On Sat, Oct 18, 1997 at 08:53:14PM +0100, Adam Back wrote:
The situation in France is: currently (or recently) you could not use encryption at all without a license. The enforcement rate is low to zero. (Jerome Thorel interviewed the head of SCSSI (NSA equivalent),
I am not sure you can really say they are the NSA equivalent. I would rather say they are the equivalent of, say, the office in the dpt of commerce which gives the export authorizations in the US. What I mean is that I doubt they are listening to anybody. Other french agencies do that (and each agency, wether its depends on the police, like DST, RG, or the army, DGSE, DSM, has its own group of people listening to anybody they like). A normal police department could do it too, but then they will need a warrant of some kind. None of the agencies above probably bothers with things like that, as they will usually say "secret défense" if they are asked questions (some french equivalent of "national security").
Now I understand the French have switched position: you can use encryption without a license *provided* that it has master key access for the government.
I would say people who wrote the current law 2 years ago didn't have a clue on the technical issues, anyway. That's why we are still waiting for the "decrets d'application", which are the set of rules on how the law will be enforced. Somehow I would bet they are waiting to see where the wind blow at the international level.
With the pgp standard as is french government could insist that people use pgp5.x. pgp5.x provides a reasonablly useful framework for the french government to adapt to be used as a master access system.
http://www.lemonde.fr/multimedia/sem4297/textes/act42972.html It's in french, so I won't quote. The article has a very neutral position, but they point out exactly the same thing as you.
Because this will then be explicitly allowed, more people are likely to use it. (Current people using pgp2.x illegally are one suspects
I know at least one academic site where system administrator were prevented from switching to ssh because of the legal issue. Seems the campus administration folks wanted to protect their asses...
If on the other hand pgp5.x were to use only single recipients for confidentiality, and to base company recovery of encrypted mail folders on key recovery information stored locally alongside the mailbox the system would be less useful to the french government.
I don't have the technical expertise to discuss your proposal, so I won't (seems less snoop friendly to me than the PGP5.5 solution, still). But what I certainly fail to understand is why PGP inc (and people who support them) is focusing on a solution which allows to intercept and read e-mail in transit. That inherently evil, no matter you put it. And the "hit by a truck" hypothesis doesn't stand a minute in real life (Yah, shit happens, so what ?). The (legitimate) needs of a company can be achieved via an agreement with its employees, on how data are stored, backed, duplicated, whatever, and it has merely nothing to do with cryptography. Or am I missing something obvious ? And as far as the "legitimate needs of the law enforcement agencies", well, if they want to read e-mail sent by an employee from his company account because he is a potential drug dealer, they can obtain the proper authorization from the court and snoop on the guy from within the company. As usual, the weakest link is the guy typing on his keyboard, as I doubt anybody speaks IDEA fluently...(even rot13 I am skeptical. Crime organizations in Paris at the beginning of the century were using "Javanais", which was a very basic code, but sufficient to confuse the police) So why isn't everybody focusing on being sure the transport layer is secure, and leave to social interaction at both end of the communication process the problem of recovery of whatever was transmitted ? (which, I feel dumb for saying it, was in clear at some point before being sent, and will be when it will be read...)
Second party access to stored data is much less scary. Little brother can ultimately read _everything_ you do at work. If he gets suspicious he can install keyboard logger, keyboard password sniffer, or concealed videocam whilst you are out of the office. The best we can do is discourage little brother from abusing systems designed for data recovery as mass communications snooping. The best suggestion I have seen for this so far was Bill Stewart's suggestion to only store recovery info for some of the bits. Make the recovery process artificially slow: say 40 bits. Worth it for recovering main developers design notes made in email when he dies unexpectedly. Some hinderance to little brother unless he is determined. As long as this hinderance is similar scale to other similar things little brother could do to check up on suspicious user, you have achieved your goal of hindering little brother.
Sounds fair to me.
Big brother is hindered very significantly if you do recovery locally, rather than on the communications link as PGP Inc CMR does. This is because big brother does not have access to the ciphertext on disks. He must come and take them. Whereas for communications he can
And he needs proper authorization before coming. And yes, it takes time but that's the price to pay in a system with separation of powers.
For data storage recovery, your data is again in two halves: you have one, the _key_, your employee/you have the other, the _ciphertext_ on disk. Your employee can recover that info anyway. The NSA can't easily. It is much more logistically expensive to collect or randomly sample disk contents.
Yes, yes, yes. And still I am sure that we will hear objections to that... sigh.... F. -- Fabrice Planchon (ph) 609/258-6495 Applied Math Program, 210 Fine Hall (fax) 609/258-1735