Analysis of Part I of the (draft) Electronics Communications Act 1999

A summary of opinions

Introduction

Part I is all about setting up a statutory, but voluntary, licensing scheme for 'Cryptography Service Providers'. There is provision for bringing this into force at a different time from the rest of the Act, and indeed the Government has said that it may never bring it into force if self-regulation of the industry proves effective.

If the scheme was brought into force one might expect an OFCRYPT body to be formed (see Clause 3) - much as we have OFTEL, OFGAS, OFWAT and so on. However, the requirements for what should be done are pretty broad. One somehow suspects that the provisions have been borrowed from elsewhere rather than invented anew - does anyone recognise them ?

The actual effect of an OFCRYPT would depend crucially on the various statutory instruments that underpinned it - but none of this is visible as yet - so it's pretty hard to criticise such woolly proposals. Nevertheless, there are a number of significant points to be made.

Fundamental problems

The Government seems to be of the opinion that a lack of trust in Cryptographic Service Providers (CSPs) can be directly ascribed to a lack of regulation of this industry. Since the industry is so far pretty much non-existent it is somewhat puzzling where they have gathered the evidence for this opinion. CSPs may not be the driver for E-Commerce anyway - we may manage for years using just traditional credit cards, or indeed some other scheme (e-cash on smartcards?) may come along. Therefore, even if you buy the 'trust' argument, the Government may be regulating the wrong industry altogether!

The Government seems to be envisioning a single register of CSPs whereas the industry may need a number of different schemes and different registers. Once again, the impression is of regulating first and finding out the needs second.

If OFCRYPT may not be needed (and even the Government thinks that a self-regulatory scheme of some kind may be best) then why have it in the Bill at all ? If it is needed in future then wouldn't it be far better to have it created by a new Bill where its structure and remit could be properly debated, rather than trying to hide away all the detail within a Statutory Instrument ?

The Bill envisions that OFCRYPT will be created at the whim of the Secretary of State. This means that if it is in fact needed it may be created too early or too late. There should be a formal method of recommending its creation - a report from a Select Committee perhaps.

The previous history of proposals in this area means that there is a significant risk that Official Licensing might be seen as being a guarantee that any keys held by Licensed Providers were less secure than otherwise - "Licensed to Leak" has not been forgotten. ie: a License may have a negative impact in the marketplace.

Finally, there is a significant risk that any Regulations may introduce discredited notions, such as "key escrow" by the back door. We do have Tony Blair's 13th September speech [9mins 30secs in] to rely on: "So let me say clearly today no company or individual will be forced, directly or indirectly, to escrow keys." BUT we've seen so many policy changes in this area that it would be foolish to rely on one Prime Minister's statement. It would be perfectly possible to add a clause prohibiting the introduction of mandatory key escrow as a licensing condition.

Rather more 'picky' issues

Clause 2(3)(c) is a little odd. It seems that people applying for licenses will have to promise to 'toe the line' not only now, but in an indefinite and as yet undefined future as well. It will be an achievement for anyone to look the Secretary of State in the eye and promise to "be able and willing to comply with any requirements that the Secretary of State is proposing to impose by means of conditions of the approval".

Clause 4(1) is a most welcome restriction on OFCRYPT passing on confidential information (a business plan perhaps). However it is almost completely negated by 4(2)(c) which allows for secondary powers to allow anyone to pass it on for any reason, and if you can argue that something within this part of the Bill means that you can pass the information then you're in the clear. One suspects that it will be an extremely complex process to successfully prosecute anyone under Clause 4(5).

Clause 4(2)(d) allows confidential information to be divulged "in connection with the investigation of any criminal offence or for the purposes of any criminal proceedings". This is an extremely weak clause when compared with Section 29(3) of the Data Protection Act 1998 which gives a series of hurdles which must be overcome before data can be released in this manner. It seems most inappropriate not to have similar hurdles here.

Clause 6(1) describes what sort of CSPs can join this voluntary licensing scheme. Its definition of encryption notably fails to include the concept of encrypting something to store it securely.

Clause 6(2) is a masterpiece of unreadability that someone should be submitting for a gobblygook award. It appears to be trying to either include or exclude some people from the licensing scheme (though why they should be considered deserving or undeserving of the Governments rubberstamp is unclear). However, the phrasing "includes references to X if and only if X is no more than incidental to the provision by the same person of X not consisting in X" (X is the supply of computer software and hardware) is the sort of wording that keeps lawyers in business. It has no place in a Bill that is supposed to be engendering trust in anything.

An interchange of opinions

This material comes from UKCrypto. Please note that the various statements have been edited together to form a readable narrative. People did say all of these things but the 'conversation' was not necessarily in quite this order. In several places, the original spelling has been improved to avoid distracting from the underlying message.

Alastair Kelman
Now we have the Electronic Commerce Bill I have looked at its provisions. It seems to me that nothing has really changed. There will be a Code of Practice regarding the operation of regulated CAs. Will this Code of Practice require CAs to "hand over a copy of its customer's private encryption key within one hour of receipt of a warrant" or risk losing its approval as a CA ? Will the approval process for a CA require them to keep a copy of each customer's private encryption key ? If a CA fails to keep such a copy could it be successfully sued by the executors of a dead customer who are unable to decrypt the customer's financial records made using the private key supplied by the CA ?

Tom Thomson
This seems to me to be a thoroughly remarkable view. Encryption has been used in industry for a very long time, without any need for certified/licensed key recovery agents. If a company needs backup copies of keys, that is no different from the requirement for back-up copies of other data. Any reasonable "disaster recovery" scheme includes recovery of keys as well as recovery of other data. Also, it is difficult to see how key escrow is related in any way to the functions of a CA. Certification of encrypotion keys, as opposed to signature keys, is not something I would expect a CA to undertake - - surely the norm would be for the CA to certify something used as a signature key, which in turn would be used by the end user (not by the CA) to certify (possibly further keys which are then used to certify) encryption keys.

Nor does it seem reasonable to equate message encryption keys with the keys required to recover. for example, financial records. Storage keys and mesage keys are quite distinct - any reasonable security model keeps them thoroughly distinct, since storage keys are by nature long lived whereas message keys are transient. Since a storage key is not used for information exchange, it does not rquire any certification.

Alastair Kelman
It is a matter of providing a service - outsourcing if you like. Most companies will not have a clue regarding how to manage their encryption and will rely upon their CA to provide them with a packaged solution. If I have a Chubb lock on my front door and I lose the key I will expect Chubb to be able to supply me with a replacement key. I will not be happy if I have to abandon my house!

Adam Back (amongst many other examples of the use of local escrow)
Businesses mostly use email software without any 'recovery' -- if email doesn't make it to the recipient you typically resend it.

Thomas Roessler
Also note that it's still rather common to do classical paper-based filing. That is, you just print the clear text of your messages and file it then.

Tom Thomson
The recovery story is just a load of flannel designed to obfuscate the plain and evident fact that the sole purpose of the escrow schemes is to permit various agencies to snoop at will.

Caspar Bowden
The decryption notice powers (onus on defence etc.) will probably make TTPs(TSPs, CSPs whatever) run a mile from escrow/recovery, even in (the few) business niches where they might otherwise be attractive. Why would officers of a company want to put themselves in criminal legal jeopardy if they are served with a warrant, and something goes wrong, or the time-limit is unreasonable, or a hacker or disgruntled employee has sabotaged the recovery system etc.

If I was in the CSP business, I'd want to think awfully hard about those 2-5 years in prison and pleading highly technical excuses to a judge or magistrate, before choosing a product with an escrow/recovery capability.

Alastair Kelman
The problem I feel with your FIPR message Caspar is that it gets simplified down to "Key Recovery is Bad". Key Recovery is good in electronic commerce but bad everywhere else. The Electronic Commerce Bill fails to consider this distinction.

In seeking a warrant for the disclosure of a private encryption key I would only wish to allow it if there was good evidence that: 1. the citizen was engaged in serious criminal activity (to be defined) or 2. the citizen was using encryption to hide electronic commerce activities thereby avoiding the proper payment of taxes and duties.

Nicholas Bohm
Fears about staff concealing data, or peoples' executors being unable to administer estates, are just eyewash.

Staff can fail to record phone calls, or file letters in the wrong place or lose them, and cause mayhem in dozens of ways. The answer is training, checking, and, in a word, management. Once you get into key recovery, you're building yourself a problem, not a solution. You might as well require all staff to provide duplicate sets of their housekeys, in case they take office documents home before leaving on holiday.

Nobody has a duty to leave any particular information for his executors, and the tidyness of peoples' records varies, to put it mildly. Executors seem to manage. At the moment, banks and insurance companies send out reams of paper, so most people have far more in the way of records of assets than most ever want. By the time this all turns electronic and encryptable, which won't be soon, the banks and insurance companies will have built themselves record systems from which they can answer executors' enquiries (indeed they do fairly well as it is).

I wouldn't lose too much sleep as a CA who didn't keep a private key at the thought of being sued by executors who found encrypted data. First, because I don't think a court would find there was any duty to do more than advise the user to keep a backup of the private key. Secondly, how would the executors establish a loss arising out of their not having access to data the value of whose contents is by definition unknowable? Users who leave files on their PC called "where I hid the gold bars.pgp" are just as likely to be exercising their sense of humour as hiding the map, and perhaps more so.

Of course, if I conceal information for the purposes of tax or social security fraud, I become a criminal and fall out of the "Key Recovery Essential" class into the "Key Recovery Pointless" class instead. If I don't conceal it, I presumably inhabit the "Key Recovery Unnecessary" class.

This all seems absurd to me at the level of theory. When you go on to consider the practicality of establishing systems that distinguish between different categories of data in their use of encryption systems (especially for those who do some work from home), the argument proceeds from the absurd to the ridiculous.

All this entertaining disagreement, however, may overshadow Alistair's important conclusion, which is that the Bill remains a potent vehicle for the promotion of key escrow. The NCIS campaign seems to have some life in it (although it could be a timelag problem: it took a very long time for the NCIS clockwork to be wound up far enough to show visible action, and we may just be watching the spring running slowly down again).

I do not feel there is much to be done with Part I of the Bill, other than lament its pointlessness and observe that it is odd for a set of allegedly reserve powers to begin "It shall be the *duty* of the Secretary of State ..." (my asterisks for emphasis) instead of "The Secretary of State may ..."

Back to the main page