and pleading highly technical excuses to a judge or magistrate, before choosing a product with an escrow/recovery capability. Alastair Kelman
In seeking a warrant for the disclosure of a private encryption key I would only wish to allow it if there was good evidence that: 1. the citizen was engaged in serious criminal activity (to be defined) or 2. the citizen was using encryption to hide electronic commerce activities thereby avoiding the proper payment of taxes and duties. Nicholas Bohm
Staff can fail to record phone calls, or file letters in the wrong place or lose them, and cause mayhem in dozens of ways. The answer is training, checking, and, in a word, management. Once you get into key recovery, you're building yourself a problem, not a solution. You might as well require all staff to provide duplicate sets of their housekeys, in case they take office documents home before leaving on holiday. Nobody has a duty to leave any particular information for his executors, and the tidyness of peoples' records varies, to put it mildly. Executors seem to manage. At the moment, banks and insurance companies send out reams of paper, so most people have far more in the way of records of assets than most ever want. By the time this all turns electronic and encryptable, which won't be soon, the banks and insurance companies will have built themselves record systems from which they can answer executors' enquiries (indeed they do fairly well as it is). I wouldn't lose too much sleep as a CA who didn't keep a private key at the thought of being sued by executors who found encrypted data. First, because I don't think a court would find there was any duty to do more than advise the user to keep a backup of the private key. Secondly, how would the executors establish a loss arising out of their not having access to data the value of whose contents is by definition unknowable? Users who leave files on their PC called "where I hid the gold bars.pgp" are just as likely to be exercising their sense of humour as hiding the map, and perhaps more so. Of course, if I conceal information for the purposes of tax or social security fraud, I become a criminal and fall out of the "Key Recovery Essential" class into the "Key Recovery Pointless" class instead. If I don't conceal it, I presumably inhabit the "Key Recovery Unnecessary" class. This all seems absurd to me at the level of theory. When you go on to consider the practicality of establishing systems that distinguish between different categories of data in their use of encryption systems (especially for those who do some work from home), the argument proceeds from the absurd to the ridiculous. All this entertaining disagreement, however, may overshadow Alistair's important conclusion, which is that the Bill remains a potent vehicle for the promotion of key escrow. The NCIS campaign seems to have some life in it (although it could be a timelag problem: it took a very long time for the NCIS clockwork to be wound up far enough to show visible action, and we may just be watching the spring running slowly down again). I do not feel there is much to be done with Part I of the Bill, other than lament its pointlessness and observe that it is odd for a set of allegedly reserve powers to begin "It shall be the *duty* of the Secretary of State ..." (my asterisks for emphasis) instead of "The Secretary of State may ..." |